It's absolutely a slippery slope - but most parents know how this is a very real thing as well. There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter' - the intellectual debate over freedom of information is clouded by ideology.
Definitely the 'slippery slope' debate is worth having, but that's way more relevant than the 'should 10-year-olds be able to do whatever' (aka all or nothing internet) which I think, if we took a vote, most people would be fine with nominal age restrictions, on that basis and on that basis alone aka outside the 'scary government' issue, which is again, real and material but nevertheless a separate concept however pragmatically engulfed these things are.
The point is there are much better ways to enforce this - like just setting up proper parental controls on a device.
Kids can’t buy their own phone. So parents can always enforce stuff at a hardware level if they set it up properly. It would be much better to just mandate that phones set up with a kid profile cannot access social media.
This is not how any other thing that is banned for children is enforced. It makes no sense.
The person selling the age gated item needs to take lawful measures to ensure they arent selling it to a minor. Their parents have nothing to do with it.
Your solution would be that if a 14 year old walks into a liquor store and doesnt have a note from their parents saying that they arent allowed to drink alcohol, then the store should be able to sell it to them.
Many parents don’t have the technical aptitude to set the controls up properly. I am a software engineer and I find it challenging to keep up with the nuances of parental control setup and how to adjust it as kids get older. Content is also imperfectly tagged and smart kids can easily find loopholes in most controls. Having a centralized ID validation system wouldn’t be an ideal solution but having something baked into the Internet itself to help parents shield their kids from inappropriate would be a good thing.
I've really enjoyed playing around with https://github.com/markqvist/nomadnet and the reticulum protocol in general as a peer-to-peer alternative to www
I don't think WWW will ever die but I can see a hard split coming eventually. Most people will just put up with the current state of the internet for a long time yet.
Without American capitalism you wouldn't have computers, the Internet, smartphones, AI, electric cars and countless other things. That, and the Costco hot dogs mentioned in another reply.
Except that the www came out of Switzerland, the first electric vehicles out of Scotland and Germany, the earliest descriptions of neural networks - also Scotland, and countless other things, like Rockets and whatnot, also out of Europe. But, sure, congrats on that ARPANet thing.
As a parent of teenagers, I feel like the sites make it hard for parents.
When they were young, you had a choice between YouTube being completely locked down with no option to whitelist channels or letting them watch almost anything (although I think this has changed since but it's too late now for those of us with children that age).
Now, there is no way I can whitelist contact/groups on WhatsApp or Discord servers/friends. Once they hit 13, pretty much any option to restrict anything feels taken away from you as a parent.
Luckily, I have sensible children (I think!) but it's really hard as a parent trying to both be reasonably responsible, but not deny all technology, it's really hard to navigate a sensible course.
You gotta understand, the owners of these sites don't care about you, your kids or a good user experience. They care about serving ads, tracking your behavior and selling that behavior data to the highest bidder. If they get to your this behavior to your government ID, it will probably make it more valuable.
There's also a lot of room between YouTube (or even social media) and all technology...
Isn't age verification actually a good thing? If you want a free internet, you don't let your kids browse these websites. Otherwise, it allows you to make sure they aren't watching "hurtful" content.
No, forcing everyone to verify their age is a terrible thing. That's not the same thing as keeping kids away from potentially harmful websites or people. That is positive, but it's awfully weird to enforce it by doing this terrible thing that hurts the open Internet when almost every single kid on the Internet is using a device and Internet connection provided by their guardian. Seems like we could figure something out that doesn't literally require every website to process your identification and completely destroy anonymity.
One very simple way to give parents control over what their children see and participate in without violating everyone else’s privacy is to create adult and social TLDs and require these sites to migrate to them. So instagram.com becomes instagram.social, etc. Then mandate that all consumer network equipment mfrs and internet providers provide easily accessible ways to block these TLDs. Maybe combine that with some public education materials to teach less savvy parents how to do this.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
This idea has been around as long as the web, but you can't get momentum behind it.
A much better idea was a .kids domain where the content was vetted, and you could allow-list your child's device to that. Much easier than trying to migrate everyone over to specific TLDs, especially when that ship has sailed already. But that never got traction either.
Edit to add: I used to work on "family safety" software. Blocking bad content doesn't work - it's too difficult of a problem. Walled gardens do work, however. The fact that there's not a push for the equivalent of an Apple App Store for kids is probably evidence of ulterior motives on behalf of regulators.
You're massively underestimating rule interpretation skills of horny teenagers and gambling game developers. Total segregation based on actual solid cold hard ruleset is pure gasoline to them.
There was some optimism with .xxx that adult content producers would voluntarily switch over. Spoiler: almost none of them did, except for domain name availability reasons.
What this misses is that many parents do allow their children to access social media because kids need to conform. If all the other kids have social media access, your kid is excluded by not having access.
Is it better to have TikTok AND friends, or no TikTok and no friends? Sure, the best is no TikTok and still have friends, but you can't always have it all.
This is such a naive take, I see it a lot. Have you considered they can:
* Buy one themselves
* Get / use a friend's
* Use public internet access points
* Need one for school
* Use the smart fridge / tv / gaming console / anything with a browser
* Access stuff in Minecraft, Roblox, etc
You can only stop it by going offline and raising them in a cabin in the woods, which is a whole other thing.
What you can do is give them The Talk, of course (but that only helps / prevents to a point, it's more to prepare them for what they may find or how they can identify problematic things). And the other is to push back as a community effort, with e.g. many schools banning kids from having phones in the first place.
I think the earlier commenter is right. If a parent fails to... well... "parent" that's on them. Locking down the internet to republican-approved sites only is not the answer.
Have you considered that even if unwanted material was only accessible in physical form with age restriction for buying. Like porn magazines, cigarettes or alcoholic drinks, kids can still access them and find a way around it. You can ask older generations. Perhaps you can't stop it by "going offline and raising them in a cabin in the woods".
Best is to assume they have access to it one way or another if they seek it. The discussion should not be about banning vs allowing, it should be focused around how to deal with situations that arise regardless.
Education about the subject and why kids shouldn't seek access is quite effective, additionally they will be informed once they are allowed access. Think about how the last decades saw a sharp decline in smoking and alcohol consumption.
One problem (there are others) is that it's not always possible (or easy) to not give your kid a smartphone, or access to social media.
Imagine that your kid doesn't have those and is having a hard time at school because all the other kids do have them. They have a whole culture based around those, and your kid is excluded from it. What do you do? Tell your kid that it's okay to wait 10 more years before hoping to not be excluded?
Reminder that the internet was created to be live and a indestructible means of reaching one and another, none of what you wrote can meaningfully do what you think it would.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
Block how? You can block sites now and all it takes is a proxy/vpn to get around it. Nothing short of personalized age verification will work. The best we can do is make sure the age verification system is centralized by the government. The client sites can’t see who you are and the centralized government server should not be able to see the sites you visit.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
Whether such a system could be bypassed by a VPN would depend on exactly how the age verification works and whether said government decides to ban the use of VPNs.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
>Nothing short of personalized age verification will work.
Specifically, daily personalized age verification by the specific app/website, not by a third party.
>The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you.
Well, the government has the right to request proof that the company in question is properly conducting the age verification process. This means that the companies performing age verification will keep your personally identifying information (PII) and maintain an association between your PII and your account/activity on the platform.
On a different note, the government has the right to gather evidence of criminal activity, where the definition of "criminal" is under their discretion and if there happens to be a convenient stash of information that can be linked to your person, that's just a happy coincidence.
The article says that California "will require identity verification at the operating system level starting in January 2027", but that isn't true. The bill [0] only requires that operating systems collect age information on account setup and then provide which of four buckets the age falls into. It's not requiring any kind of identity verification by the OS. It's just a box you fill in when you set up the computer.
I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
This put the power in the parents hands. They can set up their kids computer with a kids account and then all software and web services can just ask the OS if the user is an adult rather than all requiring their own ID verification.
It's the State's responsibility once something affects enough people. That's why a law like this makes sense but should exempt OSes under some number of users. It's not great that we have such a harsh divide between "do whatever you want so long as not too many people are bothered" and "alright now the people have spoken and it's a State/national law," but it's the system we have and better than the people only getting a say with their wallets.
This conversation makes me wonder if age verification at the system level could be considered an externality for its cost to society as a whole, and the solution be to collect tax from any commercial sale of a desktop OS that doesn't implement a defined open standard. If there is any money raised it could be used for eg. education pieces on harm and harm reduction
Maybe it doesn't work in this case, but I think you both make great points. Just feel like there must be a way of bridging this gap
The state requires things sold to meet a bare minimum of safety. Cars sold require seat belts, movies/games sold require ratings. Devices sold have a meaningful parental controls flow.
Seat belts aren't forced on you - if you want to not use them and face the risk of fines, you can do so. Media ratings systems are informational, you can choose to let your kids watch R rated movies or above. Are they going to let parents have a choice when it comes to parental controls? What about non-parents?
That's my gripe with the age verification systems I've seen, there is no room for parental choice and no consideration for people that are adults and don't have kids using their computer.
I don't think it is overreach since its fairly simple to implement and non obtrusive. We have had multiple decades of failure from tech companies already to prove that they won't act on their own.
If you are putting individual parents up against Meta, Google, etc, the big tech companies easily win. As we have seen already.
> I don't think it is overreach since its fairly simple to implement and non obtrusive
Those two things have absolutely nothing to do with one another. Something being easy to implement is completely unrelated to whether forcing its implementation is overreach.
I think the part that's the issue is the one where they mandate age verification. They're going to try that either way, the worst thing this could do is get people accustomed to the idea, but in practice the operating system they use already asked their age.
As a parent, what I find effective are content rating systems, be it for movies, games or apps, along with the ability to control and fine-tune them.
For example, with Apple's parental controls, I can blanket-decline access to Social Media apps, or to apps recommended for a specific age or older, and I can also allow exceptions as I see it fit (for example, my kids have no access to WhatsApp but they are allowed to use Signal, both have the same age recommendations)
This moves the responsibility for age verification to me, the parent, and provides me with suitable tools to monitor this. With this, there is no need for my kid or me to upload sensitive data or go through some bad age verification implementation.
Websites are more difficult to control, but not impossible.
Long story short - improve tooling for parents that allow more centralized control instead of mandating social media to do the age verification on their end.
It is similar to what Frank Zappa proposed when they were looking at age restrictions on records. He said, they should have the lyrics printed up so parents could decide if their kids should assess it. A decent moderate response.
Alas, the age restrictions came in and the big warning on the front covers was added. It did kind of backfire because that warning started to become a badge of quality to younger people. A similar thing could happen here. If you restrict it then it becomes the forbidden fruit.
There isn't much left of the free Internet anyway. Search engines no longer work, all discussion forums are ranked/censored by interest groups, mail delivery is between large entities.
Maybe we need an alternative set of root servers for a free Internet.
I would suggest that we should not conflate the internet with these corportate platforms. The internet still works fine for now. I can still stand up my own DoH resolvers, forums, chat servers, email servers, DNS servers, vpn servers, etc... Many social circles are bound to have a tech-nerd one or two layers removed. That used to be a pejorative.
The hardest part is the psychology. People think they have to be on the big platforms as that is where their friends and favorite streamers are. Willpower can bring back the old platforms onto the current fast internet. Critical and free thinking people can choose to ignore the big platforms if they wish. People can go to local stores to buy most things. There are arguments for and against all these points but I am choosing the aforementioned options and accepting the psychological challenges.
People can use old style self hosted platforms as a "fallback" and once people realize it is more private and they can speak freely amongst their friends it can get comfy real fast. Glowies are seething.
Some friends and I have private forums and chat servers. We talk shite all the time about Reddit threads yet none of us have Reddit accounts. We talk about HN threads, brain rot on Twitster and many other platforms free of censorship, free of voting brigades, people trying to force narratives, etc... Oh and most important, free of "AI".
In a way it is the bad players that are ruining it. Yeah I can setup all manner of servers for this stuff, but the instant I miss a patch or a patch is late to be developed and you can be compromised in no time. And unfortunately it just becomes a game of endurance between you and the army of folks trying to crack systems open.
I have said it for decades, if there weren't bad players then we wouldn't need any of this security. That is a very utopian idea.
I have thought that a way to put people off is to have such an anaemic server that they wouldn't bother. Like a tiny RiscV board running Haiku that delivers basic HTML and email. There is little incentive to raid that thing. I haven't thought this idea through much however.
For what it's worth I have been running my own things since the 90's and not yet compromised. I disable the CPU mitigations and have a minimal firewall configuration. I do keep things patched and keep an eye on news regarding the public services I run but only enough that I can still call it a hobby. There really isn't anything utopian however, it's just a hobby and a way to let friends communicate without big brother putting their peanut butter in our chocolate. If you don't feel comfortable tinkering then of course don't. Never feel pressured. One can always start off sharing their services with a few friends and not advertise it globally. Find a hacker friend that can help pen-test your stuff.
Probably one of the riskiest things I have set up was just this week exposing Unbound DoH to the internet. Unbound has had a handful of security issues in the past. The bots are getting confused by this weird thing listening on port 443 but they just can't figure out how to connect to it. If it gets popped I will just nuke that VM.
Outbound mail gets harder every year as opaque reputation systems flag mailer daemons as false spam positives.
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
And content is increasingly produced for, and by, machines. Human initiative and/or access is increasingly incidental.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
Perhaps, but in both cases, I think that the principle problem is attempted control at the wrong portal.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
Would be nice to see something referral based. If you don't like X, block them. If X invited Y and Z and their invites behave poorly, you can block the whole tree. Kinda like lobste.rs referrals but for wider internet
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
Aside from social dynamics, a chief issue is that if you're relying on this as a mechanism for content filtering, personal relations have low predictive value.
E.g., I may really like a person's content, but not their curation or referrals to other accounts. Conversely, I might not care for a person, but their recommendations may be excellent. More common might be the case that a given account produces little or no content of their own, but makes reliably predictable (either good or bad) recommendations, which would be useful for further filtering. Or the highly verbose individual who emits a constant stream of near-drek, but an occasional diamond.
Content production, content curation, and talent spotting are all distinct skills. Success or lack in any one says little about the others. This is where Bayesian indicators (including relationships and referrer / invite relations) would probably be more robust.
That said, tainting an entire invite tree is likely useful, with a caveat that if a particular invitee has an independent, untainted, relation, they might be worth following.
In practice what I've found most useful is to have a pretty tight primary list of follows, ~50 or fewer, and a slightly broader secondary list. Allow recommendations be default (that is, re-shares / boosts), but curtail those too if problematic. Be quite liberal in blocking / muting anything in the least bit annoying or problematic.
Or participate in a selective group with excellent moderation. HN isn't quite there, but it approaches this ideal more closely than any other major forum I'm aware of presently.
Not true at all. Even small, insular, just-a-few-hundred users PHPBB-style forums have to run Cloudflare or Anubis to try to stem DDoS-style scraping, and have a constant patrol of moderators to stop AI spam posts.
>Maybe we need an alternative set of root servers for a free Internet.
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
You can't sign up for a Facebook account without giving a live selfie.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
Indeed, well before Clearview, Facebook demonstrated they can identify faces and asked people to tag people in it, creating one of the earlier massive facial ID databases.
FB's policy on this is patchy. I've known people who have had accounts for years, who were suddenly asked to provide a selfie - often after posting political content. Their accounts were then either locked down permanently, or unlocked.
I also know people who created accounts from scratch without needing a selfie while connecting exclusively through a VPN. (Only some VPNs, work apparently.)
Supposedly FB uses device ID tracking, so if you're picked for selfie ID on a device and try to create an alt, you'll be selfie-ID'd again.
Using a different browser on desktop solves the problem for desktop but not for mobile.
And so on. Basically it's doable, sometimes. And sometimes it isn't.
You find it to be a negative that banks require identity verification to drain an account? Personally, I would refuse to keep my money with a bank that doesn’t do this.
Asinine requirement by whatever risk management firm they use. A selfie provides nothing in terms of lasting security while simultaneously adding permanent risk.
Have you ever considered that it’s a front? You may think that store that never has customers is just run incompetent business people, but in reality the real objective is not the one you believe it to be, and it’s actually great if you were to refuse understanding that.
I've found that framing topics like this as primarily a pretext for different motives is a sure-fire way to be ignored by people you may want to convince.
As always, the goal in convincing others is to take someone from their current understanding and bring them closer to yours. You can't get there if you don't start the topic at their current understanding of it.
> they accept money and direct deposit still with no KYC. But to get the money out? Oh no! We need a picture of your face!
