#eudigitalwallet — Public Fediverse posts

EU Age Verification Push

https://beitmenotyou.online/eu-age-verification-push/

EU Age Verification Push

https://beitmenotyou.online/eu-age-verification-push/

Another huge shitstorm thread from British security researchers on Twitter[^1] about how the reference implementation of #EUDigitalWallet #AgeCheck published on https://ageverification.dev is “insecure”, while ignoring the tiny details it’s a REFERENCE implementation whose documentation literally say:

Pre-configured hosted services that allow you to test the Age Verification App and its core components without the need for complex local setup.

A production version would be hooked up to a respective national id database and therefore require no selfies etc.[^2]

The funny part is that a national id database is something that we don’t have in the UK[^3] because we instead made a choice to use commercial services from a private company Experian for the same purpose 😁

Also, you can clearly see that #Brexit did not only happen thanks to some red necks, as it’s often portrayed - British elites are also have a strong knee jerk response to anything that comes from the EU and violated “established truths” of their generation, for example the axiom that anything designed by a shitty private company is 100x better than anything designed by the “government”. I would honestly expect better from the generation of people who had actually lots of interesting things to say about cryptography and computer security in the past.

[^1]: https://xcancel.com/Paul_Reviews/status/2044436001611801072?s=20

[^2]: https://ageverification.dev

[^3]: https://krvtz.net/en/posts/in-defense-of-the-national-id-and-digital-id.html

Another huge shitstorm thread from British security researchers on Twitter[^1] about how the reference implementation of #EUDigitalWallet #AgeCheck published on https://ageverification.dev is “insecure”, while ignoring the tiny details it’s a REFERENCE implementation whose documentation literally say:

Pre-configured hosted services that allow you to test the Age Verification App and its core components without the need for complex local setup.

A production version would be hooked up to a respective national id database and therefore require no selfies etc.[^2]

The funny part is that a national id database is something that we don’t have in the UK[^3] because we instead made a choice to use commercial services from a private company Experian for the same purpose 😁

Also, you can clearly see that #Brexit did not only happen thanks to some red necks, as it’s often portrayed - British elites are also have a strong knee jerk response to anything that comes from the EU and violated “established truths” of their generation, for example the axiom that anything designed by a shitty private company is 100x better than anything designed by the “government”. I would honestly expect better from the generation of people who had actually lots of interesting things to say about cryptography and computer security in the past.

[^1]: https://xcancel.com/Paul_Reviews/status/2044436001611801072?s=20

[^2]: https://ageverification.dev

[^3]: https://krvtz.net/en/posts/in-defense-of-the-national-id-and-digital-id.html

Another huge shitstorm thread from British security researchers on Twitter[^1] about how the reference implementation of #EUDigitalWallet #AgeCheck published on https://ageverification.dev is “insecure”, while ignoring the tiny details it’s a REFERENCE implementation whose documentation literally say:

Pre-configured hosted services that allow you to test the Age Verification App and its core components without the need for complex local setup.

A production version would be hooked up to a respective national id database and therefore require no selfies etc.[^2]

The funny part is that a national id database is something that we don’t have in the UK[^3] because we instead made a choice to use commercial services from a private company Experian for the same purpose 😁

Also, you can clearly see that #Brexit did not only happen thanks to some red necks, as it’s often portrayed - British elites are also have a strong knee jerk response to anything that comes from the EU and violated “established truths” of their generation, for example the axiom that anything designed by a shitty private company is 100x better than anything designed by the “government”. I would honestly expect better from the generation of people who had actually lots of interesting things to say about cryptography and computer security in the past.

[^1]: https://xcancel.com/Paul_Reviews/status/2044436001611801072?s=20

[^2]: https://ageverification.dev

[^3]: https://krvtz.net/en/posts/in-defense-of-the-national-id-and-digital-id.html

Another huge shitstorm thread from British security researchers on Twitter[^1] about how the reference implementation of #EUDigitalWallet #AgeCheck published on https://ageverification.dev is “insecure”, while ignoring the tiny details it’s a REFERENCE implementation whose documentation literally say:

Pre-configured hosted services that allow you to test the Age Verification App and its core components without the need for complex local setup.

