hckrnws
The Age Verification Trap: Verifying age undermines everyone's data protection
by oldnetguy
I work at a European identity wallet system that uses a zero knowledge proof age identification system. It derives an age attribute such as "over 18" from a passport or ID, without disclosing any other information such as the date of birth. As long as you trust the government that gave out the ID, you can trust the attribute, and anonymously verify somebodies age.
I think there are many pros and cons to be said about age verification, but I think this method solves most problems this article supposes, if it is combined with other common practices in the EU such as deleting inactive accounts and such. These limitations are real, but tractable. IDs can be issued to younger teenagers, wallet infrastructure matures over time, and countries without strong identity systems primarily undermine their own age bans. Jurisdictions that accept facial estimation as sufficient verification are not taking enforcement seriously in the first place. The trap described in this article is a product of the current paradigm, not an inevitability.
According to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".
Maybe worse, it encourages the push of personal computers to be more mobile like (the fact that we treat phones as different from computers is already a silly concept).
So when are we going to build a new internet? Anyone playing around with things like Reticulum? LoRA? Mesh networks?
"Anyone playing around with things like Reticulum? LoRA? Mesh networks?"
I'm curious about the 'day after' scenario: what's the move if the state decides to regulate these into "illegality" because they bypass official channels? We have to remember that the devices aren't the problem... the real hurdle is the bureaucratic gatekeeping of communication. The problem are people, not devices.
It could be a difficult battle for them to fight. We'd just have to make it too costly. Make them go hunt down all the relays. Scatter them everywhere. A $5 ESP32 isn't a good relay but they still have to hunt it down and that'll cost a lot more than $5.
So the answer is the same as any war: you make it too expensive to keep fighting. It's the same reason a bunch of barely trained people in the desert won a war against a force with far greater military power. It's the same reason a bunch of jungle people defeated the country that just won a world war. It's also the same reason a bunch of rednecks defeated the largest military in the world (at the time) and were able to create an even larger empire.
It's not hard to make them give up. It's going to be a cat and mouse game but it already is
There's not enough people to care.
They have the propaganda advantage (think of the children, those who undermine the system are pedophiles by definition). They have the law (just reclassify such activity as aiding and abetting the distribution of child pornography). They have the scare tactics (nobody wants 30 years in prison and an entry on the sexual offender's register).
This war will be won with words and at most a few arrests, just to make an example, just like the war on terror and anonymous financial activity.
Privacy just doesn't matter for 99+% of the population as much as we think, which is very much unlike piracy or drugs for example. If this wasn't the case, we'd all be using Signal and Monero right now.
> There's not enough people to care.
But what, you're going to give up without a fight?
Even if you won't fight then why fight for your enemy by telling others not to fight?
This comes to mind at once: https://meshtastic.org/
But yes, your point is largely valid as long as enough people are willing to jump the ship.
So does the original thing I mentioned
I appreciate what you're trying to say, but here's a counter-example: .22lr ammunition is also extremely inexpensive per unit, but I can't buy that at all in Ireland without extensive, recurring background checks and a demonstrated continuing need for access. If a government decides you don't get to have something, they are well within their power to effectively eliminate it. I can no more make an ESP32 at home than ammunition. I reckon it's harder, in fact.
[To the government Cornholio reading this and panicking because I mentioned a gun thing: no, I'm not threatening you.]
As long as there's a country willing to build and sell ESP32s, I think it would be fairly easy to get hold of them. How does a customs agent distinguish between an ESP32 and another microcontroller? These things are in every gadget. Is a government really going to ban all electronics?
Just look at how ineffective governments are at stopping drugs. If people are motivated to smuggle things, they will. Is there going to be a booming black market in ESP32s? Probably not. But will motivated people manage to import them? Almost certainly.
First off, guns aren't a subcomponent of a vast majority of modern items. The ESP32 was an example but the reality is anything with a radio. Be it WiFi, Bluetooth, or anything.
Second off, guns are incredibly easy to make. Easy enough that they make them in prisons and Japan. But you know what's a million times easier than that? Radio. It's a common first electronics project. You can literally make it out of a few resisters, capacitors, and some wire.
Literally the cost of fighting this type of technology is taking down all wireless infrastructure. ALL of it. And even then it's still a god awfully expensive thing to fight because anyone with a hot pointy object, an electricity source, and some things that are slightly bad at conducting electricity can make a radio
>As long as there's a country willing to build and sell ESP32s, I think it would be fairly easy to get hold of them.
You could say the same about firearms.
>Is a government really going to ban all electronics?
All electronics that can be freely programmed by the owner, not impossible.
> All electronics that can be freely programmed by the owner, not impossible.
Even Google and Apple can't keep themselves from getting jailbroken. You think that's going to be true about a $5 toy with a WiFi or Bluetooth chip in it.
It'll be too expensive
The power imbalance is not in favor of the individual citizen. Fairly simple to enact a law saying "unlicenced importation of electronic devices is an offence", only license major retailers, and have Customs seize anything that doesn't come with the right paperwork attached (which they already do). Drugs are far easier to make than silicon chips, despite how clever people like Sam Zeloof may be.
To have a firearms permit here, I need a "Good Reason" - that's the language from the law verbatim. "I like guns" is not a Good Reason. In that vein, what would be your Good Reason for receiving an import license to bring in technology which is apparently widely used by radicals to defy duly-ratified legislation about communications visibility and enable the creation of side channels which break the law and can be used to proliferate CSAM, drugs, and terrorism? I'm sure any sane person would agree that those are bad things which need to be stopped. Perhaps you should take up a different hobby, like jogging.
And there we have it!
> despite how clever people like Sam Zeloof may be.
> The power imbalance is not in favor of the individual citizen.
1. Nobody cares enough to do all this except some nerds on HN.
2. Spurious radio transmissions from your spark gap set will be tracked down in an afternoon by government foxhunters, and then you'll be in jail for breaking the law.
I don't understand why people think they can meaningfully kinetically resist. The discussion now needs to be convincing the random voter why this is a problem for them, or the game is lost.
Anyone remember when the discussions about classifying the internet as a utility and Akit’s stupid Reese cup coffee mug. It feels so long ago given how much has transpired since.
MeshCore is spreading quite rapidly - it uses solar powered repeaters and that helps a lot. :)
I'm kinda sold by reticulum since it's independent of a lot of factors. You can also bridge it with meshcore or meshtastic.
This is exactly the argument that is (correctly) levied against firearm restrictions.
https://www.youtube.com/watch?v=XTnYVh7K6xQ
There are (to make up a number) ten desirable properties of the modern internet, and so far it's "Pick two", but novel combinations of the things you mentioned offer "Pick three" or possibly "Pick four" if adoption picks up.
For text, phone, and even image communication in urban and suburban areas, it sounds like there's real promise here. But we're not going to achieve parity with a global fiber + datacenter network by any means.
You don't need all ten to, say, organize a revolt.
Hell, I don't know why we don't just start building a guerrilla network around the Bay. Just start gluing repeaters to things. You could do LoRA like in that video but even WiFi has decent range. Maybe not in the km range but it's also a $5 device. And we don't need to limit ourselves to that cheap of stuff.
We don't need to replace global fiber, we just need to demonstrate enough to inspire others. I'd be perfectly happy if we got just an old web text only system up.
Honestly, would be a lot easier if we could get encryption rules lifted from HAM operations. That's what's needed for long range, even if we won't get the high data rates. We don't need a YouTube to make a difference
> So when are we going to build a new internet?
Finally, the year of IPFS. Government messing too much with the internet will end up pushing people to use more "dangerous" internets that are completely unregulated and that is surely the opposite of the the stated purpose to protect young people.
IPFS doesn't even try to do any kind of anonymity or censorship resistance. In a practical sense it's probably worse than BitTorrent, although neither one of them is up to the task. Actually resilient data distribution is hard, and I don't think there are any systems that have all the needed elements.
... and if you create one, they can, and it's starting to look like they will, outlaw using it, regardless of what you use it for.
I should have said "I2P" instead of "IPFS".
A new internet to do what? What is the proposed goal of a new network?
The internet is a global communication system. So to do what? To do exactly that. The difference though is that it isn't controlled by anyone. It doesn't need to be, so no one needs to have that power, no one should have that power. A global communication system where conversations are private by default, just like they are online.
The problem with the current system is that the information was just too free. You could just drop in on anyone's conversation, like it or not. People started hoarding that information and look what we got: surveillance capitalism. The system reinforces itself to watch you, to tell you what to do, what to think, not just what to buy. And the system just wants to keep growing, so it's just going to continue to do that more and more. Sure, there's some nice things we get for the loss of all our privacy, but it comes at the cost of your humanity. They'll be costs to this new system too. It won't be all rainbows and sunshine, but I think it'll be better than this gloomy smog ridden world we have now.
We live in a time where it's actually possible to have a functioning world with no kings. Personally, I'm tired of them, aren't you?
The infrastructure requirements around routing and switching equipment, transoceanic cables, and satellites mean someone not users has always been in control. Barring some form of anarcho-socialist mass movement around DIY long haul networking infrastructure this seems unavoidable.
The problem with the current system is the intersection of human nature and capitalism. Individuals have willingly adopted technology that aggressively surveils them in exchange for notional convenience and by and large are blandly unconcerned with the implications thereof. This also seems unavoidable as long as data collection and brokerage is permitted and profitable, and people value entertainment over critical thinking. This outcome was very accurately predicted by netizens when online advertisements first started popping up and a lot of time was spent wargaming what would happen if mass adoption lead to the net being a viable sales and marketing target.
After 35 years of observation I've had about enough of global communications systems and everything that comes from them. At this point there is very little one could say to convince me that the internet hasn't been one of our species largest fuckups.
I would assume it would be not be regulated by government, so without constraints on age, restrictions on what you can do - you know, like reality.
And I know that government attempts to regulate reality too, but if you drive at 35 where the limit is 30, or speak to someone dodgy to get some marijuana or whatever, and get away with these and other heinous crimes, you're good!
The distinction really is whether you bake regulation into the technology or not. And it seems that technology is actually the new legal system. Or perhaps that should be the 'pre-legal system' as it won't allow you to do those things it determines as 'wrong'. Which is absolutely fine if you think government really does know best, or hell on earth for everyone else.
The last 35 years have very vividly demonstrated that there needs to be some adults in the room. Without exception every major tech company has implemented practices so overtly hostile to the userbase that the government has been more or less forced to get involved, mostly in the form of fines that have done very little to disincentivize whatever problematic bullshit the company in question was originally caught at. Suggesting that even less regulation would somehow magically cause tech firms to align goals with their userbase seems baseless to say the least.
You seem to think that government and corporations are on opposing sides. I don't think this is the case. Governments want the data corporations collect. Both are encouraging the other. There are no adults in the room. Having (corporate or government) children in control of that every individual's private information won't help.
I assure you I think no such thing. I am painfully aware of legislative capture. Proposing an environment where we go from shitty, poorly enforced regulation to none at all solves nothing. It's also worth pointing out that government performing poorly is an indictment of the individuals elected to govern, not the concept of governance.
>regulatory capture
It's not other operating systems fault that they failed to invest into security. They should try and catch up instead of blaming people for not trusting their security on "regulatory capture".
Buddy, you're on HN. No one is going to buy that bullshit here. Thanks for the laugh, but seriously, don't insult us like that again. We may be dumb, but not that dumb
Which is exactly why I have to advocate for it here. There are literally people on this website who think their operating is secure, but in actuality they are one curl | bash or npm install away from having all of their login credentials stolen. No matter how smart they think they are in being able to avoid malware, that strategy does not scale.
Bubblewrap containers to keep all of my environments separate on my laptop works just fine without giving up control to Google.
You are also one lockpick away from having all valuables in your home stolen. So what?
And if competitor locks were unpickable it wouldn't be regulatory capture to require unpickable locks for people to store valuables in a home. Just because people got away with bad locks for many years, that doesn't mean we have to accept that level of security.
Comment was deleted :(
> EU's planned system requires highly invasive age verification
EUDI wallets are connected to your government issued ID. There is no "highly invasive age verification".
We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
You get it with the salts. When you want to prove you are 18+ you include salt for the "is aged over 18" claim, and the signed document with all the salts and the other side can validate if the document is signed and if your claim matches the document.
No face scanning, no driver license uploading to god-knows-where, no anything.
> to obtain 30 single use, easily trackable tokens that expire after 3 months
This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on. It is supposed to provide the "unlinkability". I don't feel competent enough to explain how those work.
> jailbreaking / "prevent tampering"
This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
> You have to blindly trust that the tokens will not be tracked
This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
Also we can't have a meaningful discussion without expanding on definition of "tracking".
Can the site owner track you when you verify if you are 18+? Not really, each token is unique, there should be no correlation here.
Can the government track you? No, not alone.
Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
Can they lie? Sure.
Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
Can they lie if you are using bbs+? Math says no.
> Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.
Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".
And the best part… Age verification will not solve "children problem". I think it's parents problem to take care of their children, AV will be pretty easy to bypass - kid will just borrow ID for a moment and… voila! Govts (or some people) are creating problem and solution that do not exists.
I do not like way internet went, I do not like more way it's headed now.
I'll bite.
> It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.
> Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".
Is this even actually possible? If you want any sort of identity verification you HAVE to trust someone, whether age or full ID. Literally impossible.
Zero trust systems in society don't work. If you don't care "who" then yes, zero trust is just fine... but then what's the point of "age verification"?
The whole point is that mandating websites to require age verification is more authoritarian than people are pretending it is.
I was more responding to the part about not trusting your own gov cuz how do you build a system where you don't trust a central authority when identity is required.
I don't think it's possible.
You have to trust someone to verify age.
You don't have to trust somebody not to track how the resulting credential is used. And that is what "zero knowledge" means. It means that after you finish the protocol, nobody has learned anything but what they were supposed to learn (in this case, "the person at the other end of this connection is over 18"). If it leaks anything else about the person, it's not zero knowledge. If somebody learns which of the issued credentials was used, it's not zero knowledge. If parties can collude to get information they're not supposed to get, it's not zero knowledge.
It's a technical term of art, not some politician's bullshit. And it isn't complicated to understand.
> This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
The "open source" apps connect to proprietary backends run by a third party that you have to blindly trust. If EUDI wallets were truly open source and free from blindly trusting any authority, then you could simply remove that requirement and issue your own tokens without the use of potentially malicious third party.
> issue your own tokens
I mean, you can. It's like with TLS certificates. The standard is there. The code is there. You can issue your own.
The question is, who will trust you?
It is not at all like TLS. With TLS you at least can get your own certificate signed by an official CA, and use that private key on whatever system you want.
It is literally TLS in a trench coat with some json sprinkled on top.
Where I think we are not in agreement the question of "who to trust" and "for what purposes".
Are you going to trust me when I tell you that I'm over 18 if I provide you with the document signed by my cousin, Honest Ahmed?
Are you going to trust me when I show you the document signed by my government?
(this is the trick question, you don't have a choice, law says you must; there's a list of who you need to trust and for what purposes; like a certificate root store in your browser)
You forgot to mention the additional remote attestation shackles you put on that trenchcoat.
Note that I - as opposed to the posts parent - used an official trusted CA as an example.
TLS: I see your ID with some governments signature in your hand, I trust you to be you. EUDI: I see a note you wrote and I see some signed documents that you have just been to the government brain scanner, which attests you are not faking that note, and as a nice side effect the scanner scans other things in your brain, e.g. that you watch every advert diligently, send your current location regularly to your local police office and other things.
The problem is you are not creating a government issued single purpose device but you are confiscating something many user experience as a brain extension to be under the government's control as a whole.
> if I provide you with the document signed by my cousin, Honest Ahmed?
You surely mean Honest Achmed? He gets a bad rap: https://bugzilla.mozilla.org/show_bug.cgi?id=647959
> It's really not much different than what a banking app would require.
I can use my banking services through the web. Codifying the Google/Apple monopoly in law is gross.
> I can use my banking services through the web.
Not for much longer. Stealing your data on mobile device is way too lucrative for the banks to pass on. All while pretending it's done for security.
Sadly true, while scammers run rampant regardless. It’s depressing to watch everything get worse.
Many banks have gone the way of requiring 2FA on an unrooted phone, but giving you a way out by also offering you 2FA via smartcard (using a smartcard reader and a bank-issued card). I suspect a similar thing could be done here, with the smartcard providing the trusted hardware/secure element?
In the context of world politics and the hunt for sovereign hosting etc it also seems incredibly weird to put all of EUs identity handling in the hands of two American companies.
For clarity, the US could over night make all European digital wallets nonfunctional by requiring app stores to remove them and have them uninstalled remotely (iirc there is such a feature but it’s very rarely used). Likely? No, still a very strange thing to put into law though.
> Government can track all salts for your tokens, site can collect all salts, they can compare notes.
That is not zero knowledge. Given that actual zero-knowledge systems are well understood, the only reason to deploy a system that allows that would be if you planned to abuse it.
What is your definition of zero knowledge?
By this definition bbs+ signatures are ZK.
Zero knowledge in such a system requires a minimum of 3 independent parties. There are quite a few solutions out there, I think the most developed ones are online voting systems, because tracking and de duplication is essential.
The impossibly high bar they set "Perfect" at in order to make it the enemy of good, and fight against any progress being made to keep children out of adult spaces.
That being said, it's my personal opinion that I'd love to simply have my device store a token and send it to any site when requested. I'd then like those sites to give me toggles to remove all non-verified content - and therefore my internet experience could be sans-juvenile squeakers.
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
Except the state is not a bank, of which there are many. The state is not optional, and trusting an American company with, of all things, the digital precondition for social existence, is suicidal.
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
Most banking apps run on GrapheneOS, will this? Nearly all EU banking websites run on Firefox on Linux, will this?
Why did you not quote the App Store/Google Play Services part, which is much worse?
> There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
I'm sure this will be as diligently carried out as GDPR enforcement. [0].
> jailbreaking / "prevent tampering"
Now your EU government requires you to have an unmodified Google or Apple device to use any age restricted services. Cementing the US mobile OS duopoly and locking out any free systems and desktop etc. forever.
Any governmental service taking part in this is a violation of civil rights and even if you don't care about those, maybe you care about digital sovereignty.
This is so lightly handwaved away, almost as if attention needs to be drawn away. By the looks of this I'd say the end of general computing might be the actual goal, and all the age verification is just yet another "think of the children" pretense?
I totally agree that one of the biggest vulnerabilities in EU digital ID scheme are US corporations :).
At least that establishes that you don't care about civil rights :|
*corporations in general
Comment was deleted :(
Great comment all around but
> jailbreaking / "prevent tampering"
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
This is unacceptable. So much talk about independence from the US, you simply cannot make it a hard requirement to use the duopoly to be a citizen (as if it wasn't a quasi-hard requirement already)!
Funny how they just handwave it like it's a totally normal thing, like the insane situation with banking apps. Most people don't care as they run with whatever's available without modification, but we still should fight for the right to run the code we want on devices we own.
Consider the car analogy: if you want to drive on public roads, you need to drive an attested, unmodified vehicle that complies with the relevant regulations. If you want to play around and modify the car, that's fine, but then you don't get to use it around other people. You're also not allowed to buy some random, unknown Chinese or Indian car and drive it on the road. People already accept this when framed as a safety issue. I suspect they care more about their cars than their phones, and won't care about the requirements on the phone anyway because they're not planning to modify it, and as long as WhatsApp and Instagram keep letting them exchange shopping list additions and pictures of vacation cocktails, then what's the problem?
To be clear, I'm not in favor of a participation-in-society ban for jailbreaking your phone, but there's already precedent for it.
The analogy is a bit shaky IMO, as you can certify individual, heavily modified, foreign or even self-built cars in EU member states.
For cars, the local certification authority themselves decides what is road-worthy or not, not VW et al. You can add third party parts without the manufacturers consent. This is not the case for Android or iOS attestation, you're pretty much at the mercy of the foreign manufacturer and their local laws.
May I infer from your response that your quarrel is not with a central authority having the final word in what code you're allowed to execute on your own device, but rather that it should be the government and not a corporation signing the binaries that are permitted to run?
If you're expecting a perfect analogy, you're not going to find one. Law in its application also doesn't deal in exactness, but in generalities and vibes: that's why lawyers argue, and judges decide.
I'm familiar with the process for individually certifying unique and modified vehicles in several European countries. Invariably, the process is costly and onerous, which serves as a deterrent.
Cars can and do kill 1,500,000 people every single year, equivalent to a jumbo jet full of people every couple hours, plus an equal number of crippled and injured, plus untold number of pollution deaths. That's a ridiculous comparison (if anything cars are not regulated enough). Who am I endangering when running microg on my phone??
I will continue advocating for the devil, then! These are the top bogeymen we need to thwart in order to protect...
-children and women, harmed through unregulated and unobserved communications enabling human trafficking and the spread of CSAM.
-social healthcare systems, harmed by enabling the proliferation of illegal drugs, which leads to the over-taxing of an already straining public good, reducing access to people who would need help outside of drug-caused issues.
-society at large, harmed by enabling drug-funded terrorists to trade in weapons and coordinate their destructive actions out of sight of law enforcement.
For your and others' safety, please leave your signing keys at the door.
> We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
If the "18+ claim" can't be linked to your identity and doesn't have any rate limits, someone can set up a token-as-a-service to sell tokens on the black market.
> Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
> Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
How does the math say no? Big tech companies already log absolutely everything. What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> Can they lie? Sure.
Well, they've lied to us over and over when it comes to surveillance, so I think at this point it's reasonable to assume they're lying unless it's technically impossible. Where's the in-person key verification that used to be in Whatsapp? How do the authorities get notified when someone makes a poorly thought out joke using Snapchat private messages before getting on a plane? Why is there a war on end-to-end encryption?
We're going to pay a fortune for these supposed zero knowledge systems and that's what it's about. Select companies are going to get paid to issue tokens and the scale is going to create a few new billionaires.
The people in charge are going to gain a ton of power when they betray everyone and disenfranchise us.
> someone can set up a token-as-a-service to sell tokens on the black market
They can! Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.
> What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> How does the math say no
BBS+ signatures. Hashes you receive from the government and hashes you send to the site operator are different and not correlated.
> Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.
So how would I use this on Linux then? Because I'd be rather unhappy if a bunch of websites became unusable on Linux due to government-mandated security restrictions.
My (Canadian) government's health portal already refuses to load if you use Linux (despite it being 100% web-based), meaning that I'm completely unable to book vaccinations or view procedure results without workarounds. Luckily it only checks the user agent, so it's pretty easy to override this right now, but that wouldn't be possible if cryptography/attestation were involved.
> how would I use this on Linux
Governments and businesses have already decided that it's fine to mandate that you own an unmodified smartphone made by one of the major manufacturers, so it's not much of a stretch to assume that they will also eventually require you to run an attested OS image made by one of the two major manufacturers. The fact that some run Linux internally isn't going to help your case: governments do a lot of things internally that you're not allowed to do. I used to watch cops in Amsterdam park on the sidewalk to go get a kebab, for example.
> We are literally sending a request to our government's server to sign
You've already lost. You're at the government's mercy. They can simply refuse to sign.
"Mr. John Smith, we noticed you've published some poorly-worded comments online. Why are you locked out of your account, you say? Oh, that's just an unfortunate technical issue with our signing system, happens all the time. Anyway, this is a friendly reminder for you to improve your online etiquette. Have a nice day."
There's really two cases here.
You live in a democracy?
YES) the violation you describe is verifiable to a journalist. You publish story, and you keep the government accountable.
NO) Why are you even discussing if age verification is a good idea or not, you freak. It's not really up to you anyway. Go fix your country first.
You mean the journalists that are pro age-verification and pro banning everything that's slightly critical and constantly demonize everyone going against them?
Or you live in a democracy so you throw a fit until your government backs down. No amount of journalists is going to change the US or the UK at this point.
Plenty of democracies in Europe and elsewhere regularly and repeatedly fail to actually represent the desires and interests of the citizenry, but they keep getting reelected anyway. Why should this time be any different?
I'm sure they do fail, but at least they have the theoretical ability for citizens to more directly challenge crimes comitted by the government itself. Unlike the U.S., which removed it by statutes, most other common law countries, and all civil law countries, citizens retain the ability to force criminal prosecution (either by private prosecution or by appeal to a magistrate with proof a crime has been committed).
I have no idea what this has to do with the EU implementing age verification because politicians want it, and the powerlessness of EU citizens to arrest or impede the government's machinations. Feels Gish Gallopy.
What I can say that's at least tangentially relevant to the topic at hand is that I've lived for a couple of decades in both the USA and the EU, being a citizen of both, and have found Americans generally much more politically informed and involved. I find Europeans, particularly Irish, very well informed about U.S. politics that they are powerless to influence, and next to oblivious of anything going on at home. Given that Ireland has the EU Presidency right now and is choosing to use its bully pulpit to advocate for British-style draconian Internet regulation, that's doubly a shame.
Do you trust today's democracy to be a democracy tomorrow?
Never. Cede. Ground. You'll never get it back, and one day the rights will be gone.
Age verification in Australia had like 70% popularity.
That is an astounding consensus in a system which regularly decides elections by 51%.
You're not getting mandated from up high: it is democratically enormously popular to do this.
Australia has two major parties that agree on absolutely everything, and a virtually non-existent civil society. No true free debate can take place in such circumstances. The Australian government loves falsely claiming a popular imprimatur for policies that have never been properly debated or put before the people.
The only reason we have any rights left is because the Australian government is - thankfully - comically incompetent.
"Australia is a lucky country" is a quote every Australian knows. Few know the full quote: "Australia is a lucky country, run mainly by second rate people who share its luck. It lives on other people's ideas, and, although its ordinary people are adaptable, most of its leaders (in all fields) so lack curiosity about the events that surround them that they are often taken by surprise." - Donald Horne.
I encourage all my teenage countrymen to use as many social media apps as they desire. Mullvad is a decent VPN and you can pay for it anonymously. Freedom of speech and freedom of association are your human rights. No government gets to take them away from you.
That's a fallacy. You don't have any evidence to support the claim that this system of age verification is popular and more importantly, whether it would remain popular if people had a full understanding of how it worked and how it can be abused.
It might be popular to have age verification conceptually and only as long as it's only used "as advertised", which is not the same thing.
This is one of the biggest issues of democracy. As long as your propaganda machine is strong enough (and anti-privacy propaganda is one of the strongest) you can pass just about anything and pretend that society put on the shackles of surveillance and coercive control voluntarily.
People just submitted it. I don't know why. They "trust me". Dumb fucks.
Thanks for posting this.
The inherent problem with all zero knowledge identity solutions is that they also prevent any of the safeguards that governments want for ID checking.
A true zero knowledge ID check with blind signatures wouldn't work because it would only take a single leaked ID for everyone to authenticate their accounts with the same leaked ID. So the providers start putting in restrictions and logging and other features that defeat the zero knowledge part that everyone thought they were getting.
> A true zero knowledge ID check with blind signatures
That is not true and "true zero knowledge ID check" + "age verification" with blind signatures is what's being implemented by the EU ID project.
So someone's id leaks. It happens. In EUDI there are things called "cryptographic accumulators of non-revocation proofs". If your ID leaks it goes into the accumulator. Similar to the certificate revocation lists. During check, you include claims "im over 18" and "my id is not in the accumulator".
This is included in the standard.
This is also (I can only assume) one of the reasons why EUDI wallets require play integrity / attestation / secure element on the device. So your private key won't be easily leaked and no one can steal your ID.
You're assuming the leak was accidental, the person knows about it, and they didn't intend for others to use it.
What happens when someone sets up a marketplace where people can sell those blind signatures using their ID for $2 each? And then kids just pay $2 to have someone else blindly use their ID to validate the account, because supposedly the system is structured so that nobody can tell which ID was used or tie it back to the account?
E.g. the German ID card can all on it's own, just using a server certificate configured/parametrized for this and signed by the government, do a simultaneous pseudonym passkey mint and age gate check. That way you could easily block ID reuse; note that the passkey is locked to the card not the person as it's cryptographically derived from the pair of the card's private internal key, and the server's private key that goes to the certificate.
Access to this part of the card is secured by PAKE between the transport layer (TLS) encrypting and user interface providing NFC reader (for example phone with the app, or dedicated hardware) using a PIN.
That's where the google play integrity / attestation comes into the effect.
In theory you cannot export your private key from the device (from the secure element), so for each $2 someone would have to quickly unlock their phone, scan code via the app and so on.
Private keys from secure elements leak all the time. There will be a flawed implementation that someone exploits, an insider will smuggle a key out etc.
This is why true zero-knowledge systems for this sort of thing aren't practical and will never be. Because a SINGLE leak will break it and there will be no way to even detect it.
The attestation systems you reference don't even allow true zero knowledge attestation, they involve a trusted intermediary to convert your burned-in private key to a temporary key which you use for attestation with a third party.
And the temporary key isn't even a product of a blind signature. And it's rate limited. So if a service selling these temporary keys shows up they will be able to easily trace it to the burned-in key responsible - then revoke it and if possible initiate legal action.
This also means that whenever you register to a service using one of these schemes you are registering with your real identity, it's only a question of how hard and how many parties need to collude to extract it.
And in the event that they really do blindly sign tokens generated on your device, then their scheme will not survive adoption. As it gets adopted, the value of these blind signatures will rise and services that sell them will pop up. There will be no way of tracing the sold blind signature to the compromised/colluding device and rate limiting will merely necessitate a farm of such devices as opposed to a single leaked key.
*Note that Blind Signatures are Zero Knowledge.
Can you tell me when a private key has leaked from the Secure Enclave on a iPhone?
This specific problem is solved by requiring that any anonymous ZK ID once used for an account be marked on an immutable ledger preventing multiple uses of the same ID. Sharing it would be pointless as multiple attempts to use it get burned. Yet none of those sites know who you are, only that you have a unique valid ID pass. They just have to check any login attempts against that ledger - easy enough.
> They just have to check any login attempts against that ledger - easy enough.
So like CT logs, but several orders of magnitude bigger? I thought centralized TLS revocation lists failed due to scale. How will this differ?
Just crypto tie them to the server/site and let them do it, CRLs were an issue due to distribution to every device, not because of a hastable like sparse set structure being too much. Also this isn't every connection, but only every time you (attempt to) verify your age.
I mean that's kind of a problem with ANY solution. There will be workarounds and ways to break it. There is no perfect solution outside someone standing over you while on the internet. We need to look at this more like age checks on porn sites and gaming platforms where you just put in a birthdate. Obviously someone can lie, but that point isn't to be a perfect wall but a hurdle to clear to make sure users are aware of the content and that any sort of nanny software to block if set up.
