Doesn't work without a Google/Apple-tied device btw.
-
@pojntfx wait, is this a companion with a law? everything i can find is just about the app
@kirakira @pojntfx The relevant law is the Digital Services Act which requires that "Platforms must take measures to safeguard minors on their services, such as reducing the risks of exposure to age-inappropriate content like gambling or pornography. The DSA also introduces a complete ban on showing targeted advertisements to children."
The Digital Services Act
The Digital Services Act helps to make the online environment safe and trustworthy.
Shaping Europe’s digital future (digital-strategy.ec.europa.eu)
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx You see, it's really important for EU sovereignty that they're tying this to two US-based companies, their whims, and their—currently, very predictable, and just as reliable—government's whims. Very sovereign.
-
The same parents who aren’t able or willing to curb their own internet addiction are perplexed that their children are addicted, and so now we have a problematic implementation of age verification for minors (which isn’t even related to the issue of social media being toxically addictive). Amazing work EU.
Let's not victim-blame please.
Predatory companies with addictive algorithms are the issue here. Pointing fingers at parents is how we ended up here.
All we have to do is ban algorithms and/or for-profit social media. That's it. All problems solved overnight.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx This app is a joke, not speaking about the vulnerabilities it got as someone mentioned earlier
-
@ErikJonker @soulsource @pojntfx Mandatory age verification is hardly improving anything, esp. if tied to Google/Apple accounts. Also you can very easily lose your Google account and be effectively blocked out of all public discourse. This is garbage tech that should have never be allowed to exist.
@dukeboitans @soulsource @pojntfx ...I wish you lots of fun with all those people on mobile phones that are not using the Google or Apple platform there, it is an incredibly small niche. We can argue about the functionality, whether it is needed, useful but not any app that you can use on current smartphones in the Apple/Google ecosystem is inherently bad/garbage. Ofcourse you can be against age verification as such, there are arguments against that I agree, but many Parliaments want it.
-
@dukeboitans @soulsource @pojntfx ...I wish you lots of fun with all those people on mobile phones that are not using the Google or Apple platform there, it is an incredibly small niche. We can argue about the functionality, whether it is needed, useful but not any app that you can use on current smartphones in the Apple/Google ecosystem is inherently bad/garbage. Ofcourse you can be against age verification as such, there are arguments against that I agree, but many Parliaments want it.
@ErikJonker @soulsource @pojntfx We need portable software, a concept even older than me. This application could have been engineered to be portable from the start, instead they cheaped out, with hard requirements like having a Google/Apple smartphone. This is unacceptable.
-
@pojntfx This is something I'm also looking into as I've ordered a @jolla phone and so many government identity apps don't work on there. But this is novel terrain for everyone.
It might be arguable to say this amounts to granting special or exclusive rights to Apple and Google, which could be problematic under Article 106(2) TFEU. I'd also argue that it facilitates an abuse of dominance, in violation of Article 102 TFEU read together with Article 4(3) TEU.
GrapheneOS (@GrapheneOS@grapheneos.social)
GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.
GrapheneOS Mastodon (grapheneos.social)
-
@ErikJonker @soulsource @pojntfx We need portable software, a concept even older than me. This application could have been engineered to be portable from the start, instead they cheaped out, with hard requirements like having a Google/Apple smartphone. This is unacceptable.
@dukeboitans @soulsource @pojntfx ...sadly the current hardware of smartphones offers security features that are only available on Apple and Google platforms I understood (bad in itself I agree)
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx EU fails again in being European, tying again European citizens to an US duopoly.
