Seeding
UK approach was to seed foreign intelligence agencies and criminals with British people personal data.
EU waves through open source age-check tool to keep kids safe online
The European Commission has recommended EU member states adopt an age verification app designed to protect children from harmful online content. In an announcement, the EU’s executive branch said it had approved the roll-out the technology, which member states can deploy as a standalone app or integrate into a European Digital …
-
Wednesday 29th April 2026 12:22 GMT Groo The Wanderer - A Canuck
Sounds like the EU has provided a base far more sane than trying to bake the verification into the operating system like some American states are proposing.
You simply can not allow such information and applications to potentially interfere with the normal operation of an operating system, especially during login. It goes far beyond a "nanny state" mentality, and I see no reason for the USG's approach to things other than a desire to have the hooks in place for embedding backdoors and remote shutdown commands.
-
Wednesday 29th April 2026 12:53 GMT Anonymous Coward
> "You simply can not allow such information and applications to potentially interfere with the normal operation of an operating system, especially during login."
Not on mobile you can't. The vast majority of mobile users already can't use their devices in way that manufacturers and/or OS vendors don't intend.
If this remains easily bypassed on desktops/laptops, it's not unreasonable to worry that governments could up the ante and require identity verification be overseen by a system's TPM.
The end goal is for every user to be identified in everything they do. The identity fetishists in government pursue that because they're control freaks. They'll gladly be helped by Big Tech, which has a far more practical and widespread use for identity: advertising. The latter is far greater of a practical threat for most users. While government surveillance is objectionable to free people who are doing nothing wrong, it has far less an impact to daily lives than the pervasive data harvesting and manipulative advertising pushed by Big Tech.
Age verification starts with things that nannies can easily rail against: porn, gambling, social media, etc. The next step after that is "making sure you aren't a bot" which will be coming if identity verification isn't stopped in its tracks. Just wait for John Q. Public to get frustrated with "bots" and he'll gleefully activate the Google-provided identity verification app. Google will happily suck up his data and keep him constantly dosed with manipulative crap.
-
Wednesday 29th April 2026 16:22 GMT ThatOne
> The next step after that is "making sure you aren't a bot"
I don't see why bot makers wouldn't create fake age profile for their bots. Even if it means using some fake ID papers (I doubt they will be double-checked, especially if they pretend being issued by some foreign country - Too much hassle and too expensive).
The whole thing is just a feel-good marketing operation with little practical impact. Naughty underage kids will just use grandma's (or some adult sibling's, or some friend's) credentials to verify their age. A mild annoyance at best.
-
Wednesday 29th April 2026 16:56 GMT Jellied Eel
The whole thing is just a feel-good marketing operation with little practical impact. Naughty underage kids will just use grandma's (or some adult sibling's, or some friend's) credentials to verify their age. A mild annoyance at best.
But this is just the beginning, and social conditioning to get people used to a nanny-app. The Greece digital minister has announced that he wants to remove anonymity for all Greeks and force all online (OK, 'social media') posts to be from real, verified names. This is the way the EU often works though, so get one member state to be the trojan horse, claim a success, then force it onto everyone else. Sad thing is the Greeks pretty much invented anonymity, along with democracy and realised that it allowed for more free & frank discourse. But that's what the EU wants to prevent. No more asking von der Liar where the Pfizer text messages are. And of course our 'leaders' will exempt themselves from these rules because they need to be anonymous when they're hiring, I dunno, Ukrainian rent-boys.
-
Friday 1st May 2026 17:50 GMT ThatOne
> This is the way the EU often works
Aw come on, this has nothing to do with the EU. All, I repeat, all governments just dream of keeping tabs on the Great Unwashed, to prevent them from getting any unsavory ideas like voting for someone else. China is the role model everyone would love to emulate.
-
-
-
-
Wednesday 29th April 2026 14:45 GMT OhForF'
much more sane than American states
If i understand what the app does it only proves whoever provides the age check to some web site has access to an app where someone not necessarily the current user of the app) previously enrolled and passed using one of the supported age verification methods.
It is of course totally impossible that someone sympathetic would enroll on their younger friends mobile so the system is 100% secure. /s
-
Wednesday 29th April 2026 20:41 GMT FuzzyTheBear
Yes. Don't touch the OS , leave it be. If there's anywhere you need to check it's the application that accesses the websites/content. My approach is to educate the kids . If they want they will find a way to cheat and access the content, The decision has to be theirs, The " think of the children " is par with trickle down economics .. it's bull .. Take the time to educate , i believe the kids will find their own way and impress us .
