[EmbarrassedHelp]

According to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.

These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.

[godelski]

  > It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".

Regulatory capture at its finest. Such a ruling gives Apple and Google a duopoly over the market.

Maybe worse, it encourages the push of personal computers to be more mobile like (the fact that we treat phones as different from computers is already a silly concept).

So when are we going to build a new internet? Anyone playing around with things like Reticulum? LoRA? Mesh networks?

[freakynit]

"Anyone playing around with things like Reticulum? LoRA? Mesh networks?"

I'm curious about the 'day after' scenario: what's the move if the state decides to regulate these into "illegality" because they bypass official channels? We have to remember that the devices aren't the problem... the real hurdle is the bureaucratic gatekeeping of communication. The problem are people, not devices.

[godelski]

It could be a difficult battle for them to fight. We'd just have to make it too costly. Make them go hunt down all the relays. Scatter them everywhere. A $5 ESP32 isn't a good relay but they still have to hunt it down and that'll cost a lot more than $5.

So the answer is the same as any war: you make it too expensive to keep fighting. It's the same reason a bunch of barely trained people in the desert won a war against a force with far greater military power. It's the same reason a bunch of jungle people defeated the country that just won a world war. It's also the same reason a bunch of rednecks defeated the largest military in the world (at the time) and were able to create an even larger empire.

It's not hard to make them give up. It's going to be a cat and mouse game but it already is

[theodric]

I appreciate what you're trying to say, but here's a counter-example: .22lr ammunition is also extremely inexpensive per unit, but I can't buy that at all in Ireland without extensive, recurring background checks and a demonstrated continuing need for access. If a government decides you don't get to have something, they are well within their power to effectively eliminate it. I can no more make an ESP32 at home than ammunition. I reckon it's harder, in fact.

[To the government Cornholio reading this and panicking because I mentioned a gun thing: no, I'm not threatening you.]

[leoedin]

As long as there's a country willing to build and sell ESP32s, I think it would be fairly easy to get hold of them. How does a customs agent distinguish between an ESP32 and another microcontroller? These things are in every gadget. Is a government really going to ban all electronics?

Just look at how ineffective governments are at stopping drugs. If people are motivated to smuggle things, they will. Is there going to be a booming black market in ESP32s? Probably not. But will motivated people manage to import them? Almost certainly.

[theodric]

The power imbalance is not in favor of the individual citizen. Fairly simple to enact a law saying "unlicenced importation of electronic devices is an offence", only license major retailers, and have Customs seize anything that doesn't come with the right paperwork attached (which they already do). Drugs are far easier to make than silicon chips, despite how clever people like Sam Zeloof may be.

To have a firearms permit here, I need a "Good Reason" - that's the language from the law verbatim. "I like guns" is not a Good Reason. In that vein, what would be your Good Reason for receiving an import license to bring in technology which is apparently widely used by radicals to defy duly-ratified legislation about communications visibility and enable the creation of side channels which break the law and can be used to proliferate CSAM, drugs, and terrorism? I'm sure any sane person would agree that those are bad things which need to be stopped. Perhaps you should take up a different hobby, like jogging.

And there we have it!

[godelski]

First off, guns aren't a subcomponent of a vast majority of modern items. The ESP32 was an example but the reality is anything with a radio. Be it WiFi, Bluetooth, or anything.

Second off, guns are incredibly easy to make. Easy enough that they make them in prisons and Japan. But you know what's a million times easier than that? Radio. It's a common first electronics project. You can literally make it out of a few resisters, capacitors, and some wire.

Literally the cost of fighting this type of technology is taking down all wireless infrastructure. ALL of it. And even then it's still a god awfully expensive thing to fight because anyone with a hot pointy object, an electricity source, and some things that are slightly bad at conducting electricity can make a radio

[bondarchuk]

>As long as there's a country willing to build and sell ESP32s, I think it would be fairly easy to get hold of them.

You could say the same about firearms.

>Is a government really going to ban all electronics?

All electronics that can be freely programmed by the owner, not impossible.

[miki123211]

There's not enough people to care.

They have the propaganda advantage (think of the children, those who undermine the system are pedophiles by definition). They have the law (just reclassify such activity as aiding and abetting the distribution of child pornography). They have the scare tactics (nobody wants 30 years in prison and an entry on the sexual offender's register).

This war will be won with words and at most a few arrests, just to make an example, just like the war on terror and anonymous financial activity.

Privacy just doesn't matter for 99+% of the population as much as we think, which is very much unlike piracy or drugs for example. If this wasn't the case, we'd all be using Signal and Monero right now.

[godelski]

  > There's not enough people to care.

You'd be surprised at how few people it takes. You don't even need 10% of the population.

But what, you're going to give up without a fight?

Even if you won't fight then why fight for your enemy by telling others not to fight?

