Rendered at 15:31:20 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
seethishat 33 minutes ago [-]
My main concern is transparency. How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?
If we are all subject to the same monitoring and there are no exceptions, that would be fair. However, if some people are exempt from monitoring because of their connections, relations, etc. then that would be unfair.
And if some people are allowed to harass and stalk others based on some attribute (race, religion, nationality, etc.) because they are in a monitoring position (while others are not) then that would be unfair as well.
We need full transparency.
inetknght 32 minutes ago [-]
Transparency doesn't matter without consequences. Many of the currently ruling governments have demonstrated that already.
js8 26 minutes ago [-]
You're wrong, it still matters. It's the first step, and it's an important step in maintaining fairness.
bluebarbet 16 minutes ago [-]
>You're wrong
As a rhetorical trick this is generally ineffective.
classified 11 minutes ago [-]
> it's an important step in maintaining fairness.
When there are no consequences, it by definition isn't.
wqaatwt 26 minutes ago [-]
> exempting themselves from monitoring
Wasn’t that in the Chat Control proposal? i.e. politicians and other important individuals are exempt
shevy-java 18 minutes ago [-]
Of course. The lobbyists don't want to be called bribed people, so they only want to monitor the peons. Slavery 2.0.
buellerbueller 11 minutes ago [-]
>Slavery 2.0.
Chat control is a lot of things, but Slavery 2.0 is not one of them. The hyperbole only hurts your position.
vaylian 20 minutes ago [-]
> If we are all subject to the same monitoring and there are no exceptions, that would be fair.
Not everyone is an exhibitionist. Some people thrive when they are very public about their life. Some prefer a much more private life.
cryptoegorophy 15 minutes ago [-]
They are 100% abusing until proven otherwise. Naive to think otherwise.
john_strinlai 1 hours ago [-]
>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.
its been said 1000 times here, but: age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording unless you are somehow hoping to achieve 100% success rate (something we have not done with any other law ever). there are several reasonable proposals that would be 90%+ successful without stepping on anyone's toes.
i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.
Wowfunhappy 45 minutes ago [-]
Could you be more specific as to what you're imagining? I don't personally see a way to verify someone's age which doesn't involve either credit card verification, photo id verification, or some sort of facial recognition. If you know enough about someone to verify their age—even to a relatively low degree of accuracy—you probably know enough to pinpoint who they are in general.
Heck—in most cases, we can't even tell the difference between humans and bots anymore! And it's true that we basically accept that some bots will slip through the cracks—but identifying bots also strikes me as significantly easier than identifying children.
Aaargh20318 9 minutes ago [-]
The way identity wallets work:
The government issues an eID to your wallet. The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID. The government signs individual attributes combined with the public key with the government private key. The government certificate containing the public key is, well, public.
One of the attributes is ‘over_18’ (In the EU eID scheme countries can add other over_XX attributes if they want, but over_18 is mandatory).
When a website wants to requests attributes, in this case the over_18 attribute, they send a request to the user’s wallet app, including a challenge. The wallet sends back a package including the government-signed attribute, which contains the device public key and the over_18 attribute plus a response to the challenge (proving the credential didn’t get transferred).
The website only sees the ‘over_18’ attribute, which is backed by the government signature. They don’t see any other attributes (the wallet app shows in advance which attributes you are sharing). The government never sees which website wants to know if you’re 18+.
Of course this is all a bit simplified, check OIDC4VCI and OIDC4VP for details.
The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.
ninalanyon 5 minutes ago [-]
So now I have to have a mobile phone?
john_strinlai 34 minutes ago [-]
>Could you be more specific as to what you're imagining?
sure, i'll put my favorite two. though you'll find much more detailed and thought-out versions of these (and others) in the dozens of other giant threads on the same topic.
- buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
- websites issue content tags, browsers consume them, you enter your age into the OS during setup.
dana-s 12 minutes ago [-]
I'm just left wondering, how would that be different than buying a phone? Most kids also don't have money to spend on devices, that's all coming from adults, how would the UUID work any different? In my view it seems we'll just reach the current state as with phones.
donmcronald 22 minutes ago [-]
> buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time
Why should I pay continuously to prove I'm an adult? And those cards will be getting sold to kids faster than you can blink. I bet a lot of parents would buy them for their kids.
john_strinlai 20 minutes ago [-]
>And those cards will be getting sold to kids faster than you can blink.
there's a reason i said 90% and not 100% effective. alcohol and tobacco get resold to kids, too.
utopiah 22 minutes ago [-]
> UUID card is non-identifying.
Kids aren't going to trade Pokemon cards in the playground anymore...
cogman10 20 minutes ago [-]
And honestly, all these should ultimately just be done client side in the browser. After the browser has verified "User is x or user is over 21" there's no reason to then send that information to the website.
Let websites issue a "window.isUserOver(16)" call once and then move forward based on the response to that query.
mminer237 7 minutes ago [-]
This is how California is legislating it—requiring the OS to let an admin set the user's age, then let browsers and through them, websites, to query that setting.
netrap 5 minutes ago [-]
Perfect is the enemy of the good, right? I mean a page header or some other simple means to identify "adult" vs not is good for most cases? Just thinking about it.. obviously it can be bypassed but is there a good enough?
oliwarner 21 minutes ago [-]
That's because you're treating AV as a system that must be 100% correct immediately. This isn't banking or an election.
