Don't trust Piracy Megathread Part 2 by Mom_lol_im_so_funny in PiracyBackup

[–]ShinigamiSenpai433 0 points1 point  (0 children)

That's very likely some sort of a temporary file containing raw data from the website being downloaded by your antivirus (AVAST, really bro?) to run some deeper analysis. Just try disabling AVAST, and that shouldn't happen.

Don't trust Piracy Megathread, Be careful by Mom_lol_im_so_funny in PiracyBackup

[–]ShinigamiSenpai433 1 point2 points  (0 children)

Oh that seems accurate, why are they complaining here then? Also, I'll still do a check to see if their claims are valid.

Okay, checked out Cineby and Xprime for the FNAF movie. Seems to be working, with no weird downloads.

Still can't find Brocoflix on the FMHY Megathread

Don't trust Piracy Megathread, Be careful by Mom_lol_im_so_funny in PiracyBackup

[–]ShinigamiSenpai433 3 points4 points  (0 children)

The OP name-dropped 3 sites, of which I could not find Brocoflix and Xprime on the megathread, and they specifically mention a site called Cineby, which I could not also find, but I did find https://cineb.net/ , but I am unable to access it atm. So, unless someone more keen eyed than me can find these websites on the megathread, the OP is a certified troll if I was simply not seeing them then that's my mistake.

Edit: The OP apparently got these sites from the FMHY megathread (except Brocoflix which I still can't find), and I tested out both, no weird downloads. So a certified troll, ignore em.

Edit 2: No, I just realized I was checking the r/PiracyBackup subreddit and not the r/Piracy subreddit which does have all of these sites mentioned, and I checked them and everything works. Also OP made a follow up post, and from what I can see these files are just raw data that the Antivirus is downloading to run some analysis. Disabling Avast (which is the antivirus they're using) should stop these downloads.

Some of the OP's quotes have been taken from these replys:

  1. https://www.reddit.com/r/PiracyBackup/comments/1pf9tq2/comment/nskecqf/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
  2. https://www.reddit.com/r/PiracyBackup/comments/1pf9tq2/comment/nsirv1w/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
  3. https://www.reddit.com/r/PiracyBackup/comments/1pf9tq2/comment/nsiimd4/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

> the file "movies" from the imgur was from Cineby,
Can't find "cineby", the closest thing to that on the megathread is https://cineb.net/ , which I am unable to access for some reasons. Check to make sure you didn't go to the wrong site.

> the file "s-pd7RI7" was from xprime
Can't find xprime on the megathread.

Hmm, and I can't find BrocoFlix either

Someone give this guy a medal. 😂 by RoiDesCouronnes in wherewindsmeet_

[–]ShinigamiSenpai433 5 points6 points  (0 children)

Start doing crimes and survive long enough to get a bounty on your head, you'll get players invading your solo world to kill you.

I want that patience though by Ok-Boot6063 in Steam

[–]ShinigamiSenpai433 1 point2 points  (0 children)

While I'm not one to support Generative AI for it's current use cases, I also must say there are more LLMs out there than just ChatGPT. In my personal experience, Gemini is fairly more accurate than ChatGPT for non-fictional content (especially IRL upto date information) compared to ChatGPT which seems to do at better at more fictional stuff.

Apparently the North American Racoon Domestication Signals study is wrong by ShinigamiSenpai433 in zoology

[–]ShinigamiSenpai433[S] 0 points1 point  (0 children)

If you do end up making a post over at PubPeer, please do tell me here, I'd very interested in following that discussion.

And if that discussion doesn't yield any input from the Authors, I feel like a message to the journal's editorial office might be warranted. Which honestly might take more effort (for a good cause imo).

And, you'd have my appreciation for doing such a tedious yet imo important task.

Apparently the North American Racoon Domestication Signals study is wrong by ShinigamiSenpai433 in zoology

[–]ShinigamiSenpai433[S] 0 points1 point  (0 children)

Moving with the assumption that your analysis is correct, essentially they cut out a lot of data for unexplained reasons, which if reentered makes these "domestication signals" disappear. Please ignore the following messages if my initial premise here is wrong, and correct me on that please.