[freakynit]

This comes to mind at once: https://meshtastic.org/

But yes, your point is largely valid as long as enough people are willing to jump the ship.

[godelski]

So does the original thing I mentioned

https://reticulum.network/

[notyourwork]

Anyone remember when the discussions about classifying the internet as a utility and Akit’s stupid Reese cup coffee mug. It feels so long ago given how much has transpired since.

[m4rtink]

MeshCore is spreading quite rapidly - it uses solar powered repeaters and that helps a lot. :)

[godelski]

I'm kinda sold by reticulum since it's independent of a lot of factors. You can also bridge it with meshcore or meshtastic.

[m4rtink]

Yeah, there is definitely more projects now & they seem to be evolving quite rapidly. :)

[layla5alive]

"Bypass official channels!?" The overton window has moved so far!!!!

[briHass]

This is exactly the argument that is (correctly) levied against firearm restrictions.

[ndsipa_pomu]

> So when are we going to build a new internet?

Finally, the year of IPFS. Government messing too much with the internet will end up pushing people to use more "dangerous" internets that are completely unregulated and that is surely the opposite of the the stated purpose to protect young people.

[Hizonner]

IPFS doesn't even try to do any kind of anonymity or censorship resistance. In a practical sense it's probably worse than BitTorrent, although neither one of them is up to the task. Actually resilient data distribution is hard, and I don't think there are any systems that have all the needed elements.

... and if you create one, they can, and it's starting to look like they will, outlaw using it, regardless of what you use it for.

[ndsipa_pomu]

I should have said "I2P" instead of "IPFS".

[mapt]

https://www.youtube.com/watch?v=XTnYVh7K6xQ

There are (to make up a number) ten desirable properties of the modern internet, and so far it's "Pick two", but novel combinations of the things you mentioned offer "Pick three" or possibly "Pick four" if adoption picks up.

For text, phone, and even image communication in urban and suburban areas, it sounds like there's real promise here. But we're not going to achieve parity with a global fiber + datacenter network by any means.

You don't need all ten to, say, organize a revolt.

[godelski]

Hell, I don't know why we don't just start building a guerrilla network around the Bay. Just start gluing repeaters to things. You could do LoRA like in that video but even WiFi has decent range. Maybe not in the km range but it's also a $5 device. And we don't need to limit ourselves to that cheap of stuff.

We don't need to replace global fiber, we just need to demonstrate enough to inspire others. I'd be perfectly happy if we got just an old web text only system up.

Honestly, would be a lot easier if we could get encryption rules lifted from HAM operations. That's what's needed for long range, even if we won't get the high data rates. We don't need a YouTube to make a difference

[forgetfreeman]

A new internet to do what? What is the proposed goal of a new network?

[verisimi]

I would assume it would be not be regulated by government, so without constraints on age, restrictions on what you can do - you know, like reality.

And I know that government attempts to regulate reality too, but if you drive at 35 where the limit is 30, or speak to someone dodgy to get some marijuana or whatever, and get away with these and other heinous crimes, you're good!

The distinction really is whether you bake regulation into the technology or not. And it seems that technology is actually the new legal system. Or perhaps that should be the 'pre-legal system' as it won't allow you to do those things it determines as 'wrong'. Which is absolutely fine if you think government really does know best, or hell on earth for everyone else.

[forgetfreeman]

The last 35 years have very vividly demonstrated that there needs to be some adults in the room. Without exception every major tech company has implemented practices so overtly hostile to the userbase that the government has been more or less forced to get involved, mostly in the form of fines that have done very little to disincentivize whatever problematic bullshit the company in question was originally caught at. Suggesting that even less regulation would somehow magically cause tech firms to align goals with their userbase seems baseless to say the least.

[verisimi]

You seem to think that government and corporations are on opposing sides. I don't think this is the case. Governments want the data corporations collect. Both are encouraging the other. There are no adults in the room. Having (corporate or government) children in control of that every individual's private information won't help.

[forgetfreeman]

I assure you I think no such thing. I am painfully aware of legislative capture. Proposing an environment where we go from shitty, poorly enforced regulation to none at all solves nothing. It's also worth pointing out that government performing poorly is an indictment of the individuals elected to govern, not the concept of governance.

[godelski]

The internet is a global communication system. So to do what? To do exactly that. The difference though is that it isn't controlled by anyone. It doesn't need to be, so no one needs to have that power, no one should have that power. A global communication system where conversations are private by default, just like they are online.

The problem with the current system is that the information was just too free. You could just drop in on anyone's conversation, like it or not. People started hoarding that information and look what we got: surveillance capitalism. The system reinforces itself to watch you, to tell you what to do, what to think, not just what to buy. And the system just wants to keep growing, so it's just going to continue to do that more and more. Sure, there's some nice things we get for the loss of all our privacy, but it comes at the cost of your humanity. They'll be costs to this new system too. It won't be all rainbows and sunshine, but I think it'll be better than this gloomy smog ridden world we have now.