A production version would be hooked up to a respective national id database and therefore require no selfies etc.[^2]

The funny part is that a national id database is something that we don’t have in the UK[^3] because we instead made a choice to use commercial services from a private company Experian for the same purpose 😁

Also, you can clearly see that #Brexit did not only happen thanks to some red necks, as it’s often portrayed - British elites are also have a strong knee jerk response to anything that comes from the EU and violated “established truths” of their generation, for example the axiom that anything designed by a shitty private company is 100x better than anything designed by the “government”. I would honestly expect better from the generation of people who had actually lots of interesting things to say about cryptography and computer security in the past.

[^1]: https://xcancel.com/Paul_Reviews/status/2044436001611801072?s=20

[^2]: https://ageverification.dev

[^3]: https://krvtz.net/en/posts/in-defense-of-the-national-id-and-digital-id.html

Another huge shitstorm thread from British security researchers on Twitter[^1] about how the reference implementation of #EUDigitalWallet #AgeCheck published on https://ageverification.dev is “insecure”, while ignoring the tiny details it’s a REFERENCE implementation whose documentation literally say:

Pre-configured hosted services that allow you to test the Age Verification App and its core components without the need for complex local setup.

A production version would be hooked up to a respective national id database and therefore require no selfies etc.[^2]

The funny part is that a national id database is something that we don’t have in the UK[^3] because we instead made a choice to use commercial services from a private company Experian for the same purpose 😁

Also, you can clearly see that #Brexit did not only happen thanks to some red necks, as it’s often portrayed - British elites are also have a strong knee jerk response to anything that comes from the EU and violated “established truths” of their generation, for example the axiom that anything designed by a shitty private company is 100x better than anything designed by the “government”. I would honestly expect better from the generation of people who had actually lots of interesting things to say about cryptography and computer security in the past.

[^1]: https://xcancel.com/Paul_Reviews/status/2044436001611801072?s=20

[^2]: https://ageverification.dev

[^3]: https://krvtz.net/en/posts/in-defense-of-the-national-id-and-digital-id.html

@EUCommission statement on the #EUDigitalWallet #AgeCheck mechanism that has been subject to tons of disinformation. I recommend the whole statement, but just will quote the critical fragment:

Our solution builds on zero-knowledge proof: this means that when users want to access an age-restricted service, you remain in full control of your data.

https://ec.europa.eu/commission/presscorner/detail/en/statement_26_820

I’ve written more about its technical details here:

https://krvtz.net/en/posts/eu-digital-wallet.html

@EUCommission statement on the #EUDigitalWallet #AgeCheck mechanism that has been subject to tons of disinformation. I recommend the whole statement, but just will quote the critical fragment:

Our solution builds on zero-knowledge proof: this means that when users want to access an age-restricted service, you remain in full control of your data.

https://ec.europa.eu/commission/presscorner/detail/en/statement_26_820

I’ve written more about its technical details here:

https://krvtz.net/en/posts/eu-digital-wallet.html

@EUCommission statement on the #EUDigitalWallet #AgeCheck mechanism that has been subject to tons of disinformation. I recommend the whole statement, but just will quote the critical fragment:

Our solution builds on zero-knowledge proof: this means that when users want to access an age-restricted service, you remain in full control of your data.

https://ec.europa.eu/commission/presscorner/detail/en/statement_26_820

I’ve written more about its technical details here:

https://krvtz.net/en/posts/eu-digital-wallet.html

@EUCommission statement on the #EUDigitalWallet #AgeCheck mechanism that has been subject to tons of disinformation. I recommend the whole statement, but just will quote the critical fragment:

Our solution builds on zero-knowledge proof: this means that when users want to access an age-restricted service, you remain in full control of your data.

https://ec.europa.eu/commission/presscorner/detail/en/statement_26_820

I’ve written more about its technical details here:

https://krvtz.net/en/posts/eu-digital-wallet.html

@EUCommission statement on the #EUDigitalWallet #AgeCheck mechanism that has been subject to tons of disinformation. I recommend the whole statement, but just will quote the critical fragment:

