There is no app. Read the readme from the beginning. Even cited it here. Show me the he app in the app stores! YOU CAN'T!
THIS IS A REFERENCE IMPLEMENTATION NOT AN PRODUCTION READY APP! THIS IS EXPLICITLY STATE ON THE PROJECT README!
this post was submitted on 28 Jul 2025
132 points (99.3% liked)
Privacy
2065 readers
52 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 2 years ago
MODERATORS
Ban age verification. It's an accessibility and privacy nightmare, besides the free speech implications.
There’s no reason why you can’t just have the browser for device say that the user is 18 or not.
Parents wouldn’t have to do anything after setting up their kids devices and putting a pin on their own. The setup is literally three buttons:
Who is this device used by:
- Adults only (no age restrictions)
- A child (all age restrictions active)
- Both (restrictions with optional unlock PIN)
This whole debacle is a massive attack on freedom and is completely asinine. It incorporates no ideas from industry and only props up sketchy companies that make money from this specific implementation.
This tbh, age verification SHOULD be a parenting issue not a state mandated issue. If the state wants to make it an issue it should be on the parents to at least be a trusted party.
So, if a 12 year old appears on the door of a strip club, we don't check for his ID, we let him in because, after all, it's a parent topic and if the parents let the boy out, he can for sure visit a strip club, right?
This isn't a physical place, this is the internet. Parental controls exist specifically for this situation. Also at least personally, my parents did not let me go anywhere solo when I was 12...so 12 year old me would've never made it to a strip club.
We have Linux, Mac, Windows, Android,..
We have kids that know more about PC's then parents.
Your suggestion can only work with systems that are heavily locked down and always controlled by the parents.
That is not the world in that we live. "Just 3 buttons" is a very naive idea to a very complex problem
But feel free, design a 3 button system, including client/server communication and more. Than we can talk about it
Routers have parental controls, if your kid can figure out how to bypass that then they can figure out a VPN and it's a moot point anyway. I have no idea what 3 button system you're talking a out here. I don't even get the analogy you're trying to make.
Parental control in routers are based on DNS blacklist. That works only for full websites. What about steam, Netflix, online shops?
...those all use DNS too...apps use DNS to connect to their servers. DNS is used by basically everything internet connected, not just websites.
Yes, and EVERYTHING you buy from stream you buy from the same domain. Everything you buy from Amazon, you buy from the same domain.
Can you explain to me how a DNS filter knows if the user visits reddit for example to read gaming news or watch porn?
Children of the age they're trying to protect are children that probably shouldn't be on reddit
What about Steam, Amazon, ....?
Those services can either be blocked outright or use the parental controls provided by those services. None of this justifies big brother style government over reach. Additionally to me, the kids you need to protect are the really young ones. Teens ideally shouldn't be browsing adult content but it's far less damaging to them than young kids. And young kids don't need steam or unrestricted Netflix etc. They're also far less skilled at bypassing this stuff.
So, parental controls now how much exactly if the person using it is the patent?
And again, you didn't read anything about the EUID project. I know this because the data protection rules for the EUID are fucking insane. The reason why the project in question (age verification) exists, so user can verify their age WITHOUT providing any details about who they are to online services
It is unbelievable, no glue about what this piece of software is who wrote it, for what, what are the legal grounds, but spitting bullshit, yes nice!
I will write a more detailed post about the whole issue, where things must be changed, how, and the impact and false assumptions.
But I will end this conversation here, because it just makes no sense. You lack the knowledge to provide anything useful to such a discussion
This meeds to be put on a large sheet and be put on any large building we find, in my opinion. People need to wake the fuck up. There are easy solutions! We don’t have to force our beliefs onto our neighbours.
Not only countries have right to be sovereign, this counts for families as well. Family should be able to decide their rules on their own and rise their children how they want, in my opinion.
Of course, a kid should be told somehow, how to get help, if their parameters are monsters.
Well – there are more age levels than that, but yes, I agree.
Government mandated enshitification, yay
So, let me summarize this, maybe i miss something:
a) This is a Module/Reference Implementation not the finished app b) It is in the earliest stages of development c) it is opensource, someone could provide alternate means for device/app verification via MR d) There is no mention about "THIS IS THE ONLY WAY WE WILL DO IT", that part is a straight out lie!