We live in a time where it's actually possible to have a functioning world with no kings. Personally, I'm tired of them, aren't you?

[forgetfreeman]

The infrastructure requirements around routing and switching equipment, transoceanic cables, and satellites mean someone not users has always been in control. Barring some form of anarcho-socialist mass movement around DIY long haul networking infrastructure this seems unavoidable.

The problem with the current system is the intersection of human nature and capitalism. Individuals have willingly adopted technology that aggressively surveils them in exchange for notional convenience and by and large are blandly unconcerned with the implications thereof. This also seems unavoidable as long as data collection and brokerage is permitted and profitable, and people value entertainment over critical thinking. This outcome was very accurately predicted by netizens when online advertisements first started popping up and a lot of time was spent wargaming what would happen if mass adoption lead to the net being a viable sales and marketing target.

After 35 years of observation I've had about enough of global communications systems and everything that comes from them. At this point there is very little one could say to convince me that the internet hasn't been one of our species largest fuckups.

[alisadev]

On one hand, I agree with you; The internet, in its current state, has probably more negative aspects to it than positive ones.

But, on the other hand, I don't think that I can completely ignore the good it has brought to the world. If a person is motivated enough, he can pretty easily navigate through propaganda simply by choosing to consume information from different sources (for example, reading about the us from both the us perspective and russian or chinese perspective).

Of course, the main reason there aren't many people who do that is both simple but also complex. People don't have enough time at which they aren't either exhausted from work or life in general; or stressing about something that has to do with capitalism (either money, wars, work and etc). So at the little amount of free time that they do have - they aren't going to challenge their beliefs (or at least, the beliefs of those who surround them); It's exhausting, and it's easier to just read the propoganda, feel better about yourself because a good propaganda always have someone else to blame - and continue with your day to day life (if one can even call that life; because to me it seems more accurate to call it "existence").

But in any case, what you've said reminded me of this post and how the internet positively impacted one person; so even though I doubt it'll convince anyone of anything - it's still a very heartwarming story: <https://jimmyhmiller.com/raised>

* English isn't my first language so I apologize if there's any grammar mistake.

[charcircuit]

>regulatory capture

It's not other operating systems fault that they failed to invest into security. They should try and catch up instead of blaming people for not trusting their security on "regulatory capture".

[godelski]

Buddy, you're on HN. No one is going to buy that bullshit here. Thanks for the laugh, but seriously, don't insult us like that again. We may be dumb, but not that dumb

[charcircuit]

Which is exactly why I have to advocate for it here. There are literally people on this website who think their operating is secure, but in actuality they are one curl | bash or npm install away from having all of their login credentials stolen. No matter how smart they think they are in being able to avoid malware, that strategy does not scale.

[sfdlkj3jk342a]

Bubblewrap containers to keep all of my environments separate on my laptop works just fine without giving up control to Google.

[raxxorraxor]

Your argument is not sensible as usage of curl | bash doesn't scale. Your argument is people should stay locked up to not be endangered through freedom. There is no intelligence found here.

[charcircuit]

>as usage of curl | bash doesn't scale

It is the easiest cross platform distribution method between macOS and Linux. It actually does scale in that regard which is why it is so popular.

People are not locked up. Apps and their secrets are. The idea that any app should be able to read the secrets of any other is not essential for user freedom.

[raxxorraxor]

Your argument is not sensible as usage of curl | bash doesn't scale.

[raxxorraxor]

Your argument is not sensible as usage of curl | bash doesn't scale. Your argument is people should stay locked up to not be endangered through freedom.

[account42]

You are also one lockpick away from having all valuables in your home stolen. So what?

[charcircuit]

And if competitor locks were unpickable it wouldn't be regulatory capture to require unpickable locks for people to store valuables in a home. Just because people got away with bad locks for many years, that doesn't mean we have to accept that level of security.

[hiciu]

> EU's planned system requires highly invasive age verification

EUDI wallets are connected to your government issued ID. There is no "highly invasive age verification".

We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.

You get it with the salts. When you want to prove you are 18+ you include salt for the "is aged over 18" claim, and the signed document with all the salts and the other side can validate if the document is signed and if your claim matches the document.

No face scanning, no driver license uploading to god-knows-where, no anything.

> to obtain 30 single use, easily trackable tokens that expire after 3 months

This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on. It is supposed to provide the "unlinkability". I don't feel competent enough to explain how those work.

> jailbreaking / "prevent tampering"

This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.

> You have to blindly trust that the tokens will not be tracked

This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.

Also we can't have a meaningful discussion without expanding on definition of "tracking".

