I said it before and I'll it again, the best solution for this is to have a standard API where device admins can optionally set a age group, and that treats an unset value as signalling unrestricted access. This is so simple it's almost impossible to fuck up, parents get a parenting tool, most people can just ignore it, and big brother can go on a long vacation.
this post was submitted on 17 Apr 2026
428 points (98.2% liked)
Technology
84614 readers
333 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
This is what the California law requires BTW (except it makes the field mandatory which is shit). IMO in this case the EU solution is overcomplicated, it just feels like they needed an excuse to get more out of the COVID certificate investments...
That would be a good way to do it, if the goal was to be able to restrict/protect kids. Unfortunately, this have very little to do with that.
I‘m a little bit confused because all of this is moving so quickly (and badly) when the EU is known to work slow. How do they even have an app ready so quickly? Even when it‘s trash. It‘s almost as if they act on the ‚wisdom‘: „Apologizing later is easier than asking for permission first.“ I get the impression they started working on this before any legislation was even proposed.
The specification has been worked on for at least a year going by the git repo. The (android) app is a fork of the EUID Wallet app I think which is at least three years old
The EUID effort is based on and for consolidating existing national solutions as well. They didn't start from scratch.
uhm, vibe coding?
they were already working on it?
Bbbbbbut the politicians with no technical experience, knowledge or skills said that it would work! Should we trust the politicians or the actual experts?.......... /s
scotus (yeah i know) said chevron bad, so let's trust the politicians!
I feel like I'm going insane, I thought the EU just recently passed an initiative to directly ban age verification, and then I open my feed yesterday and there is nothing else other than news about this app & I can't find the initiative I thought I saw.
Edit: I figured out what was confusing me, the MEP just recently enshrined E2EE, which I remembered as a big win on the same level of no age verification.
Edit: I figured out what was confusing me, the MEP just recently enshrined E2EE, which I remembered as a big win on the same level of no age verification.
oh that sounds interesting! could you throw a link?
I think they didn't enshrine the right to end to end encryption, it's just that they did not renew the temporary law allowing voluntary scanning for tech companies
I am not capable of understanding it myself, I heard the German version is less ambiguous, the English version had too many clauses that were up for interpretation. The general consensus in the threads that I saw on Lemmy when this happened was that the good faith interpretation is the correct one, but I am unsure if that is just cope.
Maybe the security expert could read the readmes in the repos first. From the iOS app repo:
The initial development release has reduced security, privacy, availability, and reliability standards relative to future releases. This could make the software slower, less reliable, or more vulnerable to attacks than mature software.
And further:
If you're planning to use this application in production, we recommend reviewing the following steps: […] The Pin storage configuration matches your security requirements, or provide your own by following this guide Pin Storage Configuration […]
So the text hints not at design flaws but at facts that are already stated in the readme. Plus, the major source for the article is Pavel Durov, who’s messenger is of course a standard in security and privacy.
So there seems to be no news but a lot of speculation by Durov instead.
Link to app repos, both contain the disclaimers: https://github.com/eu-digital-identity-wallet/eudi-app-ios-wallet-ui https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui
Yeah the weird thing is that Von der Leyen claimed it's basically done and perfect. But it's nothing of the sort.
Why do they source-link a random Twitter post but not the security researcher report nor the app the whole article is about? Every link is to their own articles.
What’s the official stage of it? was it already intended to be released? If not it might be less of an issue.
Anyway it’s good that it’s open source. At the very least it encourages public discussion and in this case noticing the flaws.
The git repo calls it a demo. The website calls it a prototype. The EU Commission calls it "ready".
But they also said it "Works on any device" and "Highest privacy standards in the world" so I guess we can't trust what EU Commission says.
That “ready” is just typical political advertising speech. Could have been worded more carefully, but it’s forgivable. As long as the git repo and website correctly identify it as a demo/prototype, it seems fine to me. E.g. not using the security enclave is totally fine for a demo. It doesn’t affect the general protocol design. There’s a lot of hostility both to these initiatives as well as to the EU (often by different actors, there’s e.g other countries pushing for less privacy respecting mechanisms), so the clever criticism tends towards nitpicking. There’s actually merit in releasing such an ambitious project as open source and so early, which even with the nitpicking and negativity, is a good thing.
Another thing that will be blocked on my DNS