EU Age Verification App Announced To Protect Children Online (dw.com) 109
The EU says a new age-verification app is technically ready and could let users prove they are old enough to access restricted online content without revealing their identity or personal data. Deutsche Welle reports: Once released, users will be able to download the app from an app store and set it up using proof of identity, such as a passport or national ID card. They can then use it to confirm they are above a certain age when accessing restricted content, without revealing their identity. According to the Commission, the system is similar to the digital certificates used during the COVID-19 pandemic, which allowed people to prove their vaccination status.
The app is expected to support enforcement of the bloc's Digital Services Act, which aims to better regulate online platforms. This includes restricting access to content such as pornography, gambling and alcohol-related services. Officials say the app will be "completely anonymous" and built on open-source technology, meaning it could also be adopted outside the EU.
[...] While there is no binding EU-wide law yet, the European Parliament has called for a minimum age of 16 for social media access. For now, enforcement would largely fall to individual member states, but the new app is intended to help platforms comply with future national and EU rules.
The app is expected to support enforcement of the bloc's Digital Services Act, which aims to better regulate online platforms. This includes restricting access to content such as pornography, gambling and alcohol-related services. Officials say the app will be "completely anonymous" and built on open-source technology, meaning it could also be adopted outside the EU.
[...] While there is no binding EU-wide law yet, the European Parliament has called for a minimum age of 16 for social media access. For now, enforcement would largely fall to individual member states, but the new app is intended to help platforms comply with future national and EU rules.
Bridge for sale (Score:1)
Does anybody believe this?
Re: (Score:1, Troll)
Re: (Score:1)
Re: (Score:3)
Re:Bridge for sale (Score:5, Insightful)
Believe what?
- That the open source app does what the specs say it does? Likely yes.
- That the functionality of signed store versions corresponds to the open source version? Likely yes.
- Believe in god? No.
Please be more specific.
Re: (Score:1)
we should not go along with it.
Re: (Score:3)
I sure don't believe the "completely anonymous" part.
Re: (Score:3)
Re: (Score:3)
I sure don't believe the "completely anonymous" part.
It is possible, in theory. But calling this "completely anonymous" is hopelessly naïve, IMO, unless I'm missing something *huge*.
Announcing that this is "technically complete" is laughable. I have not seen a single public white paper on the subject. We should have seen years of back and forth between academics, crypto experts, operational security experts, privacy experts, and other groups, as they all tear apart the design over and over again until it is refined into something that actually provide
Re: (Score:2)
Looks like I spoke too soon. The specification massively contradicts itself. 3.4.2 requires reissuance every three months, and requires that it issue 30 attestations at a time, and that they be single-use.
That part is architecturally correct, though allowing access to only 30 adult sites per three months is dubious. And if getting a new proof requires a new request at some point, then it becomes possible for the trusted list provider, conspiring with the proof of attestation provider, to cross-correlate
Re:Bridge for sale (Score:5, Insightful)
Looks like I spoke too soon. The specification massively contradicts itself. 3.4.2 requires reissuance every three months, and requires that it issue 30 attestations at a time, and that they be single-use.
That part is architecturally correct, though allowing access to only 30 adult sites per three months is dubious.
Those are minimums, not maximums. Devices should request new certs when they get low. Also, the three-month period is driven by expiration times. It sounds like the EU has decided they want to enforce a maximum expiration time of three months, though I think most countries I've talked to were planning monthly expirations.
And, BTW, this structure is inherited from the ISO 18013-5 security design, which I created (others contributed refinements, and the data minimization scheme was inherited from other systems, but the core design was mine). So... I know a little something about it :-)
And if getting a new proof requires a new request at some point, then it becomes possible for the trusted list provider, conspiring with the proof of attestation provider, to cross-correlate the timing of requests and unmask a user with high probability.
If the issuer will collude with the verifier, they can easily and fully unmask the user's identity, because the issuer knows all of the public keys they issued, and to whom. This is a known issue, something we considered for 18013-5 and decided had to be accepted for now. There is cryptography that can solve this problem, but at least back in ~2020 when the design was finalized (a) a lot of it was still too novel and (b) wasn't supported in common hardware. I don't think either of those things have changed, and there's a further complication that there aren't any PQC algorithms with the necessary capabilities, though the existing design can be trivially updated with PQC key agreement and signature algorithms.