Can the site owner track you when you verify if you are 18+? Not really, each token is unique, there should be no correlation here.

Can the government track you? No, not alone.

Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.

Can they lie? Sure.

Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.

Can they lie if you are using bbs+? Math says no.

[11mariom]

> Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.

It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.

Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".

And the best part… Age verification will not solve "children problem". I think it's parents problem to take care of their children, AV will be pretty easy to bypass - kid will just borrow ID for a moment and… voila! Govts (or some people) are creating problem and solution that do not exists.

I do not like way internet went, I do not like more way it's headed now.

[irjustin]

I'll bite.

> It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.

> Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".

Is this even actually possible? If you want any sort of identity verification you HAVE to trust someone, whether age or full ID. Literally impossible.

Zero trust systems in society don't work. If you don't care "who" then yes, zero trust is just fine... but then what's the point of "age verification"?

[kmijyiyxfbklao]

The whole point is that mandating websites to require age verification is more authoritarian than people are pretending it is.

[irjustin]

I was more responding to the part about not trusting your own gov cuz how do you build a system where you don't trust a central authority when identity is required.

I don't think it's possible.

[Hizonner]

You have to trust someone to verify age.

You don't have to trust somebody not to track how the resulting credential is used. And that is what "zero knowledge" means. It means that after you finish the protocol, nobody has learned anything but what they were supposed to learn (in this case, "the person at the other end of this connection is over 18"). If it leaks anything else about the person, it's not zero knowledge. If somebody learns which of the issued credentials was used, it's not zero knowledge. If parties can collude to get information they're not supposed to get, it's not zero knowledge.

It's a technical term of art, not some politician's bullshit. And it isn't complicated to understand.

[EmbarrassedHelp]

> This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.

The "open source" apps connect to proprietary backends run by a third party that you have to blindly trust. If EUDI wallets were truly open source and free from blindly trusting any authority, then you could simply remove that requirement and issue your own tokens without the use of potentially malicious third party.

[hiciu]

> issue your own tokens

I mean, you can. It's like with TLS certificates. The standard is there. The code is there. You can issue your own.

The question is, who will trust you?

[summm]

It is not at all like TLS. With TLS you at least can get your own certificate signed by an official CA, and use that private key on whatever system you want.

[hiciu]

It is literally TLS in a trench coat with some json sprinkled on top.

Where I think we are not in agreement the question of "who to trust" and "for what purposes".

Are you going to trust me when I tell you that I'm over 18 if I provide you with the document signed by my cousin, Honest Ahmed?

Are you going to trust me when I show you the document signed by my government?

(this is the trick question, you don't have a choice, law says you must; there's a list of who you need to trust and for what purposes; like a certificate root store in your browser)

[summm]

You forgot to mention the additional remote attestation shackles you put on that trenchcoat.

Note that I - as opposed to the posts parent - used an official trusted CA as an example.

TLS: I see your ID with some governments signature in your hand, I trust you to be you. EUDI: I see a note you wrote and I see some signed documents that you have just been to the government brain scanner, which attests you are not faking that note, and as a nice side effect the scanner scans other things in your brain, e.g. that you watch every advert diligently, send your current location regularly to your local police office and other things.

The problem is you are not creating a government issued single purpose device but you are confiscating something many user experience as a brain extension to be under the government's control as a whole.

[dwattttt]

> if I provide you with the document signed by my cousin, Honest Ahmed?

You surely mean Honest Achmed? He gets a bad rap: https://bugzilla.mozilla.org/show_bug.cgi?id=647959

[girvo]

> It's really not much different than what a banking app would require.

I can use my banking services through the web. Codifying the Google/Apple monopoly in law is gross.

[techpression]

In the context of world politics and the hunt for sovereign hosting etc it also seems incredibly weird to put all of EUs identity handling in the hands of two American companies.

For clarity, the US could over night make all European digital wallets nonfunctional by requiring app stores to remove them and have them uninstalled remotely (iirc there is such a feature but it’s very rarely used). Likely? No, still a very strange thing to put into law though.

[egorfine]

> I can use my banking services through the web.

Not for much longer. Stealing your data on mobile device is way too lucrative for the banks to pass on. All while pretending it's done for security.

[girvo]

Sadly true, while scammers run rampant regardless. It’s depressing to watch everything get worse.

[wongarsu]

Many banks have gone the way of requiring 2FA on an unrooted phone, but giving you a way out by also offering you 2FA via smartcard (using a smartcard reader and a bank-issued card). I suspect a similar thing could be done here, with the smartcard providing the trusted hardware/secure element?

[Hizonner]

> Government can track all salts for your tokens, site can collect all salts, they can compare notes.

That is not zero knowledge. Given that actual zero-knowledge systems are well understood, the only reason to deploy a system that allows that would be if you planned to abuse it.

