EU Age Control: The trojan horse for digital IDs

And if you want an example of who has the power these days, I've encountered airport shops that are "take it leave it" (WHSmith in Spain in fact). I was told they can't require my boarding pass, but they won't sell me anything without it... (There was no language barrier)

Or using social media, signing up for any account where you can post content, and soon creating an account on your own device.

As for why would they, the same reason there are hundreds of tracking cookies on every site.

Consider that stores create reward point systems specifically for the purpose of connecting a customer profile to purchases.

they don't know necessary who are you and what are you buying. I don't think also for big shops with many customers that techonology and reliably do instance segmentation - this is not face id.

> I expect deadlines to be missed

My experience working on software for the German public sector sadly agrees with this assesment. Let's hope at least eventually something will work.

I'm not sure I understand your last para. Care to elaborate?

This "they'll just use a vpn" argument is infuriating to me because it's being used to downplay intrusive laws and make them more palatable. The obvious next step (the UK already hinted at it after the online safety act) is forcing VPNs to do ID verification.

The EU's own experts have modeled it. At least that's my understanding of what they are saying in their "Privacy risks and mitigation" document [1].

Section 5 mentions that this issue could be mitigated at some point in the future by using ZKPs, but here's what they're saying about the status of this ZKP integration:

"This topic will be revisited in Topic G to determine the foundational requirements needed for its future integration"

Doesn't sound like this will be implemented any time soon.

[1] https://eudi.dev/2.5.0/discussion-topics/a-privacy-risks-and...

> Many Americans don't even have ID

I don't believe this. "Many" perhaps in raw out-of-context numbers but as a percentage of the population, very few functioning, self-supporting and employed adults in America do not have an ID. It's simply not possible to participate in society without one. You need an ID to register a car, to drive, to vote, to bank, to get a job, to buy a house, to rent an apartment, to get water, power, gas, internet....

If you don't have an ID, you are either a child, or you are deliberately trying to exist off the record. I.e. you are here illegally or you have chosen some very fringe antisocial survivalist offgrid way of living.

Relax, it would probably buit by Palantir and operated by Meta /s.

What surveillance capacity? In what way does the spec build surveillance capacity?

In Latvia we've had digital id for close to 20 years. Banks mostly use their own auth, some rely on digital id. No travel service has ever wanted me to use digital id, let alone any other kind of shopping. What we use it for is access to government resources, and signing digital documents. I trust this system WAY more than whatever some company comes up with.

"They" will make it mandatory? Who is they?

How will the current approach result in total surveillance?

I would much prefer hotels would have a scanner which just transmits the bare minimum of identifiable information from the ID instead of it being completely normalized in many countries/hotels that they take your ID card and scan the full thing.

Can you explain to me, how with an eID one would be prevented from communicating with anyone or buying food?

> And if you happen to land on their "bad" list (which eventually everyone will), you're locked out of life completely. No banking, no traveling, no communication with anyone, no buying food, nothing.

Not really. Government is not Big Tech. This happens with accounts of some tech companies precisely because they're private entities setting their own rules in the still wild "wild west" of the Internet. Governments set laws and processes to ensure the things you mentioned do not happen, except in very specific circumstances.

Think of it this way: being "locked out of life completely", resulting in "no banking, no traveling, no communication", etc. is not a new problem. In the off-line world we call that being sanctioned, imprisoned, deprived of personal freedoms, etc. Yes, it happens to some people, but usually for very specific reasons (called "crimes"), after a lengthy bureaucratic process (called "trial" and "sentencing"), with plenty of safeguards to catch and rectify mistakes during and after the fact (like "legal defenses", "appeals", or even "journalists"). It is not something you normally worry about.

Humanity has worked out best practices for these thing over thousands of years of various tribes and nations and governments forming, disbanding, collapsing, emerging, conquering or becoming conquered. Adding electronic IDs on top does not change the nature of the thing. So you won't get locked out of life for posting the wrong emoji in a tax report comment; that would be like being thrown to prison for drawing something on a government form - or rather, if that's even remotely possible in your country, you have much bigger problems than digital IDs, and your best move would be to emigrate somewhere sane before borders close or civil war starts.

Plenty of other things to worry about here (e.g. ID checks suddenly being required by every business, just because it's zero effort to them for some marginal KYC benefit), but getting banned from life due to ToS violation is not one of them.

