European "age verification" "app" forcing everyone to use Android or iOS
github.com572 points by roundabout-host 3 days ago
572 points by roundabout-host 3 days ago
This is the elephant in the room regarding the big "digital sovereignty" talks in the EU. For the moment in the EU institutions the focus is mostly at the post-acceptance stage that everything must eventually migrate off US clouds. There is still some denial and hope that things will go back to "before" because it's going to be extremely costly to migrate, but at least high level EU civil servants start to see the strategic value of moving out.
However there is ZERO talk about mobile platforms... No alternative solution like linux for the desktop, no money or care given to the few alternative that tentatively exist, and zero talk about forcing companies (at least for the ones shipping android phones) to open up their firmwares and allow users to install alternative OS if they want to sell in the EU.
So whilst the backend guys more or less got the memo about sovereignty, I think there is still a lot of educational work to do regarding end user devices and what kind of digital slavery hole we're digging ourselves in...
"zero talk about forcing companies (at least for the ones shipping android phones) to open up their firmwares and allow users to install alternative OS if they want to sell in the EU."
Complete public datasheets on how to program the hardware should be a requirement fit a DMA2.0.
This is not entirely true. I don't have much details but I know people who started to work on two separate free software projects aiming to make supported mobile OS. These projects couldn't get funding before but they do now. Afaik it's still a battle with AI companies lobbying that soverign AI is much more important than mobile OS but there is some growing interest. Imho i don't even think some linux based alternative to Android would be that hard to pull off but it's the hw companies that will be skeptical to build hw for such OS. I would have to be some govs puahing it as secure gov devices first.
Which is all well and good, but who is going to use those projects if the law requires them to use Android or iOS for age verification?
"The law" requires no such thing and there's nothing preventing those new OSes form providing proper security signals.
But is DOES require work - and it's much easier to complain than to put in work.
> "The law" requires no such thing
It requires age verification and provides code whose development was subsidized by the government, which third parties the user doesn't control will use, that creates a dependency on those platforms.
> there's nothing preventing those new OSes form providing proper security signals.
A network effect, far from being nothing, is a barrier the height of a mountain.
The purpose of attestation is to lock out competing platforms. It security value is a joke. Devices pass attestation with known vulnerabilities and fail it for being competitors, even if the competitors have better security.
Offering to make attestations nobody accepts is a farce. The problem to be solved is how to run existing software that was originally written for other platforms when the new platform is new and doesn't have enough users for third party developers to specifically target it, which is the exact thing that can't do. And without that it can't get enough users for third party developers to specifically target it.
> The purpose of attestation is to lock out competing platforms. It security value is a joke.
This is kind of your... opinion man.
In reality pretty much all security sensitive applications require attestation from their side.
And what security value does that provide, when millions of attestation-passing devices have public unpatched LPE vulnerabilities? Anyone can get one and run arbitrary code on it as root. It's completely worthless for actual security. Worse, it does the opposite, because a newer third party ROM that patches those vulnerabilities would fail attestation, preventing honest users from updating their device and thereby leaving them vulnerable.
What it does do is require you to get one of those devices instead of a competing device or OS, thereby locking out competitors but not attackers.
It requires a government-authorised "age verification" "app", but it does not require that it is accessible through standard protocols, so that it can work on any platform. In practice, the governments will only make it available for Android and iOS. Plus, you cannot have a free OS providing "attestation"; "attestation" is incompatible with root access and modifying the OS.
Yes, it is much easier to ignore the unelected bureaucrats than to jump through their ridiculous hoops.
See, you’re just saying what they’re saying, but with emotive, thought-terminating language. Again, it’s easier to complain. Have you been living under a rock for your entire life? Have never ever been involved in a decision being made about certain “blessed” vendors, and the decision is being made for legitimate technical reasons, not “ridiculous” ones.
If you’re the sort of person that’s unable to distinguish between something that’s legitimately unjustifiable/ridiculous, and something that just upsets you, then you do you, but don’t bring this here pretending that it suffices as a discussion, because it doesn’t.
I think the asumption being if there is gov backed mobile OS govs would also support their app ecosystem there. That's kinda the point of funding alternative free mobile OS?
They could try and put money into funding Jolla/sailfish/whatever
That wont help anything. Then you are just force to use Android, iOS, or Sailfish. It need to be a platform agnostic thing, else you're just hitching the fulcrum of civil society on private company.
Exactly. The app is only inclusive if it is accessible over a standard protocol (Web) without "attestation", so that it works for any platform. If I release a GNU/Linux distribution tomorrow, I should be able to use the app on it with only some work on my part.
I don't disagree, but the eu needs their own mobile OS alternative in general so if they absolutely need to rely on a private company, it isn't an american one
This doesn't follow. Why is public infrastructure no longer a possibility as soon as computers get involved? We aren't talking about cutting edge innovation here anymore, mobile phones are boring standard devices.
It is a possibility, just not one I see as likely to happen. Could the EU fund a public phone company? Probably. Will it happen? Most likely not
Because this is all a political move. This so-called "EU sovereignty" drive is in fact aimed at further reducing sovereignty of the member states via further transfer of power and control to the EU.