> I mean that's kind of a problem with ANY solution. There will be workarounds and ways to break it.
That's unnecessarily reductive.
Yes, every solution will have problems, but not all solutions have similar problems.
If a solution has problems such that it can be immediately reduced to security theater and bypassed by any teenager who cares, it's just extra hassle and privacy degradation for the rest of us.
These details matter. If a weak solution is regulated into law and the government discovers kids are easily bypassing it, they will immediately pivot into requiring more restrictions on it.
Extra hassle is manageable. Sites or programs that want you to put in a birthday are extra hassle but objectively better than something like submitting an ID. Privacy degradation is also manageable as well. It just depends on the solution.
We've had decades of age gating being "are you 18+ or not" yet it is only now that talks of something more enforceable are coming up. This discussion is largely about how one can create a sense of safety and protection. For the more extreme end it's face scans and submitting ID. Even though these are bypassed by any teenager who cares they are still being pushed seriously because it instills that sense of safety and protection for children. Security theater is just a part of managing the internet and not going away unfortunately.
> age checks on porn sites and gaming platforms where you just put in a birthdate
That's the only solution that truly protects user privacy and security. Video games and especially mature content should not require age verification. People's lives can be permanently destroyed over perfectly legal sexual fantasies, and thus anything that increases the risk of the information being tracked is unacceptable.
> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".
IIRC that was only for a prototype or reference implementation.
> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".
The EUDI spec is tech neutral.
What the EUDI mandates is a high level of assurance under the eIDAS 2.0 regulation and the use of a secure element or a trusted execution environment to store the key.
I'm sorry to say it but the fact it bans jailbreaking/rooting your device really makes me believe "think of the children" isn't their real goal.
There's some clever kids out there but come on.
Link?
I feel like you're glossing over a lot of uncomfortable but important implementation details here. None of this works without effectively banning personal computing and tying the whole system to secure attestation (which in practice means non-jailbroken apple & android devices). No thanks.
Can we go back to defaulting to parenting instead of nanny-states? Maybe make "age sensitive" websites include this fact into a header (or whatever) so that parents can decide who in their household can access which content. Instead of having some overreaching corpo-government implementing draconian "verification" systems.
If I want to live under the thumb of a strongly verified "benevolent" dictatorship, I'll move to China. No need to create a second China at home.
> It derives an age attribute such as "over 18" from a passport or ID, without disclosing any other information such as the date of birth.
How? If it’s analyzes my ID 100% client side I can fake any info I want. If my ID goes to a server, it’s compromised IMO.
I think the zero proof systems being touted are like ephemeral messaging in Snapchat. That is, we’re being sold something that’s impossible and it only “works” because most people don’t understand enough to know it’s an embellishment of capabilities. The bad actors will abuse it.
Zero proof only works with some kind of attestation, maybe from the government, and there needs to be some amount of tracking or statistics or rate limiting to make sure everyone in a city isn’t sharing the same ID.
Some tracking turns into tracking everything, probably with an opaque system, and the justification that the “bad guys” can’t know how it works. We’ve seen it over and over with big tech. Accounts get banned or something breaks and you can’t get any info because you might be a bad guy.
Does your system work without sending my ID to a server and without relying on another party for attestation?
There's no dynamic analysis done, necessarily. In the Swiss design, fex, SD-JWTs are used for selective disclosure. For those, any information that you can disclose is pre-hashed and included in the signed credential. So `over_18: true` is provided as one of those hashes and I just show this to the verifier.
The verifier gets no other information than the strictly necessary (issuer, expiry, that kind of thing) and the over 18 bit, but can trust that it's from a real credential.
That's not strictly a zero knowledge proof based system, though, but it is prvacy-preserving.
The issuer knows everything and can help track if the wish to. The issue here is lack of trust in any corporate or government entity.
Well, yes, if they use something completely different to what's published and designed.
But no, we're not talking about the case where there's no trust at all in the government, because then you don't get verifiable credentials at all. We're talking about building privacy-preserving credentials that actually have a use.
Comment was deleted :(
> If it’s analyzes my ID 100% client side I can fake any info I want. If my ID goes to a server,
amplifying your point, there is effectively no way for the layperson to make this distinction. And because the app needs to send data over an encrypted channel, it would be difficult at best for a sophisticated person to determine whether their info is being sent over the wire.
> And because the app needs to send data over an encrypted channel, it would be difficult at best for a sophisticated person to determine whether their info is being sent over the wire.
Devices are built from the ground up to prevent even sophisticated users from tapping them to verify we aren't being lied to. The average person thinks that "hackers" will mobilize if things get too bad and they're completely wrong.
Tamper proof, encrypted chains of trust start from the second a device gets power and it's infecting everything from appliances to phones to computers. Get ready for a future where your rented toaster has parts serialization that can't be bypassed.
Oh -- how do I ensure that the device is running only the software I installed, with exactly the patches I added, rather than a possibly malicious vendor -- for example, if the local government of the country I'm visiting has a court order for phone vendors to silently backdoor phones, it would be nice to know that only the software I personally signed is running.
As someone that patches their OS on the regular, this would be pretty interesting.
This is a fairly weak argument though: the layperson also cannot verify the software updates we push to their phone/computer or any number of other critical devices in the chain.
All of this is reputation management: if technical experts broadly agree the system does what it says, then all of us have to accept that in aggregate that's probably good enough and significantly better then many other areas.
Attestation from government sounds like the ideal solution. This could actually provide _more_ privacy because we can begin using attestation for things we currently use IDs for such as “Has the privilege of driving a car” or “Can purchase alcohol”
Amazing how fast these systems go from "zero knowledge" to "route the request through the government system every time you use your ID"
there is no "route the request through the government system every time you use your ID".
you get your sd-jwt document signed once and you reuse it for like 30 days or so.
I was responding to the comment above mine, which was calling for attestation from the government for specific privileges.
> you get your sd-jwt document signed once and you reuse it for like 30 days or so
So it still gets routed through the government once a month if you plan on using it.
Yes we are still talking about attestation from the government for the specific privilege part.
You get your document with fields like "can drive", "is over 18" and so on. It's valid for some time; physical ID is valid for like 10 years and then you have to get a new document, this digital one is valid for lets say 30 days and if it expires you get a new one.
Then you present only those fields you want, when you want, without anyone talking to the government at all. All the other party needs to check is "is the document valid" and "do presented fields match the document". Like checking a tls certificate for a given domain name or purpose.
Strictly speaking there is no "routing through the government" of any information. The government just "issues a certificate" valid for X days without knowledge with whom, how or when you are using it.
> Strictly speaking there is no "routing through the government" of any information. The government just "issues a certificate" valid for X days without knowledge with whom, how or when you are using it.
I don't understand how you keep claiming there is no "routing through the government" right next to your explanations that the government is the one providing the documents every 30 days.
Obviously something in the document is tied to your ID and the government has mechanisms to revoke it. No matter how many layers you put on top of that, this all has to come back to the government's control.
I understand that the salts can be sent to 3rd party websites. However there's obviously a reason that those are only valid for 30 days instead of indefinitely.
Yes, something in the document is tied to my ID. There's my name in there for example :). I don't have to share that information, because what government signed is a uniquely salted hash of my name and passed the salt to me.
If I choose to share that salt, and provide my name, someone could hash all that information and compare it to the government-issued document to verify if my name really is john smith (or if my claim "I'm over 18" is valid).
If I don't, they have no way of knowing.
> no "routing through the government"
> government is the one providing the documents
I'm also lost. I mean, this is the government issued ID we are talking about, right? How are you expected to get it if not from the government? "Are you over 18" claim is part of that government issued ID.
They don't have to know which sites or when you are visiting, but they do have to issue you the document.
(To be clear, there are also other options, it doesn't have strictly to be government; for example banks around here can provide ID documents - for their clients. There's a list of who is trusted for what https://eidas.ec.europa.eu/efda/trust-services/browse/eidas/...).
> However there's obviously a reason that those are only valid for 30 days instead of indefinitely.
It's the same reason why we prefer tls certificates with short lifespans.
Technically, if your phone needs to be remote attested, it can be considered a government system, not a user's system.
That's true, but it never really was your system, right? It's government issued app on a government approved device.
Why would I allow a government to tell me which devices I own can or cannot be approved? People have a short memory of history. Government works for the people, not the other way around.
Nope, it is my system currently. I hope we won't go back to GDR where the government needed to approve eachtypewriter.
Except it wouldn't need to be every request. Just the first one.
All these services have accounts, and the only time you need to do an age check is when the account is created.
Yes it does actually. You load your ID into your phone with the MRZ and NFC. The cryptographic proof inside your ID is used to verify that it was issued by an official government. So your ID is not being sent to a central server.
The reusing another ID is an issue. In some countries they will have a in person check to verify only you can load your ID into your phone. But then you still have the problem of sending a verification QR code to someone else and have them verify it. This might be solved by rolling time-gated QR codes and by making it illegal to verify someone else's verifications. But this is a valid concern and a problem that still needs solving.
> If my ID goes to a server, it’s compromised IMO
Might be breaking news, but the state already has your passport ID in a server.
I would much prefer to see a ZK system that, by design, CANNOT reveal info neither to the website nor to the authority. e.g. in the new EU system, it is (afaik) conceivable that the ID authority could collude with social network providers, or with government or with police etc. That's not great IMO.
How about a system like Google Authenticator in which google knows nothing about which websites I'm logging into. Except, obviously, it'd have to be some kind of cryptographically signed response. e.g., website puts up a QR code (according to some standard) asking "is the user 18+", I scan with the phone, and the ID app, without accessing internet (like google authenticator) responds.
I suppose that might need a secure computing environment, so no rooted phone etc. But, of course, there's a simple workaround. Any adult can give their phone to a child. As long as that vulnerability is there, there's no such thing as a guarantee on the responses no matter what way you build it.
In your system, can companies verify age offline, or do they need to send a token to the Government's authority to verify it (letting the Government identify and track users)?
Switzerland is working on a system that does the former, but if Government really wants to identify users, they can still ask the company to provide the age verification tokens they collected, since the Government hosts a centralized database that associates people with their issued tokens.
Aren't the companies also expected to do revocation checking, essentially creating a record of who identified where, with a fig leaf of "pseudonymity" (that is one database join away from being worthless)?
The revocation checking is implemented in a way where the government doesn't know who you checked and you can even cache the information (if that's good enough for you) so they won't notice at all.
That assumes the companies store the individual tokens, as does the government. Neither of which are part of the design, but could be done if both sides desired it.
The Swiss design actually doesn't store the issued tokens centrally. It only stores a trust root centrally and then a verifier only checks the signature comes from that trust root (slightly simplified).
If companies are required to verify age, then it's in their best interest to store all tokens, just in case they are ever accused of not verifying it.
The Swiss E-ID system stores people identifiers and token status lists in their so-called "Base Registry". From https://swiyu-admin-ch.github.io/technology-stack/#credentia...
> Decentralized Identifiers (DID) developed by the W3C represent an identifier standard that provides a subject-controlled method for identifying individuals, organizations, or objects online. In the swiyu Trust Infrastructure, DIDs are utilized as a standard identifier for issuers and verifiers. They are centrally hosted on the swiyu Base Registry.
> In this protocol, the trusted authority issues certifications (“trust statements”) concerning the identity (i.e., who is the real-world identity controlling a DID) and legitimacy (i.e., who is allowed to issue or verify credentials of a specific VC schema) about an entity as SD-JWT VC and publishes these trust statements in the trust registry.
> Token Status Lists are signed, maintained and published by the credential issuers but hosted on the Base Registry.
That's not how that works - they can prove they check by showing logs, rather than VPs. There's even legal limits on what identifiers they can store and for how long. But even ignoring that, they'd be storing only very limited disclosures.
The base registry stores identifiers of issuers and verifiers, not credential holders.
Even the status register does not contain the tokens themselves:
> Within these status lists, each index (i.e., status entry) documents the validity of one VC. The corresponding index is captured in the VC’s metadata to allow for a decentralized status information retrieval that does not require verifiers or the VC holder to contact the issuer.
Of course, each issuer needs to maintain a list of the credentials they have issued in order to be able to ever revoke them. That's unavoidable.
> But even ignoring that, they'd be storing only very limited disclosures.
Just to be clear, here I am not concerned about the verifiers, I am concerned about the authority (Government).
> The base registry stores identifiers of issuers and verifiers, not credential holders.
If the verifiers provide the verification tokens to the Government, can't the Government identify the original issuer even if they don't store them? Don't these tokens contain the DID of the issuer? Please correct me if I'm wrong, maybe I didn't get this part right.
> That's not how that works - they can prove they check by showing logs, rather than VPs
Logs can be manipulated, VPs can't. If I had a company and I was forced to verify users, I'd try to store those VPs for as long as possible, for my own protection.
> There's even legal limits on what identifiers they can store and for how long
I was not aware of this. Is that documented anywhere?
At least the US bills I've read make it illegal to store any information provided as part of age verification. Are the EU versions not the same?
> work at a European identity wallet system that uses a zero knowledge proof age identification system
> derives an age attribute such as "over 18" from a passport or ID, without disclosing any other information
Well, as soon someone points their chinaphone camera on a passport, it is already over.
This whole setup is a nightmare fuel.
You want to check over 18? Fine, let adults set their kids devices in a "child" mode. Problem solved.
No need to create a stasi dreamland.
this is slightly better but not the hero we want or need. zeero knowledge proofs are improvement over uploading raw documents, trust is still an issue here. why should users have to authenticate with a government-backed identity wallet to access platforms to play games or access a website in the first place. we didnt have any of these guards in the 90s and early 2000s and everybody turned out just fine . in fact the average gen z is in a lot worse place than we used to be despite that we had complete raw algorithm supervision free access to the internet with far more disturbing content (remember ogrish and KaZaA)
The average person does not understand the math behind zero-knowledge proofs. They only see that state infrastructure is gatekeeping their web access. Furthermore, if the wallet relies on a centralized server for live revocation checks, the identity provider might still be able to log those authentication requests, effectively breaking anonymity at the state level.
On a practical level, this method verifies the presence of an authorized device rather than the actual human looking at the screen. Unless the wallet demands a live biometric scan for every single age check, they will simply bypass the system using a shared family computer or a parent's unlocked phone. We used to find our way around any sort of nanny software (remember net nanny)
what you are describing still remains a bubble and I really hope Americans aren't looking at EU for any sort of public policy directions here.
> we didnt have any of these guards in the 90s and early 2000s and everybody turned out just fine
One of the most highly valued tech companies of today makes a software that sometimes talks its user's into killing themselves. Some guy put "uwu notices bulge" on a bullet casing and shot Charlie Kirk: things turned out fine indeed.
People killed both themselves and others way before the internet even existed.
Requiring everyone to show their id on every website will not change that. It will limit free speech though.
If the age verification is going to mandate government issued ID, the government issuer can be the Trust Anchor issuing a Digitally Signed Credential for the zero knowledge proof - using any available open source zero-knowledge process:
1) zkcreds-rs (zk-creds) [1]
2) zkLogin (Sui Foundation) [2]
3) TLSNotary [3]
4) DECO (Chainlink/Cornell) [4]
5) Anon-Aadhaar [5]
[1] https://github.com/rozbb/zkcreds-rs
[2] https://github.com/mystenlabs/sui/tree/main/sdk/zklogin
[3] https://github.com/tlsnotary/tlsn
[4] https://chain.link/education/zero-knowledge-proof-zkp#preser...
Apologies that I'm latching onto your post for visibility, but for the sake of discussion - the European Identity Digital Wallet project specification and standardisation process is in the open and lives on github (yeah, the irony isn't lost on me :) ):
https://github.com/eu-digital-identity-wallet
Everything's very much WIP, but it aims to provide a detailed Archictecture and Reference Framework/Technical Specifications and a reference implementation as a guideline for national implementations:
https://github.com/eu-digital-identity-wallet/eudi-doc-archi...
https://github.com/eu-digital-identity-wallet/eudi-wallet-re...
https://github.com/eu-digital-identity-wallet/eudi-doc-stand...
You'll find several (still evolving) Technical Specifications regarding ZKPs (including a discussion area) in the latter.
> Jurisdictions that accept facial estimation as sufficient verification are not taking enforcement seriously in the first place.
Or they want to spy on people.
I was working on a similar concept as a hobby project with PKI. The idea being that governments would have a digital registry with citizen information and issue a certificate to be stored in a Secure Enclave on a device.
When a client attempts to access an age-restricted URL, the server redirects to a custom URI scheme which begins a negotiation for requesting verification. The server signs a message and provides it to the client. The client verifies there’s not additional info or metadata before encrypting. It then forwards to the government server. The government server decrypts the message and signs a response. This goes back to the client which forwards to the server.
I haven’t fully ironed out all the details but got so far as nearly completing the server-client negotiation. The tricky part is ensuring each stage prevents MitM tampering while allowing the client to see what is in a request so that there’s no metadata which would allow a site to track the user, nor a government to track sites a user accesses.
If the website and state want to collude to track the user they don't need to send any in-band metadata.
You mean that system that requires either to use an original unmodified Android phone, or a iOS phone and it does not work in absolutely anything else?
No it is open-source and portable to any platform you want. We currently support iOS and Android through Play store and F-droid, but that is just because most of the market is there at the moment.
What about the "App and device verification based on Google Play Integrity API and Apple App Attestation" that was in the readme?
Was this discarded? Is it not necessary anymore? Can someone without writing their own implementation use the app without using any of those two?
What about devices without a hardware-based trusted computing module? Am I now limited to what hardware I can run before I even get to my custom software?
That's really awesome. I hope that soon we will also have humanity verification without sacrificing our anonymity.
With LLMs and paid actors wreaking havoc on social media I do think that social media needs pivot towards allowing only human users on it. I wrote about this here: https://blog.picheta.me/post/the-future-of-social-media-is-h...
This is true, but I think it's more that those jurisdictions don't actually care about something solving this securely so much as they want face scans for other purposes?
I think there's a tradeoff triangle here, not dissimilar to Zooko's triangle or the CAP theorem, where the three aspects are age verification, privacy, and the freedom to run custom software on devices of your choosing.
You can have no system at all, which gives you freedom and privacy, but not age verification. You can have ID uploads, which give you age verification and freedom, but not privacy. You can have a ZKP-based system, which gives you age verification and privacy, but not freedom. This is because you need a way to prevent one unscrupulous ID owner from issuing millions of valid assertions for any interested user.
One question I have, that perhaps you might be able to answer (though I see you've gotten too many replies to this comment already): I'm aware of a number of such systems being developed, and "is over 18" is always the example given.
Are there, say, two other potential use cases that anyone has come up with yet?
In Amsterdam 1850 the municipality kept track of people's names, address, age, gender and religion (bevolkingsregister). It meant nothing at this time, but 90 years later the Nazi used these lists to murder jewish people going house by house. Thanks for the partisans setting this archive ablaze, life were saved.
I'm not saying it's right or wrong, you tell me, I just want to point at this random timeline.
I shudder when I think of how effective the Stasi would have been in the digital age. The only thing checking them was the labour demands of surveillance.
When Trump came into power a second time, and the ICE-nazification became apparent, I reached out to my government and asked them what they were doing to make it harder for "Trumpism" to happen here. No reply. Just crickets.
Hoovering up less data would be a really fucking good start. There's something about babies and bathwater, but by god this has proven to be very dangerous bathwater time and time again.
> As long as you trust the government that gave out the ID
I'm a citizen of a European Union member, I trust my government to issue me an ID and use said ID in my interactions with the state, I do not trust my state with anything more than that.
That is exactly the trust I mean. You need to trust that country X gives out valid IDs. If you have sketchy company Y giving out IDs to everyone, you probably would not trust any attributes derived from that ID. If you trust that a country gives out valid IDs, you can trust the information derived from that ID. You do not really need to trust your government any more than that for this system to work.
Ok, I will do my homework on the proposal of the EU Identity Wallet but from my skimming on topics about it, it the tokens derived from my ID would be able to de-anonymise me online.
This part of trust was not about you trusting the government though so it is okay.
You have a much more trustworthy government than mine, sadly.
Immigrants do not have an ID for up to a few years when they move to Germany. Just this week the Berlin immigration office stopped issuing plastic residence cards for budget reasons, so people get a sticker in their passport.
Passport recognition is also spotty. The ID verification providers used by banks do not recognise Indian passports.
Will we exclude a few million people because it’s too expensive to verify that they are over 18?
Add this to “falsehoods programmers believe about ID verification”.
> Will we exclude a few million people because it’s too expensive to verify that they are over 18?
Yes. We absolutely will. KYC services is something that no one wants and everyone hates, thus there is no motivation to make it better. And if any, "better" might mean more invasive, because that means more data to mine and sell.
So, sure, excluding millions of people from KYC because it's cheaper to reject them than it is to study their documents - is the right decision business wise.
I am speaking as a person in the very same position.
In Austria you don't need an Austrian passport/Personalausweis for a Digital ID registration. Your original passport (or equivalent) in combination with a certificate of residence, student permit or similar is fine.
No, we will exclude a few people because Germany doesn't have its shit together when it comes to digital stuff. Then hopefully people will complain and things will improve.
As soon as age-gated access depends on a government-issued credential, you're implicitly tying participation to state identity infrastructure
What is wrong with inactive accounts, why do they need to be deleted?
I have a few questions.
In that system does the age verification result come with some sort of ID linked to my government issued ID card? Say, if I delete my account on a platform after verifying and then create a new one, will the platform get the same ID in the second verification, allowing it to connect the two and track me? Or is this ID global, potentially allowing to track me through all platforms I verified my age on?
What a verification process looks like from the user perspective? Do I have to, as it happens now, pull out my phone, use it as a card reader (because I don't have a dedicated NFC device on my computer), enter the pin, and then I'll be verified on my computer so I can start browsing social media feed? Or, perhaps, you guys have come up with a simpler mechanism?
The wallet ecosystem is still really varied at the moment. Our implementation is unlinkable. So an issuer cannot track where you use the attribute. And a verifier cannot see that you've used the same attribute multiple times with their system. This is great for privacy and tracking protection, but not so great for other things. For example, people sending their QR codes to other people with the correct attribute (like maybe an underage person sending an 18+ check to an adult), is hard to solve for because they are unlinkable.
Most systems right now have you load data in your phone. Then when a check happens, you scan a QR code. You then get a screen on your phone saying X wants to know Y and Z about you, do you want to share this information? Then you just choose yes or no.
For your social media example. You would just get a QR code on your pc, then pull out your phone, scan and verify, then start browsing social media on your pc.
In the Swiss system, it depends on what they verified. If they required your full ID, that has a document number like a passport and they could track that.
If they did the right thing and only asked for the over 18 bit, then they wouldn't have a trackable identifier.
You are describing a situation where a pairwise pseudonymous identifier is generated. I don't think any real system does this with government IDs, but it might be possible.
This is really cool and I want it for inter-government identification. Eg country B can check a ZK proof that I'm a citizen of country A, allowed to drive, not a criminal, have a degree, etx
This is the way. It annoys me to no end when e.g. the German chancellor demands clearnames in social media. The real issue are bots and algorithmically enhanced reach. Proof of personhood in a privacy-preserving way is enough to fix this. But it should be mandatory for social media in the EU. You don't need to expose people to the doxxing mob to protect our democracy.
Tbh, when I read that "platforms face a choice between excluding lawful users and monitoring everyone." I don't have much understanding.
No gov. ID, no participation. It's not like you cannot go outside and talk to people anymore so let's not pretend that being on insta is some sort of universal human right and anybody barred from it is some sort of terrible tragedy.
Not only EU -- Digital ID on iPhone does this today, and is accepted by many USA airports for travel, etc., with rollout for DLs.
Huh?
I just don't want to have to ID myself at every corner of the internet. Whether the site receives my details or not.
I've heard they even want to mandate periodic re-checks now which is insane. The internet should remain free.
Besides, if parents don't want to give access to social media they can just not give their kids a phone, or just use the many parental control features available on it. Every phone has this these days.
And even if the government wants to ban this stuff for all kids (which I would not agree with but ok I don't have kids so I don't really care and parents do seem to want this), they don't have to enforce it this way. They can just make the parents liable if the kids are found to have access.
To me this is just another attempt at internet censorship and control.
Correct. A ZK Proof backed identity system is a significant bump up in both privacy and security to even what we have right now.
Everyone does realize we're being constantly tracked by telemetry, right?
A proper ZK economy would mitigate the vast majority of that tracking (by taking away any excuse for those in power to do so under the guise of "security") and create a market for truly-secure hardware devices, while still keeping the whole world at maximal security and about as close to theoretical optimum privacy as you're going to get. We could literally blanket the streets with cameras (as if they aren't already) and still have guarantees we're not being tracked or stored on any unless we violate explicit rules we pre-agree to and are enforceable by our lawyers. ZK makes explicit data custody rules the norm, rather than it all just flowing up to whatever behemoth silently owns us all.
Explain how the plastering of streets with cameras can be done in a privacy-preserving way?
Well it could. Laws that simply ban any public-facing camera from doing anything except write to encrypted storage, which can only be opened with a court warrant.
I know laws are boring and tech is exciting, but sometimes there's no technological solution to a societal problem. Good old laws, police, fines, prison, is all you need.
First let me clearly state that I appreciate the amount of thought you guys are putting into creating better systems that have high privacy guarantees. I concede to you, that in some situations, your system leads to better privacy.
But I don't look at this on a purely technological level. These identity-based systems are instruments of control. Right now everything is still in flux with how these tools will be used and how accessible they are to the general population and the many minorities therein. I simply don't trust our politicians to do the right thing short-term and long-term. The establishment of the GDPR has been a major victory for better privacy legislation and now the Commission wants to hollow it out. The Commission also wants chat control to increase the amount of mass surveillance in Europe.
There is a potential future, where we all win. But I am highly skeptical, that in the current political climate, we will end up there.
ZK proof can't solve the TOCTOU problem.
No one would be foolish enough to trust their government nor the EU. You should be ashamed of working for such "people". Thanks for helping implementing a surveillance state.
You don't have to trust your government to employ them, the key is to bake in and maintain rigorous checks and balances, demand transparency, routinely audit and fire people for corruption, etc.
For me it is disqualified for usage because I need to buy into a Google or Apple ecosystem. At least the reference implementation does. This is just the next level of enshitification. And no, I don't need a digital blockwart at all.
And I have zero illusion privacy is compromised, it is trivial to identify devices these days, so it doesn't even work technically.
Next sentence we hear some empty bickering about digital sovereignty. This is all bullshit.
We support F-droid, so you could get a degoogled android version and use that to load the app on your phone. The app could also be ported to other platforms, but right now there is really no market for it.
That sill forces me into a Google ecosystem. F-Droid is better than the Play Store, but issues remain.
There is certainly a market for desktop OS as well. This creates a market for freedom.gov, shady as it is.
Good luck finding the single government in the world that actually wants that, rather than it being a pretext for control that is too sweet to pass up. If you manage to find them, post an article on HN about it as top places to move to.
The system you're describing is good for the masses, not for those with power.
The requirement to use google or apple services is a deal breaker. If I can't verify my age using an EU wallet without having an account with a US tech company what is the point of any of this?
Where can we learn more about your architecture?
Someone brought up the need for device attestation for trust purposes (to avoid token smuggling for example). That would surely defeat the purpose (and make things much much worse for freedom overall). If you have a solution that doesn't require device attestation, how does that solve the smuggling issue (are tokens time-gated, is there a limit to token generation, other things)?
We do not require an attestation and things like token smuggling is still a problem we need to solve. We have a system that prioritizes unlinkability. So an issuer cannot track the attribute they give you. And a verifier cannot link multiple disclosures with the same attribute. This privacy really helps things like token smuggling however. Time-gated tokens may increase the difficulty, but will probably not make it impossible. Making it illegal to verify someone else's qr codes could also help of course.
It's this I believe: https://www.w3.org/TR/vc-data-model-2.0/
A Verifiable Credential fundamentally doesn't solve the problem of "sharing", "smuggling". All it takes is one verified adult to "leak" their VC somewhere, and millions of underage people would be able to use it to "prove" they are over 18.
This would only work with something like MS TPM 2 / Apple Secure Enclave (device attestation), which is anti-freedom by design. I was curious if they found a way around that (maybe with time/rate limits, or some actual useful use of blockchain tech).
You could use an oblivious pairwise pseudonym, and then you do not require hardware attestation. But that does essentially limit one ID to one account per service.
Lmao how is the Secure Enclqve anti-freedom?
Besides the privacy argument (the claim that the UID can't be used for tracking via derivation is shaky at best, and not much different than MS's EK), there is the freedom argument: as in, who owns the device - the user, or Apple?
If Apple can remotely lock the device that an user bought mistakenly (for example because some corporation somewhere fat-fingers some entries), that fundamentally means the user doesn't own the device they bought and paid for. Add on top DRM and all the other evil that comes along with attestation.
Plus, you can still disable TPM2 (if you don't want to run Windows on your machine), you can never disable Apple's implementation.
I'd like to add we are discussing communication over the internet. It is an open standard. I should be allowed to build my own pcb without a secure element and talk to anyone over http so long as I am abiding by the correct rfcs.
Comment was deleted :(
[dead]
Yeah, but how to convince investors that trusting the government-issued ID is good enough? /s
> As long as you trust the government…
You should never trust the government
Age verification is very hard, because parents will give their children their unlocked account, and children will steal their parents' unlocked account. If that's criminalized (like alcohol), it will happen too often to prosecute (much more frequently than alcohol, which is rarely prosecuted anyways). I don't see a solution that isn't a fundamental culture shift.
If there's a fundamental culture shift, there's an easy way to prevent children from using the internet:
- Don't give them an unlocked device until they're adults
- "Locked" devices and accounts have a whitelist of data and websites verified by some organization to be age-appropriate (this may include sites that allow uploads and even subdomains, as long as they're checked on upload)
The only legal change necessary is to prevent selling unlocked devices without ID. Parents would take their devices from children and form locked software and whitelisting organizations.
I don't understand how this is any better.
It's my job as a parent (and I have several kids...) to monitor the things they consume and talk with them about it.
I don't want some blanket ban on content unless it's "age appropriate", because I don't approve that content being banned. (honestly - the idea of "age appropriate" is insulting in the first place)
Fuck man, I can even legally give my kids alcohol - I don't see why it's appropriate to enforce what content I allow them to see.