Unauthorized deposits aren't nearly as much of a concern as unauthorized withdrawals, right? I'd imagine that there are far fewer malicious actors that try to deposit money into random bank accounts than there are ones that try to withdraw money from random bank accounts.
> And there’s no option for going in person.
Won't an in-person bank also take pictures of you via security cameras? I don't really understand your objection here, could you elaborate?
A bank's security camera feed isn't likely to be sold to dozens of companies.
It is all but guaranteed for Internet-based facial recognition services.
Hacked facial recognition data already is reportedly being used by scammers to not only bypass bank security but also to impersonate people to target their loved ones.
There is no lasting security gain by providing a selfie. There is a lasting security and privacy loss, however.
Additionally - furtherance of facial recognition technology would impact travelling to foreign jurisdictions.
One of the most common ways foreign travellers get flagged when travelling internationally is for social media posts made under their own name that their destination country's government may not like. Traditionally if you've kept yourself pseudo-anonymous, you've largely been safe. But if we get to a point where pseudo-anonymous accounts are associated with pictures of people's faces, it will become significantly less pleasant to travel internationally for a lot more people.
It used to be that you could expect to not have your likeness captured and transmitted to third parties for their AI model training and who knows what other nefarious purposes.
It seems like all expectation of privacy and anonymity evaporated in the last 5 years.
I'd consider it a negative that they trust a shitty webcam / selfie camera to cut the expenses of having an actual office with trained personnel.
Who aren't flawless of course, but selfies have been easily circumvented with photos or video game cameras.
Hell, at one point we had to implement age verification for a Japanese tobacco product website via a 3rd party vendor, I just used the wiki page's picture of a Japanese ID to test it, worked fine.
most banks using faceid won't accept you go to a branch. because they contract with a provider who makes more money from building and selling a database than to fulfilling the contract with the banks.
It’s the end of large scale “global village” social media - good riddance if you ask me; I’ve left it years ago for more private spaces.
I wonder though how it will affect places like 4chan. I don’t really know if it’s still as anonymous as it used to be but that’s like a cornerstone of their existence.
Are you referring to financial accounts or social media accounts? (If social media accounts, I'm guessing you're referring to the US specifically, and during advance visa processing rather than at the border.)
this is reason enough to close the vast majority of them. if you're engaged in discussion, that's one type. the doomscrolling types, more addictive but very much more disposable.
You don’t “have to”. They’re requested when travelling to the US - but from my experience it’s not enforced (at least not consistently, I’ve never been asked why it was blank on my forms)
I thought so too, and said so at a meeting at work when some colleagues were unwilling to travel to the US.
It turns out close contacts of some of my colleagues have been asked to show their Facebook accounts at the US border. There was a recent rule change about it.
And your data on all those platforms - Google, Apple, Facebook, Twitter, etc. are ALL building comprehensive profiles on you, selling your data, and probably tossing it straight to the government in one way or another.
That’s to post something on a garbage social media like Facebook. Facebook owns their site, so I believe they can require whatever they want, and your option is to not use them. Other services requiring Facebook (or an Apple or Google phone) and everyone using Facebook are separate problems, that should be handled specifically; I think it’s easier to leave Facebook than coerce Facebook into decency.
Fortunately on Hacker News, you still only need a username and password. And if spam is an issue, on lobste.rs you only need an invite.
Fun fact: America invented the social credit score, long before China, and they still have it. The only difference, is the lack of the word "social" in the system's name, but it's the same system.
I’ve configured my browser to disable certain tech like webgl, I get infinite captchad by google. Using vanilla chrome works fine. It might not be full blown attestation but it’s not great.
Fuck you google for ever thinking infinite captchas are acceptable.
"might as well abuse this tosser to train the AI a bit. Free compute and classification, hey!" - or so, I guess. They immediately know they'll never get you through :)
Good luck, I don’t know whether the slight line in the adjacent square is part of the traffic light and sometimes I just say fuck it and click random squares.
Can someone help me understand? Why is it not enough to just be able to manually set an age on local OS user account. If unset assume adult. If set applications can use it to verify age. Require admin permissions to change. All responsibility on parents to restrict admin and set the age. No data collection. No responsibility for services beyond a simple check. It seems like an incredibly simple solution with very little compromise on either side that gets everyone 95% of their stated goals.
EDIT: Oh it seems like that’s what the CA bill does? Seems good to me. I have zero problem with age restriction if age verification goes no further than mom buys kid iPhone enters birthdate, Instagram asks phone is user 18.
Because many children will have parents that arent responsible and that doesnt mean they deserve to be taken advantage of by a billion dollar corporation.
That is when the conspiracies start popping up, because a lot of people agree with you, me included.
However, you cannot make parents actually use such systems, so ignoring the obvious control this gives nation states, giving states this power might help the children of those irresponsible parents, which is the only real argument I have heard, since the effects of it are the same if the child simply had responsible parents.
Well it’s not even necessarily irresponsible parents, good luck keeping your child from going anywhere you don’t want them to go if you have internet enabled devices in your house.
In my mind you have states mandate that adult content (porn, gore) and social media services are legally required to check for the age from the OS. No other sites need to do anything. No data collection or ID verification anywhere. All responsibility on parents.
I would imagine for the zealots out there its worth it to go further and destroy the entire internet to prevent a single 14 year old from jerking it to a tiddy. And then of course the advertisers want device attestation. At least it seems California is picking a sensible middle ground.
The compromise is that it is either really easy to work around, effectively defeating what it is trying to do, or it becomes tightly locked down to trusted devices only, destroying the free internet.
A full answer is somewhat dependent on specific implementation details, but the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary. Get another computer that identifies as an adult, and that isn't concerned about your age, to send the data to you.
And maybe that's a healthy way to think about it. That it doesn't matter if kids find it easy to work around. There is no child who hasn't been able to get their hands on alcohol when they want it, but perhaps the infinitesimally small amount of friction leaves many to second guess their choices? Then again, from what I see out there, just rationally explaining why alcohol might have negative consequences is enough to see that second guessing. Alcohol consumption amongst the youth has completely plummeted now that we no longer treat it as some magical taboo thing and finally started talking honestly about it. The same pattern has been observed over and over in other things with undesirable consequences for children.
> the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary.
They can do exactly the same with other proposed solutions - ask an adult to register a social media account with their id or pass selfie-age-verification for them.
Yeah there’s no getting around that kind of thing. My parents would unplug the router at night and take the power cable so i found another device in the house with the same cable and plugged it in. But my sister never did that so at least it worked for half of us.
I’m all for sane best efforts for restricting children’s access to mind warping materials online if the consequences on the overall internet are minimal which I think this does. I’m not on board with killing the internet as we know it to get from 80% of children off social media to 90%.
The problem with social media and to a lesser extent porn is addiction. If a kid had to go to a friend’s house or sneak on to their parents computer to scroll tiktok that’s already a huge step in a healthy direction.
Is it? Only around 10% of the population will develop an addiction (of any kind). About the same rate as the population who live chronic sedentary lifestyles, which comes with equally (or maybe even worse) health and social consequences. Where is the regulation that forces you to prove you are of a certain age to sit on the couch?
This seems like a lot of effort for something that impacts such a relatively small group of people — a group of people (in size) that we otherwise don't normally care about one bit. 10% of the population is marginalized time and time again. What's special about this particular case?
I would hazard a guess that much higher percentage than 10% of the population thinks that they themselves are on social media more than they’d like to be, whether thats addiction or not idk.
You’re probably right though, i don’t think 10 year olds should be on social media in any capacity. Why? Partially because they can easily get addicted sure, but also because really any amount of interaction with these platforms is bad for them because they are monstrous mind warping engagement machines.
> they are monstrous mind warping engagement machines.
No doubt kids will choose social media over cleaning their room. Would they choose social media over going outside to play, if society still allowed them to do that?
The "boob tube", so given the derogatory nickname due to the perception of much the same idea you present, may not have been able to take the warping engagement to the same extreme, but during its prime also didn't really capture the youth attention because the youth had better things to do, like disappear into the woods until nightfall. TV use has always been dominated by older people who, through things like failing health, have lost the ability to do anything better.
True addiction or not, it is worth noting that addiction doesn't happen overnight. One needs repeated exposure to develop the necessary neural pathways. This is why addiction shows up much more commonly in obviously tough environments. People use a device as an escape from their situation, which feeds the mechanisms necessary to develop an addiction. Social media is most certainly engineered to tick the "this is enjoyable" box, but that alone isn't enough to develop a problem. There needs to be something that sees someone want to use social media above all else on a regular basis and, as you point out, it is very likely that much more than 10% of the population don't actually find social media to be all that enjoyable; just more enjoyable than taking out the trash.
So, maybe we can reframe this as: All this work to continue to keep up not wanting to see kids without a metaphorical helicopter constantly over their heads as a result of an imagined boogieman that was invented in the past? Seems like a horribly misaligned effort.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
> EU law gives every citizen a right to a bank account.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
Dont forget what kicked this age verification in first place. Initially they wanted do age verification for porn, and only year later they moved into social media seeing there's wasn't huge pushback.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
It was funny here in Australia, they did it the other way. They banned social media for under 16 but didn't get around to porn until a few months later.
The "First they came for the Communists" logic still holds. When government able to open the flood gate, the mandatory ID check will be slowly and surely be everywhere.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
This is famously why ID checks at the liquor store led to the government eventually requiring a mandatory ID check anytime you walk the dog or go to the beach... except none of that happened.
Age verification is fine, at least in theory. It’s the implementations that are bad.
More and more people agree that kids shouldn’t be on modern social media, including me. But most people also agree that mass surveillance is dangerous. The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
Better parental controls, more parental education, and site-specific age verification (Facebook etc. can require whatever PII they want to use their service) backed by incentives (whitelisting in parental controls, promoted as a “safe site” in parental education). Are these enough? Maybe not, but maybe mandatory ID and blocking VPNs aren’t enough as evidenced by people bypassing them. These (first three) are progress, that don’t yet require mass surveillance, and we can first see how effective they are then go from there.
I wish people wouldn’t say “age verification is bad”, it’s like “anti-work” and “defund the police”.
Why isn't there a simple solution in the software world that's functionally equivalent to flashing your ID at the liquor store? They get the verification they need with no permanent record of your PII.
This can't be that hard. Can't I get an electronic certificate/flag verified by a trusted third party using my ID, where this cert retains no PII? This is what I come up with after not thinking very hard about the problem, and I can't be alone.
Maybe its naive to think that harvesting PII isn't the point.
In theory, sure, an identity verifier could issue you you a bunch of single use JWTs signed by them that contain `{"over18":"true", "nonce": 12748583..., "iss": "<issuerurl>"}`, signed by their key. A relying party just needs to know the public keys of all the issuers they trust, and can consume this JWT, verify it, and never learn anything about your IRL identity.
The important things are that they must issue a bunch at once. (Otherwise, correlating who you are becomes easy). They must keep no record tying nonce or the full JWT to an individual identity. Something user local or otherwise trustworthy (not keeping logs), needs to hold on to these, and send them out as needed, being very very careful never to reuse one (as that would enable cross site tracking). Lastly a relying party must be required to trust many issuers, not just those they are colluding with track users across sites with this.
The European Commission actually proposed pretty much exactly this system, also with a variation where instead of revealing the signed token, a ZSNARK proof (that you possess a validly signed token with the over18 attribute from a specific issuer) could be given to the relying party instead (to make it impossible for issuer and relying party to collude to release your identity). Many people here seemed to not like it.
No, age-verification IS bad and is a slippery slope that will always lead to surveillance. If we don't stop this now everything will get worse. And trying to lump this in with other extreme rhetoric doesn't help. The answer is and always was "better parenting".
Everything good is a slippery slope: every step in the right direction is bad if you overshoot. Maybe age verification isn’t needed, and educating parents is important; but without more, they’d have to be ultra-helicopter parents to stop their kids from accessing social media.
At minimum, parents need other parents in their local community to be educated; and better parental controls, so they can give their kid a phone and computer (for good reasons like safety and education) that won’t let them access social media (even unintentionally, some parental controls are that bad). Both can be done without laws, only social pressure and at least the potential for new (locked-down) devices.
(In theory, kids should also be prevented from buying unlocked devices, like drugs and alcohol. And showing the local cashier your ID to buy a generic device (whose packaging is indistinguishable from other device packing, so it can’t be traced to you afterward) is technically a form of age verification. But in practice this may not be necessary, because hardware is too expensive for most kids.)
And in addition to that, it is the role of the parents to be having the say in what their kids should and shouldn't be doing. As far as I am concerned most governments stick their collective noses in where they are not required. And, yeah, I do agree that kids shouldn't be on social media. Having sid that, even some adults shouldn't be on social media...
> it is the role of the parents to be having the say in what their kids should and shouldn't be doing
The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle. So yes, I do agree that parents must talk to their children and explain what social media can lead to, including the dangers of internet predators and so on. But no, I don't agree that parental control is a general solution that will work for all kids out there. It never has.
<The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle>
Very true & having 6 kids of my own, I know that only too well. I still don't like the idea of Mr Government trying to tell me how to raise my family. Here in Australia the government seems to like that a lot...
Well the thing is that people often love when the government tells other families how to live, and partly for good reasons including enabling basic education for everyone. Partly the wants of the parents and the needs of the kids might be at odds. Society is a complex construct.
Governments are required to enforce that devices must give the choices to parents though, right? Otherwise devices won't give the choices to parents because it's more profitable if you don't.
Age verification has always existed in the physical world, such as at bars and casinos. I just dont see why the internet should be immune to real world rules we decided upon for good reason.
If parents don't want their kids on social media, get them a dumb phone, or use the parental control features. Maybe some parents don't care, and that's their prerogative. None of this is about protecting children, it's about "protecting" adults from "bad ideas".
The problem is many parents will not do that. Do those children then deserve to be taken advantage of by social media corporations?
Generally, things that are harmful and addictive such as alcohol, cigarettes and casinos require age verification. We dont just put the onus on parents because a child with bad or absent parents still deserves to be shielded from alcoholism at 12 years old.
So? Not all reactionary (if you mean "conservative") takes are bad. Sometimes they're better than the alternative: accepting bad parenting as some default and working around it with technological restrictions.
"Reactionary"'s origins as far are pure political DARVO and gaslighting anyway. It originated in the French revolution and basically declared "You are morally wrong for being horrified at my horrific and evil actions." That origin tainted the term for me personally.
The actual modern reactionary meaning of "referrant to a mythical past as a standard" always felt like it deserved a better term. But nobody would get what you were saying if you called them a "fairytaleland resident" or similar.
This has nothing to do with parenting. It's surveillance. They failed to do it through child porn argument. They are doing it through 'social media is harmful for children' argument. People did not bite on the former. They ate up the latter out of hate for social media platforms.
How is that the answer when even parents don't have the right tools for this. are parents supposed to surveil their kids 24/7 and monitor their internet traffic?
Why is the internet special, do you also believe physical stores shouldn't check for ID for cigarettes and alcohol, because the solution is better parenting?
in real life people can see you and determine your age at a rough estimate and be able to tell if you're an adult or not. Do you support having to turn on your webcam and show your face in real time then, to talk to strangers on the internet? many age verification sites are doing just that.
HN is filled with people who are on the other side of an "internet best practices" information divide.
For everyone else, the internet is already a shit show and a half. They want control, because it means putting a stop to being predated upon, or more nihilistically, harming the firms that are harming them.
I don't know how to let other commenters see how bad it is, or make the gulf in view points clear.
Giving up control is always a mistake - they never do what they promised and you never get back the control. There is never a refutation to this fac: just a childish "But I want it!".
I don't believe children should be on social media. Some other people might not share that belief. Should be up to parents to decide what's okay for their kids, not governments or companies.
Age verification will always lead to more surveillance. People need to just be more mindful of what their children are doing online, maybe stop giving them smartphones, and just be parents.
I don’t think social media is intrinsically bad, just the toxic popular social medias. Did kids in the 1990s with access to internet forums have stunted social development?
Because the patterns of consumption and harm are very different. It's the constancy and immediacy of social media that makes up the major part of its harm. It's not something where a 15 minute smoke break or a weekend binge is the main mode of consumption and harm. So the parents have a lot more opportunity and power to handle it if they give it reasonable time and attention.
I think you’re missing that this abdication of personal freedoms to the government in the form of government imposed restrictions on cigarette and alcohol sales is precisely how we’ve gotten to this point over time; arguably following a planned strategy. People who normalized prior subordination to government in the case like cigarettes, alcohol and other things; are now already even more primed to abdicate even more freedom to mommy and daddy government than the prior generation.