These digital ID wallets do exactly that. Member states lose control of the ID infrastructure, which will now be controlled by the EU. There isn't much sovereignty left at national level...
Each member state has to implement the system themselves. Where is the loss of control?
The US federal government has been doing that to the states for a while now. They don't have the constitutional authority to do something, so instead they shove a lever under something they nominally are allowed to do and tell the states "do the thing we're not allowed to, the way we tell you to, or else." Where the "or else" is something like, they collect billions of tax dollars from your constituents that you then can't use to provide them with services, and return them to only the states that bend the knee.
(The US constitution originally required federal taxes to be apportioned for exactly that reason.)
This isn't how EU works though (EU can actually directly order states arouns :P), so I'm not sure how that's relevant here?
That doesn't appear to be accurate:
https://citizens-initiative.europa.eu/faq-eu-competences-and...
Moreover, it's ignoring the context of the thread. The relevance is obviously that coercing someone to do something against their will and then saying they're still in charge because they're the ones doing it is a sham.
Can you highlight what part of that FAQ doesn't make it accurate? EU directives are a thing.
US federal laws are also a thing. In both cases, they're supposed to be limited to specific categories.
In the EU this appears to be classified into "exclusive", "shared" and "support" "competencies":
> the EU has competence to support, coordinate or supplement the actions of the Member States (article 6 TFEU) – in these areas, the EU may not adopt legally binding acts that require the Member States to harmonise their laws and regulations.
So for example, one of the areas in that category is industry.
The common trick to look out for in cases like that is that when they want to regulate something like "industry" they instead categorize the rules as something else, e.g. the US infamously regulates non-interstate non-commerce as "interstate commerce".
Please provide examples, because this sounds highly speculative, and also straight up incorrect!
A major example is the US drinking age. Federal highway funds, which provide money for interstate highways, major US routes, etc, are partially contingent on states (who are given authority over alcohol laws both by the general police power and the 21st Amendment) setting the minimum age for the legal purchase of alcohol at 21. The National Minimum Drinking Age Act withheld 10 percent of highway funds from states that didn't comply. The fact that it wasn't 100% let the Supreme Court allow it to slide, but eventually all the states did comply, and effectively the US has a drinking age set by the Federal government instead of the states even though the states technically have the power to set an age themselves.
The Federal government using the withholding of funds to get the states to do what it wants is a well-documented phenomenon.
As an obvious example, regulating education isn't one of the enumerated powers of the US federal government, but there are numerous -- often controversial (e.g. NCLB) -- federal laws that take tax revenue from every state's constituents and return it to the state only if they comply with federal requirements the federal government has no power to impose on its own.
Where is control in being mandated to implement and EU-wide, EU-defined system? This is a net loss.
My previous comment should be taken in its entirety. The loss of sovereignty of individual countries is comprehensive across all domains and this is just one brick in the wall.
This is nothing new, this is what "European integration" means. I wanted to point out the very newspeak-esque use of the term "sovereignty" in Europe at the moment.
The spec/design leaves a lot for the member states to decide on their own. You do understand how the EU and the member states roles work?
I would think the idea is to make services and ID documents more uniform across the union. I don’t see what the individual members state lose here? Apart from the cost of implementation. The individual EU citizen would seem to benefit from standardized documents accepted by all companies and governments, do you disagree?
This is totally not the EU version of China's social credit score system and WeChat SSO system.
It will totally not be used to sanction you the moment you become a nuisance to the EU elites by saying "wrong speech" that goes against their mandated doctrine or pointing out their acts of corruption or dismantling of democracy.
The EU building in Brussels even has the word "DEMOCRACY" plastered on the front in large bold letters[1], in case you forgot.
[1] https://audiovisual.ec.europa.eu/en/media/photo/P-069521
10000 basis points agree.
Add here shared border control since 2027 in eu, and chat control now.
And prominent names like democratic republics of Kongo and North Korea.
The sovereignty thing is a theater. Many french unis use Google cloud because they're broke and can't maintain in-house services, and none gives a damn.
"This is the elephant in the room regarding the big "digital sovereignty" talks in the EU"
The elephant in the room is that it is just talk, as always in case of EU.
Isn't AOSP a thing?
This app requires Google Play. AOSP alone won't cut it.
In fact, it requires attestation: even if you install Google Play on some Android in an emulator/container/VM, on an alternative Android distro or in a rooted device, the app will not accept it.
Wth. Does it at least have the decency to use aosp attestation? Or are they just happy to give the keys to the kingdom to Google and require Play Protect?
How would you "use AOSP attestation"?
The point is that the signatures are compared against a database of certified builds - and that exists on Google servers.
If you want AOSP attestation, you need to build your own database to compare against.
https://grapheneos.org/articles/attestation-compatibility-gu...
It exists on Google's servers for lock in reasons alone.
GrapheneOS guy went on a very extensive rant on Mastodon when someone wanted to create an independent, European, list that could be used by apps to verify attestation. They want apps to hardcode theirs specifically.
Which makes sense for them - after all, that makes their competitors break and their ROM doens't.
Even with the "independent European" list, you would still be unable to use a custom OS not in it.
