Brussels launched an age checking app. Hackers took 2 minutes to break it

https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/

#HackerNews #Brussels #AgeCheck #Hackers #Security #TechNews #Vulnerabilities

Weekly output: Internet Archive, Roblox parental controls, Google travel-search tools, T-Mobile yanks free WiFi from United flights, Mark Vena podcast, talking to local user groups, AST SpaceMobile

LAS VEGAS–I’m typing this from a press room in the Las Vegas Convention Center barely three months after I spent too much time in that facility for CES. Credit or blame for this trip goes to a different Washington-area trade group, the National Association of Broadcasters. Tuesday, I will be moderating an NAB Show panel about the state of content creation that features two people who are better at Instagram than me: Juliana Broste and my fellow former USA Today columnist Jefferson Graham.

4/13/2026: Journalists Applaud the Internet Archive’s Role In Preserving the Public Record, Fight for the Future

A staffer with Public Knowledge e-mailed me a few weeks ago to ask if I would be willing to sign a letter supporting the Internet Archive’s efforts to preserve the history of the Web and possibly provide a quote about how I’d used the Archive. Having repeatedly relied on the Archive’s Wayback Machine to link back to my own past published work, I said I would be happy to do that–having already donated $100 to that San Francisco non-profit in January.

4/13/2026: Roblox Adds Account Restrictions for Younger Users, Expands Age Verification, PCMag

I attended a press roundtable Monday morning featuring some Roblox trust-and-safety executives, allowing me to enrich this writeup of the platform’s changes with quotes from that conversation.

4/15/2026: T-Mobile Grounds Free In-Flight Wi-Fi Benefit for United Airlines Passengers, PCMag

I had the dumb luck to see this change firsthand on a flight from Denver to San Jose Tuesday, then needed the rest of that day to get some responses from T-Mobile and United. The airline’s switch to free Starlink connectivity will fix this problem, but we are months away from that rollout reaching a significant fraction of United’s mainline fleet.

4/17/2026: Like It or Not, Google Wants to Be Your AI Travel Buddy This Summer, PCMag

I wrote up this post off an embargoed copy of Google’s announcement that we had to correct the next day because I had missed two of the finer points of this bundle of news. In my halfhearted defense, it is more work than you might realize keeping track of Google’s ongoing efforts to infuse AI into its existing services.

4/17/2026: How NTT Research’s Upgrade 2026 Helps Silicon Valley Get Ready for The Future, Mark Vena

My industry-analyst pal had do a quick video from NTT Research’s Upgrade conference in San Jose, Calif.–with that firm covering my travel costs–about some of its initiatives.

4/18/2026: 2026 Consumer Electronics Show and Lots More!, Potomac Area Technology and Computer Society/Osher Lifelong Learning Institute Personal Computer User Group/Washington Apple Pi

Despite that title–picked by the organizers at PATACS, pronounced “Pat-Aces”–I spent more time talking about other topics. Among them: my switch from Evernote to Obsidian just in time for CES, the sad state of tech policy in Washington, and my takes on self-driving cars and what’s befallen the Washington Post. As I have in previous appearances before these folks, I showed up with a bag of trade-show swag and gave away all of it.

4/19/2026: Blue Origin Rocket Launches, Then Loses AST SpaceMobile BlueBird Satellite, PCMag

I watched the third launch of Blue Origin’s New Glenn rocket on my phone as I was walking up to the security checkpoint at Dulles early Sunday morning, started writing up what I thought was a successful launch, then learned–via painfully slow inflight WiFi–that New Glenn’s second stage had failed to deliver AST’s mobile-broadband BlueBird satellite to the intended orbit. This is a real black eye for Blue that should outweigh its achievement in reflying a New Glenn booster and then landing it on a barge in the Atlantic.

Since Brussels has decided that parents are no longer able to keep their children in check, everyone has to identify themselves. Well, prove their age, that is. I wonder what the implications are for Mastodon instances and what approach should be taken when registering users...

I mean, The app verifies age, but the app knows who you are, and for what site it is validating and therefore privacy is in some extend violated...

Or should 'we' use VPN?

#mastodon #agecheck

Another huge shitstorm thread from British security researchers on Twitter[^1] about how the reference implementation of #EUDigitalWallet #AgeCheck published on https://ageverification.dev is “insecure”, while ignoring the tiny details it’s a REFERENCE implementation whose documentation literally say:

Pre-configured hosted services that allow you to test the Age Verification App and its core components without the need for complex local setup.

A production version would be hooked up to a respective national id database and therefore require no selfies etc.[^2]

The funny part is that a national id database is something that we don’t have in the UK[^3] because we instead made a choice to use commercial services from a private company Experian for the same purpose 😁

Also, you can clearly see that #Brexit did not only happen thanks to some red necks, as it’s often portrayed - British elites are also have a strong knee jerk response to anything that comes from the EU and violated “established truths” of their generation, for example the axiom that anything designed by a shitty private company is 100x better than anything designed by the “government”. I would honestly expect better from the generation of people who had actually lots of interesting things to say about cryptography and computer security in the past.

[^1]: https://xcancel.com/Paul_Reviews/status/2044436001611801072?s=20

[^2]: https://ageverification.dev

[^3]: https://krvtz.net/en/posts/in-defense-of-the-national-id-and-digital-id.html

@EUCommission statement on the #EUDigitalWallet #AgeCheck mechanism that has been subject to tons of disinformation. I recommend the whole statement, but just will quote the critical fragment:

Our solution builds on zero-knowledge proof: this means that when users want to access an age-restricted service, you remain in full control of your data.

https://ec.europa.eu/commission/presscorner/detail/en/statement_26_820

I’ve written more about its technical details here:

https://krvtz.net/en/posts/eu-digital-wallet.html

With some statist quislings hacking #agecheck into #linux distros and #foss software.

Is there anyone coding a tool to identify all the binaries as compromised?
#infosec #privacy #dataleak

I've read today that #SamAltman owns an #agecheck company and wants to implement it to #gatekeep access to #ChatGpt ...

...if this is true, Sam will singlehandedly do more to retard adoption of #Ai than millions of Neo- #luddites fighting #aislop with memes and literal nonsense.

But, I guess in one respect SOME neo-luddites were right, get you addicted to offloading cognitive load, then #monetise it hard.