-
-
Wednesday 29th April 2026 12:29 GMT Anonymous Coward
Smartphone + App Store Required == No Privacy
Europe can publish all the code it wants, but it's laughable to call this privacy preserving when the platform it runs on isn't.
It's a problem even as a standalone app. Integrating it into a nationalized wallet app (I feel gross just typing that) compounds the problem.
-
-
Wednesday 29th April 2026 13:03 GMT Anonymous Coward
Re: Unbreakable security?
Already happened.
Politico: Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.
"Within hours of the EU’s app release, security consultant Paul Moore found it would store sensitive data on a user’s phone and leave it unprotected, he wrote in a widely shared post on X. Moore claimed to have hacked the app in under 2 minutes."
"Baptiste Robert, a prominent French white hat hacker, confirmed many of the issues and told POLITICO it was possible to bypass the app’s biometric authentication features, meaning someone would be able to forgo entering a PIN code or using Touch ID to access the app."
-
-
Wednesday 29th April 2026 13:25 GMT Anonymous Coward
Re: Unbreakable security?
Yes.
Extremely personal data should not be stored in an accessible format on a device's filesystem. That's really bad.
It's also not unreasonable to harden sensitive functions against anyone who might have access to an unlocked device. If the goal of this is to prevent kids from seeing a nipple, it's not unreasonable to secure it against the kid who might be handed dad's unlocked phone, or who might be able to guess dad's device PIN because it was reused, say, perhaps from an electronic lock on the family's house door.
It speaks very poorly of the lack of thought which went into this app when developers didn't consider several of the most basic threat scenarios.
-
-
Wednesday 29th April 2026 14:05 GMT Jellied Eel
Re: Unbreakable security?
If the kid is handed Dad's phone by Dad, then that's the parent's choice.
I'm not a mobile developer, but risk seemed to be that users could access the app data, and modify it to bypass the illusion of security. So from the Politico article-
Baptiste Robert, a prominent French white hat hacker, confirmed many of the issues and told POLITICO it was possible to bypass the app’s biometric authentication features, meaning someone would be able to forgo entering a PIN code or using Touch ID to access the app.
Then because data can be edited, could that also be moved? So get Dad's phone, rip the authentication data to kid's phone, then kid shares that method & 'authenticated' file(s) with other kids.. Which if it's possible, kids will do. Then because it's supposedly a zero-knowledge proof system, back-ends won't know that kid is not dad, and dad doesn't have 1,000+ kids, all using the same credentials.
But then this is almost certainly just a (super)state sponsored trojan to get an app onto people's devices, then because of insecurity, expand the scope into a full-blown digital identity system that becomes 'essential' to get online. I mean if AlphaGoo and Apple already have mobile based mass surveillance systems, why can't the EU? Won't someone think of the children!
-
Wednesday 29th April 2026 14:21 GMT Anonymous Coward
Re: Unbreakable security?
Theoretically.
And theoretically, attackers shouldn't ever have access to password hashes, either. We salt them and hash with Argon2 as additional protection should other security measures fail.
That storage area is accessible by the operating system. It also becomes accessible when other security measures fail. Plenty of examples.
An app this sensitive should have been designed from the ground up with defense-in-depth. The EU didn't consider this, which tells us they didn't have their best people working on it.
-
-
-
-
-
Wednesday 29th April 2026 14:08 GMT Anonymous Coward
Re: Unbreakable security?
Loving his latest clapback against another age verification proponent who stupidly writes:
"We already effectively have digital ID - everyone's digital footprint is tracked all day, every day, only at the moment the only people who benefit are the social media platforms and tech giants who harvest our data and use it to line their coffers. The main thing is to protect young people from these unscrupulous vultures, who refuse to take any responsibility for the harms they cause. @LauraTrottMP and @KemiBadenoch have six children between them, and so understand perfectly the need for these protections, as do most parents. This is a pathetic and lazy argument against enforcing basic online boundaries for minors." - @WestminsterWAG
Just because she signed up to be digitally stalked by Big Tech doesn't mean everyone wants to.
The framing here speaks volumes: the identity mongers are telling us digital ID is inevitable because they've already accepted Big Tech surveillance as an inevitability, when it's not.
She doesn't seem to get that opting-in to Big Tech digital surveillance is a choice. Choosing not to might be inconvenient at times, but it is a choice. I won't be letting Big Tech deploy a geolocated identity device in my pocket 24/7.
-
-
-
-
Wednesday 29th April 2026 14:11 GMT Tron
A mobile app working on a PC?
