European "age verification" "app" forcing everyone to use Android or iOS
576 points
• 3 days ago
• Article
Link
将 Google Play Integrity API 和 Apple App Attestation 集成到 EU Digital Identity Wallet 项目中用于年龄验证的提案,遭到开发者社区的强烈反对。批评者认为,依赖美国科技巨头的专有技术会削弱欧盟追求数字主权的努力。把基本政府服务绑定到特定操作系统和硬件供应商上,被视为加深对第三方公司的依赖,并把控制权交给那些常在不透明政策与利益冲突下运作的企业。
讨论者指出,这一做法违反了项目自身强调的互操作性、用户控制和普及可及性等原则。多位参与者表示,如荷兰身份识别应用 Yivi 等开源方案已经能实现有效的年龄验证,证明对外部专有依赖并非必需。还有人质疑必须为每次交互都使用独立应用的前提,认为现代基于 Web 的方法可以在不将用户锁入封闭生态的情况下实现同样目标。
安全与隐私是反对的核心。许多业内专家认为,硬件认证是朝着被锁定和审查的计算环境迈出危险一步。批评者称,这类措施并不会有效阻止恶意行为,反而会惩罚那些选择 root 设备或使用替代操作系统的合法用户。有观点认为,若强制执行,未来可能为控制而牺牲通用计算,使个人设备实质上变成受管控的客户端。
除技术层面外,讨论也反映出对规范起草者缺乏技术远见的强烈不满。许多参与者担心,该方案会造成类似 IE6 的锁定局面,使欧洲基础设施长期受制于外国垄断企业的任意要求。他们担忧,欧盟若采纳这些做法,不仅无法保护公民的数字权利,反而助长专有的"反功能"成为常态。
最后,参与者警告称,实施这种侵入性验证系统可能带来全球性后果,其他国家或会效仿。异见者普遍认为,若一个系统必须以牺牲用户自主权、隐私和互联网开放性为代价才能构建,那么该项目当前方向可能存在根本性缺陷。许多人呼吁回归开放标准和服务器端验证模型,尊重硬件所有者的自主权,而非强加由公司控制的集中限制。
The proposal to integrate Google Play Integrity API and Apple App Attestation for age verification within the EU Digital Identity Wallet project has faced significant backlash from the developer community. Critics argue that relying on proprietary technologies from American tech giants undermines the European Union's push for digital sovereignty. By tying essential government services to specific operating systems and hardware vendors, the project is seen as deepening dependence on third-party corporations and relinquishing control to entities that often operate under opaque policies and conflicting interests.
Participants in the discussion highlighted that this approach contradicts the project's own design principles, which emphasize interoperability, user control, and accessibility for everyone. Several contributors pointed out that effective age verification is already possible through alternative, open-source solutions like the Dutch identity app Yivi, which demonstrates that external, proprietary dependencies are not a functional necessity. Others questioned the entire premise of needing an app for every interaction, suggesting that modern web-based approaches could achieve the same goals without forcing users into restrictive ecosystems.
Security and privacy concerns are central to the objections, with many experts in the field describing hardware attestation as a dangerous step toward locked-down, censored computing. Critics argue that these measures do not effectively prevent malicious activity but instead serve to penalize legitimate users who choose to root their devices or use alternative operating systems. Some argue that if such systems are strictly enforced, they could lead to a future where general-purpose computing is sacrificed for the sake of forced control, effectively turning personal devices into managed clients.
Beyond the technical arguments, the conversation reflected deep frustration with the perceived lack of technical foresight among the specification drafters. Many contributors expressed concern that this implementation would create an "IE6-style" lock-in scenario, where European infrastructure becomes permanently chained to the arbitrary requirements of foreign monopolies. By adopting these methods, they fear the EU is not only failing to protect its citizens' digital rights but is also actively fostering an environment where proprietary "antifeatures" become the standard.
Finally, participants warned that the implementation of such intrusive verification systems could have global consequences, as other nations may imitate these practices. The consensus among the dissenting voices is that if a system cannot be built without sacrificing user agency, privacy, and the open nature of the internet, then the project may be fundamentally flawed in its current direction. Many called for a return to open standards and server-side verification models that respect the autonomy of hardware owners rather than imposing centralized, corporate-controlled constraints.
