EU Age Verification App Not Planning Desktop Support
Posted4 months agoActive3 months ago
github.comOtherstoryHigh profile
heatednegative
Debate
90/100
EU Digital IdentityAge VerificationSurveillance
Key topics
EU Digital Identity
Age Verification
Surveillance
The EU's digital identity wallet project is not planning to support desktop devices, sparking concerns about exclusion and reliance on smartphones, as well as criticism of the project's ties to US tech companies.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
1h
Peak period
153
Day 1
Avg / period
26.7
Comment distribution160 data points
Loading chart...
Based on 160 loaded comments
Key moments
- 01Story posted
Sep 24, 2025 at 7:52 AM EDT
4 months ago
Step 01 - 02First comment
Sep 24, 2025 at 9:01 AM EDT
1h after posting
Step 02 - 03Peak activity
153 comments in Day 1
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 3, 2025 at 8:14 PM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45359074Type: storyLast synced: 11/22/2025, 11:00:32 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
See: https://news.ycombinator.com/item?id=44704645
> Desktop support is not currently within the project's scope.
What I would like to take from this is that, by their own definition, desktop apps are out of scope for Age Verification. So does that mean we will see a return of the 'desktop applications' instead of everything being a web service ?
One can dream perhaps. Until then adults who are willing to 'do what they're told' will be the ones who are inconvenienced by this constantly.
Edit: Also this will completely disable any new phone OS' being developed. Why would anyone bother when you can't verify your wallet to do anything online.
No. It's still required by law, which means that your desktop application will require some interaction with your smartphone.
One day, there will be a knock on your door.
"Good morning, this is the police. Is there something wrong with your phone? Is your phone broken? Can we provide you with a charge?"
"No, I must have turned it off accidentally."
"Can we assist you with an upgrade? The newer models don't have power buttons."
Tell somebody you use your phone less than 10 minutes a day and look at their face change.
While not less than 10 minutes per day for me, but I was having this argument on reddit over the iPhone Air - people couldn't fathom that there's someone out there that is not on their phone 24/7, and doesn't use their phone as their main computing device.
I clock in at under an hour screen time most days. It's the least ergonomic device for me to do anything remotely serious. Can't even stand typing on a virtual keyboard. My laptop is, and will remain, my main interface to the net and communication with others.
You'd think I was some kind of weird hermit luddite because of it.
Nobody is coding or writing anything longer than an email or social media post on a virtual keyboard.
The average screen time for younger people borders on 7 hours. It's almost a third of the day or 40% of the woken day for most people. I still can't wrap my head around how that can even be possible, but then I see in public most people you look at in any given moment are reading, watching or sending/sharing something.
If the conspiracy theorists are right, the tech industry created a surveillance system beyond their wildest dreams.
Mother Russia: we'll take care about security, comrade, you just shut up and use a phone from this here list of approved models. And GrapheneOS? squinting suspiciously that's what extremists use to watch gay pornography; are you an extremist, then? No? Let's see if officer Rubber Hosesky here believes you...
https://en.wikipedia.org/wiki/The_Age_of_the_Pussyfoot#Joyma...
"The remote-access computer transponder called the "joymaker" is your most valuable single possession in your new life. If you can imagine a combination of telephone, credit card, alarm clock, pocket bar, reference library, and full-time secretary, you will have sketched some of the functions provided by your joymaker."
Just about the only thing today that's meaningfully different from the novel is that our devices are smaller and have screens instead of using voice as the primary input/output method. Well, and they don't have a "medical" module that can dispense drugs (yet?).
Interestingly enough, in the setting of that book, possession of a joymaker is a marker of good standing, and lack of one (e.g. because one cannot afford to pay for service) basically makes one homeless and a target for all kinds of nastiness including from the cops.
Since children are universally not considered real people with real rights schools requiring them to have the right apps to perform their schoolwork are to be expected.
If the actual implementations do copy the dependency on Play Integrity and other such APIs, that does become a problem (getting past that is a major annoyance on amd64 computers because there are so few real amd64 Android devices that can be spoofed).
