Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app.
-
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker Don't fully understand the complaints. The app is just that: an app on your phone to simplify the verification process. I don't think it is even necessary to "hack" it, you could just write your own fork of the app, right?
The age verification process itself seems to be unrelated to that problem. -
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker isn't that the point of being open source? So that everyone can hack it and show where the flaws are? So that it can be improved. I'm not sure about your experience with apps, but I receive updates several times per week, sometimes multiple times a day. This project is not even in its released form yet and so many people have doomed it already. I don't understand the dooming as if everything is lost and over. You can never have perfect software from the first try.
-
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker HACK THE AGEVERIFICATION APPS!
-
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker I also now read your blog post and for me it seems that the eu age verification app seems to adresss all your concerns:
- it does not store private data (except for age)
- it does not use an ID
- it is not run by a private company
It is even open source!. -
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker by starting + get reviews and tips >> there will come something nice I guess
Comitees are also just people
-
@zackwhittaker I also now read your blog post and for me it seems that the eu age verification app seems to adresss all your concerns:
- it does not store private data (except for age)
- it does not use an ID
- it is not run by a private company
It is even open source!.It stores medical presciptions, driver's licences, educational qualifications
All exchanges of data with third-parties are tracked ie. it knows who you verified your data with
It uses the app stores to install on your phone ie. Google and Apple - so you know it's trustworthy. lol.
I examined the repo closely. I took out 6 key points. I also shot a highlight video if you're interested?
#belfast2corkrun (@DazRunner@mastodon.social)
Attached: 1 video 3 Reasons Why The New EU Wallet ID Is A Bad Idea 🤨🤐🫣 #ageverification #gdpr #privacy #belfast2corkrun @jwz @david_chisnall@infosec.exchange @eff @privacy@lemmy.world @noybeu @EUCommission@ec.social-network.europa.eu @eu_os@eupolicy.social
Mastodon (mastodon.social)
-
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker let's stop doing #europe 's work for them. Citizens of the #eu are going to need every single one of these exploits to circumvent this #euwallet
This is the single edge case in which ethical disclosure of software vulnerabilities works against the community. Let's STOP fixing this #software 🫡
-
E em0nm4stodon@infosec.exchange shared this topic
-
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker *crazed* hahahahahahaha
And these are the people that people in country keep putting in charge. Here in the USA, we are the example of what not to do. We should be a warning, not a model to follow.
-
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
Told you so…
-
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker
What I really don't understand, especially when it comes to security-relevant software, is why the code isn't reviewed and the software isn't tested by independent external experts before release? Such an embarrassing situation, just like in the case of the electronic patient record (ePa), could be avoided. -
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
@zackwhittaker
@EUCommission
@echo_pbreyerinstead of having age verification,
since we're supposedly pursuing online safety
why not take cues from industrial safety,
and mandate a BIG red button on a yellow background for every post/user/channel that when clicked,
immediately hides and unloads that post/user/channel's content for the person pressing it, with a pop-up to report the post/user/channel to the moderation staff of the service? -
Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/
(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/)
Awesome! The way I see it, an age verification app should be trivially breakable, and any kid who breaks it should have full adult privileges.
Start 'em Young!