It seems clear to me that America is heading into an extremely repressive system where even the nominal use of America may just end up falling by the wayside within the lifetimes of some people alive today. Functionally speaking the, notional or spiritual death of America happened a very long time ago, probably 1840 but obviously no later than the outcome of the Civil War which turned a decentralized union of federated states that formed a republic, into a centralized dictatorial federal power and later the groundwork for becoming the empire we are only 55-80 years after the Civil War, depending on how you want to look at it.
I think people forget that there would have been people who experienced the Civil War that destroyed the central premise of the Constitution, that sovereign states join in a Union to cooperate, and the formation of the Empire of America by no later than the end of WWII.
Those things never happen abruptly, they happen in following a long strategic plan based on objectives not timelines. Part of such a plan is causing ever increasing dependence, deference, and subjugation to government, which is really just someone else’s control over you, the people who make up the “government”, instead of your own control over you. Part of that is giving the impression that money and daddy government will take care of the children, as a tool to psychologically manipulate people by hijacking their instinctual care and concern for protecting children.
It’s why and how they’re more pushing age verification, not ban for minors with similar criminal penalties for anyone who allows minors on the internet/social media. No, you as an adult need to confirm and tie your identity to the digital fingerprint that is tied to all the data that was and is collected about your activity over the last 20+ years … to protect the children of course.
It’s why some people refer to the majority of humans as cattle. You just have to herd them around and they moo and then start fattening up on corn instead of grass, just like the last generation did before they were harvested.
We don't let kids turn up to school drunk because they went to the cornershop on the way to school. I guarantee that would be happening if alcohol sales were not age gated and enforced by the government.
In the same way kids should not be infecting their minds with social media slop, or porn, or plenty of other internet content.
The only way this is stopped is when a social norm is created which shames all but the most negligent parents into compliance.
At the moment the absent and bad parents have all the power. Their kids scroll all night for memes, injest YouTube brainrot and turn up at school disruptive. Kids with responsible parents either want to that as well, or can't escape it.
Surveillance from age gates is a red herring. That horse bolted long ago. You are surveilled already by tech bros when voluntarily logging in, or by making yourself stand out a mile by using a VPN and a uncommon browser setup. This data gets handed to your government on request.
Having an anonymous VPN won't stop the tech bros or an authoritarian government forming, or bring one down.
People taking part in their existing democracy and maintaining the foundation of that is the best course of action. Raising a generation of kids not addicted to internet brainrot is a key part of this.
So maybe there should be better education for parents. Maybe there's other solutions. I can't accept that the nanny state parenting our children for us is the way to go. If people are being negligent of keeping their children safe, maybe they should face consequences for that. The point is, the parents should be solely responsible for deciding what's appropriate for their children, and if they don't have the resources maybe that's something that should be addressed, or if they're not doing their job that should be addressed, but age verification just ain't it.
That's what was in the California bill that we all complained about until Linux got an exemption. We called it an age verification bill even though it has nothing to do with age verification, and was all about making sure every OS has a parental controls feature.
> More and more people agree that kids shouldn’t be on modern social media, including me.
Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do? You and the "more and more" people who agree with you are cordially invited to fuck off.
> The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
The solution is for you to get over your bullshit, not to chase impossible pipe dreams.
I wonder (and don't hear anyone talking about it) if kids can't upload on social media and "publishing" platforms. Can they still host a website?
I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?
Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.
> Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
Today I cannot get a VPS without verifying my identity. Can you?
> I feel like most politicians and people don't understand privacy and the impact of breaking it.
I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".
Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.
> Today I cannot get a VPS without verifying my identity. Can you?
I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).
I meant more without scanning an actual ID or face.
> I feel like it doesn't start like this.
Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.
I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.
That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.
The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.
I do believe that there exist ZKPs, but then it raises more questions, like:
- Do we ban VPNs? I don't think we should.
- What happens if the ZKP doesn't work? It's not okay to fall back to identity verification, but then does that mean that the services are blocked if the ZKP infrastructure doesn't work?
I don't have any answers or strong opinions yet, but I feel like the legal/societal conversation should focus on "actions taken via XYZ" rather than "technology underlying XYZ". Similar to how GDPR, etc. cover actions like collection/storage of personal information, not specific technologies like cookies (despite what many believe!).
In particular, your examples bring these things to mind, which might be worth considering alongside:
- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.
- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.
- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.
- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?
- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.
- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!
The problem is kids on social media. This doesn't need to be a problem for anyone except social media companies and social media users. Sloppy policymaking is making it a broader problem, but I don't think this is some nefarious scheme (at least in the U.S., it looks sketchier in Europe). It's just policymakers pulling the first proposal off the shelf to respond to intense demand for a policy from voters.
I don't think we have to accept that "kids on social media" is inherently a problem. I don't think kids on a 2005-era-myspace social media would be a problem. As I see it, "social media" is now defined as the highly addictive and exploitative products from Meta et. al., and we shouldn't have to destroy any semblance of free or private internet so that they can't be hindered in any way from making the maximum amount of profit and influence regardless of the harm it causes kids (and adults, too).
We've basically accepted the premise as a culture that exploiting adults is fine. Exploitation is so heavily baked into our culture that pushing back on it would cause too much upset.
If you're below 18, you deserve protection. Above 18? Good luck, babe.
I think one of the unintended consequences of age verification is going to be a whole host of unprepared 18 year olds getting full access to social media and getting absolutely one-shot by it. Think credit card sign ups on college campuses or predatory car dealerships near boot camps. There are going to be a lot more 18 year old boys gambling away their student loans and 18 year old girls signing up for OF, but it'll be fine, because they're 18! Not to mention they're going to be scam targets on the level of the elderly. And if you're exploited/scammed as an adult, it's your own fault.
Age verification/restriction without an educational component of some sort is just creating a future cohort of extremely vulnerable young adults for companies and bad actors to sink their teeth into.
ZKP is definitely a good idea, definitely more open for this kind of age verification than anything else.
And I don't buy the argument of "closing internet", social networks are a proprietary service and if you don't want to obey with the regulations, create your own website and post things there if you want. However you have to provide your identity to the domain name registry or to the intermediary. Also other services require you to verify your age or even provide your identity, this is just another one that comes way too late.
It is closing Internet. The same companies that produced the ills of social media are now pushing for a non-remedy (that doesn't prevent kids, and doesn't solve the problems they created) that only benefit them and not society. It's just like tobacco: it's toxic and probably overall should be banned because it does not benefit society (or anybody except tobacco executives). Do we make a mandatory nation-wide electronic log of whoever buys tobacco in the name of age verification?
Our ancestors here in France literally fought the nazis so you don't have to have a nazi-approved « Ausweis » to go wherever suits you. We would be well inspired to follow their example.
Growing up I remember all the ads about avoiding narcotics talking about getting hooked on free samples and then going to jail for theft and/or possession. The people behind that propaganda didn't know drugs do cost money, dealers being dorky teens and twenty-somethings who are about as dangerous as a butterfly. But this propaganda also illustrates how some elements aren't very bright. The internet age with free email, free social media, etc. got everyone hooked and now Zuckerberg, et al. are giving doe-eyed, hat-in-hand, and crying poverty. If people were wise to those PSAs, past and present, they'd see how the loyal opposition has been playing with their cards face-up on the table under the guise of good intentions. Much like the pedophile scare during the teens, pun unintended, with Comet Ping Pong and then come 2024 it's revealed Epstein and his cadre of deviant cronies were doing it all along while deflecting poorly to innocent parties. Goodness knows what else is still right in front of our noses but their reality hasn't come to fruition in the zeitgest.
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
Do you have personal experience with going to high school parties and drug dealers being there trying to get you hooked on drugs? I ask because the scenario you're presenting here sounds like something out of a movie or TV show, and not real life.
You understood the opposite of what I wrote. Read the comment again, it's not about being hooked on drugs at all. It's about having them on the hook for blackmail.
And yes: Taking drugs or hanging out with people who take drugs is enough "kompromat" for a teen to then be extorted by drug dealers, because they don't want their parents to know.
Especially in countries where the law looks very lightly on extortion, looks very favourably on "young offenders", and is very lacking in empathy for young victims.
Not to mention: Do you think a 15 or 16 year old wants to go to the police and tell them that they are being used by drug dealers, when the first thing the police is going to do is also book the teen for drug use?
Drug dealing aren't just Mexican cartels or hood gangs, it's a network with branches into everywhere, and they need a constant supply of victims. Read some court proceedings from low-level drug cases, and you'll see how these criminals operate. It's not like TV.
> While the rest of the world is moving forward with identity verification plans, the EU has presented its own privacy-focused approach to age verification. In April 2026, Ursula von der Leyen, President of the European Commission, unveiled an age verification app with “the highest privacy standards in the world” and the presentation materials describe the app as “completely anonymous.”
I’m just afraid that membership countries will be too dumb to understand the difference, and for the population worldwide to be able to comprehend that it’s even possible. To be honest, ZK crypto is one hell of a party trick. Compared to tech where the premise is “we put a picture of your passport in a box, and when people want to know, we look and confirm.”
You mean the EU's fake snake oil zero-knowledge approach.
They've standardized two systems under the banner of "zero knowledge". One is actually zero knowledge. The other is trust-me snake oil. Guess which one is getting deployment.
There is no bona fide desire to solve the problem by the social media companies which are profiting from our kids. As a parent, I can never find the option to enable parental controls on apps like YouTube (especially on TV). This option is easy enough to implement locally without requiring any accounts or OS-level age support. However, clearly the goal is not to protect the children but to enable mass scale surveillance and profit from it.
Even when I manage to enable parental controls by using a dedicated app or account (what nonsense is it that I need to create an account to restrict access!!!) the content being served is dubiously appropriate for the age group, aside from having no value whatsoever other than the intended goal of perpetuating addiction.
Interesting that no one is talking about identity verification likely coming anyway. I’m working on clawchrome.com, a real browser for agents. It can access any website because it’s the real browser.
I sure hope agents don’t swarm social media. But at the same time I think identity verification companies have a tougher problem, ai can produce real looking videos and documents. There’s probably no real way to verify someone purely through the internet at this point.
There are many usecases for agents having access to a real browser and many usecases for humans where work wise it's useful or for agent success in completing the task. Including any specific situations where sites may block "controlled" browsers, as well as co-working.
If an agent is controlling your own browser, it can get in the way of you being able to do work as well.
Additional security control, if you have control and audit trails regarding what the agent is doing, think things like not having access to the keys, cookies are unavailable through the api, certain sites blocked, especially for agents that run automated background tasks.
There's a ton of reasons really. Using stealth chromium forks can decrease security, potentially get you blocked from services/sites, and typically can be detected easily because Google is doing a lot more than just compiling Chromium to release Google Chrome now. That's why many of the stealth browsers out there are moving targets, and have tons of instances of being blocked.
So, if I as a website author would like to block the LLMs scarping my content or putting extra load and cost on my infrastructure, your project helps the actors who don't respect my decision and don't give a shit about consent to circumvent that?
Of course. Anyone who has even a little life experience knows that children, even more so, teenagers, will circumvent these measures, so they will fail at scale.
But what won't fail is the obligation to provide your id to 'verification providers', who are obligated to provide it to websites, all of which are obligated to hand over your identity to the authorities the moment they ask - the verification provider included.
So it's just mass surveillance, finally sold to the public through 'think of the children!'.
“Introducing age verification is based on the state being able to force social media companies to verify their users’ identities”
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
> Nobody forced them to use their real names and post countless pictures of their faces alongside
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
> consequence of introducing identity verification is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media.
on which major social media networks can you post anonymously today? HN is a rare bird in that regard.
None of the social media networks my teens are bugging me to sign up for (IG, TT, Snapchat, etc.) have anonymous registration.
I've said this before and I'll say it again. Just like radio was the wild west back when it first started, the internet is so today and eventually it will be licensed and regulated in the same way.
"Will the police stop and search people on the street looking for unauthorized phones? Prison sentences for buying a non-state computer on the black market? Charges of organized crime for smuggling in containers of open-source software on USB sticks?"
Come on, do people seriously believe this will happen?
If (big if) governments really wanted to help parents and children in any meaningful way, they would ban the actual hardware used to give constant access to these platforms.
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
Mullvad VPN is great. Mullvad Browser is a great balance for preventing fingerprinting and also usability vs the Tor Browser. Most browsers I've found, even ones with claimed fingerprinting protections, are easily traced by fingerprint.com and other tests. Mullvad beats it.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
i think in most cases sites like HN for example would be exempt due to not having enough users.
The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.
When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.
A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.
Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.
You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.
Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.
>and that you can no longer post anonymously on social media. You cannot be certain that your criticism of the government will not be followed up by the authorities.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
Also, if the government arrests you for making a post, the issue is them arresting you, not your post not being anonymous.
Like, criticizing the government shouldnt just be possible because you can hide behind a fake name. It should be legal with your face name and address attached to it as well
> did you think fifteen different three letter agencies weren't already watching you?
I think there was a reasonable expectation of anonymity, at least relative to other users. In the past you could access facebook with a VPN/proxy (and for a brief time, even tor) and use any name you wanted. But with forced identity verification you lose that little bit of anonymity.
I think the solution would be to make the business model of surveillance capitalism unfeasible. If algorithmic social media would be prohibited from offering their services for free, it would solve most of the problems the age verification laws are trying to achieve. Kids would basically disappear if their parents are not paying for them. Most parents would disappear too in fact, which would be good for everyone's mental health. And it wouldn't remove choice. You can still choose to use use Facebook or TikTok, if you subscribe and pay. It would basically act like a slop tax.
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
It's going to come soon. Very soon. I mean they have started in the physical world by regulating 3d printers and cnc machines to submit what they are making to an AI to make sure they are not making gun parts.
This is why you don't rely on AI too much. An LLM may be able to decide what you can do if you run it via OpenAI or Anthropic's servers, but a text editor and your programming language of choice just does what it's asked to.
Alternatively, open source community software run by folks in a country that doesn't have any age verification laws/don't care less about them.
Just run it locally. On your laptop that now needs 128GB of memory and costs $4500. Oh and your AI chip is out of date in a year, and can't run the latest shit.
Age verification is a project 2025 backdoor to ban porn, and also a way for Meta and others to advertise much more aggressively without violating age restrictions, and also a mass surveillance opportunity for the government. It is definitely not for the children or anyone’s safety. It threatens the most basic civil rights we have like free speech. The fact that so many people blindly support it is really depressing and disturbing.
Whilst getting excited about 'loss of freedom' the reason these companies are getting forced into this is because they've become so large, fundamentally evil and untrustworthy that we can't regulate them in to doing better so we have to ban susceptible citizens from consuming their output. See tobacco, alcohol, porn, cannabis, driving licences for other examples. /s
Good arguments there, and for once addressing privacy-preserving age verification.
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
> Many people genuinely want to find a solution that is better for the children
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
Not all children have active parents. I do not believe those children deserve to be taken advantage of or hurt simply because they happen to have bad parents.
The "laziness" argument doesnt work if the people being lazy (parents) are not the people being hurt (children)
That's the thing: it's not trivial to know what is possible and what is not. If you look at the messages in HN, many (most?) messages about privacy-preserving age verification are (at least partially) wrong. Tech-savvy people clearly do not understand the technology in details, and somehow they assume that normies do understand and are simply fascists or lazy.
It is my opinion that telling a normal person that they are a bad parent (or a fascist) because you disagree with them is probably not the best way to convince them.
I believe in democracy, which means that I don't call everyone disagreeing with me a fascist. In a democracy, if most of the population wants privacy-preserving age verification and I don't, then I am in the minority and must accept it. My role as a tech-savvy person is to help "normies" understand what it implies. Again, not to tell them that they must be fascists if they disagree with me.
There is a solution, it is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech. more consumer rights, in other words - that’s why this solution comes off as authoritarian, because there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
> there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
If you think that privacy-preserving age verification is the most authoritarian way to tackle this problem, then you really, really don't understand authoritarianism.
Now if you have tons of better and practical solutions to tackle this problem, I would suggest you start writing about them. I haven't read a lot about those solutions (other than "just ask someone who is not me to do it"), what I hear is mostly people yelling that only bad parents and fascists disagree with them.
I did. the burden isn’t on me to explain it to you, comrade. maybe you could start by actually addressing what I wrote. Or are you now expecting me to draft up a legislation draft before you’ll address my post? These types are always the same.
> [the solution] is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech
Pretty sure it has been tried in some countries, and the solution that those companies were happy to implement was... identity verification. There was a drama about Discord doing this, recently.
> Or are you now expecting me to draft up a legislation draft
Not at all. Just give me the name of a viable solution, so that I can search for it. It doesn't take a full day to write something like "privacy-preserving age verification", does it? I can't easily search for "JohnMakin says there are many good solutions, which ones are they?".