Even if they did that, it would not be OK. Free software is no longer free if it has to be on a list.
Writings on the wall can’t be clearer on AOSP’s future…
It is true that Google (de facto) controls the platform and made themselves (de facto) essential to utilizing the platform by integrating their proprietary services so deeply into the OS that you need to be a behemoth of Samsungs caliber to even attempt to meaningfully re-purpose the AOSP, and this was a brilliant strategy because it has allowed Google to solidify their spot in the duopoly / oligarchy while seeming "open". But. I do believe that Google will continue to publish the AOSP source code under a permissive license and that this code will be indispensible to a European Manhattan project for tech sovereignty, should policymakers ever see the light.
Have to throw in this 13 year old Ars Technica article as a follow up:
https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on...
Still amazes me how everyone isn't cynical-by-default about anything Google (or big tech in general) open-sources yet...
Yes, I remember feeling that way in 1995-2005 about Microsoft. Imagine my surprise to learn that people still to this day trust and believe in Microsoft.
You mean giving China control over it?
(because you still need the hardware made, and it's not like the EU commission is even prepared to fix BSPs for that hardware)
The EU has endlessly sold critical infrastructure to US, India and China while actively sabotaging efforts to rebuild it and now want it back - for free. This is criticized as having a low chance of success, as well as being a pretty unreasonable demand.
TIL Google is China
You misunderstand, my point is that Non-Google Android is Chinese. Which it obviously is.
Mobile is the UI/UX equivalent of… I don’t even know… a moon landing? A wonder of the world?
I’m not saying it can’t be duplicated. I’m saying if you want to build a mobile platform you need to approach it with appropriate respect for the incredible difficulty of making something that usable.
Indeed. Power management alone is a massive research area with never-ending complexity across a bunch of domains. And nailing the ecosystem correctly is very hard (both devices and software). Security is another bottomless pit of research and improvement. When trillion-dollar companies like Amazon and Microsoft ceded mobile to Google and Apple, it was a good demonstration of how hard a successful mobile platform is to get off the ground.
Nah that's complete bull. It's been a solved problem since Android 2.0.
The only thing they're improving on mobile these days are addictiveness and data collection.
There are experimental mobile platforms, and they work fine. They won't appeal to the mass-market but there's really no reason to disallow them.
Ok we get new HN articles every week now about migrating to EU solutions and digital sovereignty. At this point EU should just do as China, please: have EU their own cloud providers, softwares, hardwares, phones and also its own closed-EU only mini-internet barrier by a big EU digital policy border. Just like China, NKorea and Russia. They would be finally at peace with themselves.
Don't fall for the trap. The question isn't how we should technically force age verification on anybody. The question is why they're pushing it onto everyone. I did not consent to this, neither did you.
But it is needed to protect the children. The politicians say so, so it has to be true. Being against this is very dangerous to our children and democracy. There is no alternative.
Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all. The threat this measure poses to the internet and society is significant, yet it is being pushed through without any substantial debate or push back. This just is not how decent and actual democracies should function. What messed up timeline is this?
> The politicians say so, so it has to be true.
The Politician's Syllogism (or Fallacy) [0]:
1. We must do something.
2. This is something.
3. Therefore, we must do this.
Children die from wrongly-prepared food, thus we should only allow people to eat at McDonald's from now on! /s
When they run out of other rights to destroy, they will pipe videos of little girls crying from food poisoning into your e-verified telescreen during ChildSafe^TM viewing hours, and the result will be that you will get to choose between two state approved restaurants thereafter.
> Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all.
That's where you're wrong. Most people actually do agree with age verification. Just because a decision is stupid it doesn't mean it's undemocratic. Trump was elected democratically, twice. Brexit passed through a referendum.
Most people are in favor of solving world hunger, poverty, the wars and climate change. Until you hand them the bill. Likewise most people will not agree with age verification when actually implemented.
It requires reason to understand the consequences of your decisions. Reason is something democracies have a shortage of. Thus, democracies structurally suffer from issues like this.
It worked great for the last several hundred years. The problem is that as government keeps expanding to control more and more of our lives, every decision it makes it necessarily imposes on everyone, whether they agree with that decision or not.
E.g. In a country of 100M people, if 60% agree with a bill and it becomes law, the country has imposed that law on 40M people against their will. That's just as true in a dictatorship as it is in a democracy. The more areas of our lives government involves itself in, the bigger this problem becomes.
Whether it's federal, state, or local, you're going to see laws imposed on the 40% of people who don't agree with it. From what I've seen it's the federal legislature that is interested in protecting my rights and the state and local legislatures that want to infringe on my rights. The governments we are under have never been particularly hands off.
> It worked great for the last several hundred years.
No, it did not.
> E.g. In a country of 100M people, if 60% agree with a bill and it becomes law
That's not how that law was adopted.
This doesn't make it untrue, instead it just confirms it (I know you didn't say or mean to disprove it, just wanted to add my thoughts here).
People make dumb decisions and don't think about possible outcomes twice, or even once. But (unfortunately, in this case) this is a core principle in a democracy. People may be lied to, or at least they are fearmongered into thinking that age verification is needed and encryption needs to be weakened because they thing they have nothing to hide, but if in the end they elect the people that are pro-age-verification, it's perfectly democratic.
