this post was submitted on 19 Apr 2026
89 points (94.9% liked)

Privacy

48102 readers
1341 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
89
The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore) (furries.club)
submitted 2 days ago by helloyanis@furries.club to c/privacy@lemmy.ml
10 comments fedilink hide all child comments
 

The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

Demo :
https://youtu.be/1hfDOhrNx1I

In short :
- The pin you set to lock the app is encrypted, not hashed, which means with the private key of the app it could be reversed (there's no need to get that as you'll see in the next points
- Once you verify your age, the pictures and data identifying you is not deleted. Although on regular phones you and other apps can't access it as they are protected at the Android level, this is still a breach of GDPR
- The app's data is stored in a shared preferences file, which is pretty much just plain text. If you delete the key for your PIN, the app will let you create a new one, and still access the data of the old account.
- Nevertheless, the EU still brands it as a privacy friendly option on their site at https://t.ly/labwF

In short, don't verify your age online! This is really bad for privacy!
@privacy

#privacy #europe #opensource #cybersecurity #ageverification

you are viewing a single comment's thread
view the rest of the comments
[–] vapeloki@lemmy.world 1 points 2 days ago (1 children)

Ok, once again in slow: each country must implement their own app.

One for Germany, one for France and so on. Because it has to be tied into the ID card system of the country.

You can build the app in the repo but the app can not do any age verification without this integration. I even cited the fucking sentence from the readme.

[–] helloyanis@furries.club 0 points 2 days ago (1 children)

@vapeloki The issue is, once again, not that the app allows you to bypass age verification or anything with how countries implement it. It's that the app makes it extremely easy to get the data and spoof someone else, while claiming it's secure and privacy focused while it is not.
A prectical example would be :
- Someone steals my phone
- They can access the app as they can bypass the PIN
- They can appear and act as myself on any platform that will use the system to verify
No matter how countries implement it or how the app is still "in development", I'm just saying that this current implementation is insecure and can be very easily hacked besides what is being said on the public spaces like the dedicated website and the twitter account of the president of the EU commission.
I will probably stop replying to this thread now as you keep telling me the same arguments and even when I demonstrate how I disagree with them, you keep repeating the same ones so I'll just stop wasting my time

[–] vapeloki@lemmy.world 1 points 2 days ago

I don't say the code isn't sloppy and should never go live I. It's state.

I say: show me the app on the app store that you can download and use.

We are talking about security issues in a reference implementation.

We are not talking about an app. All this does is to spread fear and if this whole thing is not accepted by the Public because of this , what then? We land up in a privatisation scenario once again and then fuck privacy.

This state of the Codebase is fixable, but stop talking about it like it would be a released app. It is not.