Why should you be able to traverse the internet anonymously? You cannot traverse real life society with the same expectations. Majority of the people traversing anonymously are doing so because they are routine troublemakers and do not want to bare consequences for their malicious actions. The ones fighting for this complete anonymity but not doing crime are naively just sweeping for bad actors.
One of the things that I liked about the old, text-based internet was the anonymity it provided. I particularly liked being able to engage in discussions about things that interested me without being sexualized, since nobody needed to know I was a teenage girl. No creepy messages, no looks up and down, no having to figure out ways to turn someone twice my age down without worrying if they'd react dangerously, no having to leave because someone more integral to the group was a creep and nobody would accept it if I spoke up, no worrying about my small statue making me a target for physical intimidation, etc.
(Now I am old, so it's different.)
It was very freeing to be able to talk about my interests (e.g. space, web development, and video game modding) without being subjected to the bullshit that people brought to the table if they saw me.
Not sure what you mean. I am totally against surveillance capitalism and TooBigTech. I am in favour of end-to-end encryption and privacy-preserving tech.
I shouldn't have to show an ID to buy a newspaper or to load the website of a newspaper. On the other end of the spectrum, I should not be allowed to buy a gun without showing an ID (and all sorts of other constraints).
Somewhere in the middle, I understand that we don't want to expose 8 year old kids to pornography, but I don't think that one has to wait to be 18 or 21 to be allowed to access it. Same for social media. Where and how exactly we set the limit is a societal choice to make.
I also believe that "living in a democracy" doesn't mean that "everybody agrees with me, always". Many times I am in the minority. What matters is that people are informed. Telling them that if they disagree with you they are either bad parents or fascists isn't constructive, IMHO.
Parents need to either control the internet, or control their children’s devices and screentime. The latter sounds like the obvious option, except that Google wants every second grader to have a school-mismanaged chromebook and Google wants to mediate control of the internet, and by pushing parents to the former they win on both fronts.
Yes, because children deserve to simultaneously not be under constant surveillance by their parents but still be protected from bad actors. Hence we should collectively, as a society, protect them.
My point was that having the state regulate stuff is not always a bad idea.
The problem for many parents is that all the other kids have it. It's not always easy to develop a relationship with your kid to convince them that they don't need to conform and have friends.
So I can imagine that many parent would be relieved if access to social media was slightly more complicated, such that maybe it would be more normal to not have access to social media.
We've encountered this with things like Minecraft and Roblox and had conversations and suggested alternatives to it. It hasn't proven to be an issue, but I'm holding out hope that these platforms continue to collapse as our kids get older.
What about this: go ask parents why they allowed their kid to get a smartphone and access to social media, and only then decide whether they are morons, fascists or just bad parents?
I have a simple example: when all the kids have a smartphone, it is very hard to tell your kid that they cannot have one. When all the kids have a shared culture built around social media, it is very hard to tell yours to not conform. "It's okay my son, you don't need friends. Anyway the parents of all those kids are bad parents".
I don't have children, but it doesn't sound completely weird that parents may say "we should prevent most kids from accessing social media, so that my kid wouldn't be the weirdo if I don't let them have access".
In many school districts, unless you can afford private school or homeschooling its hard to tell a kid they can't have an iPhone, but impossible to tell them they can't have an iPad- at age six!
Age verification literally already exists in a way that doesn't require orwellian centralized control. The <meta rating> tag has existed for decades. If you want to restrict access force websites to apply these tags, then use a browser that obeys them. Parents control what their kids access, mostly, like it's been since forever.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
> Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
You (and many others) frame it as "the government versus the people". I think this is extremely naive.
Many, many, many parents are in favour of preventing social media access to kid, assuming it is done in a reasonable way. For instance, having a police officer follow every kid everywhere they go 24/7 is not a reasonable way, and everybody agrees on that. Now what if there was a reasonable way?
Ask yourself this: do you believe that privacy-preserving age verification is not a reasonable way, or do you know it? In order to know it, you have to understand how the cryptography works at some reasonable level. Do you? Most comments I read online come from people who believe and then repeat arguments they have read that confirm their beliefs.
I was noting that the Mullvad article actually addresses ZKP (which is good and a very rare thing), but that I found it was a bit evasive in a way that feels slightly manipulative to me (probably not on purpose).
> I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship".
It is worth recalling that "authoritarian" is a relatively neutral label for a political philosophy (like "liberal", "democrat", "capitalist" or "socialist"). It isn't that people are name calling, it is that authoritarian policies - like this one - consistently cause more harm than good. The label is basically a slur at this point because the disasters that the authoritarians trigger often veer into being massive and appalling spectacles. People tend not to be very evidence-based, so the people who lean authoritarian tend to try and rebrand to avoid being tarred with their philosophy's consistent failures, but it is still authoritarianism.
But the productive path forward isn't to try and be nice to the authoritarians and accommodate them with the rebranding. It is to adopt liberal policies. Like letting people read and comment anonymously on the internet.
I appreciate the comment, but I feel like you miss my point in a way that is (not purposely) manipulative, again.
I don't think that we would call "authoritarian" someone who would ask for, say, guns control. Or at least we wouldn't call "authoritarian" someone who is in favour of having more than 0 law, would we?
You are being manipulative by saying "If you want a law that I don't want, then you are an authoritarian. I mean no offence, it is just what you are". But reality is a lot more nuanced than that.
The vast majority of people who are in favour of age verification are not authoritarians. They really just consider "should kids have access to social media? Not until they are old enough". Whether or not it is technically possible is outside their knowledge. And the fact is that for age verification, there are technical solutions that are privacy-preserving (unlike e.g. ChatControl which is fundamentally building surveillance infrastructure).
And even for ChatControl: people who say "I would be in favour of a magic backdoor that would only work for the well-intentioned good guys" wouldn't count as "authoritarians", would they? It just so happens that there is no such thing as a magic backdoor, so they cannot have what they want.
What political philosophies do you think lay claim to these age verification laws?
There are a couple that aren't against it, but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian. Otherwise, you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them. There are alternatives here that are less authoritarian. Policy makers and the people supporting them don't want to use those approaches, because they support taking a more authoritarian approach.
These policies, in practice, are literally authoritarian policy. It isn't the most extreme form of it, but it isn't authoritarianism because I don't like it. I don't like it because, objectively, this is authoritarianism and authoritarianism tends not to work. Otherwise all the research I've seen suggests that kids shouldn't be using social media. If this wasn't likely to take out huge chunks of the healthy political dialog on the way it'd probably be tolerable.
If it is manipulation to point out that this is part of a class of strategies that have a history of horrible failures, then you have a very confused understanding of what manipulation is. This is an absolutely classic authoritarian "we can't just let people talk to each other however they like without the authorities being involved" play.
> but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian
I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
> you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them
How do the social media companies already know? Because they track everything? But if they ban kids, they don't track them anymore, do they? Or are you saying that social media companies should be able to track everybody everywhere, such that they can profile them and ban them from accessing social media?
> I don't like it because, objectively, this is authoritarianism
You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
> I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
The reason people are getting called authoritarian is because ZKP proofs are a massive and obvious improvement on what is actually being implemented. Can you point to anywhere that has implemented ZKPs? The linked article suggests that is quite hard to do.
I wouldn't be using an American IP right know if my local age verification laws required ZKPs.
> How do the social media companies already know?
They ask you your age when people sign up. That's good enough for me - I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
> You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
I haven't seen anyone complaining about that. Sounds like a non-issue. Why would anyone over the age of around 18 care? You should consider reading the linked article if you don't understand what the complaints people are making are. The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
Mullvad isn't writing this blog post because of the huge numbers of 12-16 year olds shelling out cash to them. It is because the authoritarians are making a play to destroy a sizeable chunk of the open web with a likely follow up of cracking down on free speech.
> The linked article suggests that is quite hard to do.
It's technical, just like getting E2EE right. Doesn't mean it's hard to use, as proven by the fact that billions of people use E2EE in WhatsApp and Signal without even realising it.
> I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
You seem to have a Manichaean view of the world. There is room for nuance between "let kids lie by clicking 'yes'" and identity verification.
> You should consider reading the linked article
Did you read it? There is a whole section that is titled "The Zero-Knowledge Proof alternative and the EU".
> The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification, and they criticise the infrastructure enabling identity verification. And then some more "slippery slope" arguments that are worth what they are worth (with the same kind of reasoning, we shouldn't have gun control, because the next step is to control everything, right?).
> Mullvad isn't writing this blog post because
Mullvad sells some kind of privacy (as much as a VPN can offer), and here they share their opinion about age verification. With which I mostly agree: the only viable age verification implementation is through ZKP. I tend to disagree with the slippery slope argument, and that "the government abuses everything they can". If you think like that, doesn't that make you an anarchist?
Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
Democracy is not "they" vs "us". Democracy is not "opposition has to be absolute". What you describe here is extremism. If you believe that anyone disagreeing with you is an extremist and that the only viable way to react is to be an extremist yourself, well... you are the extremist. Whether you are fighting extremists or not (this "they" you conveniently do not define) is unclear, though.
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
> There absolutely is you're just not aware of it.
Can you show here that you understand how privacy-preserving age verification works?
I mean the rest of your message really, really sounds like you don't. Don't get me wrong: I do agree that identity verification is bad. But it is not okay to say "I know of a system that is bad, and I don't know the nuances of how it could be implemented in a better way, so I will just assume that there is no better way".
Sure but that absolute opposition hasn't, as far I can tell at least, achieved an iota of success. So it's largely a self indulgent merit badge than an actual strategy.
Current policy is victim-blaming: it excludes from social media potential victims (children) but allows perpetrators (convicted csam users).
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
i never read a nat geo where a young girls innocence gets destroyed in 4k ultra hd , either way based on the behaviour of our ruling class it seems likely that the pedophiles are the ones instituting these laws
It's absolutely a slippery slope - but most parents know how this is a very real thing as well. There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter' - the intellectual debate over freedom of information is clouded by ideology.
Definitely the 'slippery slope' debate is worth having, but that's way more relevant than the 'should 10-year-olds be able to do whatever' (aka all or nothing internet) which I think, if we took a vote, most people would be fine with nominal age restrictions, on that basis and on that basis alone aka outside the 'scary government' issue, which is again, real and material but nevertheless a separate concept however pragmatically engulfed these things are.
The point is there are much better ways to enforce this - like just setting up proper parental controls on a device.
Kids can’t buy their own phone. So parents can always enforce stuff at a hardware level if they set it up properly. It would be much better to just mandate that phones set up with a kid profile cannot access social media.
This is not how any other thing that is banned for children is enforced. It makes no sense.
The person selling the age gated item needs to take lawful measures to ensure they arent selling it to a minor. Their parents have nothing to do with it.
Your solution would be that if a 14 year old walks into a liquor store and doesnt have a note from their parents saying that they arent allowed to drink alcohol, then the store should be able to sell it to them.
Many parents don’t have the technical aptitude to set the controls up properly. I am a software engineer and I find it challenging to keep up with the nuances of parental control setup and how to adjust it as kids get older. Content is also imperfectly tagged and smart kids can easily find loopholes in most controls. Having a centralized ID validation system wouldn’t be an ideal solution but having something baked into the Internet itself to help parents shield their kids from inappropriate would be a good thing.
Back to the internet's peer-to-peer roots. Many protocols besides the www
The www became infested with so-called "tech" companies acting as intermediaries (middlemen)
Lots of folks making money from surveillance ad system on the www. Oversized, unmanageable websites calling themselves "platforms"
The www is an ad network. Not a great place for non-commercial activity
Fortunately, the internet is more than the www. The internet was not created to collect behavioral data and deliver advertising as its primary purpose
People pay for an internet subscription, not a www subscription (or now a "social media subscription")
I've really enjoyed playing around with https://github.com/markqvist/nomadnet and the reticulum protocol in general as a peer-to-peer alternative to www
I have to admit, I'm kind of looking forward to what comes after the inevitable death of the www.
I don't think WWW will ever die but I can see a hard split coming eventually. Most people will just put up with the current state of the internet for a long time yet.
Gopher and Usenet died
I2P already exists and is usable.
Once again American capitalism ruins everything for everyone.
Yeah but $1.50 Costco hot dogs! I got nothing more on that.
Not only that. The Eu is also implementing 'age verification', at the same time with - surprise - digital id.
It's just an attempt to reverse the free internet and implement total surveillance.
Without American capitalism you wouldn't have computers, the Internet, smartphones, AI, electric cars and countless other things. That, and the Costco hot dogs mentioned in another reply.
Except that the www came out of Switzerland, the first electric vehicles out of Scotland and Germany, the earliest descriptions of neural networks - also Scotland, and countless other things, like Rockets and whatnot, also out of Europe. But, sure, congrats on that ARPANet thing.
The irony of writing this on this particular board, out of all places.
As a parent of teenagers, I feel like the sites make it hard for parents.
When they were young, you had a choice between YouTube being completely locked down with no option to whitelist channels or letting them watch almost anything (although I think this has changed since but it's too late now for those of us with children that age).
Now, there is no way I can whitelist contact/groups on WhatsApp or Discord servers/friends. Once they hit 13, pretty much any option to restrict anything feels taken away from you as a parent.
Luckily, I have sensible children (I think!) but it's really hard as a parent trying to both be reasonably responsible, but not deny all technology, it's really hard to navigate a sensible course.
You gotta understand, the owners of these sites don't care about you, your kids or a good user experience. They care about serving ads, tracking your behavior and selling that behavior data to the highest bidder. If they get to your this behavior to your government ID, it will probably make it more valuable.
There's also a lot of room between YouTube (or even social media) and all technology...
Safe Vision app
Isn't age verification actually a good thing? If you want a free internet, you don't let your kids browse these websites. Otherwise, it allows you to make sure they aren't watching "hurtful" content.
No, forcing everyone to verify their age is a terrible thing. That's not the same thing as keeping kids away from potentially harmful websites or people. That is positive, but it's awfully weird to enforce it by doing this terrible thing that hurts the open Internet when almost every single kid on the Internet is using a device and Internet connection provided by their guardian. Seems like we could figure something out that doesn't literally require every website to process your identification and completely destroy anonymity.
One very simple way to give parents control over what their children see and participate in without violating everyone else’s privacy is to create adult and social TLDs and require these sites to migrate to them. So instagram.com becomes instagram.social, etc. Then mandate that all consumer network equipment mfrs and internet providers provide easily accessible ways to block these TLDs. Maybe combine that with some public education materials to teach less savvy parents how to do this.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
This idea has been around as long as the web, but you can't get momentum behind it.
A much better idea was a .kids domain where the content was vetted, and you could allow-list your child's device to that. Much easier than trying to migrate everyone over to specific TLDs, especially when that ship has sailed already. But that never got traction either.
Edit to add: I used to work on "family safety" software. Blocking bad content doesn't work - it's too difficult of a problem. Walled gardens do work, however. The fact that there's not a push for the equivalent of an Apple App Store for kids is probably evidence of ulterior motives on behalf of regulators.
You're massively underestimating rule interpretation skills of horny teenagers and gambling game developers. Total segregation based on actual solid cold hard ruleset is pure gasoline to them.
This only works if ALL TLDs become strictly regulated, which goes against the idea of a free, open and distributed internet.
And even then, what about social networks showing porn? Chat apps like Whatsapp and Discord having porn etc groups?
Any platform that accepts user-generated content, from Pinterest to Ebay to forums, etc can host it. And that's just what's on the public internet.
There was some optimism with .xxx that adult content producers would voluntarily switch over. Spoiler: almost none of them did, except for domain name availability reasons.
Plot twist: in a few years all the indie and counterculture web appropriates .xxx domains to evade AI crawling and legislative interference.
And then suspiciously the .xxx registry jacks up the prices to herd everyone back
What this misses is that many parents do allow their children to access social media because kids need to conform. If all the other kids have social media access, your kid is excluded by not having access.
Is it better to have TikTok AND friends, or no TikTok and no friends? Sure, the best is no TikTok and still have friends, but you can't always have it all.
It seems to me that the supply of friends is more or less unlimited, such that it's pretty reasonable to apply filters when choosing who to befriend.
"Also not using tiktok" could be one such filter.
At last the best option is to have the cake but not eat it too!
Just add as an SRV or TXT dns record. Give the power to the owner of the device to allow it or not.
Using TLDs as any kind of categorization has failed long ago.
I don't get why a problem specific of parenthood should apply to everyone else. Don't give your kid a smartphone then.