Another loud epic failure. -
@khleedril @K4mpfie @ErikJonker @soulsource @pojntfx It is indeed not entirely coherent yet. I'd be interested to get more details on the technical background: why is a call to Apple and Google required for the moment? Is this to certify that it's the original, unchanged version of the app? And what's the open source alternative to that certification? Let me know if you can help, I'd like to work on a legal argument to open this up
@TimothyRoes @khleedril @K4mpfie @ErikJonker @soulsource @pojntfx I guess an alternative is described here: https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/issues/390
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx Product idea: a usb+nfc token (like Yubikey or other security keys), that runs Android in it to log in on banks and social medias from other platforms.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx the article linked says "the app works on any device – phone, tablet, computer, you name it". Do you have evidence that this isn’t true?
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx Our governments will not be satisfied until we're all treated like caged animals. Incredibly disappointing.
-
@TimothyRoes @khleedril @K4mpfie @ErikJonker @soulsource @pojntfx I guess an alternative is described here: https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/issues/390
@rainer @TimothyRoes @khleedril @K4mpfie @ErikJonker @pojntfx
Which also is system-specific and therefore not portable.
What we are dealing with is a trade-off between usability, security and portability. The current approach emphasises the first two strongly over the third.
Since this is a gate-keeper app, where everyone who does not have access will also not have access to certain websites, I think a higher priority should be given to portability, even if it lowers usability or security.
-
@dukeboitans @soulsource @pojntfx ...sadly the current hardware of smartphones offers security features that are only available on Apple and Google platforms I understood (bad in itself I agree)
@ErikJonker @dukeboitans @pojntfx Indeed. The trade-off would be to either have lower security (impersonation risk) or worse usability (e.g. 2-factor authentication).
Since age verification is going to be a gate-keeper that will lock out everyone who does not have access to a verification tool from large parts of the internet, I think it is at least worth considering the "worse usability" option as an alternative for users who do not have access to an Android/iOS phone with Device Attestation.
-
@ErikJonker @dukeboitans @pojntfx Indeed. The trade-off would be to either have lower security (impersonation risk) or worse usability (e.g. 2-factor authentication).
Since age verification is going to be a gate-keeper that will lock out everyone who does not have access to a verification tool from large parts of the internet, I think it is at least worth considering the "worse usability" option as an alternative for users who do not have access to an Android/iOS phone with Device Attestation.
@ErikJonker @dukeboitans @pojntfx Thinking about it: The press statement mentions that desktop platforms will be supported.
So, if we take that seriously, and considering that this is just the start, then I guess we can later expect a desktop application, or even a website, that does exactly that: Trade usability for portability.
Similarly to how the ID Austria is handled: You can either use the Android/iOS app (easy to use, non-portable), or use a FIDO token (portable, but worse usability).
-
@pojntfx have you found in the code hard dependencies that can't be abstracted and satisfied with alternatives? I checked it quickly and the reference implementation looks very flexible and modular, so if a government wants to build it also for other OS it should be doable but I'm not 100% sure, that's why I am asking if you found road blockers in the repo?
@luboganev @pojntfx If I understand correctly (big if
), there is no strict requirement to use Play Integrity API (which excludes even GrapheneOS), but has been interpreted as such by some national implementations:
https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/issues/287#issuecomment-3008971704 -
@rainer @TimothyRoes @khleedril @K4mpfie @ErikJonker @pojntfx
Which also is system-specific and therefore not portable.
What we are dealing with is a trade-off between usability, security and portability. The current approach emphasises the first two strongly over the third.
Since this is a gate-keeper app, where everyone who does not have access will also not have access to certain websites, I think a higher priority should be given to portability, even if it lowers usability or security.
@soulsource @TimothyRoes @khleedril @K4mpfie @ErikJonker @pojntfx
This hardware attestation is Android-specific, but at least not tied to Google. That fixes a major problem for a major platform. One still needs a solution for serving the rest of the market in a similarly acceptable way, of course.
-
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx A la unión Europea no le importa la seguridad de la infancia. Solo es una excusa
https://mastodon.social/@SecoasecasMouse/116419991571625677 -
RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749
Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.
@pojntfx That post is also very funny. I agree with the first two sentences but then come to the exact opposite conclusion 🫠