And I have absolutely all of the same tools you just discussed today. I can lock devices down just fine.
Age verification is a scam to increase corporate/governmental control. Period.
You should be able to choose what's age-appropriate for your kids. Giving them access to e.g. "PG-13" media when they're 9 isn't the problem. Giving mature kids unrestricted access isn't a problem. The problem is culture:
- Many parents don't think about restricting their kids' online exposure at all. And I think a larger issue than NSFW is the amount of time kids are spending: 5 hours according to this survey from 2 years ago https://www.apa.org/monitor/2024/04/teen-social-use-mental-h.... Educating parents may be all that is needed to fix this, since most parents care about their kids and restrict them in other ways like junk food
- Parents that want to restrict their kids struggle with ineffective parental controls: https://beasthacker.com/til/parental-controls-arent-for-pare.... Optional parental controls would fix this
> Parents that want to restrict their kids struggle with ineffective parental controls: https://beasthacker.com/til/parental-controls-arent-for-pare.... Optional parental controls would fix this
I don't think they will, and this is because there's an inherent conflict of interest from these large tech companies about actually protecting my kids.
To be blunt: They don't give a fuck, they make money. They will pick money over kids EVERY time.
My current answer is that absolutely none of my children are allowed anywhere near these devices. Mandating shitty age verification laws isn't going to somehow make these companies act responsibly... it's just going to drive alternatives that are actually respectful out of business with additional legislative burden, while Google and Apple continue to act irresponsibly and unethically.
Further - it continues to enshrine the idea that parent's aren't responsible for their kids (see your first point)... The parents that are already neglecting this space will point to laws like this and go "look, the government is doing this for me!". Which is exactly wrong, and exactly what these companies want parents to think (again - the alternative, that parents actually engage and realize just how fucking morally bankrupt these bastards are, hurts bottom lines)
If you want change - remove the damn duopoly. Break them up. Force open markets. Force inter-compatibility.
This is not rocket science. This is basic political science we've known about for literally hundreds of years, the only difference is that our government in the US has been fucking useless because of regulatory capture (of which this will worsen) and the perceived national security & economic value of "owning" the tech stack used internationally.
"Security" when used in these contexts has very little to do with protecting you, or me, or our kids. It has a whole lot to do with protecting corporate bottom lines and governmental control.
Part of the issue with phones is that they are already controlled by the Google/Apple duopoly, and hence heavily optimized for constant distraction and addiction. These laws only cement that duopoly and provide fewer means to build more friendly platforms.
While I don't appreciate the implementation of "security" generally involving monopolization, I think it's important to note that you only need age verification for things that are irrelevant to children. In fact the entire point is to exclude children. So a non-Google/Apple device is still perfectly usable for them if (or even specifically because) it cannot pass age verification/attestation. Really the main concern should be use of attestation for banking/government stuff.
> Parents that want to restrict their kids struggle with ineffective parental controls: https://beasthacker.com/til/parental-controls-arent-for-pare.... Optional parental controls would fix this
Did you mean "mandatory" parental controls? All current systems are optional and as you describe they are frequently ineffective, so not clear why keeping things like they are would be different.
The current systems are not ineffective because they’re optional, they could be more effective and stay optional.
I also don’t mean “mandatory” as in “the software manufacturer must implement parental controls” like the Colorado bill. There only needs to exist one decent operating system, one decent messaging service, etc. with good parental controls; parents can use those technologies and block the others. Although regulators could pressure specific popular platforms like YouTube, and maybe that would be fine, I think it would be better to incentivize and support add-ons or alternatives (e.g. kid-safe YouTube frontend).
> Fuck man, I can even legally give my kids alcohol - I don't see why it's appropriate to enforce what content I allow them to see.
In the USA it depends on the state. Federal guidelines for alcohol law does suggest exemptions for children drinking under the supervision of their parents, but that's not uniformly adopted. 19 states have no such exceptions, and in many of the remaining 31, restaurants may be banned from allowing alcohol consumption by minors even when their parents are there.
You're assuming that this person is in the US. Alcohol is treated far more liberally in other places. For example, in some places it is legal for restaurants to serve alcohol to minors who are accompanied by a parent...
Another thing: I fundamentally disagree with certain age rarings for kids content. Some explicit violence is rated OK for young audiences, but insert a swear word or a some skin and the age rating is bumped up? This rating system is nonhelp at all. I have to review each bit of content anyway before I can be certain.
Starting a comment with "In the USA..." is the exact opposite of assuming a person is in the US.
If you are from the US, it might sounds like it's the opposite, because you are so used to assuming everything is about the US unless stated otherwise
> I don't want some blanket ban on content unless it's "age appropriate"
I'm currently struggling with FitBit. Since about the start of the year, my kids can no longer sync their watches to their phones. The "solution" is to completely disable all parental controls on their Google accounts.
I was going to recommend the Gadgetbridge app, but it seems to have little or no support for Fitbit. I does support hundreds of devices, though. I used it extensively with a Mi Band 3, but have yet to try it with my Garmin.
Your kids can’t buy alcohol though. If you want to unlock your phone and let your kids read smut then more power to you. Age gates do not and never will stop that. But I sure as hell don’t want companies selling porn to 5 yr olds.
this seems to be an issue of being able to be a parent, period.
yup we should all be able, to talk to our kids instead of screaming at them.
The law is there to protect children in the case they have absent/neglectful parents. Unfortunately not every child has a parent as aware as you.
And to prevent companies from targeting children inappropriately.
People angrily replying to the top comment on this article are going to be pissed when they find out about this guy.
> Age verification is very hard, because parents will give their children their unlocked account, and children will steal their parents' unlocked account
More simply: If ID checks are fully anonymous (as many here propose when the topic comes up) then every kid will just have their friends’ older sibling ID verify their account one afternoon. Or they’ll steal their parents’ ID when they’re not looking.
Discussions about kids and technology on HN are very weird to me these days because so many commenters have seemingly forgotten what it’s like to be a kid with technology. Before this current wave of ID check discussions it was common to proudly share stories of evading content controls or restrictions as a kid. Yet once the ID check topic comes up we’re supposed to imagine kids will just give up and go with the law? Yeah right.
Circumventing controls as a kid is what taught me enough about computers to get the job that made college affordable (in those days you could just boot windows to a livecd Linux distro and have your way with the filesystem, first you feel like a hacker, later the adults are paying you to recover data).
If we must have controls, I hope the process of circumventing them continues to teach skills that are useful for other things.
The older sibling should be old enough to know better. Or if they're still a kid, they can have their privileges temporarily revoked.
This problem probably can't be solved entirely technologically, but technology can definitely be a part of solving it. I'm sure it's possible to make parental controls that most kids can't bypass, because companies can make DRM that most adults can't bypass.
> The older sibling should be old enough to know better.
This is exactly what I meant by my above comment: It’s like the pro-ID check commenters have become completely disconnected from how young people work.
Someone’s 18 year old sibling isn’t going to be stopped by “should know better”. They probably disagree with the law on principal and think it’s dumb, so they’re just helping out.
True, hence the culture shift is necessary.
But imagine if a locked device was treated like alcohol. Most kids get access to alcohol at some point despite it being illegal, often from older siblings, and rarely with legal consequences for the adult. But it's much less of an issue, because most kids don't get it consistently. Furthermore, "good" kids understand that it's bad, and even some "bad" kids understand that they must limit themselves.
> "culture shift is necessary"
Is it though? When older sibling helps younger sibling with "accessing Steam", or something reasonable like that, even the most sensible and thoughtful older sibling won't be interested in "culture shifts" that block gaming fun.
The alcohol and seatbelt analogies try to elevate equivalence, but miss the mark by a lot. Even one drop of alcohol is obviously not suitable for underage. No seatbelt increases risk no matter your age. "Social media" exposure for the young person is often completely fine and full of "young person" content and activity.
>Or if they're still a kid, they can have their privileges temporarily revoked.
Since people are already talking about using the law instead of parenting this needs clarification. Are the parents the one that would revoke their privileges or the government?
The parents. They're the ones who configure the parental controls. e.g. if their 15-year old gets caught sharing his device with their 7-year old, they can temporarily give him 7-year old permissions as punishment.
> If ID checks are fully anonymous (as many here propose when the topic comes up) then every kid will just have their friends’ older sibling ID verify their account one afternoon.
Exactly the same way that kids used in former days to get cigarettes or alcohol: simply ask a friend or a sibling.
By the way: the owners of the "well-known" beverage shops made their own rules, which were in some sense more strict, but in other ways less strict than the laws:
For example some small shop in Germany sold beverages with little alcohol to basically everybody who did not look suspicious, but was insanely strict on selling cigarettes: even if the buyer was sufficiently old (which was in doubt strictly checked), the owner made serious attempts to refuse selling cigarettes if he had the slightest suspicion that the cigarettes were actually bought for some younger person. In other words: if you attempted to buy cigarettes, you were treated like a suspect if the owner knew that you had younger friends (and the owner knew this very well).
Probably will limit to one device per person, to save the children, so we won’t share with others.
(So you need to keep all your stuff into one device to be fully tracked easily. And have no control over your device, share your location… )
More simply: If ID checks are fully anonymous (as many here propose when the topic comes up) then every kid will just have their friends’ older sibling ID verify their account one afternoon. Or they’ll steal their parents’ ID when they’re not looking.
Digital ID with binary assertion in the device is an API call that Apple's app store curation can ensure is called on app launch or switch. Just checking on launch or focus resolves that problem. It's no longer the account being verified per se, it's the account and the use.
Completely agree. The internet works differently than how people want it to, and filtering services are notoriously easy to bypass. Even if these age-verification laws passed with resounding scope and support, what would stop anyone from merely hosting porn in Romania or some country that didn't care about US age-verification laws. The leads to run down would be legion. I think you could seriously degrade the porn industry (which I wouldn't necessarily mind) but it would be more or less impossible to prevent unauthorized internet users from accessing pornography. And of course that's the say nothing of the blast radius that would come with age-verification becoming entrenched on the internet.
> what would stop anyone from merely hosting porn in Romania or some country that didn't care about US age-verification laws
A government could implement the equivalent of China's great firewall. Even if it doesn't stop everyone, it would stop most people. The main problem I suspect is that it would be widely unpopular in the US or Europe, because (especially younger) people have become addicted to porn and brainrot, and these governments are still democracies.
That isn’t necessary because porn companies don’t exist to gift orgasms, but to make money. They need US citizens to pay them for premium content and subscriptions, and that dependency means they’ll have to comply with US laws.
Plenty of porn exists for free, posted online by models or digital artists. It's archived in places that circumvent copyright, don't require payment or accounts, and are easily accessible.
Sure: models need to advertise to find buyers too, but there's certainly not as many models or rehosts if there's no money to be made anywhere.
pornography is not a profitable industry. even famous participants like 'mia khalifa' only made GBP9.5k (USD 12.8k) lifetime earnings. The average onlyfans has about 21 fans, with an average subscription price of $7.20.
the future of the industry is probably ai slop, personalised ai, and so on
one of the purposes of the porn industry in 00s was money laundering: cash only, large stores with no CCTV, very sparse records, not possible to objectively value why a dvd was being sold for $85
The industry is profitable .. the onlyfans founder is now worth circa $8 billion.
Being grist in the mill of that industry, however, only leads to being ground up for the consumption of others.
The words of someone who does not actually look at pornography. The vast majority of pornography-by-consumption is free / ad-supported. Customers are not "paying" and those ads are usually the bottom of the barrel with regard to sleaziness or legality.
It’s still just a sales funnel for ads or subscriptions. Why do you think porn sites exist?
> A government could implement the equivalent of China's great firewall. Even if it doesn't stop everyone, it would stop most people.
Porn is not just political information about human right abuses, government overreach or heavily censored overview of concentration camps for "group X". People can live just fine with government censorship buying into any kind of propaganda.
Kids would find a way to access porn though. Whatever it VPNs, tor or USB stick black market. Government cant even win war on drugs and you expect them to successfully ban porn. What a joke.
It's as easy as parents keeping the default router password, a kid logging in and then setting up port forwarding to a device on a port that they're running a server on, tied to their current residential ip, and then pinging their friends that ip and allowing them all to connect and download whatever files or upload whatever files. The peer-to-peer network could really start establishing itself in ephemeral and very hard to track ways. All you need is one kid with access to a vpn to torrent without copyright concerns to seed the network. Or one kid to get its parents to buy a domain and use that as an anchor so that the dns to ip is set behind the scenes for the peers.
Even China hasn't been remotely successful at banning porn, and it already has the great firewall and porn is illegal there.
eh... they are more like `dumbocracies` with these measures. None of this is to protect children. Except to satisfy rabid parents who think the world needs to serve them.
It’s very odd to hear you complain about age verification but then be fine with ruining the porn industry
Age verification has always been about normalization of it, and about mitigating snow flake blame.
- I always give my children unlocked devices, because I know what they are doing
- Internet is not a safe space, and there will always be means of circumventing protections. Age verifications do not protect anybody
- Parents do not want to 'rise children' they give phones to kids and expects youtube to show kids only good stuff. They expect this from platform
The only needed culture shift is everyone should realize that it's ultimately the parents/teachers' duty to educate the kids.
If parents think it's okay for their kids to use Facebook/X/whatever somehow responsibly, they should not be punished or prosecuted for that. Yes, I do believe it applies to alcohol too.
It's how it works in physical world. We let the parents to decide whether hiking/swimming/football/walking to the school are too dangerous for their kids. We let the parents to decide which books are suitable for their kids. But somehow when it comes to the internet it's the government's job. I can't help but think there is an astroturf movement manufacturing the consent rn.
Just a personal anecdote from my life - I have set up Youtube account for my kid with correct age restrictions (he is 11). Also this account is under family plan so there are no ads.
My kid logs out of this account so he can watch restricted content. I wonder - what is PG rating for logged out experience?
> If there's a fundamental culture shift,
You mean this culture shift is needed for the masses but I don't think that's the case. In my widest social circle I am not aware of anyone giving alcohol to young kids (yes by the time they are 16ish yes but even that's rare). Most guardians would willingly do similar with locked devices.
The real problem is that the governments/companies won't get to spy on you if locked devices are given to children only. They want to spy on us all. That's the missing cultural shift.
> Most guardians would willingly do similar with locked devices.
Considering the echo chamber in which I was at school, my friends would have simply used some Raspberry Pi (or a similar device) to circumvent any restriction the parents imposed on the "normal" devices.
Oh yes: in my generation pupils
- were very knowledgeable in technology (much more than their parents and teachers) - at least the nerds who were actually interested in computers (if they hadn't been knowledgeable, they wouldn't have been capable of running DOS games),
- had a lot of time (no internet means lots of time and being very bored),
- were willing to invest this time into finding ways to circumvent technological restrictions imposed upon them (e.g. in the school network).
The kids in your social circle are used to not having access to alcohol, but they're not used to not having access to social media.
Hypothetically, if every kid in your social circle had their device "locked", the adults would probably have a very hard time the kids away from their devices, or just relent, because the kids would be very unhappy. Although maybe with today's knowledge, most people will naturally restrict new kids who've never had unrestricted access, causing a slow culture shift.
And we need a standard where websites can self-rate their own content. Then locked devices can just block all content that isn't rated "G" or whatever.
I imagine there would be a set of filters, including some on by default that most adults keep for themselves. For example, most people don't want to see gore. More would be OK with sexual content, even more would be OK with swear words, ...
Wrong incentive. If you don’t give a shit about exposing children to snuff or porn, but do give a shit about page views and ad revenue, you obviously don’t rate your content or rate it as G to increase that revenue.
So kids can drive at 16. But can’t get access to an unlocked phone until their 18? Who gets to decide the whitelist? The government?
I never specified age.
The whitelist would be decided by the market: the parents have the unlocked device, there are multiple solutions to lock it and they choose one. Which means that in theory, the dominant whitelist would be one that most parents agree is effective and reasonable; but seeing today's dominant products and vendor lock-in...
Similar to alcohol, the system doesn't prevent all underage access
> I don't see a solution that isn't a fundamental culture shift.
What shift?
I mean look, there's a point where the manufacturers back off and entrust the parents.
Any parent can be reckless and give their children all kinds of things - poison, weapons, pornographic magazines ... at some point the device has enough protective features and it is the parents responsibility.
Digital media use is easier to conceal than weapons. My parents did not protect me from it growing up because they were not responsible, and I was harmed as a result. To this day they still do not realize I was harmed, because I did not tell them and we are not on speaking terms. Trying to be honest would have resulted in further rejection from them. This was on a personality level and I had no way to deal with this as a developing human.
I could not control how my parents were going to raise me, I was only able to play with the hand I was dealt. I hate the idea that parents are sacrosanct and do not share blame in these situations. At the same time, if this is just the family situation you're given and you're handed a device unaware of the implications, who is going to protect you from yourself and others online if your parents won't? Should anyone?
>parents will give their children their unlocked account, and children will steal their parents' unlocked account.
I think either is better than the staus quo. In the first case the parent is waiving away the protections, and in the second the kid is.
Even if a kid buys alcohol, I think it's healthier that they do it by breaking rules and faking ids and knowing that they are doing something wrong, than just doing it and having no way to know it's wrong (except a popup that we have been trained by UX to close without reading (fuck cookie legislation))
That would be the status quo if we had better parental controls.
Trying to enforce parental controls via regulation may only be as effective as Europe enforcing the DMA against Apple. But maybe not, because there's a huge market; if Apple XOR Android does it, they'll gain market share. Or governments can try incentive instead of regulation (or both) and fund a phone with better parental controls. Europe wants to launch their own phone; such a feature would make it stand out even among Americans.
Prove of adulthood should be provided by the bank after logging into a bank account. I'm sure parents just would let their bank details be stolen and such.
Of course no personal details should be provided to the site that requests age confirmation. Just "barer of this token" is an adult.
The "Bank identity" system in Czech Republic (and likely other countries) can be used to log into to various government services. The idea is that you already authenticated to the bank when getting the account, so they can be sure it is really sou when you log in - so why not make it possible for you to log in to other services as well if you want to ?
> The "Bank identity" system in Czech Republic (and likely other countries) can be used to log into to various government services.
In Poland we have the same setup.
So we trust a bank more than the government that they won’t extend this to earn more money by disclosing more information? Bad idea. You need a neutral broker.
AFAIK today if you buy a device, the bank doesn't get the device-unique identifier, at best it sees the model number.
Verifying identity works best when the stakes are high. And there are highest in online banking.
Yes we need a fundamental shift where sharing of parent accounts is akin to atleast some sort of infraction or maybe even a misdemeanor.
This could help, but without the culture shift, way too many parents will intentionally and unintentionally break that law.
Just remove "parent" and "account" from the mix and all these. Tie the screen to the human and most of these challenges go away. This is what is trying to be achieved with these laws, so we may as well institute it that way.
Shouldn't it be done at the account level if you're going to do this? I am an admin. My kids have a non admin account. That seems pretty normal.
BTW this is a terrible idea. What if I can afford only one computer but have a household of four?
I actually don't hate this??? As long as parents can set up their own whitelists and it's not up to the government to have the final say on any particular block.
Parents can do this today if they wanted to
The problem of "kids accessing the Internet" is a purposeful distraction from the intent of these laws, which is population-level surveillance and Verified Ad Impressions.
Today, in practice it's not a choice, because even the most attentive parents fail to block internet access. Parental controls are ineffective, and all the kid's friends have access so they become alienated. https://beasthacker.com/til/parental-controls-arent-for-pare...
But laws alone won't fix this, and laws aren't necessary (except maybe a law that prevents kids from buying phones). In the article, the child's devices had parental controls, but they were ineffective. There's demand for a phone with better parental controls, so it will come, and more parents are denying access, so their kids will become less alienated.
That is actually a very good solution that is respecting privacy. And is much more effective than asking everyone for ID when opening a website or app.
How does this solve the problem at all? You're just making more problems. Now you have to deal with a black market of "unlocked" phones. You're having to deal with kids sharing unlocked phone. Would police have to wal around trying to buy unlocked phones to catch people selling them to minors? What about selling phones on the internet, would they check ID now?
SOME parents give their children access to their ID. That is NOT the same as ALL parents, and therefore is not a reason not to give those parents a helping hand.
Even just informing children that they're entering an adult space has some value, and if they then have to go ask their parents to borrow their wallet, that's good enough for me.
It would not be solved without a culture shift. But with a culture shift, giving a kid an unlocked device would be as rare as giving them drugs.
I'm sure it will occasionally happen. But kids are terrible at keeping secrets, so they will only have the unlocked device for temporary periods, and I believe infrequent use of the modern internet is much, much less damaging than the constant use we see problems from today. A rough analogy, comparing social media to alcohol: it's as if today kids are suffering from chronic alcoholism, and in the future, kids occasionally get ahold of a six pack.
What if my kids want to follow nand 2 tetris or build their own custom os from a Linux fork?
> It would not be solved without a culture shift. But with a culture shift, giving a kid an unlocked device would be as rare as giving them drugs.
You understand that to many people that is a very obvious reason why we should never do this and they do not want that culture shift, right?
Doesn't the proposal as it's being implemented in the EU solve the problem under the exact same argumentation? Why are you dismissing a one proposal to then make your own that has exactly the same probable challenges?
Definitively we should have constant verification of the current user with Face ID or similar tech. Every 5 minutes of usage, your camera is activated to check who’s using your phone and validates it. So much secure and safe. /s
This is Nirvana/Perfect Solution fallacy. That's like saying limiting smoking to 18 y/o was futile because teenagers could always have some other adult buy them cigs, or use fake IDs.
Ridiculous take.
Well, age verification is the "we have to do something about this nebulous problem even if the best thing we can think of actually makes everything worse for everyone but it makes us feel better" fallacy, which is equally ridiculous.
No, it's not the same. There are anonymous solutions that solve this problem that are perfectly acceptable. Not perfect for prevention, but a good compromise nonetheless. Like cig/alcohol underage consumption prevention.
There is no such thing as anonymous age verification in practice.
I think we totally disagree on the degree of how much this is actually a problem compared to how much we're willing to invest in it. Those anonymous solutions are fairly idealistic and Nirvana-esque themselves, I don't think they'd see wide adoption. Beyond that I'm firmly in the camp that age verification for the kids is a complete smokescreen for the actual intent of these efforts, which is more surveillance, so on principal I'm opposed to any movement in this direction and doubt we'll find common ground.
Yeah, sure, no matter the studies, no matter the developmental indices, ni matter the WHO, no matter the psychologists. Let's also talk about climate change and how it's up for debate?
We don't disagree on whether it is actually a problem, you just have your opinion about facts.
We are arguing different things. I have never stated "psychological effects of the Internet aren't real and therefore this discussion is moot." My argument is "psychological effects or not (and personally I think they are overplayed), the privacy tradeoff of trying to fix them is not worth it (and I doubt any vague gestures in the direction of age assurance would help)." You are focusing on the first parenthetical but the important part is outside it.
We also have no way to actually measure this even if we wanted to do an experiment. So comparing this very soft science to climate change is a bit out of pocket.
> We also have no way to actually measure this even if we wanted to do an experiment.
Sorry, WHAT? No way to measure it? My god, are we talking about the same thing? Are you sure you haven't missed past 12-24 months of increased reporting on the matter from several different angles, from cognitive skills, anxiety, sexual drive, and so on?
EOT for me.
I'm saying that, in today's culture, age-gating the internet is likely to be much less effective than age-gating alcohol or tobacco. Most kids spend an appalling amount of time on social media (think, 5 hours/day*); most kids didn't spend this much time or invest this much of their lives into drugs.
* according to this survey from over 2 years ago: https://www.apa.org/monitor/2024/04/teen-social-use-mental-h...
not saying that I support age verification in any form, but you seen the vape sales?
I like to believe that, even with the amount of kids vaping, there aren't nearly as many as kids on social media.
To give perspective: in my high school, there were a few kids who vaped in bathrooms, but the majority (including me) did not; we were told many times that it was unhealthy, and anyone caught vaping would be suspended. Everyone I know (including me) had social media, we were not told it was unhealthy (only to not use it too much, not give out PII, avoid bullying, etc.), and it wasn't even policed in some classrooms.
For the smoking analogy to fit, you'd have to have parents giving their children packs of cigarettes to play with and then being mad at Marlboro they figured out how to smoke them.
When I was a kid, my parents installed Net Nanny on our home computer. I installed a keylogger. No more Net Nanny; lots more EverQuest.
I don't like age verification in general, for anything. The age gates in our society are very subjective.
Many times my Dad would buy alcohol at the grocery store w/ me (underage) in tow, but they never asked for my ID or refused to sell to him. Now, when I go buy alcohol as an adult with my wife (we are both in our mid-late 30s) they ask to see her ID as well as mine? If she leaves her ID at home then she has to wait in the car because they will refuse the sale if she comes into the store and cannot prove her age.
Buying a case of beer with a group of 8 year olds? No problem. Bottle of wine for you and your wife? Let me get both IDs.
> When I was a kid, my parents installed Net Nanny on our home computer.
Putting up artificial walls is inviting someone to look behind them.
Back in 1999 I was attending a city university and their computer labs were a mix of older Pentium machines running Windows 98 secured by netnanny. They disabled floppy booting in the BIOS and password protected it. Thing is, the old Dell cases were real easy to pop open and pull the CMOS battery out. That killed the BIOS password so I was able to floppy boot the machine and rename netnanny.exe to nutnanny.exe and Win 98 ran unimpeded. When I was done I would rename the exe, reboot and go on about my day. Nice try, uni admins.
The US is strange about alcohol.
I remember plenty of times in my early 20s buying alcohol and they wanted to see the ID of everyone waiting on my car.
In Australia you buy alcohol at the drive through. One person is 18 and you’re good.
We'll try everything, it seems, other than holding parents accountable for what their children consume.
In the United States, you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using, yet somehow, the same social responsibility seems thrown out the window for parents and the web.
Yes, children are clever - I was one once. If you want to actually protect children and not create the surveillance state nightmare scenario we all know is going to happen (using protecting children as the guise, which is ironic, because often these systems are completely ineffective at doing so anyway) - then give parents strong monitoring and restriction tools and empower them to protect their children. They are in a much better and informed position to do so than a creepy surveillance nanny state.
That is, after all, the primary responsibility of a parent to begin with.
I know this is weird, but I'm in some ways not really sure who is on the side of freedom here. I get your position, but like. The whole idea of the promise of the internet has been destroyed by newsfeeds and mega-corps.
There is almost literally documented examples of Facebook executives twirling their mustaches wondering how they can get kids more addicted. This isn't a few bands with swear words, and in fact, I think that the damage these social media companies are doing is in fact, reducing the independence teens and kids that have that were the fears parents originally had.
I dunno, are you uncertain about your case at all or just like. I just like, can't help but start with fuck these companies. All other arguments are downstream of that. Better the nanny state than Nanny Zuck.
> I just like, can't help but start with fuck these companies. All other arguments are downstream of that.
The solution would then be to break them up or do things like require adversarial interoperability, rather than ineffective non-sequiturs like requiring them to ID everyone.
The perverse incentive comes from a single company sitting on a network effect. You have to use Facebook because other people use Facebook, so if the algorithm shows you trash and rage bait you can't unilaterally decide to leave without abandoning everyone still there, and the Facebook company gets to show ads to everyone who uses it and therefore wants to maximize everyone's time wasted on Facebook, so the algorithm shows you trash and rage bait.
Now suppose they're not allowed to restrict third party user agents. You get a messaging app and it can send messages to people on Facebook, Twitter, SMS, etc. all in the same interface. It can download the things in "your feed" and then put it in a different order, or filter things out, and again show content from multiple services in the same interface, including RSS. And then that user agent can do things like filter out adult content, if you want it to.
We need to fix the actual problem, which is that the hosting service shouldn't be in control of the user interface to the service.
Indeed "Interoperability" is what would hurt social media giants the most - Cory Doctorow recently held an excellent talk where he stated that back in the early 00s Facebook (and others) used interoperability to offer services that allowed to interact, push and pull to mySpace (the big dog back then) to siphon off their users and content. But once Facebook became the dominant player, they moved to make the exact tactics they used (Interoperability and automation) illegal. Talking about regulatory capture ...
> ineffective non-sequiturs like requiring them to ID everyone.
Is that really a non-sequitur though? Cigarettes are harmful and addictive so their sale is age gated. So too for alcohol. Gambling? Also yes. So wouldn't age gating social media be entirely consistent in that case?
Not that I'm necessarily in favor of it. I agree that various other regulations, particularly interoperability, would likely address at least some of the underlying concerns. But then I think it might not be such a bad idea to have all of the above rather than one or the other.
If I went to the store and asked for a pack of cigarettes, I show my ID (well, I would if I was carded, but I'm no longer carded :)) and the clerk looks at it, maybe scans it, then takes my money.
If I try to go to an adult website, or even just a discord server with adult content, I need to upload my ID. And now there's numerous third parties who now are looking at my ID, and I have no idea if I can trust them with my info. Indeed, I probably can't, given how many of them have already been breached.
Of all the people, PornHub actually has a pretty good write-up on this (1) (2), and they refer to "device-based" age verification, where you verify your identity once to say, Google or whoever. Then your device proves your age. Fewer middlemen. One source of truth.
I am not against age verification. I am against the surveillance state.
(1) https://www.pornhub.com/blog/age-verification-in-the-news
(2) https://www.xbiz.com/news/281228/opinion-why-device-based-ag...
> they refer to "device-based" age verification, where you verify your identity once to say, Google or whoever. Then your device proves your age. Fewer middlemen. One source of truth.
This is still an absurdity. You don't need the device to prove the age of the user to the service, you need the service to provide the age restriction of the content to the device. Then the device knows if the user is an adult or a kid and thereby knows whether to display the content, and you don't need Google to know that.
Major porn sites already send an RTA header. Social media could be required to do similar. However I think part of the concern here is that many parents don't bother to restrict things. So the question is if we want filtering similar to alcohol where minors aren't permitted to possess it, or similar to porn where the decision is left up to parents.
IRL
> If I went to the store and asked for a pack of cigarettes
online
> and I have no idea if I can trust them with my info
Why did you trust how your ID was scanned (if carded)?
With security cameras present, where did that scanned data end up?
nit: the Discord ID verification hasn't rolled out yet has it?
No, I believe it's next month though.
> Is that really a non-sequitur though?
You have something (human communication) which is not intrinsically harmful -- indeed it is intrinsically necessary -- but has been made harmful on purpose. That is very much unlike those other things, where the harm is in their very nature and isn't prevented by the provider just not being a schmuck on purpose.
