It may theoretically be a false assumption but in practice it’s really not. The MitID identification and signing framework of Denmark, and many other similar systems across the EU, is based entirely on “the device is personal, access to it is limited and the secure enclaves within them are trustworthy”.

You are correct that this framework is not designed for anyone who wishes to root their device or install a custom OS. In other words, it cuts out 0.00000000001% of the population. The colour of the app has a bigger impact than “oh no! We can’t support rooted devices”.

The article is talking about banning social media under a particular age. This is enabled by the new Digital Service Act, and specifically the Age Verification Blueprint within the European Digital Identity Wallet. The same discussion is happening all across the EU exactly because the EU now has shared standards defined for how age verification will work online.

So while it’s true that counties can enact their own laws, like a US state can, they do so within a framework of European supranational regulation and they definitely cannot (easily) make national laws that circumvent EU directives. Well, they can, but the punishments and the hassle is severe.

But very specifically these discussions are popping up all over the EU because suddenly the EU is actually putting in place the machinery that allows it to happen. So yes, it’s a French discussion, but one borne of and fed by the European-wide framework discussion.

There’s nothing in the EU age verification structure that requires you to hand more information to the places where you need to verify your age. In fact the system expressly prevents it. Similarly in the ZKP architecture, it it not legal, nor possible, for the age verification service to know where you log in.

Maybe I’ve misunderstood your comment and so I say this in great respect; but if you don’t understand the technical details about the system the EU has defined, you may be basing your resistance on wrong assumptions.

Ah I see what you mean.

I suspect the EU will regulate in the same way it’s done other enforcement; if you are above a certain size, different requirements apply to you.

Defining what is and what isn’t something is exactly what law has to do every single time it gets defined. I’m sure we can work this one out too.

The size of the tech giants cannot be the reason to not attempt regulation. If anything, it’s exactly the reason to regulate.

Our democracy regulates a lot of things that it (we) believe to be harmful to children: Cigarettes, gambling (also online), pornography, violence in media, alcohol etc etc.

Why is social media any different?

I agree that for the system to be anonymous the state has to live up to its commitment to anonymity. Have you read the EU’s regulation about this? In there is exactly a commitment that age verification has to be anonymous.

But, let’s take a reality check here:

• For the vast majority of the population, their ISP already collects every single website they visit.
• if the state wants to know what you’ve searched for and where you’ve been online, they already have that data stored. They can only access it legally with a court order.

Yes you can circumvent this logging (to some extent) through VPN - just like you can circumvent the requirement to verify your age with a VPN. But the vast majority don’t.

My intent isn’t bad. I want kids to grow up without the harms of social media, just like I want them to grow up without the harms of gambling, tobacco etc. I wouldn’t expect children to be let in to see an 18-rated film? Why is social media any different? If we define it causes harm, which it definitely does, then why can’t we attempt to minimize harm through regulation?

What are YOU talking about?

I’m talking about French age verification, which is a national example of the EU’s ZKP age verification system, and which the article is about.

To the instance that issues the ZKP tokens you of course have to prove who you are. Once you have the ZKP age verification tokens and actually use them to prove your age, those tokens are negotiated solely between your device and the asking entity.

Have you actually read the EU’s required structure for this?

Only the entity that owns the private key can generate signed tokens. You can read about the Danish solution, which is the first and most developed implementation of the EU’s requirements for anonymity: https://digst.dk/media/5gybwsaq/implementing-age-verification-with-danish-digital-identity-wallet-dktb-09.pdf

You don’t own the signing private key so you can’t - mathematically can’t, not opinion can’t

Once again, have you read the EU proposal? We are, after all, talking about France here, not the UK.

The UK, no longer part of the EU, of course have gone much softer and enabled non-anonymous verification. I am of course deeply against this.

What I AM talking about is the ZKP method mandated by the EU, which is anonymous.

I’ll ignore your name calling; not very conducive to a debate.

I’m not an anarchist nor an anti-capitalist but I really appreciate the civil discussion.

I am 1000% aligned that no government nor corporation should have a dossier with your information.