As soon as you loosen off the requirements to "reasonable effort", you can start looking at account age, facial features, social attestation, and include retrospective tools to revisit someone's verification if they get in and start acting like a child. Heuristically messy but far from impossible to demand a stronger form of verification if their original might have been borderline.
The goal is broad coverage, not complete. Screening doesn't have to get 100% to have an effect.
zug_zug 35 minutes ago [-]
Sure here's one example of decentralizing it -- it's going to be overly simple just as a toy example to show how easy it could be:
Whenever you want to prove your adult you go to "am I an adult.gov" and you use your credit card or whatever to prove you are an adult. At which point you get a 1-time 5-digit code that is UNIVERSAL TO EVERY SINGLE HUMAN and good for 1 hour (everybody who uses the site gets the same code that hour).
Then when you want to look at porn or something, you use this code. Boom simple and done.
There are even much better much more private techniques that use cryptography, and AI is happy to explain these graduate-degree level topics to you at your own pace.
Of course there are situations where people steal things, and use deep-fakes, etc, but those exist in every model.
akmiller 32 minutes ago [-]
Same code for all people for 1 hour and you don't think we'd immediately have rotating codes to pass the gate?
malwrar 30 minutes ago [-]
Headline news: children infiltrate the universal adult one time password scheme for porn, parents panic! Turns out the 18 year olds started selling access to their younger friends, who resold it to their younger friends.
john_strinlai 30 minutes ago [-]
this happens with alcohol and tobacco every day. i cant think of the last time it reached headline news.
pwg 2 minutes ago [-]
It does not reach headline news because everyone just accepts that the "filter" is imperfect.
But, for some reason, little twelve year old Jimmy obtaining access to porn evokes some kind of far more visceral reaction in Jimmy's parents (or if not Jimmy's parents, some "busybody" who wants to "protect all the children") than Jimmy managing to get himself a pack of Salem's or a Pabst Blue Ribbon tallboy.
malwrar 19 minutes ago [-]
My point is that the entire check is bypassed easily and instantly, and in the meantime the government gets data that someone _will_ figure out how to make personally identifying for adults, or will argue for changes to make it so. Alcohol age limits are a simple physical check for a vice that everyone accepts those who want it can get at. I’d rather demand that device manufacturers give parents effective controls before we try solving this problem by identifying internet users wholesale.
armchairhacker 38 minutes ago [-]
Make unrestricted devices like alcohol: you need ID to buy (but the box containing the device you’re sold is indistinguishable from any other, so the device may have a UUID but it can’t be traced to your ID); kids caught with unrestricted devices in school have them confiscated; maybe fine parents, but I think discouragement and banning in schools is enough. Kids can have restricted devices, distinguished from unrestricted by appearance in a way that’s hard to fake.
Wowfunhappy 33 minutes ago [-]
I don't know, treating general-purpose computers like alcohol seems a lot more dystopian to me. Does this extend to PC components? Can I build a machine and put Linux on it?
armchairhacker 28 minutes ago [-]
Do most kids have the ability and motivation to build their own machines?
AFAIK you don’t need ID to buy juice, sugar, and yeast to make your own alcohol, so I think it should be the same for computer parts.
impure-aqua 16 minutes ago [-]
> Do most kids have the ability and motivation to build their own machines?
I and pretty much everyone else in my childhood TeamSpeak server did at roughly 14 years of age.
michael1999 35 minutes ago [-]
Info-minimized oidc handshakes with certified identity providers could verify age-category of a user with no other information shared.
Consider "log in with apple" as it is today. Depending on what you share, a relying website might not even get your name or email.
bbminner 19 minutes ago [-]
Yes, that was my thought as well when i was visiting UK and reddit kept asking me to verify my age. It might be even more private and non-trackable than that - if "age.id.gov" central authority effectively "provides a new random user id" (implementation may vary and does not need to have a "literal username") every time you try to use it / log into a website that needs to verify your age - this way websites can not even track you across platforms.
It seems like all the tech stack is there to implement a very simple and privacy-persevering solution.
It does not even smell of state censorship because a website does not have to check your age if it decides to be "non compliant".
Why isn't it implemented like that? Based on the comments it seems more like a "free-for-all implement-your-own-PPI-handling-thon".
This will ofc make life harder for a some groups of people - like people without / limited access to IDs etc. And i do not even argue that the whole thing is necessary.
But there seem to be vastly superior technical means to implement that, aren't there?
inigyou 27 minutes ago [-]
The only way to know that is to trust Apple.
Retr0id 33 minutes ago [-]
Where are these mythical sweet-spot solutions? Concretely, half the websites I visit from the UK want me to either scan my face or upload ID documents to access their full featureset. Now that users have been conditioned to accept this, nobody seems very interested in figuring out how to collect less PII - only insulating themselves from liability by having the data processed by a third party.
dijksterhuis 9 minutes ago [-]
[delayed]
cogman10 26 minutes ago [-]
The UK has draconian laws.
But some of the easiest middle ground solutions that solve 90% of the problem are things like simple math problems. Get asked "3+7" and that will pretty quickly filter out almost anyone under the age of 6. If you can accept that there are some smart 4 or 5 year olds who can do simple math, congrats you recognize there's a 10%.
Retr0id 22 minutes ago [-]
They are indeed draconian, and the rest of the world is now eyeing up adopting similar legislation.
john_strinlai 29 minutes ago [-]
>mythical sweet-spot solutions?
there are thousands of comments on these threads every time it comes up. there's tons of what i consider reasonable solutions proposed. there's examples below, too, which don't require face scans.