That makes age gating a farce, because kids need to be able to communicate with other people, but you would end up in one of these scenarios, each of which is inane: 1) Providers all put up age restrictions and meaningfully enforce them and then teenagers are totally prohibited from communicating over the internet. 2) Providers all put up "age restrictions" which teenagers bypass in ten seconds and the whole thing is a pointless fraud. 3) You try to separate places for kids from places for adults, but then either a) Adults prefer adult spaces where they're not censored, so they congregate there and those spaces get the network effect, and then teens have to sneak in even if they're not looking for adult content because that's where the bulk of all content is, or b) Nobody likes to show ID even if they're an adult so adults congregate in the least restrictively moderated space where they don't have to show ID, and that space gets the network effect. Then to the extent that they censor, they're censoring the adults which is the thing that wasn't supposed to happen, and to the extent that they don't censor, you have a "kid space" that contains adult content.
It's a trash fire specifically because there's a network effect, which is an aggregating force causing adults and kids to be in the same space so they can communicate with each other. Then the space with the network effect would either have to censor the adults even though they can't leave because of the network effect, or not censor the adults and then have adult content in the space the kids have to be because of the network effect.
The way you fix this is not by trying to separate the kids ad adults into separate networks, it's by tagging specific content so the client device can choose not to display adult content if they're a kid. Which also solves the privacy issue because you don't have to provide any ID to the service when the choice of what content to display happens on the client and the service is only tasked with identifying the content.
> ... start with fuck these companies. Better the nanny state than Nanny Zuck.
I'm not sure how those two positions connect.
Execs bad, so laws requiring giving those execs everyone's IDs, instead of laws against twirled mustaches?
these are just bad arguments all around, including gov't with this upload id crap. Why aren't we making internet 18+? The only unrefutable answers I get are just downvotes which is ok I guess, sort of validates my point because there's no reason for kids to get unrestricted internet access and downvotes are easy.
How well would anything like that work in practice?
First of all, would we restrict all internet access, or just access to certain known sites and VPNs, letting everything else through because it's too insignificant even if it technically might merit being blocked for kids? I don't think a global internet block for minors is a good idea.
On wired internet, restricting access for devices that aren't clearly tied to individual users is problematic. Imposing age verification overhead on anyone who runs a network is unacceptable and unworkable. Locking non-mobile devices to individual users, in order to have mandatory software that blocks or sends age signals to the ISP, is also unacceptable and unworkable.
For mobile devices, maybe. There's a privacy problem if it's required for sim cards to be paid using credit cards, but if we do that, or if that's already effectively the case, I think it's fair that anyone who has an active credit card should be permitted on the "adult" internet. For multi-line accounts, we could make it a crime for the account holder to misrepresent age of the user of a line, i.e. to claim they're an adult when they're really a minor. Not very different from minors and cigarettes. It's not universally illegal for a parent to supply them, but it is in some places, and it should be.
I posted my plan forward but essentially kids get a whitelist at best. For example, a kid friendly access device allows a network connection to a vpn server certified safe for kids and then take it from there with whitelisted destinations. Blacklists are just whackamoles.
Comment was deleted :(
> I just like, can't help but start with fuck these companies. All other arguments are downstream of that. Better the nanny state than Nanny Zuck.
Wild times when we're seeing highest voted Hacker News commenters call for the nanny state.
If you're thinking these regulations will be limited to singular companies or platforms you don't use, there is no reason to believe that's true.
There was already outrage on Hacker News when Discord voluntarily introduced limited ID checks for certain features. The invitations to bring on the nanny state reverse course very quickly when people realize those regulations might impact the sites they use, too.
A lot of the comments I'm seeing assume that only Facebook or other platforms will be impacted, but there's now way that would be the case.
I don't even care about Discord adding ID verification to unlock certain features. Not going to give them my ID of course, just gonna use it as always. If they later tighten things to the point where it's unusable, sure, I'll quit Discord.
OK, here's another one.
How about taking all these websites that require PII onto their own members-only domain?
This actually should have been in place and well fleshed-out before Google & Microsoft started pushing their "account" nonsense.
>Better the nanny state than Nanny Zuck.
For me this is a crux, at least in principle. Once online media is so centralized... the from argument freedom is diminished.
There are differences between national government power and international oligopoly but... even that is starting to get complicated.
That said... This still leaves the problem in practice. We get decrees that age-restriction is mandatory. There will be bad compliance implementations. Privacy implications.
Meanwhile a while... how much will we actually gain when it comes to child protection.
You can come up will all sorts of examples proving "Facebook bad" but that doesn't mean these things are fixed when/if regulation actually comes into play.
Those execs were also using the tactics to addict adults, and while they may have targeted teens, the problem is, at its core: humans. So no amount of nannying by either the company nor the government will solve this issue.
Who would be responsible if a child developed alcohol addiction? A nicotine problem? Any other addiction?
Exactly. The same people that should be responsible for giving them unfettered access to an internet that is no longer safe. Even adults have to be wary of getting hooked on scrolling, and while I agree that the onus is on the companies, it has been demonstrated over and over again that they will not be held to account for their behavior.
So the only logical choice left that actually preserves freedom is for parents to get off their ass and keep their child safe. Parent's that don't use filtering and monitoring software with their children should be charged with neglect. They are for sending a kid into the cold without a coat, or letting them go hungry, why is it different sending them onto the internet?
And to your last point: You are dead wrong. No government anywhere in the world has demonstrated that they have the resources, expertise, or technical knowledge to solve this problem. The most famously successful attempt is the Chinese Great Firewall, which is breached routinely by folks. As soon as a government controls what speech you are allowed to consume, the next logical step for them is to restrict what speech you can say, because waging war on what people access will always fail. I mean, Facebook alone already contains tons of content that's against its terms of service, and they have more money than God, so either they actually want that content there, or they are too understaffed to deal with the volume, and the volume problem only ever increases.
So in my view, you are the one against freedom by advocating for the government to control the speech adults can access for the sake of "protecting the children" when the actual people that are socially, morally, and legally culpable for that protection are derelict in their duties.
> Who would be responsible if a child developed alcohol addiction? A nicotine problem? Any other addiction?
The government literally actively prevents people selling all these things to children, rather than permit a free for all and then expect parents to take responsibility for steering their kids away from them.
Meta for one has proven terminally irresponsible at acceptable stewardship.
Maybe it's about time that the proven predatory companies be restricted to something like their own adults-only internet cafes where age can be checked at the door.
They had their chance with the open internet and they blew it.
> Who would be responsible if a child developed alcohol addiction? A nicotine problem? Any other addiction?
I mean, historically speaking, we blamed the tobacco companies.
Did we? I know they lost some court cases, had to adjust advertising and so on, but was any tobacco company actually held accountable for the harm they caused? The answer is no because they all still exist and are profitable entities. Corporations that cause the harm they did should be subject to dissolution.
Also, if they were genuinely responsible, why can a child's parents be held accountable for them developing an addiction? The company was responsible, not the parent... do you see how ignorant that sounds?
The de jure minimium age to purchase tobacco is 21 now in the US, so I guess anyone see to sell tobacco products to those under that age could be held responsible as well.
They are held responsible by paying a fine to the government or losing their tobacco license, which is better than nothing, but doesn't actually fix the harm they caused already for the kid that's now hooked.
The legal system does nothing to fix the harm done by murder to the person who's now dead, either.
[dead]
Social media is like tobacco. We went after tobacco for targeting kids, we should do the same to social media. Highly engineered addictive content is not unlike what was done to cigarettes.
Yes, go after Facebook and their kind only, avoid collateral damage to the remaining regular old internet.
No, it isn't. Tobacco is a physical substance that alters users' biochemistry and creates a physical dependence. Social media is information conveyed via a computing device. You can criticize social media for what it is in its own right, without having to engage in these kinds of disingenuous equivocations.
Sounds like you need to read up on dopamine and addictions a bit more.
Gambling isn’t introducing substance into user system it is making use of existing brain chemicals.
Social media companies engineered every piece of addictive mechanisms from gambling to alter brain chemistry or reactions of users.
> Sounds like you need to read up on dopamine and addictions a bit more.
Nah, I just need to not equivocate between them. The use of the same term to describe activities that produce a dopamine response as is used for ingestion of chemicals that create a direct physical dependence is little more than a propaganda tactic.
The comment said social media is addictive "like tobacco." Not that it's literally a drug.
You're blurring the lines a bit. Gambling isn't inherently an addiction. Just like a good TV show isn't inherently addictive either. Social media trying to be more engaging shouldn't really be viewed as an evil action anymore than HBO trying to create compelling content is.
The problem with comparing social media use to tobacco is that they are completely different. It's like saying weed is just like heroin because they both make you feel good. It's reductive and not productive.
The completely anti-social media stance ignores the good parts of social media. People can connect from across the planet and found others who shares the same views or experiences. People who are marginalized can find community where none may exist in their local area. So we should approach this more carefully and grounded.
Maybe this will make it more clear, so big difference is that people can connect across the planet without "big social media".
There are internet forums, chats, e-mail, blogs, there is no inherent need for "big social media" as we know. I do understand those companies made it much easier for average person to participate but still using internet forum or e-mail isn't exactly rocket science.
Here we are on HN, where no one is changing the layout and not doing much to drive engagement. Some days I don't even open any discussion because there is a lot of stuff that is not interesting for me.
"Big social media" companies had already multiple people speaking up explaining that they specifically made changes to drive engagement to hook people up and keep them scrolling without "creating compelling content". They specifically tuned feed algorithms to promote lowest common denominator trash content that makes people react in anger/frustration/whatever and not "creating/promoting compelling content".
So now you're demonstrating that you can criticize social media for its own flaws without having to conflate it with something else. I don't disagree with anything you're saying here, but nothing you're saying here involves attempting to equivocate social media with physical substance abuse.
Comparing internet forums, chatrooms, email, and blogs to Facebook and TikTok seems like a bad joke. I don't think you recognize how impactful "Big Social Media" is. Facebook brought about the ability to easily reconnect with people you had lost touch with and stay in touch with them. Things like Instagram made photo sharing and discovery significantly easier than simply looking at what the most recent posted photos on Photobucket. TikTok mass marketed bite sized videos and community trends. These things either did not happen on other platforms or could not happen on them.
I think most people remember the earlier days of Twitter where having a centralized place with strong discoverability led to unique communities forming and expressing themselves. I shouldn't need to say this but, it obviously wasn't all sunshine and rainbows. So I'm not saying these platforms were perfect or without major issues. I am say that their unique nature is not something that can be replicated via other mediums. It simply doesn't scale.
Honestly I'm not seeing the issue with these platforms wanting to maximize time users spend on them. That's the goal of every business. What seems to get lost though is self control. TikTok being fun and enjoyable does not mean that you are incapable of closing the app. It's like banning phones from leaving your house because you are so addicted to texting and apps. You cannot fully control what comes up on most social media. But as any therapist will tell you, all you can control is your response. I just think there is a space for big social media sites in the world. I don't even use them, but I can recognize the impact they have made with the good and the bad.
Nothing is inherently an addiction. You can smoke a cigarette without it being an addiction.
No, nicotine is actually addictive in that it creates physical dependency.
I don't think I implied that. Of course, but the ability to regulate usage is hampered by nicotine. That does not mean one cigarette and you're addicted though.
You can make the point that social media has real positive benefits as well as negatives without minimizing the well proven fact that gambling creates a form of addiction in a significant proportion, though not all, of its users, one every bit as devastating as heroin or alcohol.
Seems like you're overestimating how many people are addicted to gambling. Much in the same way those who are anti-alcohol will conflate responsible drinking with alcoholism. Gambling can be just as terrible, but it is different than heroin and alcoholism since it does not have a chemically addictive component. Reducing all addictions to being the same thing is damaging to addicts and addiction recovery. Much the same way reducing all crime to the same thing is for inmates of the prison system. You're removing nuance and difference which helps promote understanding.
May I introduce you to the delta-FosB gene?
Can I ask what exactly you're intending to say? I'd rather try to guess what you're implying.
You’re right, it’s actually worse than tobacco. Tobacco simply makes your body sick, but social media attacks the most vital part of us. Even the CDC has studied this: https://www.cdc.gov/mmwr/volumes/73/su/su7304a3.htm
This is a normative cultural question, not a medical one. The CDC is far outside its expertise and its proper remit by involving itself in this topic.
Comment was deleted :(
the mechanisms by which that information is being conveyed have been shown to be addictive as well, no?
No, addiction involves physical substances interacting with a person's biochemistry. Attempting to extend the concept of addiction to include positive emotions brought on by sensory experiences or behavior is a disingenuous rhetorical tactic.
It's simply not legitimate to redefine "addiction" as anything that people might have an emotional or psychological motivation to participate in.
People trying to use the same terminology to describe social media as is used to describe tobacco or alcohol are trying to sneakily attach the negative associations of those substances to something unrelated entirely to them.
This is a form of deception, and a silly one, since social media has lots of negative aspects that can be argued against in their own right, without needing to engage in manipulative dialog.
Whether you like it or not, addiction is most commonly used as a general term to refer to any sort of compulsive behavior that acts against one's own self interest. Not your strawman of "anything that people might have an emotional or psychological motivation to participate in."
There are plenty of perfectly valid parallels between addiction to alcohol, gambling, porn, social media, junk food, etc. Are you denying that?
You can't just declare anyone comparing them to be disingenuous or disrespectful to those who are addicted. In fact what really seems disingenuous is the huge volume of this kind of pedantry in the thread by you and the same few accounts. Feels like misdirection away from the actual discussion about how to truly mitigate these addictions. Would appreciate your actual thoughts on this.
Comment was deleted :(
Comparing Tobacco to Social Media is like comparing me to LeBron James. I'd rather have my kid smoke a pack of day than have social media accounts
Yes, it is: https://news.ycombinator.com/item?id=24579498
Screw over Meta then. Not everybody else.
Meta is the bozo in a panel van with no windows. All The legit porn sites put up Big Blinking Neon Signs.
I actually run an adults only community site and you are correct, I have it in a popup that appears on every "fresh" visit to the site, it's in the giant bold print you agree to when you register, and from a technical end, I send every possible header and other signal to let filtering software know it's an adult only space. If there is a child accessing that site, they are doing so because their parent didn't even attempt to prevent them from doing so. And now I'm having to look into ID verification services that are going to quintuple to costs of hosting this free community for people in a time where community is more important than ever.
Can't you just get people to email you an ID photo when they sign up?
Email is the digital equivalent of a postcard. I really want to argue that this is a bad idea (because it is), but depending how you set your email system up, it might actually compare favourably to using a third-party identity verification company.
Better to use some kind of secure drop web portal (perhaps https://securedrop.org/) that's actually designed for that kind of thing, though.
Honest question. Why do you care?
> Better the nanny state than Nanny Zuck.
why-not-both.jpg
Maximizing corporate freedom leads inevitably to corporate capture of government.
Opposing either government concentration of power alone or corporate concentration of power alone is doomed to failure. Only by opposing both is there any hope of achieving either.
Applying that principle to age-verification, which I think is inevitable: Prefer privacy-preserving decoupled age-verification services, where the service validates minimum age and presents a cryptographic token to the entity requiring age validation. Ideally, discourage entities from collecting hard identification by holding them accountable for data breaches; or since that's politically infeasible, model the service on PCI with fines for poor security.
The motivation for this regime is to prevent distribution services from holding identification data, reducing the information held by any single entity.
> Prefer privacy-preserving decoupled age-verification services, where the service validates minimum age and presents a cryptographic token to the entity requiring age validation.
This is the wrong implementation.
You require sites hosting adult content to send a header indicating what kind of content it is. Then the device can do what it wants with that information. A parent can then configure their child's device not to display it, without needing anybody to have an ID or expecting every government and lowest bidder to be able to implement the associated security correctly.
It doesn't matter what kind of cryptography you invent. They either won't use it to begin with or will shamelessly and with no accountability violate the invariants taken as hard requirements in your theoretical proof. If you have to show your ID to the lowest bidder, you're pwned, so use the system that doesn't have that.
This solves some probelms, such as children accessing porn sites (oh the horror). But it doesn't solve other problems, such as predators accessing children's spaces. YouTube Kids is purportedly a safe, limited place for kids - and yet, there are numerous disturbing videos that get past the automated censors. Pedophiles stalk places like Roblox.
> But it doesn't solve other problems, such as predators accessing children's spaces.
Neither do ID requirements. If you're purposely allowing in kids then you're allowing in everyone, because kids generally don't have ID.
Sure, but other forms of age verification requirements can, in principle, solve this (at the massive cost of many other privacy and compliance issues, as the article rightly points out). For example, periodic facial recognition-based age estimation can theoretically allow only kids' accounts to a certain space.
At which point you're still letting in every pedo who has a kid living with them or can grab one at a local school, and the child trafficking networks that by their nature have access to children or to cybercriminals who know how to fool the check with a fake camera, i.e. the worst of the worst.
Meanwhile you exclude the parent who is separated from their spouse and wants to check up on where their kid is hanging out when the kid is living with the other parent, and the investigative journalist who doesn't have a young kid or their kid is 16 but the detection system guesses they're 26.
And that's on top of having the lowest bidder building a biometrics database of children.
Then you do forensic and catch the predator instead of the age verification nonsense
Your proposed architecture also achieves the goal of discouraging content-distributing entities from holding hard identification data, so it sounds good to me.
> Better the nanny state than Nanny Zuck.
This is a huge self own. I can't believe I'm reading this on a website called "hacker news".
Comment was deleted :(
while i'm sympathetic to your position, the truth is that /that/ is where this site is now.
Why? Hackers need something to hack.
But you're right, 'twas a bit much.
>There is almost literally documented examples of Facebook executives twirling their mustaches wondering how they can get kids more addicted.
Then close their business. Age verification just makes their crimes even more annoying.
Yes, please close it!
Ah, oh, decision makers are shareholders themselves and are benefiting from this too.
> I just like, can't help but start with fuck these companies. All other arguments are downstream of that. Better the nanny state than Nanny Zuck.
How about we reject all institutional nannies?
It is much easier to implement user-controlled on-device settings than any sort of over-the-Internet verification scheme. Parents purchase their children's devices and can adjust those settings before giving it to their kids. This is the crux of the problem, and all other arguments are downstream of this.
My friends kids have access to his home servers. They don’t get to roam on the internet. It’s shocking to think parents might structure their child’s lives.
> I know this is weird, but I'm in some ways not really sure who is on the side of freedom here. I get your position, but like.
No one. You’ll see a few politicians and more individuals stuck to their principles, but anyone with major clout sees the writing on the wall and is simply working to entrench their power.
> Better the nanny state than Nanny Zuck.
Indeed, what lolberts fail to understand usually is not a choice between government vs “freedom” it’s a choice between the current government and whoever will fill up the power vacuum left by the government.
Don't conflate the Internet with Social Media. Social media is a service, just like FTP. The death of social media will not mean the death of the Internet. There's an argument that reducing social media use, by age verification or other means, will lead to a more free Internet due to reduced power of gatekeepers.
The problem is that internet is used nowadays for democratic purposes. Once you introduce a globally unique personal ID, you will be monitored. And boy, you will be monitored throughoutly. In case of any democratic process that needs to be undertaken in future against government, this very government will take the tools of identification and will knock to the doors of people who try to raise awareness and maybe mutiny. And this is what Orwell wrote about
Centralization and standardization are going to be the topic in the 21st century.
For all the complaining some U.S.-Americans seem to do about the EU approach to these issues, things like the Digital Markets Act aim to fix exactly these types of issues.
Heh, thank you.
I appreciate GPs point about giving “parents strong monitoring and restriction tools and empower them to protect their children”. That’s good. That acknowledges that we can and should give parents tools to deal with their kids and not let them fend for themselves (one nuclear family all alone) against the various algorithms, child group pressure, and so on.
But on the whole I’m tired of the road to serfdom framing on anything that regulates corporations.
Yes. Let’s be idealistic for a minute; the Internet was “supposed to” liberate us. Now we have to play Defense every damn day. And the best we have to offer is a false choice between nanny state and tech baron vulturism?
For a second just imagine. An Internet that empowers more than it enslaves. That makes us more equal. It’s difficult but you can try.
> documented examples of Facebook executives twirling their mustaches wondering how they can get kids more addicted
If you genuinely believe that this is about those moustache twirling executives, then I have a bridge to sell you.
Have you ever wondered why and how these systems are being implemented? Have you ever gone why Discord / Twitch / what have you and why now? Have you ever thought that this might be happening because of Nepal and the fears of another Arab spring?
https://www.aljazeera.com/news/2025/9/15/more-egalitarian-ho...
I think too many people on this platform don't understand what this is about. This is about power. It's not about what's good for you or the children. Or for the constituents. It's about power. Real power. Karp-ian "scare enemies and on occasion kill them" power.
There are many ways in which such a system could be implemented. They could have asked people to use a credit card. Adult entertainment services have been using this as a way to do tacit age verification for a very long time now. Or, they could have made a new zero-knowledge proof system. Or, ideally, they could have told the authorities to get bent. †
Tech is hardly the first industry to face significant (justifiable or unjustifiable) government backlash. I am hesitant to use them as examples as they're a net harm, whereas this is about preventing a societal net harm, but the fossil fuel and tobacco industries fought their governments for decades and straight up changed the political system to suit them. ††
FAANG are richer than they ever were. Even Discord can raise more and deploy more capital than most of the tobacco industry at the time. It's also a righteous cause. A cause most people can get behind (see: privacy as a selling point for Apple and the backlash to Ring). But they're not fighting this. They're leaning into it.
Let's take a look at what Discord asked people for a second, the face scan,
If you choose Facial Age Estimation, you’ll be prompted to record a short video selfie of your face. The Facial Age Estimation technology runs entirely on your device in real time when you are performing the verification. That means that facial scans never leave your device, and Discord and vendors never receive it. We only get your age group.
There was an article that went viral for spoofing this, https://age-verifier.kibty.town/ // https://news.ycombinator.com/item?id=46982421 . In the article, the author found by examining the API response the system was sending,
k-id, the age verification provider discord uses doesn't store or send your face to the server. instead, it sends a bunch of metadata about your face and general process details.
We're anthropomorphising machines. A machine doesn't need pictures; "a bunch of metadata" will do just fine.
We are assuming that the surveillance state will require humans sitting in a shadow-y room going over pictures and videos. It won't. You can just use a bunch of vectors and a large multi-modal model instead. Servers are cheap and never need to eat or sleep.
Certain firms are already doing this for the US Gov, https://x.com/vxunderground/status/2024188446214963351 / https://xcancel.com/vxunderground/status/2024188446214963351
We can assume de facto that Discord is also doing profiling along vectors (presumably behavioral and demographic features) which that author described as,
after some trial and error, we narrowed the checked part to the prediction arrays, which are outputs, primaryOutputs and raws.
turns out, both outputs and primaryOutputs are generated from raws. basically, the raw numbers are mapped to age outputs, and then the outliers get removed with z-score (once for primaryOutputs and twice for outputs).
In general, Discord seems to have fairly reliable data about the other applications the user is running. Discord also has data about your voice and now your face.
Is some or all of this data being turned into features that are being fed to this third-party k-ID? https://www.k-id.com/
https://www.forbes.com/sites/mattgardner1/2024/06/25/k-id-cl...
https://www.techinasia.com/a16z-lightspeed-bet-singapore-par...
k-ID is (at first glance) extracting fairly similar data from Snapchat, Twitch etc. With ID documents added into the mix, this certainly seems like a very interesting global profiling dataset backstopped with government documentation as ground truth.
I'm sure that's totally unrelated. :)
-
† like they already have for algorithmic social media and profiling, https://www.newyorker.com/magazine/2024/10/14/silicon-valley...
Somehow there's tens to hundreds of millions available for crypto causes and algorithmic social media crusades, but there's none for the "existential threat" of age verification.
†† Once again, this is old hat. See also: Turbotax, https://www.propublica.org/article/inside-turbotax-20-year-f...
yep, the ol four horseman of internet censorship lol
if folks actually wanted to protect minors they would age restrict internet ACCESS instead of letting adults personal details get spewed all over the world for bad actors to take advantage of.
> I know this is weird, but I'm in some ways not really sure who is on the side of freedom here.
That’s because “freedom” is complicated and doesn’t precisely map to the interests of any of the major actors. Its largely a war between parties seeking control for different elites for different purposes.
Yes, seeking more control for themselves and completely at the expense of everybody else's loss.
You sound like someone that would work for the CIA or FBI if they offered you a job. Those are the types of people that I cannot and will not ever trust. I do not respect your opinion.
You don't have to, but hilariously - I would never work for the CIA or FBA (I mean I can't, I think they require a college degree) but the most paranoid conspiracy-theorist libertarian hacker I ever knew did, and said it was the best work of his life. Ironic?
I'm going to move off-grid and become a sovereign citizen.
I don't get your point, at least not in relation to the GP post. I agree with GP, parents need to be more accountable. We as parents, and We should all be concerned about future children/generations, should be demanding more regulation to help force the change we need on this topic. We as a society need to treat SM like those other addictive product classes. The fact SM is addicting and execs try to juice it more, is frankly to be expected.
Vilify them all you want, but same has been done with nicotine products, alcohol products, etc. and to GPs point, we SM as a toy for our children to play with. We chose to change the rules (laws, regulations, etc) because capitalists can never be simply trusted to do what's best for anything except their bottom line. That's a fundamental law no different than inertia or gravity in a capitalistic society. That's why regulators exist. Until you regulate it, they will wear their villain badge and rake in the billions. It's easy to be disliked when the topic of your disdain is what makes you filthy rich (in other words, they don't care what you or I think of what they're doing).
not social media, treat the entire internet as fundamentally hazardous to kids because it is, just like cigarettes alcohol and porn. check IDs once when signing the contract that is required for internet access and all these problems go away.
That’s fair. I do think they’re some point where it gets too broad though. The definition part will be a tough balancing.
As an example, I’ve been a fairly strict parent with devices and content access. But, I do let my son play Switch games with his friends which requires the internet. I feel it’s ok in moderation, he plays no more than about 3 hours a week.
>I get your position ... There is almost literally documented examples of Facebook executives twirling their mustaches wondering how they can get kids more addicted. This isn't a few bands
Their position was to compare it to alcohol, guns, and tobacco, not bands using naughty words. Alcohol and tobacco definitely enter mustache swirling territory, getting children addicted and funding misinformation on the harms of their product.
> There is almost literally documented examples of…
lol
> Better the nanny state than Nanny Zuck.
The state can imprison you. Zuck can't.
Yet! ;-)
Nobody is putting a gun to your head and forcing you to use Facebook or whatever other site. I quit using most social media over a decade ago. If you don't want to use it, or you don't want your children to use it, then don't use it.
O yeah? Where’s that guy who couldn’t get a job 6 months ago because he refuses to use LinkedIn.
I am a bit confused by that comment. Are parents social responsible to prevent companies from selling alcohol/guns/cigarettes to minors? If a company set up shop in a school and sold those things to minors during school breaks, who has the social responsibility to stop that?
when I was a kid in the early 90's, my state (and many others) banned cigarette vending machines since there was no way to prevent them being used by minors, unless they were inside a bar, where minors were already not allowed.
The problem is, doing the analogous action with the entire internet is a privacy nightmare. You didn't have to tell 7-11 every item you bought at every store in the past 2 years and opt-in to telling them what other stores you go to for the next 5.
There is no digital equivalent of "flash an ID card and be done with it" in the surveillance state era of the internet. Using a CC is the closest we have and even then you're giving data away.
The analogous action is to only require age-restricted sites (or parts of sites) to check ID, not the entire Internet. e.g. no one is calling for mathisfun.com to check ID. I'd expect most parts of the web are child-friendly and would not be affected. Just like how almost all locations in physical space don't need to check ID.
Additionally, the laws I've read mandate that no data be retained, so you have stronger legal protections than typical credit card use, or even giving your ID to a store clerk for age restricted purchases (many stores will scan it without asking, and in some states scanning is required).
This might have the benefit of reversing the trend where everything on the internet was rolled in to social media. If social media is age restricted, news, announcements, etc will have to break out to dedicated websites if they want to be accessible by all ages.
just ban kids from the internet already. if a parent allows the kid to have a full function smartphone and the kids get caught with it then throw the parents in jail and kids in an orphanage. people will catch on.
Anything that can take user input, including any forum, would get popped.
I don't see why that would be the case. It's reasonable to allow services that have a policy forbidding such content and make good faith efforts to moderate and remove it promptly. Seems analogous to e.g. a building being vandalized with lewd drawings. Or laws about user submitted child pornography.
I expect most forums or discussion groups in practice actually don't have child-inappropriate content, and already moderate such things because the members don't want it.
You do not need to control the entire internet. Put time limits on connected devices. Use parental controls. Talk to your kids about what they do online. Set clear boundaries. Reward good behaviour. Talk to other parents to align these limits to avoid social issues among the kids.
We may be agreeing, I'm saying there is no battle tested, privacy safe technical method of verifying age online, and this the controls need to be in the physical environment and setting social standards for social media and phone use.
I think the argument is more around it being illegal so as to not be forced into playing "the bad guy". It's hard to prevent a level of entitlement and resentment if those less well parented have full access. If nobody is allowed then there's no parental friction at all.
Its unfortunate that the application of this rule is being performed at the software level via ad-hoc age verification as opposed to the device level (e.g. smartphones themselves). However that might require the rigimirole of the state forcibly confiscating smartphones from minors or worrying nepalise outcomes.
I'm saying hold parent's accountable for their children's online behavior and for their protection online, not companies (who want to profit off the kids, perverse incentive) or governments (who can barely be trusted to do this even if this was the only goal). For example if your kid starts making revenge CP of their classmates, and the parent could have reasonably mitigated or known about it, I think the parent absolutely should be held responsible.
Don't punish the rest of the web for crappy parenting and crappy incentives by companies/govts.
If we want parents to be accountable, then these platforms need to provide better tools to enable parents to do so. It is impossible to monitor the entirety of your child's behavior online through any of these platforms today. They are their own person, they make their own choices, and those choices are heavily influenced by a world the parents have increasingly less influence over, especially as they grow older.
On the flip side, I do think we should also hold companies more accountable for this. We collectively prevented companies from advertising tobacco to minors through regulation with a pretty massive success rate. These companies know how harmful social media can be on youth, and there is little to no effective regulation around how children learn about these platforms and get enticed into them.
I do not disagree with any of this, I was hoping it was implied by my original comment that this would be necessary.
