[turbinemonkey]

    Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you're over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor's cloud. The EU's Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don't act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.

    The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.

Just another reminder of how we need to protect what we have in the EU (not a guarantee, but at least a chance of fair dealing and a sustained commitment to civic values). Now that the mask has fully fallen, we have to take every step possible to root out American influence.

[sidewndr46]

Isn't eIDAS the same technology stack that would put the government in total control of what websites you can view & what ones you can't?

https://en.wikipedia.org/wiki/Qualified_website_authenticati...

[turbinemonkey]

QWACs exist to provide a more stringent and user-accessible way to assert a website's identity, mostly to foil phishing and other exploits that regular certificate systems don't address well. Where does this cross into censorship at all?

[sidewndr46]

When the government decides not to issue certificates to websites they don't like.

[turbinemonkey]

Oh, stop. Tinfoil-hatting like this is how privacy and internet freedom activism gets a bad rap.

QWAC certs are only for "high value" sites: banks, government services, etc. They can only be issued by "Qualified Trust Service Providers" (e.g. digisign, D-TRUST, etc -- not governments), and cost many hundreds of euros. Your blog and mastodon instance and 98% of businesses just aren't affected.

People operating in "high risk" sectors that need access to payment infra (porn, drugs, etc) are, as always, going to have a hard time. That's a worthy conversation, but nothing about QWAC or eIDAS is about "the government not issuing certs to people they don't like".

[sidewndr46]

This is how total control of a platform always starts. Google starts with Android and just does digital signing for applications through their store. Until they achieve control of the platform, then suddenly you can't load your own applications without them signing it either.

Secure Boot is just a technology for those that need it, until Microsoft decides it's mandatory for everyone.

[gzread]

It's not really tinfoil hatting, EU countries already deny privileges based on political affiliation and so on. Germany shut down a Muslim cultural center for refusing to censor a speech by someone who came from Gaza, merely because of the fact they came from Gaza. Limiting government power is still something the EU needs - they're not all good.

[layer8]

It’s not the government that is issuing the website certificates.

[sidewndr46]

So who is issuing it then? Some private industry who can just silence anyone they don't like?

[Magnusmaster]

Zero knowledge proofs stops corporations from tracking you, but they don't stop the government from tracking which websites you visit. They also require hardware attestation for them to work, which means you will be only allow to use a locked-down goverment-approved OS for age verification, and that opens the door for the government to control the software running on every device.

[deaux]

> Just another reminder of how we need to protect what we have in the EU (not a guarantee, but at least a chance of fair dealing and a sustained commitment to civic values).

What you have in the EU is this: https://noyb.eu/en/project/dpa/dpc-ireland

> Now that the mask has fully fallen, we have to take every step possible to root out American influence.

You have literal rogue states in your union that neutralize the entirety of it, as the above shows. It's a joke. The EU is a joke. A single country is enough to mean US tech can do whatever it wants, similarly a single other country is enough to mean Russia can largely do what it wants.

The others are of course in on it too. Which is why for all the empty EU talk on US big tech you've never heard them talk about the Irish DPA and what they all enable. Strange right? Would think that this would be a priority. But it shows that even if the rest weren't in on it, just one country would be enough. And it could even be a tiny place like Luxembourg.

Laws and regulations aren't worth the paper they're written on if they're not enforced. The current ones aren't enforced at all, why would any new ones be? Did you know that there was a long period where hosting European citizens' PII on US-controlled servers (like Amazon instances in Europe) was illegal, after the "Privacy Shield" was deemed unlawful? No one cared. Did you know that this is currently the case again, because the thing that replaced it has once again had its basis ripped out from under it by Trump? Once again, no one cares, and indeed EU governments and corporations are _still_ making migrations _to_ US clouds.

Not that it matters, within a few years RN will be running France and AfD will be running Germany and you don't have to pretend any more as the "mask will have fallen" just as much.