>Concretely, half the websites I visit from the UK want me to either scan my face or upload ID documents
yeah, i agree that really sucks.
Retr0id 23 minutes ago [-]
I've yet to see one I consider reasonable.
john_strinlai 18 minutes ago [-]
if you think even the client-side "yes im 18" on OS setup proposals are unreasonable, i dont know what to say.
Retr0id 8 minutes ago [-]
Privacy-wise I think they're completely acceptable, but in terms of circumvention I don't think the politicians will be satisfied. It's barely a step up from the "I'm over 18" buttons on websites.
gambiting 22 minutes ago [-]
Government builds a website where you can log in using any government issued ID or using one of the many many many available services that hold your details already(at least in the UK nearly everyone will have a DLVA account, HMRC account, HMPO account, NHS account.....all of these are government services which we can only assume hold our data securely already).
On that website, you can click "give me a verification code", it gives you a code that is single use and only valid 24 hours. You type that into whatever 18+ website you need to, they use a public API provided by the government to just check "yes this is a valid code and the user is 18" - bang, done, verified. The website knows nothing about you at all, except for the fact that you're 18.
In fact, the UK government ALREADY HAS THIS. For the EU settlement scheme, you can give your employeer(or anyone else who needs it) a special magic code that they type in on the government website, and it just says "yet his person has the right to reside in the UK" without spilling any of your personal information at all. The code is single use and valid a limited amount of time. And you can do the same with your driving licence, where anyone can verify you hold a valid licence without actually seeing it or any details on it.
Like, am I being stupid here? It seems like an almost trivial solution to the problem, especially given that it already exists for at least 2 services named above.
And yes, I know people will say "oh but that requires the government having this data on you, and that's bad" or "but then the government will know you've authenticated with pornhub!".
And yes, both of these are true - but on point 1 - like, I'd love some ideal situation where the government can simultaniously give me a passport or a driving licence AND not have any information about me at the same time, but that ain't happening, and on point 2 - yes, but that's still infinitely preferable to the current implementation, and it can be easily solved with legislation saying that the code authentication service doesn't log who requested verification, it just answers with yes/no and that's it.
Retr0id 15 minutes ago [-]
Every time I search something, I open a fresh private tab and google it. If I want to turn safe-search off, I'd have to go through this code verification flow for every single search. Aside from just being annoying, they'd have to implement strict rate limiting to prevent automated code sharing, so I'd soon end up waiting for a rate limit to expire before I can search anything.
And "the government will know you've authenticated with pornhub" is extremely harmful, in my opinion.
Jabrov 21 minutes ago [-]
The codes can trivially be shared in this case
gambiting 17 minutes ago [-]
...and? Just like a child can "trivially" ask an adult to buy them a beer.
Who are these adults giving children their verification codes for adult websites?
pokstad 1 hours ago [-]
Exactly. The same way that selling alcohol doesn’t require a paper trail of every beer I’ve bought.
rationalist 24 minutes ago [-]
I don't know about this, stores around me are scanning people's IDs to verify their age.
I guess I could make an ID (not a counterfeit government ID) that uses the same encoding for the birthday.
win311fwg 32 minutes ago [-]
Not anymore, at least. In these parts your alcohol purchases did require a paper trail once upon a time.
SecretDreams 52 minutes ago [-]
To be fair, I buy my beers on CC. If someone really wanted to know the best IPAs and session able beers they could get, they could audit my CC records and then cross check to the breweries and pubs to see what I was buying. Just depends how much someone wants to learns bout good beer.
normie3000 51 minutes ago [-]
Anything under 4% should be sessionable IME.
hacker_88 1 hours ago [-]
They can track you with cookies , now they have age and identity signals .
sharperguy 47 minutes ago [-]
Doesn't _have_ to be except not enough voters can tell the difference which is exactly the goal.
akmiller 34 minutes ago [-]
Doesn't 90% successful mean you are stepping on 10% toes???
john_strinlai 33 minutes ago [-]
>Doesn't 90% successful mean you are stepping on 10% toes???
no, it means that <10% of kids under 16 or whatever age will still make it onto instagram
akmiller 29 minutes ago [-]
Wouldn't this mean we don't know what age these 10% are in?
john_strinlai 26 minutes ago [-]
i dont know what point you are trying to make.
there are laws against underage drinking and buying alcohol. some kids still get access to alcohol. the law is mostly successful, with an acceptable amount of failure rate.
same concept.
inigyou 27 minutes ago [-]
No, it means Instagram doesn't know.
ordu 24 minutes ago [-]
> age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording unless you are somehow hoping to achieve 100% success rate
I believe you are missing the point. "To protect kids" is just a cover, the nightmare dystopia is the real goal. So age verification have to be a nightmare dystopia or it would be useless for those, who push for it.
john_strinlai 23 minutes ago [-]
>I believe you are missing the point. "To protect kids" is just a cover, the nightmare dystopia is the real goal.
did i miss the point? because my last sentence literally says this.
ordu 18 minutes ago [-]
Ah, well, no. Sorry, didn't read to the end of it. It is just I see no point at all to discuss other options, so sorta become bored reading about them.
amanaplanacanal 20 minutes ago [-]
Well, some who push it anyway. There is another group whose motive is to get rid of all porn.
mindslight 55 minutes ago [-]
Would you mind elaborating on the specific methods you're referencing? To me, the entire problem is framing the issue as "age verification" in the first place - this implies the web company is responsible for knowing and controlling who uses their service. Whether this is a full-on demand for drivers' license / face scan / verification can, or whether there is a technical process that obscures some details doesn't change this underlying dynamic.
