ChrisR

This isn't an age verification bill. This is device level KYC. Every operating system would need proof of age which means gov ID + photo for every device connected to the internet. The lazy default implementation? Gov ID + selfie to Persona. The same KYC Discord and Anthropic just rolled out (yep, we're already moving to KYC for AI). This makes one giant honeypot for hackers and is a bow-wrapped gift to the corporate surveillance machine (and U.S gov surveillance who harvest data from them). There's no technical reason to build it this way. We already have zero-knowledge age verification that works at scale, @zkpassport lets you prove you're over 18 without revealing who you are. Data never leaves the device. The tech exists. But that's not the worst part. If every device is gated by gov ID, then revoking the ID revokes digital existence. Revoke passport = digital excommunication. Actually insane we have legislators considering this.

Global energy infrastructure is under sustained attack. Much of this is mid-east and Russia/Ukraine related, but oil refineries are also burning in the West, along with attacks on Western supply oil pipelines. In addition, Western politicians have de-commissioned or destroyed many of our coal fired electricity manufacturing plants. This is an engineered energy crisis which no doubt ties in with the fanatical Net Zero / WEF / UN Agenda 2030. The two vids below occurred over the last few days in Australia and Mexico. The war on energy is a global war and few people understand why it is happening and where it will lead in the very near future. NB: There is a simultaneous war being conducted against the food producing Western farmers too. Land grabs, tax rises and a severe reduction in fertiliser production. This is all very serious. UN Agenda 2030 is real.

So sieht es aus. Die Regierung erklärt den Bürgern, dass wir uns im Krieg mit Ozeanien befinden. Die Straßen zerfallen, die Schulen müssten dringend renoviert werden, die Rentner sind unter der Armutsgrenze. Das ist alles schlimm, aber das muss zurückstehen, weil wir erst den Krieg auf dem anderen Kontinent gewinnen müssen. Dafür müssen die Bürger die nächsten Jahre und Jahrzehnte hohe Opfer bringen. Gleichzeitig darf man im Kampf gegen Ozeanien nicht geizig sein. Das Geld muss kräftig fließen. Wer Zweifel an der offiziellen Darstellung hat oder gar Lügen verbreitet, ist ein Staatsfeind und muss eingesperrt werden. Um Staatsfeinde zu erkennen, muss die Bevölkerung lückenlos überwacht werden. Das ist logisch und niemand kann etwas dagegen haben. Die Regierung muss sich selbst, um handlungsfähig zu bleiben, die Diäten üppig erhöhen und den Beamtenapparat zügig ausbauen. Es geht ja schließlich um die Zukunft. Versteht das endlich, ihr Narren!

Germany Is Going Away I've been going back to Germany often over the last three years. One thing stands out every time: nobody speaks fluent German anymore. I kept count on a trip earlier this year. I interacted with ~20 people -- baristas, taxi drivers, store clerks, etc. and I'd involve them in conversation long enough to get a feel for their fluency. ~15 of them just wouldn't pass what I'd consider a reasonable language test. Broken grammar, poor diction. All my interactions were friendly and polite, but these people just don't speak the language. In the most egregious cases, they default to English instead. I found it just baffling to talk to people in positions of relative importance -- airport staff, for example -- and hear them fuck up Der/Die/Das. Let me explain. I lived in Germany from 1997 through 2002, Kindergarten through 3rd grade. Nearly all my childhood memories involve only natively fluent speakers. Some of them had immigration backgrounds, but the level of integration, i.e. language fluency was very high. It would've been unthinkable to run into people several times a day who just struggle to communicate. This is the type of thing that's probably hard to notice if you live there: the proverbial frog in boiling water. But I notice it very clearly because I go back so rarely, sometimes years apart. Every time it hits like a ton of bricks: "that's not how I remember it!" And the changes over the ~2 decades that I've been gone are very, very clear. A generation of workers has aged out, i.e. been replaced by a new generation, and so the demographics have shifted. Nowhere is it clearer than in the ability of people in public life to communicate in the German language. What I cannot stress enough is how weird this feels. For the vast majority of my readers: you have never experienced anything like this. You probably never will. It is an exceedingly strange and alienating feeling to return to a familiar place -- home at one point in your life -- and to find that people there can't speak the language anymore. They literally can't. The culture you grew up with is no more, and you may look around for someone else who understands, but you are all alone.