That’s why I’m actually able to support age verification online in the EU, because the proposed system prevents exactly that. Your device will literally be issued with ZKP tokens, which solely verifies “the person handing you this token is above 18”. It is a specific requirement that no knowledge can be inferred about who is passing the token (hence the name “Zero Knowledge Proof”). This is a mathematical possibility we can utilise and which the proposal relies on. The Danish trailblazer system is built exactly to this spec.

I do understand the concern about implementation burden for smaller players (like federated services). In every other case where the burden has been large, open source has sprung to the rescue (eg Let’s Encrypt); I am convicted the same will happen here.

Chat control was an insane suggestion that wouldn’t work politically nor technically and, logically, has been abandoned. For Denmark not to check Germany’s position on it, and for the flagrant disregarding of all technical positions that called out the utter bullshit, was laughable and one of the major failings of Denmark’s presidency.

But chat control and age verification is not the same and one sensible suggestion shouldn’t fall on the insanity of another suggestion.

Well we definitely agree pretty much 100% about social media as it stands today, in terms of its ills.

I don’t know what “regulation” of social media would be without requiring identification of users, though. The vast majority of its ills comes from, as you identify, monetised engagement which promotes bots. Therefore it is in social media companies’ interest to allow bots to play, which enables an undermining of our democracy.

Though we will disagree on what “verification” of users mean in terms of privacy risks.

The EU proposal for age verification has a legal requirement for anonymisation. This means that your “age verification” app simply holds signed verification tokens that it hands over to the service. There is no way for that token to be tied back to an identifiable user.

And there’s a million ways that could be circumvented by the state, agreed, but if the state circumvents its own laws (“must be anonymous”) they are already able to circumvent ISP logs, phone records etc. We have laws for dealing with it.

My point being that you either trust your government, in which case the requirement for anonymity will be upheld, or you don’t, in which case this doesn’t increase your risk surface (as you already believe your government circumvents laws and accesses logs illegally).

I haven’t got the foggiest idea what you mean. I’ve expressed my opinion. You choose to call it propaganda because you don’t like it.

The absolute binary inability for children to access social media shouldn’t be the litmus test for whether we should try.

Some children manage to buy lottery tickets or gamble for real money online. Some manage to buy alcohol even when they’re underage. Some manage to buy cigarettes. Inadequate parents will even sometimes support this.

But we aim to create an environment where that is difficult. And by doing so we shape culture. And culture shapes patterns. My aim isn’t to remove the harm social media perpetrated on children, but to reduce it. All law works like this - speed limits are routinely broken but most drive sensibly.

I appreciate the nuance. Thanks for a thoughtful answer.

You’ll see from different answers I’ve made to the reactions on my first comment that I also approach this with nuance.

I know many people that work in government. Not the US government, but across Europe. I can’t answer for the US government. But I can tell you first hand that the people I know aren’t in it to gain some kind of Orwellian control.

When I last spoke to a U.K. MP about this he was in fact understanding the complexity here, and the lens that many people want to see it banned and many see it as governmental overreach. Decent, hard working people are trying to balance these tough choices where I live. I’m sorry if that isn’t the case where you live.

You’re a charming fellow aren’t you?

Consider for a second if my position came from knowledge and wisdom, rather than knee jerk. Consider if you understand all nuances here. Change your tone. Then maybe we can engage on this.

Lol. Yes it’s that simple.

Look, I’ve raised 4 kids. I run OPNsense with filters. I’ve enabled parental controls all on their mobile phone connections. My kids were and will be the last that got a smart phone in their year. I’m an active member of smartphone free childhood in the UK; I’ve engaged with U.K. members of Parliament on the topic. I’ve worked for tech giants whose sole purpose it is to create “habits” ie addiction in amongst children. Regardless I’m not talking about just my kids, I work in education and engage with multiple schools on the topic.

You come back to me when you’ve taken kids through the landscape they exist in today. What’s more, it is possible to verify age online in a way that doesn’t enable governments to see what sites you visit (not that they can’t already get that your ISP); of course I’m against government oversight of everyone’s internet habits. But both can be achieved; anonymity and age verification is possible.

It sounds like a pretty one sided view you’ve got there and maybe, just maybe, it could do with some nuance.