[dcow]

What is your definition of zero knowledge?

[cwillu]

https://en.wikipedia.org/wiki/Zero-knowledge_proof

[dcow]

By this definition bbs+ signatures are ZK.

[randunel]

Zero knowledge in such a system requires a minimum of 3 independent parties. There are quite a few solutions out there, I think the most developed ones are online voting systems, because tracking and de duplication is essential.

[nullsanity]

The impossibly high bar they set "Perfect" at in order to make it the enemy of good, and fight against any progress being made to keep children out of adult spaces.

That being said, it's my personal opinion that I'd love to simply have my device store a token and send it to any site when requested. I'd then like those sites to give me toggles to remove all non-verified content - and therefore my internet experience could be sans-juvenile squeakers.

[andrepd]

Great comment all around but

> jailbreaking / "prevent tampering"

> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.

This is unacceptable. So much talk about independence from the US, you simply cannot make it a hard requirement to use the duopoly to be a citizen (as if it wasn't a quasi-hard requirement already)!

[spaqin]

Funny how they just handwave it like it's a totally normal thing, like the insane situation with banking apps. Most people don't care as they run with whatever's available without modification, but we still should fight for the right to run the code we want on devices we own.

[theodric]

Consider the car analogy: if you want to drive on public roads, you need to drive an attested, unmodified vehicle that complies with the relevant regulations. If you want to play around and modify the car, that's fine, but then you don't get to use it around other people. You're also not allowed to buy some random, unknown Chinese or Indian car and drive it on the road. People already accept this when framed as a safety issue. I suspect they care more about their cars than their phones, and won't care about the requirements on the phone anyway because they're not planning to modify it, and as long as WhatsApp and Instagram keep letting them exchange shopping list additions and pictures of vacation cocktails, then what's the problem?

To be clear, I'm not in favor of a participation-in-society ban for jailbreaking your phone, but there's already precedent for it.

[schroeding]

The analogy is a bit shaky IMO, as you can certify individual, heavily modified, foreign or even self-built cars in EU member states.

For cars, the local certification authority themselves decides what is road-worthy or not, not VW et al. You can add third party parts without the manufacturers consent. This is not the case for Android or iOS attestation, you're pretty much at the mercy of the foreign manufacturer and their local laws.

[theodric]

May I infer from your response that your quarrel is not with a central authority having the final word in what code you're allowed to execute on your own device, but rather that it should be the government and not a corporation signing the binaries that are permitted to run?

If you're expecting a perfect analogy, you're not going to find one. Law in its application also doesn't deal in exactness, but in generalities and vibes: that's why lawyers argue, and judges decide.

I'm familiar with the process for individually certifying unique and modified vehicles in several European countries. Invariably, the process is costly and onerous, which serves as a deterrent.

[andrepd]

Cars can and do kill 1,500,000 people every single year, equivalent to a jumbo jet full of people every couple hours, plus an equal number of crippled and injured, plus untold number of pollution deaths. That's a ridiculous comparison (if anything cars are not regulated enough). Who am I endangering when running microg on my phone??

[theodric]

I will continue advocating for the devil, then! These are the top bogeymen we need to thwart in order to protect...

-children and women, harmed through unregulated and unobserved communications enabling human trafficking and the spread of CSAM.

-social healthcare systems, harmed by enabling the proliferation of illegal drugs, which leads to the over-taxing of an already straining public good, reducing access to people who would need help outside of drug-caused issues.

-society at large, harmed by enabling drug-funded terrorists to trade in weapons and coordinate their destructive actions out of sight of law enforcement.

For your and others' safety, please leave your signing keys at the door.

[Confiks]

> This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on.

You're mistaken. SD-JWT with linkable ECDSA signature is the main mechanism. An unlinkable signature scheme is being discussed on the fringes of the EUDI-project (whether it be BBS+ or Longfellow) and very bare-bones support for Longfellow has been added to the reference wallet a month ago. However the Implementing Acts have no support for such a mechanism yet, and most member states will only implement ECDSA based mechanisms (SD-JWT and ISO 18013) for the foreseeable future.

It's therefore very likely the EUDI wallet and/or a age verification solutions will launch with issuer linkable ("easily trackable") signatures.

See also this thread: https://news.ycombinator.com/item?id=45363275

[deaux]

> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.

Most banking apps run on GrapheneOS, will this? Nearly all EU banking websites run on Firefox on Linux, will this?

Why did you not quote the App Store/Google Play Services part, which is much worse?

> There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.

I'm sure this will be as diligently carried out as GDPR enforcement. [0].

[0] https://noyb.eu/en/project/dpa/dpc-ireland

[summm]

> jailbreaking / "prevent tampering"

Now your EU government requires you to have an unmodified Google or Apple device to use any age restricted services. Cementing the US mobile OS duopoly and locking out any free systems and desktop etc. forever.