They already do this. KYC, and similar laws. You can't open a bank account in 2026 (at least in the USA) without ID. You can't get credit, open an investment account, buy a house, vote, or be employed without an ID.

A proper digital ID would eliminate a lot of problems we now have with identity theft, having to obsessively protect names, dates of birth, SSNs in our databases (these things were not considered secrets in the pre-internet era).

Yes, we need to be vigilant about freedoms and privacy. But the idea of a government-issued ID that "proves" who you are is not new and I struggle to think of any way identity can be "proven" without a central issuing authority.

>The problem is what follows

Does it actually follow? It's there for 25 years in some European countries and "everyone" isn't on a government bad list dying of hunger.

This is the way.

Cards are significantly different from a token in a phone:

1. They are physically separate. They are not likely to be stolen at the same time as a phone. 2. They do not require battery.

Cash has the same advantages, but even more so as it does not rely on networks at all.

If you only have phones as a means of payment what do you do if you phone is lost, stolen or out of battery? How do you even buy a new phone!?

I think phasing out cash is very short sighted. It is robust and reliable. There is a good reason the Swedish central bank recently recommended that people keep a certain amount of cash at home (1,000 SEK, equivalent to about £80/$108/94 EUR, per adult).

I use credit cards online all the time. I have logins for government services so I do not need to queue (I had to verify my ID using an app once for one of them). Getting a new driving license (for a change of address) was done online.

But you CAN use them online. Smart card readers are nothing new, and quite cheap.

For one thing, it increases resilience in the event of outages. It is a tangible aspect - just like citizens are encouraged to keep cash at home at least in my country (Sweden)

I doubt everyone will still be carrying phones as we know them in a decade, so we might indeed be headed for a future where governments keep giant databases of biometric information. Works OK if you trust your government to handle that properly and not abuse it in the future. The real headache is crossing borders, where your details end up in the hands of a foreign state.

I don’t see why they would bother with physical tokens nor would they be popular - things like passports are really quite expensive to manage and largely unecessary these days.

OK. I'll bite. Why are they unnecessary?

Passports have two things. They have information on them, which can be read by looking at them. And they have information on them in chip form, which can be scanned, and is also cryptographically signed by the issuing authority (eg, a government).

To verify a passport you can look at it visually, but you can also scan and validate the info, including photo, in digital form. All you need is the CSCA, the 'country signing certificate' to do so, and there aren't may of those. Small readers exist which are updated with these certs, and so even in the middle of a war zone, with RF jamming, you can verify a country signed what you're looking at.

Relying upon the Internet being there for ID purposes is a massive fail. You'd don't need a networked reachable database to validate that your ID is valid, in a digital way, which can be really helpful with 1M refugees show up at your door during a war, or when the capital city of the issuing nation has been bombed.

You may think this unimportant, but the edge cases are what 99.999% uptime is all about. And the edge cases with ID really need 100% uptime. The last thing you need during a natural disaster is an inability to ... well, do anything.

So even if you have biometric methods to identify someone, you'll also want a local, on person method which has those on chip, and signed by a government saying who you are.

Having ID network connected is also a massive, huge, immense fail. There should be no network connected databases of anything about anyone, in any form. Why? It'll be hacked. This will never, ever, ever change. Never. Paper records can't be hacked en masse, and you can get the same protections by storing records on individual chips with other associated info in paper form.

Dismantling this infrastructure and replacing it with buggy, hackable, online databases just to get digital ID verification is a complete move in the wrong direction. Verifying digitally signed information is not.

And passports can be scanned by phones.

Which means that the info, cryptographically signed, can be verified by anyone in the world too.

Really, what we need is to have everyone chipped, like a pet. Because that's where this ends up, and that's also the only way to always have your ID with you.

As a snarky aside, I've spent my entire life interacting with society all the time, yet only in the last decade has it been necessary to be "carded" constantly to do so. We've literally taken a privacy conscious society, and turned it into a nightmare. I'm identified when I go buy a loaf of bread, the most dystopian, totalitarian government anyone could ever conceive of, is a joke compared to the amount of control and tracking now exercised over people's lives.

So I guess my point is...

If it's annoying and difficult to have to carry around a physical identifier of who you are? And use it regularly?