This all needs to be modulated by the knowledge that some children benefit immensely from being able to hide parts of their lives from their parents, parts that their parents would disagree with greatly.
The clearest example is LGBTQ kids who want to talk to other LGBTQ kids, or enjoy LGBTQ content, without fundamentalist or just homophobic/transphobic parents finding out. Children of fundamentalist or cult members who want an escape from the cult are another common category.
I’m embarrassed to admit this hadn’t even occurred to me until I read your comment.
> I'm saying hold parent's accountable for their children's online behavior and for their protection online
You're saying the status quo and I think its fair to state you wouldn't intentionally design the status quo. Unless we have some wizard wheeze where we can easily arrest and detain or otherwise effectively punish parents without further reducing the quality of life for their children.
But it's not playing the bad guy. It's playing the good guy.
in the abstract but in the social of the home you have to be the bad guy. While good parents manage that, the bar is too high for society in general.
The bar isn't that high at all. It's just what norms you decide to set. You could make this argument for any particular parenting decision, from washing hands before food to saying no to the next desired purchase. It doesn't make sense to special-case this. At some point you're setting rules, and it's not that difficult. Just don't buy the device.
sorry but I feel like your standards are a bit higher than the average here. The bar is, and has to be extremely low, to hope for compliance.
This isn't a compliance based exercise. You can achieve compliance by setting no rules.
From the perspective of the kids you are the bad guy.
Parents can't easily prevent their kids from going to those kinds of stores once they're at the age where the parent doesn't need to keep an eye on them all the time and they can travel about on their own.
The difference though is that parents are generally the ones to give their kids their phones and devices. These devices could send headers to websites saying "I'm a kid" -- but this system doesn't exist, and parents apparently don't use existing parental controls properly or at all.
> These devices could send headers to websites saying "I'm a kid" -- but this system doesn't exist
And there would be ways to work around it. If people find that privacy-preserving age verification is not good enough because "some kids will work around it", then nothing is good enough, period. Some will always work around anything.
if a parent gives a kid a full on smartphone, charge the parent with child abuse just like feeding the kid alcohol, cigarettes or having sex with them. people will catch on.
Or people who aren't parents are yet again sharing strong opinions that are not based in reality. Plenty of parental controls are deployed, how long they last against a determined child is the real question. Here's a concrete example for you. Spotify has a web browser built in so that you can watch music videos, kids have figured out a way to use that to watch any video on YouTube--a 12 year old told me this. If you search on this subject you'll quickly learn this is well known and is generally being ignored by Spotify. Why not allow parents to disable the in-app web browser / video function?
It's not as easy as you may believe to prevent that type of access.
So what’s the alternative? Pretend we don’t live in a digitally connected society and set our kids up for failure when they get one years after their peers?
Let's assume for the sake of argument that social media is extremely harmful to children. Which means the answer to your question is "yes, obviously". If people were running around giving their kids fentanyl, you wouldn't say "but my kid's friends all use fentanyl and he'll be an outcast if he can't". You would say "any friends that he loses over this are well worth avoiding the damage". Why would it be different just because it's social media?
Phones, I mean. Sorry for the confusion there. I’m for holding off on social media.
Keeping your kids off social media is setting them up for success.
I’m talking about phones specifically. Agree re: social media.
The problem isn't with phones. We should have robust parental controls and the responsibility of parenting should be left to, wait for it... the parents.
The person before me is the one who brought up phones.
> The difference though is that parents are generally the ones to give their kids their phones and devices.
But either way I disagree. This comment sums up my point: https://news.ycombinator.com/item?id=47122715#47128105
ISPs and OSs should be the ones providing these tools and make is stupid easy to set up a child's account and have a walled garden for kids to use.
I live in the UK. By default your ISP will block "mature" content and you have to contact them to opt out. iOS, Android, Playstation, Xbox, Switch all have parental controls that are enforced at an account level.
A child with an iPhone, Xbox, and a Windows Laptop won't be able to install discord unless the parent explicitly lets them, or opts out of all the parental controls those platforms have to offer.
The tech is here already, this is not about keeping children safe.
You have to be very tech savvy to know that your kid asking to install Discord to talk to/play games with their friend group is as dangerous as it is.
A single google search will tell you pretty unanimously that discord isn’t for kids, is rated 13+ and has risks of talking to strangers.
Parts of discord are not safe at all for 13 year olds and currently there isn't a mechanism as far as I am aware to restrict a 13 year old from accessing them.
The solution to that is obviously some sort of Parental features, where a parent can create accounts for their kids with restricted access and/or monitoring capabilities. The solution isn't to require an ID from everyone just to "protect the kids"...
No, it's about corporate and government control. Thankfully, the UK government is clueless about tech, which means these controls can be bypassed relatively easily by using your own DNS or a public DNS server like Quad9.
The corporations in this case are fighting against this. This is about your government and its desire to squash opinions they don't like. They are already going so far as to jail people for posting opinions they don't like. This has absolutely nothing to do with children, children are just the excuse.
There's a law going through in some state that want's to do this, but also put the onus on the OS developers to detect age aligned behavior. How do you do this with Linux? It would kill the open computer and kill ownership over computing.
Why would it be a problem to do this sort of thing with linux? Linux allows for oauth, proxied networking, what have you -- unless they're using some super-secret-unpublished-protocol, linux will be fine
I'm against these age-verification laws, but to say it's impossible to comply with open-source software isn't really true.
The point is that you won't be able to just install a Linux distro of your choice in this world - your computer will only run approved OSs that have gone through some kind of certification process to make sure they enforce age-verification content. If, say, the Debian foundation doesn't want to add these mandatory controls because they feel it goes against the spirit of Debian (not to mention the huge issues with the GPL), then your new computer just won't be able to run Debian anymore. And something like Kali would be right out, of course, since anonymity is not compatible with age verification.
Or, Conversely, these systems won't be able to verify age and will just be shut out of adult content. Which is fine, just keep a windows machine around for porn and do your actual work on a real computer
> Which is fine
But it isn't fine. How long before that's no longer an option?
A few years ago it was "Apple won't let me side load apps, which is fine, I'll run android" now that's coming back and getting locked down even more.
How long before normal computers will all have signed bootloaders with only the OEM's OS of choice allowed to boot, 4 chains deep of verifying signatures on hardware security chips?
Mark Zuckerberg advocates for this, most people entrenched in this argument think it's worse. But I'm all for burning it to the ground so.
You must not have kids if you think it's easy to keep children off things that are bad for them.
[Any] task is much easier if you have the tools. Do/did you have a baby monitor? A technological tool, that allows you to "monitor" the baby while not being within an arms reach.
Do you have an A+++++ oven with three panes of glass? It's [relatively] safe to touch and instead of monitoring if a child is somewhere near the oven you have to monitor if the child does not actively open the oven. That's much easier.
Dumb question, not a parent — how old does a child have to be before they'll only touch the hot thing once so you don't need to guard it?
They learn to not intentionally touch the hot thing between 1 to 2 years, but then they still can fall on it or hit it during play.
As a parent you quickly learn that when you don't actively prevent major accidents it ends up costing you much more time, stress, screaming, etc.
It's really not some Herculean task to do so either, though.
I remember how my sister and I set up Google Family and fully locked down my niece her phone with app restrictions, screen time restrictions and a policy of accountability when we need to extend the screen time.
It worked really well up until she got a school managed chromebook for homework with no access controls.
Can't your router block by Mac address? Just limit the Chromebook to allowlisted sites. And also school-issued computers are known for Spyware and even worse. It should probably be segregated in a separate network or vlan.
Maybe you don't have kids of your own. Once you have 2 or 3, it is quite challenging to manage everything, especially over time.
Especially if they are older, like 8+ years old. They are resourceful, sneaky and relentless.
Which is exactly why all people everywhere giving up their privacy will also be ineffective.
Drugs, alcohol, cigarettes, pornography were all illegal for me to access as a kid but I wouldn’t have had any trouble getting any of it.
Maybe at 16, not at 8.
Many of my school colleagues started smoking around 10-11 years old. All of us had tasted alchol by then, and some of them were definitely drinking the occasional beer. Older kids sometimes brought porn magazines in school and would show younger kids too (still talking about pre-highscool here). Now, this was childhood in Romania in the 1990s and early 2000s, soon after the fall of communsim, so maybe not so applicable everywhere else, but still - I doubt that there is any problem for a resourceful 8-10 year old even today to get some of these things.
There’s a difference between “saw a playboy once” and having regular or semi regular access to it.
Same goes for alcohol and cigarettes.
In the US, if you had regular access to those things, you had parents who didn’t care.
It’s also not about kids on the margin. The vast majority of 8 year olds in the US have not tried alcohol, drugs, or cigarettes.
I can’t rely speak to post Cold War Romania.
The older kids are often the easy source for the younger kids. At 8 I had already seen a Playboy and knew kids who had seen harder stuff. I could have easily gotten a teenager to get me cigarettes (and drugs, but I didn’t know what those were really). I had also already tasted alcohol. Any of this I could have stolen from any number of places.
At 16 it was easier, but at 8 it wasn’t hard.
There’s a difference between “saw a playboy once” and having regular or semi regular access to it.
Same goes for alcohol and cigarettes.
If you had regular access to those things you had parents who didn’t care.
It’s also not about kids on the margin. The vast majority of 8 year olds have not tried alcohol, drugs, or cigarettes.
There’s also a difference between “saw my first” and “saw a playboy once.” I need you to understand I was a good kid whose parents cared until they divorced some years later. And yet I had multiple sources of access to this stuff without looking for it. Now, as an adult, I can see more ways I could have gotten it if I wanted it.
Again, if you occasionally caught a glimpse of a playboy, that’s not a significant problem.
If you were regularly smoking cigarettes, drinking alcohol, and reading porn magazines at 8 yeas, your parents fell down on the job. An 8 year old doesn’t have the wherewithal to hide that from parents who are paying attention.
> Now, as an adult, I can see more ways I could have gotten it if I wanted it.
Yeah a kid with the mind of an adult could access all kinds of illegal material.
Making it illegal to rob a bank doesn’t mean that’s it’s literally impossible. It’s about stopping enough people from trying that society functions.
The state of the world before the internet was that it was hard to keep a kid from ever glimpsing a titty, but it was relatively easy to keep a kid from having regular access to hard core porn-much, much easier than it is now. My take is that as a society we need to figure out some way to make this easy enough for parents to do that it becomes the default. Just like drugs, alcohol, and porno mags.
Another issue is that online porn and algorithmic brain rot is free (at least enough of it is). With IRL contraband, lack of money is a big limiting factor for kids. The IRL equivalent would be if the local liberal let 8 year olds checkout hard core porn DVDs.
Yeah. Anyway, porn, cigarettes, alcohol, and drugs were very accessible to me despite being a good kid with parents who cared in a world where those were all legally forbidden to me.
All this talk of “glimpses” is you trying to read too deep into a single example.
I’m not using my adult mind to figure out how I could have gotten this stuff as a kid. I’m using my adult mind to recognize that if I had been motivated as a kid, there are additional ways I. as a kid, would have been able to figure out how to get it.
I’m not throwing my hands up in the air and saying this is impossible or that we should just open up access. I’m saying requiring ID for access wasn’t effective before and it won’t be effective in a world with easier access. Yet the cost of that is quite high. Scan these threads for actual ideas, I’m not arguing for any particular one but there are plenty of them and some I think are good.
>Yeah. Anyway, porn, cigarettes, alcohol, and drugs were very accessible to me despite being a good kid with parents who cared in a world where those were all legally forbidden to me.
Were they accessible to you, or do you just think they were accessible to you? How many of these teenagers who would let you try a cigarette would have been willing to keep supplying you cigarettes regularly. How many would have been willing to keep buying you alcohol?
>All this talk of “glimpses” is you trying to read too deep into a single example.
No, it's glimpses, because it's about at the very least semi-regular access, not preventing every single child from having tiny amounts of alcohol. Look at my reply the other poster in this thread. There are dozens of studies that show conclusively that minimum age drinking laws reduce alcohol use among children, and reduce alcoholism later in life.
>I’m saying requiring ID for access wasn’t effective before
But yes it was effective. Read the studies. Minimum age drinking laws have been shown almost universally to be effective. Not at stopping every child from drinking but at harm reduction.
>I’m using my adult mind to recognize that if I had been motivated as a kid, there are additional ways I. as a kid, would have been able to figure out how to get it.
The level an effort an 8 year old would have to go through to get regular access to cigarettes and alcohol in the US, would require an enormous level of motivation which almost no 8 year old has, and it would be outright impossible to do without a semi-observant parent noticing.
That's the whole point of making it hard to do.
It takes much less effort for a kid to walk to the library and check out a hardcore porn DVD than it does for him to convince an 18 year old to buy one for him. Most kids just aren't going to go through the hassle of doing the latter, but they'd do the former in a heartbeat. All things being equal, greater motivation is required to overcome greater obstacles.
I’ve told you that access was not a problem at all. All your questioning is because you can’t grasp my lived reality. You think I’m mistaken, but actually I just don’t care to try to convince you because you’re already so sure.
Disinterest was what really “saved” me from these vices but lacking that, it was my parents. I also had access to perfectly legal things that were bad for me that I actually wanted and it was my parents who helped me there too; no mandatory ID required.
you are writing this as if you were never a kid yourself... there is absolutely nothing I wasn't able to "get" as a kid - some stuff I had to jump through some hoops but end-result would always end up being the same. if I wanted to watch hardcore porn, there was a way, if I wanted to smoke a cigarette, there was a way. if I wanted to drink, there was a way. and make it "forbidden" made it ever more appealing for me to get it as a kid. I grew up in society where alcohol was not a big deal, I was buying alcohol for my parents when I was 6-years old, would get sent to the store to get stuff and among the stuff was always beer and sometimes wine if my parents were expecting some guests. most of my friends growing up never thought of alcohol as something cool, we had easy access to it so it was like a rights of passage or anything like that and it showed, just about no one was doing any drinking while we were teenagers. when I came to america junior year of high school I was stunned at home much effort my schoolmates were making to acquire alcohol - could not really understand what the big deal is until I realized that was because it was forbidden and acquiring beer etc for a friday evening chill made one a cool kid.
the only barrier I have ever had to doing stupid things was the wrath of my parents. the punishment(s) levied when I did stupid shit was always such that I would very seldom-to-never-again consider doing whatever stupid shit I did. it always starts and ends with parents. you can put in whatever "laws" you want (which will always get weaponized politically at some point either immediately or at a later time) but end of the day the buck starts and stops with parents...
1. There is no scientific evidence that the "forbidden fruit" theory is correct. Studies of minimum drinking ages show a near universal reduction in drunk driving deaths, alcoholism, and crime rates.
https://pmc.ncbi.nlm.nih.gov/articles/PMC3018854/ https://pmc.ncbi.nlm.nih.gov/articles/PMC3586293/ https://pmc.ncbi.nlm.nih.gov/articles/PMC4961607/ https://www.nytimes.com/roomfordebate/2015/02/10/you-must-be... https://www.cdc.gov/alcohol/underage-drinking/minimum-legal-...
If you care to google it there are dozens of additional studies that all say the same thing.
2. You're writing this as if you don't understand what it's like growing up in a country where 8 year olds don't have easy access to alcohol, cigarettes, and drugs.
And you're writing this as if you don't understand what it's like growing up was a kid growing up in America specifically. My young children and the young children of everyone I now could not regularly drink alcohol or smoke cigarettes without their parents knowing about it. When I was 8 I couldn't have done either regularly without my parents knowing about it.
Again this isn't about stopping every single kid in the world from ever trying alcohol. This is about making it harder for them get and easier for parents to enforce.
>end of the day the buck starts and stops with parents...
That's a completely unrealistic view of the world and it's just flat out wrong on the face of it because every study we have on the subject shows that minimum drink age laws reduce harm--they work. If it were solely up to the parent they wouldn't work.
The easier you make it for parents to do the right thing, the more of them will do it.
over 10 years ago, I had an intern from Harvard CS tell me that privacy is irrelevant unless you're doing something that you want to hide. I was gobsmacked that someone would not cherish their privacy but since then I've realized many don't care at all and have the same attitude that "I don't have anything to hide."
Well that's your mistake right there. You hired someone from Harvard. Unless you are hiring that person to use their connections to market your product, there is no reason to hire someone from Harvard. They just bring bad ideology and STDs from Russian hookers to the table and nobody wants that.
PS This post is partly satire, I will leave it to you as to which part is serious.
> They are resourceful, sneaky and relentless.
... and honest:
- they will honestly tell you that they'd be very happy to see you dead when you impose restrictions upon them (people who are older will of course possibly get into legal trouble for such a statement)
- they will tell they they wish you'd never have given birth to them (or aborted them)
- they will tell you that since they never wanted to be born, they owe you nothing
- ...
Sounds like a kid in need of psychiatric help.
You barely ever had to deal with pubescent children? :-)
I raised kids. Never had to deal with anything like what is described. Sounds like someone read some questionable books on parenting, unfortunately followed the bad advice in those books and this is the result.
And this entire thing is about bad parenting. Its always easier to just give the kid a tablet and go back to whatever you were doing. Its always better to actually interact with the kid. That trade-off of time is important because if you mess up when they are young, you spend a lot more time handling issues later on. That time you gained by giving them a tablet will get payed back someday, usually with interest. That's what is happening here.
Please get the kids some help before we have to send you thoughts and prayers
I mean, that's really not normal puberty stuff, but... okay.
As a father of 3, one thing the wife and I had to learn over the course of the first two is that the modern world holds parents to impossible standards and a "fuck off" attitude is required for much of it.
We've had pediatricians shame us for feeding our kids what they're willing to eat and not magically forcing "a more varied diet" down their throats at every meal, despite them being perfectly healthy by every objective metric. There are laws making it technically illegal for us to leave our kids unsupervised at home for any period of time in any condition, even a few minutes if one of us is running slightly late from work/appointments.
Your not-quite-2-year-old is too tall for a rear-facing car-seat? You're a bad parent, possibly a criminal and putting them at risk by flipping the seat to face forward, a responsible parent spends hundreds of dollars they don't have on several different seats to maybe find one that fits better or have their kid ride uncomfortably and arguably unsafely with their legs hyper-extended up the seatback.
Miss a flu shot because you were busy? Careful you don't come off as an antivaxxer.
And all of this and more on top of changing diapers, doctors' appointments, daycare, preschool, school, family activities and full time jobs?
Yeah, when my kids are old enough to engage with social media I will teach them how to use it responsibly, warn them about the dangers, make myself available to them if they have any problems, enforce putting the phones down at dinner and and keep a loose eye on their usage. Fortunately/unfortunately for them they have a technically sophisticated father who knows how to log web activity on the family router without their knowledge. So if anything goes sideways I'll have some hard information to look at. Most families don't have that level of technical skill.
I was almost certainly never going to be a parent for other unrelated reasons, but you have just given me a whole other list of confirmations for that decision that I hadn't thought of before.
Thank you for that.
Well it's all more than worth it, at least for us. But that doesn't make some of the excess judgement tedious to deal with.
Kids are great at forcing you to prioritize. All of a sudden pre-ground coffee is worth it.
The school, in loco parentis.
Not responsible for selling to all minors, just theirs.
Well the parents entrust their kids to the school, so they would be the ones responsible for what goes on on their premises. In turn, school computers are famously locked down to the point of being absolutely useless.
That's really a district-by-district / school-by-school thing, some are significantly more locked down than others
Companies are legally prohibited from marketing and selling certain products like tobacco and alcohol because they historically tried to.
Parents are legally and socially expected to keep their kids away from tobacco and alcohol. You're breaking legal and social convention if you allow your kids to access dangerous drugs.
Capitalist social media is exactly as dangerous as alcohol and tobacco. Somebody should be held responsible for that, and the legal and social framework we already have for dealing with people who want to get kids addicted to shit works fairly well.
So we should ban social media is what you're saying but not what OC is saying.
Banning access to social media for kids under 18 similar to how tobacco and alcohol is banned to underage people would be the more direct line.
This argument is quite close to what gov'ts are "trying" to do here! And I tihnk you'll find very few people ammenable to the idea that we should allow cigarettes to be sold to underaged people (even if in practice they still get access).
The argument on the "don't do the social media ban" side is quite an uphill battle if you dig into this metaphor too much
All "social media" that uses recommendation algorithms should be unavaliable to children.
At least give it a try.
"Capitalist social media is exactly as dangerous as alcohol and tobacco. Somebody should be held responsible for that, and the legal and social framework we already have for dealing with people who want to get kids addicted to shit works fairly well."
They work hand in hand with governments around the world, that's why they get the tax breaks. In return they hand over details about your opinions, social networks and whereabouts, not to mention facial recognition data via Facebook. They aren't remotely capitalist in any real sense since they have a bad business model.
> Capitalist social media is exactly as dangerous as alcohol and tobacco.
Most actual studies done on this topic find very little evidence this is true.
It's a run-of-the-mill moral panic. People breathlessly repeating memes about whatever "kids these days" are up to and how horrible it is, as adults have done for thousands of years.
I expect some emotional attacks in response for questioning the big panic of the day, but before you do so please explore:
[1] Effects of reducing social media use are small and inconsistent: https://www.sciencedirect.com/science/article/pii/S266656032...
[2] Belief in "Social media addiction" is wholly explained by media framing and not an actual addiction: https://www.nature.com/articles/s41598-025-27053-2
[3] No causal link between time spent on social media and mental health harm: https://www.theguardian.com/media/2026/jan/14/social-media-t...
[4] The Flawed Evidence Behind Jonathan Haidt's Panic Farming: https://reason.com/2023/03/29/the-statistically-flawed-evide...
[flagged]
> give parents strong monitoring and restriction tools
The problem is that it's bloody hard to actually do this. I'm in a war with my 7yo about youtube; the terms of engagement are, I can block it however I want from the network side, and if he can get around it, he can watch.
Well, after many successful months of DNS block, he discovered proxies. After blocking enough of those to dissuade him, he discovered Firefox DNS-over-HTTPS, making it basically impossible to block him without blocking every Cloudflare IP or something. Would love to be wrong about that, but it seems like even just blocking a site is basically impossible without putting nanny-ware right on his machine; and that's only a bootable Linux USB stick away from being removed unless I lock down the BIOS and all that, and at that point it's not his computer and the rules of engagement have been voided.
For now I'm just using "policy" to stop him, but IMO the tools that parents have are weak unless you just want your kid to be an iPad user and never learn how a computer works at all.
As a parent of young children, this is your entire problem:
> the terms of engagement are, I can block it however I want from the network side, and if he can get around it, he can watch.
You're treating this as a technical problem, not a parental rules problem. Your own rules say he's allowed to watch!
You have to set the expectations and enforce it as a parent.
Depends on what the goal is. But yeah I agree if you really don't want them on YouTube (or whatever) and really do want them to tinker with their devices then you're likely going to have to eschew technical measures for more overt ones.
I think the point is that it's not enforceable.
I remember when I was a kid that age there were rules and some were technically enforced. But if you found a way around the technical enforcement you were in huge trouble. The equivalent here would he been, if you used a proxy to watch what you weren't meant to, then you lose all screen time indefinitely. Sneaking around parents' rules was absolutely not on.
Sounds like a smart kid, is part of you secretly proud of him for his tenacity?
Is it impractical to keep an eye on what he's doing on his computer, i.e. physically checking in on him from time to time?
How about holding him responsible for his own behavior, to develop respect for the rules you impose? Is it just hopeless, and if so how come? Is it impossible for him to understand why you don't want him watching certain content or why he should care about being worthy of your trust?
I'm not judging here, I'm genuinely curious.
Personally I wouldn't want to expose a child to "the algorithm" ie recommendations. It turns up useful stuff but (IMO) the stream contains an unacceptable concentration of radioactive waste and becomes increasingly concentrated if you click on any of it.
I might suggest explaining this to him, providing a uBlock filter to sanitize the page, and requiring use of said filter.
The obvious solution would be TLS interception and protocol whitelisting. Same as corporate IT. Stick the kids' devices on a separate vLAN if you don't want to catch all the other devices in the crossfire.
Still, there's an awful lot of excellent educational content on YouTube. It seems unfortunate to block access to that. Have you considered self hosting an alternative frontend for it?
Putting controls on the machine you want to restrict is pretty normal. While I agree with your first sentence that it's hard for parents to get proper monitoring tools, the rest of this sounds like a self-imposed problem. If you don't want to mess with the actual machine then run a proxy it has to use.
At this point why not just emancipate him. Hook him up with an easy remote job, put a lock on his bedroom and hand him the keys, and make him start paying rent. Because I’m having trouble figuring out what part of society you’re preparing him for at this stage. Respectfully.
Whats so hard about taking the iPad out of they're hands? or laptop or whatever, once you catch them on sites they shouldnt be on?
Comment was deleted :(
You're understating the US's policy on recklessness. We have "attractive nuisances," which means that if you put a trampoline in your backyard, and a kid passing through sees it, decides to do a sick jump off of it, and breaks their leg, that was partly your fault for having something so awesome that kids would probably like.
> which means that if you put a trampoline in your backyard, and a kid passing through sees it, decides to do a sick jump off of it, and breaks their leg, that was partly your fault for having something so awesome that kids would probably like.
That's not exactly accurate. The two key parts of the attractive nuisance law are a failure to secure something combined with the victim being too young to understand the risks.
So if you put a trampoline in your front yard, that's an easy attractive nuisance case.
If you put a pool in your back yard with a fence and a locked gate, it would be much harder to argue that it was an attractive nuisance.
If a 17 year old kid comes along and breaks into your back yard by hopping a 6-foot tall fence, you'd also have a hard time knowing they didn't understand that their activities came with some risk. Most cases are about very young children, though there are exceptions
>put a trampoline in your front yard
This is exactly what one of our neighbors did when I was growing up.
All the kids loved it.
There just weren't very many lawsuits back then like there are now after the number of attorneys proliferated so much.
To be as safe as they could, the parents put the trampoline in a pit where the bouncing surface was at ground level.
If you drove by, you wouldn't even be able to see it, or have any idea that it was there.
Unless there was somebody bouncing at the time.
You should have seen the look on peoples' faces when they drove down our street and saw that for the first time :)
It would not be quite that simple. The trampoline (or pool, or whatever) would have to be visible, in a place children were likely to be, not protected by any reasonable amount of care, and the kid would have to be young enough to not know any better.
The legal doctrine is also not specific to the US, of course.
And that law is incredibly and hideously stupid, as it's a heckler's veto on having cool stuff.
The Internet is basically the final frontier where this harmful law doesn't reach, though the Karens are really trying to expand their power there.
A monitoring solution might have worked for my case if my parents had monitored my Internet history, if they always made sure to check in on what I thought/felt from what I watched and made sure I felt secure in relying on them to back me up in the worst cases.
But I didn't have emotionally mature parents, and I'm sure so many children growing up now don't either. They're going to read arguments like these and say they're already doing enough. Maybe they truly believe they are, even if they're mistaken. Or maybe they won't read arguments like these at all. Parenting methods are diverse but smartphones are ubiquitous.
So yes, I agree that parents need to be held accountable, but I'm torn on if the legal avenue is feasible compared to the cultural one. Children also need more social support if they can't rely on their parents like in my case, or tech is going to eat them alive. Social solutions/public works are kind of boring compared to technology solutions, but society has been around longer than smartphones.
Should the state have force your parents to give you up for adoption? That's the social support the state can offer.
This is the real point that needs to be made.
You can argue that many parents are less than ideal parents, but that is not sufficient to justify having the state step in. You also have to show that the state is less bad.
Decades of data on the foster system strongly suggests otherwise. The state, by any objective measure, is terrible at raising children.
I don't think it would have helped, given the outcomes for foster children are near universally worse except in the most extreme cases of abuse. I did threaten to call CPS but I was, of course, berated for it and threatened that I would be taken away, so that shut me up. Since I was never assaulted I doubt it would have reached the standard for foster care anyway, yet the consequences still endure to this day.
I was told over and over by in hindsight unqualified persons that emotional abuse wasn't real abuse, so after a few years I was disinclined to seek help.
If I had had even one person that supported me unconditionally instead of none at all, even if that person wasn't a parent, I'm fairly certain I would have turned out differently. That was just a matter of luck, and I came out empty-handed. I never felt comfortable talking about what I was exposed to online with anyone, and that only hurt me further, but I was a child and couldn't see another option.
So the only options are no support or give you up for adoption? No middle ground is possible?
As a parent, I think you’re understating how difficult it is to provide a specific amount of internet access (and no more) to a motivated kid. Kids research and trade parental control exploits, and schools issue devices with weak controls whether parents like it or not. I’m way at the extreme end of trying to control access (other than parents who don’t allow any device usage at all) and it has been one loophole after another.
As somebody who is entirely for restrictions on internet / social media, I think you're missing the bigger picture here. First, you assume that parents have the technical knowhow to restrict their kids from specific sites. My parents used a lot of different tools when I was a kid, but between figuring out passwords, putting my fingerprint onto my mom's phone, and spoofing mac addresses, I always found a way around the restrictions so I could stay up later.
But let's assume the majority of parents can actually do this. The problem with social media is not an individual one! We've fallen into a Nash Equilibrium, a game theory trap where we all defect and use our phones. If you don't have a phone or social media nowadays you will have much more trouble socializing than those who do, even though everyone would be better off if nobody used phones. As a teenager, you don't want to be the only one without a phone or social media. And so I truly do think the only solution is with higher level coordination.
Now, it's possible that the government isn't the right organization to enforce this coordination. Unfortunately, we don't really have any other forms of community that work for this. People already get mad at HOA's for making them trim their lawn; imagine an HOA for blocking social media! I do think the idea of a community doing this would be great though, assuming (obviously) that it was easy to move on and out of, as well as local. This would also help adults!
So to be honest, I don't think parents have the individual power to fix this, even with their kids.
It's much easier to give individual users control over their own device than to give a centralized authority control over what happens on everyone's device over the Internet. Local user-controlled toggles are just easier to implement.
All parental moderation mechanisms can and should be implemented as opt-in on-device settings. What governments need to do is pressure companies to implement those on-device settings. And what we can do as open-source developers is beat them to the punch. Each parent will decide whether or not to use them. Some people will, some won't. It's not Bob's responsibility to parent Charlie's children. Bob and Charlie must parent their own children.
