I have no Android phones. Just avoid the privacy disaster apps entirely. Switch your banks, buy transport tickets that are printed out.

Available options for mostly open systems among others seem to be the PinePhone, the ClockworkPi uConsole, and the Librem 5. The latter two seem to have significant shipping delays and more technical caveats, however.

While on some level I agree, perhaps it’s time to push Linux phones as well?

For anybody who has any sort of techie knowledge, that could be a better long term option once Linux phones get more momentum and funding.

I disagree TPM is a good candidate.

And I think many of us reject the premise we should submit to any central id provider for half of the internet in the first place. There are less risky approaches: https://www.politico.com/news/2025/10/13/california-law-online-age-checks-00606115

Here are my sources:

1. https://pluralistic.net/2025/08/14/bellovin/ (I don’t agree with every bit of that article.)

   In practice, the security and privacy guarantees of the CL protocol require two different kinds of wholly independent institutions: identity providers (who verify your documents), and certificate authorities (who issue cryptographic certificates based on those documents). If these two functions take place under one roof, the privacy guarantees of the system immediately evaporate.

   (“CL” seems to refer to a common zero knowledge proof algorithm.)

2. https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/blob/main/docs/architecture-and-technical-specifications.md#332-enrolment-methods-without-existing-identification

   Technical Requirements: An Age Verification App shall support the following: […] Request from the operating system a tamper-evident attestation of AVI properties

   (As far as I know, they mean device attestation with this where you no longer fully control your device.)

3. https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/20

   The EUDI Wallet team is participating in a wider, EU-wide collective sleepwalk into a serious trap: You, along with the entire EU Digital-Identity movement, are hard-wiring the EU’s civic governance to Apple and Google’s hardware and software stack.

4. https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/15

   Requires accepting “Terms of Service” to access basic functions of being a citizen. Your demo video shows you requiring accepting “Terms of Service” and “Data Protection Information” which I guess should really be “Privacy Policy”.

Feel free to share your sources.

I am referring to the EU Wallet age verification app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/ Sorry that I forgot to link it.

And just because it might beat PostIdent, doesn’t mean it’s sane to give up online anonymity for age checks everywhere. The EU claims the wallet will allow anonymous age checks, but if they ever tracked you, pretty sure you wouldn’t know.

Sorry if I misread your post, but hopefully this comment of mine is relevant:

In my humble opinion, the digital wallet is horrible, because as far as I can tell 1. it requires Google device attestation so all custom ROMs are out and to be a citizen you can apparently no longer own your device, 2. unless you use iOS or Android you’re apparently not a citizen and you can’t e.g. purely use Linux (this is as far as I know not the case with the German AusweisApp), 3. once everyone is used to using some citizen app like that, I feel like a fascist government could easily tie it to a social score or other authoritarian measures bewyond the age verification. 4. There is a privacy friendly alternative approach for age verification anyway, that most governments seem to conveniently be ignoring: https://www.politico.com/news/2025/10/13/california-law-online-age-checks-00606115

Also see here on the EU apparently trying to make this mandatory: https://leminal.space/post/31858818/21120139

The EU has apparently decided that this has to be done for most public platforms by July 2026, so Discord may not have much of a choice and other platforms will likely follow: (Edit: I forgot, the EU strict age verification stuff seems to be limited to EU DSA’s definition of “platforms” so as a text messenger I’m not sure Discord is part of it. But this’ll still likely be coming to more services near you and perhaps Discord is just voluntarily joining the chaos…)

I could be wrong I’m not a lawyer, assume everything I write from here is bullshit, but see here:

https://www.mlex.com/mlex/articles/2368265/online-services-get-up-to-12-months-to-apply-age-verification-eu-guidelines-say “Online services get up to 12 months to apply age verification, EU guidelines say” This was in July 2025.

EU guidelines in question seem to be: https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors + https://ec.europa.eu/newsroom/dae/redirection/document/118226 Quotes:

“[…] the Union legislature enacted Article 28 of Regulation (EU) 2022/2065 of the European Parliament and the Council (6). Paragraph 1 of this provision obliges providers of online platforms […] to ensure a high level of privacy, safety, and security of minors, […]”

“Self-declaration is not considered to be an appropriate age-assurance measure as further explained below.”

