this post was submitted on 10 Feb 2026
1633 points (99.5% liked)

Technology

81026 readers
5214 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1633
'What a great way to kill your community': Discord users are furious about its new age verification checks — and are now hunting for alternatives (www.techradar.com)
submitted 2 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
472 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ell1e@leminal.space 1 points 1 day ago (4 children)

I am referring to the EU Wallet age verification app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/ Sorry that I forgot to link it.

And just because it might beat PostIdent, doesn't mean it's sane to give up online anonymity for age checks everywhere. The EU claims the wallet will allow anonymous age checks, but if they ever tracked you, pretty sure you wouldn't know.

[–] bekopharm@discuss.tchncs.de 1 points 23 hours ago (3 children)

This is not how remote attestation works. It's the whole point of the age verification of the wallet that such meta data doesn't have to be stored. The data submitted is transparent and can be viewed before accepting the verification. It's in the core concept that this process is unlinkable and the goal is to implement this with ZKP (Zero-Knowledge Proof) mechanisms.

That is in the technical spec for this proposal. It is designed for exactly this kind of requested online anonymity.

Does this have to be watched? Absolutely Yes. What you're doing here is spreading FUD though without any proof whatsoever just because "iTs fRoM tHe gOv". Now I don't know your frame of reference and it's probably a good idea to keep a healthy level of mistrust in place but(!) the EU does a lot of things correct and I take this over any system designed by a private company that is definitely always only interested in our best: money.

[–] ell1e@leminal.space 1 points 20 hours ago* (last edited 20 hours ago) (2 children)

Here are my sources:

  1. https://pluralistic.net/2025/08/14/bellovin/ (I don't agree with every bit of that article.)

    In practice, the security and privacy guarantees of the CL protocol require two different kinds of wholly independent institutions: identity providers (who verify your documents), and certificate authorities (who issue cryptographic certificates based on those documents). If these two functions take place under one roof, the privacy guarantees of the system immediately evaporate.

    ("CL" seems to refer to a common zero knowledge proof algorithm.)

  2. https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/blob/main/docs/architecture-and-technical-specifications.md#332-enrolment-methods-without-existing-identification

    Technical Requirements: An Age Verification App shall support the following: [...] Request from the operating system a tamper-evident attestation of AVI properties

    (As far as I know, they mean device attestation with this where you no longer fully control your device.)

  3. https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/20

    The EUDI Wallet team is participating in a wider, EU-wide collective sleepwalk into a serious trap: You, along with the entire EU Digital-Identity movement, are hard-wiring the EU's civic governance to Apple and Google's hardware and software stack.

  4. https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/15

    Requires accepting "Terms of Service" to access basic functions of being a citizen. Your demo video shows you requiring accepting "Terms of Service" and "Data Protection Information" which I guess should really be "Privacy Policy".

Feel free to share your sources.

[–] bekopharm@discuss.tchncs.de 1 points 18 hours ago (1 children)

Feel free to share your sources.

The source is the technical spec. Read this yourself more closely!

Interoperability: The solution ensures seamless integration across diverse device operating systems, wallet applications, and online services.

And let's not ignore the demo part:

The white label solution will be implemented based on the open source EUDI Wallet Reference implementation libraries.

And yes it is good that people watch this carefully (and voice their concerns in a civil matter, which does not seem to be the case with most heated comments from your examples). But!

This is the very same with e.g. Let's Encrypt. Or a VPN 'service'. Or CloudFlare, that so many people love to hide behind.

What ifs. The spec does explicitly not allow exactly this and it's our job to investigate such providers closely and in doubt start and run trustworthy providers ourselves. And Let's Encrypt is again a prime example for something like this.

Oh and no nothing in the spec nails this down to Google or Apple alone. These are examples for smartphones for existing eco systems. I do not need a smartphone for e.g. AusweisApp and I will ask the same for E-Wallet because this is also in the specs (Interoperability) and explicitly not tied to some vendor specific eco system but to protocols and cyphers.

And this is where the next FUD may come in: TPM[1]. This does [also] exactly this: Device attestation and is a perfect candidate for regular PCs. That's probably just the next can of worms for you though and with this I'll end this discussion because even with plenty of What Ifs I do not see this solved from anyone in any better way - and again especially not from some company like Dis-fuckin-cord. This is exactly what a GOV exists for and they'd be sleeping on their job not providing digital ways for this very use-case.

[1] And just so that you may understand my POV on this: I demonstrated against TCPA back in the days. I can accept TPM tho. It's a rather useful compromise and something similar exists for most smartphone ALSO. That is a good thing because this is responsible for keeping e.g. password wallets private. Something the "oh noes, Windows requires TPM now" crowd never understood - and this is from a die hard Linux user for decades.

[–] ell1e@leminal.space 1 points 14 hours ago* (last edited 14 hours ago)

I disagree TPM is a good candidate.

And I think many of us reject the premise we should submit to any central id provider for half of the internet in the first place. There are less risky approaches: https://www.politico.com/news/2025/10/13/california-law-online-age-checks-00606115