EU age verification app not planning desktop support

Original Article ↗ Hacker News Discussion ↗

Smartphone-Only Design & Desktop Exclusion

  • The reference app explicitly targets Android/iOS and excludes desktop, which many see as de‑facto requiring a smartphone to participate in digital life.
  • Critics argue this further marginalizes people who rely on desktop computers, don’t own smartphones, or use custom ROMs / alternative OSes (Linux phones, LineageOS, GrapheneOS).
  • Some note this continues an existing trend: banks, government e‑ID, airlines, and ticketing services moving to “app only” flows, with desktop support degraded or removed.

Reliance on Apple/Google & Digital Sovereignty

  • Strong concern that access to EU‑mandated age verification will depend on US platforms and app stores, binding citizens to Apple/Google accounts and their terms.
  • Commenters argue this contradicts proclaimed EU goals like consumer protection, competition, and “digital sovereignty,” and effectively entrenches the mobile duopoly.
  • Fears include US‑driven sanctions or account bans indirectly cutting people off from essential EU services.

Hardware Attestation & War on General-Purpose Computing

  • The project is linked to hardware attestation (Play Integrity etc.), which many see as hostile to user freedom: only “approved” OSes and untampered devices can be used.
  • Some accept remote attestation as useful when both devices and servers are under the same owner (e.g. corporate VPN), but call it unacceptable when imposed on personal devices.
  • Several frame this as part of a broader “war on general-purpose computing” and a push toward locked-down platforms.

Privacy, Cryptography, and Legal Compatibility

  • Defenders say this is just a prototype / reference implementation, not the EU wallet, and that the goal is privacy-preserving age proofs (eventually with zero‑knowledge proofs and unlinkability).
  • Critics counter that the current design uses linkable standard signatures tied to a phone, enabling issuer–verifier collusion and conflicting with eIDAS and GDPR “unlinkability” / state‑of‑the‑art requirements.
  • There is skepticism that privacy-enhancing features promised “later” will ever replace an initially simpler, linkable deployment.

Effectiveness, Circumvention & Scope

  • Many doubt the policy goal: determined minors can bypass with VPNs, borrowed IDs, or shared “age attribute faucets.”
  • Some note that, under existing EU law (DSA), only large platforms are even encouraged to use such mechanisms, and age verification is not yet generally mandatory. Others expect expansion over time.
  • There is concern that once such infrastructure exists, failures and circumvention will justify more invasive steps (e.g. VPN restrictions, broader ID requirements).

Social Impact & Resistance

  • Commenters worry about smartphones becoming mandatory “collars” for everyday life, excluding those who avoid or cannot use such devices.
  • Suggestions range from boycotting services that require phones to accepting this as a lost battle in a broader drift toward surveillance and control.