So you still have a value that is potentially usable for tracking across multiple websites. It's just a timestamp. I'm not sure if I'm reading what they're saying correctly. If they mean all 30 in a batch have the same value, this is a disaster.
It's really not, because they also have the same value as thousands of others that were issued with the same timestamp. Granted that if the request (as identified by IP) is from a region with low population it will sometimes, maybe, be possible to weakly conclude that two proofs by users with same timestamp might be the same person. But this would be a very weak signal and it still doesn't tell you anything about who that person is. The IP address is a far stronger signal.
It lacks a section on threat models and how it addresses those threats, which is the first thing I'd expect to see.
At this point, I have no idea whether this protects privacy or not. And that's perhaps more disturbing.
At least for 18013-5 there is a detailed threat model, but it's not in the standard because we were told that standards are supposed to say "what", not get bogged down in "why". I'm not sure if the model is published anywhere.
Alert: Your New Opinion (Score:1)
Confused about the process... (Score:2)
So will there be an 'app' for FreeBSD desktop computers? For all the Linux variants?
What about those phones running Linux itself (not android)?
Sign me confused how this could work.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Why not, if the app is open source.
Re: (Score:1)
Re: (Score:2)
No, it's for locked down systems which allow integrity verification for hardware&os&app. So official Android or iOS devices only. In theory Windows, ChromeOs and MacOS have integrity mechanisms too, but those are easier to hack and we all have phones.
If the physical ID chips had been designed from the start for pseudonomous age verification, the remote service could just E2EE communicate with the ID through untrusted gateways, but they were not. So they need to build a new trusted system around the
EU (Score:1, Flamebait)
Re: (Score:2)
Re: (Score:2)
: https://www.congress.gov/bill/... [congress.gov]
articles about it:
https://www.osnews.com/story/1... [osnews.com]
https://itsfoss.com/news/os-le... [itsfoss.com]
Re: (Score:1)
If you don't like it you need to convince the rest of the world that they don't need a ruling class.
Re: (Score:2)
Every country has problems with the Epstein class. Some more than others. These laws are getting pushed by social media, AI and surveillance companies so they can track us and control us.
This is not being pushed by social media. On the contrary, these are pushed in order to enforce bans of social media to children, which most Europeans want [politico.eu].
Re: (Score:2)
In other words once someone hits 16, boom, a whole new world opens up for them. One they will have no experience with and will thus quickly fall to every scam.
Re: EU (Score:2)
Re:EU (Score:5, Insightful)
It turns out a bit of privacy is not as much of a quality of life issue as free school, free medicare, not living in a place with insane gun crime, or at risk of being deported by ICE.
Now if you have a point to make I suggest you not conflate it with a completely different issue, otherwise it just reflects poorly on you.
Re: (Score:2)
Actually we see it right now what you do regarding Russians
Re: (Score:2)
Cool. The next time the Germans decide to take over the continent we'll let you guys deal with it yourselves.
Funny enough it's the "friendly" and "helpful" nations that seem to be our biggest threat right now. But yes good work conflating yet another irrelevant issue. Ever been tested for ADHD?
Re: (Score:3, Insightful)
Re: (Score:1)
It's better than use our sketchy 3rd party age verification provider, but still is completely pointless if it can be bypassed via a VPN or just going to a site that doesn't care to comply with the regulations. Like remember that story yesterday about Anna's Archive, where the court delivered an absolutely toothless verdict because they have no idea who is running the site...
Realistically, the only thing this will actually be good for is keeping kids off of the major social media networks. At least until t
Re: (Score:1)
Re: (Score:2)
You can just lie. They can't verify your identity through the app, only that you have an official ID with a NFC chip of someone with a certain age.
Re: (Score:2)
Re: (Score:2)
Profiling and tracking on overdrive! (Score:3)
I've not against age verification, I'm against bad age verification. I've explained the idea a few times, but the short version, an online enclave downloads databases full of ID hashes, then disables any network connectivity, a full blackout. The offline enclave starts with a hard kill switch if any network connectivity is detected. The DBs will be transferred into the offline enclaves and the ID will be privately verified, with an age range stored. Then the ID and all DBs for this process are wiped, the enclaves are destroyed, and securely wiped, and network connectivity is restored.
Once that's done, you've verified your age, without handing over your paperwork, it's private, and accomplishes the same goal.
