Hacker News

If you want an example of how this will be abused by companies, https://www.theguardian.com/money/2015/aug/12/airport-shops-...

Why would they? The only reasons to show ID I can think of is when watching porn or maybe when buying alcohol online, though I doubt stores will want to risk driving customers away with that.

Yeah, imagine if every convenience store had CCTV security filming everyone 24/7.

Oh, wait...

And unlike in the real world, there's little to no real benefit to it online.

What value is there to industrializing any of this? Kids who will pay someone for their age tokens to watch porn or create social media would probably be smart enough to download a free VPN instead.

Even in the very worst case scenario for the designers of this system, where large amounts of people manage to extract their tokens and hand them out for free, the downsides everyone fears won't apply anymore. I think a lot of people might be happy about that.

The article is actually one of the better ones I've read. The technical analysis is somewhat above my head, but appears reasonable, and it is suggesting solutions in some cases rather than just dismissing the concerns of parents, and going full privacy nut about our democratically elected governments.

All i would say is that the solution doesn't need to be 100% effective. The same as real world "age gates" or ID verification (which is just some random person looking at your ID in most cases) are not.

The precedent set -- that everything online should NOT be immediately accessible to children -- provides parents (the ones that care at least) with some backup when trying to raise their children. Ultimately society as a whole is responsible children, and i don't want to live in a society that thinks it is fine for kids to scroll any content on social media and watch porn as soon as they are able to work out how to use a smartphone.

The replay attack mentioned may always be a loophole, I'm not sure. But any site hosting the replay attacks should be targeted for shutdown/blocking. The "source" ID must come from somewhere as well, so that could be a route to shutting them down (there are 100's of age verification requests against one ID each day, that's a bit weird...).

If parents are helping their kids bypass age gates or straight up don't care their 11 year old is watching porn, then there is not much to be done in that case. The key thing should be keeping the majority of children in compliance to give cover to the parents that do care. Not giving all the power to bad parents and social media companies as is the situation the moment.

Age verification has taken about three or four years to reach the concept stage, and that's the first stage that will be rolled out.

The legal framework behind all this was released all the way back in 2014 and has been officially adopted ten years later.

Officially, by December 2026, each member state must have at least one official wallet solution available for its citizens.

That said, eIDAS 2.0 also mandated that, as of this year, whatever Slovak digital identity solution has been rolled out so far must also work in other member states. In my experience, different governments adopt different foreign identity services at different paces, most of them seemingly missing the deadline.

Banks and other private institutions permitted to ask for ID are supposed to accept the wallet solutions by late 2027.

I expect deadlines to be missed given we've barely gotten the age verification PoC done, but with the groundwork laid out, things might just work out.

To be fair to some of them, across the Atlantic the Americans are implementing similar laws in absolutely ridiculous ways.

Many Americans don't even have ID (and plenty of those are reluctant to the general concept of any kind of government ID), let alone any kind of digital ID. However, their governments are pushing frankly weird and absurd ID verification laws to businesses online. Meta seems to be bankrolling lobbying around these laws, so whatever their game is, it's probably very bad for normal people.

If you're coming from a place where the government tells companies they need to set up a system or hire private companies to verify users' ages without providing any kind of official mechanism themselves, leading to ridiculous hacks from cheap and incompetent "age verification" companies, I can understand why the European system seems absurd.

If the US is going to adopt their weird age verification laws, the least they could do is fork the European system already laid out for them. Put a little American flag on it, call it "America First Christian Age Truthness" or whatever the people in charge like, but at least keep the basic privacy properties intact.

Just because the government is not out to get you at this exact moment doesn't mean that a future government won't be. Surveillance capacity seems to be a one way ratchet.

The problem is what follows. They will make it mandatory to use the electronic ID to do anything, resulting in total surveillance. And if you happen to land on their "bad" list (which eventually everyone will), you're locked out of life completely. No banking, no traveling, no communication with anyone, no buying food, nothing.

I don’t see why they would bother with physical tokens nor would they be popular - things like passports are really quite expensive to manage and largely unecessary these days. An app or identity on people’s phone might be a good stopgap.

However I suspect biometric methods of id verification will render carrying anything redundant long term.