Let's shift focus and explain why the #EU #AgeVerification concept is fundamentally flawed. Assume: 1. The production app is released. 2. It's 100% secure, 100% private (fantasy land, but stick with me) 3. It cryptographically challenges every step, including hardware attestation which requires a physical device. 4. Every single other attack vector in the surrounding environment is somehow magically patched. aka - it's working exactly as intended/designed. It does not protect against a relay attack. This is a threat they considered and somewhat addressed here: github.com/eu-digital-ide… With the current design, there's nothing preventing someone running a verification-as-a-service; a remote Android device which returns a valid attestation. Remember, it's not returning "I am over 18", it returns "someone is over 18". Neither the verifier, nor the app has any way to link the session ID to a physical device. Their own docs state this clearly: Remote Cross-Device Presentation: "Note that the Wallet Instance does not see any difference between the cross-device flow and the same-device flow. In both cases, it receives an OpenID4VP-compliant presentation request over the Wallet Instance-platform API described in the previous section." This is a known & well-understood attack vector in all remote credential presentation models; it's just not mitigated in this one... primarily because they can't. CTAP 2.2 won't work with all app flows, hardware attestation doesn't mitigate relay attacks, on-demand liveness detection would be too intrusive & potentially privacy-invasive & timing calculations don't reveal anything useful... all the available options to resolve this break the core design; completely anonymous age verification. The Architecture & Reference Framework (ARF) is technically sound in some respects. They considered external threat actors and discussed solutions to mitigate them, including ZKP. However, the EC applied the wrong threat model, thus arriving at the wrong conclusion. Yes, you need to protect against malicious verifiers, phishing sites, session hijacks, data brokers et al... but that's addressing external threats, it doesn't protect the architecture from the user itself. In virtually every other scenario, the user and system's interests are aligned; protect my biometric asset at all costs. Specifically for age verification, most users do not want to present ID simply to access a website, so whilst the system may adequately protect from external threats, if the user wants to bypass the system, they can... and the architecture doesn't consider this. Every single applied mitigation assumes the user is the protected party, not the threat actor. To those people claiming "it requires physical access to the device and root, this is BS/hyperbole", you too applied the wrong threat model & completely missed the point. These disclosures demonstrate that you, the user, are the threat actor they haven't considered. You have your device. You can root your device. You can create a chrome extension, just as I did. Ironically, it's precisely those under 18 who can't pass verification who are motivated to bypass it. So where does that leave us? A system which replaces "I am over 18" with "someone is over 18", with absolutely no guarantee that it's true... which is the entire purpose of the app.

⚠️Warning! Former HUD official says we have only 2 years to prevent the digital enslavement grid. "We have maybe at most two years." "When they say it's 2030 and you have no assets, they're serious." "They can literally take all your assets, including your kids." This clip of Catherine Austin Fitts, a former Assistant Secretary of Housing and Urban Development, investment banker, and founder of the Solari Report (@solari_the), is taken from a discussion with the Canadian Prepper (@PrepperCanadian) posted to YouTube on April 10, 2026. ----------------Partial transcription of clip--------------- In other words, it's the end of currency because it's simply a rule system. And you can earn credits in the rule system and the rule system can apply all sorts of carrots and sticks. So if you're very, very good, you could get more credits. If you're bad, you could have your credits taken away. So the big issue here, if you look at the world that we've grown up in, most of us have grown up, whether Canada, the United States, in a world where the bankers control monetary policy and the people's representatives control fiscal policy, which means the people's representatives set taxes and then determine how the money's going to be spent. Now, the bankers in the system can control what taxes are. If they want to raise taxes, they just take it out of your account. You have no control. And, there's no need to vote for representatives because the bankers can control it directly and they can decide how it's spent. And if you don't like that, they can turn off your money. This is coming now. I mean, if you look at the debanking, you look at the control of credit cards, if you look at the new stablecoins putting terms and conditions that say you're not allowed to buy, you can't buy a bow and arrow with Circle until there was a whole hullabaloo and they had to change their terms and conditions. But this is here now. And most importantly, the laws and the systems are being put in place that make this possible. So now is the time. We have maybe at most two years to do the things we need to do to prevent this from clicking in and going live. So when they say it's 2030 and you have no assets, they're serious. They're creating a system where they can literally take all your assets, including your kids.