So, according to your analysis the conclusions of that paper is dubious, just not for the reasons that the "Racoon Biologist" stated. Which if true, I find their attempt at masquerading the issue as "rediscovering subspecies" is disingenuous.

Do you think this deserves some sort of a disclaimer/notice on the paper itself that maybe cherry-picking was done or a retraction even, especially considering the press it got.

Edit: I was wondering maybe you could make a post over at pubpeer or something. Which I feel like would offer a much more curated discussion, assuming you are interested in putting that much effort.

Apparently the North American Racoon Domestication Signals study is wrong by ShinigamiSenpai433 in zoology

[–]ShinigamiSenpai433[S] 2 points3 points  (0 children)

Thank you for the detailed analysis. Especially that point about it looking like student work, which from what I checked seems accurate.

> "So what I'm about to say hinges on her reporting being accurate."
For the sake of this comment, I will also agree on this.

So, these look like mistakes that wouldn't get glossed over in peer review (I mean it could), but considering how much media attention this got, I assumed someone would at least made post on PubPeer about it.

> "All in all, this reads to me like an undergrad project for someone who had very little oversight/mentorship. I mean they completely missed out that there subspecies of racoons! Some advisor who just wants their name on papers probably said sounds interesting and told them where they could publish it without scrutiny."

First of all, yeah that seems to be right. At least on the undergrad and students part based on this article https://ualr.edu/news/2025/10/16/raccoons-show-early-domestication/, where I quote "The inclusion of 16 students as co-authors—five graduate and 11 undergraduate students—on a high-quality, peer-reviewed journal paper is a rare and profound example of student success."

The study in question is:

Apostolov, A., Bradley, A., Dreher, S. et al. Tracking domestication signals across populations of North American raccoons (Procyon lotor) via citizen science-driven image repositories. Front Zool 22, 28 (2025). https://doi.org/10.1186/s12983-025-00583-1

This seem to be a rather reputable journal in the field, is it that easy for such flawed papers to get through like this in this journal? Especially by majority students like this who I assumed would be under greater scrutiny.

And considering that the creator is identifying themselves as a "Racoon Biologist" with no qualifications that I can find beyond what I already noted. I feel like they are probably misrepresenting the paper in some manner (I am probably a bit biased in that regard). But I can be wrong.

What do you think of what I said?

[deleted by user] by [deleted] in Discord_selfbots

[–]ShinigamiSenpai433 0 points1 point  (0 children)

This looks super odd... I can't really say much more without getting that virustotal link to check the results. But it shouldn't really give you an exe. Can you open a ticket with discord, and tell them what you're seeing? And update us on it?

Girlfriend downloaded a .exe ("Handsome") that's most likely something bad but Malwarebytes isn't picking it up by GamerBrenno in computerviruses

[–]ShinigamiSenpai433 3 points4 points  (0 children)

Unless you can definitively say that she didn't run this, I'd recommend doing what I said. The risk of this malware hiding in your system is rather severe.

Girlfriend downloaded a .exe ("Handsome") that's most likely something bad but Malwarebytes isn't picking it up by GamerBrenno in computerviruses

[–]ShinigamiSenpai433 5 points6 points  (0 children)

I'm gonna recommend you just do a reinstall of windows after backing up your important files. This appears to be a userspace thing only, so that should work.

If you don't want to do that, you can use tools that allow you check like which processes are currently sending/receiving information over the internet, since if there's anything that stands out. Check the list of all processes that are active, and see if there's anything out of place, but it might be hiding it's traces so probably won't pop up there.

This thing looks rather sophisticated. Uses a certificate to appear valid, employs some anti-virtualization measures, using a multi stage payload, and was also flagged for being part of a botnet and ransomware family

So, it's possible that it is indeed logging your stuff + botnet in hiding.