The other problem you're up against is in the low-friction online environment, 90% easily turns into a much lower percentage. Which will actually manifest itself as the initial methods that achieved "90%" being declared insufficient in favor of stronger methods of identity verification.
I say this as a parent staring down having to deal with the catastrophe that is the modern web in the next short year or two - the only sane way to address this problem is through client-side parental control software that works based on website/app tags supplied by the server / app creator / etc. There is indeed a market failure here, but the sensible regulation is to make websites over a certain size publish labels about the suitability of their content for age brackets, whether a site is social media, contains user generated content, has algorithmic feeds, and so on - affirmative assertions about the content that carry legal weight and liability for them not being true. Device manufacturers over a certain size would need to include parental control software that can be enabled during the setup process. If parental controls are enabled and a website has not published tags (too small, foreign jurisdiction, misconfiguration, etc), then it simply fails closed and doesn't display the site. This keeps decisions about content suitability in the hands of parents where it belongs, rather than putting it in the hands of corporate attorneys who will often make decisions directly contrary to what parents want - remember this whole topic is being pushed by big tech to absolve themselves of liability for pushing harmful products!
john_strinlai 43 minutes ago [-]
>Would you mind elaborating on the specific methods you're referencing?
well, i mean, you put a decently reasonable one in your own comment: "client-side parental control software that works based on website/app tags supplied by the server / app creator / etc."
another sibling comment mentions alcohol sales. government could issue a scratch card with UUID that's valid for some time, sold at anywhere alcohol/tobacco is already sold. most people are already comfortable with flashing an id at the beer store.
read any other the other dozen similar threads with hundreds of comments, and there are a handful of other neat ideas usually voted pretty high up.
shevy-java 17 minutes ago [-]
> age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking
Personally I don't care how much age sniffing is mandatory in that I think it is inacceptable on any level. Do you try to insinuate that a little bit of tracking is ok? Because I can not buy into that premise. To me the whole assumption is wrong from the get go.
XorNot 43 minutes ago [-]
I am convinced that no one will make any progress on this issue so long as they refuse to understand that their aren't a group of shadowy figures pushing for this but rather a sizeable chunk of the general population, buoyed on by various moral outrage interest groups including a great many HNers who have been happily stoking the narrative that social media is the cause of every negative statistical ill.
Who wants this? God damn everyone. And in so much as Facebook might do something with the data, what they really want is a legal moat of sufficient depth to drown possible competitors.
bluebarbet 9 minutes ago [-]
In fairness (i.e. looking at the data with an open mind), social media does seem to be the cause of (or at least strongly correlated with) a bunch of ills.
sneak 46 minutes ago [-]
This isn’t about kids at all. The ID requirement is the WHOLE POINT.
That it is technically possible to do age verification in a privacy-preserving way is thus entirely irrelevant.
They want all online activity tied to ID so they can violently, illegally retaliate in the dark of night against protected expression online that they don’t like.
That’s all this is. Privacy-preserving techniques are irrelevant because they do not accomplish this goal.
inigyou 26 minutes ago [-]
There is also, separately from that, a need to protect kids from growing up into the people in Idiocracy.
sneak 16 minutes ago [-]
They already failed to do that by steadily eroding the educational system and its standards over the last 50-70 years. We’re already there. The electorate can’t locate the countries on a map in which the US is fighting multiple wars in their name.
Banning Instagram ain’t gonna fix that.
This is not in any way whatsoever about children.
kazinator 58 minutes ago [-]
In tech, 10% unsuccessful today is 100% unsuccessful next week, when everyone learns how to join that 10% who got around it.
The shit is horrible if 100% successful, and yet not worth doing if it isn't.
Santosh83 1 hours ago [-]
You can't spy on kids without spying on everyone, and in any case they're interested in the everyone part. Ultimately they want 24x7, realtime facial & biometric monitoring of everyone using any "approved" device, and be sure that only approved devices will be able to join networks and do stuff upon them, so for those brave nerds thinking they can survive on GhostBSD from their basement, yes you can, but as Gandalf said, you can only fence yourself in, but not fence the world out. Sooner or later they'll come for everyone.
speak_plainly 42 minutes ago [-]
In Canada the approach is going to be that social media and AI companies will need to figure out a system where those under 16 can’t access content. The government will be able to grant exemptions if the company can satisfy regulators that they have built and maintained adequate, alternative structural safeguards to protect children on their platform.
Further to that, companies are required to do this in a strict data minimization approach, results need to be anonymized and destroyed immediately after the check is complete.
The internet has grown into a bit of a letdown to some degree, especially social media. If I have to upload an ID or insert a grey hair into a scanner, that website or app will be dead to me and I will move on to something else or nothing at all.
anmalkov 41 minutes ago [-]
This reminds me of being refused entry to a nightclub in the US because I’d forgotten my passport, even though I had a European ID card and I’m over 40. Offline, age checks already often become rigid “approved identity document” checks. Online, that problem seems even worse, because the check can become a persistent identity layer across the web.
Aunche 6 minutes ago [-]
The new laws in the US don't require any real verification. Parents who care will just select a flag on device/OS setup that gets passed to websites. They can also just lie if they really want to. In the EU, they are trying to verify age with zero knowledge proofs.