Any governmental service taking part in this is a violation of civil rights and even if you don't care about those, maybe you care about digital sovereignty.

This is so lightly handwaved away, almost as if attention needs to be drawn away. By the looks of this I'd say the end of general computing might be the actual goal, and all the age verification is just yet another "think of the children" pretense?

[hiciu]

I totally agree that one of the biggest vulnerabilities in EU digital ID scheme are US corporations :).

[summm]

At least that establishes that you don't care about civil rights :|

[ori_b]

*corporations in general

[lejalv]

> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.

Except the state is not a bank, of which there are many. The state is not optional, and trusting an American company with, of all things, the digital precondition for social existence, is suicidal.

[donmcronald]

> We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.

If the "18+ claim" can't be linked to your identity and doesn't have any rate limits, someone can set up a token-as-a-service to sell tokens on the black market.

> Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.

> Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.

How does the math say no? Big tech companies already log absolutely everything. What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?

> Can they lie? Sure.

Well, they've lied to us over and over when it comes to surveillance, so I think at this point it's reasonable to assume they're lying unless it's technically impossible. Where's the in-person key verification that used to be in Whatsapp? How do the authorities get notified when someone makes a poorly thought out joke using Snapchat private messages before getting on a plane? Why is there a war on end-to-end encryption?

We're going to pay a fortune for these supposed zero knowledge systems and that's what it's about. Select companies are going to get paid to issue tokens and the scale is going to create a few new billionaires.

The people in charge are going to gain a ton of power when they betray everyone and disenfranchise us.

[hiciu]

> someone can set up a token-as-a-service to sell tokens on the black market

They can! Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.

> What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?

> How does the math say no

BBS+ signatures. Hashes you receive from the government and hashes you send to the site operator are different and not correlated.

[gucci-on-fleek]

> Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.

So how would I use this on Linux then? Because I'd be rather unhappy if a bunch of websites became unusable on Linux due to government-mandated security restrictions.

My (Canadian) government's health portal already refuses to load if you use Linux (despite it being 100% web-based), meaning that I'm completely unable to book vaccinations or view procedure results without workarounds. Luckily it only checks the user agent, so it's pretty easy to override this right now, but that wouldn't be possible if cryptography/attestation were involved.

[theodric]

> how would I use this on Linux

Governments and businesses have already decided that it's fine to mandate that you own an unmodified smartphone made by one of the major manufacturers, so it's not much of a stretch to assume that they will also eventually require you to run an attested OS image made by one of the two major manufacturers. The fact that some run Linux internally isn't going to help your case: governments do a lot of things internally that you're not allowed to do. I used to watch cops in Amsterdam park on the sidewalk to go get a kebab, for example.

[Confiks]

> This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.

Indeed according to some (i.e. the Commission) it's supposed to, but they should know better. And many member state wallet developers do know better.

Play Integrity can easily be bypassed unless you want to exclude a very large amount of users – especially disadvantaged people using older phones – because there are many vulnerable phones in use by those users, and you only need one to build such an age attribute faucet.

See also this comment: https://news.ycombinator.com/item?id=45363853

[txrx0000]

> We are literally sending a request to our government's server to sign

You've already lost. You're at the government's mercy. They can simply refuse to sign.

"Mr. John Smith, we noticed you've published some poorly-worded comments online. Why are you locked out of your account, you say? Oh, that's just an unfortunate technical issue with our signing system, happens all the time. Anyway, this is a friendly reminder for you to improve your online etiquette. Have a nice day."

[MadxX79]

There's really two cases here.

You live in a democracy?

YES) the violation you describe is verifiable to a journalist. You publish story, and you keep the government accountable.

NO) Why are you even discussing if age verification is a good idea or not, you freak. It's not really up to you anyway. Go fix your country first.

[sunaookami]

You mean the journalists that are pro age-verification and pro banning everything that's slightly critical and constantly demonize everyone going against them?

[theodric]

Plenty of democracies in Europe and elsewhere regularly and repeatedly fail to actually represent the desires and interests of the citizenry, but they keep getting reelected anyway. Why should this time be any different?

[AdelaideSimone]

I'm sure they do fail, but at least they have the theoretical ability for citizens to more directly challenge crimes comitted by the government itself. Unlike the U.S., which removed it by statutes, most other common law countries, and all civil law countries, citizens retain the ability to force criminal prosecution (either by private prosecution or by appeal to a magistrate with proof a crime has been committed).

[theodric]

I have no idea what this has to do with the EU implementing age verification because politicians want it, and the powerlessness of EU citizens to arrest or impede the government's machinations. Feels Gish Gallopy.

