Doesn't work without a Google/Apple-tied device btw.
-
@soulsource @pojntfx ...why is it that so many people don't understand that improving things is a gradual process, especially in government, ofcourse we want to detach ourselves from the Google/Apple platforms, at the same time 99.9% of our citizens is there, if we can help them with this app (that remains a question by the way..), that is a "win" in my view.
@ErikJonker which will never improve if becomes a hard requirement to use them. I want the EU to make it easier to choose an alternative, rather than impossible.
-
@pojntfx wait, is this a companion with a law? everything i can find is just about the app
-
@ErikJonker @soulsource @pojntfx "You have to start somewhere" is a fair point but if skip the first 5 steps and have a narrow point of view you probably should not have started at all yet. I mean this is not some grad students research project. This is serious stuff if they can't get that right what are they even doing in the first place?
@K4mpfie @ErikJonker @soulsource @pojntfx This project has little to do with the digital sovereignty push, it's an implementation of the Digital Services Act.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx Can that be legal?
-
This effectively bans any user that doesn't use a Google/Apple-Account-tied smartphone from seeing any user-generated content - e.g. this post - ever again.
@pojntfx This is something I'm also looking into as I've ordered a @jolla phone and so many government identity apps don't work on there. But this is novel terrain for everyone.
It might be arguable to say this amounts to granting special or exclusive rights to Apple and Google, which could be problematic under Article 106(2) TFEU. I'd also argue that it facilitates an abuse of dominance, in violation of Article 102 TFEU read together with Article 4(3) TEU.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx have you found in the code hard dependencies that can't be abstracted and satisfied with alternatives? I checked it quickly and the reference implementation looks very flexible and modular, so if a government wants to build it also for other OS it should be doable but I'm not 100% sure, that's why I am asking if you found road blockers in the repo?
-
@soulsource @pojntfx ...why is it that so many people don't understand that improving things is a gradual process, especially in government, ofcourse we want to detach ourselves from the Google/Apple platforms, at the same time 99.9% of our citizens is there, if we can help them with this app (that remains a question by the way..), that is a "win" in my view.
If a) public discourse and democratic participation is happening online, and b) age verification is necessary to be allowed to participate in this discourse, then the app proposed here is actively gatekeeping democratic participation. You could go as far as to say that those who cannot use this app would no longer be full citizens.
Even if this only badly affected 0.1% of Europeans, that would be something like 400 000 people degraded to second-class citizens.
@ErikJonker @soulsource @pojntfx -
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
FWIW, I guess this could still work with Waydroid on a desktop computer. https://waydro.id/ #opensource #android #waydroid -
@K4mpfie @ErikJonker @soulsource @pojntfx This project has little to do with the digital sovereignty push, it's an implementation of the Digital Services Act.
@TimothyRoes @K4mpfie @ErikJonker @soulsource @pojntfx Give with the right hand, take with the left...
-
FWIW, I guess this could still work with Waydroid on a desktop computer. https://waydro.id/ #opensource #android #waydroid
@regendans unlikely, if it depends on device attestation.
-
@ErikJonker which will never improve if becomes a hard requirement to use them. I want the EU to make it easier to choose an alternative, rather than impossible.
@jelte @ErikJonker "Oh you don't have an iPhone? Just use Android!"
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx Equating the risks of using the products of Big Tech with the risks of consuming alcohol is... interesting.
-
If a) public discourse and democratic participation is happening online, and b) age verification is necessary to be allowed to participate in this discourse, then the app proposed here is actively gatekeeping democratic participation. You could go as far as to say that those who cannot use this app would no longer be full citizens.
Even if this only badly affected 0.1% of Europeans, that would be something like 400 000 people degraded to second-class citizens.
@ErikJonker @soulsource @pojntfx@brekke @ErikJonker@mastodon.social @soulsource @pojntfx The discussion should revolve about why we would need this and for what. And then, and only then, how we would implement this.
Especially as the alcohol checks work so well. Not.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
The same parents who aren’t able or willing to curb their own internet addiction are perplexed that their children are addicted, and so now we have a problematic implementation of age verification for minors (which isn’t even related to the issue of social media being toxically addictive). Amazing work EU.
-
@TimothyRoes @K4mpfie @ErikJonker @soulsource @pojntfx Give with the right hand, take with the left...
@khleedril @K4mpfie @ErikJonker @soulsource @pojntfx It is indeed not entirely coherent yet. I'd be interested to get more details on the technical background: why is a call to Apple and Google required for the moment? Is this to certify that it's the original, unchanged version of the app? And what's the open source alternative to that certification? Let me know if you can help, I'd like to work on a legal argument to open this up
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
-
@brekke @ErikJonker@mastodon.social @soulsource @pojntfx The discussion should revolve about why we would need this and for what. And then, and only then, how we would implement this.
Especially as the alcohol checks work so well. Not.
Absolutely. It's far from obvious that kids should be banned from online participation in the first place. I'd argue their right to political participation kicks in way before their right to vote, and there are plenty of online spaces that do good things for kids that might otherwise have a hard time.
As @ErikJonker agreed that it's questionable whether this app could actually serve a worthy purpose, I started my post in the thought experiment that it could. @MeneerDeBruin @soulsource @pojntfx
-
@soulsource @pojntfx ...why is it that so many people don't understand that improving things is a gradual process, especially in government, ofcourse we want to detach ourselves from the Google/Apple platforms, at the same time 99.9% of our citizens is there, if we can help them with this app (that remains a question by the way..), that is a "win" in my view.
@ErikJonker @soulsource @pojntfx Mandatory age verification is hardly improving anything, esp. if tied to Google/Apple accounts. Also you can very easily lose your Google account and be effectively blocked out of all public discourse. This is garbage tech that should have never be allowed to exist.
-
This effectively bans any user that doesn't use a Google/Apple-Account-tied smartphone from seeing any user-generated content - e.g. this post - ever again.
@pojntfx
But if you do use it you have lost privacy, Your information & identity can be exploited / controlled by government, corporations and criminals.Better to be without!
The limited to Android / iOS is the wrong argument, as that accepts what shouldn't exist at all, ever, anywhere.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx FYI it's been hacked already
Paul Moore - Security Consultant (@Paul_Reviews)
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Nitter (xcancel.com)
