EU parliament accepted a last minute amendment, mandating age verification for pornographic (whatever that is) content online, punishable with up to one year prison sentence.
This was rolled into a directive concerning CSAM. Because adults accessing porn need to be de-anonymised to avoid child exploitation?
It’s already questionable if it becomes a law, due to several security and privacy concerns. It will be a search of tecnical solutions which respect the EU privacy law, which isn’t so easy, wil say, it will not be in near dates until it is generally implrmented, depending also on each country. We’ll see. I asked Andi:
The European Commission is developing an age verification app, set to launch in July 2025, that will allow EU users to prove they are old enough to access age-restricted online content without revealing personal information[1][2]. The app, known as the “mini-wallet,” is built on the same technical specifications as the European Digital Identity Wallets planned for 2026[3].
Key features of the age verification solution include:
- Privacy-preserving verification using Zero Knowledge Proofs (though implementation remains optional)[1:1]
- Four verification methods: national eID schemes, physical ID cards, institutional verification (banks/notaries), and third-party apps[1:2]
- Open-source implementation with customization options for Member States[4]
- Integration with the EU Digital Identity Wallet framework[3:1]
However, critics highlight potential accessibility issues, noting that marginalized groups like refugees, unhoused people, and those without government IDs may be excluded[1:3]. The Electronic Frontier Foundation also warns about privacy risks and the need for stronger regulations on which services can request age verification[1:4].
The initiative supports compliance with the Digital Services Act, which requires online platforms to implement robust age verification policies[2:1]. The Commission has already begun enforcement, launching investigations into four adult content websites in May 2025 over inadequate age verification measures[5].
EFF - Age Verification in the European Union: The Commission’s Age Verification App ↩︎ ↩︎ ↩︎ ↩︎ ↩︎
European Commission - Call for tenders: Development, consultancy and support for an age verification solution ↩︎ ↩︎
European Commission - The EU approach to age verification ↩︎ ↩︎
PYMNTS - EU to Launch Age Verification App for Online Use in July ↩︎
SEX. Guys I did it, now Lemmy needs age verification.
Yes, put your webcam on, say your full name and hold up your ID card and the Newspaper from today, please.
Come on, they would never say “please”. It would be more like “OR ELSE!”
I’m sure the csam websites easily findable on twitter will fully adhere to this.
Reading the attached article, this seems to be a directive, rather than a law. We don’t know what shape the law will take, or whether it will actually be implemented… No?
Please correct me if I’m wrong. Not too familiar with this stuff.
There’s still time to push back, I would guess.
Yes it’s a directive. Currently it passed the EU commission (it’s their proposal) and parliament. It still needs to pass council.
After that, each member country of the EU must implement it in their respective country laws.
see, i told you guys they were gonna do it.
“The Federation of Catholic Family Association in Europe (FAFCE) welcomes the decision of the European Parliament”
Of course, it’s the Catholics, protecting the children from sexual exploitation. HM
They’re telling us something. That is, that they own us. Anybody ever heard of the Papal Bull, “Unum Sanctum”? It also shows that they essentially want people to revere and obey the Pope, which is the Mark of the Beast.
You’re acting like you’ve never heard of monopolies before.
nah, they are just the excuse.
No shit, but still, why would the Catholics opinion matter?
They are mocking us.
Catholic churcu is the largest and most well known pedophile organization in history. They got caught and they got away. They raped children and likely still doinngit.
Now they can make these snide comments to adults trying to jerk off and feel morally superior about it.
I guess peasants accept it, why should elites rape children and reduce your freedoms and privacy.
They’re experts on violating other’s (sexual) freedom.
it doesn’t, not in this case. they are just the excuse.
Are any VPN providers publicly traded?
It’ll have to be a VPN provider outside of the EU.
So basically a Swiss (PrivadoVPN, ProtonVPN), American (Hotspot Shield, IPVanish) Canadian (Tunnelbear, Windscribe), British (PureVPN), Israeli (ExpressVPN, PIA) one.