This is such a naive take, I see it a lot. Have you considered they can:
* Buy one themselves
* Get / use a friend's
* Use public internet access points
* Need one for school
* Use the smart fridge / tv / gaming console / anything with a browser
* Access stuff in Minecraft, Roblox, etc
You can only stop it by going offline and raising them in a cabin in the woods, which is a whole other thing.
What you can do is give them The Talk, of course (but that only helps / prevents to a point, it's more to prepare them for what they may find or how they can identify problematic things). And the other is to push back as a community effort, with e.g. many schools banning kids from having phones in the first place.
I think the earlier commenter is right. If a parent fails to... well... "parent" that's on them. Locking down the internet to republican-approved sites only is not the answer.
Have you considered that even if unwanted material was only accessible in physical form with age restriction for buying. Like porn magazines, cigarettes or alcoholic drinks, kids can still access them and find a way around it. You can ask older generations. Perhaps you can't stop it by "going offline and raising them in a cabin in the woods".
Best is to assume they have access to it one way or another if they seek it. The discussion should not be about banning vs allowing, it should be focused around how to deal with situations that arise regardless.
Education about the subject and why kids shouldn't seek access is quite effective, additionally they will be informed once they are allowed access. Think about how the last decades saw a sharp decline in smoking and alcohol consumption.
I can see that you don't get the problem, indeed.
One problem (there are others) is that it's not always possible (or easy) to not give your kid a smartphone, or access to social media.
Imagine that your kid doesn't have those and is having a hard time at school because all the other kids do have them. They have a whole culture based around those, and your kid is excluded from it. What do you do? Tell your kid that it's okay to wait 10 more years before hoping to not be excluded?
Reminder that the internet was created to be live and a indestructible means of reaching one and another, none of what you wrote can meaningfully do what you think it would.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
Block how? You can block sites now and all it takes is a proxy/vpn to get around it. Nothing short of personalized age verification will work. The best we can do is make sure the age verification system is centralized by the government. The client sites can’t see who you are and the centralized government server should not be able to see the sites you visit.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
Whether such a system could be bypassed by a VPN would depend on exactly how the age verification works and whether said government decides to ban the use of VPNs.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
I don’t mean bypass as in get around the verification system I mean bypass as in its one flaw can be mitigated by using a VPN.
>Nothing short of personalized age verification will work.
Specifically, daily personalized age verification by the specific app/website, not by a third party.
>The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you.
Well, the government has the right to request proof that the company in question is properly conducting the age verification process. This means that the companies performing age verification will keep your personally identifying information (PII) and maintain an association between your PII and your account/activity on the platform.
On a different note, the government has the right to gather evidence of criminal activity, where the definition of "criminal" is under their discretion and if there happens to be a convenient stash of information that can be linked to your person, that's just a happy coincidence.
The article says that California "will require identity verification at the operating system level starting in January 2027", but that isn't true. The bill [0] only requires that operating systems collect age information on account setup and then provide which of four buckets the age falls into. It's not requiring any kind of identity verification by the OS. It's just a box you fill in when you set up the computer.
I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
[0] https://media.reclaimthenet.org/docs/california-ab-1043-digi...
This put the power in the parents hands. They can set up their kids computer with a kids account and then all software and web services can just ask the OS if the user is an adult rather than all requiring their own ID verification.
Forcing all OS to do this is a bit of overreach though no?
If you want to keep your kids safe get an OS that supports it?
Why is it the state’s responsibility?
OS-level is so much better than app-level. App-level means redoing the work for each app and increasing the odds of issues.
It's the State's responsibility once something affects enough people. That's why a law like this makes sense but should exempt OSes under some number of users. It's not great that we have such a harsh divide between "do whatever you want so long as not too many people are bothered" and "alright now the people have spoken and it's a State/national law," but it's the system we have and better than the people only getting a say with their wallets.
This conversation makes me wonder if age verification at the system level could be considered an externality for its cost to society as a whole, and the solution be to collect tax from any commercial sale of a desktop OS that doesn't implement a defined open standard. If there is any money raised it could be used for eg. education pieces on harm and harm reduction
Maybe it doesn't work in this case, but I think you both make great points. Just feel like there must be a way of bridging this gap
I think it only affects devices that are sold. So free software, you install yourself won’t meet that theshold.
Well it may end up with some porn-hungry kids compiling their own Unix core build on their own, not a bad even if unintended direction
The state requires things sold to meet a bare minimum of safety. Cars sold require seat belts, movies/games sold require ratings. Devices sold have a meaningful parental controls flow.
Seat belts aren't forced on you - if you want to not use them and face the risk of fines, you can do so. Media ratings systems are informational, you can choose to let your kids watch R rated movies or above. Are they going to let parents have a choice when it comes to parental controls? What about non-parents?
That's my gripe with the age verification systems I've seen, there is no room for parental choice and no consideration for people that are adults and don't have kids using their computer.
I don't think it is overreach since its fairly simple to implement and non obtrusive. We have had multiple decades of failure from tech companies already to prove that they won't act on their own.
If you are putting individual parents up against Meta, Google, etc, the big tech companies easily win. As we have seen already.
> I don't think it is overreach since its fairly simple to implement and non obtrusive
Those two things have absolutely nothing to do with one another. Something being easy to implement is completely unrelated to whether forcing its implementation is overreach.
Its the responsibility of legislators to reflect the legislative will of the people.
The issue is it's a few incremental steps away from nto being that way and the first step is really the issue.
I think the part that's the issue is the one where they mandate age verification. They're going to try that either way, the worst thing this could do is get people accustomed to the idea, but in practice the operating system they use already asked their age.
Just look at how far privacy has slipped in the last 25 years, it won't take another 25 to get there. Maybe less than a decade.
As a parent, what I find effective are content rating systems, be it for movies, games or apps, along with the ability to control and fine-tune them.
For example, with Apple's parental controls, I can blanket-decline access to Social Media apps, or to apps recommended for a specific age or older, and I can also allow exceptions as I see it fit (for example, my kids have no access to WhatsApp but they are allowed to use Signal, both have the same age recommendations)
This moves the responsibility for age verification to me, the parent, and provides me with suitable tools to monitor this. With this, there is no need for my kid or me to upload sensitive data or go through some bad age verification implementation.
Websites are more difficult to control, but not impossible.
Long story short - improve tooling for parents that allow more centralized control instead of mandating social media to do the age verification on their end.
It is similar to what Frank Zappa proposed when they were looking at age restrictions on records. He said, they should have the lyrics printed up so parents could decide if their kids should assess it. A decent moderate response.
Alas, the age restrictions came in and the big warning on the front covers was added. It did kind of backfire because that warning started to become a badge of quality to younger people. A similar thing could happen here. If you restrict it then it becomes the forbidden fruit.
There isn't much left of the free Internet anyway. Search engines no longer work, all discussion forums are ranked/censored by interest groups, mail delivery is between large entities.
Maybe we need an alternative set of root servers for a free Internet.
I would suggest that we should not conflate the internet with these corportate platforms. The internet still works fine for now. I can still stand up my own DoH resolvers, forums, chat servers, email servers, DNS servers, vpn servers, etc... Many social circles are bound to have a tech-nerd one or two layers removed. That used to be a pejorative.
The hardest part is the psychology. People think they have to be on the big platforms as that is where their friends and favorite streamers are. Willpower can bring back the old platforms onto the current fast internet. Critical and free thinking people can choose to ignore the big platforms if they wish. People can go to local stores to buy most things. There are arguments for and against all these points but I am choosing the aforementioned options and accepting the psychological challenges.
People can use old style self hosted platforms as a "fallback" and once people realize it is more private and they can speak freely amongst their friends it can get comfy real fast. Glowies are seething.
Some friends and I have private forums and chat servers. We talk shite all the time about Reddit threads yet none of us have Reddit accounts. We talk about HN threads, brain rot on Twitster and many other platforms free of censorship, free of voting brigades, people trying to force narratives, etc... Oh and most important, free of "AI".
In a way it is the bad players that are ruining it. Yeah I can setup all manner of servers for this stuff, but the instant I miss a patch or a patch is late to be developed and you can be compromised in no time. And unfortunately it just becomes a game of endurance between you and the army of folks trying to crack systems open.
I have said it for decades, if there weren't bad players then we wouldn't need any of this security. That is a very utopian idea.
I have thought that a way to put people off is to have such an anaemic server that they wouldn't bother. Like a tiny RiscV board running Haiku that delivers basic HTML and email. There is little incentive to raid that thing. I haven't thought this idea through much however.
For what it's worth I have been running my own things since the 90's and not yet compromised. I disable the CPU mitigations and have a minimal firewall configuration. I do keep things patched and keep an eye on news regarding the public services I run but only enough that I can still call it a hobby. There really isn't anything utopian however, it's just a hobby and a way to let friends communicate without big brother putting their peanut butter in our chocolate. If you don't feel comfortable tinkering then of course don't. Never feel pressured. One can always start off sharing their services with a few friends and not advertise it globally. Find a hacker friend that can help pen-test your stuff.
Probably one of the riskiest things I have set up was just this week exposing Unbound DoH to the internet. Unbound has had a handful of security issues in the past. The bots are getting confused by this weird thing listening on port 443 but they just can't figure out how to connect to it. If it gets popped I will just nuke that VM.
Outbound mail gets harder every year as opaque reputation systems flag mailer daemons as false spam positives.
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
And content is increasingly produced for, and by, machines. Human initiative and/or access is increasingly incidental.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
> keeping that alternative clanker-free
which brings you right back to verification...
Verification tells you that a human being is behind it, not that a human being made it.
Perhaps, but in both cases, I think that the principle problem is attempted control at the wrong portal.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
Would be nice to see something referral based. If you don't like X, block them. If X invited Y and Z and their invites behave poorly, you can block the whole tree. Kinda like lobste.rs referrals but for wider internet
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
There are several problems with this.
Aside from social dynamics, a chief issue is that if you're relying on this as a mechanism for content filtering, personal relations have low predictive value.
E.g., I may really like a person's content, but not their curation or referrals to other accounts. Conversely, I might not care for a person, but their recommendations may be excellent. More common might be the case that a given account produces little or no content of their own, but makes reliably predictable (either good or bad) recommendations, which would be useful for further filtering. Or the highly verbose individual who emits a constant stream of near-drek, but an occasional diamond.
Content production, content curation, and talent spotting are all distinct skills. Success or lack in any one says little about the others. This is where Bayesian indicators (including relationships and referrer / invite relations) would probably be more robust.
That said, tainting an entire invite tree is likely useful, with a caveat that if a particular invitee has an independent, untainted, relation, they might be worth following.
In practice what I've found most useful is to have a pretty tight primary list of follows, ~50 or fewer, and a slightly broader secondary list. Allow recommendations be default (that is, re-shares / boosts), but curtail those too if problematic. Be quite liberal in blocking / muting anything in the least bit annoying or problematic.
Or participate in a selective group with excellent moderation. HN isn't quite there, but it approaches this ideal more closely than any other major forum I'm aware of presently.
Just peeping Fediverse for a few years i can only imagine how toxic that would get. It would be a constant ideological war.
The trick is to stay small. If your network only has a few millions of people, nobody targets it.
Not true at all. Even small, insular, just-a-few-hundred users PHPBB-style forums have to run Cloudflare or Anubis to try to stem DDoS-style scraping, and have a constant patrol of moderators to stop AI spam posts.
Already exists: Opennic.org
The future is balkanized.
Occasional communities may survive in a walled garden fashion.
Sorry, Tim Berners-Berners-Lee.
>Maybe we need an alternative set of root servers for a free Internet.
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
So, to post something in 2027:
- You have to have an approved browser.
- It has to be installed on an approved platform, Google or Apple, for which you have a valid account.
- You have to have an account on the posting platform.
- You have to get past moderation on the posting platform.
That's without age verification.
You can't sign up for a Facebook account without giving a live selfie.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
Well yeah, Facebook has been a data harvesting scheme from the beginning. It was originally called LifeLog. It is not part of the “free” web.
Indeed, well before Clearview, Facebook demonstrated they can identify faces and asked people to tag people in it, creating one of the earlier massive facial ID databases.
FB's policy on this is patchy. I've known people who have had accounts for years, who were suddenly asked to provide a selfie - often after posting political content. Their accounts were then either locked down permanently, or unlocked.
I also know people who created accounts from scratch without needing a selfie while connecting exclusively through a VPN. (Only some VPNs, work apparently.)
Supposedly FB uses device ID tracking, so if you're picked for selfie ID on a device and try to create an alt, you'll be selfie-ID'd again.
Using a different browser on desktop solves the problem for desktop but not for mobile.
And so on. Basically it's doable, sometimes. And sometimes it isn't.
Seems fairly robust. So why is spam and misinformation so incredibly rampant still?
just use a video of a video game character and pause the video at the required face positions
It gets worse. Banks now require pictures of faces to fucking close the account and pull the money out.
ATM are taking a picture when withdrawing since decades :-)
You find it to be a negative that banks require identity verification to drain an account? Personally, I would refuse to keep my money with a bank that doesn’t do this.
The relationship was established decades ago and they accept money and direct deposit still with no KYC.
But to get the money out? Oh no! We need a picture of your face! And there’s no option for going in person.
> The relationship was established decades ago and they accept money and direct deposit still with no KYC.
Having just gone through the annual KYC checks required by my bank/s I don't think this opinion stands universally.
Can also confirm to open an account I need to provide a live selfie and verifiable government ID.
> Having just gone through the annual KYC checks required by my bank/s I don't think this opinion stands universally.
What is the "annual KYC check"? Your bank is afraid you became someone else during the year or what?
Asinine requirement by whatever risk management firm they use. A selfie provides nothing in terms of lasting security while simultaneously adding permanent risk.
Have you ever considered that it’s a front? You may think that store that never has customers is just run incompetent business people, but in reality the real objective is not the one you believe it to be, and it’s actually great if you were to refuse understanding that.
I've found that framing topics like this as primarily a pretext for different motives is a sure-fire way to be ignored by people you may want to convince.
As always, the goal in convincing others is to take someone from their current understanding and bring them closer to yours. You can't get there if you don't start the topic at their current understanding of it.
> they accept money and direct deposit still with no KYC. But to get the money out? Oh no! We need a picture of your face!
Unauthorized deposits aren't nearly as much of a concern as unauthorized withdrawals, right? I'd imagine that there are far fewer malicious actors that try to deposit money into random bank accounts than there are ones that try to withdraw money from random bank accounts.
> And there’s no option for going in person.
Won't an in-person bank also take pictures of you via security cameras? I don't really understand your objection here, could you elaborate?
A bank's security camera feed isn't likely to be sold to dozens of companies.
It is all but guaranteed for Internet-based facial recognition services.
Hacked facial recognition data already is reportedly being used by scammers to not only bypass bank security but also to impersonate people to target their loved ones.
There is no lasting security gain by providing a selfie. There is a lasting security and privacy loss, however.
So that's the concern? But GDPR solved this, just don't consent to them selling your likeness for AI training purposes.
Trusting untrustworthy companies aside, that doesn't resolve the issue of hacked facial recognition data.
Even back in 2014, malware was coming out that steals facial recognition data directly from smart phones themselves.
https://www.theregister.com/security/2024/02/15/stolen-ios-u...
The GDPR isn't a silver bullet.
Additionally - furtherance of facial recognition technology would impact travelling to foreign jurisdictions.
One of the most common ways foreign travellers get flagged when travelling internationally is for social media posts made under their own name that their destination country's government may not like. Traditionally if you've kept yourself pseudo-anonymous, you've largely been safe. But if we get to a point where pseudo-anonymous accounts are associated with pictures of people's faces, it will become significantly less pleasant to travel internationally for a lot more people.
You have way more trust for these companies actually following laws than I do
It used to be that you could expect to not have your likeness captured and transmitted to third parties for their AI model training and who knows what other nefarious purposes.
It seems like all expectation of privacy and anonymity evaporated in the last 5 years.
> they accept money and direct deposit still with no KYC.
WHAT? No KYC? what are those banks?! I have friends in South America who would pay really good money (cash) to know
The option for going in person involves a balaclava.
I'd consider it a negative that they trust a shitty webcam / selfie camera to cut the expenses of having an actual office with trained personnel.
Who aren't flawless of course, but selfies have been easily circumvented with photos or video game cameras.
Hell, at one point we had to implement age verification for a Japanese tobacco product website via a 3rd party vendor, I just used the wiki page's picture of a Japanese ID to test it, worked fine.
Yeah, it's ridiculous in an age where you can have backgrounds replaced on the fly in video calls.
most banks using faceid won't accept you go to a branch. because they contract with a provider who makes more money from building and selling a database than to fulfilling the contract with the banks.