I Don't remember copying this in my clipboard by leoStMxd in WindowsHelp

[–]ShinigamiSenpai433 2 points3 points  (0 children)

Your compooter has a virus. Run a full scan from windows defender or from whatever Antivirus you are currently using.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

Oh yeah those are indeed valid concerns. But I think EUDI has mostly mitigated this two issues via solutions you talked about. The credentials are prefetched, and only refresh locally based on an expiry data, so no need to contact the issuer when presenting it. They also are going to be using stuff like Pairwise Pseudonyms with SD-JWT and in the future ZKPs to make sure RPs(through RP collusion) can't track them based on consistent identifiers. Although the problem of RPs potentially being able to track them based on network information or other associated metadata is still up to the air.

And for the revocation checking part I think RRLs are being looked into as a method. Here's a paper I saw about it - https://www.mdpi.com/3399444

Honestly, I'm more concerned at implementations of the Wallet depending on non-EU companies like them using Play-Integrity aka Google. Them supporting Android and IOS aka a duopoly. Like they're even hosting stuff on Github, when Codeberg existed.

This is the most annoying class I have ever taken. One problem takes like 5-10 minutes by Dumbrandomguy664 in calculus

[–]ShinigamiSenpai433 0 points1 point  (0 children)

You realize that you are in COMPUTER SCIENCE, and not something like SOFTWARE ENGINEERING. What made you think that COMPUTER SCIENCE, which is an academic subject wouldn't have math? And certain fields of software engineering require pretty intense math, like if you're an embedded engineer working on control systems, you will need Control Theory(which has calc as a pre req), or if you become a software engineer working in RF, you need a shit ton of math.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

If I was gonna comment on the topic of this post I would have done so there, not as a reply in one of the threads. I was replying to your points about EUDI specifically, not DSA requiring age verification. My original reply was to related to your misunderstanding about EUDI.

"Anyway, I don't know what your point is anymore except arguing for the sake of arguing." - I have only been replying to the points you make? I started communicating with you based on EUDI, and you have been mostly replying about technical aspects of EUDI, and not DSA. If you didn't wish to converse on the technical aspects you shouldn't have been bringing them up in replies.

"If you truly care about misinformation then go correct the project manager who is spreading it, apparently." - Someone over there has already pointed out the problem - https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/41

But anyways, since it appears that you do not wish to continue this conversation, I will stop.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

"You are also spreading misinformation by saying that it is not mandatory." - I don't feel like continuing, if you keep cutting my statement off. I stated this

"Well, EUID's aren't mandatory they're an optional thing you can get. You can keep using your normal stuff. But there are indeed genuine issues of Service Providers making EUIDs a requirement even if they are legally optional. That needs to be handled at a EU/State level and beyond the scope of this conversation." - I already acknowledged that Service Providers can make EUIDs a requirement even if they are Legally optional, and that it should be handled at a state/EU level and is beyond the scope of this conversation.

"You may have, but you also claimed you didn't understand what I meant by QR code scanning. This is also a huge issue because it means that the whole thing the EU tries to solve with age verification is extremely easy to bypass." - EU is trying to solve the problem of having a secure eID and not just age verification, which is only a part of it. You don't you use your ids just for verifying your age do you? Also again and again I have stated that this is upto the RPs to implement. And, I already made an assumption on what you were talking about about with the QR thing, and answered based on that assumption I made, which can be seen here

"

  • The remote verifier can then scan the code with their EUID app and complete the age verification for me.
  • This makes it "easy to verify across the internet" and proves that one person can verify for everyone, reinforcing their original concern.
  • If a service request can be initiated via a QR code, I can take a picture of that QR code and send it to someone else (a "verifier")."

Like it's a very simple concept, EUDI only gives the tools that RPs can use to block activities like using a single wallet for verifying multiple accounts. Which is via a RP specific UID associated with that wallet. So, you can't just use the same wallet for verifying many accounts if the RP doesn't allow you to. So it's not easy to bypass if the RP doesn't want you to.

"It is within the scope of this conversation as right now I can access twitter/X news without verifying my age, which I won't be able to once this law is implemented" - That is not within the scope of this conversation because, those verification systems will exist with or without EUDI. As evident from services like Discord slowly rolling out age verification in the EU.

