What's wrong with EU age verification? (Nothing)
birdculture
28 points
91 comments
July 01, 2026
Related Discussions
Found 5 related stories in 320.0ms across 14,015 title embeddings via pgvector HNSW
- EU age verification app: "Worry-free package" with security vulnerabilities _tk_ · 35 pts · April 19, 2026 · 70% similar
- EU Age Verification Hacked in 2 Minutes: What Happened bigbugbag · 12 pts · April 20, 2026 · 66% similar
- European "age verification" "app" forcing everyone to use Android or iOS roundabout-host · 499 pts · July 14, 2026 · 62% similar
- EU Age Control: The trojan horse for digital IDs gasull · 60 pts · April 26, 2026 · 61% similar
- EU age verification app hacked, 2 minute How to posted johanstokking · 73 pts · April 17, 2026 · 61% similar
Discussion Highlights (19 comments)
ulrikrasmussen
The article claims this is what the ZKP scheme reveals: > Here is cryptographic proof that I hold a valid credential proving I am over 18. You can verify the proof, but you learn nothing about who I am. Is this true though? I am genuinely interested as I haven't looked into the details, but must the user not at least also disclose who the issuer of the credential is so the verifier can verify it against a public key? This also reveals at least the nationality of the user and could be misused to block access to foreigners using VPN.
readthenotes1
We have people checking IDs at the doors of bars and strip clubs. And just like in those cases, what is to prevent someone who is of age giving their ID to someone underage?
ibejoeb
> When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently Parent have an obligation to loosen the restrictions, and, what, the government has obligations to tighten them and deprive them of the spaces where they can act independently? I don't care to talk about the premise itself. This reasoning is absurd.
coda_cantabile
But by what mechanism would one prove, when using such selective disclosures and zero-knowledge proofs to access an online service, that they are, in fact, the owner of said attestation?
satansdeer
Overall "more verification" goes in the direction of "more surveillance". The author described a narrow path that provides "kid safety in the internet" without sacrificing the general population privacy. Is it technically possible to implement the way he suggests? Yes. Will it be implemented that way? No. There are people who can affect the way this verification will be implemented who are genuinely interested in more surveillance, heck, remember chat control that is an ongoing fight in a very similar vein, there is a global desire in politicians to get more control over the communications. To me the author seems either naive or straight up malicious.
NotPractical
Except that within days of this service going live there's going to be a freeageverification.com that instantly generates an attestation proof for anyone for free. I fail to see how this is not untenable. You can compare it to geoblocks that can be circumvented using VPNs, but at least VPNs are costly to run and are usually paid services. With the implementation of verification (ZKP) described in the article, there is no cost to generate attestation proofs nor any limit on the number of proofs nor any way to stop a known-but-anonymous abuser from generating new proofs. Maybe the EU knows it's untenable and is still moving forward because they will be able to demonstrate to the public that privacy enables abuse, creating pretext to make the system not private anymore after it's already been implemented.
dpark
The offline version proposed doesn’t even work. If the government issues untraceable “I’m an adult” cards there’s nothing stopping someone from acquiring one and immediately selling it to a minor. There’s also realistically nothing stopping someone from acquiring multiple and selling them to minors. “Oops, I lost my adult card again. I need a new one.” The solution is of course to make them revocable which means traceable. The same applies online/digitally except that you can very likely distribute the same ID to many minors without getting a new one allocated. I’m in the “we should protect kids online” camp, but I am not sure there’s a real way to do it without compromising privacy for everyone.
lokar
I agree with the broad point. But it ignores another key requirement: it can’t be easy to “loan” your proof of age to someone else.
dom96
If the EU actually mandates each member country implements a ZKP for this then I am all for it. Can they also provide other ZKPs? Specifically to attest that someone is a unique human being? Humanity verification is incredibly important to fight against propaganda online[1] 1 - https://blog.picheta.me/post/the-future-of-social-media-is-h...
GuestFAUniverse
A friend and I were the first to have modems at age 12. And we had access to all kind of stuff on BBS and later in newsgroups. That wasn't meant for our age group and yet there wasn't any harm done. Others in our classes didn't roam there. (They were more into drinking, smoking and stealing in real life instead) Guess who is heavily using social media today and unreflectively repeats fake news.
jubilee33
Free access to information is non negotiable. You can dress it up in whatever argument you like; safety, intellectual property rights, moral imperatives. Take your pick. Information will not be held back, it wasn't held back by any tyrannical regime of the past with much more asymmetrical access to control, not the banning of the printing press, the efforts of the Stasi to ban western music in East Germany, nor China's more recently attempted "Great Firewall", have worked. This also will not work. I am not worried for myself and for others who are technically inclined, we will just silently find and implement solutions for ourselves and any others who have the energy and inclination to use them. This is worst, as usual, for the most vulnerable among us. Those most in need of the information which they will not be able to access. Every freedom comes with risks and responsibilities, freedom of information maybe more than any, but the harms of limiting information are much more unacceptable than any caused by its unhindered natural flow. You can propagandize and scheme to your hearts content. You can lobby your governments to implement your halfbaked schemes. But in the end it won't work... Because people like me and millions of other will just not comply. We will build our own networks if need be, but we will do just about anything rather than accept your terms.