Not a lot of great options outside the EU. Canada and Britain have age verification laws, America and Israel cannot be trusted, and the Swiss government is constantly threatening to take steps against privacy.
I was thinking asian/middle east, ideally a place that does not care for US/EU
I’m not so sure about using a middle-eastern VPN to watch porn.
Why’s that?
The middle east doesn’t look at all kindly on it.
Yet theyre not a surveillance state to the same extend as the EU. So overall better I think.
Are there any issues with a system where the website in question (let’s say, a porn site) doesn’t get your ID, but just a confirmation from your government that yes, you are of age?
It has a name but I can’t find it right now.But it would protect your privacy from their website you’re visiting, and the website can uphold the rules.It’s called double blind: https://www.biometricupdate.com/202504/double-blind-age-assurance-requirement-for-porn-sites-takes-effect-in-france
France is getting harder on online porn.
😏
No way I’d trust the government to just throw away that information.
The same government that last minuted attached this amendment to an unrelated directive asks you to trust them with your most private information. 🙄
Alternatively you could provide them with a genitalia pic (which they need to discard in limited time) and they verify your age that way or something (it’s a joke, don’t shit on me for it). How the fuck is age verification anonymous? Either the site gets your ID or the government issues a confirmation, which puts you on the porn viewer list.
It can be done with zero knowledge proof…it probably won’t, but it could be.
a digital wallet with ZKP could resolve ‘are you old enough?’ without the query ever needing to leave your device.
without a digital wallet, it could be done with fully homomorphic encryption.
both of these would be innovations which i feel require guided development. innovation counter to the goal of the legislation, which is surveillance. innovation driven by the self-proclaimed purpose of ‘protecting children’; innovation driven by the impetus to make it harder for people to masturbate.
since the general attitude right now has been ‘require agegates and just leave it up to The Market™’, then the solution in practise will probably be a private third party that brokers this information, probably with a natural monopoly, that will charge exorbitantly for their API, have Google Analytics running on every page, leaks like a sieve, leaves logs everywhere, and will probably get caught selling data, which will incur a one-time fee equal to 80% the size of the company’s rainy day fund, and maybe the CEO will be asked to step down, shielding the rest of the C-suite from consequences (and allowing them to just do it again). they’ll work closely with law enforcement, they’ll be breached in the first year, and probably have a huge leak 4 years later.
in that time, due to real changes in the law or jurisprudence, or companies just ‘playing it safe’, age verification will come to encompass queer identity, sexual education and health, war coverage, counterculture and even history. more online regulation just means more barriers to entry which means a larger monopoly for multinational corporations.
i think there are better uses for this technology than controlling pornography.
Either the site gets your ID or the government issues a confirmation, which puts you on the porn viewer list.
I believe the idea (in an ideal world) is that Website A requests data from Service B, which then asks about you to government C. So Government C doesn’t know what you’re asking about, and the Website A doesn’t know who you are. That does mean Service B would have to be trusted / vetted, which might relocate the problem but it would be easier to verify (FOSS for example) than trusting your government to not put you on a list.
There’s no need for the middleman in this scheme. Instead, a much simpler solution would be:
- Website A gives you a randomly generated
$TOKEN
- You go to Government and ask it to sign something like
The person with $TOKEN is of legal age
. You have to provide your ID or whatever here, but the government doesn’t know who made the token. - You go back to website A, it checks the signature of the message and lets you through
This can be automated in some way; maybe with a browser extension or some referrer-less redirect sort of thing.
It’s still fundamentally shitty though, because now the government pretty much knows that you want to watch adult stuff, it just doesn’t know which adult stuff exactly.