Do you have proof of this? This comes off as conjecture.
ask you ai chatbot or do 5second google search.
all banks contract with fly-by-night faceid providers who have zero oversight or provide no governance info anywhere.
I did Google this. It seems to be a small number of banks doing this right now. A far cry from "all banks".
Maybe we'll get there eventually? But you should be more wary about making such absolute claims.
It’s the end of large scale “global village” social media - good riddance if you ask me; I’ve left it years ago for more private spaces.
I wonder though how it will affect places like 4chan. I don’t really know if it’s still as anonymous as it used to be but that’s like a cornerstone of their existence.
Global village can just be code for Tower of Babel. It was knocked down for a reason.
And you have to declare your accounts to border police prior to international travel.
Are you referring to financial accounts or social media accounts? (If social media accounts, I'm guessing you're referring to the US specifically, and during advance visa processing rather than at the border.)
> and during advance visa processing rather than at the border.)
This got extended to every traveler, visa or not.
this is reason enough to close the vast majority of them. if you're engaged in discussion, that's one type. the doomscrolling types, more addictive but very much more disposable.
You don’t “have to”. They’re requested when travelling to the US - but from my experience it’s not enforced (at least not consistently, I’ve never been asked why it was blank on my forms)
I thought so too, and said so at a meeting at work when some colleagues were unwilling to travel to the US.
It turns out close contacts of some of my colleagues have been asked to show their Facebook accounts at the US border. There was a recent rule change about it.
Is that some US thing? As as European I've never experienced this, on any continent (barring Antarctica)
And your data on all those platforms - Google, Apple, Facebook, Twitter, etc. are ALL building comprehensive profiles on you, selling your data, and probably tossing it straight to the government in one way or another.
And just so we're clear: these companies are building these profiles even if you haven't registered and/or logged into their services.
“In one way or another” is doing a huge amount of work in that sentence. The spectrum of privacy postures there is massive.
Indeed:
Google collects 20 times more telemetry from Android devices than Apple from iOS (therecord.media) [but Apple still collects a lot!]
https://news.ycombinator.com/item?id=26639261
I totally agree with that, and all those points scare me a lot more than privacy-preserving age verification.
They all started with something as innocuous as privacy preserving age verification
That’s to post something on a garbage social media like Facebook. Facebook owns their site, so I believe they can require whatever they want, and your option is to not use them. Other services requiring Facebook (or an Apple or Google phone) and everyone using Facebook are separate problems, that should be handled specifically; I think it’s easier to leave Facebook than coerce Facebook into decency.
Fortunately on Hacker News, you still only need a username and password. And if spam is an issue, on lobste.rs you only need an invite.
This was 2018 China. Oh jeah add id verification to that as well.
Fun fact: America invented the social credit score, long before China, and they still have it. The only difference, is the lack of the word "social" in the system's name, but it's the same system.
is remote attestation possible in a web browser already?
Mobile, yes. Not sure about desktop.
That's Google's new captcha design - they want you to scan a code on your phone to reuse your mobile's attestation on your desktop.
I’ve configured my browser to disable certain tech like webgl, I get infinite captchad by google. Using vanilla chrome works fine. It might not be full blown attestation but it’s not great.
Fuck you google for ever thinking infinite captchas are acceptable.
"might as well abuse this tosser to train the AI a bit. Free compute and classification, hey!" - or so, I guess. They immediately know they'll never get you through :)
Good luck, I don’t know whether the slight line in the adjacent square is part of the traffic light and sometimes I just say fuck it and click random squares.
don't forget what's been going on for a few decades already: a personal phone number that ties your home address, billing, etc etc.
- If you want to enter the United States you must have a social media account to vet for your love of Dear Leader.
So don't post on Facebook or whatever. It's a waste of time anyway. Why would I want to add more garbage to the dumpster fire?
Yeah a lot is about to change with this all. I've already picked my side and nope not gonna ID to use your website. Will do without, fine with that.
Same here. Need an ID then I don't need you.
To that, I have also what I consider my "forever hardware" were I can do what I want offline.
Not saying other stuff won't creep in for various pragmatic reasons but it will be kept at arms length at best.
Can someone help me understand? Why is it not enough to just be able to manually set an age on local OS user account. If unset assume adult. If set applications can use it to verify age. Require admin permissions to change. All responsibility on parents to restrict admin and set the age. No data collection. No responsibility for services beyond a simple check. It seems like an incredibly simple solution with very little compromise on either side that gets everyone 95% of their stated goals.
EDIT: Oh it seems like that’s what the CA bill does? Seems good to me. I have zero problem with age restriction if age verification goes no further than mom buys kid iPhone enters birthdate, Instagram asks phone is user 18.
Because many children will have parents that arent responsible and that doesnt mean they deserve to be taken advantage of by a billion dollar corporation.
That is when the conspiracies start popping up, because a lot of people agree with you, me included.
However, you cannot make parents actually use such systems, so ignoring the obvious control this gives nation states, giving states this power might help the children of those irresponsible parents, which is the only real argument I have heard, since the effects of it are the same if the child simply had responsible parents.
Well it’s not even necessarily irresponsible parents, good luck keeping your child from going anywhere you don’t want them to go if you have internet enabled devices in your house.
In my mind you have states mandate that adult content (porn, gore) and social media services are legally required to check for the age from the OS. No other sites need to do anything. No data collection or ID verification anywhere. All responsibility on parents.
I would imagine for the zealots out there its worth it to go further and destroy the entire internet to prevent a single 14 year old from jerking it to a tiddy. And then of course the advertisers want device attestation. At least it seems California is picking a sensible middle ground.
The compromise is that it is either really easy to work around, effectively defeating what it is trying to do, or it becomes tightly locked down to trusted devices only, destroying the free internet.
How would you work around it without admin access to the computer?
A full answer is somewhat dependent on specific implementation details, but the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary. Get another computer that identifies as an adult, and that isn't concerned about your age, to send the data to you.
And maybe that's a healthy way to think about it. That it doesn't matter if kids find it easy to work around. There is no child who hasn't been able to get their hands on alcohol when they want it, but perhaps the infinitesimally small amount of friction leaves many to second guess their choices? Then again, from what I see out there, just rationally explaining why alcohol might have negative consequences is enough to see that second guessing. Alcohol consumption amongst the youth has completely plummeted now that we no longer treat it as some magical taboo thing and finally started talking honestly about it. The same pattern has been observed over and over in other things with undesirable consequences for children.
> the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary.
They can do exactly the same with other proposed solutions - ask an adult to register a social media account with their id or pass selfie-age-verification for them.
Yeah there’s no getting around that kind of thing. My parents would unplug the router at night and take the power cable so i found another device in the house with the same cable and plugged it in. But my sister never did that so at least it worked for half of us.
I’m all for sane best efforts for restricting children’s access to mind warping materials online if the consequences on the overall internet are minimal which I think this does. I’m not on board with killing the internet as we know it to get from 80% of children off social media to 90%.
The problem with social media and to a lesser extent porn is addiction. If a kid had to go to a friend’s house or sneak on to their parents computer to scroll tiktok that’s already a huge step in a healthy direction.
> The problem [...] is addiction.
Is it? Only around 10% of the population will develop an addiction (of any kind). About the same rate as the population who live chronic sedentary lifestyles, which comes with equally (or maybe even worse) health and social consequences. Where is the regulation that forces you to prove you are of a certain age to sit on the couch?
This seems like a lot of effort for something that impacts such a relatively small group of people — a group of people (in size) that we otherwise don't normally care about one bit. 10% of the population is marginalized time and time again. What's special about this particular case?
I would hazard a guess that much higher percentage than 10% of the population thinks that they themselves are on social media more than they’d like to be, whether thats addiction or not idk.
You’re probably right though, i don’t think 10 year olds should be on social media in any capacity. Why? Partially because they can easily get addicted sure, but also because really any amount of interaction with these platforms is bad for them because they are monstrous mind warping engagement machines.
> they are monstrous mind warping engagement machines.
No doubt kids will choose social media over cleaning their room. Would they choose social media over going outside to play, if society still allowed them to do that?
The "boob tube", so given the derogatory nickname due to the perception of much the same idea you present, may not have been able to take the warping engagement to the same extreme, but during its prime also didn't really capture the youth attention because the youth had better things to do, like disappear into the woods until nightfall. TV use has always been dominated by older people who, through things like failing health, have lost the ability to do anything better.
True addiction or not, it is worth noting that addiction doesn't happen overnight. One needs repeated exposure to develop the necessary neural pathways. This is why addiction shows up much more commonly in obviously tough environments. People use a device as an escape from their situation, which feeds the mechanisms necessary to develop an addiction. Social media is most certainly engineered to tick the "this is enjoyable" box, but that alone isn't enough to develop a problem. There needs to be something that sees someone want to use social media above all else on a regular basis and, as you point out, it is very likely that much more than 10% of the population don't actually find social media to be all that enjoyable; just more enjoyable than taking out the trash.
So, maybe we can reframe this as: All this work to continue to keep up not wanting to see kids without a metaphorical helicopter constantly over their heads as a result of an imagined boogieman that was invented in the past? Seems like a horribly misaligned effort.
EU law gives every citizen a right to a bank account.
I wonder if EU law could give every citizen a right to a google or Apple account, including a forced recovery option if the account is 'deactivated'?
If at some point such an account becomes essential to function in society, access to such an account becomes a legal mandate.
I mean, try getting a job without an email account and a cell phone number.
Indeed.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
> EU law gives every citizen a right to a bank account.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
People love the EU and its oh-so-lovely legislation to keep them safe/lose privacy.
"EU laws", the EU in general is plainly the excuse that will carry the day - people seem to believe this 'good cop' rendition.
If you deleted all your social media and AI platform accounts today you would wake up tomorrow and be no worse off.
Dont forget what kicked this age verification in first place. Initially they wanted do age verification for porn, and only year later they moved into social media seeing there's wasn't huge pushback.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
It was funny here in Australia, they did it the other way. They banned social media for under 16 but didn't get around to porn until a few months later.
I mean, even if more things on the internet get restriced it wouldnt affect me since Im not a minor.
The "First they came for the Communists" logic still holds. When government able to open the flood gate, the mandatory ID check will be slowly and surely be everywhere.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
This is famously why ID checks at the liquor store led to the government eventually requiring a mandatory ID check anytime you walk the dog or go to the beach... except none of that happened.
I would call github a social media platform. So yes that would be a problem, even if my own projects are somewhere else.
Age verification is fine, at least in theory. It’s the implementations that are bad.
More and more people agree that kids shouldn’t be on modern social media, including me. But most people also agree that mass surveillance is dangerous. The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
Better parental controls, more parental education, and site-specific age verification (Facebook etc. can require whatever PII they want to use their service) backed by incentives (whitelisting in parental controls, promoted as a “safe site” in parental education). Are these enough? Maybe not, but maybe mandatory ID and blocking VPNs aren’t enough as evidenced by people bypassing them. These (first three) are progress, that don’t yet require mass surveillance, and we can first see how effective they are then go from there.
I wish people wouldn’t say “age verification is bad”, it’s like “anti-work” and “defund the police”.
Why isn't there a simple solution in the software world that's functionally equivalent to flashing your ID at the liquor store? They get the verification they need with no permanent record of your PII.
This can't be that hard. Can't I get an electronic certificate/flag verified by a trusted third party using my ID, where this cert retains no PII? This is what I come up with after not thinking very hard about the problem, and I can't be alone.
Maybe its naive to think that harvesting PII isn't the point.
In theory, sure, an identity verifier could issue you you a bunch of single use JWTs signed by them that contain `{"over18":"true", "nonce": 12748583..., "iss": "<issuerurl>"}`, signed by their key. A relying party just needs to know the public keys of all the issuers they trust, and can consume this JWT, verify it, and never learn anything about your IRL identity.
The important things are that they must issue a bunch at once. (Otherwise, correlating who you are becomes easy). They must keep no record tying nonce or the full JWT to an individual identity. Something user local or otherwise trustworthy (not keeping logs), needs to hold on to these, and send them out as needed, being very very careful never to reuse one (as that would enable cross site tracking). Lastly a relying party must be required to trust many issuers, not just those they are colluding with track users across sites with this.
The European Commission actually proposed pretty much exactly this system, also with a variation where instead of revealing the signed token, a ZSNARK proof (that you possess a validly signed token with the over18 attribute from a specific issuer) could be given to the relying party instead (to make it impossible for issuer and relying party to collude to release your identity). Many people here seemed to not like it.
No, age-verification IS bad and is a slippery slope that will always lead to surveillance. If we don't stop this now everything will get worse. And trying to lump this in with other extreme rhetoric doesn't help. The answer is and always was "better parenting".
Everything good is a slippery slope: every step in the right direction is bad if you overshoot. Maybe age verification isn’t needed, and educating parents is important; but without more, they’d have to be ultra-helicopter parents to stop their kids from accessing social media.
At minimum, parents need other parents in their local community to be educated; and better parental controls, so they can give their kid a phone and computer (for good reasons like safety and education) that won’t let them access social media (even unintentionally, some parental controls are that bad). Both can be done without laws, only social pressure and at least the potential for new (locked-down) devices.
(In theory, kids should also be prevented from buying unlocked devices, like drugs and alcohol. And showing the local cashier your ID to buy a generic device (whose packaging is indistinguishable from other device packing, so it can’t be traced to you afterward) is technically a form of age verification. But in practice this may not be necessary, because hardware is too expensive for most kids.)
And in addition to that, it is the role of the parents to be having the say in what their kids should and shouldn't be doing. As far as I am concerned most governments stick their collective noses in where they are not required. And, yeah, I do agree that kids shouldn't be on social media. Having sid that, even some adults shouldn't be on social media...
> it is the role of the parents to be having the say in what their kids should and shouldn't be doing
The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle. So yes, I do agree that parents must talk to their children and explain what social media can lead to, including the dangers of internet predators and so on. But no, I don't agree that parental control is a general solution that will work for all kids out there. It never has.
<The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle>
Very true & having 6 kids of my own, I know that only too well. I still don't like the idea of Mr Government trying to tell me how to raise my family. Here in Australia the government seems to like that a lot...
Well the thing is that people often love when the government tells other families how to live, and partly for good reasons including enabling basic education for everyone. Partly the wants of the parents and the needs of the kids might be at odds. Society is a complex construct.
Governments are required to enforce that devices must give the choices to parents though, right? Otherwise devices won't give the choices to parents because it's more profitable if you don't.
Age verification has always existed in the physical world, such as at bars and casinos. I just dont see why the internet should be immune to real world rules we decided upon for good reason.
I won't disagree with that. And "better parenting" is a solution. However, what about the children who don't have the advantage of "better parenting"?
Rightfully blaming bad parents is reactionary
If parents don't want their kids on social media, get them a dumb phone, or use the parental control features. Maybe some parents don't care, and that's their prerogative. None of this is about protecting children, it's about "protecting" adults from "bad ideas".
The problem is many parents will not do that. Do those children then deserve to be taken advantage of by social media corporations?
Generally, things that are harmful and addictive such as alcohol, cigarettes and casinos require age verification. We dont just put the onus on parents because a child with bad or absent parents still deserves to be shielded from alcoholism at 12 years old.
>Rightfully blaming bad parents is reactionary
So? Not all reactionary (if you mean "conservative") takes are bad. Sometimes they're better than the alternative: accepting bad parenting as some default and working around it with technological restrictions.
"Reactionary"'s origins as far are pure political DARVO and gaslighting anyway. It originated in the French revolution and basically declared "You are morally wrong for being horrified at my horrific and evil actions." That origin tainted the term for me personally.
The actual modern reactionary meaning of "referrant to a mythical past as a standard" always felt like it deserved a better term. But nobody would get what you were saying if you called them a "fairytaleland resident" or similar.
I always read "reactionary" as "oh no, someone did something! now I have to react by getting angry!" and it seems to fit well enough.
> "better parenting"
This has nothing to do with parenting. It's surveillance. They failed to do it through child porn argument. They are doing it through 'social media is harmful for children' argument. People did not bite on the former. They ate up the latter out of hate for social media platforms.
The slippery slope was ad-sponsored social media in the first place. Ban it at the source rather than trying to fix downstream problems.
How is that the answer when even parents don't have the right tools for this. are parents supposed to surveil their kids 24/7 and monitor their internet traffic?
Why is the internet special, do you also believe physical stores shouldn't check for ID for cigarettes and alcohol, because the solution is better parenting?
I never had to get my ID checked to be able to talk to strangers.
