The European Commission has long sought an effective, universal age verification tool to shield minors from inappropriate online content and force digital platforms into regulatory compliance. The latest product of these efforts was a dedicated app that secured official government approval. It was publicly greenlit for widespread deployment, with its developers promising the highest standards of data protection for European citizens’ sensitive information.
However, the technical reality fell drastically short of the bureaucratic optimism. Even before the official launch, independent researchers and developers analyzing the software’s repository on GitHub were sounding the alarm. The tech community unequivocally flagged the project as unfit for commercial use, pointing out glaring architectural flaws, vulnerabilities to basic attacks, and a failure to adhere to foundational cryptographic standards. Despite this, formal reports and warnings from engineers failed to halt the certification process.
The consequences of ignoring the tech sector arrived swiftly. Shortly after the app received the green light, independent security researchers decided to stress-test its alleged reliability in the wild. It took them a mere two minutes to break the system and completely spoof the age verification process. The safeguards proved so illusory that bypassing them didn’t require highly specialized knowledge – just simple tools used to modify network requests.
Instead of revolutionizing European digital security, the Commission-funded €4 million project sparked a wave of crushing criticism and exposed the fragility of bureaucratic procedures. Telegram founder Pavel Durov mercilessly weighed in on the situation, calling out the policymakers’ hypocrisy:
As of publication, the European Commission has not publicly addressed the tech community’s allegations, rolled out a patch, or issued any official statement regarding the compromise of its newly unveiled app.