What I can say that's at least tangentially relevant to the topic at hand is that I've lived for a couple of decades in both the USA and the EU, being a citizen of both, and have found Americans generally much more politically informed and involved. I find Europeans, particularly Irish, very well informed about U.S. politics that they are powerless to influence, and next to oblivious of anything going on at home. Given that Ireland has the EU Presidency right now and is choosing to use its bully pulpit to advocate for British-style draconian Internet regulation, that's doubly a shame.

[echelon]

Do you trust today's democracy to be a democracy tomorrow?

Never. Cede. Ground. You'll never get it back, and one day the rights will be gone.

[XorNot]

Age verification in Australia had like 70% popularity.

That is an astounding consensus in a system which regularly decides elections by 51%.

You're not getting mandated from up high: it is democratically enormously popular to do this.

[troad]

Australia has two major parties that agree on absolutely everything, and a virtually non-existent civil society. No true free debate can take place in such circumstances. The Australian government loves falsely claiming a popular imprimatur for policies that have never been properly debated or put before the people.

The only reason we have any rights left is because the Australian government is - thankfully - comically incompetent.

"Australia is a lucky country" is a quote every Australian knows. Few know the full quote: "Australia is a lucky country, run mainly by second rate people who share its luck. It lives on other people's ideas, and, although its ordinary people are adaptable, most of its leaders (in all fields) so lack curiosity about the events that surround them that they are often taken by surprise." - Donald Horne.

I encourage all my teenage countrymen to use as many social media apps as they desire. Mullvad is a decent VPN and you can pay for it anonymously. Freedom of speech and freedom of association are your human rights. No government gets to take them away from you.

[dns_snek]

That's a fallacy. You don't have any evidence to support the claim that this system of age verification is popular and more importantly, whether it would remain popular if people had a full understanding of how it worked and how it can be abused.

It might be popular to have age verification conceptually and only as long as it's only used "as advertised", which is not the same thing.

This is one of the biggest issues of democracy. As long as your propaganda machine is strong enough (and anti-privacy propaganda is one of the strongest) you can pass just about anything and pretend that society put on the shackles of surveillance and coercive control voluntarily.

People just submitted it. I don't know why. They "trust me". Dumb fucks.

[sapphicsnail]

Or you live in a democracy so you throw a fit until your government backs down. No amount of journalists is going to change the US or the UK at this point.

[raxxorraxor]

Didn't work for EU or US surveillance.

[Aurornis]

Thanks for posting this.

The inherent problem with all zero knowledge identity solutions is that they also prevent any of the safeguards that governments want for ID checking.

A true zero knowledge ID check with blind signatures wouldn't work because it would only take a single leaked ID for everyone to authenticate their accounts with the same leaked ID. So the providers start putting in restrictions and logging and other features that defeat the zero knowledge part that everyone thought they were getting.

[hiciu]

> A true zero knowledge ID check with blind signatures

That is not true and "true zero knowledge ID check" + "age verification" with blind signatures is what's being implemented by the EU ID project.

So someone's id leaks. It happens. In EUDI there are things called "cryptographic accumulators of non-revocation proofs". If your ID leaks it goes into the accumulator. Similar to the certificate revocation lists. During check, you include claims "im over 18" and "my id is not in the accumulator".

This is included in the standard.

This is also (I can only assume) one of the reasons why EUDI wallets require play integrity / attestation / secure element on the device. So your private key won't be easily leaked and no one can steal your ID.

[Aurornis]

You're assuming the leak was accidental, the person knows about it, and they didn't intend for others to use it.

What happens when someone sets up a marketplace where people can sell those blind signatures using their ID for $2 each? And then kids just pay $2 to have someone else blindly use their ID to validate the account, because supposedly the system is structured so that nobody can tell which ID was used or tie it back to the account?

[namibj]

E.g. the German ID card can all on it's own, just using a server certificate configured/parametrized for this and signed by the government, do a simultaneous pseudonym passkey mint and age gate check. That way you could easily block ID reuse; note that the passkey is locked to the card not the person as it's cryptographically derived from the pair of the card's private internal key, and the server's private key that goes to the certificate.

Access to this part of the card is secured by PAKE between the transport layer (TLS) encrypting and user interface providing NFC reader (for example phone with the app, or dedicated hardware) using a PIN.

[hiciu]

That's where the google play integrity / attestation comes into the effect.

In theory you cannot export your private key from the device (from the secure element), so for each $2 someone would have to quickly unlock their phone, scan code via the app and so on.

[coppsilgold]

Private keys from secure elements leak all the time. There will be a flawed implementation that someone exploits, an insider will smuggle a key out etc.

This is why true zero-knowledge systems for this sort of thing aren't practical and will never be. Because a SINGLE leak will break it and there will be no way to even detect it.