However, the law regarding these apps specifically states that the use of this app must be optional. I'm not sure websites and services will implement other solutions, but in theory you should not need a phone unless you want the convenience and privacy factor of app verification. I expect alternatives (such as 1 cent payments with credit cards in your name) to stick around, at least until we get a better idea about how this thing will work out in practice.
Wait a minute, while writing this comment, I realized that there was a guy who sort of packaged waydroid into flatpak-ish to run android apps in flatpak.
https://flathub.org/en/apps/net.newpipe.NewPipe
(It uses android translation layer??)
I am not an EU citizen but if somebody is & they want this age verification app on desktop, maybe the best way might be to support this android translation layer to convert this EU app into something that can run through flatpak and then use linux I suppose.
I mean, some of y'all are so talented that I feel like surely someone would do it if things do go this way! So not too much to be worried about I suppose :>
That requires an AppleID, i.e. an account with a foreign corporation.
Edit: Sorry that reference was a deep cut, I was quoting the devs of that awful Diablo mobile game way back.
I used to use the messaging app through SMS tho, the people that knew me (that 1 friend gets a shoutout here who used to msg me through SMS in the world of whatsapp and my mom!!)
Most phones are used for two things that my father used to quote: Whatsapp (messaging app) and youtube(social media)
Entertainment could somewhat be offloaded via music player etc. into dumb phones and to be really honest, I think that even things like hackernews could be operated on those dumb phones if given the ability to.
https://www.youtube.com/watch?v=QdYrBpBJRI4 : this is the dumbphone which supports signal btw. Wish there was a way to make app for dumbphones like these just as how we can make apps for androids.
I was shocked by how much feature packed my chinese dumb phone was for 11.27$ lol. It just didn't have internet & yeah games as well.
Don't let perfect be the enemy of good.
This is a general computing crisis.
The EU wallet does use an open standard, and the wallet app itself is developed in public as open source.
Not only that, but having this locked behind something that works for 95% of users means the other 5% will never have enough leverage for any other implementations to be approved. Which is absolutely unacceptable for such an essential feature like age verification.
The target, which are the children who access "forbidden" websites without authorization is likely to be lower than amount of people who won't be able to access due to those narrow specs.
Idk I created this just right now lol.
But on a serious note, Maybe check out my comment on something known as the android_translation_layer with flatpak to see if that might help to run that app atleast in linux.
Linking it here : https://news.ycombinator.com/item?id=45361397
I see this as a huge stepback to be fair.
Why wouldn't that be sufficient?
Every new secure government identification/authentication/verification thing will try to 'just' use Android/IOS, because 'everyone' has one those smartphones.
It sucks, yes, but that's probably how these people think.
Which is a joke when you know that most phones in the wild are using an obsolete OS version (most of the time due to lack of software support from the manufacturer, but sometimes because some people just refuse to update because updates are in fact downgrades — looking at you iOS).
the main reason is that this is not a reference implementations or "this is the app everyone must use" case but a "to see what is technical possible/practical" "research/POV" project
this also makes the "EU age verification app" title quite misleading
There's a much bigger likelihood of me going back to a feature-phone, compared to me starting to use my phone for anything but the absolute basics.
my commute is a really long ride and I just don't like using my phone in it.
My dumb phone had music system and sd card (I finally managed to have that sd card fixed after an year of using that dumbphone without even an sd card for music)
I just used to stare into nothingness / surrounding and think. (Yes I have edited it because I didn't used to think, I used to overthink just as I am doing right now lol)
Not that productive, but my current phone is so slow that I can't even tell you guys or start telling you. It takes me 1/2 a minute just to unlock it and the only thing its truly good at is having a music player run and some occasional hackernews or pokemon showdown or youtube scrolling.
But tbh, I don't have any banking apps etc. so to me there isn't thaaat much of a difference. I feel like a macbook is genuinely nice as it has that less friction and a pc is great too as compared to a phone for the most part when I am at home.
My screentime is usually just some shorts that I occassionaly watch on phone when I am extremelyyy bored.