Nothing prevents nations to implement other verification methods the googles API.
So, what are we raging about here? People insulting developers for doing their work? People using an issue tracker like twitter? People, that do not read properly?
Yes, the italian implementation already is tied to google, and there should be some push back, but that is NOT the fault of this project.
uhm alternate roms are mostly without play services... sweet its OSS but doesnt change anything. play services is still used as backend.
Again, this is not an official app. It is a reference implementation.
You can not, and will never be able to, download this app from the App store.
who is talking about app... don't you get it? grapheneOS etc MUST then have google play services installed for it to be implemented! It excludes other systems without this services! But it is one of the reasons to switch to custom roms to get away from it!
Why must they have installed that? For what if there is no app?
Google is making it more difficult for custom roms with newer Android versions anyway, so something like this comes just in time. As if Google will now implement an extra api so that it could communicate with it without installed play services... the websites will communicate with the play services servers and on cell phones the play services will then have prerequisites and also communicate with the servers. there will certainly also be a check between OS and browser/website.
at the end of the day, it's about comprehensive full surveillance, and custom roms etc. are a thorn in europe's side. chat control can also be put on the agenda... possibly as early as October.
Like what? Dude! There is no app you're can install, so there's no requirement for Google APIs.
I think you have no idea what you are talking about, what the issue is, and why the scope of the project matters.
Let me try to summarize this:
EU policies require the ability to verify COUNTRY SPECIFIC implementations to be verifiable. The reference implementation linked above uses a Google API for it.
Countries, that implement the actual apps are free to offer other verification methods then the Google API.
Italy has an app currently, and this app requires this stupid Google API, yes, but that is not the above project.
The websites will never communicate with the play services! They communicate with the APIs of the authorities issuing the state ID's. The App must be verifiable to protect the user! We have a state ID app in Germany. It is open source and I compiled it for my Linux desktop and graphene OS based phones. Guess what, yeah, it works.
What many are missing here: the purpose of the verification and the actual authentication workflow.
Also, let me just cite the readme of the project:
This is an initial version of the software, developed solely for the purpose of demonstrating the business flow of the solution. It is not intended for production use, and does not yet include the full set of functional, security, or integration features required for a live deployment.
But we are all going crazy because some minimal example code relays on Google APIs ....
Please stop pushing such utterly wrong and confusing bullshit.
I know this issue, yes? And now?
Just keep believing in the good in people among politicians... even if it is foreseeable where they are heading
Wtf are you now talking about? The politicians already defined the digital rights act.
And politicians don't write software.
yes, many things would have been impossible half a year or a year ago... maybe you haven't noticed that vpn bans are already an issue... chat control is also a hot topic again, as is the problem of encryption... of course the politicians don't write it themselves, but they don't need it either... but they are so damn extremely naive that it is an extremely dangerous naivety that doesn't even realize that democracy is currently under attack.
You are absolutely right about end-to-end encryption and VPN. Essentially everything that has to do work law enforcement.
End we should focus on those topics. They are political issues and have lasting consequences. That a reference implementation will require Google APIs in the future is not an issue worth rageing about beyond "That is a bad example and violates EU law".
there is just an extremely high probability that they will adapt to the extent that customroms are definitely excluded, because they are even more of a thorn in their side. they would be happy if, for example, grapheneOS was no longer an issue or hardened Android variants. root etc. should be just as problematic for them, so you can be sure that unlocked bootloaders will be excluded sooner or later. salami tactics
I miss when elected government officials were supposed to represent the wants of the population, and not the wants of the highest bidder
Guess I live somewhere in Asia according to my VPN from now on. Fuck this shit.
cause nobody ever bypassed play integrity
V.P.N.
DSGVO etc? Who cares... 🤢🤮
edit: "Who cares" from the point of view of the EU, because the EU itself is once again ignoring the DSGVO with this solution.
Read the ducking docs
The Age Verification (AV) android app is part of the Age Verification Solution Toolbox and serves as a component that can be used by memberstates, if necessary, to develop a national solution and build upon the building blocks of the toolbox. [...] This is an initial version of the software, developed solely for the purpose of demonstrating the business flow of the solution. It is not intended for production use, and does not yet include the full set of functional, security, or integration features required for a live deployment.