The databases for digital id already exist, they’re just not fully utilised yet and these databases will always be centralised.

Many EU countries already issue a chipcard IDs which can be used to auth for government services (via NFC or a dedicated reader).

So yeah, I'd expect those to move to a phone as an alternative to the card

Yes and I find this deeply wrong - what politician would you trust with this decision? Debanking is also wrong in my view.

I think we should focus on laws against things like that which lead to tyranny rather than attempting to stop progress.

Cash in particular is expensive to produce/process and no longer honours the promise printed on it, it will be phased out as the transactions with it approach 0%.

Cards are really no different than a token in a phone and don’t work for long either in the absence of a network (both will work offline but do need to be reconciled). I haven’t habitually carried a card in about a decade, I think for similar reasons to cash they will die off by general consensus.

The drawback of physical tokens is that you can't use them online. I don't want to spend an hour waiting in queue at the city hall for something I can do online in 10 minutes.

The ideal state is having both physical and digital ID. But that will lead to a slow erosion of the willingness to carry physical ID, even if it stays available (which I believe it will for many decades. Even if national ID cards and drivers licenses were to go digital only, passports won't)

Sure, I meant disabling without replacement, making someone an unperson. Obviously updates and replacements would be required as with passports.

I don’t think governments should be allowed to do that. They do it with passports and I think it’s deeply wrong but also it would be far more damaging and immediate with a digital id (which will inevitably be used for a lot of services) - similar to being refused a bank account.

> I can not pay with a bank note suddenly?

In some places you cannot. I was in London post-COVID and there were a bunch of tourist things, like a riverboat on the Thames, where you could only pay with a card. Went to a craft cider bar out in the countryside and again, they didn’t accept cash. Personally, I think businesses should be forced to accept all legal tender, which means cash stays as a first class payment method, but that’s not how it is in many places.

On the other hand, in Austria there are many places that are cash only, especially small restaurants in the countryside or community sporting events with coffee bars.

The bot problem is solvable by using a web of trust system. You don't need a digital ID for that (i.e. you don't need to tie your digital world identity to a real world identity, nor you need a central agency to manage these).

In web of trust, anyone could publicly certify who they know is a real person (i.e. validate a link from their id to another id). Then, if you received a message from someone, the system would find the path in the graph of real people you trust, to determine the trustworthiness of the source. So if the account is a bot, there would be no path from it to you in the trust graph.

The advantage is that everyone could supply their own subjective trustworthiness score, altering the graph. They could even publish it, so that other people could use trustworthiness assesment of accounts they personally trust.

The big issue with a system of web of trust is that it is too efficient, and just kills commercial advertising (and also propaganda). Because that is all about overcoming the natural web of trust that humans have.

Then the politicians should be honest about this goal. The best way to solve a problem requires understanding what the problem is. If we pretend to solve another problem, the solution for the actual will be less than ideal.

>Some of the biggest social media influencer accounts turns out to be Chinese/Russian bots trying to fuel hate/division our democracies

This is propaganda, none of those supposed networks exists or were successful in anything and when the media do show some supposed accounts they don't have a lot of views. Please stop falling for this, your democracy sucks because the politicians suck and the people want change so they turn to extremist parties.

Yes. Control of information and citizen's behaviour is a higher priority for them than sovereignty.

What are you referencing here?

This has been noticeable since Tahrir square; I used to say that Twitter gives you a revolution whether you need it or not.

But it's becoming increasingly clear how badly compromised the whole thing is with fake opinions and enemy propaganda.

I don't like either of the options. I don't like control by the state, and I don't like control by mad billionaires. I don't like the far right cesspool of 4chan, but can't disagree with their position that they shouldn't have to care about OFCOM.

>My government has been talking for a while making the case that social media use makes us dumber, sadder, and more scared. I believe it's true that they also see that playing out in elections, but that's not where they want to solve a problem.

The governments themselves are "dumber, sadder, and more scared". They are worried because social media puts regular people talking on equal footing to official propagandas (being able to reach everybody else). That's what they fear, because they have the lowest approval ratings and legitimization in over half a century, and they're also making everything shittier and shittier to the benefit of their corporate overlords.

What do you mean by "control" here? It's my understanding that EU law afford citizens the right to correct data that is wrong about them.