It's bad enough I have to fart around getting a text when I spend a tenner on ebay now. Do I now need a smartphone to use a PC? That is barking.
Why not just ban kids from using the internet and mobile phones entirely? It would be easier, cheaper, and simpler. If it is so dangerous, they can use it when they are old enough, and not before. Or is this just another Chinese-style ID grab.
-
Wednesday 29th April 2026 14:21 GMT SomeRandom1
Re: A mobile app working on a PC?
Not just Chinese - it's every Government. They all want to know everything about you.
We're approaching the end of capitalism, when the poor have no option but to revolt against those rich enough to be in control. They're desperate to prevent that, and the only way is to exert absolute control over everyone so the revolution can be held down.
All those dystopian novels are being used as guides to shape the future...
-
Wednesday 29th April 2026 15:04 GMT Anonymous Coward
Re: A mobile app working on a PC?
Brave New World, not 1984.
The plebs will be controlled through their pleasure. That pleasure will be delivered through digital services and entertainment, which are light on resources. Physical resources are reserved for the new ruling class.
If you don't want to be happy following $MEGASTAR on Facebook...well, then you lose out on the pleasure. Resources, however, will be quite costly and out of reach.
-
-
-
-
-
Wednesday 29th April 2026 21:24 GMT Anonymous Coward
Wondering who is downvoting this. They should check the headlines.
Greece to ban anonymity on social media
The moron minister actually said that Big Tech likes anonymous speech, apparently clueless how targeted advertising actually works or why Mark Zuckerberg's personal net worth is nearly as large as the GDP of Greece.
-
-
Wednesday 29th April 2026 17:05 GMT Anonymous Coward
Will rooted phones be banned next?
Serious question..
Will this age verification app refuse to work on a rooted/jail broken device?
I've owned several rooted devices and I used to modify the advertising ID in the shared preferences of apps to throw off their tracking.
Will using a rooted device keep the user from doing anything that requires age verification?
-
-
Thursday 30th April 2026 00:26 GMT Anonymous Coward
Re: Will rooted phones be banned next?
"You can reset that quite easily on any Android device."
I'm the OP and my post wasn't necessarily about changing the advertising ID but more about the low-level access you have on a rooted device (such as being able to modify data in an apps protected shared preferences.) and how that would effect the age verification app.
But back when I was playing around with the advertising ID's of individual apps I was on Android 5.0 (Lollipop) and I don't know if there was the option of changing or deleting the main Google advertising ID in settings back then. I did a brief internet search but couldn't find when that option was added to Android or if it has always existed
-
-
Thursday 30th April 2026 08:03 GMT Size10
Why prove you're an adult?
Just a random thought here, but why do all of these 'protect the children' measures mean that people are forced to prove they're an adult. Surely it would make more sense for these devices/mobile Internet providers to allow some responsible adult to say (without evidence) that this is a child?
Then the device could provide this data to sites/apps/whatever. Bake it into the os if you like - account.isChild=true or dob=xx/xx/xxx... Sure, it could be worked around by someone with a strong enough will to do so, but the protection is there if Maude Flanders needs to use it, and the people can remain free.
-
Thursday 30th April 2026 15:57 GMT Jellied Eel
Re: Why prove you're an adult?
Just a random thought here, but why do all of these 'protect the children' measures mean that people are forced to prove they're an adult. Surely it would make more sense for these devices/mobile Internet providers to allow some responsible adult to say (without evidence) that this is a child?
Because politicians treat us all as children, and age verification is just the excuse to impose more surveillance and the threat of social credit.
Then the device could provide this data to sites/apps/whatever. Bake it into the os if you like - account.isChild=true or dob=xx/xx/xxx.
I think it could be easier than that. I have several broadband connections and mobile phones. To get those, and get online, I had to sign contracts. Children can't do that. So my very existence online is some proof that I'm an adult, in body if not spirit. But then I've also been adopted by my partner's kids, and they have phones and use my Internet connection when they're over. Their mother signed contracts for their phones, and gets the bills, which show some usage. They also get their pocket money paid into accounts so they have some ability to buy apps, and spending can be tracked to a degree.
Then as responsible adults, we teach them to become responsible adults, so online safety and playing nicely with others. Their school also does this, and teaches them about the dangers of online stalking & grooming, and not harrassing people. As responsible adults, we don't need the State to nanny us. And because kids can't (or shouldn't be able to contract), phones like this exist-
https://www.vodafone.co.uk/mobile/pay-monthly-contracts/hmd/fuse#features
Parents get real-time app management, live location tracking and history, and help to protect against explicit content with HarmBlock AI.
