Mastodawn

Since there’s a lot of discussion about age verification on various platforms - like Ubuntu’s Canonical[^1] I just wanted to highlight one that is the least lame and the most privacy-preserving in existence currently: Mobile Driver’s License (mDL) aka ISO/IEC 18013-5[^2]

Just don’t get misled by its rather confusing name and overwhelming amount of references standards, I’ve been digging through them for the last few weeks only to realise how much I have to catch up since I’ve last read eIDAS regulation in full around 2010. I plan a longer write-up on that subject but that’s going to take time.

The core idea of mDL is very simple and based on an old EU Qualified Electronic Signature (1999) concept of certificate of attributes:

A person controls a number of attributes for legal and commercial activities, such as their date of birth, social insurance number, gender, entitlement to ride a bicycle, a car or a tank, academic degree etc. Under mDL you control these attributes and they are PII under protected by GDPR.

Most of them are authoritatively stored by some kind of authority - e.g. bicycle or car licenses by driver’s authority, social insurance by respective agency, academic degree by an university etc.

mDL creates an API under which a third party - e.g. company employing you to drive a truck - can check that your license is actually valid. You approve this request and it allows the company to use the API at the respective agency. After that the approval is invalidated.

Most importantly, mDL allows for attributes that are simple boolean statements, such as “18+” and because attribute certificates don’t have to be attached to an identity, you can approve a simple website’s request “is this user 18+” without submitting your face, payment card or full personal details including date of birth. All information the website gets is cryptographically verifiable information “yes, this user is 18+” and nothing more.

There’s tons of EU regulation currently built around these standards, which are generally centered around the concept of EU Digital Wallet. The core ideas behind it is privacy protection, user control and revealing only as much details as necessary on need-to-know basis.

Because we had many “grassroots” campaigns in the past conveniently sponsored by US big tech companies to oppose EU regulations that impact their business models, I would expect the same to be unrolled against EU Digital Wallet at some points. Just remember, from their business point of view it’s much better for Google or Meta to get your face or payment card details rather than frustrating “yes, this user is 18+” attribute they can’t use for their behavioural tracking network.

[^1]: https://docs.walt.id/concepts/digital-credentials/mdoc-mdl-iso#a-step-by-step-guide-how-age-verification-works

[^1]: https://lists.ubuntu.com/archives/ubuntu-devel/2026-March/043534.html?ref=itsfoss.com

#EUDigitalWallet #AgeVerification #eIDAS #mDL

What Is a Mobile Driver's License (mDL)? Your 2026 Guide

Learn everything about mobile driver's licenses (mDLs). Discover how they work, key security features, and where it is offered.

Yoshi Jul 30, 2025

Die #EU wird in einigen Ländern nun eine App testen, um das Alter von Menschen im Internet zu überprüfen, wenn sie gewisse Webdienste nutzen wollen. Es ist einer der ersten Schritte auf dem Weg zu #EUDigitalWallet. Technisch ist solch eine Altersüberprüfung allerdings äußerst komplex und auch gesellschaftlich fragwürdig. Über den Vorschlag und die Hintergründe habe ich für @RadioCORAX mit @jtmuehlberg gesprochen:

https://radiocorax.de/die-altersverifikation-im-internet/

#altersverifikation

Denny Vrandečić Jun 26, 2024

I learned this week about the EU digital wallet. I am curious how this ties in, and whether it does, with the SOLID project? It seems to be rather aligned, but I couldn't find technical specs, and it would be neat if anyone of my friends knows anything about this and can give me a rough overview.

#solid #solidpod #eudigitalwallet #eIDAS