Keeping kids safe online is a top priority.
Today, the Commission has preliminarily found porn platforms Pornhub, Stripchat, XNXX, and XVideos in breach of the Digital Services Act for allowing minors to access adult content.
We鈥檝e also launched investigation into Snapchat under doubts that the platform has failed to adequately protect minors from harmful content, grooming, and illegal products like drugs and vapes. We also suspect that they have failed to verify users age sufficiently.
We say this loud and clear: online platforms are responsible for protecting minors, and they need to do more to deliver on this responsibility.
The full press releases:
馃敆 https://ec.europa.eu/commission/presscorner/detail/en/ip_26_722
馃敆 https://ec.europa.eu/commission/presscorner/detail/en/ip_26_723
@david @bjoreman @HennaVirkkunen that site somehow doesn't seem to work here. But in general, these proposals fail, because sites can regularly probe for age brackets. If you do this on a regular basis, you can figure out someone's birthday.
E.g. if 12 years is a bracket boundary, the day that age gets attested is the birthday of the kid. Even more likely because someone is more likely to check close after their birthday to unlock some site/functionality.
@david @bjoreman @HennaVirkkunen The problem with most age attestations is that you can work out someone's birthday by keeping track of past attestations. When the attestation changes, someone had their birthday, thus the attestation gives away information that someone might not want to reveal.
This gets worse with implementations with which you can test age brackets (different age brackets under 18, to allow some content).
@david @bjoreman @HennaVirkkunen Also, age verification is strongly detrimental to open source and your freedom to choose your OS.
Most implementations of 'anonymous' age verification require remote hardware attestation (eventually), because otherwise you can manipulate the app/process that partakes in the attestation.
Mandatory remote attestation is pretty much the end of free OS choice, because you running your own non-approved software will shut you out of services.
@david @bjoreman @HennaVirkkunen Age verification + remote attestation is big tech's pipe dream. Google can already shut out competing systems from phone NFC payments, because pretty much every bank only supports Google/Apple Pay and Google doesn't attest alt-OSes.
Remote attestation of websites would be another level, making it practically impossible to live outside the Google/Apple duopoly.
@david @bjoreman @HennaVirkkunen For these reasons, Europeans should outright reject age verification.
Yes, I know it is difficult when kids can pretty much access anything, but as parents we have to find better ways than those that further kill privacy and entrench big tech players.
@david @bjoreman @HennaVirkkunen
You are missing my first point, even if an age attestation method does not reveal the birth date, you can infer the birth date from it because some day the attestation will flip from 'false' to 'true'.
Second, Spain is piloting the EUDI Wallet for age verification, which will implement remote attestation:
@david @bjoreman @HennaVirkkunen At any rate, Mastodon is too short a format to go into the details of issues with ZKPs for age attestation, so some useful pointers:
Henna Virkkunen
Fredrik Bj枚reman
David
Dani毛l de Kok