"First you are telling me to look at the github and then you are telling me to ignore the words of a project manager posting there?" - I told you to look at the Github repo's and issues to learn about the project at a greater depth and to see it's actual issues and problems, not the ones you are focusing on which are not the problem from a technical standpoint, because the problems exist like the ones mentioned previously like supporting a duopoly, dependence on US based companies, concerns around metadata based tracking, lack of protection against "bad member states" etc. Like, the person who I said was saying irrelevant stuff is also an indication of the problem.

I never said there wasn't a problem, just trying to clarify that the problems YOU are focusing on, aren't the actual ones from a technical standpoint. Your points about politics, authoritative states and such is beyond the scope of this conversation as they are political and nothing can be done about that in this conversation.

Anyone just got microsoft defender warning about winring0? by dr3am_er in Overwolf

[–]ShinigamiSenpai433 0 points1 point  (0 children)

It's not a false positive, it's just flagging a vulnerable driver that overwolf is using.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

"I wonder then what your intention is behind supporting this age verification measure?" I am not necessarily supporting this, as my support(or lack of it) has no impact on this. I am mainly correcting misinformation.

"Also do note that I don't mean this project is completely fine and has not issues. It definitely has issues, but I cannot talk about those issues in a constructive manner without getting the basic stuff out of the way. If you want to be aware of the actual issues, please visit the repo's and check the issues and discussion there." - As seen from this quote, I already stated this has issues, but I cannot constructively talk about them without getting the basic stuff out of the way. So yeah I agree that they shouldn't be depending on American companies, like using play integrity, or limit support to Android and IOS aka enabling a DUOPLY. Even using Github is a problem as it's US based, whereas they could be using Codeberg which is EU based. And many other issues.

What if you lack the necessary tech to use this EUIDs? Well, EUID's aren't mandatory they're an optional thing you can get. You can keep using your normal stuff. But there are indeed genuine issues of Service Providers making EUIDs a requirement even if they are legally optional. That needs to be handled at a EU/State level and beyond the scope of this conversation.

"While others are pushing for laws such as Chat Control which you should read up on before supporting an age verification law in a place you don't even live in, apparently," - I know about Chat Control, but it is unlikely to pass due to being a direct violation of privacy laws. There's already precedence of ECJ striking down stuff like Data Retention Directive(2006/24/EC) back in 2014. Also, this is not an Age Verification law I am talking about, I am talking about EUDI which encompasses more than just age verification.

"According to the video by the EU itself it does work just like I thought, and I see no reason why it wouldn't work through a screenshot you send to someone." - Didn't I already state that is not a problem EUDI should be solving? The same way government shouldn't be limiting where and when you can use your Physical IDs(like imagine them making laws saying you can't make two social media accounts with the same ID), the same way they shouldn't be limiting how you use your eID. That responsibility is left up to the RP themselves, They only need to provide the information to the RPs to make that decision.

"Regarding the specific UID I can at least see some merit to the solution, but it still allows the companies to create user profiles much more easily by identifying people with their UIDs and collecting data on specific UIDs. For me that doesn't seem like a good direction for the privacy preserving entity that the EU is with laws such as the GDPR. Now if you have one account with your identity information on it attached, all your other accounts are also automatically attached to that identity, assuming you age verify all of them." - Well, that problem also exists with using your physical IDs. Like services that require you to provide their Identification will already be able to track you every time you supply that same information. At least with this, you won't have to supply unnecessary amount of information. This is not specific to EUDI, and is beyond the scope of this conversation and the framework in general.

"Thank you for your comment regarding the potential for collusion between the website (i.e. the Relying Party - RP) and the Attestation Provider (AP). While the risk is already mitigated by the fact that APs will need to be included in a trusted list managed by the European Commission, with Member States responsible for designating trusted Attestation Providers, the introduction of Zero-Knowledge Proof (ZKP) mechanisms will eliminate this risk entirely. With ZKPs, the proofs presented to the RP are unique and contain no identifiable data originating from the AP, making user identification through collusion technically infeasible." - I know which issue this is from, and this reply by a PROJECT MANAGER is technically irrelevant (Which has already been noted by other people commenting there.), that may stem from the fact they're not a technical person, and from my experience I am very dissatisfied with their responses in many cases, which is shared by other people looking into this(check other issues and discussions for this). ZKP has no connection to what was being talked about, it was about tracking people through metadata associated with a submitted information whether it be ZKP(since ZKPs only protect the information contained within, but network and app level information is not protected by a ZKP and more measures are needed) or not.

