[pveierland]

I don't care for a limited and selective best-possible interpretation of a subset of measures viewed in isolation. The point is that a broader set of vectors are being used continuously to gradually ensnare and limit digital freedom.

This is not a misleading headline, this is a document from the European Parliamentary Research Service that calls out VPNs as a technology that may need to be moderated in order to enforce restrictions such as age verification.

https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...

As you are calling me out - specifically answer how restricting access to VPNs would benefit the freedom of thought, communication, and information within Europe, and not be something that - together with other measures - can help facilitate digital fascism.

[rufasterisco]

Ok, my answer was sloppy. Here’s what I meant:

1. Context is “EU digital identity”. For a decade EU asked researcher how to have a way to verify age only, without extra data leaking. They have a working solution, and it’s the one rolling out to EU citizens.

2. This document talks about VPNs because they have been bought up recently as “how to skip age verification tools”. It is a legitimate concern. Every EU citizen has/will-have a privacy safe wallet to prove age, users from other nations will not, EU minors can just VPN to nation X, and skip age verification.

3. The org producing this doc outlines that yeah, the above is true. It’s actually a balanced doc. Each of us would have written a different one, sure. I likely would have liked “yours” better, since I think we feel we share common values. I’m just saying i don’t thing it is misrepresenting reality. The doc targets eu legislators, likely not tech savvy.

This is not about restricting access to VPNs, this is about outlining that they exists, that they have an impact on solutions proposed for age-verification. Did it not exists, it would reinforce that eu votes on shot without having any grasp on what is at stake.

I actually agree with you: I see civic liberties under attack way too often (and try to contribute as much as possible to upholding them).

But by large, the EU has done a good job at upholding those freedoms. Repeated attacks on those freedoms have been rejected when it was time to vote (in the EU parliament!!!). This makes me confident in the process.

Yes, of course, we can always have “better”, but at some point calling out as fascists some legislators trying to understand what’s the relationship between VPNs and age verification seems to me as the opposite of wanting them to be better educated.

To precisely answer the “restrict access to VPNs”, no of course that’s not “good”. But I like the fact that EU legislator get to read that document, instead/on-top of some partisan mumbo jumbo from whatever news outlet.

[pveierland]

That is the exact point. A "best intentions" approach to e.g. solve age verification through a "privacy respecting" mechanism leads to the government mandating that only physical devices with the built in security verification mechanisms, as allowed via government approved signatures, would be able to run these age verification apps (because otherwise you could cheat the mechanisms). This is a direct attack on general purpose computing and facilitates digital fascism by requiring that all software is signed in a manner approved by the government (directly or indirectly).

This is not hyperbole - Android will be locked down in only 115 days [0]. Further, in order to enforce such an age verification mechanism, you will end up requiring all software to either account for why it would not need to be integrated, or integrate with such a government mandated mechanism. This introduces accounting, surveillance, and approvals for every possible use-case. How would an online forum dedicated to discussing political topics survive? They would have to prove that they are complying with such measures that increase the barrier to operate and ensures that any forum or other arena of interaction would have to be accountable and justify how they are verifying interactions within the bounds of these laws and mechanisms.

Further - beyond locking down devices you would clearly need to lock down networks and communication in order to enforce such restrictions - which leads to deeper and broader filtering / scanning / monitoring - and preventing workarounds such as VPNs to ensure that all thoughts and actions are within these government set bounds.

Further - it is essential to realize that the outcome of this is not the best case of a single measure - the outcome in many cases will be the combination of measures taken by many different governments across the globe that each cut away certain freedoms.

Again - this is not only about age verification or digital wallets - it is the continuous pattern shown clearly through a range of actions made over time by the EU to introduce client-side scanning, age verification mechanisms, locking down devices. It's not all in place yet, but it is certainly being aggressively worked towards. All of these mechanisms will directly facilitate digital fascism as it will literally become illegal to effectively read, think, communicate without it being inside the remaining allowed bubble set by the government.