A better (but almost impossible to implement) solution would be for the government to issue everyone a smartcard as an identity document (many countries already do, but without the following features). On that smartcard is a private key, with the corresponding public key signed by the government. The smartcard can then sign any
$TOKEN
with true statements about you, e.g.The person with $TOKEN is of legal age
, orThe person with $TOKEN is called $NAME
, orThe person with $TOKEN has a driving license
, etc. You have to connect it to your computer in some way so the website can talk to it, but it should be trivially doable with almost any modern smartphone. This way, everyone has the ability to attest stuff about them without the government being directly involved.The reason this won’t work is because it would be quite expensive to do and would take a long while to implement.
- Website A gives you a randomly generated
the problem is that people are being verifiably linked to their ‘adult’ preferences. this is data that is being generated, in bad faith, and handled by multiple parties. your legal identity should not need to be tied to this information. this information can be used against you both now and in the future.
we’ve already seen in the US where there is a push for information about gender and basic sexual education being labelled as ‘adult’. when i was in school, information about countries like Cuba, Afghanistan or China was considered ‘too mature’ (or marked as ‘terrorism-related’ by the school firewall) for children; i could see this thus extending to require age verification before you can access ‘subversive’ information, on the basis of ‘protecting children’ from ‘political extremism’.
Double blind means that the age provider doesn’t know why your age is requested, and the service (website) doesn’t know you, they only know that the age provider says “yes” or “no”.
How does one “follow the tokens” then?
How does one “follow the tokens” then?
Assuming it’s based on this EU prototype:
They don’t know why it was requested, but do know who, where and when.
So they gather the logs of A, the token provider. Is the target present? They have his token. They also see where and when the token was used. Did you have a fun time yesterday evening, on your phone at home, on websites B, C and D?
Next up, if they want even more detail, gather the logs of B, look for the token.
the provider knows who’s asking because of the IP address and API key of the requester. if it uses a form with a redirect, they even know your IP and what page you were on, tied to your legal identity. if the provider makes any API requests to a government registry, now that knows the when, the how, and (categorically) the what. short of a statement of ‘no logs’ and an audit to confirm as such, there is definitely logs. hackers love this information. data brokers love this information.
the problem is not the service knowing. it’s anyone knowing. the provider deänonymised you the moment you gave your id. the precise implementation details are important here.
Yes. Anyone that can request both the logs of this third party and the website fully deanonymises the users.
Who could have this access? The same people that last minute added this amendment to unrelated legislation.
I just can‘t wrap my head around, how on one hand the EU is protecting its citizen with strong consumer protection laws, strong data security laws and overall mostly good and logical decitions and on the other hand there is this…
In the book The Every Dave Eggers they clearly describe this conception…
I think the overarching theme is that the EU wants more and more power and control.
In the case you describe: it’s by taking away freedom from the US tech giants. In the case of this law, it’s by taking away freedom from their citizens.
Less agency and freedom for others, more control for and subjugation to them, fits as motivation for both.
I think the joining theme is that the EU wants more and more power and control.
Ofc. People who push this are in composition 10% moral crusaders and 90% those afraid for their own power and status quo in the coming years. With these pushes toward age verification and message scanning; It’s not just they want to scan everything and watch everybody, they want to test the waters and people to to think they are always being watched and self censor and not do anything against powers that be. They know better than anybody how shaky things have gotten in Europe and how unpopular they really are. It’s pure attempt at population control.
The only problem is that with current people in power they really can’t help themselves, but to make things worse for the average people. So the fire will rise anyway.
The incumbents in EU commission are very scared as politicians from outside the traditional political families are getting popular votes. And instead of looking into to mirror as to why that is happening, they blame “the internet” and go authoritarian.
Thus creating the machinery for mass surveillance and supression.
That’s just how power works. It is up to the working people to keep the regime in check but it seems boomers abdicated their duty and we are now facing consequences of it.
We don’t have any infrastructure to fight back in any meaningful pay. The best tool left is direct action but the normie is too docile to change his consumption habits. God forbid he has to do something