I am sad that my dumb phone was in my bag one day and then it just stopped (working??) , I swear I kinda regret having my dad's old phone. I am not sure how he was even using it.
The only eventuality where this is acceptable is when desktop computers won't even be gated, and then if anyone can circumvent the problem with a computer, why is anyone even bothering with the whole thing...
That doesn't surprise me at all. Principles in a government body don't exist. They are all crooks.
> combat social exclusion and discrimination
[1] https://european-union.europa.eu/principles-countries-histor...
I take your argument at face value (in that I take it that you believe the EU has that goal at some level). I just to not expect it, as an organisation, to consistently promote that goal (for much the same reasons lots of countries fail to serve their citizens).
Profit making businesses have the explicit goal of making shareholders better off. Management usually choose to balance this against other goals (ethics, the good of wider society, their own interests...), just as the EU has the explicit aim you state, but, similarly, has other conflicting aims.
Every time someone says “they’re all crooks” they are the enablers of crooks. The crooks couldn’t do it without people like that.
Again - this is only just one of the possible implementations of https://ageverification.dev/Technical%20Specification/archit...
It's possible to have others but as POC they are focusing on covering the biggest chunk of the population…
The "war on general purpose computing" need only be the waiting-out for those of us who remember actually owning a computer to die.
Even though it sounds like _you_ probably know this, Cory Doctorow has been sounding this alarm for years. As usual, it seems he was right about the possibility of this being a legitimate battlefront in the (actual, non-hyperbolic) war on freedom.
A desktop computer doesn't necessarily have a microphone or camera, and doesn't necessarily have to be connected to the internet. I'd wager most crime, including that which affects children is done on "disconnected devices" in this sense.
I mean, otherwise would be like not being bound to speed limits if you don't have a speedometer.
If something doesn't work without your phone, report it being broken. If they tell you to use your phone, tell them you don't have one. If possible, leave their service, if they don't care.
We have to make it their issue as much as possible, when they try to push their shit onto us.
Surprisingly often there is a workable alternative to using ones smart phone. We have to make use of those as much as possible, so that the cost for them to get rid of those options will be high and they think twice before doing that and offending us.
That only works in a world in which the government provides speedometers, which restrict the vehicle automatically, and in this case they refuse to provide them at all for blue cars.
This already the case today, you can't run your bank's app or government eID apps on anything but Google or Apple devices.
I can log in to my bank account using my desktop PC
> government eID apps
I can sign into government websites using my desktop PC and its smart card reader and my government-issued eID smartcard. No smartphone needed.
ING in Germany forces you to either have a single Google approved smartphone or a single authenticator, not both.
DKB requires a paid Girocard to use the authenticator or a Google approved smartphone.
N26 requires a single phone but they are a bit lenient. However they have way too many incidents reported where they closed people's accounts without a reason.
The traditional banks have high fees. One pays upwards 10 - 15 Euros a month for Sparkasse or Commerzbank for a simple checking account. Using Sparkasse means you cannot deposit money outside county (yes county and country) borders. Many traditional banks have high fees for withdrawing outside the network.
So one is forced to choose between modern banks with better online experience that's tied to Google and Apple or a traditional bank with oftentimes awful online experience and high fees.
[0] https://www.1822direkt.de/service/fragen-und-antworten/detai...
Absurd thing is that 1822 claims to make things much more secure but their 2FA reset with a single phone PIN is a joke.
I do not understand how you are coming to that conclusion regarding modern banks. You can use the authentication device, which is completely independent of Google or Apple.
TOTP codes would be allowed by the regulation, as would biometric approaches or separate physical tokens, but in practice every bank I've used in recent years (quite a few, mostly Spanish but also in Belgium & Switzerland) require that you accept a confirmation prompt or similar in their app.
Regulations are written (at EU level) to allow X, Y and Z; somehow by the time it's implemented at member state level it miraculously only allows only X or Y, and once it gets to actual service providers (who've presumably been advised by their in-house lawyers that 'Y is bad') we end up with a choice of X or nothing.
Then if you ask anyone at EU level what's going on, they point to what the regulation says, and everyone shrugs.