Another post on the front page of HN just now is about France seeking to dismantle end-to-end encryption. It is then not about the best possible view of a single measure in isolation, it is that these measures will lock in digital fascism broadly unless you are able to see what they facilitate when combined.

[0] https://keepandroidopen.org/en/

[1] https://reclaimthenet.org/france-moves-to-break-encrypted-me...

[rufasterisco]

I think fundamentally we disagree on 1 principle, that "better" is the enemy of "good". This leads to choosing which tradeoffs to accept. And we are on the same side, to be clear. I want privacy. I also see what you mention, I just frame it differently.

Android being locked down is the worst case scenario: private companies makes rules, an update is pushed, no platform for discourse. It's also the standard business practice when you let companies implement solutions to "privacy problems": put some privacy preserving lipstick on a fredeom restricting measure.... Specifically: we (google et al) need to verify apps so that we don't let them to do bad things to you, like stealing your data and ... sell it in the very same predatory data ecosystem that we have built and that we sustain for profit.

On the other hand, the EU sees that a law has been mocked on the internet since day zero (you must be of legal age to watch porn), in due time (30 years?) this has an impact on society, and shit needs to happen because yes, this is how laws work sometimes: they limit freedoms. They have learnt from GDPR that delegating the implementation of laws to businesses is bad: they defang it and/or twist it so that the concrete result fits business needs rather than the principles established by law (as per above example: gdpr, ads). So, the EU finds its own tech solution, puts down privacy as a core value, ships down a EU wallet and says "this is the reference implementation".

I like this! It's not "perfect", but i prefer this 1000 times over "let Google verify my age".

It seems to me that the EU has done an excellent job: now that society (including actors in bad faith) is saying "we need to protect the kids", we can say yeah ok, here is the good way to do it. They actually thought about this years ago.

Now THIS SPECIFIC document is .... ok!!! Because it is NOT to be read in isolation, but within the context (my framing) of EU actually giving me laws and tools protecting me. Over decades. And I have seen plenty of attempts at breaking those, and plenty of EU votes bouncing back those attemps.

Overall, there are 2 possibilities (aka tradeoffs on better vs good) when freedoms are attacked. One (yours, as a understand it) is to say "this (VPNs, e2e, ...) is outside of the Overton window, just bringing this up is unacceptable/fascist". You have good reason to defend this approach, and it's ALSO thanks to you and other activists (hope this does not mischaracterize you) denouncing and rallying around these issues, shouting "fascists", that we got them revoked.

The other one (mine? maybe?) is to craft a response that exposes the faults at play, naming and shaming business interests trying to hijack age verification to provide them with business advantages (example in this case: internet in Spain "stops working" when there's a La Liga game, etc, I'm sure you know what i'm talking about).

The willingness to rebuke these attacks in debates can be a slippery slope (opening the window). And yet, in present times politicians wear "being shouted 'fascist' at" as a badge of honour and they manage to translate that into votes. There is a correlation that I see between "good" (argumentative discussing to convince) and "better" ("this is just not going to happen and we should not even discuss this because we have no room for fascism here"). Both are valid, going back to the beginnning we disagree on which to employ in this specific case.

All the above is about "framing", meaning a meta-answer over discourse. Also, let me be clear that I am not seeing you, or activists in general, as "mob shouting" by conflating that with lack of critical thinking, or ability to expose that. I have recognized that your position has value, but let me be clear on that :D

Now to tech details.

Locking down network is impossible as long as decentralization is possible. You ban VPNs? People start using TOR. They don't know and care, but in order to watch porn or sports, now they have better privacy protection across many other dimensions. To gain usage, interfaces becomes simpler. VPNs went from being a business tool to being a consumer tool precisely because companies started enforcing arbitrary rules. In order to get there you need to be easy to use, which makes their usage explodes, etc. Constraints, scarcity, or urgent needs drive innovation, so i don not see autoritative pushes vs tech-for-freedom as a zero sum game (probably an even better description of why we disagree?). Since businesses belong to the fabric of society, sometimes business rules goes into laws. And sometimes whatever a government thinks is ok goes down there, principles be damned. And yes occasionaly you get the guy that needs to go to jail, Prometheus-style. Clearly, Zimmermann. Arguably, Snowden. Provocatively, Kim DotCom. So yes, banning VPNs is bad, but isn't it true that we have this problem because everyone can just flip on a VPN at any given moment? Is this not a manifestation of a right that we have "acquired", in some sense?

