Welp, this was bound to happen, wasn’t it? I’m pretty sure they’re referring to this application, which I stumbled upon a while back. If I remember correctly, the app “allows” (or implicitly forces) the user to store a government issued identity: able to attest to an age-restricted website, whether or not the user is of age.
It does this, supposedly by “just” sharing an age-bracket with the website; but here’s the kicker: the Union, in its generosity, has granted their citizens an in-app option, to withdraw this signal from the websites it has been provided to. What this means in practice, is the app storing one’s government-issued identify, also ties back to every account requiring “age-verification”…
So now, every device containing the app, has the owner’s government-issued identify on it, together with connections to every age-restricted service. And considering the apps are maintained by the Union, or member states (through their own implementations), creating a backdoor to the application’s contents… I mean to “observe app usage”, would be absolutely trivial.
Again, I’ve read it a while back, so some things might’ve changed, and my memory might be spotty; but I’m quite sure it’s along the lines I’ve described.
Welp, this was bound to happen, wasn’t it? I’m pretty sure they’re referring to this application, which I stumbled upon a while back. If I remember correctly, the app “allows” (or implicitly forces) the user to store a government issued identity: able to attest to an age-restricted website, whether or not the user is of age.
It does this, supposedly by “just” sharing an age-bracket with the website; but here’s the kicker: the Union, in its generosity, has granted their citizens an in-app option, to withdraw this signal from the websites it has been provided to. What this means in practice, is the app storing one’s government-issued identify, also ties back to every account requiring “age-verification”…
So now, every device containing the app, has the owner’s government-issued identify on it, together with connections to every age-restricted service. And considering the apps are maintained by the Union, or member states (through their own implementations), creating a backdoor to the application’s contents… I mean to “observe app usage”, would be absolutely trivial.
Again, I’ve read it a while back, so some things might’ve changed, and my memory might be spotty; but I’m quite sure it’s along the lines I’ve described.