Europe rubbed its hands by unveiling a new control tool, presented as a simple web health belt. On paper, the mechanism protects minors, reassures parents and gives platforms a clear rule to apply. In the corridors of tech, however, many eyes are already hardening in front of this regulatory toy with its new polished appearance. And when Pavel Durov gets involved, the debate quickly leaves digital daycare to enter the realm of suspicion.
In brief
- Brussels presents an anonymous, open source application intended to verify age without exposing full identity.
- Paul Moore claims to have circumvented the device in just less than two minutes, detailed technical evidence.
- Ursula von der Leyen defends a solution compatible with European digital protection rules.
- Pavel Durov describes a slippery slope toward broader identity verification on social media.
Under the protective veneer, Europe is putting forward a very sensitive tool
At first glance, Brussels is selling almost surgical technology. Ursula von der Leyen promises a “completely anonymous” application, open source, and supposed to work on any device. In her message on X, she ensures that the tool ticks all the boxes, between maximum confidentiality, ease of use and among the highest standards.
Officially, the mechanism should allow tech platforms to verify that a user is over 18 years old without swallowing their full identity.
THE devicepresented in July 2025 then declared technically ready on April 15, 2026, is already part of a broader logic. The Commission wants to make it easier to apply its rules and push platforms to stop making excuses.
However, a contextual note attached to von der Leyen's message already challenges the setting: the application would only work on Android and iOS, with a Google or Apple account, without computers or de-Googled systems, according to the readers of X that day.
The tech promise cracks when code speaks
Then the tech started talking without a costume. Security consultant Paul Moore claims to have bypassed the application in less than two minutes. Its audit describes an encrypted PIN then stored in shared_prefs, an absent cryptographic link with the identity safe, a resettable rate limiting, and biometrics that can be deactivated by a simple Boolean variable. In other words, the lock would be painted steel but screwed into cardboard.
The political promise then finds itself suspended from a contested architecture. The tool was supposed to reassure the tech sphere and provide a simple basis for platforms. It suddenly becomes a brutal demonstration: a system touted as robust can be circumvented without great difficulty.
Moore also released this alert: “ This product will, one day, be the catalyst for a massive breach. It's only a matter of time “.
And there, Brussels loses the luxury of slogans: technology no longer protects its story, it exposes it to the public eye.
Durov already sees the slippery slope of control
Finally, Pavel Durov pushes the debate beyond the tech breakdown. On X then on TelegramDurov describes a three-step mechanism: sell a privacy-friendly app, let the hacking happen, then take away privacy in the name of repair. For the issuer of Toncoin, the problem goes beyond the bug and concerns the logic of power.
This reading clashes head-on with the Brussels version. Where the EU talks about the protection of minors, Durov sees a stepping stone towards identity verification on social networks and not decentralized verification. Where the Commission promises user control of data, Telegram suspects a slippery slope towards surveillance tech infrastructure in Europe.
Durov writes it in black and white:
Step 1: Propose a privacy-friendly but hackable solution. Step 2: Get hacked. Step 3: Remove Privacy to Fix. Result: a surveillance tool sold as respectful of privacy.
Useful benchmarks before deployment
- The application was presented for the first time in July 2025 by the European Commission;
- Ursula von der Leyen said it was technically ready on April 15, 2026;
- Paul Moore claims to have circumvented the system in less than two minutes;
- Several countries have already tested this system before wider deployment;
- The price of TON was hovering around $1.40 during this political sequence.
This warning shot hardly surprises Pavel Durov. As early as February, he was already attacking the Spanish age verification project in the name of anonymity. Today, the subject returns in Europe: protecting minors, yes, without creating a digital social passport.
Maximize your Tremplin.io experience with our 'Read to Earn' program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