In this context the EU has done, and is still doing the "good" thing: the EU wallet has not been assigned a budget and shipped over for development to Accenture or Oracle or any other private business. It has been given to open source researchers, and it leverages lessons learnt while building decentralized solutions. While "everyone" was busy scamming users with ICOs, the EU has taken an interest on Zero Knowledge Proofs. And EU bureaucrats have talked to nerds to understand if there is a way to have age verification and preserve privacy and make all the things that me (and you want). Because, EU has been a global pioneer in elevating data protection to constitutional/human-rights status. Data protection worldwide, in the past decades, rests on me and you worrying and "fighting between each others", but mostly on the EU listening to us and being a global pioneer in elevating data privacy to constitutional/human-rights status, via Article 8.

To flip you statement: the outcome of this is not the worst case of a single measure - the outcome in many cases will be the combination of measures taken by most forward looking governments across the globe that each protect certain freedoms.

sorry for the wall of text, i hope it was worth your time

[pveierland]

> And we are on the same side, to be clear. I want privacy.

I care about far more than privacy. These matters are about societal stability, the panopticon, societal robustness in cases of downturns or wars, the ability to counter the mass control capabilities of artificial intelligence - and much more.

> Android being locked down is the worst case scenario: private companies makes rules, an update is pushed, no platform for discourse.

Personally I'm blaming the lock-down on Android just as much on governments as I do Google, because I believe that they have failed greatly at finding ways to interact with modern technology. Instead of heaping ever more complicated requirements on the platform providers and issuing arbitrary fines, they could likely achieve much more by doing less - e.g. by saying "anyone must be allowed to run the software they want on the device that they own" and "when a person pays for a device they own the device" (I believe there are many other answers to this question that would scale far better than current approaches). Fundamentally, a big part of the problem is the many responsibilities and goals of the government where some of them run counter to allowing such freedoms.

> I like this! It's not "perfect", but i prefer this 1000 times over "let Google verify my age".

Personally I think this should be solved to a satisfactory degree by simply requiring anyone that wants to provide access to content that by law is age restricted to simply advertise this with headers similar to CORS that browsers must respect, such that the configuration of the browser blocks access to those not of age. It is then the responsibility of the parents to configure the devices of their children such that they cannot access age restricted content. It makes perfect sense to have a "child mode" for browsers and operating systems, where the person configuring the setup makes this determination without involving centrally approved systems. To the degree that such a solution would have workarounds I'm absolutely not convinced that the detriments of this is worth the additional costs on restricting the freedom of citizens.

> Now to tech details. Locking down network is impossible as long as decentralization is possible.

This is a plain incorrect view at scale. If the EU decides to either ban E2EE/require client-side scanning/require backdoors, then all major chat applications will have to adhere to this, and it will no longer be practical or possible to have an application like Signal installed on your phone. This means that when being investigated by the police, or e.g. when traveling and being searched, you will be breaking the law by having such an application and will by default be a criminal. The magical part of digital fascism is exactly that it is very effectively enforceable at scale. If you require all computers to only run software that is approved by the government, and you outlaw software that allow unsurveilled communication, then digital fascism allows you to enforce this to a previously unseen degree, exactly because you can prevent any computer from being allowed to run it.

These are quantum differences - not differences of better vs worse. They are also differences of societal and technological lock-in - as once you give up the ability to communicate freely you may never get it back. Right now; Tor, VPNs, Signal, are all legal to use within the EU. However, if you make them illegal and you enforce computers, operating systems, and networks to disallow them, then it becomes far more difficult for anyone to work outside the allowed bounds, both due to technical difficulty as well as criminal liability. This is digital fascism.