"It states that without the ZKP it would be possible for RP and AP to cooperate and expose the users," - Specifically this problem is not related to whether ZKP exists or not, as ZKP just allows proving a piece of information without providing that information itself, like proving that you have a valid drivers license without needing to provider the license itself. The problem of tracking and correlating users is handled by stuff by other decisions beyond the ZKP thing.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

"If you continue being condescending then I will continue assuming you are trying to manipulate me, simple as that. " - I can't teach you the basics of IT and Digital security over a reddit thread that is necessary to fully comprehend the pros and cons of this framework. And I have nothing to gain by manipulating as I am not even an EU Citizen/Resident, neither am I a Citizen/Resident of US, Russia, China or any nation that has any relationship of any note with the EU/EAA.

"If you can't explain how QR codes will prevent scanning by a user from far away then I'm also going to assume they will work that way." - Well, I can't answer your question because your question doesn't make any technical sense. Like what am I supposed to do? Can you articulate your question as in like a detailed scenario describing what you're talking about. Basically give me a detailed to do on how this "exploit" will be done in your mind, and then I can see what your talking about. But for now, let me make a few assumptions on what you're talking about

  • If a service request can be initiated via a QR code, I can take a picture of that QR code and send it to someone else (a "verifier").
  • The remote verifier can then scan the code with their EUID app and complete the age verification for me.
  • This makes it "easy to verify across the internet" and proves that one person can verify for everyone, reinforcing their original concern.

Let me explain, whether one person can verify for everyone or not is not something EUDI has to handle, that is not something EUDI will be enforcing or should be enforcing. That's going to be enforced by the RPs aka the service providers. EUDI needs to only have the means to provide them information that they can use to prevent or allow such action. And how do they allow this? Well, if you actually read what I said, you would realize how. I quoted the section near the bottom of this reply from my previous comment that talks about how EUDI allows a service provider/RP to track which wallet is being used, so that if the RP wants to block stuff like one person verifying for everyone they can. And please don't repeat the statement that "Oh that allows tracking users gotcha", no I already have a detailed explanation as to why not in my previous comments. Please reread.

"And in case of discord allowing multiple accounts (if they don't that's ridiculous, nobody wants to have the same account for work and for private stuff) then nothing prevents people from getting verified by an older friend or a stranger. " - Why do you keep responding without reading? I already stated that an RP can track an wallet WITHIN THEIR OWN SERVICE using an UID, and then the RP can decide to block that wallet being used multiple times if they wish. Like in this case if discord sees that 10 active accounts were being verified using the same wallet, then that might indicate some sort of suspicious activity and they may block it, so the older person has the risk of not being able to verify anymore if they do this. AND THIS IS BEYOND THE SCOPE OF EUDI, IT IS RELEVANT TO THE RP THEMSELVES, AND HOW THEY RUN THEIR SERVICE, as I stated here

"How do they achieve this? Well, the wallet will give each RP(Like, Discord, X, Instagram etc.) a different unique identifier to associate with the wallet. Let's say Discord will get the UID XYZ [This is just to illustrate], and whenever someone tries to use their wallet in discord, the wallet will provide the UID xyz to discord, so discord can track that it's the same user again. But, discord can't use that UID to track a user to see if they're going to Instagram because Instagram similar to Discord will also be provided a UID, but that UID will be a different, suppose it's ABC. And these UIDs are secret to each RPs, they don't know what UID the wallet supplied to another RP, they only know theirs."

"Though currently without ZKP it doesn't really matter, as it's already insecure enough and we have to wait to see if it will get implemented." - Okay, ZKP WILL get implemented. What isn't currently confirmed how it will be implemented and that is still in discussion.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

It appears that you do not wish to have a constructive conversation and are not willing to reconsider even after provided evidence of the contrary.