426 comments • Comments Link
• 政府推出的年龄验证应用通常被视为一种保护隐私的替代方案,旨在避免将敏感的生物识别或个人数据交给营利性的私营科技公司。
• 对基于智能手机的身份验证的依赖造成了数字垄断,有效排斥了使用替代操作系统、旧款硬件或以隐私为导向的设备(如 Linux phones) 的用户。
• Google Play Integrity 或 Apple App Attestation 等应用要求,迫使用户依赖总部位于美国的企业,使这些公司能对国家认可的数字身份访问形成集中控制。
• 支持者认为年龄验证是在线社会的必然演进,类似于长期存在的实体身份证要求;但批评者指出,数字系统缺乏传统流程中那些固有的缺陷所带来的"以人为本"的补救方式。
• 人们对"儿童安全"倡议的长期动机深感怀疑,许多人认为保护未成年人不过是实施全面监控、压制数字匿名性的幌子(red herring)。
• 零知识证明(Zero-knowledge proofs)常被作为理论上的解决方案提及,但批评者认为这类说法华而不实,未能触及核心问题:即对一种本质上允许追踪的底层身份关联的依赖。
• 现行做法存在引发"一触即发的暴政"(turnkey tyranny)的风险——集中的身份系统可能被未来的政权利用和武器化,而不论当前政府如何标榜其良好意图。
• 强制性的数字身份实际上迫使公民与监控并过滤其在线行为的平台互动,把曾经开放的空间转变为受门禁与监管的环境。
• 许多人认为,这类框架的最终目标是把现实世界的身份与每一次在线行为永久绑定,从而破坏互联网作为开放、匿名空间的基本承诺。
• 对桌面端或基于硬件令牌的身份验证缺乏支持,表明这可能是有意为之的政策选择,目的在于引导公众使用更易被追踪、控制和限制的移动设备。
这一讨论反映出两个目标之间的深刻张力:一方面是保护未成年人免受在线伤害的愿望,另一方面是对建立可能成为威权控制基础设施的担忧。尽管有人认为与大型科技公司的数据挖掘相比,政府支持的应用或许是相对较轻的选择,但很多群体视此路为对数字主权的危险让渡。普遍的共识是,依赖封闭的移动生态系统所采取的技术实现制造了排他性壁垒,并为威胁开放计算与个人隐私的先例奠定了基础。归根结底,这场辩论暴露了对数字空间治理的深层不信任,在这种治理话语中,以安全为名的论据越来越被视为侵蚀民主自由的借口。 • A government-issued age verification app is often presented as a privacy-protective alternative to sharing sensitive biometric or personal data with private, profit-driven tech companies.
• Reliance on smartphone-based identity verification creates a digital monopoly, effectively excluding individuals who use alternative operating systems, older hardware, or privacy-focused devices like Linux phones.
• Technical requirements for apps like Google Play Integrity or Apple App Attestation force users into a dependency on US-based corporations, handing these entities central control over access to state-sanctioned digital identities.
• Proponents argue that age verification is a necessary evolution for modern online society, similar to long-standing requirements for physical ID, but critics contend that digital systems lack the imperfections and "human" recourse of legacy processes.
• There is significant skepticism regarding the long-term intent of "child safety" initiatives, with many arguing that the protection of minors serves as a red herring for implementing pervasive surveillance and curbing digital anonymity.
• Zero-knowledge proofs are frequently cited as a theoretical solution, yet critics dismiss these as buzzwords that fail to address the core problem: the need for an underlying identity tether that inherently enables tracking.
• The current approach risks creating a "turnkey tyranny" where centralized identity systems can be weaponized by future regimes, regardless of the current government's stated good intentions.
• Digital identity mandates effectively force citizens to interact with platforms that monitor and filter their online behavior, turning platforms that were once open into gated, moderated environments.
• Many argue that the ultimate goal of such frameworks is the permanent linkage of real-world identity to every online action, a move that undermines the fundamental promise of the internet as an open, anonymous space.
• The lack of support for desktop or hardware-based token authentication suggests a deliberate policy choice to steer the entire population toward mobile devices that are easier to track, control, and restrict.
The discussion reflects deep-seated tension between the desire to protect minors from online harms and the fear of creating an infrastructure for authoritarian control. While some view a government-backed app as a lesser evil compared to the data mining practices of large tech companies, a substantial portion of the community identifies this path as a dangerous surrender of digital sovereignty. There is a broad consensus that the technical implementation, which relies on proprietary mobile ecosystems, creates exclusionary barriers and establishes a precedent that threatens the future of open computing and individual privacy. Ultimately, the debate highlights a profound distrust in the governance of digital spaces, where arguments for safety are increasingly viewed as strategic justifications for the erosion of democratic freedoms.