Mijn x ontplofte gisteren vanwege mijn post over leeftijdsverificatie en DigitalID. Veel medestanders. Klinkt mooi maar ben toch niet gerust. De eerste persoon (buiten X) die ik spreek: “lijkt me alleen maar goed dat kinderen minder op social media zitten”. Zonder brede uitleg aan de bevolking wat de échte effecten zijn voor ons allemaal gaan we dit niet winnen. Hoe leg je uit dat ouders de kinderen geen smartphone of social media hadden hoeven te geven als ze het zo slecht voor de kinderen vinden? Daar heb je toch geen overheid voor nodig? En waarom is er geen brede informatiecampagne over alle tweede orde effecten van digital id? Ik ben serieus verbaasd over hoe schouderophalend men autonomie uit handen wil geven. En als je het uit handen geeft komt het niet vanzelf meer terug.

The “age verification app” the EU wants to impose on the world got hacked in 2 minutes. Step 1: Present a “privacy-respecting” but hackable solution. Step 2: Get hacked (you are here). Step 3: Remove privacy to "fix" it. Result: a surveillance tool sold as “privacy-respecting”.

@jaegerthomas2 Soviel wie möglich vom Vermögen der Bürger abgreifen, bevor die totale Armut durch die UN-Agenda 2030 einsetzt? 🤔

Zu wenig, zu langsam, auf Kosten Dritter. Es drängt sich der Eindruck auf, als wollte die Regierung bewusst an den Aufgaben, vor denen sie steht, scheitern. Warum hat sie das vor? Und wenn sie das nicht vorhat, was hat sie dann vor?

Das ist aber schlicht nicht zutreffend. Wir haben das hier sehr verständlich erklärt. Sogar ohne Netzengpässe ist das eine grobe Fehlwahrnehmung. Die massiven Speicherinvestitionen würden den Bedarf an Gaskraftwerken nicht eliminieren, die notwendigen Subventionen für diese Kraftwerke würden aber deutlich höher werden und man würde Flexibilität „doppeln“ also kostspielig Redundanz aufbauen. wirtschaftsdienst.eu/inhalt/jahr/20…

Bypassing #EU #AgeVerification using their own infrastructure. I've ported the Android app logic to a Chrome extension - stripping out the pesky step of handing over biometric data which they can leak... and pass verification instantly. Step 1: Install the extension Step 2: Register an identity (just once) Step 3: Continue using the web as normal The extension detects the QR code, generates a cryptographically identical payload and tells the verifier I'm over 18, which it "fully trusts". This isn't a bug... it's a fundamental design flaw they can't solve without irrevocably tying a key to you personally; which then allows tracking/monitoring. Of course, I could skip the enrolment process entirely and hard-code the credentials into the extension... and the verifier would never know.

Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.

Windows defender has been compromised. right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on thread

@Keir_Starmer Not your business.

I know parents are worried about social media and its impact on their children’s safety. They rightly expect fast action. Today, I’m calling on senior leaders from X, Meta, Snap, YouTube and TikTok to step up. I will do whatever it takes to keep children safe online.