IMO the media (including, most importantly, social media) is the problem, not the politicians and/or the democracy or whatever. They all play their part, sure, but it's how people are influenced by the current state of media what's driving all these populistic forces.
Maybe it depends on how you frame it.
> Social media is destroying children's brains! Do you want access to be delayed until a certain age?
> Do you want children under a certain age to be banned from social media, which means that you will now have to give your ID, only with Android or iOS?
> only with Android or iOS
99% of people understand this as "you need a smartphone" which is not a problem in 2026, even for the elderly.
Imagine if the requirements were instead "You need to have a phone with an OS controlled by Huawei"... do you see the issue there?
Maybe 99% of people have surrendered to Google/Apple (include me there), but the 1% has a valid point...
Indeed, it is just as unfair no matter if 1%, 55% or 99.99% of the affected population has one. Your operating system should be a choice.
1. By doing this, the EU is killing any alternative operating systems for phones: no one will switch to one if they can't access online services. Banks are already making it extremely hard.
2. Google and Apple might be better regarded than Huawei, but they are not moral (or they are not guaranteed to remain so).
3. The very idea of a de facto state-enforced monopoly on operating systems is outrageous.
"only if you choose to share your personal data with either Google or Apple"?
I don't think it's going to be any more convincing with that. At this point anyone I encounter in "normal" life already assumes that I and everyone else has and primarily uses a Google or Apple account.
How is that different from having a banking app installed? Or a government ID app?
I have neither. Phones are too much of a security liability to be linked into such sensitive realms of personal life.
What you can do with the ID app, you can also do on paper (if not with a Web service), except "age verification".
Luckily, the EU's current structure was put to a referendum. That referendum then failed to get the votes needed, so they implemented it anyway. Much superior.
It's just like democracy. Without the "dem(b)" part. Much better now.
We have such warm feelings about it! What could possibly go wrong with doing such strong governance and extreme-right parties polling at record highs in more than half the EU countries? We have warm feelings now. Or maybe the warm feelings the result of 30 years of climate action in the EU. Luckily, the extreme right is hard at work defending our right to airconditioning!
Maybe we should protect the children and then they couldn't use the excuse
The scope of the things we already do to "protect the children" is tremendous. None of them have, will, or could prevent them from continuing to use it as an excuse for things that should never be done.
I mean, Facebook conducts genocides and we just, let it do that.
You seem to have jumped from "protecting children" to accusing them of an unrelated war crime for not censoring things aggressively enough.
On top of that, the relevant law they would have to comply with in those countries would be the laws of those countries, and those are the governments committing the genocides.
their parents won't protect them and everyone else has to pay for it. maybe they shouldn't have been allowed to have kids.
The governments won't protect them either. The governments are the ones enabling these corporations to exist and facilitate harm towards children. Maybe they shouldn't be allowed to have those corporations.
And then the moment the government does do something, "it's a totalitarian power grab!!!111"
They are doing something which is not a solution but can fake being a solution, so that the masses will accept it. An actual solution would be to regulate these social media, to prohibit addictive and manipulative algorithms.
Nothing could possibly go wrong with eugenics
The Idiocracy scenario we've stepped into isn't much better...
It is. It's far from good, but it's much better than eugenics.
Maybe OS vendors should stop trying to sell ads and instead fix their operating systems so that parents can responsibly monitor their children's online activity in a way that promotes both parental responsibility, and children's human rights ... but of course, that would require OS vendors to stop selling ads.
There’s a huge amount of stuff that the EU does that no one consented to, or had a realistic democratic avenue to influence.
I’m in the UK and very anti Brexit. But were we still in, I would have no idea how to influence what happens behind those closed doors at the European Commision.
Granted the current UK Labour/ Conservative pact on these issues show they’re completely out of control. But I still theoretically know how I could influence policy.
Theoretically, you vote for the Parliament, and they influence the Commission.
The Parliament and Courts keep the Commission in check, although their… misguided rule of majority is bound to allow some nonsense to pass. Especially since the Commission is, in my view, made up of people that do NOT want what the citizens do. You could argue they represent the majority of their specific countries, but even that is stretching things a bit given how many people actually vote.
So: the Parliament, the Courts (you can bring them issues), the European Citizens’ Initiative, and indirectly through your own country’s agencies (e.g. your local DPA).
It’s not that different from the high levels of indirection and bureaucracy in most democracies, I think. (Not that I’m defending the EU, there’s plenty to attack.)
> But I still theoretically know how I could influence policy.
I mean even in the EU there's theoretic ways to influence policy, it's just that the system is currently sabotaged and/or partly not strong enough to withstand politicians who want to actively work against it.
Not being for or against UK or Brexit, but I don't think this is a EU problem. These kinds of problems exist in all European democracies, at least this is what it feels like currently.
I and many others have been banned from Twitter for the last two weeks because of a new process[1]. I have to view all links in incognito tabs or hand over my biometric data to a trillionaire. Just don't use Twitter some may quip, well that would be a great group effort, but I can't do it alone.