It would be nice if the author actually spelled out the specific weaknesses of those approaches or even referencing those those laws instead of fear-mongering about "spying on kids", but I suppose that would be to much to ask of someone who made a career out of vibes based rage. Ironic that Doctorow has no problem with capitalizing on the enshittification of journalism.
economistbob 30 minutes ago [-]
The bigger threat to kids is all the browsers now bypassing domain filtering by default, even if you specify a DNS server. There was a time when multiple vendors sold protection software, but apparently some unsavory elements wanted all the browsers to build in DNS bypassing to go around it. The best protection for children is blocking the bad stuff at the DNS level.
tuieriojwpoiejf 16 minutes ago [-]
Perhaps save kids from peter file gangsters first? If local police protects child molesters, and government supports it... Very difficult to take this child internet protection seriously!!!
actionfromafar 47 minutes ago [-]
Could we instead disallow algorithmic skinner-box addiction machines for everyone?
inigyou 25 minutes ago [-]
How can you tell what one is? Reddit in 2010? Facebook in 2005? IRC in 1999?
amanaplanacanal 14 minutes ago [-]
If the users chooses what they are shown and the order they are shown in, then it's fine. If the platform chooses, then it's not, because they will always choose what creates the most engagement.
inigyou 9 minutes ago [-]
So HN should be banned
amanaplanacanal 6 minutes ago [-]
Not necessarily. Just fix the algorithm. Showing all submissions by time should be ok, showing all submissions by number of upvotes should be ok if the user chooses that.
actionfromafar 19 minutes ago [-]
I think I would be fine with a positive enumeration. Some ideas for serving content:
- purely random
- sponsored but without user tracking (like old school TV ads)
- sponsored for user selected geographical area feed
- sponsored for user current location geographical area feed
- follow "friends" or influencers
- purely timeline
- discussion boards
- timeline (IRC like)
- threaded
- user votes (not magic platform votes)
- follow keywords
inigyou 17 minutes ago [-]
So Hacker News wouldn't be allowed?
actionfromafar 11 minutes ago [-]
I think it should be, maybe I'm missing some aspect, I just cooked up a simple list of rules on the spot, sheesh :-D
Edit: huh, I'm probably stupid, but can you explain more?
inigyou 9 minutes ago [-]
HN uses magical platform votes.
gampleman 41 minutes ago [-]
I think this is really the only serious alternative.
anmalkov 35 minutes ago [-]
Exactly. Fix the addiction machine, not just who gets checked at the door.
jonathanstrange 38 minutes ago [-]
How about taking some personal responsibility for your life?
This shouldn't even be a consideration concerning adults.
macintux 25 minutes ago [-]
It's clear by now that the societal impact is significant. I can banish all the social networks from my life and they'll still be corrupting the political process, promoting divisive content, etc.
actionfromafar 24 minutes ago [-]
I assume you are also for heroin vending machines at every school corner if you watch a 30 second ad slot. You don't have to use them, you know.
1970-01-01 32 minutes ago [-]
If it's stupid but it works it ain't stupid.
bell-cot 24 minutes ago [-]
Assume that saying "X is stupid" is pejorative shorthand for "I strongly disagree with the other side's criteria judging whether or not X works".
simultsop 59 minutes ago [-]
This is a very strong argument simply put
Sankozi 7 minutes ago [-]
This is a manipulation tactic not an argument. Almost nobody wants to prevent spying on kids. Main goal is to prevent harmful content like porn, gore and gambling.
shevy-java 19 minutes ago [-]
> What we call "age verification" is actually mass surveillance
Thank you.
It has never been about "protecting the children" either. That was
always a lie - the red herring. Many pointed that out from the get
go too.
The much more fascinating thing is how legislation is still being
actively changed to sustain that narrative. This is like a pre-scripted
event what we are seeing here. I find it quite fascinating. It shows
how real lobbyism actually works.
My prediction is that mandatory age sniffing will come, they will continue
to claim it is all for children, and the openness of the world wide web
will factually be transformed into a two-class apartheid system. The latter
has already happened actually - you have walled gardens e. g. discord rather
than oldschool phpBB webforums (aka privately controlled access to information),
Google already ruined its search engine, AI slop continues to ruin more here.
These are all not isolated. This is a deliberate mega-slop attack, combined with
payments to key lobbyists. We see a degradation of services here. That they attack
VPNs is very logical - after all VPNs allow people to break out of the global
ghetto system they are building here. They want to know who is who.
Interestingly I see this attack also related to them trying to abolish the right to repair movement. Now, there is no direct connection here, but right to repair also
attempts to put people at the center - you purchased something, you should be able to freely change it to your own liking, without some random private company being able to proxy-deny any change to that. With mandatory age sniffing coming, it also means that people will lose the ability to change software. Recently a university here in Europe started to demand that students must own a smartphone AND must install an app from a private company (via google store) in order to be able to read email sent to them via a webmail account. I also found this fascinating, because now people need to submit to Google, in order to study in a small european country, if they study at that university (which is paid for by taxpayers by the way). These interdependencies will keep on increasing here. Even Linux will fall victim - systemd already added data fields to track your age. More to come in the future despite Poettering's claim that it is all very, very harmless. Until it is not. And then it is too late.
josefritzishere 1 hours ago [-]
Security and Privacy are not the same thing.
curiousObject 1 hours ago [-]
‘Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety’ — Benjamin Franklin
This isn’t a simple solution to the problem but it reminds me that it is not a new problem. We should remember that
gampleman 31 minutes ago [-]
What an exceptionally bad faith way to put this whole thing. A five year old watching hours of the most depraved porn available is harmful to that child. Even if you disagree with that statement, you surely must acknowledge that it is an entirely reasonable opinion to hold and one our societies have generally held to this sort of thing for ages.