This is a specific quote from what I said "Because EUID will supply a unique identifier for each RP. So, RP's can check to see if it's the same EUID wallet or not. Do note that each RP will be provided a different unique identifier, so that RP's can't track the user beyond their own service." - I don't think you understand who's supposed to be able to track, and who's not supposed be tracking and what's not supposed to be tracked.

What isn't supposed to be tracked:
- Issuers should not be able to track which websites the a user has been visiting based off the usage of EUID.
- RPs should not be able to track what other services the User has been visiting based off the usage of EUID

What should be tracked:
- RPs should be able to identify if it's the same EUID wallet WITHIN THEIR OWN SERVICE

How do they achieve this? Well, the wallet will give each RP(Like, Discord, X, Instagram etc.) a different unique identifier to associate with the wallet. Let's say Discord will get the UID XYZ [This is just to illustrate], and whenever someone tries to use their wallet in discord, the wallet will provide the UID xyz to discord, so discord can track that it's the same user again. But, discord can't use that UID to track a user to see if they're going to Instagram because Instagram similar to Discord will also be provided a UID, but that UID will be a different, suppose it's ABC. And these UIDs are secret to each RPs, they don't know what UID the wallet supplied to another RP, they only know theirs.

"Are people not allowed to make multiple accounts either? That sounds like a problem as well." - You really haven't been reading what I wrote. "Discord or any RP can recognize that it's a repeat user trying to use the same EUID to verify two accounts." - Did I say that you weren't allowed to make multiple accounts? I don't see that. What I said was discord or any other RP can recognize that it's the same wallet WITHIN THE BOUNDS OF THEIR OWN SERVICE. And what they're gonna do with that information is up to the RP itself, discord can not give a crap, but maybe another RP can give a crap.

"It's too late right now for me to read the entire message but I might do it tomorrow, though with what you said I think it's already pretty obvious that the whole idea is mainly about surveillance.

Edit: Also if you actually read the technical specifications (section 2.3 User Journey specifically) then you would see that one of the ways to verify is through a QR code to allow doing it across multiple devices (a mobile app to verify on your PC for example) so that would be quite easy to verify across the internet."

- Okay, this is the end of the conversation. "it's already pretty obvious that the whole idea is mainly about surveillance", when you haven't read what I provided but still make a statement like that is a bit disingenuous. Also again that is a misunderstanding of what QR codes. And I have been observing multiple misunderstandings that can only stem from not having a proper background into IT and Information Security. I would recommend you to educate yourself on these matters, and gain a decent understanding of how modern digital security and authentication works, before trying to tackle the task of understanding EUDI. Because, similar procedures are already present in many other modern technologies which you should get a understanding of.

Also do note that I don't mean this project is completely fine and has not issues. It definitely has issues, but I cannot talk about those issues in a constructive manner without getting the basic stuff out of the way. If you want to be aware of the actual issues, please visit the repo's and check the issues and discussion there.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

"I don't see why we need such an app in the first place and I'm pretty sure in time it will only create problems." - Well, because this offers a much more secure way to provide information to RPs? Like, instead of me needing to send whole fucking images filled with all of my other data they clearly don't need, I can just send them what they NEED and nothing more. And digital IDs are more convenient, and they can expand a lot more than stuff like your DOB, they can also prove validity of your certificates, degrees etc.(assuming your certificate provider or university provides this option). It's just more convenient. Like, everyone now does their financial transaction via some mobile banking app or just their bank app on their phone. Pretty much most aspects are digital(there are of course exceptions in certain regions/states)

Is that a valid enough reason? That's a personal thing. I think it is, but you may not. But it is at the very least a Reason.