Re: (Score:2)
Re: (Score:1)
Re:Profiling and tracking on overdrive! (Score:5, Insightful)
I'm sure some governments will do a verifiable build, so for those you can just check the source code. The white label source code is available if you want a headstart.
https://github.com/eu-digital-... [github.com]
Re: (Score:2)
Re:Profiling and tracking on overdrive! (Score:5, Interesting)
The way it is supposed to work is that it allows the site to do a cryptographic challenge and response. The site can't tell which device was used, or even if the same device is used each time. There is not communication with the government after the initial confirmation of ID.
That is assuming that all the crypto works properly, of course. Hopefully they have some experts involved.
I'll still VPN into a country that doesn't have such laws as a matter of course, but given that most people seem to think this is a good thing, and we live in a democracy, it's probably the best possible outcome. The current situation in the UK, for example, where you need to prove your age to each site individually, and they all get your real ID and then abuse it and it gets stolen, is close to the worst.
Re: (Score:1)
it's probably the best possible outcome.
No, it is not, as this app does more than one thing. Yes, it does age verification. It also implements a regime that allows government to refuse you full access to Internet for any reason. This WILL BE used to suppress free speech by denying ADULTS age verification.
Re: (Score:2)
In reality, the biggest problems are theft and spying. Unfortunately, there's no way to stop theft of any Identity document: All we can do is reduce the surface and the current habit of making every serve
Conflicting needs (Score:2)
Protect Children Online (Score:1)
Or, translated into realspeak...
Reduce freedom and increase government interference for poorly defined political purposes based on fear and ignorance
UK Already Pretty Creepy (Score:1)
When I visited the UK last year, I went through customs. It took one of those facial recognition scans. There was no opt-out, there was no agent at the booth, I got no stamp in my passport.
Whatever system they're using already needs to be so pervasive that their solution to "papers, please" is to take the "paper" part out of it. This doesn't surprise me at all...but it would be somewhat fun to attempt using this app on a rooted phone.
complete security theater (Score:3, Interesting)
I don't know if it was on purpose or not, but the app is very badly done, has been hacked with very simple techniques, for instance, one can reset the PIN just by opening one of the configuration xml files and deleting the PIN section, next time the app opens it asks for a new PIN, which was only stored in the device (also encrypted and not hashed), similar attacks remove facial and digital locks, and I'm sure many more bug will appear.
Re: (Score:2)
If you can get root there are no secrets for long, you can just midm the PIN entry too. If you can't get root you can't get to app specific storage.
Re: (Score:2)
what I saw the guy didn't specify if root was needed, but my guess it was not, and for storing a PIN number, it should have been validated on the server side not locally, or even if validated locally if an account already created it should check if the PIN has been set-up before instead of just asking for a new one, imagine if your bank or credit card worked like that, major flaw
Re: (Score:3)
Re: (Score:2)
in this case, they way they've implemented it is very bad and easy to circumvent security features
Re: (Score:2)
This is pretty well done (Score:5, Insightful)
I expect a lot of comments on this article to be varieties of "this is terrible"... but it's really not, and I happen to have significant knowledge here. There is a big caveat, though, which I'll explain below.
First, the basic thing that makes strong, reliable age verification possible in the EU is national ID cards. In every EU country, as far as I know, you can get a national ID card basically from birth. A few issue at birth by default, but even those that don't allow parents to apply for cards for their kids at basically any age, and it's not uncommon.
I get the widespread American resistance to a national ID card, but I really think it's misplaced. There are risks, yes, but on balance the benefits are far larger.
Second, when the EU says you can verify your age without revealing your identity, they seriously mean it. I worked on the ISO 18013-5 mobile driving license standard, and its protocol is the basis for the age verification scheme (18013-5 also supports privacy-preserving age verification). The protocol enables cryptographically-secure privacy-preserving age verification, providing, essentially, a single cryptographically-verifiable bit answering the question "Is this person over age X", for specific legally-important ages. A great deal of effort goes into ensuring that the keys used to sign the bit cannot be linked to the identity of the person. One important element of that is the signing keys are single-use, so if your prove your age to two different web sites, they can't compare notes and notice that your proof of age used the same signing key, thereby proving that whoever you are, you visited both.
Note that under the 18013-5 design, if the verifier (e.g. the web site receiving proof of age) could collaborate with the issuer (the government), they could deanonoymize the holder (the person proving their age). Work is ongoing to devise protocols using group signatures or other cryptographic constructs that make verifier/issuer collusion fruitless. It's been a couple of years since I worked in this space, so I don't know if those new approaches have gone into production, but if they haven't, they will.