Which seems to be a generic Android with the app pre-loaded. Google's Family Link also exists, and we use that. Admittedly under some duress because Google, and Apple has a similar system. So it's up to parents to be responsible adults and manage their kids.. Which is already the legal position. So the tools already exist, but not all adults are as IT-savvy as us, so there's some scope to improve Apple & Google's apps.. But there's no need for an EU-App to surveil both kids and adults..
Except the EU (and UK) seem desperate to do this. So Greece-
https://www.euractiv.com/news/greece-to-ban-anonymity-on-social-media/
“The major problem behind anonymity is toxicity – anyone, especially on social media, can smear an individual and carry out character assassination without facing any consequences,” he suggested.
Which is a lie. So-
https://www.bbc.co.uk/news/articles/cy4145vexypo
The court heard how he repeatedly messaged contacts on neo-Nazi groups on Telegram to set up the purchase of a gun.
Online anonymity doesn't exist, and never really has. If a nutjob comes to the attention of TPTB, they can and will be prosecuted, charged and jailed. And-
Pavlos Marinakis, the deputy prime minister, clarified that the intention is not to abolish pseudonyms but to ensure that every profile corresponds to a real person. He did not, however, rule out extending such measures to the wider internet – including signed online articles.
Every profile already corresponds to a real person. If I post something illegal here, TPTB can easily identify the real person that is me. It can also do that anonymously, ie I need never know that some nutjob might have reported me, I've been given the hairy eyeball and NFA required. So the real issue is giving TPTB the resources and legislative framework to investigate assorted nutjobs.. Plus oversight to make sure those powers aren't abused. Those pretty much already exist.
So the creeping (and creepy) surveillance extension is unneccesary. Sure, laws have made TPTB's life more complex, ie legislation specificying fairly nebulous 'hate speech'. So maybe I could get fined or jailed for saying Marinakis smells of elderberries. Or hypothetically is in the pockets of big tech. If Marinakis wanted to report or sue me, he can. If it's a civil case, he can still obtain my real identity. No app required.
The 'clarification' regarding psuedonyms is also entertaining, and a general issue wrt online identity. I'm obviously not Jellied Eel, but it's enough to identify me here. Marinakis probably is Marinakis, except when one of his staffers might be posting something using his account, and hopefully they're authorised to do so. But if ID becomes compulsory, then names aren't UIDs, so Pavos Marinakis might become Marankis1233. No idea how common that name is in Greece, but because our names aren't unique, they can't identify a person anyway. Marankis1233 might have a blue tick, but we need additional context to know if that's really the DPM.
So all a bit pointless, except to extend state surveillance and suppress civil discourse. But then the Greeks pioneered anonymity for stuff like voting. That's been extended to things like meetings held under 'Chatam House Rules', because as a society, we know (or knew) that the ability to speak freely, or without fear of retaliation was a GoodThing(tm). Where anonymity has been stripped away, and citizens encouraged to report or denounce their neighbours, bad things have usually followed. But the EU is slow-walking us into that kind of fascism.
-
Thursday 30th April 2026 18:09 GMT Anonymous Coward
Re: Why prove you're an adult?
> "Online anonymity doesn't exist, and never really has. If a nutjob comes to the attention of TPTB, they can and will be prosecuted, charged and jailed."
Tor would disagree, but that's the edge case.
> "Every profile already corresponds to a real person. If I post something illegal here, TPTB can easily identify the real person that is me. It can also do that anonymously, ie I need never know that some nutjob might have reported me, I've been given the hairy eyeball and NFA required. So the real issue is giving TPTB the resources and legislative framework to investigate assorted nutjobs.. Plus oversight to make sure those powers aren't abused. Those pretty much already exist."
Wouldn't say "easily." John Q. Public knows how to use a coffee shop even if he can't use Tor. As long as he leaves his phone elsewhere, and doesn't pay with a card, it can become a bit hard to even identify him as one of the people who could have been on the public WiFi, let alone which one wrote the comment. But that raises another important point: when there's a compelling reason, they can generally find most people if they really have to.
Eliminating anonymity eliminates the friction which helps prevent the weaponization of overbearing law enforcement in trivial matters. Police exist to fight real crime, not scare the crap out of people who said something an MP or nosy neighbor didn't like (and probably exaggerated in their complaint). Do we really want the police playing the role of forum moderator, but with arrest powers?
-
-
Friday 1st May 2026 09:57 GMT Anonymous Coward
Re: Why prove you're an adult?
Fake stats.