Most banks in Germany, Austria and Portugal default to Play Store or App Store apps with OS integrity checks. It seems like the Nordic countries have it a bit better with the ID reader apps. There are sometimes alternatives and some of them require paid subscription.
The apps they require are proprietary. They are not generic TOTP generators. Some of them require biometric approval. Some just logging in and approving a notification. I have seen some generate a form of non-standard TOTP. Otherwise I wouldn't complain about being locked into Google or Apple ecosystems. They are Play Store or App Store apps that require attestation from the libraries / systems provided Google or Apple like SafetyNet or Play Integrity. Some require strong hardware attestation. If the OS is modified, those checks do not pass. You cannot use any FOSS system without crazy hacks. If the phone is stolen, you have to go through manual reonboarding. It sucks when you're out of the country.
>SafetyNet or Play Integrity
A few days ago I did inspect the NovoBanco (Portuguese) apk, and I did look for SafetyNet specifically. They didn't use it. But since I'm not that familiar with the android eco-system I couldn't really tell if Play Integrity was used instead. But I did find a LOT of HMS (Huawei Mobile Services) stuff, and some if it was definitely related to security.
I might take a look at it again tomorrow.
I was curious if I could sideload the app without logging into a google account, meaning without using google services, but all I did was a tiny bit of static analysis instead of actually trying it.
If you have any write-ups on crazy hacks for foss systems, again it would be awesome if you could share them and greatly appreciated. Cheers
Also, is using HMS a normal thing in android development? Last I checked Huawei was persona non grata in the west, at least when it came to hardware like network equipment and consumer devices. I was surprised when I saw HMS in the apk.
>Last I checked Huawei was persona non grata in the west
Isn't it only in USA?
Most banks? Do you have evidence? AFAIK many (and certainly the most used) German banks (Sparkasse, Commerzbank, Hypovereinsbank) allow chiptan which does not require a smartphone.
Hungary is in EU and the most popular bank sends a one-time code (with expiry) via SMS for logging in, making a transaction, for the mere displaying of "Telecode", and so on.
There is no TOTP, only this one-time code sent via SMS.
I do not use their apps on any platform. I login via their website when I need to which is rare. When I make a payment via card, I have to provide the provided 3-digit "Telecode" and the one-time code sent via SMS. There is an option "What if I do not have access to that phone number?" or whatever the literal translation is, but I have not checked that out yet.
... which is why I left a comment asking you about the details. You telling me SMS is banned and referring to EU regulations just left me more confused given the above.
https://old.reddit.com/r/portugal/comments/1msc886/obriga%C3...
Effectively, if the client doesn't download the App, they will never be able to log into the homebanking website again. The bank enforced this and now if you login normally it will redirect to a page where you can download the app or use up one of three remaining chances to login. I am down to two. From now on, I'm only able to use ATM's or go to an actual teller to make payments and such. The app requires that I have a Google account or an Apple account and I think that's just messed up, specially for a Portuguese bank.
The app on the google store is pt.novobanco.nbsmarter if anyone is curious. It has interesting permissions as well.
Edit: This is the landing page (one login left, oh dear...) https://files.catbox.moe/x117iy.png
rsync, here you go:
https://reports.exodus-privacy.eu.org/en/reports/652314/
"It has interesting permissions as well ..." ?
I assume a banking app needs (temporary) permission to use the camera for check photos or things of that nature ... and possibly (temporary) use of location data.
I would be alarmed if it requested microphone or access to either contacts or photo storage ...
As for alternatives, yes there are, I'm still figuring which ones do not require an app on the smart-phone, though.
I believe I've found a fair alternative after asking a few friends but, I have to account for other factors as well, like, how secure their infrastructure is.
This is because offline 2FA keyfobs were never that popular in Portugal (to my knowledge), unlike 2FA via SMS which I find less secure that keyfobs, but now with the SCA directives from the EU, most banks are jumping on the App 2FA bandwagon. Some do offer a government issued alternative [0] but it still requires an app. I'd be perfectly happy to sign in with my Citizen's ID card reader but that is also rarely implemented (bank-wise), specially since the Chave Movel Digital app from the government [0].