The big caveat I mentioned at the top is that there is no way for these systems to verify that the person who is providing age verification is the legitimate holder of the national ID upon which it's based. That is, a kid can steal their dad's ID and use it. Because the age verification is truly, strongly anonymous, there is no way for anyone to detect or prevent this... yet.
The "yet" is because people are working on incorporating privacy-preserving biometric authentication into the scheme. This is a little tricky because to provide privacy it's critical that the biometric acquisition and matching happen entirely in the user's device (or in the chip in the national ID card). But it can be done. Making it sufficiently secure, sufficiently reliable and sufficiently cheap is a significant engineering challenge, but it's being worked on. In another decade or so, the caveat may be removed.
If all of this seems silly to you... well, the age verification for porn may be, but the privacy-preserving selective proof technologies are general-purpose, and able to answer any age verification question any many other useful questions in a strongly privacy-preserving way. In any case where you need to prove something about yourself (age, city of residence, driving privileges, etc.) right now you need to provide the complete contents of your ID, which reveals far more about you than is necessary. The combination of cryptography, secure hardware and clever protocols used in this age verification can fix that, generally, enabling us to identify, authenticate or prove things about ourselves with only the minimal information absolutely necessary. It's a good thing.
And, honestly, it's a good idea to keep very young children away from porn.
Re: (Score:2)
Question # 1; How do you get the world to subscribe to this?
Question # 2; If parents can't be bothered to supervise their kids what makes you think that this will work?
I have many more questions but just these 2 tell me that this is already just theatre to make some feel good. If you are using your phone then forget about privacy.
Re: (Score:2)
Re: (Score:3, Insightful)
If you think this has anything to do with children or porn, you are a complete fool.
Look, we know governments have ulterior motives, but that doesn't change the fact that kids actually are accessing things online that they shouldn't be. It doesn't cease to be a genuine problem just because the nanny state solutions have thus far all sucked.
The reason there isn't much pushback against these age gate laws is because most rational people do agree that kids shouldn't be looking at porn, we just disagree on how that can best be accomplished. Yes, parents should be using the damned parental co
Re: (Score:2)
Re: (Score:3)
One important element of that is the signing keys are single-use, so if your prove your age to two different web sites, they can't compare notes and notice that your proof of age used the same signing key, thereby proving that whoever you are, you visited both.
(emphasis mine)
The flaw in this implementation, as with the age gate laws we already have for porn in Texas and Florida, is that it requires every damn adult site on the internet to comply. The lawmakers haven't been able to get rid of piracy from the internet, what makes them think this scheme will be any more successful?
Realistically, putting the age gate at the OS level (as Apple has been doing) and then just forcing parental controls to "ON" if the user can't pass the age check, is the least insane of
Re: (Score:3)
It's not a flaw. The onus is on the predatory companies (ie adult sites) to police their subscribers and filter out the small fish.
The point here is NOT to ensure that no kid ever sees a naked adult. If that were the point, it would be flawed to assume that every possible source of porn can be blocked.
The point here IS to ensure that companies selling naked adult material for profit or influence
Re: (Score:2)
Yes, that may all be true, but what really worries me is the precedent this sets for more half-assed, for-profit implementations that are going to get driven through by other states and countries just because the EU is doing it.
And I suspect that for many, the loophole that you may not be the legitimate holder of the ID is going to be a major sticking point, and require some sort of ultrasonic face scan and extensive biometric data storage.
This is the end
Beautiful friend
This is the end
My only friend, the en
Re: (Score:3)
I get the widespread American resistance to a national ID card, but I really think it's misplaced. There are risks, yes, but on balance the benefits are far larger.
The only problem with national ID cards in America is the requirement to use them to exercise your rights without first ensuring that all Americans have them.
Re: (Score:2)
- Multiple countries are planning age verification for social media with definitions of social media so broad that it might even cover traditional forums, chats etc.. If we knew the system was only required for porn pages it could be easily avoided and would not cause so much controversy.
- Bringing up offline cases where privacy might be improved are not helpful for online cases where anonymity used to be the default.
Re: (Score:2)
Such
Re: (Score:3)
Second, when the EU says you can verify your age without revealing your identity, they seriously mean it. I worked on the ISO 18013-5 mobile driving license standard, and its protocol is the basis for the age verification scheme (18013-5 also supports privacy-preserving age verification).
