Our German national ID supports just verifying that you are over age X, with no other info given.

But why would you give your id?

You don't need to, that's the thing. The site requests "are you over 18" and you use your ID to prove it without them getting any other information from it. Requires a phone with NFC, but the app is open source

hopefully the protocol is open source too. I'd hate to find that it just works on iOS and Google certified Android.

Should all be open, but I don't know for sure. Works with ungoogled android unless something changed.

https://github.com/Governikus/AusweisApp

That's very cool and good to hear. Thanks for sharing!

I think that ends up being a more difficult problem than just open source. There will have to be some cryptography at play to make sure the age verification information is actually attested by your government.

It would be possible for them to provide an open-source app, but design the cryptography in such a way that you couldn't deploy it anyway. That would make it rather pointless.

I too hope they design that into the system, which the danish authorities unfortunately don't have a good track record of doing.

And the reference implementation requires google play integrity attestation so you are forced to use a google approved device with google approved firmware and a google account to download the application in order to participate. Once this becomes implemented, you are no longer a citizen of the EU but a citizen of Google or Apple and a customer of the EU:

Quick google (on my phone, so not certain) says it works with microg as of August

Yeah, sorry I mixed up the old German Ausweisapp and the euID Reference App

How does the site verify that the ID being used for verification is the ID of the person that is actually using the account? How does the site verify that a valid ID was used at all?

If the app is open source, what stops someone from modifying it to always claim the user is over 18 without an ID?

Not that I understand it, but AFAIK that's cryptography doing it's thing.

And using someone else's Id and password is the same as every method of auth

It needs to be scaled to the EU level.

*Only for Google Android and Apple iOS users. Everyone else who don't want to be a customer of these two, including GrapheneOS and LineageOS users, will have to upload scans of identity papers to each service, like the UK clusterfuck.

Source: I wrote Digitaliseringsstyrelsen in Denmark where this solution will be implemented next year as a pilot, and they confirm that the truly anonymous solution will not be offered on other platforms.

Digitaliseringsstyrelsen and EU is truly, utterly fucking us all over by locking us in to the trusted competing platforms offered by the current American duopoly on the smartphone market.

This sounds like a temporary issue.

Why? It's not because a hardware token based solution that will work on desktops is technically impossible, but they literally wrote me that they have no plans to investigate the possibility of offering that. This is officially the plan for the permanent solution.

> This sounds like a temporary issue.

There is nothing more permanent than a temporary solution.

This is an acceptable solution only if the government doesn't know which platform you are trying to access either.