Why is the solution to make it easier to submit to slavery?

Think that's an over the top statement?

We all know how the US government has pivoted on many things during the current administration. We also know it has had, and continues to have (via private enterprise) a robust degree of information about every fiscal transaction made.

If you look at the McCarthy hearings, they literally went so far as to find documents from decades prior, paper records of course, of people joining socialist clubs in university. Eg, simply sign-in sheets, or their names listed in the minutes of such orgs.

Decades later, that information was used to blacklist careers, destroy lives, not for any proof of malfeasance by those accused, but simply because they were curious in college about socialism.

Those same accused were then used to "name names".

My point is, from the financial data currently being stored about people, anything that makes you stand out in any way could be turned into a problem 10 years down the road. Not to mention, how credit card usage, and digital tracking, and location tracking might hit some pattern.

No one who lived through the McCarthy hearings, just watching them, or lived through how Germany or Russia controlled the lives of their citizens, would ever think any of this increased fingerprint of people is a good idea.

It's all just very dumb. And it will not end well at all.

This is not the same. For instance, we can access the internet without needing that ID. But right now there are attempts to force a digital ID in order to access information on the www - this is the whole idea behind "age verification". The kids are just used as excuse here. It has never been about the kids.

Most passports in post 9/11 world have a chip. Thanks America!

Yes, obviously, the Romanian supreme court having to overturn and annul a presidential election due to Russian social media inference is entirely made up propaganda.

> "none of those supposed networks exists"

Countries have been interfering in the internal workings of other countries for centuries, if not millennia. If you want to read up on more recent accounts of this, many of which predate social media, the book Active Measures by Thomas Rid is a good place to start.

Or you can continue to think that this is all just made up "propaganda" and we're all fools, but you alone have seen the light.

Russian "bot farms" are investigated quite well. Usually they operate in Russian-speaking sides of platforms but sometimes they go "foreign". I agree that impact of those might be exaggerated but it's hard to measure in the first place.

Many of the proposed EU digital solutions require a Google or Apple verified phone. This makes escaping American companies difficult.

> I don't like the far right cesspool of 4chan, but can't disagree with their position that they shouldn't have to care about OFCOM.

While I agree with this statement, I thought there was some kind of requirement that OFCOM goes through a process like this before being allowed to ask for a domain to be blocked in the UK?

The latter is, I think, something OFCOM should be allowed to do with a restriction that it can only come after other options fail.

You couldn't be more wrong. There's no equal footing when propaganda buys you thousands of bots to parrot what you want on every related post. And there is no ability to "reach everyone" when intransparent algorithms decide what reaches who. Moreover, some kind of content is explicitly suppressed and censored.

I will agree that governments are happy to bend the knee to corporations. But corporations control social media, so why would the corporations themselves not further their agenda using the platforms they control? Be that simply letting chaos ensue (see the UK Southport riots that were sparked by a "news story" from Pakistan) or from tuning the algorithms directly.

People have control over their government, at least in democracies that are functioning to a basic level (see Hungary recently). But they have zero control over social media, in fact the only organisations that can control global billion dollar tech companies are nation state governments...

It could be both

they have the lowest approval ratings and legitimization in over half a century, because they're making everything shittier and shittier to the benefit of their corporate overlords.

*invited to attend a hearing* after they could no longer ignore the fact the guy is openly selling (and previously posting) CSAM based on the real kids?

That would be a very gentle way to express hurt feelings, not the way to treat a guy who knowingly does that.

The problem is not about the data being correct or not, it's about its existence in the first place.

Why would you correct data about you very own surveillance ?

I mean that there is a big difference between a state automatically providing your data to any other state while having "their database disconnected" - and a human operator in the loop and an administrative verification of the appropriate access ;

For example this would allow a state to refuse access to the PI of their citizens for cases that are not administratively documented. This forces the access audit sufficiently that a malign actor cannot simply request data for a citizen without having probable cause ; another vector we want to protect ourselves against is simply the psycho/sociopaths that have access to these data without surveillance.

They require access to computers at home because the teachers send the homework per web platform.

Also the class schedule including the substitutes are communicated per smartphone app

Yes the bigger problem is those schools often provide them with chromebooks with are mass surveilance devices in disguise :'(