[1] https://old.reddit.com/r/Twitter/comments/1uk6a98/lets_confi...
> The question is why they're pushing it onto everyone. I did not consent to this, neither did you.
The representatives elected by Europeans did though: 483 votes in favor, 92 against
I doubt those representatives gathered a sufficient mandate from their public given the huge consequence.
I’m no conspiracy theorist, but it does seem that there’s an international influence outweighing democracy.
Cui bono?
I think that's trying to see something that isn't there, just to try and make some sense out of things. The reality is much simpler - they are elected parlimentarians, same as any regional government, and they vote without much thought based on quick brief summary. System to protect the children? Sounds great, let's vote yes - anyone who doesn't is a pedo, right?
I'm sure there was some passive agreement involved, and probably some "politician's syllogism" too.
But the null hypothesis is that there is no new legislation to vote on. It must have come from somewhere!
I know this sounds bad, but when has consent mattered before? I agree with you wholeheartedly, but consent is simply not something these power structures value.
Some people consent to it, and they have a voice too. If they win and you didn't also consider the technical solution, you will find yourself not only with a law you disagree with, but also with a terrible technical solution.
So whatever you opinion is on the subject of forcing age verification, it is worth looking at the technical solution, especially if it is your domain of expertise.
They want to protect the children so that they can take them to the island
The halls of power are full of pedophiles. Why do you think they want to gather data on children?
Yes, I said it before and I will say it again: We should invest our energy in the discussion whether to implement it and not already wonder how to implement it.
Shifting this question benefits only those who want to force this upon us.
And what do "they" want? It's not like they don't already know your age, name, ID number or your browsing history
You will think twice before expressing your opinion in public.
Since you seem unfamiliar with the following, I will leave this here for your perusal:
Doesn't the "how to implement" determine whether to implement it? A poor implementation shouldn't be done, but a good implementation could make it simpler for companies to verify the ages of users, limit information passed to companies, offer a quality of life improvement for users.
The question is -- why they even need to verify ages of users. This is not decided, and my take is that they do not.
It's funny, concomittant all this chest beating about representing open societies, democracies, unlike those creepy evil authoritarian states which we don't like, that the EC seems hell bent on proving we can have a police state _just_ as intrusive if not more than say: Russia. This is not how we were supposed to prove that we are better.
> as intrusive if not more than say: Russia.
Ping me when people are physically tortured by police for facebook posts, because that's what happens there.
Does it have to be your exact example? https://www.ohchr.org/en/press-releases/2025/10/un-experts-u...
Many examples of prison for Facebook posts in the UK. Not bad enough?
It's bad, just not "We ArE LiTeRaLlY RuSsIa". But I guess it's the logical conclusion of the last few decades of critical thinking erosion and people not being able to form any kind of nuanced opinion
I love how "they" wanting to know your age is a big conspiracy, but zuck &co hiring the best behavioral and addictions scientists to get yours kids into doomscrolling brain rot as soon as possible is a fact of life and we shouldn't do anything about it
The solution is banning dark patterns at big tech companies, not banning privacy.
'They' are not pushing age verification onto everyone. 'We' are pushing it onto ourselves. People want this. It is popular all over the world. If 'they' are doing anything, it is subverting what people want into something else. Which is the worry here, as people asked for age verification but didn't ask to be locked into the mobile phone duopoly. The system people want for age verification could be implemented as Firefox plugin. If it requires these attestation services for binary blobs provided by the government, it includes features someone else wants.
I agree wholeheartedly with the argument raised in this github issue, but I think people are wrong to be skeptical about the concept of a government-issued age verification app.
Thing is, the status quo is absolutely worse. My 13yo son likes making Roblox games. Suddenly, some months ago, Roblox made a change where you’re not allowed to share your games with friends unless you do “age verification”, apparently in some misguided bid to beat the pedos. In Roblox’ case, this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
I’d much prefer a government supplied app, that’s guaranteed to protect my privacy, and has no business incentive to sell my data, where I can see what data about me (or my son) is shared with Roblox or whichever sleazy business wants it.
Obviously this only makes sense if the government is less sleazy than the average American tech business, but for all its faults, I think that currently holds for the EU (and most of its member countries). There’s plenty precedent of EU governments doing privacy-conscious apps right (the Dutch covid tracking app comes to mind).
I hope they see reason and fix this here issue.
Government issued versus corporate issued age verification is a false dichotomy. There are other options, such as refusing games that require them. (Yes, we do have a teen, and yes we did exactly that with Roblox.)
Pretending that those options are equal is a false dichotomy. Not participating is an option up to a point, and then it is increasingly limiting all other options.
[flagged]
We will see how optional it is to not participate in age verification when software used for interfacing with the world (such as bank apps or similar) require you to use age verification. On top of this, barring your children from apps requiring it is just going to socially isolate them from their peers.
The fact of the matter is that if we want companies to be accountable for the pedophiles on their platform, they simply have to enforce some privacy invasive policies.
Thats obviously fine to do but it is very much going to have consequences for some kids. My kids spend hours a week playing roblox with their IRL friends. 10 - 15 kids on a group call on speaker phone all logged into the same code laughing and yelling for a couple hours a night. If I was to suddenly tell them that they can't play those games with their friends it would have very real effects on their social life. My kids spend a ton of time outside with friends but to ignore that they also spend time gaming with them is not an option.