bArray
> Isn't it the family's job to set the limits? > When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently, make decisions, and talk to others — where they can learn to navigate the world without a parent looking over their shoulder. You are still responsible. If you allow your child more freedoms, you are still responsible if something bad happens. Your choice to loosen your parenting shouldn't become everybody else's problem. Some parents for example allow children to try a small quantity of alcohol - if your child is suddenly found drunk, they shouldn't ban alcohol for sale everywhere. I would go the other way, if it's found as a parent that your child is drinking, smoking, etc, then this carries punishments for the parents. I think it should also be punished if they are found accessing online services targeted at adults. > The digital version is the same idea, with cryptography. An authorized issuer verifies your age once and issues a signed credential: Sounds great, but there is a clear agenda for digital IDs that 'they' are trying to shoehorn in with this "protect the kids" thing. They tried rolling it out digital IDs in the UK in 2006 [1]. As I said the other day, what really makes me suspicious is that most Western countries suddenly have the same idea at the same time. This isn't just some random politician wanting to protect children, this is an international concerted joint effort to roll out a form of mass censorship. > So instead of fighting a system that is built to preserve privacy, we should be fighting to put the right checks in place — the ones that guarantee the implementation actually honors it. The objective is the system itself. Once there is a control in place to stop you accessing these services/systems, changing the exact unlocking procedure is trivial and can be done gradually. We'll all just be frogs in slowly boiling pots. [1] https://en.wikipedia.org/wiki/UK_Digital_ID
kmeisthax
> We already accept age restrictions elsewhere. Children can't drive, drink, gamble, or enter certain venues before a certain age. It is not absurd to think parts of the internet should be age-restricted too. It isn't, but it is absurd that the first things we're talking about is banning kids from social media. "Children do not have a right to free speech" is not a defensible position. In fact it's the sort of thing that should get Nigel Uno and the Kids Next Door on your ass. The problem is that the argument against child access to social media is a proxy for a different, larger problem: social media is not a public forum anymore. They make heavy use of automated editorialization over the content you're allowed to see, specifically to keep you engaged and addicted. This is absolutely harmful, but it's not uniquely harmful to kids and kids alone. When we regulate these harms for children only , what we're also saying is "Adults can fend for themselves, only children deserve protection". And, to be clear, social media is more harmful to adults than it is to kids, if only because the stakes are higher. Targeted advertising is absolutely amazing for criminal scammers who want to find specific kinds of marks. This is only possible because we allow social media to accumulate massive amounts of data on people - basically, a privately-run Stasi. I agree that zero-knowledge proofs would be the least harmful form of age surveillance.
krunck
Can I prove that some cryptographic token A) doesn't contain any more information other than what the article outlines and B) that the token itself can't be used as an ID tied to my identity in a government database? No and no. So, I do not support schemes like this.
hedora
As a parent, I strongly disagree with the priorities of the people setting the policies for the age gates. For instance, roblox is full of pedophiles. Minecraft displays pro-surveillance propaganda to my kid every time they run a game that does not let M$ read their messages. Even “educational” sites like blooket do not bother to check their content for kid safety or accuracy. I’d rather police this stuff myself, so I do. Every implementation of age verification I have seen is counterproductive, and designed to take control away from parents in order to help companies monetize access to children. The people creating these systems aren’t dumb. They work as designed, which means they are actively harmful to kids and society at large.
Prunkton
From the Age Verification Blueprint: >AVI [Age Verification App Instances] SHOULD support the generation of Zero-Knowledge Proofs Maybe I'm not seeing the full picture but as long there is a 'should', the whole thing is worthless. Keep in mind, national states need no implement their own solutions and AFAIK during the pilot phase ZKP was just skipped. Could be for other reasons (was not finished yet) but in the end a 'should' is a 'should' and no 'must'. Source: https://ageverification.dev/av-doc-technical-specification/d...
jmclnx
I could be wrong, but I really doubt it. No kid under 20 will use a PC or Laptop for anything except for school work. All kids under 20 are on Cell Phones and nothing else. PC usually mean work to them, Cell Phones mean fun. Cells will have age verification if they do not already have it yet the will. Also I think Cells have lots of other personal information (PI). To me, Age Verification on PCs is a first step to moving these devices into a Cell Phone type of walled garden. World Govs. want to know what you are doing on all your devices. Luckily with Linux (most distros) and the BSDs, you can easily avoid being "watched".
flossposse
The problem I see here is that many of the things in the "Things that would break the promise" section are pretty much guaranteed to occur - we don't have effective mechanisms to prevent them. Tracking and de-anonymization are big business and age verification mechanisms WILL be exploited for those purposes.
scoofy
People flagging posts they disagree with is genuinely childish. Agree or disagree, this is an earnest post about a relevant topic.