Did you to talk to the strangers in the night club when you were 11? Or were there several completely separate reasons for why you couldn't?
in real life people can see you and determine your age at a rough estimate and be able to tell if you're an adult or not. Do you support having to turn on your webcam and show your face in real time then, to talk to strangers on the internet? many age verification sites are doing just that.
Did you mean to reply to me? I evidently do not support the age verification regime, so no...
I think minors shouldn't be in any store period unless accompanied by their parent or guardian.
you feel the same way about websites then?
HN is filled with people who are on the other side of an "internet best practices" information divide.
For everyone else, the internet is already a shit show and a half. They want control, because it means putting a stop to being predated upon, or more nihilistically, harming the firms that are harming them.
I don't know how to let other commenters see how bad it is, or make the gulf in view points clear.
Giving up control is always a mistake - they never do what they promised and you never get back the control. There is never a refutation to this fac: just a childish "But I want it!".
I agree. That's why the government shouldn't stop toddlers from buying guns.
I don't believe children should be on social media. Some other people might not share that belief. Should be up to parents to decide what's okay for their kids, not governments or companies.
Age verification will always lead to more surveillance. People need to just be more mindful of what their children are doing online, maybe stop giving them smartphones, and just be parents.
I don’t think social media is intrinsically bad, just the toxic popular social medias. Did kids in the 1990s with access to internet forums have stunted social development?
Did kids in the 1990s with access to internet forums have stunted social development?
"He's intelligent, an underachiever, alienated from his parents, has few friends. A classic case for recruitment by the Soviets." — War Games
More seriously, internet forums weren't designed to be addictive. They were designed to communicate.
That's the difference between the past and the present.
Old school Internet forums and sites were not designed to be addictive.
The "time on site" KPI and its variants is the root of all evil.
Somehow this "leave it to the parents" logic isn't followed when it comes to cigarettes or alcohol. Why is social media different?
Because the patterns of consumption and harm are very different. It's the constancy and immediacy of social media that makes up the major part of its harm. It's not something where a 15 minute smoke break or a weekend binge is the main mode of consumption and harm. So the parents have a lot more opportunity and power to handle it if they give it reasonable time and attention.
Maybe because they're not comparable.
I think you’re missing that this abdication of personal freedoms to the government in the form of government imposed restrictions on cigarette and alcohol sales is precisely how we’ve gotten to this point over time; arguably following a planned strategy. People who normalized prior subordination to government in the case like cigarettes, alcohol and other things; are now already even more primed to abdicate even more freedom to mommy and daddy government than the prior generation.
It seems clear to me that America is heading into an extremely repressive system where even the nominal use of America may just end up falling by the wayside within the lifetimes of some people alive today. Functionally speaking the, notional or spiritual death of America happened a very long time ago, probably 1840 but obviously no later than the outcome of the Civil War which turned a decentralized union of federated states that formed a republic, into a centralized dictatorial federal power and later the groundwork for becoming the empire we are only 55-80 years after the Civil War, depending on how you want to look at it.
I think people forget that there would have been people who experienced the Civil War that destroyed the central premise of the Constitution, that sovereign states join in a Union to cooperate, and the formation of the Empire of America by no later than the end of WWII.
Those things never happen abruptly, they happen in following a long strategic plan based on objectives not timelines. Part of such a plan is causing ever increasing dependence, deference, and subjugation to government, which is really just someone else’s control over you, the people who make up the “government”, instead of your own control over you. Part of that is giving the impression that money and daddy government will take care of the children, as a tool to psychologically manipulate people by hijacking their instinctual care and concern for protecting children.
It’s why and how they’re more pushing age verification, not ban for minors with similar criminal penalties for anyone who allows minors on the internet/social media. No, you as an adult need to confirm and tie your identity to the digital fingerprint that is tied to all the data that was and is collected about your activity over the last 20+ years … to protect the children of course.
It’s why some people refer to the majority of humans as cattle. You just have to herd them around and they moo and then start fattening up on corn instead of grass, just like the last generation did before they were harvested.
By the same logic, we should allow the sale of cigarettes to minors.
We don't let kids turn up to school drunk because they went to the cornershop on the way to school. I guarantee that would be happening if alcohol sales were not age gated and enforced by the government.
In the same way kids should not be infecting their minds with social media slop, or porn, or plenty of other internet content.
The only way this is stopped is when a social norm is created which shames all but the most negligent parents into compliance.
At the moment the absent and bad parents have all the power. Their kids scroll all night for memes, injest YouTube brainrot and turn up at school disruptive. Kids with responsible parents either want to that as well, or can't escape it.
Surveillance from age gates is a red herring. That horse bolted long ago. You are surveilled already by tech bros when voluntarily logging in, or by making yourself stand out a mile by using a VPN and a uncommon browser setup. This data gets handed to your government on request.
Having an anonymous VPN won't stop the tech bros or an authoritarian government forming, or bring one down.
People taking part in their existing democracy and maintaining the foundation of that is the best course of action. Raising a generation of kids not addicted to internet brainrot is a key part of this.
So maybe there should be better education for parents. Maybe there's other solutions. I can't accept that the nanny state parenting our children for us is the way to go. If people are being negligent of keeping their children safe, maybe they should face consequences for that. The point is, the parents should be solely responsible for deciding what's appropriate for their children, and if they don't have the resources maybe that's something that should be addressed, or if they're not doing their job that should be addressed, but age verification just ain't it.
That's what was in the California bill that we all complained about until Linux got an exemption. We called it an age verification bill even though it has nothing to do with age verification, and was all about making sure every OS has a parental controls feature.
why aren't you using your full government name as your handle here on HN?
age verification is a cover for universal internet IDs. you'll never be able to go online and do anything anonymously again.
Age verification is fine, at least in theory. It’s the implementations that are bad.
I sometimes wonder what HN would be like with age verification.
> More and more people agree that kids shouldn’t be on modern social media, including me.
Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do? You and the "more and more" people who agree with you are cordially invited to fuck off.
> The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
The solution is for you to get over your bullshit, not to chase impossible pipe dreams.
> Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do?
Uhmm... Yes they do? That's... the whole point of living in a society? With laws? So we can collectively decide what is and isn't desired?
Children are also banned from purchasing alcohol or going to the casino. There are tons of things we collectively decided children shouldn't do.
I wonder (and don't hear anyone talking about it) if kids can't upload on social media and "publishing" platforms. Can they still host a website?
I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?
Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.
> Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
Today I cannot get a VPS without verifying my identity. Can you?
> I feel like most politicians and people don't understand privacy and the impact of breaking it.
I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".
Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.
> Today I cannot get a VPS without verifying my identity. Can you?
I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).
I meant more without scanning an actual ID or face.
> I feel like it doesn't start like this.
Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.
I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.
That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.
The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.
Yeah I agree with all of that.
I do believe that there exist ZKPs, but then it raises more questions, like:
- Do we ban VPNs? I don't think we should.
- What happens if the ZKP doesn't work? It's not okay to fall back to identity verification, but then does that mean that the services are blocked if the ZKP infrastructure doesn't work?
I don't have any answers or strong opinions yet, but I feel like the legal/societal conversation should focus on "actions taken via XYZ" rather than "technology underlying XYZ". Similar to how GDPR, etc. cover actions like collection/storage of personal information, not specific technologies like cookies (despite what many believe!).
In particular, your examples bring these things to mind, which might be worth considering alongside:
- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.
- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.
- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.
- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?
- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.
- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!
The problem is kids on social media. This doesn't need to be a problem for anyone except social media companies and social media users. Sloppy policymaking is making it a broader problem, but I don't think this is some nefarious scheme (at least in the U.S., it looks sketchier in Europe). It's just policymakers pulling the first proposal off the shelf to respond to intense demand for a policy from voters.
I don't think we have to accept that "kids on social media" is inherently a problem. I don't think kids on a 2005-era-myspace social media would be a problem. As I see it, "social media" is now defined as the highly addictive and exploitative products from Meta et. al., and we shouldn't have to destroy any semblance of free or private internet so that they can't be hindered in any way from making the maximum amount of profit and influence regardless of the harm it causes kids (and adults, too).
We've basically accepted the premise as a culture that exploiting adults is fine. Exploitation is so heavily baked into our culture that pushing back on it would cause too much upset.
If you're below 18, you deserve protection. Above 18? Good luck, babe.
I think one of the unintended consequences of age verification is going to be a whole host of unprepared 18 year olds getting full access to social media and getting absolutely one-shot by it. Think credit card sign ups on college campuses or predatory car dealerships near boot camps. There are going to be a lot more 18 year old boys gambling away their student loans and 18 year old girls signing up for OF, but it'll be fine, because they're 18! Not to mention they're going to be scam targets on the level of the elderly. And if you're exploited/scammed as an adult, it's your own fault.
Age verification/restriction without an educational component of some sort is just creating a future cohort of extremely vulnerable young adults for companies and bad actors to sink their teeth into.
That's a problem, but I'm not sure its the problem. There are plenty of issues that wouldn't be fixed by prevent kids from using social media.
ZKP is definitely a good idea, definitely more open for this kind of age verification than anything else. And I don't buy the argument of "closing internet", social networks are a proprietary service and if you don't want to obey with the regulations, create your own website and post things there if you want. However you have to provide your identity to the domain name registry or to the intermediary. Also other services require you to verify your age or even provide your identity, this is just another one that comes way too late.
It is closing Internet. The same companies that produced the ills of social media are now pushing for a non-remedy (that doesn't prevent kids, and doesn't solve the problems they created) that only benefit them and not society. It's just like tobacco: it's toxic and probably overall should be banned because it does not benefit society (or anybody except tobacco executives). Do we make a mandatory nation-wide electronic log of whoever buys tobacco in the name of age verification?
Our ancestors here in France literally fought the nazis so you don't have to have a nazi-approved « Ausweis » to go wherever suits you. We would be well inspired to follow their example.
a.k.a. Think of the children.
But don't teach them how to navigate the world and interact with both good and bad.
Growing up I remember all the ads about avoiding narcotics talking about getting hooked on free samples and then going to jail for theft and/or possession. The people behind that propaganda didn't know drugs do cost money, dealers being dorky teens and twenty-somethings who are about as dangerous as a butterfly. But this propaganda also illustrates how some elements aren't very bright. The internet age with free email, free social media, etc. got everyone hooked and now Zuckerberg, et al. are giving doe-eyed, hat-in-hand, and crying poverty. If people were wise to those PSAs, past and present, they'd see how the loyal opposition has been playing with their cards face-up on the table under the guise of good intentions. Much like the pedophile scare during the teens, pun unintended, with Comet Ping Pong and then come 2024 it's revealed Epstein and his cadre of deviant cronies were doing it all along while deflecting poorly to innocent parties. Goodness knows what else is still right in front of our noses but their reality hasn't come to fruition in the zeitgest.
> getting hooked on free samples
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
I know it's a tangent.
Do you have personal experience with going to high school parties and drug dealers being there trying to get you hooked on drugs? I ask because the scenario you're presenting here sounds like something out of a movie or TV show, and not real life.
You understood the opposite of what I wrote. Read the comment again, it's not about being hooked on drugs at all. It's about having them on the hook for blackmail.
And yes: Taking drugs or hanging out with people who take drugs is enough "kompromat" for a teen to then be extorted by drug dealers, because they don't want their parents to know.
Especially in countries where the law looks very lightly on extortion, looks very favourably on "young offenders", and is very lacking in empathy for young victims.
Not to mention: Do you think a 15 or 16 year old wants to go to the police and tell them that they are being used by drug dealers, when the first thing the police is going to do is also book the teen for drug use?
Drug dealing aren't just Mexican cartels or hood gangs, it's a network with branches into everywhere, and they need a constant supply of victims. Read some court proceedings from low-level drug cases, and you'll see how these criminals operate. It's not like TV.
It would be an excellent case for zero-knowledge cryptography:
All that you need to know is that I am above 18 years of age.
You don't need to know how old I am, what my birthday is, what state I was born in, my gender, or when my passport expires.
The downside with ZK cryptography is the complexity. Something would have to be insanely inconvenient to justify it.
> It would be an excellent case for zero-knowledge cryptography:
The last ~third of the article is about the EU's zero-knowledge approach
> While the rest of the world is moving forward with identity verification plans, the EU has presented its own privacy-focused approach to age verification. In April 2026, Ursula von der Leyen, President of the European Commission, unveiled an age verification app with “the highest privacy standards in the world” and the presentation materials describe the app as “completely anonymous.”
I’m just afraid that membership countries will be too dumb to understand the difference, and for the population worldwide to be able to comprehend that it’s even possible. To be honest, ZK crypto is one hell of a party trick. Compared to tech where the premise is “we put a picture of your passport in a box, and when people want to know, we look and confirm.”
You mean the EU's fake snake oil zero-knowledge approach.
They've standardized two systems under the banner of "zero knowledge". One is actually zero knowledge. The other is trust-me snake oil. Guess which one is getting deployment.
yes, I'm aware, although the article does not mention that distinction
People don't read, just comment
Judges and lawmakers are lawyers and a significant chunk of them are Boomers. Good luck with that.
Linux + Website needs to return as the ultimate form of self publishing. Back when an internet search was the platform.
10 years ago I thought all the cool cats would be hanging out on old skool communities on Tor via meshnet connections.
Instead, in 10 years I'll probably have to log in with an iris scan to check the (ai-powered) time, and pay for the privilege.
There is no bona fide desire to solve the problem by the social media companies which are profiting from our kids. As a parent, I can never find the option to enable parental controls on apps like YouTube (especially on TV). This option is easy enough to implement locally without requiring any accounts or OS-level age support. However, clearly the goal is not to protect the children but to enable mass scale surveillance and profit from it. Even when I manage to enable parental controls by using a dedicated app or account (what nonsense is it that I need to create an account to restrict access!!!) the content being served is dubiously appropriate for the age group, aside from having no value whatsoever other than the intended goal of perpetuating addiction.
just leave the walled gardens
So there are walled gardens with restrictions. The internet will route around these restrictions.
Just wishful thinking, but I hoped more will move to IRC and GPG emails.
Interesting that no one is talking about identity verification likely coming anyway. I’m working on clawchrome.com, a real browser for agents. It can access any website because it’s the real browser.
I sure hope agents don’t swarm social media. But at the same time I think identity verification companies have a tougher problem, ai can produce real looking videos and documents. There’s probably no real way to verify someone purely through the internet at this point.
I can't really connect the dots here. If you hope agents don't swarm social media, why are your working on a real browser for agents?
There are many usecases for agents having access to a real browser and many usecases for humans where work wise it's useful or for agent success in completing the task. Including any specific situations where sites may block "controlled" browsers, as well as co-working.
If an agent is controlling your own browser, it can get in the way of you being able to do work as well.
Additional security control, if you have control and audit trails regarding what the agent is doing, think things like not having access to the keys, cookies are unavailable through the api, certain sites blocked, especially for agents that run automated background tasks.
There's a ton of reasons really. Using stealth chromium forks can decrease security, potentially get you blocked from services/sites, and typically can be detected easily because Google is doing a lot more than just compiling Chromium to release Google Chrome now. That's why many of the stealth browsers out there are moving targets, and have tons of instances of being blocked.
So, if I as a website author would like to block the LLMs scarping my content or putting extra load and cost on my infrastructure, your project helps the actors who don't respect my decision and don't give a shit about consent to circumvent that?
Of course. Anyone who has even a little life experience knows that children, even more so, teenagers, will circumvent these measures, so they will fail at scale.
But what won't fail is the obligation to provide your id to 'verification providers', who are obligated to provide it to websites, all of which are obligated to hand over your identity to the authorities the moment they ask - the verification provider included.
So it's just mass surveillance, finally sold to the public through 'think of the children!'.
“Introducing age verification is based on the state being able to force social media companies to verify their users’ identities”
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
> Nobody forced them to use their real names and post countless pictures of their faces alongside
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
Never. Life in the real world is better without it.
Social media has never been a part of free internet
Well, no, certainly not the beginning of the end.
> consequence of introducing identity verification is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media.
on which major social media networks can you post anonymously today? HN is a rare bird in that regard.
None of the social media networks my teens are bugging me to sign up for (IG, TT, Snapchat, etc.) have anonymous registration.
Does anyone think of social media as free?
I've said this before and I'll say it again. Just like radio was the wild west back when it first started, the internet is so today and eventually it will be licensed and regulated in the same way.
"Will the police stop and search people on the street looking for unauthorized phones? Prison sentences for buying a non-state computer on the black market? Charges of organized crime for smuggling in containers of open-source software on USB sticks?"
Come on, do people seriously believe this will happen?
If (big if) governments really wanted to help parents and children in any meaningful way, they would ban the actual hardware used to give constant access to these platforms.