@BMG_Bund @ninawarken Welches "wir" meinen Sie denn? 🤔

Die Kassen der gesetzlichen Krankenversicherung sind beinahe leer – und deshalb müssen wir jetzt alle gemeinsam anpacken. Für ein zukunftsfähiges Gesundheitswesen und eine gute Versorgung für alle! Mehr dazu im Video mit @ninawarken 👇

Die Anatomie eines digitalen Suizids: Von der „Mini-Wallet“ zu EUDI, DSA und CBDC 🧵 Die aktuelle Age-Verification-App der EU ist kein isoliertes Projekt. Laut offiziellen Dokumenten wird sie als „Mini-Wallet“ konzipiert und später nahtlos in die European Digital Identity Wallets (EUDI) integriert. Die Architektur basiert auf dem EU Digital Identity Architecture Reference Framework (ARF). So funktioniert die Technik im Hintergrund: 🛂 Attestation Provider (AP): Eine staatliche Stelle verifiziert den echten Reisepass per NFC/OCR plus biometrischer Liveness-Prüfung. 📦 Datenminimierung (mDoc): Es wird nur ein simples Ja/Nein-Attribut übermittelt (z. B. „age_over_18: true“). 🛡️ Zero-Knowledge Proofs (ZKP): Kryptografie beweist die Gültigkeit der Signatur, ohne echte Daten preiszugeben. Viele wittern hinter dieser präzisen technischen Verknüpfung nun einen genialen, bösartigen Masterplan. Doch wer die IT-Sicherheit kennt, sieht hier keine meisterhafte Strategie. Im Gegenteil: Wir beobachten hier eine grenzenlose bürokratische Hybris. Wer alle kritischen Systeme an einen einzigen Knotenpunkt bindet, baut kein unangreifbares Imperium – er baut den dümmsten digitalen Honigtopf der Menschheitsgeschichte. 1. Die Gewöhnungs-Phase: Privacy als psychologischer Köder 🎣 Man verkauft die App über den moralischen Schild des Jugendschutzes. Die Bürger werden daran gewöhnt, den biometrischen Ausweis an das Smartphone zu koppeln. Die EU baut die Infrastruktur hochprofessionell auf und klopft sich für die „Privacy-by-Design“-Lösung auf die Schulter. Das Fundament für den zentralen Zugang liegt. 2. Die Konvergenz: EUDI trifft auf den Digital Services Act (DSA) ⚖️ Sobald die „Mini-Wallet“ zum vollen EUDI-Standard wird (Rollout 2026), schnappt die Falle rechtlich zu. Der Digital Services Act (DSA) zwingt die Plattformen, Nutzer rechtssicher zu verifizieren, um Strafen für „Desinformation“ zu entgehen. Die Wallet mutiert vom freiwilligen Gadget zur zwingenden Eintrittskarte für das europäische Internet. Die Entanonymisierung des Diskursraumes ist abgeschlossen. 3. Das architektonische Endspiel: Die Central Bank Digital Currency (CBDC) 💶 Wenn Identität und Kommunikation ohnehin am staatlichen Node hängen, wird der letzte Baustein eingeklinkt: der Digitale Euro. Eine CBDC braucht zwingend kryptografisch authentifizierte Transaktionspartner. Die Wallet, die heute nach dem Alter fragt, steuert morgen das programmierbare Zentralbankgeld. Identität (EUDI) + Kommunikationszugang (DSA) + Finanzen (CBDC) in einer einzigen Architektur. Und genau hier offenbart sich, warum das keine brillante Strategie ist, sondern architektonischer Suizid. Man erschafft völlig freiwillig einen Single-Point-of-Failure für die sensibelsten Daten von 450 Millionen Menschen. Wir dürfen uns daher jetzt schon entspannt zurücklehnen und die Uhr danach stellen, wann dieser gigantische, verlockende Honigtopf leckt und die verifizierten Datensätze aller europäischen Bürger im Netz zum Download stehen. China hat uns mit seinem jüngsten 10-Petabyte-Datenleck ja gerade erst sehr eindrucksvoll demonstriert, wie meisterhaft „sicher“ solche monumentalen, zentralen Staatsdatenbanken in der Praxis wirklich sind. 🤣🦊

Destroying the @InternetArchive's @WayBackMachine would be the equivalent of the burning of the Library of Alexandria - one of the worst losses of knowledge in history. Media giants are now threatening to do this. We can't let this happen. Pass it on.