The spec contradicts itself in various places, with sections saying that the app interacts with the attestation provider only once and that the attestation cannot be reissued, and other sections implying that the attestation gets reissued every three months and that the tokens are single-use.
It also isn't clear about whether they are actually using 18013-5 or are just requiring companies to implement a few tiny fragments of the spec.
I was left more confused after reading the spec than I was before.
Re: (Score:2)
We've seen that every time we give the government power, they abuse it. This will be the same.
Re: (Score:2)
Just a yes/no question to see if I got what's essential regarding privacy:
There's an authority that has the users' complete data, passed there through an ID scan. Let's disregard whether that is a copy of an image/scan, or a card briefly taken from dad.
A user wants to enter a restricted online section, gets some bits, which he can inspect not to contain any clearly identifiable information neither about the site nor the person, from that site, has the authority sign it with
Re: (Score:2)
The big caveat I mentioned at the top is that there is no way for these systems to verify that the person who is providing age verification is the legitimate holder of the national ID upon which it's based. That is, a kid can steal their dad's ID and use it. Because the age verification is truly, strongly anonymous, there is no way for anyone to detect or prevent this... yet.
I think the kid has to steal dad's phone, having the ID is not enough, when you install the app you have to scan your face and match it with the picture/biometrics from the ID card.
Re: (Score:2)
I was told universal ID is inherently racist.
Except ofc that you never once where told this. Stop listening to the voices in your head.
Build ON open source (Score:2)
That's not good enough. We need the app itself to be open source so that it can be audited if anyone wished to do so.
Otherwise, no one's going to trust it.
Re: (Score:1)
Re: (Score:2)
Headline designed for Slashdot (Score:2)
Guaranteed to make old farts go ballistic.
Yet, here we are.
COVID-19 certificates are a horrible example (Score:2)
The COVID-19 certificates absolutely revealed the full identity of users. It had full names and date of birth encoded in it. It was entirely up to the implementation of the end user's app to respect the privacy of the scanee. E.g. the Austrians gave a green tick in their app, no further info. The Dutch provided first name, or last name, or month of birth, or day of birth, or year of birth, but never more than one at a time to verify against the person displaying the pass. But all of this information was sti
Make parents parent (Score:2, Insightful)
Parents having to be responsible for what their kids are looking at online? Gasp! I'm so sick and tired of all this age verification cra
Re: (Score:1)
but your solution is to punish the child.
Statistical fact, 50% of parents are below average as parent, out of these I would guess 90% of IT illiterate too.
Statistical fact 1/3 of girls are sexually abuse by age 16. About 1 in 10 boys by the same age.
No one is forcing you to go onto age required sites, you are 100% free to avoid them
Sites are ALREADY tracking you, data matching, etc etc etc and then the three letter spaghetti US agencies are openly buying that information
Beginning of the End (Score:2)
It starts...
Think of the children data harve$ting! (Score:2)
Facebook (Score:5, Funny)
Digital cert for covid vaccine proof? (Score:1)
Yikes. I'm glad that didn't happen in my country.
I got a little covid card when I got my shots, which promptly went in the trash.
LSL age verification FTW (Score:2)
No tracking, just answer a question that prove your age!
Who recorded "Tiptoe Through the Tulips"?
"What would a physician do if he were on an island with Bo Derek"
"Who was Sergent Pepper"
will piss off OMG "for the children" liers (Score:2)
Compared to that dumb OS requirement, I love this. If it can actually preserve anonymity, this is so much better.
I'm sure will piss off financial backers for all the full ID because we want to track and sell your data companies in the U.S. and/or the NSA/Admin who seem to want to fully track everyone too E.G. IME and the new personal router ban which black-box requirements for the exception that every company will need.
Social media ban needed for adults! (Score:2)
Honestly, what we need is a social media ban for adults who lack critical thinking! Most kids are smarter than this.
This nonsense has to stop. (Score:1)
The Stazi are getting desperate (Score:2)
“In early 2021, it was revealed that President von der Leyen [access-info.org] had exchanged text messages with Pfizer CEO during negotiations for COVID-19 vaccine procurement.”
They don't want it to be anonymous (Score:2)
without revealing their identity or personal data
That's not what the people behind this age verification push want, though. They want you to be identifiable. They want to be able to track everything you do. Tracking for advertising plays a big part, of course, but mostly governments want a record of every single thing you do and they want it stored forever in case there's any reason they need to get rid of you in the future.
everything (Score:2)
Everything not compulsory is forbidden.