Our solution builds on zero-knowledge proof: this means that when users want to access an age-restricted service, you remain in full control of your data.

https://ec.europa.eu/commission/presscorner/detail/en/statement_26_820

I’ve written more about its technical details here:

https://krvtz.net/en/posts/eu-digital-wallet.html

Since there’s a lot of discussion about age verification on various platforms - like Ubuntu’s Canonical[^1] I just wanted to highlight one that is the least lame and the most privacy-preserving in existence currently: Mobile Driver’s License (mDL) aka ISO/IEC 18013-5[^2]

Just don’t get misled by its rather confusing name and overwhelming amount of references standards, I’ve been digging through them for the last few weeks only to realise how much I have to catch up since I’ve last read eIDAS regulation in full around 2010. I plan a longer write-up on that subject but that’s going to take time.

The core idea of mDL is very simple and based on an old EU Qualified Electronic Signature (1999) concept of certificate of attributes:

1. A person controls a number of attributes for legal and commercial activities, such as their date of birth, social insurance number, gender, entitlement to ride a bicycle, a car or a tank, academic degree etc. Under mDL you control these attributes and they are PII under protected by GDPR.
2. Most of them are authoritatively stored by some kind of authority - e.g. bicycle or car licenses by driver’s authority, social insurance by respective agency, academic degree by an university etc.
3. mDL creates an API under which a third party - e.g. company employing you to drive a truck - can check that your license is actually valid. You approve this request and it allows the company to use the API at the respective agency. After that the approval is invalidated.

Most importantly, mDL allows for attributes that are simple boolean statements, such as “18+” and because attribute certificates don’t have to be attached to an identity, you can approve a simple website’s request “is this user 18+” without submitting your face, payment card or full personal details including date of birth. All information the website gets is cryptographically verifiable information “yes, this user is 18+” and nothing more.

There’s tons of EU regulation currently built around these standards, which are generally centered around the concept of EU Digital Wallet. The core ideas behind it is privacy protection, user control and revealing only as much details as necessary on need-to-know basis.

Because we had many “grassroots” campaigns in the past conveniently sponsored by US big tech companies to oppose EU regulations that impact their business models, I would expect the same to be unrolled against EU Digital Wallet at some points. Just remember, from their business point of view it’s much better for Google or Meta to get your face or payment card details rather than frustrating “yes, this user is 18+” attribute they can’t use for their behavioural tracking network.

[^1]: https://docs.walt.id/concepts/digital-credentials/mdoc-mdl-iso#a-step-by-step-guide-how-age-verification-works

[^1]: https://lists.ubuntu.com/archives/ubuntu-devel/2026-March/043534.html?ref=itsfoss.com

#EUDigitalWallet #AgeVerification #eIDAS #mDL

Die #EU wird in einigen Ländern nun eine App testen, um das Alter von Menschen im Internet zu überprüfen, wenn sie gewisse Webdienste nutzen wollen. Es ist einer der ersten Schritte auf dem Weg zu #EUDigitalWallet. Technisch ist solch eine Altersüberprüfung allerdings äußerst komplex und auch gesellschaftlich fragwürdig. Über den Vorschlag und die Hintergründe habe ich für @RadioCORAX mit @jtmuehlberg gesprochen:

https://radiocorax.de/die-altersverifikation-im-internet/

#altersverifikation

I learned this week about the EU digital wallet. I am curious how this ties in, and whether it does, with the SOLID project? It seems to be rather aligned, but I couldn't find technical specs, and it would be neat if anyone of my friends knows anything about this and can give me a rough overview.

#solid #solidpod #eudigitalwallet #eIDAS

The European Parliament has approved the creation of a legislative framework and prototype for the digital wallet in the EU. Ukraine will participate in the pilot project and is required to release its national EU wallets within 24 months. Testing of prototypes should be completed by April 2025. Ukraine's digital wallet is called "Diia." This initiative will enable Ukrainians to use "Diia" in the EU, while Europeans can use their digital wallets in Ukraine. #EUdigitalwallet #Diia