Doesn't work without a Google/Apple-tied device btw.
-
This effectively bans any user that doesn't use a Google/Apple-Account-tied smartphone from seeing any user-generated content - e.g. this post - ever again.
@pojntfx
But if you do use it you have lost privacy, Your information & identity can be exploited / controlled by government, corporations and criminals.Better to be without!
The limited to Android / iOS is the wrong argument, as that accepts what shouldn't exist at all, ever, anywhere.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx FYI it's been hacked already
Paul Moore - Security Consultant (@Paul_Reviews)
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Nitter (xcancel.com)
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx The Commission is seriously fueling anti-EU sentiment with this garbage.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx this bitches want to change the meaning od the word "open source" now. What a bunch of shameless parasites.
-
@pojntfx wait, is this a companion with a law? everything i can find is just about the app
@kirakira @pojntfx The relevant law is the Digital Services Act which requires that "Platforms must take measures to safeguard minors on their services, such as reducing the risks of exposure to age-inappropriate content like gambling or pornography. The DSA also introduces a complete ban on showing targeted advertisements to children."
The Digital Services Act
The Digital Services Act helps to make the online environment safe and trustworthy.
Shaping Europe’s digital future (digital-strategy.ec.europa.eu)
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx You see, it's really important for EU sovereignty that they're tying this to two US-based companies, their whims, and their—currently, very predictable, and just as reliable—government's whims. Very sovereign.
-
The same parents who aren’t able or willing to curb their own internet addiction are perplexed that their children are addicted, and so now we have a problematic implementation of age verification for minors (which isn’t even related to the issue of social media being toxically addictive). Amazing work EU.
Let's not victim-blame please.
Predatory companies with addictive algorithms are the issue here. Pointing fingers at parents is how we ended up here.
All we have to do is ban algorithms and/or for-profit social media. That's it. All problems solved overnight.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx This app is a joke, not speaking about the vulnerabilities it got as someone mentioned earlier
-
@ErikJonker @soulsource @pojntfx Mandatory age verification is hardly improving anything, esp. if tied to Google/Apple accounts. Also you can very easily lose your Google account and be effectively blocked out of all public discourse. This is garbage tech that should have never be allowed to exist.
@dukeboitans @soulsource @pojntfx ...I wish you lots of fun with all those people on mobile phones that are not using the Google or Apple platform there, it is an incredibly small niche. We can argue about the functionality, whether it is needed, useful but not any app that you can use on current smartphones in the Apple/Google ecosystem is inherently bad/garbage. Ofcourse you can be against age verification as such, there are arguments against that I agree, but many Parliaments want it.
-
@dukeboitans @soulsource @pojntfx ...I wish you lots of fun with all those people on mobile phones that are not using the Google or Apple platform there, it is an incredibly small niche. We can argue about the functionality, whether it is needed, useful but not any app that you can use on current smartphones in the Apple/Google ecosystem is inherently bad/garbage. Ofcourse you can be against age verification as such, there are arguments against that I agree, but many Parliaments want it.
@ErikJonker @soulsource @pojntfx We need portable software, a concept even older than me. This application could have been engineered to be portable from the start, instead they cheaped out, with hard requirements like having a Google/Apple smartphone. This is unacceptable.
-
@pojntfx This is something I'm also looking into as I've ordered a @jolla phone and so many government identity apps don't work on there. But this is novel terrain for everyone.
It might be arguable to say this amounts to granting special or exclusive rights to Apple and Google, which could be problematic under Article 106(2) TFEU. I'd also argue that it facilitates an abuse of dominance, in violation of Article 102 TFEU read together with Article 4(3) TEU.
GrapheneOS (@GrapheneOS@grapheneos.social)
GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.
GrapheneOS Mastodon (grapheneos.social)
-
@ErikJonker @soulsource @pojntfx We need portable software, a concept even older than me. This application could have been engineered to be portable from the start, instead they cheaped out, with hard requirements like having a Google/Apple smartphone. This is unacceptable.
@dukeboitans @soulsource @pojntfx ...sadly the current hardware of smartphones offers security features that are only available on Apple and Google platforms I understood (bad in itself I agree)
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx EU fails again in being European, tying again European citizens to an US duopoly.
Another loud epic failure. -
@khleedril @K4mpfie @ErikJonker @soulsource @pojntfx It is indeed not entirely coherent yet. I'd be interested to get more details on the technical background: why is a call to Apple and Google required for the moment? Is this to certify that it's the original, unchanged version of the app? And what's the open source alternative to that certification? Let me know if you can help, I'd like to work on a legal argument to open this up
@TimothyRoes @khleedril @K4mpfie @ErikJonker @soulsource @pojntfx I guess an alternative is described here: https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/issues/390
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx Product idea: a usb+nfc token (like Yubikey or other security keys), that runs Android in it to log in on banks and social medias from other platforms.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx the article linked says "the app works on any device – phone, tablet, computer, you name it". Do you have evidence that this isn’t true?
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx Our governments will not be satisfied until we're all treated like caged animals. Incredibly disappointing.
-
@TimothyRoes @khleedril @K4mpfie @ErikJonker @soulsource @pojntfx I guess an alternative is described here: https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/issues/390
@rainer @TimothyRoes @khleedril @K4mpfie @ErikJonker @pojntfx
Which also is system-specific and therefore not portable.
What we are dealing with is a trade-off between usability, security and portability. The current approach emphasises the first two strongly over the third.
Since this is a gate-keeper app, where everyone who does not have access will also not have access to certain websites, I think a higher priority should be given to portability, even if it lowers usability or security.
-
@dukeboitans @soulsource @pojntfx ...sadly the current hardware of smartphones offers security features that are only available on Apple and Google platforms I understood (bad in itself I agree)
@ErikJonker @dukeboitans @pojntfx Indeed. The trade-off would be to either have lower security (impersonation risk) or worse usability (e.g. 2-factor authentication).
Since age verification is going to be a gate-keeper that will lock out everyone who does not have access to a verification tool from large parts of the internet, I think it is at least worth considering the "worse usability" option as an alternative for users who do not have access to an Android/iOS phone with Device Attestation.
-
@ErikJonker @dukeboitans @pojntfx Indeed. The trade-off would be to either have lower security (impersonation risk) or worse usability (e.g. 2-factor authentication).
Since age verification is going to be a gate-keeper that will lock out everyone who does not have access to a verification tool from large parts of the internet, I think it is at least worth considering the "worse usability" option as an alternative for users who do not have access to an Android/iOS phone with Device Attestation.
@ErikJonker @dukeboitans @pojntfx Thinking about it: The press statement mentions that desktop platforms will be supported.
So, if we take that seriously, and considering that this is just the start, then I guess we can later expect a desktop application, or even a website, that does exactly that: Trade usability for portability.
Similarly to how the ID Austria is handled: You can either use the Android/iOS app (easy to use, non-portable), or use a FIDO token (portable, but worse usability).