Self-hosting a minecraft server is still an option. And tons of customisability there and you aren't turning everything over to a centralised server.
but the other kids are playing roblox, not minecraft
And if the other kids were jumping off of bridges would you also want your kid to not miss out on that socialization?
If the other kids are jumping off bridges, I would have a great reason to tie my kid to the house. But this isn't that obvious to kids. They will be resentful, they will hate your guts. This will have lasting consequences to your relationship
But they aren't jumping off bridges are they? They are all having a good time playing together on Roblox. Are you honestly saying that playing on Roblox is as bad as mass suicide?
Sure except none of them are playing minecraft so its not really the same thing.
Me siting down and explaining how government or corp. issued age verification is bad is really not going to make him feel better about sitting alone in his room night after night while all of his friends are online having a good time.
Fwiw we did that with Roblox too, but I hate it because Roblox Studio was a pretty damn fun collaborative gamedev experience.
I mean his classmates argue with their parents about whether they can install TikTok (and most parents lose). Meanwhile I’m denying my son the right to make a game together with a friend. It’s so creative and so educative and I’m saying no to it. It sucks and I hate Roblox for making something so cool and then taking it away for such stupid reasons.
I’d happily pay a license fee or sth. But I’m not gonna let them scan my son’s face.
There's plenty of ways to make games outside of Roblox. Maybe they could sit down together and work through some Löve2D or Godot tutorials? No one can take that away arbitrarily
I think GP meant “collaboratively” as in collaborating online through the game itself. The same way you might e.g. collaborate on a Google Doc.
“Sit down together” might be impractical here, if GP’s child’s friends are e.g. friends they made before a move, who are thus quite far away physically. Or friends with snobby parents who won’t let them come over to GP’s house for whatever dumb reason. Or friends with extra-curriculars such that their free time never lines up with GP’s kid’s free time—meaning that only async collaboration will work.
(That’s just a steelman position, though; in general I agree.)
You are correct. And they do sit down together. Hours of ridiculous ideas flowing, and then when they go back home they can continue working on it. Or, well, they could until recently.
This thread is like me complaining Google face-scan-gated Google Docs and people are saying “he can just sit down with the friend and learn LaTeX together!” Yeah, no.
Neither multiplayer gamedevving nor multiplayer game playing are supported as well by either of these.
Fwiw he does Godot too. It’s fun, but it’s purely solo. Godot’s answer to collaboration is Git, which is a complete non-starter for a 13yo. Note, I don’t judge them for it, they compete with Unity, not with Roblox.
>There are other options, such as refusing games that require them.
How about the option of the state not being so tyrannical in meddling about what people anonymously do online in their free time?
This is generally my opinion, and goodness it's swung around quite a bit. This entire debate feels like it should be solved by adequate parental controls.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision. (Maybe a lab monitor that can roam the room and see screens?) And for homework, don't assume the kid has internet access, because that is the parent's choice, and they may well not. On the flip side, if the parent trusts their kid with that access, or intends for them to learn through real world experience, let them. That should not be the state's decision.
The problem of course is that this idea in my head is a pipe dream. Schools seem to be well onboard with digital coursework, presumably for efficiency reasons? Unclear. I'm not sure what a more practical middle ground actually looks like.
The California Digital Age Assurance Act is a law mandating adequate parental controls. And it's a great law that should be copied instead of doing the verification nonsense.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision.
Don't get me started. We try to restrict internet time, no Youtube (Shorts are poison/heroin), TikTok, etc. They go to primary school and there is a teacher that makes TikTok videos at school, they can play Roblox in breaks, etc. (Aside from this issue, the teachers are great though!)
There are only so many battles you can choose as a parent (not getting your kids photographed, put on Facebook, etc.).
In contrast to what the grandparent states, the government should unambiguously state: no smartphones, social media, and online games in primary school, period. That's the only way to make it work. Ironically, smartphones are forbidden in all high schools here.
I agree to prohibit them in schools, but at home it should be the family's decision.
You think most of the unsupervised internet time is happening at school? I mean, maybe it is, but that's an assertion I haven't seen before.
Truthfully, I don't know! Especially for younger kids though, there's usually at least an adult in the room, right? Even when they're visiting a friend, the other parent is there to step in and check on them occasionally?
I guess once you hand your teenager a smart phone (and all their friends have one too!) all bets are off. That's new, and wasn't a thing when I grew up. We were rural and on the tail end of dial-up, so I couldn't get online at home without someone hearing the modem. That sure limited my attempts to do so without permission!
Homeschool and exercise close, very close, supervision over what your kids do on the internet.
I'd have hated this as a child. But the case for unrestricted internet and social media access for children being harmful, at this point, seems pretty shut.
For those who sadly cannot homeschool their children... well, we need to push for school choice and to dismantle the teachers' unions. Which probably ultimately is the same thing.
In many European countries, homeschooling does not really exist. For good reasons. Mingling with many kids from the same age cohort with diverse backgrounds is good for kids. Homeschooling is also often used by religious zealots to indoctrinate their children.
