"Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18."
Yeah sure, maybe they should improve this, but this isn't a very serious flaw. The actual "hack" required you access the app files, which shouldn't be accessible to your nephew anyway. If has access, you've got bigger issues.
62
FrontierPsycho23 hr ago
+22
No. The actual hack _is_ a very serious flaw, because app files aren't supposed to be inaccessible. They're on your local device and can be tampered with. Not every user will know how to do that, but every user can download an app that one person makes to easily bypass the checks.
Not that I'm pro age verification, I'm very much against it and I think it's an excuse for stronger ties between identity and device (which is very problematic, in my view), but if you want to do it correctly, this is a huge flaw.
22
UnacceptableUse20 hr ago
+8
All this does is bypass the pin on your age verification, you'd have to have already verified your age in order to perform this bypass. You'd be more likely to just know someone who will let you use their phone to verify than be in a situation where you would use this bypass
8
Ediwir20 hr ago
+6
If someone needs my phone in hand, my pin/faceID, and my password, that’s not a hack. I simply got robbed and beat up.
6
Gronfir20 hr ago
+14
While I'm also anti age verification this "hack" is a nothing burger:
1. To exploit the vulnerability the phone needs to be rooted.
2. The vulnerability was found this quickly because the app is open source. This is a good thing.
14
Extension-Toe-70271 day ago
+26
It reminds me of a nation launched a state of the art p*** blocker, it took a 14 year old about 45 minutes to circumvent the whole thing.
26
Broken_Reality1 day ago
+8
Yeah a TOR Browser or a VPN gets around most of the age verification nonsense and a very quick Google search can tell any teen that if they even need to look and don't already know.
Sadly these measures don't reduce access to p*** for those underage but it does make it harder to get certain information for them and then you have sites blocking access entirely for certain countries such as Imgur did for the UK. Now you can get around all this with the above methods but it is still annoying and ultimately pointless.
8
go_go_tindero1 day ago
+6
Yeah sure installing Tor or a VPN is doable for an adept 14 year old, but not a 7 year old.
14 year old could also find p*** magazines in the 80s if they tried.
6
Imicus1 day ago
+6
Yeah, all they had to do was take a trip to the nearest woods/forest and boom, free p*** mags.
6
PegasusPedicures22 hr ago
+1
Nah the train station p*** is a safer bet, forest p*** old have a hillbilly nearby/could be a trap laid by a pedo
1
llamawithguns15 hr ago
+1
You would be suprised
1
Allo_Guvnor20 hr ago
+2
Bout 30 minutes, IIRC, if you're talking about the p*** filter they proposed in Australia circa in 2007. And the great Piracy Site Block in 2016? Literal seconds, switched DNS and kept on going.
2
Extension-Toe-702720 hr ago
+1
That is the one
1
Selgald22 hr ago
+14
Btw those claims are bullshit.
First they used a demo system, that is clearly labelled as a demo system.
And even ignoring this, you still need physical access to said device, need to defeat its pin/pw/bio, and then it needs to be rooted.
And that's just simply not how the real world works.
14
AssistBorn458911 hr ago
+1
This was not at any point labelled as a demo system, it was announced as finished few days ago.
Plus, of course that person workarounding EU's agecheck would have physical access to his own device. Have you imagined some random Russian hacker remoting into child's phone and setting it as adult-owned? What would be point?
One whose rights are being taken away is one motivated to workaround this.
1
nicuramar9 hr ago
+1
> Plus, of course that person workarounding EU's agecheck would have physical access to his own device
At that point it’s no longer a serious hack, once you have unlocked access to the device.
1
AssistBorn45899 hr ago
+1
For sure you understand that "hacker" in this case is a child trying to access the Internet.
It doesn't matter whether you consider this hack serious, point is that this identification layer breaks privacy of most while it is easily bypassed by its targets.
1
Rinuir19 hr ago
+5
Regulate the company not the people for fucks sake
5
UltimaTime12 hr ago
+3
It's really just a repeat of the paper media becoming unhinged during WW2 or any war scenario for that matter, flooding with propaganda rather than real information to the point you can't tell which is which.
So this is the equivalent of trying to "regulate" newspaper readers to read only what some people decide is to be read, instead of regulating journalists. It's so obviously stupid I can't even. And it's pretty obvious why they do that, and from whom the lobbying come. It certainly is not the users pushing for this kind of nonsense.
A medium is supposed to be just that a mediating device, you cannot turn it into a personal thing just because "you" or anyone decide, they are going to be used by many people during their existence, it's a fact. This entire enterprise is doomed. This is why you see some of those absolutely moronic "laws" now asking id proof to read an encyclopedia? I mean just how low are we going exactly?
3
asdhjasdhlkjashdhgf22 hr ago
+2
nice charade social hack blurb.
First of all the photo shows an certificate (driver license) that is not enough to even unlock age limitations for lack of technical capability, and also not accepted as by EU law as identification, neither for age confirmation. The private sector has not such requirement, but age certification in future likely required by law does not allow free choice for simple jurisdictional reasons.
"Hackers", which is a also a synonyme for 'expert' who claim stuff but did not go to eradicate a supposed flaw are for certain thriving on the claim rather than deliver an unflawed system. Why? Most likely because they compete for narrative or systemic influence.
Leaves us with a question. Who has interest such system fails from the get go instead of helping to improve it? Not difficult to grasp that those who want bots and unconfirmed entities influence public discourse have the highest motivation to scratch the process of implementation in their favor.
The actual 'clue' about identification is that a gap of uncertified accounts is limited if not flat out knocked out in future, doesn't matter under which ID someone tries to circumvent it, there is still an ID below a confirmation, which logical secures jurisdictional reliability which is the very goal of implementation.
Last but not least: identification as requirement for service is also not new, it existed in manual form prior, people went to national post offices to confirm match between online entry and real world document.
Last: national solutions exist already in a way that allowed to pretend confirmation from another state, an EU wide system eradicates this gap.
The real issue is a total different thing. How to prevent large platforms from abusing the market power confirmed accounts come with.
2
SoftlySpokenPromises22 hr ago
This is all just making the situation worse anyway. Turning something into a taboo and then putting weak safeguards in the way will just make people want to see it more.
0
Typingdude31 day ago
-38
LOL classic European bureaucratic “quality”.
-38
iuuznxr1 day ago
+18
DOGE really showed the world what Silicon Valley geniuses and big-balled whizzkids can achieve.
18
Comet797122 hr ago
+1
DOGE isn't in Europe so why do you mention it?
1
Typingdude31 day ago
-28
Yet here you are on an American website. Why?
-28
iownlotsofdoors1 day ago
+17
You criticise society, yet you participate in it. Curious!
17
xondk1 day ago
+12
Yeah, I don't think you want to start down that road trying to label Europe like that, you might want to check the track records of others. European Apps due to GDPR and other regulations are often more secure, but of course no app is perfect and coding errors like this happen.
12
Typingdude31 day ago
-36
Whataboutism, another classic European trait.
-36
FederalAd18481 day ago
+10
doom scrolling knowledge type of opinion
10
xondk1 day ago
+8
There is no whataboutism in statement, because I'm not trying to deflect, and that you try to pull that just shows you have no objective stance, or knowledge in the area.
30 Comments