I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented.
There is also a reasonable debate to be had about the merits of various technical and legal schemes being implemented to achieve these goals.
But this take is neither of those. For one, surveillance isn't the number one harm being prevented (even though, a number of legal codes attempt to make this the case).
As has been pointed out previously, there absolutely can be age verification that is without surveillance. The fact that these solutions aren't always legally mandated and therefore age verification can be used to increase surveillance is a reasonable thing to attempt to amend to the implementations of these laws.
akmiller 19 minutes ago [-]
Your example is in bad faith as your example assumes that the only thing blocking a child of 5 from porn is age verification of some type. There are lots of blockers today for 5 year olds to get access to porn.
> I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented
Nobody on the "we need age verification" side wants a debate. They want to run face first in to dumb legislation giving governments and companies even more power to track every movement and know exactly who you are.
dormento 16 minutes ago [-]
Disclaimer: I do not agree this take was made in bad faith. I think that raising a kid comes with its own set of expectations around caring and curating experiences of said kid. Therefore, I do think that offloading that responsibility to the state (and by extension, businesses that offer age-gating tech to that state...) is not the right way to do it. And even in the absence of that, my experience taught me it is entirely possible to grow up with unsupervised internet access and turn out an OK adult. The internet is not only "depraved porn". It is also a lifeline for that weird kid who has been bullied and effectively barred from social experiences.
Of course, YMMV.
That said, if such a nanny state is inevitable: zero-knowledge-proof-based age verification would not only be possible, it would further protect these kids from a bad state actor. In that spirit, I agree with your last point. The fact that any other alternatives are even being considered makes it on principle a non-starter to me, because it betrays the actual goals of the political actors involved.
lern_too_spel 1 minutes ago [-]
California's proposal is better than the one you're proposing, so Californian legislators goals are actually to solve GP's problem. Articles like this one that don't consider other proposals like California's are idiotic because voters actually want to solve GP's problem, and pretending they don't exist does not convince voters.
CPLX 2 minutes ago [-]
This comment should not be downvoted. The original article lost me in the first sentence with this:
"The literature on harms to kids from online platforms is complex and nuanced, rife with people citing small, ambiguous studies as iron-clad evidence that kids are being destroyed by the internet"
Sorry, but a firehose of unlimited pornography, violence, racist, misogynist, and divisive content for developing children is bad. You can "well actually..." me all day I don't care at all.
I agree that there's no good solutions here, and I think this is a genuinely complicated and difficult issue for exactly the reasons people often state. But every argument that pretends that it's a one-sided discussion should be dismissed out of hand. There are two sides to this, both thorny.
BigJono 13 minutes ago [-]
You can't use the words "reasonable debate" in your post after you've immediately jumped straight to some mythical worst case scenario of a 5 year old being given a device with no supervision and somehow managing to immediately find their way to some sort of super duper snuff porn that will scar them for life.
If we are all subject to the same monitoring and there are no exceptions, that would be fair. However, if some people are exempt from monitoring because of their connections, relations, etc. then that would be unfair.
And if some people are allowed to harass and stalk others based on some attribute (race, religion, nationality, etc.) because they are in a monitoring position (while others are not) then that would be unfair as well.
We need full transparency.
As a rhetorical trick this is generally ineffective.
When there are no consequences, it by definition isn't.
Wasn’t that in the Chat Control proposal? i.e. politicians and other important individuals are exempt
Chat control is a lot of things, but Slavery 2.0 is not one of them. The hyperbole only hurts your position.
Not everyone is an exhibitionist. Some people thrive when they are very public about their life. Some prefer a much more private life.
its been said 1000 times here, but: age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording unless you are somehow hoping to achieve 100% success rate (something we have not done with any other law ever). there are several reasonable proposals that would be 90%+ successful without stepping on anyone's toes.
i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.
Heck—in most cases, we can't even tell the difference between humans and bots anymore! And it's true that we basically accept that some bots will slip through the cracks—but identifying bots also strikes me as significantly easier than identifying children.
The government issues an eID to your wallet. The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID. The government signs individual attributes combined with the public key with the government private key. The government certificate containing the public key is, well, public.
One of the attributes is ‘over_18’ (In the EU eID scheme countries can add other over_XX attributes if they want, but over_18 is mandatory).
When a website wants to requests attributes, in this case the over_18 attribute, they send a request to the user’s wallet app, including a challenge. The wallet sends back a package including the government-signed attribute, which contains the device public key and the over_18 attribute plus a response to the challenge (proving the credential didn’t get transferred).
The website only sees the ‘over_18’ attribute, which is backed by the government signature. They don’t see any other attributes (the wallet app shows in advance which attributes you are sharing). The government never sees which website wants to know if you’re 18+.
Of course this is all a bit simplified, check OIDC4VCI and OIDC4VP for details.
The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.
sure, i'll put my favorite two. though you'll find much more detailed and thought-out versions of these (and others) in the dozens of other giant threads on the same topic.
- buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
- websites issue content tags, browsers consume them, you enter your age into the OS during setup.
Why should I pay continuously to prove I'm an adult? And those cards will be getting sold to kids faster than you can blink. I bet a lot of parents would buy them for their kids.
there's a reason i said 90% and not 100% effective. alcohol and tobacco get resold to kids, too.