To the people arguing that parents are too dumb to control their children's tech usage because they themselves are tech-illiterate: millennia ago, we invented this new thing called fire. Most people were also "too dumb" to keep their children away from the shiny flames. People didn't know what it was or how dangerous it could be. So the tribe leader (who, by the way, gropes your children) proposed a solution: centralize control of all the fire. Only the tribe leader gets to use it to cook. Everyone else just needs to listen to him. Remember, it's all for you and your children's safety.
> we invented this new thing called fire [...] So the tribe leader (who, by the way, gropes your children) proposed a solution: centralize control of all the fire
Of all the things, a "save-the-children prolegomena to the Prometheus myth" certainly wasn't on my bingo card today. So thank you for that, but I'm not aware of any reports of fire-keeping in the way you've described. Societies and religions do have sacred traditions related to fire (like Zoroastrians) but that doesn't come with restrictions on practical use AFAIK.
I'll spell it out for you since you can't read between the lines. It's not actually about fire-keeping in tribes to protect children. It's about certain people (governments, corporations, organizations) wanting control over the Internet and everyone's digital communications. They don't want a free marketplace of ideas and uncensored channels of communication because their propaganda narratives would not survive.
The tribe leader refers to certain rich and powerful folks that have infiltrated governments and are running some of the largest businesses.
The fire refers to instant communication over the Internet. This relatively new technology has the potential to paralyze old power structures and reshape civilization. It's understandable why governments et al are panicking. They know their authority will wane under global free speech unless they do something.
Am I the only one that is repeatedly amused at how many smart people are just caving to making this about parents/children at all?
We've literally watched things unfold in real time out in the open in the last year I don't know how much more obvious it could be that child-protections are the bad-faith excuse the powers that be are using here. Combined with their control of broadcasting/social media, it's the very thing they're pushing narratives in lockstep over. All this to effectively tie online identities to real people. Quick and easy digital profiles/analytics on anyone, full reads on chat history assessments of idealogies/political affiliations/online activities at scale, that's all this ever was and I _know_ hackernews is smart enough to see that writing on the wall. Ofc porn sites were targeted first with legislation like this, pornography has always been a low-hanging fruit to run a smear campaign on political/idealogical dissidents. It wasn't enough, they want all platform activity in the datasets.
I can't help but feel like the longer we debate the merits of good parenting, the faster we're just going to speedrun losing the plot entirely. I think it goes without saying that no shit good parenting should be at play, but this is hardly even about that and I don't know why people take the time of day. It's become reddit-caliber discussion and everyone's just chasing the high of talking about how _they_ would parent in any given scenario, and such discussion does literally nothing to assess/respond to the realities in front of us. In case I'm not being clear, talking about how correct-parenting should be used in lieu of online verification laws is going to do literally nothing to stop this type of legislation from continually taking over. It's not like these discussions and ideas are going to get distilled into the dissent on the congressional floors that vote on these laws. It is in it's own way a slice of culture war that has permeated into the nerd-sphere.
I make this argument to neutralize the "protect the children" excuse and also delegitimize the age verification "solution" by pointing out that on-device settings are more effective and easier to implement yet rarely discussed.
There are some parents genuinely concerned with parenting. We should give them the tools to do that and thereby removing them from the discourse, then we can focus on the bad faith people that want more control. I think there are still enough well-meaning people in governments that if we popularize on-device settings, it will prevent age verification in at least a handful of countries, and that's good enough to keep the spark of the free Internet going until we figure out a more permanent solution.
> It's not like these discussions and ideas are going to get distilled into the dissent on the congressional floors that vote on these laws.
You think the idea of parents, not governments, being responsible for parenting doesn't translate well to voters? In the country founded on the idea of freedom from overreaching governance and personal responsibility?
that's not what i'm saying at all. i highlighted that that is quite literally the convenient narrative that's being used to get everyone squabbling amongst themselves. it is very clear that this is being used in bad-faith to get people to immediately side a certain way. yet here on hackernews we find dissenting viewpoints to that, rather than discussion about the entirety of it and what the real motives at play are. i am once again amused at the efficacy of the smokescreen here.
what i'm saying is these discussions around parenting have had zero impacts on preventing the passage/implementation of such legislation/policies to date despite many smart people in here understanding what's actually at stake. and it's very likely that these parenting discussions will again go on to have absolutely zero impact on preventing the continued impelmentation of id verification on platforms. these policies/legislations aren't simply being implemented because people have failed to fully thought-exercise out good/bad parenting styles enough yet in the marketplace of ideas, it's becoming a reality because we aren't collectively raising awareness of the downstream ways this legislation will be harnessed for shitty outcomes. we aren't talking about it for what it is, but instead talking about it in the way they want us to talk about it. these parenting discussion points have been beaten to death and nothing new or novel is being shared, and rather than looking straight at the wolves right here in the room with us (data brokerage & who benefits from this type of data brokerage & figuring out how to stop it) people just look at each other and get butthurt about idealogical parenting differences. it's literally a slice of the now-ever-so-common 2d culture war we're all acutely aware exists, right here on hackernews, and we're all actively participating.
I guess I disagree that there is some shadowy alternative motivation for these laws. If the goal was to link everyone's ID with their account they would be requiring everyone to send in their ID instead of making age estimation the first option. I'm also a bit confused about the data brokerage part. What do you imagine the data brokers get out of this?
This only works if I ban my child from having any friends since they all have unlimited mobile access to the internet.
Could your child not just call or text their friends? Or is the real expectation to not have to intervene at all about their preferred platform?
Only if all the other kids are not on social media. When I was in school, birthday parties and such were organised on facebook. If you were not on facebook, you weren't invited.
If everyone was banned from facebook we would have organised them via text messages or email. That's the main point of social media age restrictions, individually banning kids is too punishing on those kids so parents and teachers don't try. Doing it across the whole population is much better.
Comment was deleted :(
I think the idea is for the child see their friends in person... not call, text, or internet.
So even if their own child has no phone at all, they have access to the internet through other children's unlimited mobile access.
When I was growing up, we loved to lend the sheltered kids from the more conservative families media they weren’t supposed to have, like the Harry Potter books.
I'm saying they'll use their friend's devices.
Sorry, I know it's a hard line for parents to tread and it's really easy to criticize parenting decisions other people are making, but the "everyone else is doing it so I have to" always seems as lazy to me today, as it probably did to my parents when I said it to them as a teenager.
Is it more important to prevent your son from being weaponized and turned into a little ball of hate and anger, and your daughter from spending her teen years depressed and encouraged to develop eating disorders, or to make sure they can binge the same influencers as their "friends"?
We used to teach kids to be themselves and stand up for what they believe in and their own authenticity and uniqueness even in the face of bullying. That having less or other doesn’t mean your value is lesser or that you should be left out. Now we teach them… conform at all costs so you never have to risk being bullied or lonely?
> Now we teach them… conform at all costs so you never have to risk being bullied or lonely?
Literally every kid/teen-targeted movie has showed this for decades. Yes even “back in the day.” Hell what is the end of Grease? Sandy literally changes who she is and everyone cheers including her man who allegedly liked her as she was.
Conform, be an individual, the message is always shifting and always has. You’re a jock, you’re a nerd. Jaques beat up nerds and get the girls. Oh wait in this movie the nerds actually win and are rewarded for being themselves.
There wasn’t some magical time where you were taught the right lesson and that everyone now is missing out on. Growing up is complicated. Social dynamics are complicated. The way they are portrayed is also complicated.
The number of times I objected to my parents rules because my friends didn’t have those rules and the response was: “I’m not their parent.”
Is it more important to prevent your child from <...>, or to not be seen as an adversarial monster?
presumably being a parent is different from being a your child’s friend. There is overlap, but yes, sometimes being a good parent requires “laying down the law”.
With that being said, i think explaining _in detail_ why you’re laying down certain rules can go a LONG way toward building some trust and productive dialogue with your child. Maybe you’ll find out they are more mature than you give them credit, can loosen up a bit. Or maybe a reasonable compromise can be found. Or maybe they’ll be bitter for a few months, but they’ll at least understand “why”.
Yes if they do bad things like drunk, have sex and do drugs.
I would start with banning cellphones.
My greatest fear for my future young adult children is that they're on their cell phone all day and never have time to get in trouble with their friends, so there's that. Yes, Let's start with banning the cell phones.
this is the biggest problem, so many parents are head-in-the-sand when it comes to things that can damage a child’s mind like screen time, yet no matter how much you protect them if it’s not a shared effort it all goes out the window, then the kid becomes incentivized to spend more time with friends just for the access, and can develop a sense that maybe mom and dad are just wrong because why aren’t so-and-so’s parents so strict?
because their parents didn’t read the research or don’t care about the opportunity cost because it can’t be that big of a deal or it would not be allowed or legal right? at least not until their kid gets into a jam or shows behavioral issues, but even then they don’t evaluate, they often just fall prey to the next monthly subscription to cancel out the effects of the first: medication
Do you believe the research shows that screens in and of themselves are so powerfully damaging that being exposed for, what, a few hours a week at a friend’s house will cause them to require psychiatric medication?
So many questions. Are you campaigning against billboards in your city? Do you avoid taking your kids to any business that has digital signage? I assume you completely abstain from all types of movies and TV? What about radio or books?
What are you, personally, doing on HN?
Fascinating.
it sounds like you already knew all of your assumptions were absurd yet you asked them anyways which ironically makes your comment the truly fascinating one
Individual Parents vs Meta Inc (1.66T mkt cap)
May the best legal person win!
Its more like age verification corporations, identity verification corporations, the child "safety" organizations that were lobbying for Chat Control versus individuals who want to protect their privacy.
> We'll try everything, it seems, other than holding parents accountable for what their children consume.
The mistake in this reasoning is assuming that they are actually interested in protecting the children.
This.
The world is becoming increasingly more uncertain geopolitically. We have incipient (and actual) wars coming, and near term potential for societal disruption from technological unemployment. Meanwhile social media has all but completely undermined broadcast media as a means of social control.
This isn't about protecting children. It's about preventing a repeated of the Arab Spring in western countries later this decade.
"Think of the children" is the oldest trick in the book, and should always be met with skepticism.
The Arab Spring was caused by a tripling of food prices. I somehow doubt something similar will happen in the west. As for the rest, ignoring the population's concerns (by suppressing social media) is the best way to cause political violence. So I see blocking the governments desires to shape political discourse as saving the politicians from themselves.
GP isn't interested in protecting children either. Punishing parents harder does nothing to improve the lives of children — in fact it makes them much worse, because now they are addicted to Facebook and their parents are in jail. It just makes certain people feel morally righteous that someone got punished.
Children are clever. I think the deeper issue is that very few parents care enough to actually articulate the danger to their kids.
As a kid, my dad sat me down and explained how porn could destroy my life. It's not hard to get people to act in their own self interest once they know what's destructive for them.
The problem is that most parents don't even understand just how damaging social media is.
"We'll try everything, it seems, other than holding parents accountable for what their children consume".
We'll try anything, it seems, other than hold internet companies accountable for the society destroying shit they publish.
And it's not jusy children who's lives they are destroying.
If you are interested in learning about the other perspective, you can watch some parents’ congressional testimony here https://youtu.be/y8ddg4460xc?si=-yYduYDppF4TQWqD.
The character.ai one is gut wrenching.
> then give parents strong monitoring and restriction tools and empower them to protect their children
I think this is the right way to solve the problem.
For example, I think websites should have a header or something that indicates a recommended age level, and what kinds of more mature content and interactions it has, so that filters can use that without having to use heuristics.
I agree with you that parents should be responsible, but your argument is clearly flawed.
> you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using
In the example here, there are 3 things where age verification is required AND parents have responsibility.
It’s not just one or the other.
The same responsibilities are not “thrown out”, they are never acknowledged in the first place.
As a parent blocking websights is a joy, maybe the rule should be to allow guardians more ability to control that. Trying to block some services is not trivial
As a human, I'd love to see the rest of you fools quit that. If HN ever starts to algorithm me I'll be gone too.
And as a bonus you can block your boomer parent's access to cnn and msnbc (or whatever its called now) and perhaps fox. It will make Thankgiving a lot more pleasant for all.
PS Mom, I don't know why cnn doesn't work anymore. ;)
If they live under my roof, it's my rules. Turn about is fair play.
As for news, the art of discovering what in your subjective reality exists in the objective reality is something I don't expect well ever get gud at.
I'm not Americans but isn't Fox the worst one out of those?
It's very easy to lock up alcohol/cigarettes, a child should never have access. Internet usage is more like broadcast media, a child should have regular access.
The positives and negatives of Internet usage are more extreme than broadcast media but less than alcohol/guns. The majority of people lack the skills to properly censor Internet without hovering over the child's shoulder full-time as you would with a gun. Best you can do is keep their PC near you, but it's not enough.
We agree that a creepy surveillance nanny state is not the solution, but training parents to do the censorship seems unattainable. As we do for guns/alcohol/cigarettes, mass education about the dangers is a good baseline.
EDIT: And some might disagree about never having access to alcohol!
Devices such as phones come with an option when you start the device asking simply is this for a child or an adult. Your router generally these days comes with a parental filter option on start up too. Heck we have chatgpt that can guide a parent through setting up a system if they want something more custom.
If people want to push, they should just push to make these set up options more ubiquitous, obvious and standardized. And perhaps fund some advertising for these features.
Router parental filters are accountability sinks. They don't actually work, and they can't because we spent the last 20 years redesigning network protocols to prevent middle boxes from tampering with connections.
In what sense? DNS blockers work generally do they not? Adguard also censors google search results.
I don't see why your kid should be browsing reddit.
I mean even only allow whitelisted sites. As I say this can be standardized further.
These measures I truly believe do not need to be 100% foolproof so long as the hurdle is high enough that children give up it's fine. And these measures could potentially notify a parent of a suspected breach or attempt to game it, without intruding too much into the child's privacy.
DNS blockers only work if the device/application is not adversarial or if you also have a smart enough firewall to block DoH, which is designed to blend in with web traffic. Once ECH is widespread, you'd likely need to MitM the device (so you need to install your CA, which is intentionally made very difficult and you might not even be able to do across all apps anymore on mobile devices? At least without enterprise MDM. And as was observed elsewhere[0], apps like spotify can contain a web browser), or perhaps use DNS requests as a trigger to briefly open a default deny outbound firewall.
Things have definitely been converging toward making it impossible for non-corporations to manage the devices they own, the network they run, etc.
This is very interesting thanks.
I agree that ECH is perhaps a stumbling block although as you say MitM, this is indeed possible to pursue considering the whole set up child account on device thing going on with many of these devices.
On the rest of of your points fair enough, but again I ask is it actually proportionate? Are we talking about children or black hats?
The black hats in this case are the software vendors. If your software prevents any ability to inspect any of its traffic (so you can't use external filters), and the OS doesn't offer ways to override/hook into that, and if the inbuilt parental controls are insufficient, you can't do much.
What are you going to do when every application (including web browsers) simply ignores and bypass your DNS filtering "for security" and every site is opaque (e.g. wikipedia looks just like pornhub to your router and every site is using one of a small number of major frontend proxies like cloudflare that's actively specifically working toward traffic opacity)? It happens that every major commercial non-server OS vendor (except Redhat?) is an ad company now, so they all have a reason to block your ability to filter traffic/restrict your configuration to only what they allow. And they're all working toward that.
Good point well made.
This is where Apple, Microsoft and Android need to step up. Indeed they already have in many ways with things being better than they used to be.
There needs to be a strict (as in MDM level) parental control system.
Furthermore there needs to be a "School Mode" which allows the devices to be used educationally but not as a distraction. This would work far better than a ban.
I dunno man. IMHO, kids should not have access to devices of any kind until the brain develops. Im not sure what that number is, but lets say its 15. At that point, we as parents need to be role models and let kids make mistakes. There is this whole idea that if you focus too much on security, you open the door for increased risk. I feel this applies to this situation[0].
When I was a kid, when I reached a certain age, 13 I think, there was nothing my parents good could do to stop me from learning from my own mistakes. I think using blanket laws and tech to curb internet behavior is just going to backfire.
[0]: https://news.clemson.edu/the-safer-you-feel-the-less-safely-...
Microsoft has done a good job with Microsoft accounts and Microsoft Family Safety. It's about as user-friendly as you'll get outside of Apple, though the speed could be improved. And this only covers PCs, Android 's system is less good.
Even with this, the problem requires more than pushing a button. Time, thought, and adjustment are needed. Like home maintenance, its necessary but not everyone can do it without help.
Getting AI assistance is good advice.
They could provide all the tools in the world. Unless there’s legislation change to what children are allowed to consume legally, everyone will largely ignore it.
Ironically, the government that is pushing this only set a drinking age just a couple of years ago (as in the last 10 years). In case you believed this was actually about kids.
The speech that worked (mostly) on the children in my life involved the concept of 'cannot unsee', which they seemed to understand. There are some parallels to gun safety here because there are things that even the adults in your life try not to do and it seems perfectly reasonable to expect the same from children.
In fact being held to a standard that adults hold themselves to is frequently seen as a rite of passage. I'm a big girl now and I put on my big girl pants to prove it.
parents can be held liable for buying their kids cigarettes but, similarly, tobacco companies are (at least nominally) not supposed to target children in their advertising campaigns and in the design of their products.
It's obviously not a 1/1 comparison here, because providing ID to access the internet is not analogous to providing ID to purchase a pack of Cowboy Killers but we can extrapolate to a certain extent.
(inb4 DAE REGULATING FOR-PROFIT CORPORATIONS == NANNY STATE?!?!?!?!?)
You can expect the individual to compensate for a poorly structured society all you want.
> you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using
You can only expect so much from individual responsibility. At some point you need to structure society to compensate for the inevitable failures that occur.
> They are in a much better and informed position to do so than a creepy surveillance nanny state.
I'd rather live in a nanny state than ever trust american parenting. We've demonstrated a million times over that that doesn't work and produces even more fucked up people and abused children.
The richest brightest minds of our generation all being motivated towards one addictive goal, and we'll just put the responsibility on the parents...I think society can collectively do better.
If we expect Parents to treat Social Media like other unhealthy, dangerous, and highly addictive products, then that can never start with "just expect ignorant parents to all magically start doing something difficult, for no real reason".
It starts by banning kids from the internet, entirely. It starts with putting age restrictions on who can buy internet connected devices. It starts by arresting parents and teachers who hand pre-literacy kids an always-online iPad. It starts with an overwhelming propaganda campaign: Posters, Commercials, After-School Specials, D.A.R.E. officers, red ribbon week.
Then, ultimately, it still finishes with an age-gated internet where every adult is required to upload their extremely valuable personal information to for-profit companies, for free (With the added weight of being forced to agree to extreme ToS, like arbitration agreements).
So what do we do? I agree that the age of entry to the internet should match other vices (currently 21+ in the US, although really that should probably be 18+)...
It will never be acceptable for a single country's police state to extend across international borders, so... we just ban all of the UK and Australia from every web service until they get withdrawals and promise to stay nice? That could be a start.
But this whole situation in like 'freedom of speech' once you start picking and choosing what counts as "acceptable" speech, then suddenly you lose everything. You literally can't make everyone happy, because everything subjective is open to contradiction - and because there are freaks in the world who will never be satisfied by anything less than a complete global ban of everything.
Who gets a say? Do the Amish get to tell us what we are allowed to do? Where do you draw the line? You can't. Completely open is the only acceptable choice. But I still vote we start publicly mocking the parents who give their kids an ipad, and treat them like they just gave that kid a cigarette. Because seriously, they're ruining that kid.
I've already thought about it from the US's perspective and here's my path forward.
If government does not want kids to have access to the naughty bits of the internet but thinks there's something worth sharing with children then the government should provide a public internet for kids and THATS the site that will ask for a login known to belong to a kid. We already do public schooling with public funding and we do not let rando adults sit in classrooms with kids and they get a school id. Boot <18's off the public internet AT THE SOURCE when internet connectivity is PURCHASED / CONTRACTED FOR with a valid adult id / proof of age, but allow them vpn access into whatever the government thinks the child should have access to, like the schools page, I would say online encyclopedias or wikipedia type things but I'm not sure if government wants children to read about the variety of so many different things on this planet we're sorta trapped on and lets face it, restricting communications of the kids to points outside the control of parents is exactly what the government is complaining about, the government does not want kids to have free access to information.
Think of a phone or tablet that can only access the network through either a proxy or vpn but otherwise locked down. It certainly seems like it doesn't require much programming, heck have trump vibe code it for all I care.
I mean yeah, parents could just teach their kids the tough stuff because thats how it used to work anyways, well that and the libraries and schools but those can be pruned of bad books and bad teachers at the request of government anyways right? The kids could also be interviewed periodically by government to inventory what topics they have discussed with their parents to weed out the 't' or 'g' words.
I mean yeah I don't see a place for facebook in that intranet but isn't that sort of the point, we all know big social media will be incentivised to promote engagement with less regard for safety, so why do kids need facebook anyways? The instagrams and ticktalks are worse although maybe government should make a child friendly ticktalk type school social network, call it trumps school for kids for all I care, folks in power right now and a significant part of the US believe that trump knows whats good for kids right?
I mean obviously the libraries have to be REALLY REALLY cleaned up but thats just a detail. But why are parents forcing internet wierdos onto their kids with these smartphones / porno studios in their pockets? What do they think chester the molester on ticktalk is gonna have the kid upload their id? even if he does, do we really want that? c'mon man
The difference with guns, tobacco and alcohol is huge: all negatives aside, giving kids what they want makes the life of a parent so much easier. Take it away and many parents will fight. Sugar is in the same game.
I'm 40. Do I need to get my parents to vouch for me? Who vouches for them?
> then give parents strong monitoring and restriction tools
As written, this sounds very glib. I cannot take this comment seriously without a game theory scenario with multiple actors.
Should we allow kids to get cigarettes? Cocaine? Should all parents "just" be better parents and problem solved?
you can’t blame it on parents alone, but the odds are stacked against children and their parents, there are very smart people whose income depends on making sure you never leave your black mirror
the surveillance state is possible, achievable, and a few coordination games away from deployment with backing from a majority who should know better
inertia kills, I dunno
The greatest of uphill battles in today's current climate is trying to push anything in the realm of personal responsibility.
Politicians' whole basis for nearly every campaign is "you're helpless, let us fix it for you."
For the vast majority of problems plaguing society, the answer isn't government, it's for people changing their behavior. Same goes for parenting.
But unfortunately, "you're an adult, figure it out" isn't the greatest campaign slogan (if you want to win).
It wasn’t always this way: “Ask not what your country can do for you — ask what you can do for your country”
[dead]
What is your proposed recourse for me as a parent if your kid shows my kid gore videos?
What is your recourse if his kid gives yours a bottle of whisky?
Yes, children are clever - I was one once.
A counterargument to your point that children are clever - I was also one once.
The vast majority of parents aren't tech-savvy enough to be able to operate IT parental controls.
Except companies provide wholly inadequate safeguards and tools. They are buggy, inconsistent, easily circumvented, and even at time malicious. Consumers should be better able to hold providers accountable, before we start going after parents.
The only real solution is to keep children off of the internet and any internet connected device until they are older. The problem there is that everything is done on-line now and it is practically impossible to avoid it without penalizing your child.
If social media and its astroturfers want to avoid outright age bans, they need to stop actively exploiting children and accept other forms of regulation, and it needs to come with teeth.
How easy is it for kids to bypass Parental Controls on iOS devices?
Social engineering is the most effective strategy, because iOS screen time controls are so buggy that eventually parents throw up their hands in exasperation and enable broader access than they would otherwise choose.
It’s one setting to only allow a whitelist and not allow apps to be downloaded. Yes parents might actually need to learn technology
I use it, I am quite familiar with the bugs. The app controls randomly duplicate themselves and change in scope. It would almost be comical if it had not been happening for so many years to so many people. Apple knows, does not care.
When everything is turned off by default, iOS Screentime is very effective. It also has effective tools for to grant certain exceptions, facilitated by Messages. It also distinguishes between "daytime" and "downtime" for the purpose of certain apps and app attributes, like the contact list. For example, we have ourselves, grandparents and the neighbors as "all the time" contacts but their friends as daytime only. They don't retain their devices at night but it is possible for them to pull them from the charging cabinet.
> Except companies provide wholly inadequate safeguards and tools. They are buggy, inconsistent, easily circumvented, and even at time malicious. Consumers should be better able to hold providers accountable, before we start going after parents.
We could mandate that companies that market the products actually have to deliver effective solutions.
Cue blog posts about section 230 and how it’s impossible to do hard things and parents should be held accountable not companies, meager fines, captured bureaucrats, libertarians, and on and on…
Yes, but how on earth is their malicious compliance at providing parental controls a good reason to go for the surveillance state that hurts absolutely everyone?
Social media operators love the surveillance state idea. That's why they aren't pushing against this.
I even cancelled YT Premium because their "made for kids" system interfered with being able to use my paid adult account. I urge other people to do the same when the solutions offered are insufficient.
Step 0 is physical device access. Kids shouldn't have tablets or smartphones or personal laptops before age 16.
16 is a bit steep but I do generally agree with your sentiment. I wish there were more educational home computers like there were back in the day like the BBC micro. I have a startup idea to make something like that (mostly as a dumping ground for my plethora of OS-software and computer education ideas) but don't currently have the resources and have doubts on how successful something like that would even be in this day and age. I'm only 18ish (Not giving my actual age for privacy reasons but it's within a 5 year margin) and feel like my peers would rather be locked to platforms and consume than learn to create and actually use computers despite there being a very obvious need (I once had a 20 year old look at me like I had 2 heads for asking them to move something into a folder)
> Kids shouldn't have tablets or smartphones or personal laptops before age 16.
If you make such a restriction, they'll secretly buy some cheap "unrestricted" device like some Raspberry Pi (just like earlier generations bought their secret "boob magazines").
Parents should have an allowlist of devices to be able to join their network. And then they can require root certs or something for access outside of a narrow allow list. There's a host of ways to solve both problems. Just remember to check for hardware keyloggers on your (the parents') devices, as kids could use them or try evil maid attacks, etc. if they feel totally encaged.
This will only work in practice if one of the parents is a network technician. :-)
Comment was deleted :(
I've said it before but prohibition works, if the goal is to reduce usage. I don't see this as a realistic problem.
This is the craziest thing I’ve heard in a while. They shouldn’t have connected game systems either?
No, because those devices have little or no controls and those controls are easily bypassed and/or not honored by the platform.
I think they should. Theres a fine line between beneficial and detrimental. I had a 3DS growing up and could browse the web with its very gimped browser, and I think something like that is actually very good for a child (able to access the internet and view simple and informative sites while being too limited to access social media and the like)
The problem is unrestricted access to mobile devices. A game console or desktop PC isn't as big of a deal.
What’s the difference? They all reach the same internet
Have you ever visited any game store and turned off nsfw protection?
I love gaming, but I hate all the smutt games. It discredits the medium, essentially what has also happened to anime.
I'm kinda baffled about the Switch store's quantity of dating/whatever adult-ish games.
I don't really want to turn on age-based filters (to the point that I've never investigated if they even exist) but at this rate, there's hardly anything worth looking at in the recent feed.
The target demographics for Nintendo products have shifted from kids to.. kidults? Most kids nowadays play on phones or in rarer cases PC/Xbox, Nintendo's lost much of their cache (in my visible experience) save for children parented by the "mindful milennial" types
Makes sense but there's just... so much of it. That and all the shovelware.
It's just hard to imagine that's anything close to what Nintendo wants users to experience, but I guess they need the money.
They really could find a niche in making phones for kids that have walled-garden internet access, they were so good at doing so with the ds but alas..
Comment was deleted :(
I bet not many of us would be here now if we hadn't had our own computers before age 16.
Today's young people are already technologically retarded (in the literal sense) and barely know how to use Microsoft Word or navigate with a file explorer, this would make the problem significantly worse.
I hope they do pass a law like that, because it'd give my kids a gigantic advantage over the kids who had no access modern technology and the free flow of information until the age of 16. If you want to leave your kids completely unable to find any kind of gainful employment in the AI era, be my guest.
> If you want to leave your kids completely unable to find any kind of gainful employment in the AI era, be my guest.
Your kid is screwed either way. Unless he moves to India.
What? Are there billion dollar companies with huge staffs who are constantly trying to figure out how to sneak my child a gun all the time, at school, wherever they go?
I'd say this comparison is good -- we as a society have decided that people who provide alcohol, guns, and cigarettes are responsible if children are provided them. You don't get to say 'hey, you didn't watch your child, they wandered into my shop, I sold to them 2 liters of vodka and a shotgun'.
The parents themselves weren't raised with the digital literacy required.
This doesn't put the parents off the hooks, if you or anyone can share any resources that are as easily consumable, viral and applicable as the content that is the issue that can reach parents I would be happy to help it spread.
The reality is kids today are facing the most advanced algorithms and even the most competent parents have a high bar to reach.
The solution is simple.
I want to permit whatever the pixels are on a childs screen. Full stop. That hasn't been solved for a reason. Because developing such a gate would work and not allow algorithms to reach kids directly and indirectly.
The alternative is not ideal, but until there's something better, what it will be and that's well proven for the mental health side of things of raising resilient kids who don't become troubled young adults - no need for social media, or touch screens until 10-13.
There are lots of ways to create with technology, and learning to use words (llms) and keyboards seems to increasingly have merit.
> "The parents themselves weren't raised with the digital literacy required."
At this point, that isn't true anymore. There was social media when the parents were school aged. The world didn't start when you were 10 and the Internet is a half century old.
I thought the same thing until someone asked me how many of them have been able to overcome digital addiction and set a path ahead that's healthy.
Being literate in something isn't just knowing how to use it, but how to manage it's use for one's self and for others.
Once you see the importance of it, knowing where/how to start to manage what kids are exposed to that is age or developmentally appropriate for them is entirely a different skill to meet and manage the digtial literacy of another human, especially a child.
> then give parents strong monitoring and restriction tools and empower them to protect their children.
Because parents don’t abuse massive surveillance tools.
Given that most abuse happens in the family and by parents maybe it’s a bad idea to give them so much power
So we should trust the governments of the world? The same governments that don't seem to be doing anything about a large group of people that visited a specific island to abuse minors?
Where did I say that?
Exactly, nowhere.
If I‘m contra B, it doesn’t mean I pro A
What other realistic option is there if parents aren't going to be empowered to raise their own children?
don't you have to age verify to get alcohol? We don't leave that up to the parents. Feels like you defeated your own argument with your examples.
The internet is not an object, its a communication medium. That is an apples to organges argument, it doesn't wash.
incorrect. Same principle at play, you want access to something, that thing is age restricted, the vendor of the thing wants you to provide proof of age.
