EU chief calls for a bloc-wide push on an age verification app to protect children online. If enforced, users will have to prove their age to access legally restricted sites.
From my understanding this age verification app seems to be based on the age verification blueprint they have been working on for a while now, which is supposed to be part of the European “digital wallet”
I get why this sounds better than websites directly collecting IDs, but I think it still understates the problem. Even if the site only sees “18+”, the system still begins with strong identity proofing somewhere upstream. So this is not really anonymous access, it is identity-based access with a privacy layer on top.
The bigger issue is centralization. You still need trusted issuers, approved apps, approved standards, and authorities deciding who can participate. That means users are being asked to trust a centralized framework not to expand, not to abuse its power, and not to fail. History gives us no reason to be relaxed about that.
I am also skeptical of the privacy promises. These systems are always presented in their ideal form, but real-world implementations involve metadata, logging, renewal, compliance rules, vendors, and future policy changes. “The website does not know who you are” is only one small part of the privacy question.
So even in the best-case version, this is still dangerous because it normalizes the idea that access to lawful online content should depend on credentials issued inside a centrally governed identity ecosystem. Today it is age verification. Tomorrow it is broader permissioned access to the internet. That is why I do not see this as a decent compromise, but as infrastructure for future control.
Also once they get their foot in the door, they can remove the privacy next time they want to unmask someone online saying “I support Palestine action”
From my understanding this age verification app seems to be based on the age verification blueprint they have been working on for a while now, which is supposed to be part of the European “digital wallet”
https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
From my understanding it works as follows:
This solution does seemingly address my two greatest concern with online age verficiation:
Assuming that this blueprint is followed, it seems like a decent approach at online age verification.
I get why this sounds better than websites directly collecting IDs, but I think it still understates the problem. Even if the site only sees “18+”, the system still begins with strong identity proofing somewhere upstream. So this is not really anonymous access, it is identity-based access with a privacy layer on top.
The bigger issue is centralization. You still need trusted issuers, approved apps, approved standards, and authorities deciding who can participate. That means users are being asked to trust a centralized framework not to expand, not to abuse its power, and not to fail. History gives us no reason to be relaxed about that.
I am also skeptical of the privacy promises. These systems are always presented in their ideal form, but real-world implementations involve metadata, logging, renewal, compliance rules, vendors, and future policy changes. “The website does not know who you are” is only one small part of the privacy question.
So even in the best-case version, this is still dangerous because it normalizes the idea that access to lawful online content should depend on credentials issued inside a centrally governed identity ecosystem. Today it is age verification. Tomorrow it is broader permissioned access to the internet. That is why I do not see this as a decent compromise, but as infrastructure for future control.
Also once they get their foot in the door, they can remove the privacy next time they want to unmask someone online saying “I support Palestine action”
-“You want to crack down on dissent? We got a token for that.”
Apple or something.