EU's New Age-Verification App Takes Just Two Minutes to Hack, Because of Course
The EU's high-tech solution for keeping kids safe online can be defeated with a photo and a video call, proving once again that digital security is hard.
In a stunning development that will shock precisely no one who has ever used a government tech product, the European Union's new age-verification app, designed to protect children online, can be hacked in about two minutes. The app, a cornerstone of the EU's Digital Services Act, is supposed to verify a user's age using government-issued ID and facial recognition. Researchers, however, demonstrated that a simple video call on a second device, showing a photo of an ID, was enough to trick the system. This elegant, low-tech bypass renders the entire high-tech security theater somewhat moot.
The app, named EU Digital Identity Wallet, is being rolled out as a voluntary tool for platforms to comply with age-restriction rules. Its failure is particularly ironic given the context of other digital privacy nightmares currently making headlines. For instance, Meta is developing facial recognition glasses that privacy advocates warn could become a tool for sexual predators. Meanwhile, a separate crisis involving AI-generated deepfake nudes is spreading through schools, proving that the problem of verifying reality online is pervasive and poorly addressed by quick-fix apps.
This security flaw isn't just a theoretical concern; it's a practical gateway. If a child can use a parent's ID photo on a video call to access age-restricted content, the app's core function is defeated. This comes as Silicon Valley firms are reportedly spending millions to lobby against one of their own proposed regulations, highlighting the chaotic and often contradictory landscape of digital governance. It seems the effort to build walls is matched only by the ease of finding ladders.
Ultimately, the story of this two-minute hack is a classic tech parable: a well-intentioned regulation meets a hastily built solution, resulting in a system that is less about security and more about checking a compliance box. As the EU pushes forward with its digital identity plans, this episode serves as a wry reminder that in the race to govern technology, the simplest exploits are often the most effective. The snake bros getting bitten by their own lethal pets, as another headline notes, is starting to feel like an apt metaphor for the entire industry.
The Good Times
News in your inbox.
One sardonic roundup, delivered on your schedule. Free. Unsubscribe whenever your tolerance for wit runs out.
Already subscribed but we never reach your inbox? Check your spam folder and hit 'Not spam' (or 'Remove from spam') to bust us out of junk-mail purgatory. You'll be helping everyone else too.
Don't open any of our emails for a month and you'll be automatically removed from the mailing list.
Rewrite Article
Select parts to regenerate with a fresh AI pass. Translations will be updated automatically.
Generate AI Image
Creates a sardonic version of the article image using OpenAI.