None of this push has anything to do with protecting children. Never has, never will. Stop helping them push the narrative, it's making the problem WAY worse.
ITT are a lot* of tech workers who made their money as a cog in the system poisoning the internet that future generations would have to swim in. I wonder if toxic waste companies also tell the parents it's strictly on them to keep their kids out of the lakes that are poisoned, but once flowed cleanly?
We live in a shared world with shared responsibilities. If you are working on a product, or ever did work on a product, that made the internet worse rather than better, you have a shared responsibility to right that wrong. And parents do have to protect their kids, but they can't do it alone with how systematically children are targeted today by predatory tech companies.
Age verification tech companies are lobbying heavily for governments to legally require their services. The proposed "solutions" are about funneling money into the hands of other tech companies and shady groups, while violating user privacy.
If anything, we should be banning the collection of any age related information to access social media and more mature content. We need companies to respect privacy, rather than legislation even more privacy violations.
If anything, we should be preventing young people from being exposed to the version of the internet that currently exists until the tech companies that made it this way offer a solution. I am all ears if you have an alternative that big tech can implement to ensure this is the case while they are given the task of cleaning up the mess they've made?
Bro the internet was made by everyday people. Corporations just imposed there shit on top of it. Im all for the corporate part going away, but I think its better if we make social media corporations transparent so we can target how they are operating those services. Age gating users is not the answer
I've been on the internet for more than 20 years. It got a lot worse in the last 10. Individuals maybe shaped it in the early days, but the disastrous mess we have today is from the monetization and ensuing garbage that was pushed onto the world by some very profitable tech companies.
Undo the damage or otherwise come up with a way to shield kids from it. I won't let my own kids anywhere near the open web the way it is today. It's poison for young minds and needs to be fixed or gated off. Like alcohol at this point.
It comes from a combination of things that always existed getting online and the monetization of the attention economy. Influence operations (both corporate and governmental) are the source of most of the problems. Bots, influencers pushing propaganda, etc. I suspect you are actually a bot but others might read this so...
The biggest changes to the Internet over the last few years are usually in the political spaces. There are a few other things but mostly its political. Those other things always existed but now they are online. But this isn't the fault of the communications medium, its the ills of society leaking into online spaces. If we banned those things online, you still as a parent have to worry about them happening IRL. Its better to talk to your kids about these dangers honestly and it always has been. Its always been easier to just prevent your children from being exposed to those dangers but that usually backfires later on. Banning unpopular political discourse to do that has never been the answer to these issues. But in this case, banning discourse is the goal and children are just the excuse. As proof of this, the same government pushing this only instituted a real drinking age in the last 10 years, in a country known for making liquor.
> I suspect you are actually a bot but others might read this so...
I'm floored lol. What gives you this impression?
The worst part of this inflammatory nonsense is that, sadly, I'm probably the only person that will read your full comment. And I fundamentally disagree with your thesis of attributing this to "politics". Social media and its effects were poisonous long before "politics" were so prominent. You could see it even during early Obama times. The simple infinite scroll and forcing individuals to so regularly compare themselves to each other was already awful long before "politics".
The last line in my statement answers your question. If you leave it up to government to try and regulate a medium you are asking for trouble. Its like telling a news source what they can and cant release news wise because a portion of the population (kids) are harmed by the information.
I understand where you are coming from but age gating is not the answer for a communication medium.
I'm asking you for the alternative. Every day this continues on is literally ruining lives before they start. Like lead in water, time is of the essence. So what is the alternative to fix it?
Support candidates that will put anti-trust first and end citizen united. Both of these issue make holding companies accountable for the harm that is being caused by lack of transparency impossible. The problem is corruption and corporations not being accountable to the people. When those problems get resolved. These issues will become less problematic.
I love the vision. Might take a decade or more to play out. We don't want a list generation in the interim, so what do we do asap to get it under control?
We don't. The problems are created by corporate greed, they are only solved by dealing with that. Making the internet less free as I said, isn't the answer, and there is no way to fix this in the short term without making the corruption worse.
Respectfully, I disagree and find your proposed solution, akin to "keep letting young people have their lives ruined", unsatisfactory. Which is probably why we're in this mess.
Its been my experience that our lives, whether they are ruined or not, are up to us. Making someone else responsibility only prolongs the problem. You either see that, or you don't. It's pretty clear at this point that corruption and greed is the problem and the fact that we cant see our way forward to being responsible adults is the part that is going to cause humanities downfall. When everything come crashing down, the people that will be left are the people that are taking responsibility for the problem and not making it someone else's.
> Its been my experience that our lives, whether they are ruined or not, are up to us.
This maybe applies to adults. It does not to children that cannot yet fend for themselves. You are basically throwing them to the wolves. This can be your choice, but it won't be mine.
We are not throwing them to the wolves. Our complacency created this problem and now kids are being affected by our actions and inactions. IMHO the best we can do as parents is try to protect them in a world gone mad. Appealing to governments and corporations that created this problem in the first place (with our acquiescence) is going to make the problem worse because we have evil people behind the scenes using this information against our wishes.
>If you are working on a product, or ever did work on a product, that made the internet worse rather than better, you have a shared responsibility to right that wrong.
This is how the "predatory debt" involved has built up, and grown exponentially until now, and the only thing Facebook considers as a solution would be to pay it down using other peoples' resources instead of their own.
No one else has matching leverage and the dollar figure would be many billions if not a full trillion or more, which is about what it's worth, and who else could afford that except Facebook?
So it has to come from the collective subtraction of everyone's complete privacy. Just to amount to something comparable.
Add that up and it shows you how valuable privacy really is and what it's worth in dollar figures.
Yes, do the math, privacy is worth more than Facebok no matter what, it always was and always will be.
You can't have both, so big tech should jettison Meta. Who else could afford it?
A more non-existential solution would be for Meta to fully fund a completely anonymous internet to replace the one that they soiled from the beginning, and let them keep the (anti-)social-media exclusive network separate.
I'm with you.
This is what I thought when Facebook first came out;
It was going to be like MySpace where most people were expected to remain anonymous like the internet had always been, and only those who actually wanted to be identifiable could reveal as much information as they personally wanted to.
But no, Facebook wanted everybody's personally identifiable information as table stakes, not only those who really wanted to promote themselves or gain personal recognition.
There was no other way to sign up.
I thought people would be too smart for that. But Facebook was "free" to use, and learned a lot from it's first major gamescourge, Zynga.
Naturally I've been waiting for it to stand the test of time, and it does look like it has been a complete failure when it comes to being worthwhile.
Facebook started out with enshittification as a business model but the next major escalation came when people had to have an "account" before they could even browse the site any more.
People who had actually enjoyed it were somewhat pressured to join just so they could continue following those who were promotional. Linkedin did this too and made it no longer worth visiting either. So much for supporting the members who were intended to be promoted.
You can only imagine my shock years ago when I found out Facebook was a billion-dollar company.
Things like this were never even supposed to be worth money.
If your goal is to "save the children", then sure, we can discuss this... if your goal, as a government, is to have everyone get some digital ID and tie their online identities to their real names, then you do just that.
We should stop pretending these age-verification rollouts are about protecting children, because they aren't and never have been.
Even if the world was full of responsible parents, there are still people and groups that want to establish a surveillance state. These systems are focused on monitoring and tracking online activity / limiting access to those who are willing to sacrifice their own personal sovereignty for access to services.
There is most definitely a cult that is obsessed with the book of revelation and seeing Biblical prophecy fulfilled, and if that isn't readily obvious to folks at this juncture in time, I'm not sure what it will take. I guess they'll have to roll out the mark of the beast before people will be willing to admit it.
It's funny, all the bible wankers screamed about "the mark of the beast" over things like RealID. Now we have fascists setting up surveillance and censorship tools to tie speech and movement to centralized ID...and they're lining up to lick boots.
You should need to show ID and prove you're over 18 to enter a church. At least we know they're actually harmful to children.
The people pushing this are the same ones who are always screaming about "fascists". Also, your ideas in your post are anti-liberal and anti-constitutional (in the US).
In the context of government-mandated identity checks for speech, either both are unconstitutional or they're not, in the latter case it's time to start cracking down on the dangers of religion.
I hope society comes to the former conclusion and the egregious attack on freedom of speech on the internet is discontinued.
A strict reading of the constitution would also imply that limiting gun ownership to those who show ID and can prove they are 18 is unconstitutional. "Anti-liberal" and "anti-constitutional" are in the eye of the beholder.
“One day I’ll own that boot…”
We'll do everything, it seems, other than holding billionairs accountable for what their businesses consume.
> We'll try everything, it seems, other than holding parents accountable for what their children consume.
It’s not a fair fight. These are multi-billion dollar companies with international reach and decades of investment and research weaponized against us to make us all little addicts.
Additionally, it’s not fair or reasonable to ask parents to screen literally everything their kids do with a screen at all times any more than it was reasonable for your parents to always know what you were watching on TV at all times.
This is bootstraps/caveat emptor by a different name. It’s not “I want someone else to raise my kids.” It’s “the current state of affairs shouldn’t be so hostile that I have to maintain constant digital vigilance over my children.” Hell if you do people then lecture you about how “back in their day they played in the street and into the night” and call you a helicopter parent
You are screwed but not for the reason you claim. Its because you don't take any accountability for yourself. There is/was no hope for someone who does that at any point in human history. Is it fair? Nope...but it also doesn't mean you have 0 autonomy.
So when people try to take accountability in a democratic government, by changing the law to what they want through democratic means that suddenly is having no accountability for one's self?
Good lord, Silicon Valley must have lead pipes.
> You are screwed but not for the reason you claim. Its because you don't take any accountability for yourself.
That was an incredibly rude personal attack and completely unwarranted. You cannot talk to people like that here.
I won’t be discussing this with you further. Have a good rest of your week.
Excellent example of low effort cookie cutter empty rhetoric that would fit perfectly in reddit.
Do you have kids?
>> In the United States, you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using, yet somehow, the same social responsibility seems thrown out the window for parents and the web.
So anyone can walk into a shop and purchase these things unrestricted? It's not the responsibility of the seller too?
Tobacco, yes you can order pipe tobacco and cigars online sent to your house without ID.
Guns yes, you can buy a schmidt-rubin cartridge rifle or black powder revolver sent straight to your home from an online (even interstate) vendor no ID or background check, perfectly legal.
Alcohol yes, you can order wine straight to your house without ID.
These are all somewhat less known "loopholes" but not really turned out to be a problem despite no meaningful controls on the seller. You probably didn't even know about these loopholes, actually -- that's how little of a problem it's been.
>We'll try everything, it seems, other than holding parents accountable
The government took over most parenting functions, one at a time, until the actual parent does or is capable of doing very little parenting at all. If the government doesn't like the fact that it has become the parent of these children, perhaps it shouldn't have undermined the actual parents these last 80 years. At the very least, it should refrain from usurping ever more of the parental role (not that there is much left to take).
You yourself seem to be insulated from this phenomena, maybe you're unaware that it is occurring. Maybe it wouldn't change your opinions even if you were aware.
>If you want to actually protect children
What if I don't want to protect children (other than my own) at all? Why would you want to be these children's parents (you suggest you or at least others want to "protect" them), which strongly implies that you will act in your capacity as government, but then get all grumpy that other people are wanting to protect children by acting in their capacity of government?
The expectations on parents in USA are at their historical high. What are you talking on about in here. The expectation that parents will perfectly supervise them at every moment of their life till their adulthood is a.) new b.) at its historical max.
> holding parents accountable for what their children consume
There is a local dive bar down the street. I haven't expressly told my kids that entering and ordering an alcoholic drink is forbidden. In fact, that place has a hamburger stand out front on weekends and I wouldn't discourage my kids from trying it out if they were out exploring. I still expect that the bartender would check their ID before pulling a pint for them.
It takes a village to raise a child. There are no panopticons for sale the next isle over from car seats. We are doing our best with very limited tooling from the client to across the network (of which the tremendously incompetent schools make a mockery with an endless parade of new services and cross dependencies). It will take a whole of society effort to lower risks.
also there's a huge argument to be made that surveilling your kids is really really bad for their development
Yes, my spouse and I were very conscious of this. My kids are now at an age where some of the just-in-case tracking chafes and they ditch trackers and turn off location on their watch. Its a normal renegotiation that occurs as they pass through various maturity thresholds. The older of them has thusfar rejected phones and watches and uses Omarchy on an old Thinkpad.
That same argument doesn't hold water on the internet. Its a communication medium. Its like a flow of information. You don't enter or leave physically spaces. the information flows to you where ever you are. trying to apply the same kinds of laws to the internet is a recipe for disaster because you are effecting everyone at the same time.
Yes, afaik authentication is performed by applications at L7 and as such flows via Internet protocols like anything else.
All kinds of laws are applied to services provided via Internet. For example, once upon a time people said collecting sales tax was an insurmountable problem and a disaster for ecommerce. Time passes and what do you know, people figured out ways to comply with laws.
Your example focused on time and place because taxes are done at a transactional level between the person purchasing goods online and receiving those goods in physically.
Age gating is not the same thing, there is no transfer of goods. It's someone's arbitrary idea of what should and shouldn't be allowed on the internet. And it's pretty clear at this point that it's about control over information. Plenty of articles on the subject if you care to look.
Comment was deleted :(
Taxes also apply to services and information, not just goods. I just checked some invoices to double-check my recollection.
You have made a claim that age gating some online services is an "arbitrary idea." I don't see how that is different from taxes at all. Taxes are likewise an "arbitrary idea." Taxes are likewise a societal control measure.
There is no need for articles to explain a very straightforward truth. If you are unable to make the case for something, claiming unspecified writings elsewhere doesn't get you any further.
You are splitting hairs. Done. I have given you enough information that this is completely different.
We live in a technofeudalist society now, we're all at the whims of the tech corps
age verification doesn't work in favor of a tech corp like facebook as they will see some users leave, some because they don't have the age required and some because they don't want to do the verification
> We'll try everything, it seems, other than holding parents accountable for what their children consume.
The way to keep kids from eating (yummy) lead-based paint chips was not holding parents accountable to what their kids ate, but banning lead-based paint.
This tired argument again. It doesn’t work. It’s like keeping your kid from buying alcohol but all their friends are allowed to buy it. The whole age demographic has to be locked out of the ecosystem.
Well, yes. If your friends can all go 'round to David's house, where David's parents hand each child a case of beer and send them on their way, any attempt by the other parents to prohibit underage drinking is going to be ineffective. But most parents don't do that. (I've actually never heard of it.) So social solutions involving parent consensus clearly do work here.
"But it's behavioural!" I hear you cry. "What's stopping children from going out, buying a cheap unlocked smartphone / visiting their public library / hacking the parental control system, and going on the internet anyway?" And that's an excellent objection! But, what's stopping children from playing in traffic?
Yeah but it’s illegal for the parents to give the other kids beer with serious criminal repercussions. That’s why most people make sure it doesn’t happen, not just some social sense of reponsibility. You would need something similar for smartphones/social media.
That’s why most people make sure it doesn’t happen
> Were you not invited to parties in high school?
Did you forget what web site you're on?
Every high school and college freshman party I’ve been to involves some serious planning to find alcohol. It’s always hit or miss and not easy.
The US generally has strict anti-alcohol laws, with exceptions for legally-recognised familial relationships (e.g. children, spouses). The UK doesn't: its laws are restricted to "the relevant premises" (https://www.legislation.gov.uk/ukpga/2003/17/part/7/crosshea...) and "in public" (https://www.gov.uk/alcohol-young-people-law – can't find the actual law right now); but still, the behaviour I described does not occur in the UK often enough for me to have heard of it. I have, however, heard about similar behaviour from the US, where "we all go out late at night and become alcoholics" seems to be a culturally-acceptable form of teenage rebellion.
People, for the most part, have no respect for the law. They usually haven't even read the law. They have respect for what they consider appropriate or inappropriate behaviour. (Knowingly breaking the law is, in most instances, considered an inappropriate behaviour – except copyright law, which people only care about if there are immediately-visible enforcement mechanisms. Basically everyone is fine with copying things from Google Images into their PowerPoint presentations… but I digress.) Most people would object to murder, even if the law didn't forbid it. This distinction is important.
Is there a law that says "children must not play in traffic"? Probably! Haven't the foggiest idea which it would be, though. That law (if it exists) is not why children don't play in traffic. The law against giving alcohol to children (if it exists) is not why we don't give alcohol to children. We can establish similar social norms for deliberately-addictive, deceptive, dangerous computer systems, such as modern corporate social media.
We can establish social norms, but companies have a tendency to ignore those norms if it makes them money and it isn't illegal (maybe not all or even most companies, but if it's profitable, some company will do it and expand into that niche). So it makes sense to make it illegal for those companies to provide services to children, and then establish a social norm that parents won't create an account for their children/bypass the checks that companies need to do. Just like with alcohol: it is illegal for stores to sell it to minors, and they must check ID; we don't just let them shrug and say a 14 year old looked 21, and at least in the US, that would be a criminal offense. It's then socially unacceptable (and maybe also illegal) for a parent to buy a ton of alcohol so their kid can host a rager for all of their friends.
Drawing out the alcohol analogy further, you can actually buy alcohol on Amazon, subject to an ID check. I'm not sure why no one bats an eye at this, but somehow e.g. porn or other adult-only services are different.
It's long been an established, reasonable stance that it is both the parent's responsibility and decision to allow or deny certain things, and it's also illegal for businesses to completely undermine the parent's ability to act as that gatekeeper for their kids.
> So it makes sense to make it illegal for those companies to provide services to children
I'm in favour of this, so long as the restriction is narrow. Children shouldn't be on Facebook, but they should be able to participate in the RuneScape forums under a pseudonym, or contribute to Wikipedia (provided they understand the "no, nothing can be deleted ever" nature of the edit history).
However, most of the things we'd want to prohibit for children, aren't actually good for anyone. It would be much easier, in one sense, to blanket-ban the bad guys: no new accounts may be created on services like Facebook or Discord, unless they change their ways.
Just because you haven't heard of it doesn't mean it isn't common. Parents take different approaches. I had some friends parents who preferred we did it in their house where they could maintain some level of safety than us drinking recklessly in field. Others thought providing some beers was better than us buying the cheapest vodka available. And I'm sure other parents wouldn't have liked this approach if they knew about it.
I'm familiar with the "semi-supervised drinking inside" approach. "Provide beer so they don't drink cheap vodka" isn't an approach I'd heard of; it's close enough to my Poe's-law straw position to weaken my argument.
It’s weird that you blame the victim.
The real question is why do we leave it to parents or intrusive surveillance instead of holding companies accountable?
The thing is, what are the parents to do beyond restricting things? You find out some creep has been talking to Junior; do you talk to your local police department, state agency, or to the feds?
We've never properly acted upon reports of predators grooming children by investigating them, charging them, holding trials, and handing down sentences on any sort of large scale. There's a patchwork of LEOs that have to handle things and they have to do it right. Once the packets are sent over state lines, we have to involve the feds, and that's another layer.
Previously, I would have said it's up to platforms like Discord to organize internal resources to make sure that the proper authorities received reports, because it felt like there were instances of people being reported and nothing happening on the platform's side. Now, given recent developments, I'm not sure we can count upon authorities to actually do the job.
Back in the day you would beat up that person.
> The thing is, what are the parents to do beyond restricting things?
Well, I can't speak for parents (as in all parents). I can, however, tell you what we did.
When two of my kids were young we gave them iPods. The idea was to load a few fun educational applications (I had written and published around 10 at the time). Very soon they asked for Clash of Clans to play for a couple of hours on Saturdays. We said that was OK provided they stuck to that rule.
Fast forward to maybe a couple of months later. After repeated warnings that they were not sticking to the plan and promises to do so, I found them playing CoC under the blankets at 11 PM, when they were supposed to be sleeping and had school the next day.
I did not react and gave no indication of having witnessed that.
A couple of days later I asked each of them to their room and asked them to place their top ten favorite toys on the floor.
I then produced a pair of huge garbage bags and we put the toys in them, one bag for each of the kids.
I also asked for their iPods.
No anger, no scolding, just a conversation at a normal tone.
I asked them to grab the bags and follow me.
We went outside, I opened the garbage bin and told them to throw away their toys. It got emotional very quickly. I also gave them the iPods and told them to toss them into the bin.
After the crying subsided I explained that trust is one of the most delicate things in the world and that this was a consequence of them attempting to deceive us by secretly playing CoC when they knew the rules. This was followed by daily talks around the dinner table to explain just how harmful and addictive this stuff could be, how it made them behave and how important it was to honor promises.
Another week later I asked them to come into the garage with me and showed them that I had rescued their favorite toys from the garbage bin. The iPods were gone forever. And now there was a new rule: They could earn one toy per month by bringing top grades from school, helping around the house, keeping their rooms clean and organized and, in general, being well behaved.
That was followed by ten months of absolutely perfect kids learning about earning something they cherished every month. Of course, the behavior and dedication to their school work persisted well beyond having earned their last toy. Lots of talks, going out to do things and positive feedback of course.
They never got the iPods back. They never got social media accounts. They did not get smart phones until much older.
To this day, now well into university, they thank me for having taken away their iPods.
So, again, I don't know about parents in the aggregate, but I don't think being a good parent is difficult.
You are not there to be an all-enabling friend, you are there to guide a new human through life and into adulthood. You are there to teach them everything and, as I still tell them all the time, aim for them to be better than you.
This reads like something I'd find on /r/LinkedInLunatics, all the way down to the one-sentence/thought-per-line formatting.
My parents took the same approach and it helped, but I will anecdotally point out that kids have played video games under covers for a while, even when I was young, I remember getting in trouble for playing this spyro game n' watch clone from mcdonalds at night, or gameboy with one of those lamps that plugged into the serial port. When I become a parent, I think I'd feel understanding of something like this, but would likely still only give them access to hardware like cell-enabled apple watches or DSes. The issue I take with modern games like CoC is that they are psychologically engineered to be mentally harmful, and push you to spend real money on fake things. I've seen many peers who were engaged in CoC as kids get into online gambling and sports gambling recently, it doesn't sit right.
> The issue I take with modern games like CoC is that they are psychologically engineered to be mentally harmful
Precisely. I am not saying I am perfect as a parent or that this was the best possible approach to the situation we had. Nobody is and perfect parenting is an absolute myth.
I knew full well just how addictive gaming could be because I experienced it in my 20's. Needless to say that the "shock and awe" consequence to their deceit was not the result of a single data point. We had been seeing changes in behavior over time (six months or so). The objective was three fold: Take away the device that delivered the addictive behavior. Take away something of value to them. Make them earn it back with positive behavior.
The decision was not planned and the consequences were not communicated in advance. Few things in life are like that. Sometimes people discover the consequences of their actions (or understand them) when they are sprung on them because of something they did. Drunk driving being one possible (though not perfect) example of this.
In this case, it worked. Perhaps we got lucky. Not sure. I also did highlight that I cannot speak for all parents. I did the best I thought made sense at the time. Based on the outcome, many years later, I can say it worked.
To the critics on this thread: Your mileage may vary. Some of the comments sound juvenile, perhaps you'll understand if you ever become a parent and face similar circumstances. Then see what you think of someone who thinks they know better from behind a keyboard than you did in the moment and without having to be responsible for the outcomes (which is a multi-year commitment).
You probably figured, but I am likely the same age to your kids, I agree that the similar "shock and awe" nature with which my parents treated this stuff was warranted, and in fact I wish they went a little further, but even hiding the batteries to all devices and only allowing them out for a couple hours a day was progress. The problem I see coming my way is that the cultural monolith has degraded to the point where an online kid and offline kid can't coexist, it was already pretty strained when I was a high school student in the '10s, isolation isn't the answer, and in my own experience while one can tolerate being "weird", the lack of a shared culture is often dislocating. At this point I'm just hoping there's somewhere I could find with with like-minded parents
What you highlight here is a vexing modern problem. Today, my kids, between 20 and 27, actively socialize with friends through gaming. Seen in isolation gaming is a monumental waste of time. However, there's this social element that I think is pervasive today that cannot be ignored.
Dating myself, I fully experienced the negative side of gaming back around the time of games like Duke Nukem, etc. I worked nights for a few years. I'd get home at 2 AM fully awake from having driven home. I'd sit down and play for four hours, maybe more. No social element at all in those days. I quick when I started to have nightmares and realized it was because of the games. Decades later, with kids, there was no way I was going to let a ten year old destroy their brains with an addictive substance in the form of a game.
Going back to culture and socialization, I don't really know what the answer might be today, much less in the future. Maybe AI friends will be crucially important (I shudder to think this could be true). Some of it comes down to family structure and dynamics. Our cultural makeup means that we are very often in family-and-friends gathering with 20 to 50 people. That does help kids relate to humans more than keyboards, yet the danger is still there.
Maybe this is where schools might need to become far closer to community organizations than (sorry, I have to...) centers for indoctrination. I attended private school most of my young life. One of the interesting aspects of this is that the parents all knew each other and socialized. We would go to each others homes, throw parties, travel together, etc. This is very different from the (again, I'm sorry, I must...) typical US school-as-a-cattle-ranch approach where you have a high school with 4000 students. I know I am being very opinionated and maybe a bit elitist due to my young experience, it should be noted that this was in a third world country...so, when I say "private school" the reader should not imagine what that might mean in the US.
My point is that things are becoming very complex at a social level and we, as a society, need to make sure that kids grow up to be solid adults. Today there are so many opportunities for them get lost in screens that I truly don't know what social problems might come out of this mess. Games are but one part of it.
The issue with any parent's narrative, including yours, is that it's one-sided. We'd need the story told by the children-turned-adults to make any fair judgement. Some people are going to say what their family wants them to hear and only open up to professionals or a neutral third party.
> We'd need the story told by the children-turned-adults to make any fair judgement.
True enough. Of course, you are not going to get that in this case. All I can say is that those commenting here about potentially cataclysmic consequences are likely precisely the kind of people who will practice the kind of soft "friend class" parenting that can result in really troubled kids. If they even have kids at all, because some of the comments by others sound infantile.
The other narrative that is utterly false is that of role models in the negative sense. Almost all of you are one or two generations away from a culture and style of parenting where beating the kids was considered normal and even good parenting. An era where teachers beating kids in school was also normal and accepted. And yet, that has largely not survived the generational divide except in some segments of some cultures.
Raising kids and being a role model isn't a matter of single events or experiences, it is, like most other things in the human condition, a matter of building a relationship over time and understanding that life usually is a rollercoaster ride, not a straight-and-flat road.
Thanks for responding, and I don't disagree.
> I explained that trust is one of the most delicate things in the world
> lies to own children about throwing their toys away
I can't tell whether "destroying all your favorite toys" was a clear expectation the kids already had as a possible outcome of their choices. __________
1. Teach children about consequences... by using clear expectations, timely feedback, and proportional responses.
2. Teach children about consequences... by allowing wrongdoing to become a festering mess until it "justifies" some big punishment that comes as deliberate emotional trauma and surprise.
Separately from asking which one is more "effective" at conditioning an immediate behavior, each choice also affects how those kids are going to behave when they are in any position to set and enforce rules. Being a role-model is hard.
its like the food industry blaming parents, sugar like apps/games are designed to be addictive to the point they are act like a drug, stop the drug dealer, not the consumer.
Blaming parents is a bit unwarranted, when on the other end we have business interests driven by perverse incentives of predating on children’s gullibility for their own profit.
When you say “We‘ll try everything” that is simply not true, in particular what we do not try is strict consumer protection laws which prohibits targeting children. Europe used to have such laws in the 1980s and the 1990s, but by the mid-1990s authorities had all but stopped enforcing them.
We have tried consumer protection, and we know it works, but we are not trying it now. And I think there is exactly one reason for that, the tech lobby has an outsized influence on western legislators and regulators, and the tech industry does not want to be regulated.
It is literally the parents responsibility. You want to blame someone else. Raising a kid doesn't mean letting society raise them you have to make tough choices.
If parents can't handle that they can give them up to the state.
It is literally a platform's responsibility to make sure they are being used responsibly, as well?
Imagine a gun range that was well aware that their grounds were being used in nefarious ways. We'd shut it down. A hospital that just blindly gave out pain killers to anyone that asked. We'd shut it down.
Does this mean that a zero tolerance policy is what should be used to shut things down? I don't think so. We have some agency to control things, though.
I am not gonna blame parents while businesses are allowed to target children with ads about the newest mobile game. Children are very easy to influence, and this is exploited heavily by the tech industry, who shower children with advertising. This is predatory behavior, which the legislator and the regulator of western governments (including Europe) has allowed to proliferate.
We cannot expect every parent to be able to protect their children when they are being predated on by dozens of multi-million dollar companies, and the state is on the side of the companies.
> I am not gonna blame parents while businesses are allowed to target children with ads about the newest mobile game.
Those kids shouldn't even have a mobile device to play said game. That's where the parents can, and should, make a difference: don't let your kid even have a smartphone in the first place.
Kids also tend to disobey, and whine about it. Sure you can say parents should be strict and thorough, but you can’t expect 100% of parents (who are often tired from a hard day at work) to be 100% diligent 100% of the time.
And the reason we have these ads is that corporations are hoping that the kids will indeed disobey, and whine constantly at their parents, until they have their way (as directed to by the targeted ad). There was a good reason why targeting kids in ads used to be illegal in Europe.
> "to target children with ads about the newest mobile game"
They aren't. The target for those games are middle aged, "middle class" women. Especially childless women. You just don't realize that the loud sounds and bright colors appeal to another demographic other than children. Usually those games are terrible for (as in the children don't like them) children. Its because those are usually pay to win games and adults can just out-spend them (and the adults are often terrible winners).
>Children are very easy to influence, and this is exploited heavily by the tech industry, who shower children with advertising
The parents' job is to say no. If they're letting themselves be influenced too, that's bad parenting.
Are you a parent? This isn’t bait or some lame attempt at “as a parent…” but it is important for how I construct my response.
And it is the job of the legislator to tell conflicting interests no. If they are influenced by lobby groups, that’s a bad government.
Comment was deleted :(
> We'll try everything, it seems, other than holding parents accountable for what their children consume.
You've missed the point. No legislator or politician cares about what the parents are doing.
What they care about is gaining greater control of people's data to then coerce them endlessly (with the assitance of technology) into acting as they would liike. To do that, they need all that info.
"The children" is the sugar on the pill of de-anonymised internet.
[dead]
Ah, the abstinence theory of protection. How it continues to rear its ugly head.