“In the following circumstances, […] the Commission considers the use of access restrictions supported by age verification methods an appropriate and proportionate measure to ensure a high level of privacy, safety, and security of minors: […] an online platform accessible to minors has identified risks to minors’ privacy, safety, or security, including content, conduct and consumer risks as well as contact risks (e.g., arising from features such as live chat, image/video sharing, anonymous messaging)”

“Age estimation methods can complement age verification technologies and can be used in addition to the former,” (AKA the alternative to a literal gov ID check seems to be big data AI sucking up all user data to estimate user age.)

The in my opinion horrible solution the EU seems to have found to avoid sharing the physical ID for services that don’t want to request one, is apparently this app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui Which from what I can tell 1. it requires Google device attestation so all custom ROMs are out and to be a citizen you can apparently no longer own your device, 2. unless you use iOS or Android you’re apparently not a citizen, 3. once everyone is used to using some citizen app like that, I feel like a fascist government could easily tie it to a social score or other authoritarian measures bewyond the age verification. 4. There is a privacy friendly alternative approach anyway, that most governments seem to conveniently be ignoring: https://www.politico.com/news/2025/10/13/california-law-online-age-checks-00606115

Anyway, I’m not a lawyer and this isn’t legal advice. But spread the word, somehow press seems to be ignoring this.

https://economictimes.indiatimes.com/news/international/us/us-stock-market-crashes-today-why-are-dow-sp-500-nasdaq-down-today-tesla-meta-microsoft-in-red/articleshow/127780471.cms This isn’t investment advice, I just thought this might be interesting to read! (Additional angle of same story)

I continue to believe the risk is real and supported by my links and quotes. You might notice some people in the linked discussions who seem to be thinking it’s not entirely baseless. You’re free to disagree. I’m not a lawyer anyway.

I will stop discussing since suddenly this is about “normal” and I guess “abnormal” donations, and I don’t think we’re having a clear-headed debate here.

Did you actually read the quote I gave? I’m honestly confused.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ%3AL_202402847

Supply in the course of a commercial activity might be characterised not only by charging a price for a product with digital elements, but also by charging a price for technical support services where this does not serve only the recuperation of actual costs, by an intention to monetise, for instance by providing a software platform through which the manufacturer monetises other services, by requiring as a condition for use the processing of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software, or by accepting donations exceeding the costs associated with the design, development and provision of a product with digital elements

TL;DR, just donations can already be a problem, apparently. But IANAL.

As far as I understand the license doesn’t matter at all for EU regulation, other than “non-free” software is treated even worse.

Generally if you give something away for free, you can’t be claimed to be the owner.

The CRA from what I can tell applies to software given away for free, sadly. I’m not a lawyer, though. But you can perhaps see why people don’t trust the EU.

I admit it’s a complex topic, but if you read the post in detail, it should answer your questions. The “owner” is typically the maintainer, if in doubt that’s the person with repository write access. And the EU can apparently potentially require whatever to be maintained, not that I understand the exact details. The point was that the regulation doesn’t seem to avoid FOSS fallout well.

The EU has been so far bad at making sure FOSS isn’t seen as a paid product in the eyes of regulation, even in cases where it’s clearly unpaid, see here. They can’t be trusted to get this differentiation right.

Therefore, unlockable bootloader seems like the better idea. Get people to Linux and open Android variants if the closed-source companies won’t serve them.

Many of us dislike all the things you listed for their impact, including AI.

I think most people would argue 1-3% of datacenter use is still a significant global pollution factor that is a problem.

Does PeerTube have a better discovery algorithm than Mastodon? I have found simply tags and newest doesn’t work for me.

Does anybody know a Youtube that has videos about tech tinkering, crafting, and making art? I’ve tested out Odysee once, but at the time it was full of right-wing xenophobic stuff, which seemed to keep the creative crowd away. Also, Odysee was unusable from a slow mobile connection since it often didn’t offer a lower bitrate stream…