People with bad takes like that give homeschooling a terrible name, and make it easier for those regularly trying to dismantle it. It's an excellent tool for responsible parents, and a horrible weapon in the hands of zealots.
I am thankful to have had extensive access to technology as a (homeschooled) kid, and parents who encouraged curiosity.
Destroy "optimize for engagement" social media, which harms everyone, and stop pretending like this is some problem that only harms children.
As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
In the case of Roblox they have a horrible system where they estimate your age and only allow you to interact with people of a similar age, meaning if you verified your kid with your face then they'd only be able to interact with adults and not other kids. At least that's the theory. It doesn't take a lot of effort to figure out how a predator could misuse this system to their advantage (which is why I call it horrible)
Reference: https://en.help.roblox.com/hc/en-us/articles/39143693116052-...
Predators have been using roblox since its inception, but I don't think they are doing age verification because of that. They're looking to expand into more adult experiences and, of all horrible ideas, dating.
I think it is much simpler: they are feeling regulatory pressure. In various countries there are increasingly strict laws that allow people to hold companies accountable for issues on their platform. By using age verification, they can increasingly move responsibility away.
I’ve seen Roblox invest and conduct child safety research for several years now.
Maybe they are expanding into other industries, but the safety focus predates that.
> As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
Is there a 'break glass' workflow in case you are not available (e.g., health incident)?
We only do it for one-off age verification, not stuff that requires repeat authentication (those we simply don't use).
You can (and should) be mad at the government and at Roblox at the same time.
Also, don't use Roblox, you can freely share games made with PICO-8, Löve, Godot, Rpgmaker, Game maker and the like, no need to go to the hell scape that is Roblox and its dark patern and locked down ecosystem.
My kid does Godot and TIC-80 (a bit like PICO-8 but more forgiving) as well. Those are great but they don’t beat Roblox on distribution nor multiplayer by a long shot.
I agree that Roblox is a hellscape when you want to make serious games, eg make money from it or sth, but if you just want to mess around making a “supermarket horror tower defense” game full of in-jokes and then have all five of your friends join it, and It Just Works, sorry but nothing comes close to Roblox.
Until they required age verification for that ofc.
Also, just don't ever buy any Robux and kids will auto steer away from the shitty games that need it. That filters out 95% of the badness of Roblox right out the gate.
Yeah multiplayer is kinda problematic because of port forwarding and dynamic IP.
S&B or other engine-as-game solve that by using the platform account system and master server for discovery and NAT punch through.
None of the engines you mentioned are nearly as approachable as roblox when it comes to making a 3D game with little programming or art skills.
Don't get me wrong. I agree roblox is a very shady operation, but that does not erase the fact that their platform is unmatched when it comes to letting kids make games.
> Don't get me wrong. I agree roblox is a very shady operation, but that does not erase the fact that their platform is unmatched when it comes to letting kids make games.
Ok, well then, toss your hands in the air and throw away all your principles then, I suppose.
how is the view in your ivory tower?
Pretty much the same as my view before roblox even existed, which is not bad.
How is the view in your FOMO dungeon?
RpgMaker is really approachable for a 13yo.
There also Luanti, the new name of MineTest, which is closer to the Roblox experience (in the sense that there already a playable game there, and creating new stuff is closing to modding than to game making).
The Roblox experience also includes a huge existing player base who may come and play your game without having to install anything new on their machines. I'd say this social factor actually matters a lot for Roblox where many if not most games are multiplayer.
The only thing close is minecraft, which from what I heard already has similar restrictions on in game chat, plus other shady maneuvers from Microsoft.
Of course Roblox have more player, but does your child really need millions of players?
It's the same network effect with other megacorp, we could argue the same about X/Instagram/Mastodon, the question could be changed to: Do you want your children to be groomed to use closed source ecosystem from shady companies or do you prefer they gain experience in using relatively open ecosystem ?
Luanti let you make multiplayer games/mods too. For Minecraft there way to play outside of Microsoft sanctioned versions and servers.
> Of course Roblox have more player, but does your child really need millions of players?
Nobody uses platforms because they are are looking to exercise billions of options. The point is easy commonality. You sit next to a kid, and, what do you know, they are into Roblox too. Cool. Wanna play?
It's the difference between getting a trickle of random players on the map vs. never ever seeing another player.
For Minecraft random people are more of a nuisance than an asset, but for a Roblox obby there is an expectation that other people will check it out.
When I was a kid I loved this obscure multiplayer game engine called BYOND. In fact it's so obscure that even mentioning it provides several bits of fingerprinting. It technically still exists today, but it's been on life support for 15 years. We should make something like that again.
Besides the game engine, it provided central identity (optional - you could allow players to sign in as Guest), a website to browse games and servers, a forum to discuss games and programming, and an IDE with a built-in sprite editor (it was 2D), map editor and object browser.
I hear you on the overall privacy issues related to age verification with US Corps. My concern with government registries of personal information is related to things like:
- Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
- US, Japanese internment: The Census Bureau provided block-level data on Japanese Americans in 1942 despite confidentiality guarantees; 2007 research showed individual names and addresses were shared too.