Kids aren't going to trade Pokemon cards in the playground anymore...
Let websites issue a "window.isUserOver(16)" call once and then move forward based on the response to that query.
As soon as you loosen off the requirements to "reasonable effort", you can start looking at account age, facial features, social attestation, and include retrospective tools to revisit someone's verification if they get in and start acting like a child. Heuristically messy but far from impossible to demand a stronger form of verification if their original might have been borderline.
The goal is broad coverage, not complete. Screening doesn't have to get 100% to have an effect.
Whenever you want to prove your adult you go to "am I an adult.gov" and you use your credit card or whatever to prove you are an adult. At which point you get a 1-time 5-digit code that is UNIVERSAL TO EVERY SINGLE HUMAN and good for 1 hour (everybody who uses the site gets the same code that hour).
Then when you want to look at porn or something, you use this code. Boom simple and done.
There are even much better much more private techniques that use cryptography, and AI is happy to explain these graduate-degree level topics to you at your own pace.
Of course there are situations where people steal things, and use deep-fakes, etc, but those exist in every model.
But, for some reason, little twelve year old Jimmy obtaining access to porn evokes some kind of far more visceral reaction in Jimmy's parents (or if not Jimmy's parents, some "busybody" who wants to "protect all the children") than Jimmy managing to get himself a pack of Salem's or a Pabst Blue Ribbon tallboy.
AFAIK you don’t need ID to buy juice, sugar, and yeast to make your own alcohol, so I think it should be the same for computer parts.
I and pretty much everyone else in my childhood TeamSpeak server did at roughly 14 years of age.
Consider "log in with apple" as it is today. Depending on what you share, a relying website might not even get your name or email.
It seems like all the tech stack is there to implement a very simple and privacy-persevering solution.
It does not even smell of state censorship because a website does not have to check your age if it decides to be "non compliant".
Why isn't it implemented like that? Based on the comments it seems more like a "free-for-all implement-your-own-PPI-handling-thon".
This will ofc make life harder for a some groups of people - like people without / limited access to IDs etc. And i do not even argue that the whole thing is necessary.
But there seem to be vastly superior technical means to implement that, aren't there?
But some of the easiest middle ground solutions that solve 90% of the problem are things like simple math problems. Get asked "3+7" and that will pretty quickly filter out almost anyone under the age of 6. If you can accept that there are some smart 4 or 5 year olds who can do simple math, congrats you recognize there's a 10%.
there are thousands of comments on these threads every time it comes up. there's tons of what i consider reasonable solutions proposed. there's examples below, too, which don't require face scans.
>Concretely, half the websites I visit from the UK want me to either scan my face or upload ID documents
yeah, i agree that really sucks.
On that website, you can click "give me a verification code", it gives you a code that is single use and only valid 24 hours. You type that into whatever 18+ website you need to, they use a public API provided by the government to just check "yes this is a valid code and the user is 18" - bang, done, verified. The website knows nothing about you at all, except for the fact that you're 18.
In fact, the UK government ALREADY HAS THIS. For the EU settlement scheme, you can give your employeer(or anyone else who needs it) a special magic code that they type in on the government website, and it just says "yet his person has the right to reside in the UK" without spilling any of your personal information at all. The code is single use and valid a limited amount of time. And you can do the same with your driving licence, where anyone can verify you hold a valid licence without actually seeing it or any details on it.
Like, am I being stupid here? It seems like an almost trivial solution to the problem, especially given that it already exists for at least 2 services named above.
And yes, I know people will say "oh but that requires the government having this data on you, and that's bad" or "but then the government will know you've authenticated with pornhub!".
And yes, both of these are true - but on point 1 - like, I'd love some ideal situation where the government can simultaniously give me a passport or a driving licence AND not have any information about me at the same time, but that ain't happening, and on point 2 - yes, but that's still infinitely preferable to the current implementation, and it can be easily solved with legislation saying that the code authentication service doesn't log who requested verification, it just answers with yes/no and that's it.
And "the government will know you've authenticated with pornhub" is extremely harmful, in my opinion.
Who are these adults giving children their verification codes for adult websites?
I guess I could make an ID (not a counterfeit government ID) that uses the same encoding for the birthday.
no, it means that <10% of kids under 16 or whatever age will still make it onto instagram
there are laws against underage drinking and buying alcohol. some kids still get access to alcohol. the law is mostly successful, with an acceptable amount of failure rate.
same concept.
I believe you are missing the point. "To protect kids" is just a cover, the nightmare dystopia is the real goal. So age verification have to be a nightmare dystopia or it would be useless for those, who push for it.
did i miss the point? because my last sentence literally says this.
The other problem you're up against is in the low-friction online environment, 90% easily turns into a much lower percentage. Which will actually manifest itself as the initial methods that achieved "90%" being declared insufficient in favor of stronger methods of identity verification.