The 12k UK figure includes actual crimes like harassment and death threats, while the China/Russia numbers are basically made up since those regimes don't publish transparent data on who they lock up.
https://pa.media/blogs/fact-check/fact-check-international-data-on-online-comments-arrests-not-comparable/
But of course, looking at your previous posts, facts don't fit your Trump/Tommy Robinson fascist agenda, do they?
-
Friday 1st May 2026 10:19 GMT Anonymous Coward
Re: Why prove you're an adult?
As you love Trump, are you American?
To add to the previous persons reply, here are some examples of Americans also arrested for "just posting online", using the same criteria you are using:
US Arrests for "Online Posts" (Recent Examples):
Marcos Olvera (2025): Arrested in San Antonio for an X (Twitter) post stating "we need to kill the mayor." - Charged with: Terroristic Threat.
Jeremy Fistell (2025): Arrested for sending death threats via email to a New York City mayoral candidate. Charged with: 22 counts, including Hate Crimes.
Kendall Todd (2025): Arrested in Florida for social media videos threatening the President with a chainsaw. Charged with: Threatening the President.
Apopka Suspect (2026): Arrested for sending threatening online messages to the Mayor of Apopka. Charged with: Written Threats to Kill or Injure.
New Jersey Resident (75 y/o): Arrested for a Facebook post threatening to burn down a Mayor's house over taxes. Charged with: Terroristic Threats.
Cincinnati Teens (2024): Multiple arrests for posting violent school threats on social media. Charged with: Inducing Panic.
Source for Global Internet Freedom Rankings (2025):
United Kingdom: 76/100 (Free)
United States: 75/100 (Free)
Russia: 17/100 (Not Free)
China: 9/100 (Not Free)
Full Report: freedomhouse.org
Also, https://old.reddit.com/r/IsItBullshit/comments/1q9pbh1/isitbullshit_the_uk_arrests_more_people_over/
-
Friday 1st May 2026 15:49 GMT Jellied Eel
Re: Why prove you're an adult?
Tor would disagree, but that's the edge case.
Kinda. Unless of course you happen to control the edge node, or can manipulate traffic to prefer an edge node under your control. Which is also a bit like the rumblings around banning VPNs. TPTB can already compel VPN providers to reveal customer info, or legislate to make that easier. Or if you've already got an app on a device, you can just look at data before it hits the VPN client.
Wouldn't say "easily." John Q. Public knows how to use a coffee shop even if he can't use Tor. As long as he leaves his phone elsewhere, and doesn't pay with a card, it can become a bit hard to even identify him as one of the people who could have been on the public WiFi, let alone which one wrote the comment. But that raises another important point: when there's a compelling reason, they can generally find most people if they really have to.
Indeed. Plus if age verification becomes online verification, then it might no longer be possible to get online at a coffee shop. Plus the pressure to become a cashless society, and just pay with by tapping your mobile. And it's amusing given coffee shops have been used by plotters & schemers pretty much since Europeans discovered coffee. ISTR this is how Lloyds of London started out.
Police exist to fight real crime, not scare the crap out of people who said something an MP or nosy neighbor didn't like (and probably exaggerated in their complaint). Do we really want the police playing the role of forum moderator, but with arrest powers?
Yep, but that's really a problem with bad legislation and prioritisation. Politcians make laws, the police are expected to enforce those laws. Or kick it back via the judiciary to get laws revised or repealed.. Which probably won't happen because although the laws might be vague & oppressive, they are enforceable. It's also interesting at the moment with Palantir, the Met police and union advice to leave work phones at home when they're off duty. Which is reasonable, given everyone has a right to privacy and (some) freedoms of expression. But then we also grant police powers, they're human, and humans are corruptable. So it's how to balance privacy rights, with the ability to detect and prosecute unlawful activity.
Which is also one of the big problems with some legislation, ie politicians granting themselves exemptions from surveillance powers. Which I think is a bad thing given politicians are eminently corruptable, and if corrupted can do the most damage. See as an example the continued battle to get the texts from von der Liar in Pfizergate.. Which involved an awful lot of money, and EUrocrats are supposed to do data retention precisely to avoid allegations of fraud or misconduct, or real or apparent conflicts of interest.
-
-
-
-
Thursday 30th April 2026 09:15 GMT Mockup1974
"The app works across major mobile and PC platforms. "
Can anyone elaborate on this please?
I thought that originally it was only published for Android and iOS, with a dependency on Play Integrity checks which would have excluded FOSS and degoogled Android versions - in other words, making a Google/Apple device and account mandatory to function.