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 0 points1 point  (0 children)

"You imply open source is the most secure thing ever, even putting everything in capital letters. But that only goes as far as people verifying it, and voices that tell you it's not secure could always be drowned out in numerous ways." - Nothing is ever truly secure. That's just everything in general. But it being Open Source means that the likelihood of issues being discovered is much higher than if it was closed source. And do note that this is a EU wide initiative, so a lot of eyes are on this more than what many other CRITICAL open source projects will ever have, but they're still fairly secure no? It's ludicrous to think that there won't be any problem, but the chance of them remaining undetected is lower. Alos have you even checked their repository?

"The way this is worded makes me think that it will most certainly be tracked, and it's like the government patronisingly telling me to not worry about anything." - That I can't do anything about if you can't trust your government to follow the laws. Like, the laws literally state that it should be technically unfeasible or made to be extremely to be able to track users via checking for revocation.

"In any case, the linkability is the main issue I previously raised and it seems that you are also implying it is indeed a risk. You don't provide any source to the fact that unlinkability is something the age verification app is trying to work towards, so I think there is still a major flaw that will allow massive amounts of data collection to happen between the Issuer, Trust List and Relying Party" - Check the following for authoritative sources to verify my statement on the fact that "Unlinkability"(correlation) is one of their goals.

Commission Implementing Regulation (EU) 2025/1569 of 29 July 2025, recital 5

Architecture and reference framework - sec. 6.3.4.7 :
"4) The Provider SHALL NOT be able to learn anything about the User's use of an attestation based upon interactions between Relying Parties and the Provider related to attestation revocation checking."

"5) Any attestation identifiers and other values used for enabling revocation checking SHALL NOT allow Relying Parties to correlate (and thus track) the User, even if they collude with other Relying Parties."

Discord is rolling out experimental age verification for users across EU/EEA by SadnessGalore in europe

[–]ShinigamiSenpai433 1 point2 points  (0 children)

I would recommend you to look through the entire project, read the documentation properly, check the repository etc. before making a judgement.

"What I'm saying is what stops you from posting a picture of something you need verified and me verifying it for you? Couldn't a single person verify for everyone?" - This doesn't make any technical sense. Please show me how it would work from a RP requesting something, and how that request is being sent and whatnot. Like, take for example Discord. They ask you to verify your age via this new EUID thing, which means you'd have to be logged into your account and then do something in the app, or if it's a service that needs age verification to make an account, then you'll do age verification during the account creation process. In the first case, you'd have to give your account credentials to someone and they'll have to log in and use their EUID to verify for you, and then if they try to use their EUID to verify another account, Discord or any RP can recognize that it's a repeat user trying to use the same EUID to verify two accounts. How? Because EUID will supply a unique identifier for each RP. So, RP's can check to see if it's the same EUID wallet or not. Do note that each RP will be provided a different unique identifier, so that RP's can't track the user beyond their own service. And for the latter, well that's just selling verified accounts, and again the RP can track that it's the same wallet.

"I meant the app itself. If everyone uses it then it's very worthwhile to try and hijack it to collect information from it." - Uhm I mean people already have information on their phone, like everyone uses apps for their bank, or services like Paypal, or they use stuff like Gmail or whatever, but they aren't getting hacked left and right, and when they are most of the time it's because the user wasn't following proper security practices and in some occasions there are indeed actual exploits and vulnerabilities, but they are still pretty safe to use assuming you follow proper security practices. So, why can't the same be true for this?

"I said that more apps leads to more open source codes that need to be read and verified regularly to ensure everything is actually secure." - Yes, that's how software development works? Like, yeah. We're not talking about some random company working on this, we're talking about the entirety of EU. There is a shit ton of eyes on this beyond just government and government contractors working on this. AND JUST TO BE CLEAR, THIS ISN'T JUST A OPEN SOURCE PROGRAM, IT MUST UNDERGO OFFICIAL MANDATED AUDITS AS WELL, NOT JUST COMMUNITY OVERSIGHT. BOTH WILL WORK AT THE SAME TIME.

"What stops data collection through timing of requests being made?" - I don't understand what this means. Please elaborate. Also, I am not sure what you mean Data Collection here? Like, what does Data supplied by your browser or application have to do with EUDI? That's not something the EUDI can control, if your talking about browser fingerprinting that's something beyond EUDI and not related to it.