I say this as a parent staring down having to deal with the catastrophe that is the modern web in the next short year or two - the only sane way to address this problem is through client-side parental control software that works based on website/app tags supplied by the server / app creator / etc. There is indeed a market failure here, but the sensible regulation is to make websites over a certain size publish labels about the suitability of their content for age brackets, whether a site is social media, contains user generated content, has algorithmic feeds, and so on - affirmative assertions about the content that carry legal weight and liability for them not being true. Device manufacturers over a certain size would need to include parental control software that can be enabled during the setup process. If parental controls are enabled and a website has not published tags (too small, foreign jurisdiction, misconfiguration, etc), then it simply fails closed and doesn't display the site. This keeps decisions about content suitability in the hands of parents where it belongs, rather than putting it in the hands of corporate attorneys who will often make decisions directly contrary to what parents want - remember this whole topic is being pushed by big tech to absolve themselves of liability for pushing harmful products!
well, i mean, you put a decently reasonable one in your own comment: "client-side parental control software that works based on website/app tags supplied by the server / app creator / etc."
another sibling comment mentions alcohol sales. government could issue a scratch card with UUID that's valid for some time, sold at anywhere alcohol/tobacco is already sold. most people are already comfortable with flashing an id at the beer store.
read any other the other dozen similar threads with hundreds of comments, and there are a handful of other neat ideas usually voted pretty high up.
Personally I don't care how much age sniffing is mandatory in that I think it is inacceptable on any level. Do you try to insinuate that a little bit of tracking is ok? Because I can not buy into that premise. To me the whole assumption is wrong from the get go.
Who wants this? God damn everyone. And in so much as Facebook might do something with the data, what they really want is a legal moat of sufficient depth to drown possible competitors.
That it is technically possible to do age verification in a privacy-preserving way is thus entirely irrelevant.
They want all online activity tied to ID so they can violently, illegally retaliate in the dark of night against protected expression online that they don’t like.
That’s all this is. Privacy-preserving techniques are irrelevant because they do not accomplish this goal.
Banning Instagram ain’t gonna fix that.
This is not in any way whatsoever about children.
The shit is horrible if 100% successful, and yet not worth doing if it isn't.
Further to that, companies are required to do this in a strict data minimization approach, results need to be anonymized and destroyed immediately after the check is complete.
The internet has grown into a bit of a letdown to some degree, especially social media. If I have to upload an ID or insert a grey hair into a scanner, that website or app will be dead to me and I will move on to something else or nothing at all.
It would be nice if the author actually spelled out the specific weaknesses of those approaches or even referencing those those laws instead of fear-mongering about "spying on kids", but I suppose that would be to much to ask of someone who made a career out of vibes based rage. Ironic that Doctorow has no problem with capitalizing on the enshittification of journalism.
Edit: huh, I'm probably stupid, but can you explain more?
This shouldn't even be a consideration concerning adults.
Thank you.
It has never been about "protecting the children" either. That was always a lie - the red herring. Many pointed that out from the get go too.
The much more fascinating thing is how legislation is still being actively changed to sustain that narrative. This is like a pre-scripted event what we are seeing here. I find it quite fascinating. It shows how real lobbyism actually works.
My prediction is that mandatory age sniffing will come, they will continue to claim it is all for children, and the openness of the world wide web will factually be transformed into a two-class apartheid system. The latter has already happened actually - you have walled gardens e. g. discord rather than oldschool phpBB webforums (aka privately controlled access to information), Google already ruined its search engine, AI slop continues to ruin more here. These are all not isolated. This is a deliberate mega-slop attack, combined with payments to key lobbyists. We see a degradation of services here. That they attack VPNs is very logical - after all VPNs allow people to break out of the global ghetto system they are building here. They want to know who is who.
Interestingly I see this attack also related to them trying to abolish the right to repair movement. Now, there is no direct connection here, but right to repair also attempts to put people at the center - you purchased something, you should be able to freely change it to your own liking, without some random private company being able to proxy-deny any change to that. With mandatory age sniffing coming, it also means that people will lose the ability to change software. Recently a university here in Europe started to demand that students must own a smartphone AND must install an app from a private company (via google store) in order to be able to read email sent to them via a webmail account. I also found this fascinating, because now people need to submit to Google, in order to study in a small european country, if they study at that university (which is paid for by taxpayers by the way). These interdependencies will keep on increasing here. Even Linux will fall victim - systemd already added data fields to track your age. More to come in the future despite Poettering's claim that it is all very, very harmless. Until it is not. And then it is too late.
This isn’t a simple solution to the problem but it reminds me that it is not a new problem. We should remember that
I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented.
There is also a reasonable debate to be had about the merits of various technical and legal schemes being implemented to achieve these goals.
But this take is neither of those. For one, surveillance isn't the number one harm being prevented (even though, a number of legal codes attempt to make this the case).
As has been pointed out previously, there absolutely can be age verification that is without surveillance. The fact that these solutions aren't always legally mandated and therefore age verification can be used to increase surveillance is a reasonable thing to attempt to amend to the implementations of these laws.
> I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented
Nobody on the "we need age verification" side wants a debate. They want to run face first in to dumb legislation giving governments and companies even more power to track every movement and know exactly who you are.
Of course, YMMV.
That said, if such a nanny state is inevitable: zero-knowledge-proof-based age verification would not only be possible, it would further protect these kids from a bad state actor. In that spirit, I agree with your last point. The fact that any other alternatives are even being considered makes it on principle a non-starter to me, because it betrays the actual goals of the political actors involved.
"The literature on harms to kids from online platforms is complex and nuanced, rife with people citing small, ambiguous studies as iron-clad evidence that kids are being destroyed by the internet"
Sorry, but a firehose of unlimited pornography, violence, racist, misogynist, and divisive content for developing children is bad. You can "well actually..." me all day I don't care at all.
I agree that there's no good solutions here, and I think this is a genuinely complicated and difficult issue for exactly the reasons people often state. But every argument that pretends that it's a one-sided discussion should be dismissed out of hand. There are two sides to this, both thorny.