EU Age Control: The trojan horse for digital IDs

Original Article ↗ Hacker News Discussion ↗

Meta / Thread Context

  • Original site was overloaded; readers share archive links.
  • Several participants note that HN often debates without many people reading source material closely.

Surveillance, Record‑Keeping, and Consent

  • Strong disagreement over whether digital ID systems are inherently “surveillance” or just record‑keeping.
  • One side: any compulsory ID use for web access is mass surveillance; the core problem is the existence of centralized personal data, not just accuracy.
  • Other side: governments and companies already keep necessary records; legality, purpose, and consent distinguish surveillance from legitimate data use.
  • Dispute over whether democratic legislation counts as “consent” from citizens.

Child Protection and Age Verification

  • Many argue age checks for online content are largely ineffective: kids will use VPNs, pirate sites, or borrowed credentials.
  • Others argue partial effectiveness still helps parents and society set norms around children’s exposure to social media and porn.
  • Concern that “protecting children” is a pretext for broader identity requirements and control.

Digital IDs: Inevitable or Dangerous?

  • Some see digital IDs as inevitable and convenient, already used for taxes and government services; focus should be on legal limits (e.g., preventing “de‑personing” by revoking IDs).
  • Others see a slippery slope to total surveillance and “social credit”–like outcomes: mandatory ID for banking, social media, SIMs, payments, even buying food.
  • Experiences differ: some EU countries have long‑standing eID with limited scope; skeptics warn that scope can expand via regulation and corporate incentives.

Technical Design: ZKPs, Wallets, and Platform Lock‑In

  • EU age‑verification docs explicitly mention zero‑knowledge proofs, but several commenters highlight practical gaps:
    • Current schemes may still allow linking via revocation and reuse patterns.
    • Hardware in phones doesn’t support advanced anonymous credentials (e.g., BBS+), so systems rely on rotating signatures tied to secure elements.
  • Serious concern about reliance on Google/Apple ecosystems (e.g., Google Play Integrity, attestation on outdated Android), potentially excluding alternative OSes and violating EU competition rules.
  • Debate over whether remote attestation and centralized databases create major breach/abuse risks.

State vs Corporate Power; Bots and Disinformation

  • Some justify stronger identity controls to counter bots, foreign influence, and AI‑generated disinformation.
  • Others argue this just shifts power from opaque platforms to governments without solving algorithms, censorship, or propaganda.
  • Disagreement whether foreign “bot farms” are a major factor or an exaggerated excuse for political failures.

Resistance and Alternatives

  • Proposals mentioned: web‑of‑trust systems to fight bots without tying to real‑world IDs; decentralized protocols; continuing to use cash and physical tokens.
  • A minority plan to block or avoid any site requiring ID/age verification, though others note many essential services already require ID.