The protests in Ireland are not about just fuel! They are about the distance between Ireland on this graph and every other modern and developed economy. Ireland is second wealthiest but gets waaaaay less than any other country for that wealth. By a golden mile. That visual gap in this graph? That’s what people are protesting. It’s a lack of infrastructure and the everyday enshittification of services, the economy, and the additional difficulty of trying to live, relative to peers in any other country. It also highlights why people don’t get uniformly listened to! - because there is no government architecture to engage meaningfully across this huge gap. That gap is a three hour drive to work in traffic, a 14 month wait for an MRI, buses that don’t arrive, trains that don’t exist, schools that have no places for your kids, houses that are unaffordable, pubs that close before midnight, €12 sandwiches, expensive fuel. People feel this gap, even if they can’t explain it precisely. And that builds into resentment, and ultimately protest. Fuel just happened to be the next thing that could be pointed to, today.

"Aus meiner früheren Tätigkeit als Verfassungsschutzchef weiß ich, dass der politische Linksextremismus politische Feindbekämpfung gegen all diejenigen betreibt, die keine Sozialisten sind. Die Stasi hatte auf wissenschaftlicher Grundlage die Technik der Zersetzung entwickelt, um Feinde des Sozialismus politisch, gesellschaftlich oder wirtschaftlich so zu schädigen oder zu vernichten, damit sie ungefährlich für das sozialistische Regime waren. Ein Instrument der Zersetzung war die Diskreditierung und Diffamierung der "feindlich-negativen Zielpersonen". Es wurde ein auf die Zielpersonen zugeschnittenes Konzept einer Rufmordkampagne erarbeitete, um das Ansehen der Personen durch wahre Tatsachen, durch verfälschte oder durch frei erfundene Tatsachen oder durch Meinungsäußerungen und Werturteile von politischen, wissenschaftlichen oder moralischen Autoritäten zu schädigen und zu zerstören. Ein anderes Instrument, das regelmäßig in einer zweiten Stufe zum Einsatz kam, war die Kriminalisierung des politischen Feindes, indem ihm strafrechtlich relevante Verfehlungen anhängt wurden, die regelmäßig am Schreibtisch konstruiert oder frei erfunden waren. Die dritte Stufe der Zersetzung war die Neutralisierung des Feindes durch Haft, Ausreise ins Ausland oder dadurch, dass die Person systematisch in den (Frei-)Tod getrieben wurde. Dieses Zersetzungstechnik ist komplex, und es bedarf einer guten Schulung, um auf die Zielpersonen zugeschnittene Zersetzungskonzepte zu erarbeiten. Die Technik der sozialistischen Feindbekämpfung durch Zersetzung sehe ich ohne Zweifel heute bei den Anhängern der extremistischen politischen Linken im Einsatz, die nahezu jede nichtsozialistische Person des öffentlichen Lebens, die aus deren Sicht für die Durchsetzung der radikalen ökosozialistischen Politik hinderlich oder gefährlich sein könnte, mit diesen Maßnahmen überziehen. Ich bin überzeugt, dass diejenigen die diese Konzepte heute erarbeiten über eine entsprechende - wie auch immer erlangte - Schulung verfügen." Hans-Georg Maaßen im Oktober 2023 in der @JuedRundschau TM

Lieber Herr @bundeskanzler, Ihre Idee, dass die Entlastung der Arbeitnehmer aus den klammen Kassen der Selbständigen bezahlt werden soll, wird in weiten Teilen des Mittelstandes als Verhöhnung verstanden. Es regt sich erster Widerstand. Berechtigt. Hat meine Unterstützung.