All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

EU Age Control apps: Privacy-preserving age verification or a trojan horse for digital ID infrastructure?

By

gasull

1mo ago· 14 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

The kind of bagel that ruins lesser bagels for you.

Score100TypeanalysisSentimentnegative

Summary

This article critically examines the EU Age Control system, arguing that despite being marketed as a privacy-preserving age verification tool using zero-knowledge proofs, it functions as a trojan horse for broader digital ID infrastructure. The author identifies three key problems: (1) the DSA fallback allows platforms to use standard KYC providers instead of the privacy-preserving wallet, (2) attestation lock-in where Google and Apple control what attestations are accepted, and (3) technical flaws including relay attacks that the protocol cannot stop. The piece highlights a significant gap between the marketed cryptography and what is actually shipped, warning that the system paves the way for mandatory digital IDs under the guise of age verification.

Key quotes

· 5 pulled
Most people think EU Age Control apps are about identifying users. The sales pitch is all zero-knowledge proofs of age.
First: the DSA fallback — platforms don't actually need the privacy-preserving wallet; the rules let them use a normal KYC provider instead.
Second: attestation lock-in — Google and Apple decide what attestations are accepted.
The gap between marketed and shipped cryptography raises serious concerns about the system's actual privacy guarantees.
Relay attacks the protocol can't stop undermine the security claims of the entire system.
Snippet from the RSS feed
A technical look at the EU age verification reference app — the gap between marketed and shipped cryptography, relay attacks the protocol can't stop, and why the 'privacy-preserving' system is a trojan horse for digital ID infrastructure.

You might also wanna read

Age verification for social media bans threatens privacy for all users

Australia's decision to restrict social media access for children under 16 has sparked global debate, with similar proposals being discussed

techcentral.co.za·2d ago

Illinois HB5511: Privacy Advocates Warn Device-Level Age Verification Poses Security Risks

This article is an open letter opposing Illinois House Bill 5511 (The Children's Social Media Safety Act), arguing that while the bill aims

sign.moveon.org·9h ago

EU digital sovereignty project faces security challenge from Intel and AMD chip vulnerabilities

This opinion article argues that the EU's push for digital sovereignty is undermined by its reliance on Intel and AMD chips, which contain o

theregister.com·5d ago