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
That is what they would do if they wanted UFO sightings back and police brutality evidence disappearing.
People can still record all they want, they just need to wait until getting home to upload the content.
Mullvad VPN is great. Mullvad Browser is a great balance for preventing fingerprinting and also usability vs the Tor Browser. Most browsers I've found, even ones with claimed fingerprinting protections, are easily traced by fingerprint.com and other tests. Mullvad beats it.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
i think in most cases sites like HN for example would be exempt due to not having enough users.
The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.
When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.
A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.
Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.
You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.
Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.
>and that you can no longer post anonymously on social media. You cannot be certain that your criticism of the government will not be followed up by the authorities.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
Also, if the government arrests you for making a post, the issue is them arresting you, not your post not being anonymous.
Like, criticizing the government shouldnt just be possible because you can hide behind a fake name. It should be legal with your face name and address attached to it as well
> did you think fifteen different three letter agencies weren't already watching you?
I think there was a reasonable expectation of anonymity, at least relative to other users. In the past you could access facebook with a VPN/proxy (and for a brief time, even tor) and use any name you wanted. But with forced identity verification you lose that little bit of anonymity.
I think the solution would be to make the business model of surveillance capitalism unfeasible. If algorithmic social media would be prohibited from offering their services for free, it would solve most of the problems the age verification laws are trying to achieve. Kids would basically disappear if their parents are not paying for them. Most parents would disappear too in fact, which would be good for everyone's mental health. And it wouldn't remove choice. You can still choose to use use Facebook or TikTok, if you subscribe and pay. It would basically act like a slop tax.
hey claude build me a small social media site i can use with my friends...
the beginning of the freedom of every person to become a developer
I can't let you do that, Dave
Sometime in the future.
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
It's going to come soon. Very soon. I mean they have started in the physical world by regulating 3d printers and cnc machines to submit what they are making to an AI to make sure they are not making gun parts.
This is why you don't rely on AI too much. An LLM may be able to decide what you can do if you run it via OpenAI or Anthropic's servers, but a text editor and your programming language of choice just does what it's asked to.
Alternatively, open source community software run by folks in a country that doesn't have any age verification laws/don't care less about them.
"I'm sorry but I can't fulfill requests that might potentially harm young sebastian."
“Sure just refill your credits for $200 and resubscribe for 1 year.”
Just run it locally. On your laptop that now needs 128GB of memory and costs $4500. Oh and your AI chip is out of date in a year, and can't run the latest shit.
> Today, 30 people are arrested every day in the United Kingdom for posting something online that authorities classify as “grossly offensive.”
It doesn't really help their case to parrot Musk-level misinformation...
https://www.pragencyone.co.uk/blog/elon-musk-misinformation-...
https://www.independent.co.uk/news/uk/home-news/wales-englan...
Age verification is a project 2025 backdoor to ban porn, and also a way for Meta and others to advertise much more aggressively without violating age restrictions, and also a mass surveillance opportunity for the government. It is definitely not for the children or anyone’s safety. It threatens the most basic civil rights we have like free speech. The fact that so many people blindly support it is really depressing and disturbing.
Whilst getting excited about 'loss of freedom' the reason these companies are getting forced into this is because they've become so large, fundamentally evil and untrustworthy that we can't regulate them in to doing better so we have to ban susceptible citizens from consuming their output. See tobacco, alcohol, porn, cannabis, driving licences for other examples. /s
Good arguments there, and for once addressing privacy-preserving age verification.
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
> Many people genuinely want to find a solution that is better for the children
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
Not all children have active parents. I do not believe those children deserve to be taken advantage of or hurt simply because they happen to have bad parents.
The "laziness" argument doesnt work if the people being lazy (parents) are not the people being hurt (children)
> at the expense of
That's the thing: it's not trivial to know what is possible and what is not. If you look at the messages in HN, many (most?) messages about privacy-preserving age verification are (at least partially) wrong. Tech-savvy people clearly do not understand the technology in details, and somehow they assume that normies do understand and are simply fascists or lazy.
It is my opinion that telling a normal person that they are a bad parent (or a fascist) because you disagree with them is probably not the best way to convince them.
I believe in democracy, which means that I don't call everyone disagreeing with me a fascist. In a democracy, if most of the population wants privacy-preserving age verification and I don't, then I am in the minority and must accept it. My role as a tech-savvy person is to help "normies" understand what it implies. Again, not to tell them that they must be fascists if they disagree with me.
There is a solution, it is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech. more consumer rights, in other words - that’s why this solution comes off as authoritarian, because there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
> there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
If you think that privacy-preserving age verification is the most authoritarian way to tackle this problem, then you really, really don't understand authoritarianism.
Now if you have tons of better and practical solutions to tackle this problem, I would suggest you start writing about them. I haven't read a lot about those solutions (other than "just ask someone who is not me to do it"), what I hear is mostly people yelling that only bad parents and fascists disagree with them.
> I would suggest you start writing about them.
I did. the burden isn’t on me to explain it to you, comrade. maybe you could start by actually addressing what I wrote. Or are you now expecting me to draft up a legislation draft before you’ll address my post? These types are always the same.
> I did.
I am confused. Did you? Do you mean this:
> [the solution] is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech
Pretty sure it has been tried in some countries, and the solution that those companies were happy to implement was... identity verification. There was a drama about Discord doing this, recently.
> Or are you now expecting me to draft up a legislation draft
Not at all. Just give me the name of a viable solution, so that I can search for it. It doesn't take a full day to write something like "privacy-preserving age verification", does it? I can't easily search for "JohnMakin says there are many good solutions, which ones are they?".
If you are naive enough to think it really is 'just the tip' how are you not an involuntary parent already?
I would love to be insulted by that, but I genuinely can't tell what point you're fumbling toward. Try again when you've sobered up.
Do you believe people should be able to traverse the internet anonymously?
You can't. Even if you haven't registered or logged in, companies like Facebook have identified you and track you everywhere you go.
Why should you be able to traverse the internet anonymously? You cannot traverse real life society with the same expectations. Majority of the people traversing anonymously are doing so because they are routine troublemakers and do not want to bare consequences for their malicious actions. The ones fighting for this complete anonymity but not doing crime are naively just sweeping for bad actors.
One of the things that I liked about the old, text-based internet was the anonymity it provided. I particularly liked being able to engage in discussions about things that interested me without being sexualized, since nobody needed to know I was a teenage girl. No creepy messages, no looks up and down, no having to figure out ways to turn someone twice my age down without worrying if they'd react dangerously, no having to leave because someone more integral to the group was a creep and nobody would accept it if I spoke up, no worrying about my small statue making me a target for physical intimidation, etc.
(Now I am old, so it's different.)
It was very freeing to be able to talk about my interests (e.g. space, web development, and video game modding) without being subjected to the bullshit that people brought to the table if they saw me.
> You cannot traverse real life society with the same expectations.
I actually can. For real. I can not get job or housing anonymously, but overwhelming majority of my real life interactions are anonymous.
Yes. At least to read.
Not sure what you mean. I am totally against surveillance capitalism and TooBigTech. I am in favour of end-to-end encryption and privacy-preserving tech.
I shouldn't have to show an ID to buy a newspaper or to load the website of a newspaper. On the other end of the spectrum, I should not be allowed to buy a gun without showing an ID (and all sorts of other constraints).
Somewhere in the middle, I understand that we don't want to expose 8 year old kids to pornography, but I don't think that one has to wait to be 18 or 21 to be allowed to access it. Same for social media. Where and how exactly we set the limit is a societal choice to make.
I also believe that "living in a democracy" doesn't mean that "everybody agrees with me, always". Many times I am in the minority. What matters is that people are informed. Telling them that if they disagree with you they are either bad parents or fascists isn't constructive, IMHO.
Parents need to either control the internet, or control their children’s devices and screentime. The latter sounds like the obvious option, except that Google wants every second grader to have a school-mismanaged chromebook and Google wants to mediate control of the internet, and by pushing parents to the former they win on both fronts.
Requiring parents to police their child's every move is not going to end well.
And having the state do it is better?
Yes, because children deserve to simultaneously not be under constant surveillance by their parents but still be protected from bad actors. Hence we should collectively, as a society, protect them.
The state mandates laws that say we cannot sell guns to kids. Is that a bad idea? Would you rather let the parents deal with that?
I'd like parents to parent and develop a relationship with their kids. Comparing the internet to guns is a stretch.
My point was that having the state regulate stuff is not always a bad idea.
The problem for many parents is that all the other kids have it. It's not always easy to develop a relationship with your kid to convince them that they don't need to conform and have friends.
So I can imagine that many parent would be relieved if access to social media was slightly more complicated, such that maybe it would be more normal to not have access to social media.
We've encountered this with things like Minecraft and Roblox and had conversations and suggested alternatives to it. It hasn't proven to be an issue, but I'm holding out hope that these platforms continue to collapse as our kids get older.
What about this: go ask parents why they allowed their kid to get a smartphone and access to social media, and only then decide whether they are morons, fascists or just bad parents?
I have a simple example: when all the kids have a smartphone, it is very hard to tell your kid that they cannot have one. When all the kids have a shared culture built around social media, it is very hard to tell yours to not conform. "It's okay my son, you don't need friends. Anyway the parents of all those kids are bad parents".
I don't have children, but it doesn't sound completely weird that parents may say "we should prevent most kids from accessing social media, so that my kid wouldn't be the weirdo if I don't let them have access".
In many school districts, unless you can afford private school or homeschooling its hard to tell a kid they can't have an iPhone, but impossible to tell them they can't have an iPad- at age six!
Age verification literally already exists in a way that doesn't require orwellian centralized control. The <meta rating> tag has existed for decades. If you want to restrict access force websites to apply these tags, then use a browser that obeys them. Parents control what their kids access, mostly, like it's been since forever.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
> Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
You (and many others) frame it as "the government versus the people". I think this is extremely naive.
Many, many, many parents are in favour of preventing social media access to kid, assuming it is done in a reasonable way. For instance, having a police officer follow every kid everywhere they go 24/7 is not a reasonable way, and everybody agrees on that. Now what if there was a reasonable way?
Ask yourself this: do you believe that privacy-preserving age verification is not a reasonable way, or do you know it? In order to know it, you have to understand how the cryptography works at some reasonable level. Do you? Most comments I read online come from people who believe and then repeat arguments they have read that confirm their beliefs.
I was noting that the Mullvad article actually addresses ZKP (which is good and a very rare thing), but that I found it was a bit evasive in a way that feels slightly manipulative to me (probably not on purpose).
> I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship".
It is worth recalling that "authoritarian" is a relatively neutral label for a political philosophy (like "liberal", "democrat", "capitalist" or "socialist"). It isn't that people are name calling, it is that authoritarian policies - like this one - consistently cause more harm than good. The label is basically a slur at this point because the disasters that the authoritarians trigger often veer into being massive and appalling spectacles. People tend not to be very evidence-based, so the people who lean authoritarian tend to try and rebrand to avoid being tarred with their philosophy's consistent failures, but it is still authoritarianism.
But the productive path forward isn't to try and be nice to the authoritarians and accommodate them with the rebranding. It is to adopt liberal policies. Like letting people read and comment anonymously on the internet.
I appreciate the comment, but I feel like you miss my point in a way that is (not purposely) manipulative, again.
I don't think that we would call "authoritarian" someone who would ask for, say, guns control. Or at least we wouldn't call "authoritarian" someone who is in favour of having more than 0 law, would we?
You are being manipulative by saying "If you want a law that I don't want, then you are an authoritarian. I mean no offence, it is just what you are". But reality is a lot more nuanced than that.
The vast majority of people who are in favour of age verification are not authoritarians. They really just consider "should kids have access to social media? Not until they are old enough". Whether or not it is technically possible is outside their knowledge. And the fact is that for age verification, there are technical solutions that are privacy-preserving (unlike e.g. ChatControl which is fundamentally building surveillance infrastructure).
And even for ChatControl: people who say "I would be in favour of a magic backdoor that would only work for the well-intentioned good guys" wouldn't count as "authoritarians", would they? It just so happens that there is no such thing as a magic backdoor, so they cannot have what they want.
What political philosophies do you think lay claim to these age verification laws?
There are a couple that aren't against it, but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian. Otherwise, you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them. There are alternatives here that are less authoritarian. Policy makers and the people supporting them don't want to use those approaches, because they support taking a more authoritarian approach.
These policies, in practice, are literally authoritarian policy. It isn't the most extreme form of it, but it isn't authoritarianism because I don't like it. I don't like it because, objectively, this is authoritarianism and authoritarianism tends not to work. Otherwise all the research I've seen suggests that kids shouldn't be using social media. If this wasn't likely to take out huge chunks of the healthy political dialog on the way it'd probably be tolerable.
If it is manipulation to point out that this is part of a class of strategies that have a history of horrible failures, then you have a very confused understanding of what manipulation is. This is an absolutely classic authoritarian "we can't just let people talk to each other however they like without the authorities being involved" play.
> but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian
I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
> you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them
How do the social media companies already know? Because they track everything? But if they ban kids, they don't track them anymore, do they? Or are you saying that social media companies should be able to track everybody everywhere, such that they can profile them and ban them from accessing social media?
> I don't like it because, objectively, this is authoritarianism
You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
> I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
The reason people are getting called authoritarian is because ZKP proofs are a massive and obvious improvement on what is actually being implemented. Can you point to anywhere that has implemented ZKPs? The linked article suggests that is quite hard to do.
I wouldn't be using an American IP right know if my local age verification laws required ZKPs.
> How do the social media companies already know?
They ask you your age when people sign up. That's good enough for me - I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
> You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
I haven't seen anyone complaining about that. Sounds like a non-issue. Why would anyone over the age of around 18 care? You should consider reading the linked article if you don't understand what the complaints people are making are. The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
Mullvad isn't writing this blog post because of the huge numbers of 12-16 year olds shelling out cash to them. It is because the authoritarians are making a play to destroy a sizeable chunk of the open web with a likely follow up of cracking down on free speech.
> Can you point to anywhere that has implemented ZKPs?
The EU initiative explicitly mentions ZKP: https://ageverification.dev/.
> The linked article suggests that is quite hard to do.
It's technical, just like getting E2EE right. Doesn't mean it's hard to use, as proven by the fact that billions of people use E2EE in WhatsApp and Signal without even realising it.
> I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
You seem to have a Manichaean view of the world. There is room for nuance between "let kids lie by clicking 'yes'" and identity verification.
> You should consider reading the linked article
Did you read it? There is a whole section that is titled "The Zero-Knowledge Proof alternative and the EU".
> The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification, and they criticise the infrastructure enabling identity verification. And then some more "slippery slope" arguments that are worth what they are worth (with the same kind of reasoning, we shouldn't have gun control, because the next step is to control everything, right?).
> Mullvad isn't writing this blog post because
Mullvad sells some kind of privacy (as much as a VPN can offer), and here they share their opinion about age verification. With which I mostly agree: the only viable age verification implementation is through ZKP. I tend to disagree with the slippery slope argument, and that "the government abuses everything they can". If you think like that, doesn't that make you an anarchist?
Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
I strongly disagree.
Democracy is not "they" vs "us". Democracy is not "opposition has to be absolute". What you describe here is extremism. If you believe that anyone disagreeing with you is an extremist and that the only viable way to react is to be an extremist yourself, well... you are the extremist. Whether you are fighting extremists or not (this "they" you conveniently do not define) is unclear, though.
Don't be an extremist. Let's compromise. We'll only eat one of your children. We'll even let you pick!
Who is this "they" you speak of?
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
> There's nothing sinister going on here
There absolutely is you're just not aware of it.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
> There absolutely is you're just not aware of it.
Can you show here that you understand how privacy-preserving age verification works?
I mean the rest of your message really, really sounds like you don't. Don't get me wrong: I do agree that identity verification is bad. But it is not okay to say "I know of a system that is bad, and I don't know the nuances of how it could be implemented in a better way, so I will just assume that there is no better way".
Sure but that absolute opposition hasn't, as far I can tell at least, achieved an iota of success. So it's largely a self indulgent merit badge than an actual strategy.
This is so lame, it seems like a small number of pedophiles have forced us to deal with all this age verification stuff.
Porn has always been around (national geographic, anyone), and parents can use screen time to limit access for their children if they want.
Current policy is victim-blaming: it excludes from social media potential victims (children) but allows perpetrators (convicted csam users).
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
I don't necessarily agree with all these measures, but there is a lot more harm in social media than just pedophiles hunting children.
i never read a nat geo where a young girls innocence gets destroyed in 4k ultra hd , either way based on the behaviour of our ruling class it seems likely that the pedophiles are the ones instituting these laws