๐‘›๐‘ฆ๐‘•๐‘ฃ๐‘ธ๐‘ฅ๐‘ฉ๐‘ฏ๐‘ฆ | dษชsหˆhษ‘หmษ™nษช | ็•ฐ่ญฐใฎๅ…ƒ็ด  5d ago
Due to a certain somewhat recent brilliant UK and EU legislation, you may begin to see mandated age verification.
For those wanting to circumvent this stupid piece of legislation:
- If the service allows you to choose your own country (e.g. Twitter), a simple country change is enough without any need to tunnel your traffic elsewhere.
- If the service relies on linked phone number, unlink your EU phone number. If you use your phone for 2FA... Please switch to the more secure measures, like TOTP.
- If the service relies on GeoIP information (e.g. Discord), tunnel your traffic to a non-EU country.
Any of these actions will invalidate legal protections EU grants however, so unless you already have an isolated identity, or you live in a repressive regime with little rights to begin with, these would act more like the last resort.

Also, congrats to UK, Ireland and the rest of the EU for attempting to strip (pseudo-)anonymity for those who cannot risk to even let themselves known a little, let alone handing over their strongly-identifiable information just to prove "ooooh I'm an adult"! Or was it your plan in the first place, selling people from repressive regimes or under the pressure of such regimes out, and satisfying your achievement of police states? Either way, ๐Ÿ‘๐Ÿ–•๐Ÿ‘๐Ÿ–•

#united_kingdom #unitedkingdom #france #ireland #eu #europeanunion #onlinesafetyact #policestate #1984georgeorwell
Show threadKarcsesz  

@lumiere
I'm familiar with the UK matter and think it was terrible execution, but I might be out of the loop on the EU side. Which specific legislation do you mean? The one age verification-adjacent EU initiative I'm familiar with goes out of its way to ensure the privacy of the end user.

https://ageverification.dev/

European Age Verification Solution

Jul 28 at 5:37pmWeb
Show threaduis4d ago
@Karcsesz @lumiere I've seen UK stuff being referenced by @pluralistic, never heard about anything like that in EU.
Show thread๐‘›๐‘ฆ๐‘•๐‘ฃ๐‘ธ๐‘ฅ๐‘ฉ๐‘ฏ๐‘ฆ | dษชsหˆhษ‘หmษ™nษช | ็•ฐ่ญฐใฎๅ…ƒ็ด  4d ago
@uis @Karcsesz @pluralistic I'm currently tracking the bills and acts here. La France has the SREN.
UGC availability - Lightingale Docs

The master documentation of the Lightingale Community.

Show threaduis3d ago
@lumiere @Karcsesz Milonov probably is partying somewhere. Requiring passport in internet is his thing. He did it around 2018, so now everything requires phone number. And only (legal) way to obtain phone needs your passport.
https://en.m.wikipedia.org/wiki/Vitaly_Milonov
Vitaly Milonov - Wikipedia

Show thread๐‘›๐‘ฆ๐‘•๐‘ฃ๐‘ธ๐‘ฅ๐‘ฉ๐‘ฏ๐‘ฆ | dษชsหˆhษ‘หmษ™nษช | ็•ฐ่ญฐใฎๅ…ƒ็ด  4d ago
@Karcsesz For those living under/(under the threat of being) targeted by a repressive regime, they cannot afford even a single piece of strongly identifying information to be acknowledged to any third party, let alone an attestation provider of any kind under the current EU framework. Whether EU's current proposal "protects privacy" or not is an invalid question, as any piece of legislation that requires them to hand over identifiable data, with zero-knowledge proof or not, be it in active enforcement or potentially enforceable, spells doom to them regardless.
Discord is rolling out age verification per UK's "Online Safety Act" currently, while Twitter also includes all of EU, likely in preparation to deal with the ongoing proposal. Personally I have already changed the country of my Twitter account to US/Canada, as "Lumiรจre ร‰levรฉ" is already an isolated identity without much to trace on, which I can easily afford to do; similar story to Discord. However, if the Fediverse instances begin to enforce the same, especially any of the pony instances (EQS, Hooves), I will quit Fediverse until they're no longer required.
Show threadKarcsesz  4d ago

@lumiere
With all due respect "is over/under 18" would only cut the pool of potential people a given profile matches by ~80% absolute worst case (if a person is under 18) and ~20% otherwise.

It's not nothing, but in my opinion, the positives of being able to *for sure* verify that you are over a given age outweigh the tiny amount of information leaked to the party requesting verification. You share more specific information through usage habits.

The attestation providers would be government entities who already know everything they need about you since you are a registered citizen with an ID.

I know this is a bit of a fallacy, but the EU has also been pretty good at not being a repressive regime. I'd rather trust them with this job than some random 3rd party.

Show threadKarcsesz  4d ago

@lumiere
Minor correction: the attestation providers would be entities who already have access to the required information. Government entities are just one of the options.

"Collaboration with established APs: The solution engages institutions capable of mass-issuing Proof of Age attestations, such as banks, mobile network operators, and governmental population registers."

Show thread๐‘›๐‘ฆ๐‘•๐‘ฃ๐‘ธ๐‘ฅ๐‘ฉ๐‘ฏ๐‘ฆ | dษชsหˆhษ‘หmษ™nษช | ็•ฐ่ญฐใฎๅ…ƒ็ด  4d ago
@Karcsesz You seem to not get the problem I raised. It is not about whether a person is above 18 or not, but rather them handing over their own strongly identifiable information to a third party in the first place. Unless it's some roundabout proof that doesn't collect an individual's biometrics and their other identifications in any way (Maybe choosing a random subject on the difficulty of university entrance exams? Just an example, could be pretty bad.), there is always the risk and danger associated with it that makes it unapproachable to those who cannot afford to let any piece of their own information get out.
Let's not forget that due to UK and EU's general lack of Internet censorship until recently, they are prime destinations for those lacking (relatively) unrestricted Internet access building their tunnels to... Belarus, Russia, Egypt, China, Kazakhstan, Turkmenistan... The list goes on and on. If people under these regimes want to access content deemed "unfit for children", then what? Provide their government-issued ID to these entities, who may or may not have business relations or infiltration to their own countries that can very much endanger them for their circumvention of censorship? The diversity of attestation providers just adds more weak points for these repressive regimes to infiltrate and detain. And if they're a dissident, give these regimes an attack vector to trace them down? If there's an option that says "I'm not an EU/UK citizen", how is it going to be designed that doesn't submit any identifiable data while not getting exploited by "children", and does that have any difference from tunnelling traffic out of EU, which doesn't need to bother with this problem in the first place? Does people from repressive regimes just deserve to be sold out with it?
There are also concerns that once this is in place at all, there will also be future plans to censor other pieces of information. I'm not interested in that this time, since if that happens I guess I'll add EU into my bag of problems to deal with as well; I doubt EU can exceed what other ones on my list can do. Trusting a regime and not reigning it in is among the most dangerous things that can happen to a democratic/non-repressive regime.
Show threadKarcsesz  4d ago

@lumiere I see! Hmm...

This *is* an angle I didn't consider. Fair point.

I could imagine some sort of "digital refugee" program that could act as an attestation provider to certify people who aren't EU citizens but need to masquerade as one. Though you're right, it's definitely not going to be easy to secure this avenue so it doesn't get abused while ensuring the users' safety.

I feel that these issues are only going to be truly problematic once they lead to legislation mandating the use of this framework. Having this system in place *as an option* would be a net positive, since otherwise you'd have to send a selfie or your ID to... let's say Discord to get your account back after you get wrongfully banned for being underage.