> Desktop support is not currently within the project's scope.
What I would like to take from this is that, by their own definition, desktop apps are out of scope for Age Verification. So does that mean we will see a return of the 'desktop applications' instead of everything being a web service ?
One can dream perhaps. Until then adults who are willing to 'do what they're told' will be the ones who are inconvenienced by this constantly.
Edit: Also this will completely disable any new phone OS' being developed. Why would anyone bother when you can't verify your wallet to do anything online.
No. It's still required by law, which means that your desktop application will require some interaction with your smartphone.
One day, there will be a knock on your door.
"Good morning, this is the police. Is there something wrong with your phone? Is your phone broken? Can we provide you with a charge?"
"No, I must have turned it off accidentally."
"Can we assist you with an upgrade? The newer models don't have power buttons."
If the actual implementations do copy the dependency on Play Integrity and other such APIs, that does become a problem (getting past that is a major annoyance on amd64 computers because there are so few real amd64 Android devices that can be spoofed).
However, the law regarding these apps specifically states that the use of this app must be optional. I'm not sure websites and services will implement other solutions, but in theory you should not need a phone unless you want the convenience and privacy factor of app verification. I expect alternatives (such as 1 cent payments with credit cards in your name) to stick around, at least until we get a better idea about how this thing will work out in practice.
Why wouldn't that be sufficient?
It sucks, yes, but that's probably how these people think.
the main reason is that this is not a reference implementations or "this is the app everyone must use" case but a "to see what is technical possible/practical" "research/POV" project
this also makes the "EU age verification app" title quite misleading
I mean, otherwise would be like not being bound to speed limits if you don't have a speedometer.
The biggest issue is that the attestation hardware and the application client is the same device with the same manufacturer, who also happens to have a slight conflict of interest between monetizing customers and preserving any sort of privacy.
IMHO the pro-attestation forces are so overwhelming that we should all cherish the moment while we have anything open left.
That seems completely contrary to the spirit of EU laws and regulations, which tend to be about protecting the consumer, preventing monopolies, ensuring people can generally live their lives where all things that are mandatory are owned and ran by the state and foster a certain degree of EU independence, with a recent focus on "digital sovereignty".
This one is a five for one against all of those goals? Harms the customer (you could see this as the polar opposite of GDPR), strengthens entrenched monopolies, force citizens to be serfs of one of two private corporations in order to access information, and on top of that, like it wasn't enough, willingly capitulates to the US as the arbitrates of who is a valid person or not.
This is so against the spirit of the EU itself that it would almost be funny if people weren't serious.
Because the EU doesn't actually care about privacy, otherwise they wouldn't be trying to do this and ChatControl. They care about being the main ones to spy on you, and maybe using fines as additional "taxes" on rich foreign companies. That's it.
CoPilot+ PCs even require the same security chip as XBox and Azure Sphere IoT board (Pluton), in addition to TPM 2.0.
https://learn.microsoft.com/en-us/windows/security/hardware-...
It’s not the sole reason, but it’s a solid one.
From USBC to ad supported business models, the EU has fairly tight control over how products are designed and monetized, in a way that I don’t think can be described as a pure market economy.
Note that I’m NOT saying their level of centralized control and government specification of product requirements is bad. It’s a legit trade off and there are arguments that some or all of it is enlightened. But it’s certainly not a place where you just build your product and ship it and let the market decide.
Market economies are contrasted with planned economies, i.e. how prices are determined and production allocated, and the EU most decidedly is not that.
If they accept us, of course. Not everyone is Snowden.
Russia is a one way step ahead here, with mandatory pre-installed apps, full-scale internet censorship (still catching up with China, though), mandatory DPI, etc.
And what gets me is that it's not just 'you need a phone', it's 'you need a Google or Apple account'.
not your linux phone with waydroid or fairphone with lineageos
In anycase we all know ways of bypassing this age verification will be found, probably by the kids themselves. But all this will do is enable US big tech, killing the very EU based companies the EU has been crying about for years.
Meta, Twitter, Google and M/S could not have created a better law to protect them then this law.
This has always been a "best effort" initiative that is unlikely to stop "dedicated" users.
What happens if something goes wrong and you have to rely on contacting a human in Google of all places? Sorry, you have a copyright strike on your YouTube account, now you can't file taxes! Hopefully you have enough followers on Twitter than you can get them to pay attention.
- Recital 71, which vaguely suggests minors' privacy and security should be extra-protected, but says that services shouldn't process extra personal data to identify them.
- Article 28, which says that platforms should provide a high level of "privacy, safety, and security of minors", again without processing extra personal data to identify them. It also says that the Commision may "issue guidelines", but says nothing suggesting age verification should be implemented.
- Article 35, which says that "large online platforms" should maybe implement age verification.
Furthermore, recital 57 says that the regulations for online platforms shouldn't apply to micro/small enterprises (which has a definition somewhere). All together, I don't see anything suggesting that anyone but the largest online services is being forced to implement age verification right now.
Judging by various posts by the Commision I've seen online, they're certainly pushing for the situation to be seen this way, but de iure, that's currently not happening.
EDIT: I found the guidelines mentioned [0], and a nice commentary on the age verification parts [1].
[0]: https://digital-strategy.ec.europa.eu/en/library/commission-... [1]: https://dsa-observatory.eu/2025/07/31/do-the-dsa-guidelines-...
- this project is just one implementation (POC if you want) - they simply state the current scope of the project
For anyone sane managing projects it makes sense to correctly allocate resources that would cover the most people.
and to all those whining butthurt individuals here - reality check is that it's way more probable that someone has and uses a smartphone than a computer. go out of your tiny bubbles...
emigre•52m ago
nicce•44m ago
throw834920•40m ago
See: https://news.ycombinator.com/item?id=44704645