Bottom line, most major banks are going in one direction (deploying their own apps onto customer devices), while smaller banks are staying put (with SMS 2FA) but their security was never that great. So I'm still prospecting and yes, there's a bank co-op on my list also.
Oh, and by "security" I'm mostly going by feel here. Like, if the web interface is a bit jankie I don't feel secure. I'm not going to look into obfuscated .js and pretend like I know anything about web security.
[0] https://www.autenticacao.gov.pt/a-chave-movel-digital
They mitigate the obvious security thread with mandatory 2fa (actually mandated by regulation). Some use this as an opportunity to push their apps: no separate 2fa method, but only integrated in their bloated app, that checks for rooted devices and only supports the newest OS.
It’s quite hard to find out in advance, what 2fa methods with which fees each bank actually requires. I remember that some of them had funny ideas, what a customer should be billed for 2fa SMS. I think it was 50 cents per SMS.
Well yeah but that's what you get when you make overly broad statements like "not in the EU".
That's especially crazy. With Trump's/USA's belligerence, why on earth would EU companies/banks/governments want to require that you have an Apple/Google account, it makes them totally dependant on foreigners!
Please stop spreading disinformation. I live in the EU and my EU bank supports desktop browsers + Card reader matching everything the mobile app can do.
Fairphone 6 with e/OS begs to differ. Dutch phone with a French OS. No issues.
I doubt it unless something odd happens like triggering some reaction. They’ve looked at the data and see the majority of society using “phones”, which are really just increasingly small computers that happen to have a feature to also make calls; and they’ve decided that this trap they’re leading us all into can and may even need to stay open and inviting for a while anyways until the older people die off and desktop form factors kind of fall by the wayside, before the trap is even ready to be sprung. In the mean time they’ll just gaslight and lie about what they’re doing, to save and protect the children of course, until the day that you tune around from a distraction and the trap door is shut behind you.
It’s the same MO as always, with the gullible and naive enablers being essentially the worse threat than the actual perpetrators.
I think this is more an example of you misunderstanding the desires of the people pushing for this.
They want to actually ban this content, they just know that is a harder sell than restricting to adults. So for them, making it harder or impossible to access the content is a feature, not a bug.
The biggest issue is that the attestation hardware and the application client is the same device with the same manufacturer, who also happens to have a slight conflict of interest between monetizing customers and preserving any sort of privacy.
IMHO the pro-attestation forces are so overwhelming that we should all cherish the moment while we have anything open left.
That seems completely contrary to the spirit of EU laws and regulations, which tend to be about protecting the consumer, preventing monopolies, ensuring people can generally live their lives where all things that are mandatory are owned and ran by the state and foster a certain degree of EU independence, with a recent focus on "digital sovereignty".
This one is a five for one against all of those goals? Harms the customer (you could see this as the polar opposite of GDPR), strengthens entrenched monopolies, force citizens to be serfs of one of two private corporations in order to access information, and on top of that, like it wasn't enough, willingly capitulates to the US as the arbitrates of who is a valid person or not.
This is so against the spirit of the EU itself that it would almost be funny if people weren't serious.
Because the EU doesn't actually care about privacy, otherwise they wouldn't be trying to do this and ChatControl. They care about being the main ones to spy on you, and maybe using fines as additional "taxes" on rich foreign companies. That's it.
Europe's dependence on American tech is a major pain point but realistically, there are only two smartphone vendors. If a European vendor does rise up, I'm sure whatever app comes out of this process will happily hook into the hardware attestation API for that OS as well.
https://github.com/eu-digital-identity-wallet
Google's ad business model should never be mandated by law, unfortunately lawmakers seem to be unaware that this is what requiring Play Integrity effectively means.
Because this is being pushed by lobbyists to use hardware attestation to make it piratically mandatory for every citizen in the EU to be registered to either Apple or Google with a real id for all non-trivial online interactions at all times. The people behind this push neither have the technical knowledge nor care in the slightest that this is the consequence.
I am stealing this typo.
263 more comments available on Hacker News