The attestation systems you reference don't even allow true zero knowledge attestation, they involve a trusted intermediary to convert your burned-in private key to a temporary key which you use for attestation with a third party.

And the temporary key isn't even a product of a blind signature. And it's rate limited. So if a service selling these temporary keys shows up they will be able to easily trace it to the burned-in key responsible - then revoke it and if possible initiate legal action.

This also means that whenever you register to a service using one of these schemes you are registering with your real identity, it's only a question of how hard and how many parties need to collude to extract it.

And in the event that they really do blindly sign tokens generated on your device, then their scheme will not survive adoption. As it gets adopted, the value of these blind signatures will rise and services that sell them will pop up. There will be no way of tracing the sold blind signature to the compromised/colluding device and rate limiting will merely necessitate a farm of such devices as opposed to a single leaked key.

*Note that Blind Signatures are Zero Knowledge.

[blackqueeriroh]

Can you tell me when a private key has leaked from the Secure Enclave on a iPhone?

[Confiks]

> That is not true and "true zero knowledge ID check" + "age verification" with blind signatures is what's being implemented by the EU ID project.

You are mistaken. In the EUDI wallet project, unlinkable signature schemes are currently being discussed among cryptographers and a month ago Longfellow very basic support for Longfellow has been merged into the reference wallet.

You're making it seem that unlinkable signatures are very established and the default, while they are not. They're not yet properly defined, experimental and mostly unimplemented by member states. Linkable ECDSA signature are currently the default in the EUDI wallet project.

[jajuuka]

I mean that's kind of a problem with ANY solution. There will be workarounds and ways to break it. There is no perfect solution outside someone standing over you while on the internet. We need to look at this more like age checks on porn sites and gaming platforms where you just put in a birthdate. Obviously someone can lie, but that point isn't to be a perfect wall but a hurdle to clear to make sure users are aware of the content and that any sort of nanny software to block if set up.

[Aurornis]

> I mean that's kind of a problem with ANY solution. There will be workarounds and ways to break it.

That's unnecessarily reductive.

Yes, every solution will have problems, but not all solutions have similar problems.

If a solution has problems such that it can be immediately reduced to security theater and bypassed by any teenager who cares, it's just extra hassle and privacy degradation for the rest of us.

These details matter. If a weak solution is regulated into law and the government discovers kids are easily bypassing it, they will immediately pivot into requiring more restrictions on it.

[jajuuka]

Extra hassle is manageable. Sites or programs that want you to put in a birthday are extra hassle but objectively better than something like submitting an ID. Privacy degradation is also manageable as well. It just depends on the solution.

We've had decades of age gating being "are you 18+ or not" yet it is only now that talks of something more enforceable are coming up. This discussion is largely about how one can create a sense of safety and protection. For the more extreme end it's face scans and submitting ID. Even though these are bypassed by any teenager who cares they are still being pushed seriously because it instills that sense of safety and protection for children. Security theater is just a part of managing the internet and not going away unfortunately.

[EmbarrassedHelp]

> age checks on porn sites and gaming platforms where you just put in a birthdate

That's the only solution that truly protects user privacy and security. Video games and especially mature content should not require age verification. People's lives can be permanently destroyed over perfectly legal sexual fantasies, and thus anything that increases the risk of the information being tracked is unacceptable.

[dogcomplex]

This specific problem is solved by requiring that any anonymous ZK ID once used for an account be marked on an immutable ledger preventing multiple uses of the same ID. Sharing it would be pointless as multiple attempts to use it get burned. Yet none of those sites know who you are, only that you have a unique valid ID pass. They just have to check any login attempts against that ledger - easy enough.

[donmcronald]

> They just have to check any login attempts against that ledger - easy enough.

So like CT logs, but several orders of magnitude bigger? I thought centralized TLS revocation lists failed due to scale. How will this differ?

[namibj]

Just crypto tie them to the server/site and let them do it, CRLs were an issue due to distribution to every device, not because of a hastable like sparse set structure being too much. Also this isn't every connection, but only every time you (attempt to) verify your age.

[StopDisinfo910]

> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".

The EUDI spec is tech neutral.

What the EUDI mandates is a high level of assurance under the eIDAS 2.0 regulation and the use of a secure element or a trusted execution environment to store the key.

[raxxorraxor]

my users .ssh folder is secure enough. Take it or leave it.

[Vinnl]

> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".

IIRC that was only for a prototype or reference implementation.

[KoolKat23]

I'm sorry to say it but the fact it bans jailbreaking/rooting your device really makes me believe "think of the children" isn't their real goal.

There's some clever kids out there but come on.

[chrishare]

Link?

[EmbarrassedHelp]

https://github.com/eu-digital-identity-wallet/av-doc-technic...

https://www.forbes.com/sites/federicoguerrini/2025/08/10/who...