- Rwanda, 1994: Belgian colonial administrators had put ethnicity (Hutu/Tutsi) on national ID cards in the 1930s. Sixty years later those cards were the primary tool at genocide checkpoints.
There’s loads more. Europe may be safe now so it feels safe to give government this information. However, as shown in all the instances above, the information was collected for one reason and used for a wholly different reason when times changed.
Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes? It could be Roblox users, HN commenters, people who religiously repost x.com links as xcancel.com ones, anything. Whatever it is, they will have access to all the data on any system we allow them to record. This isn’t even a totally made up hypothetical from far away places, multiple governments in Europe were doing this kind of thing just decades ago. Historically speaking, we are all currently living in an unusually peaceful era, that will likely be temporary for many of us.
> - Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
Records were poorer in France because René Carmille and the French resistance sabotaged the machines. Machines made by a large tech company which was a competitor to IBM.
> Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes?
Absolutely. But I do know who has that data -- big tech, and it's willing to sell it for a nominal price. No doubt that price will be higher for a deaparate government wanting to kill everyone with green eyes, but that just means a higher profit margin for facebook as they mine their shadow profiles.
Tech bros will be lining up to gifting it along with a golden statue to whichever dictator they wish to carry favour with.
My opinions is that an idiotic government will use whatever data it can find, and we should be more worried that one appears than imagine that because they do not have some data they will not do some idiocy.
I am not for collecting all data without a reason, sometimes probably too much is collected. But idiots can come with any rule if they want just to find someone to blame (I mean, they already use skin color or accent so if in need, they can come up with a rule like "born on a Monday").
I guess that is one way to manufacture consent.
As another European, I agree with GP.
I don't fully trust my government. But I definitely trust it more than any American tech company.
I can also vote out my government. I can't do that for Big Tech.
> I can also vote out my government.
You can't. Not if you're in the minority. Tyranny of the majority is still tyranny.
You what you as an individual most certainly can do is stop using Roblox. Not ideal, but way easier than moving to a new country.
Tyranny of the majority is ... democracy?!
Unrestrained democracy, yes. Tyranny.
People need to understand that having a majority opinion does not inherently give you the right to impose that opinion on everyone else. Such impositions must be done with extreme hesitancy and restraint.
That's why many democratic countries have a constitution which prevents the government from restricting certain individual rights even in the face of popular opinion. But ultimately, the constitution is just a piece of paper. If people are determined to impose their will on others, it can only do so much.
"Inherently give you the right"? Rights are not inherent properties of facts, they're concessions between people. Nothing inherently gives rights, rights are given by agreement. If people agree that majorities can impose their opinion, then they can.
> Rights are not inherent properties of facts, they're concessions between people.
We're getting pretty deep into philosophical territory now, but I disagree. Human rights, to the extent they exist at all, are necessarily inherent properties of individuals.
E.g. If the majority decides people with dark skin are subhuman and therefore have no rights, the majority is most certainly not correct about that, because rights are not defined by the majority opinion. They are inherent.
The U.S. Declaration of Independence put it like this:
> We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed
I concur with this perspective; rights are inherent and inalienable, and the purpose of democratic government is to secure those rights (which already exist), not to create them.
endowed by their Creator with certain unalienable Rights [...] rights are inherent,
Only if you believe in a creator that determined these right, which is not rooted in fact, but solely belief.
Personally, I do not believe a particular ethics exist as an absolute/scientific truth. It is just that some amount cooperation is generally better for everyone and virtually all humans want to avoid pain and seek happiness.
Even though I was a convinced utilitarianist when I was young, I think Kant's categorical imperatives are more powerful now: you should act only according to principles you would want everyone to adopt as a universal law. Or Rawls' original position [1].
Even though this might sound like an off-topic philosophical debate, I think it is very relevant to democracy. Purely egoism-based democracy would trample on the rights of minorities, etc. But in a democracy based on these principles, the majority would vote to project minorities, etc.
I am not sure how you would modify democracy to align with this. I think it is for a large part of education. E.g. if everyone thinks every choice is a zero-sum game (my loss is another's win and vise versa), democracy will go in a very dark direction.
>Rights, to the extent they exist at all, are necessarily inherent properties of individuals.
What's sad is that there's a formulation that's actually correct. Rights are an inherent property of societies (or stable ones, at least). Note that I'm saying rights in an abstract sense, not necessarily any specific set of rights. Not every society will value the same things the same way.
>E.g. If the majority decides black people are subhuman and therefore have no rights, the majority is most certainly not correct about that, because rights are not defined by the majority opinion.
So it's an objective fact that they're incorrect? I.e. they can be shown to be incorrect without having to ask anyone's opinion? Okay, prove it.
>The U.S. Declaration of Independence put it like this:
That's an opinion. It's perfectly fine to think these things are so obvious they don't need to be justified, but I don't agree that that's true, even if I subjectively hold the same opinion.
> The U.S. Declaration of Independence put it like this:
The opinion of a few slave owners 250 years ago
> We hold these truths to be self-evident, that all men are created equal
For a given definition of "men"
> I concur with this perspective
Good for you. You have an opinion, doesn't make it a fact.