Why this utter drivel is the top comment is beyond me, unbelievable.
That is not what the post you are replying to is advocating for at all - try reading it one more time without so much hostility
Can you offer some rebuttal to give some credence to your point?
A physical realm that is safe for children to explore in their own is clearly preferable to one where it’s transgressive to let a child go outside without an escort.
It is plausible that the same applies to the digital realm.
If we're going to do this at all, it should be on the device, not the website/app. Parents flag their child's device or browser as under 18, and websites/apps follow suit. Parents get the control they're looking for, while service providers don't have to verify or store IDs. I guess it's just more difficult to pressure big dogs like google/apple/mozilla for this than pornhub and discord.
I’ve wondered if a age verification gig worker app could ever be viable: have people you can meet in person to prove your age without ever uploading any PII anywhere. Then issue a private key proving you are who you say you are.
Yeah vchip style with ratings, with a setting to hide unrated sites. A simple header. Done. Have all the browsers/os support it - easy peasy.
This sounds pretty reasonable to me. What am I missing?
It doesn’t come with a ton of PII you can sell to data brokers.
Looking at actual data regarding Australia's landmark legislation setting a minimum age of 16 for social media access with enforcement starting on December 10, 2025 indicates weakened data protection. The Australian data suggests that while the legislation has successfully cleared the decks of millions of underage accounts (4.7 million account deactivations together with increased VPN usage and "ghost" accounts to bypass restrictions), it has simultaneously forced platforms to rely on third-party identity vendors, with the following failures so far:
1) Persona (Identity Vendor) Exposure (Feb 20, 2026): researchers discovered an exposed frontend belonging to Persona, an identity verification vendor used by platforms like Discord. This system was performing over 260 distinct checks, including facial recognition and "adverse media" screening, raising massive concerns about the scope creep of age verification.
2) Victorian Department of Education (Jan 2026): a breach impacting all 1,700 government schools exposed student names and encrypted passwords. This is a primary example of how child-related data remains a high-value target.
3) Prosura Data Breach (Jan 4, 2026): this financial services firm suffered a breach of 300,000 customer records.
4) University of Sydney (Dec 2025): a code library breach affected 27,000 people right as the new legislation was rolling out.
It is quite interesting that, according to a generally reliable YouTuber, Australian age verification was pushed by an ad agency whose major clients were upset about upcoming legislation regulating online gambling. It was a very successful distraction.
> Australia's Social Media Ban is a Win for Gambling Companies
https://www.patreon.com/posts/146315894 (supporting links and transcript)
https://www.crikey.com.au/2025/12/12/pro-teen-social-media-b... (the smoking gun)
There are alternatives to ID verification if the goal is protecting children.
You could, for example, make it illegal to target children with targeted advertising campaigns and addictive content. Then throw the executives who authorized such programs in jail. Punish the people causing the harm.
If targeting children with advertising got corporate execs thrown in jail, wouldn't the companies just roll out age verification for users like they do now? How would this rule change their behavior? They have to know who the children are to not target them.
Stronger punishment creates more of an incentive to age verify. Which is basically why it's happening now.
> They have to know who the children are to not target them.
There is a difference between identifying specific children, and running programs that target children more generally; and / or having research that shows how your product harms children, and failing to do anything to stop it. We can tackle both of those issues without requiring age verification. We're headed down the path of age verification because we know now that not only is social media harmful, it's especially harmful to kids, and has been specifically targeted to them. Those are things that can be fixed, regardless of how you feel about age verification. Its not different than tobacco being not allowed to create advertisements for kids; its the same type of people doing the same types of things in the end.
At least then it wouldn't be the government requiring it, is what people may think I imagine.
The problem is private companies being extensions of what the government wants to do, like all of the surveillance tech in the US right now basically eviscerating the fourth amendment since they willingly hand over their data to the government without even a court order in many cases.
How about instead of protecting the kids we protect everyone and do something to stop these gargantuan companies from driving engagement at any cost in order to rake ad revenue.
I’ve never met a single person who believed Facebook was a force for good. Why allow it to exist in its current form at all.
If these companies are the new town square then make a real online town square run by the government people can use if they so choose and then break up the monopolies that are destroying the fabric of all the societies on the globe.
We never in a million years should have allowed these companies to establish global scale communications platforms without the ability to properly moderate them with human intervention and that’s not even to speak of the actual nefarious intent they possess to drive engagement and the anti democratic techno feudalist sickening shit we see from their CEOs like Thiel et al.
They are a plague on our species that makes sport betting apps look like childs play.
To avoid your proposed punishment, they will implement things like ... ID verification.
Easy solution: Ban all targeted advertising, regardless of age.
Banning targeted advertising doesn't help against pornography.
Then ones who won't will become the preferred choice
It isn't about the kids, they are just the smoke and mirrors.
I think this is true, it’s more about enabling a surveillance apparatus with plausible deniability built in.
The funny thing is, just like how politicians have been led to believe that AI data centres create jobs, politicians think this system can be managed responsibly so that only they can get access to its data [0].
[0] https://cybernews.com/security/global-data-leak-exposes-bill...
Facebook advertises outright scams and nobody manages to punish them for that.
>Then throw the executives who authorized such programs in jail.
Gee, I wonder if the executives who are suspected of doing such things haven't spent the last 100 years building the infrastructure necessary to avoid charges, let alone jail time? Large corporate legal departments, wink-wink-nudge-nudge command and control hierarchies where nothing incriminating is ever put into writing, voluminous intra-office communications that bury even the circumstantial evidence so deeply no jury could understand it even if the plaintiffs/state could uncover it, etc.
Anyone over the age of 12 that thinks corporate entities can be made to be accountable in a meaningful way is more than naive. They are cognitively defective. Or is it that you realize they can't be held accountable but you'd rather maintain the status quo than contemplate a country which abolished them and enforced that all business was the conducted by sole proprietorships and (small-n) partnerships?
For a while it was thought that we could never bring back anti-trust.
Sure, there's a lot of corruption right now. Doesn't have to stay that way.
>For a while it was thought that we could never bring back anti-trust.
Ah. I see, you believe that the godzilla monsters are useful and that you know how to make leashes for them that will definitely work this time.
The purpose of a system is what it does.
Undermining data protection and privacy is clearly the point. The fact that it's happening everywhere at the same time makes it look to me like a bunch of leaders got together and decided that online anonymity is a problem.
It's not like kids having access to adult content is a new problem after all. Every western government just decided that we should do something about it at roughly the same time after decades of indifference.
The "age verification" story is casus belli. This is about ID, political dissent, and fears of people being exposed to the wrong brand of propaganda.
> The purpose of a system is what it does.
How far does it go? Are all bugs features? Shall we assume that Boeing (via MCAS) and Ford (via the Pinto) were trying to kill their passengers? There's a difference between ulterior motive and incompetent execution of expressed intention.
You are missing the profit driven angle. Age verification companies and their lobbyists are pouring massive amounts of resources into lobbying for mandatory age verification. And the reason why can be pretty simple. They get richer of off violating people's privacy, especially when those privacy violations are legally required.
Exactly. So many comments here about technical solutions are missing the underlying government/authority problem, or are actively a part of it.
> The fact that it's happening everywhere at the same time makes it look to me like a bunch of leaders got together and decided that online anonymity is a problem.
"People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public." - Adam Smith
No, this is proven false by reducing this theory to the individual level. Anyone who has tried to design/imagine -> actually build something, be it an artist, architect, song writer, programmer, or otherwise, knows there is inevitably a gap between design and realization. No one involved in that process would at any point consider the gap to be part of its “purpose”.
People do hide their intentions but that doesn’t give us a license to reduce complex system dynamics to absurdities.
Bugs get fixed when systems are iterated on. They also tend to be single results from single mistakes, not compound end results of the implementation.
Design features tend to persist.
The phrase/idiom "the purpose of a system is what it does" maps best to situations where a multiple decisions within a system make little sense when viewed through the lens of the stated purpose, but make perfect sense if the actual outcome is the desired one.
It is an invitation to analyze a system while suspending the assumption of good faith on the part of the implementors.
> Bugs get fixed when systems are iterated on.
It’s not that simple. Especially not in politics but even in the domain you’re referencing, have you ever seen Mozilla’s bug tracker? Once your project is so big and involves so many people you move beyond fixing everything you want.
There may be central planning at play, in this case I assume there is, but to claim it necessarily is relies on an oversimplification that doesn’t exist in human political machines that are a giant ship of theseus essentially. There’s no identity -> management capacity proven anywhere enough to make that kind of claim. Institutions inherit and have emergent behavior driven by the dynamics of their constituents/individuals. That includes the inability to create imagined outcomes reliably. The platonic intent and physical regimes cannot be integrated.
There is missing a solution.
Give our personal devices have the ability to verify our age and identity securely and store on device like they do our fingerprint or face data.
Services that need access only verify it cryptographically. So my iPhone can confirm I’m over 21 for my DoorDash app in the same way it stores my biometric data.
The challenge here is the adoption of these encryption services and whether companies can rely on devices for that for compliance without having to cut off service for those without it set up.
The real problem with this is that the ultimate objective isn't age verification, it's complete de-anonymization. I think different groups want this for different reasons, but the simple reality is that minimizing the identify information transferred around is antithetical to their goals.
If we create age verification tools with strong privacy protections that solve the problems they raise, we can can call their bluff.
If we fight every and any solution, we may end up with their solution, becauase they build it. We end up in the position of saying "don't use the thing they built" without offering alternatives. I'd rather be saying "use whatbwe built, ita is better."
Is it though? Do you have any proof that is the case?
Google/Apple already know where you and your mistress live. In case you pay for any service, they've got your identity too. Ever had a single shipment confirmation to your address come to your mail? They know who you are.
The hardware providers already have the information. You only need to make them reveal it to 3rd parties.
We should be banning groups from collecting age related information, and not requiring it. And we definitely should not be forcing companies to share that information with third parties.
I think this is what my German electronic ID card does. The card connects to an app on my phone via NFC, a service can cryptographically verify a claim about my age, and no additional info is leaked to the service provider or the government.
But that doesn't verify that the person using the ID is the person that it was issued to.
Its better than what we have now. Maybe using the ID could require a PIN code if we wanted to enhance security.
That's already the case for the German Id, you need a PIN to do anything online with it.
I think this is actually the correct way to move forward.
We should be able to verify facts about people on the internet without compromising personal data. Giving platforms the ability to select specific demographics will, in my view, make the web a better place. It doesn’t just let us age restrict certain platforms, but can also make them more authentic. I think it’s really important to be able to know some things to be true about users, simply to avoid foreign election interference via trolling, preventing scams and so much more.
With this, enforcement would also be increasingly easy: Platforms just have to prove that they’re using this method, e.g. via audit.
ISO/IEC 18013-5 (Personal identification — ISO-compliant driving licence — Part 5: Mobile driving licence (mDL) application) is a potential solution for this. https://www.iso.org/obp/ui/en/#iso:std:iso-iec:18013:-5:ed-1...
It would allow someone with an mDL on their device to present only their age instead of other identifying information.
Yes. I think it’s this + policy.
And that your iPhone and other devices become more restrictive if this is not implemented.
I presume most devices in the world do not have a solution to this (desktop windows computer for instance).
I’m not sure if it’s a good idea for like every porn website in the world to require a secret enclave to work. But this sounds better to me than storing users photo ids in an s3 bucket
So now I'm not allowed to choose what software runs on my personal computing device with a cellular module?
This kind of solution couldn't come soon enough. It will also enable us to verify humanity and have bot-free spaces on social media again. I wrote about this here: https://blog.picheta.me/post/the-future-of-social-media-is-h...
The solution has always been there: Assume everybody is an adult.
The only reasonable way to deal with children on the Internet is to treat Internet access like access to alcohol/drugs. There is no need for children to access the Internet full stop.
Internet is a network in which everything can connect to everything, and every connected machine can run clients, servers, p2p nodes and what not. Controlling every possible endpoint your child might connect to is not feasible. Shutting the entire network down because "won't somebody please think of the children" is not acceptable.
And, don't let them trick you. This is the endgoal. An unprecedented level of control over the flow of information.
So you would deny children the greatest source of knowledge in the history? I have learned math and programming thanks to unlimited access to the web and would not be where I am without it.
>So you would deny children the greatest source of knowledge in the history?
Absolutely.
This is much better than destroying "the greatest source of knowledge in the history" to make it safe for kids.
This is a false dichotomy. We do not need to do neither. The parents are responsible to keep their children safe on the internet.
>I would not be where I am without it
First of all, you cannot know that, since plenty of people before you learnt that stuff from libraries.
>So you would deny children the greatest source of knowledge in the history?
Yes, because other sources of knowledge exist and are much more appropriate for children. It is also the greatest source of despicable stuff in history. When you turn 18, have fun exploring the world wide web.
> And the only way to prove that you checked is to keep the data indefinitely.
This is a false premise already; the company can check the age (or have a third party like iDIN [0] do it), then set a marker "this person is 18+" and "we verified it using this method at this date". That should be enough.
Doesn't matter, I've already had to provably identify myself, the information is a) out there b) will be used and stored, and c) will be abused
and there is nothing I or the few (in terms of power) well-meaning government and corporate actors can do to change that.
And how do they prove to me they (and no 3rd party providers) aren't actually storing the data? I simply don't trust companies telling me they won't store something, so to me the only acceptable option is the data to never leave my device.
If third party does verification with ZKP, you only need to trust that third party. The company that requires verification will not have any data to store.
Nope, as the article notes, it is actually almost never enough because it does not stand up to legal scrutiny. And for good reason: there's no way to conclusively prove that the platform actually verified the user's age, as opposed to simply saying they did, before letting them in.
Most of this debate makes more sense if the actual goal is liability reduction, not child safety. If it were genuinely about protecting kids, you'd regulate infinite scroll and algorithmic engagement optimization, not who can log in.
If the US really cared about child safety they'd go after people in the epstien files.
As we can see from this user who has fallen ill with Epstein Brain, the real victims of social media algorithms are actually adults.
He is currently prepping to overthrow his local Pizzeria while the rest of us argue as if social media even exists anymore (it doesn't, it's just algorithmic TV now).
Judging by your recent posting history, you spend an awful lot of time telling people to stop trying to hold pedophiles accountable. I wonder why that is.
Please seek help.
Most people have only a light grasp of what infinite scroll and algorithmic engagement optimization means. They know they like the scrolling apps more, but it takes a bit of research and education to really understand the specific mechanics and alternatives. We get this well as tech literate but many people using these apps today, are neither tech literate, nor even remember a world before infinite scrolling media was a thing. It seems incredibly obvious mechanism but I've explained it to people, and it takes a few times for it to really sink in and become a specific mental model for how they see the world.
I think it's because there's always a group of nosy busybodies finger-wagging about protecting the children and we have to do decorative theatrics to satiate whatever narratives they've convinced themselves of
This is a group particularly beloved by politicians, because you can pretty much use them as a smokescreen whenever you want to pass authoritarian legislation...
I bet that the Chat Control lobbyist groups are involved to some degree, as they tried to require age verification in Chat Control before it was shot down. They probably haven't given up after that defeat.
I'm happy they don't because they don't know what they're doing. Hopefully countries prioritizing public health will implement a social media ban for the vulnerable population which gives them some time to grow up without all that garbage poisoning their brains. Then when they're 16 or whatever age, hopefully by that age we'll have realized that this is actually like cigarettes and everyone, all age groups treat it like that.
Better than muddying the waters trying to make it less addictive but then letting them on there when their brains aren't ready.
If the concern is time-wasting, even having upvotes or likes and sorting on them is plenty engaging. I spent thousands of hours as a teenager on Reddit, HN, and the old blue Facebook chronological feed.
Pretty sure they’re doing both of those things but it takes a long time for the regulation to reach the final stage
Interestingly, regulating these would be good for adults as well. A lot of these very large online companies enjoy an asymmetric power advantage. We should aim to protect ourselves against them, in addition to our children.
I think this would be good for everybody, not just kids. It doesn't even have to be complicated: Just that after a certain amount of time scrolling/watching, put in a message asking if it's maybe time to stop with some information about how these algorithms try to keep you for as long as possible. Maybe a link to a government page with more information.
It doesn't have to be perfect and there will of course be easy workarounds to hid the warnings for people that want. The goal is to improve the situation though, not solve it perfectly. Like putting information about the dangers of smoking on packages of smokes; it doesn't stop people from smoking but it does make the danger very easy to learn.
Some platforms did display notices like this for a while, but I noticed that they stopped the practice after a few months.
Shouldn't the verification be other way around? That is, you need to prove that you are a child. Then the site can present you more strictly filtered content. Parent can sign child's device on first boot, token stored in TPM so that it's hard to remove.
It's basically the same type of enforcement on sites, as they need to verify and filter content for children, or just block them. Most of the internet users are adults, why not make internet for adults by default.
So you want porn on every web site and have kids prove that they're kids by issuing their school card (because they won't have a real id yet) so the porn get hidden for them or so they get entirely banned from the system?
Nobody's ever gonna show an id to get banned from a website.
Do you see porn on every website right now, since we don't have widespread verification yet? The internet was designed for adults from the start, only in recent years we got a significant portion of kids on it.
The thing is that if you are a kid, your device would be bought and signed by your parent, you have no way of refusing to show ID cause device does it automatically. Of course there is a problem that children could use parent's phone but that's also a way to circumvent current age verification propositions.
The idea is just to sign device once for a kid and let them use it without constant worry.
[dead]
Big tech likes this because there are a lot more face recognition technologies in the wild in real life and being able to connect all real life data to online data is quite valuable. It's also quite possibly the largest training set ever for face recognition if ids are stored and given how ids and images are sold across many companies it seems very high probability that some company will retain the data rather than delete after use.
China (and US via latin american countries and it's own poor people ...via benefit programs access via id.gov) is testing both biometrics and device id to evaluate pros and cons, and to merge data, when it come to autocratic control.
In china there are places to scan you device and get coupons. usually at elevators in residential buildings so they can track also if you're arriving or leaving easily.
In the US every store tracks and report to ad networks your Bluetooth ids. and we know what happens to ad networks.
US now requires cars to report data, which was optional before (e.g. onstar) and china joined on this since the ev boom.
the public id space is booming.
> US now requires cars to report data, which was optional before (e.g. onstar) and china joined on this since the ev boom.
This isn't true, there is no federal requirement for a cellular modem in cars. Most modern cars have one, but nothing prevents you from disabling or removing it. I certainly would not tolerate such a "bug" in by car.
> In the US every store tracks and report to ad networks your Bluetooth ids.
This also isn't true, modern phones randomize Bluetooth identifiers. I personally disable Bluetooth completely.
read the connected vehicle laws. the intent was to forbid Chinese components. the actual effect is that even allowing to connect your phone will require full certification, at which point the manufacturer is financially motivated to not offer options without the telemetry they can sell to equifax et al (just like happened with smart tvs). So, yes, in practice all US cars will have radios, unless you specifically order a custom model.
and yeah, your phone gives all the deniability and randon ids, etc. but if you allow apps to access location it's game over. also, just go see that google sells one option where you pay by people who saw you ad physically entered a store. (ps: sadly, I implemented the DSP side of this)
> even allowing to connect your phone will require full certification
I am not sure I understand this.
I am aware that manufacturers benefit from spying on people through car telemetry, or else they would not shoulder the cost of providing a cell plan. But, I, the owner of the vehicle, have every right to literally cut the cord (or simply unplug and remove the cellular modem).
> and yeah, your phone gives all the deniability and randon ids, etc. but if you allow apps to access location it's game over.
I don't. I run GrapheneOS (fully degoogled), and the only apps allowed to access location services are OSMand and a self-hosted Home Assistant instance. Of course that does not change the fact that millions of other people are being spied on.
So don't use big tech. No one needs discord, or porn, or social media. But this is not the answer. The answer is fighting to change the laws. And we can start changing the laws by boycotting big tech. Laws are changed by money flows, not ideology.
Even if you design the perfect system, kids will just ask parents for an unlocked account, many parents will accept, myself included. My kids have full access to the internet and I never used parental control, I talk to them. Of course, I don't want to give parenting advice, that would be presumptuous. But, my point is that a motivated kid will find a way, you have to "work" on that motivation.
Many of the worst present on the internet is not age gated at all, you have millions of porn websites without even a "are you over 18" popup. There are plethora of toxic forums...
Of course it's a complex problem, but the current approach sacrifice a lot of what made the internet possible and I don't like it.
The solution is education. The most well adjusted kids I've seen are told flat out about the risks they'll face and, in general, helped to understand there are break points where things get too serious for them to try to deal with on their own.
I think that if you block all porn, social media, etc. all that does is create an opportunity for kids to be shifted to platforms controlled by bad actors. Adults fall victim to pig butchering schemes where they're given 100% fake investment apps that look completely real and they don't realize they're getting scammed until they try to get their money out of the system. There was a story in Canada about a guy and his daughter that thought they had $1 million in savings and it was a pig butchering scam with a fake app.
Are kids today equipped to deal with that? What happens when someone tells a kid to get app XYZ because it's un-moderated, but that app is controlled by a bad actor? Imagine a Snapchat like platform promising ephemeral messaging with simple username / password on-boarding so parents don't see account creation emails, but the app is run by organized crime.
I don't even know how you handle it if they manage to normalize the idea of children sending ID to random platforms. In addition to getting platform shifted and exploited, kids will be vulnerable to sending their real ID to bad actors.
The whole thing seems insane to me. Spend some money on education. That's the only long-term option.
> Many of the worst present on the internet is not age gated at all, you have millions of porn websites without even a "are you over 18" popup. There are plethora of toxic forums...
This is what I find most insane about the UK's age verification law. It's literally so easy to find adult content without proving your age... You can literally just type in "naked women" into a search engine and get porn...
To call it ineffective would be an understatement. Finding adult content on the web almost just as easy as it's always been. The only thing it's made harder is accessing adult content from the normie-web – you can't access porn on places like Reddit anymore, but you can access porn on 4chan and other dodgy adult sites.
If the argument is "think about the kids" there are more effective ways to do it... Requiring device-level filtering for example would likely be more effective because it could just blacklist domains with hosting adult content unless unrestricted. It would also put more power in the parents hands about what is and what isn't restrict.
>Some observers present privacy-preserving age proofs involving a third party, such as the government, as a solution, but they inherit the same structural flaw: many users who are legally old enough to use a platform do not have government ID.
So there is absolutely no way to change that and give out IDs from the age of 14? You can already get an ID for children in Germany https://www.germany.info/us-de/service/reisepass-und-persona...
This is a problem that has to be solved by the government and not by private tech companies.
This is a lazy cop out to say "we have tried nothing and we are all out of ideas"
I'm not convinced age restrictions like this are a good idea. But yeah, the non-availability of IDs in the US is a self-inflicted problem.
Another example where this plays a role are voter registration and ID requirements for voting in the US. It is entirely bizarre to me how these discussions just accept it as a law of nature that it's expensive and a lot of effort to get an ID. This is something that could be changed.
You may underestimate the levels of classism and racism in the US. Go on and bring up a conversation about it and you'll eventually get someone talking about how that would be socialism and we can't do that.
When one of the only two political parties does not want everyone to vote (cause they’d lose every election) you get what we got…
The problem is not that we aren’t doing age verification, it’s that a group of authoritarians are trying to force mandatory implementation of age verification (and concomitant removal of anonymity). That’s the problem.
It seems like the solution is to provide an age verification mechanism with robust privacy protections. That way when we offer a solution that works for all of their states concerns, if they disagree with the privacy preserving approach we force them to say outright "I want to keep a record of every website you visit."
Unfortunately not. They will use even the most privacy preserving protocol to push remote attestation of end devices. Which in itself is a stepping stone making their next steps much easier.
Why would they say that is necessary?
They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs. In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance. In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...
Hrm that does seem suboptimal. There have got to be better approaches available to us through cryptography.
I don't understand how such a thing could be possible. Privacy is inherently gone, even if the third party doesn't learn your real name.
Anonymity is a myth. I am sure by now an LLM can figure out who you are and where you live by your HN posts alone.
Do it then
I nave never, and will never, use AI on my own accord.
> This is a problem [..]
(This is a genuine question) please could you describe the underlying problem that age verification is attempting to solve?
Not my point in the comment but my personal opinion:
To regulate access to addicting material. This is done in the physical world - why should digital be lawless when it applies to the same human behaviors?
I've been addicted to a lot of digital media parts in harmful ways and I had the luck and support to grow out of most of it. A lot of people are not that lucky.
I don't think that's what the original comment was discussing at all...
If governments want to require private companies to verify ages, those same governments need to provide accessible ways for their citizens to get verification documents, starting from the same age that is required.
Comment was deleted :(
What problem? I don't think internet websites and apps actually need to know the face, age, or name of their users if their users don't want to provide that information. With exceptions for things like gambling websites.
Why should gambling be the exception? One could argue other app-based vices are just as bad, if not worse.
Crippling debt from unwise impulsive gambling by a teenager is probably worse than whatever occurs from a teenager scrolling Twitter all day.
The latter may not be great, but eating potato chips all day also probably isn't, and I don't think the government should outlaw minors eating potato chips. Plus it's variable: some get positive, educational, pro-social, productive outcomes from social media and some don't. Gambling is always bad in the limit.
A simple rule could probably be that if a website can make you lose over $200 of real money, it should probably require age verification. I don't see why other things should.
> Crippling debt from unwise impulsive gambling by a teenager is probably worse than whatever occurs from a teenager scrolling Twitter all day.
The cynic in me says that's not why governments want identity confirmation for gambling websites. It's so you can't dodge the taxman
That's true. It's probably at least 50% the latter. And I don't really blame them.
I strongly oppose any form of "age verification" involving uploading your ID. That's just asking for a data breach.
There are options that don't involve any ID uploads whatsoever.
That's not what this user was talking about.
For example, with a German ID you can provide proof that you are older than 18 without giving up any identifying information. I mean, nobody uses this system at the moment, but it does exist and it works.
Does the German ID system know what you are trying to access? Based on the requestor.
It costs money. Getting an ID here costs about 5% of minimum wage if you order it online + travel (you still have to travel there for the photos and pickup). It costs even more if you apply in person.
You could buy 19 gallons of milk for that money (80 liters).
So do you buy an ID every month or can we depreciate that over 15 years?
Not unless you are offering to front everyone that money for no interest.
Providing every citizen an ID every X years at no cost does seem like good policy.
You have to get a new one every 5 years.
Really more so than money is the amount of time. Sitting at the DMV for half a day, and that is with an appointment, really sucks.
German immigrants can’t get an ID, sometimes for years
> So there is absolutely no way to change that and give out IDs from the age of 14?
If that happened in the US, Republicans would then:
1. Insist that non-white children carry ID at all times
2. Operationalize DHS and ICE to deport non-white children to foreign concentration camps.
Exactly right. Also, better to be overly restrictive here given the well documented harms of social media on young minds. If the law stipulates that you must be 15 to obtain social media access, and most people don't get their IDs until 18, then most people will stay off social media for another three years: no big deal.
I worked for a decade in what I would consider the highest level of our kids' privacy ever designed, at PBS KIDS. This was coming off a startup that attempted to do the same for grownups, but failed because of dirty money.
Every security attempt becomes a facade or veil in time, unless it's nothing. Capture nothing, keep nothing, say nothing. Kids are smart AF and will outlearn you faster than you can think. Don't even try to capture PII ever. Watch the waves and follow their flow, make things for them to learn from but be extremely careful how you let the grownups in, and do it in pairs, never alone.
I would like to take the discussion in the other direction. How about we offer safe spaces instead of banning the unsafe spaces for kids.
Similar to how there is specific channels for children on the TV. Perhaps the government can even incentivize such channels. It would also make it easier for parents to monitor and set boundaries. Parents would only need to monitor if the tv is still tuned to disney channel or similar instead of some adult channels.
Similarly this kind of method could be applied to online spaces. Ofcourse there will be some kids that will find ways around it but they will most likely be outliers.
>How about we offer safe spaces instead of banning the unsafe spaces for kids.
Children shouldn't be associating with other children, except in small groups. Even the typical classroom count is far too large. They become the nastiest, most horrible versions of themselves when they congregate. A good 90% of the pathology of public schools can be blamed on the fact that, by definition, public schools require large numbers of children to congregate.
Why is no one talking about using zero knowledge proofs for solving this? Instead of every platform verifying all its users itself (and storing PII on its own servers), a small number of providers could expose an API which provides proof of verification. I'm not sure if some kind of machine vision algorithm could be used in combination with zero-knowledge technology to prevent even that party from storing original documents, but I don't see why not. The companies implementing these measures really seem to be just phoning it in from a privacy perspective.
People are talking about it, at least here anyway.
The reason you don’t see it in policy discussion from the officials pushing these laws is because removal of anonymity is the point. It’s nit about protecting kids, it never was. It’s about surveillance and a chilling effect on speech.
You do see it in policy discussions from officials in the EU. You probably don't see it in policy discussions in the US because the groups that should be telling US officials how to do age verification without giving up anonymity are not doing so.
Zero knowledge proofs are only private and anonymous in theory, and require you to blindly trust a third party. In practice the implementation is not anonymous or private.
What third party do they require you to blindly trust?
Technologists engage in an understandable, but ultimately harmful behavior: when they don't want outcome X, they deny that the technology T(X) works. Consider key escrow, DRM, and durable watermarking alongside age verification. They've all been called cryptographically impossible, but they're not. It's just socially obligatory to pretend they can't be done. And what happens when you create an environment in which the best are under a social taboo against working on certain technologies? Do you think that these technologies stop existing?
LOL.
Of course these technologies keep existing, and you end up with the worst, most wretched people implementing them, and we're all worse off. Concretely, few people are working on ZKPs for age verification because the hive mind of "good people" who know what ZKPs are make working on age verification social anathema.
It's worse than that. Money will continue to flow in to companies like Persona, becauae there is no alternative. Persona will use that money to continue to build profiles on people.
Society would be better off paying cryptography researchers and engineers at NIST.
I have no idea where this idea that Internet is toxic to children is coming from. Is that some type of moral panic? Weren't most of you guys children/adolescents during the 2000's?
Are you saying that social media isn't harmful to children?
This is like rhetorically asking, "Are you saying that doom and marylin manson aren't harmful to children?"
The problem with social media isn't the inherent mixing of children and technology, as if web browsers and phones have some action-at-a-distance force that undermines society; it's the 20 years or so they spent weaponizing their products into an infinite Skinner box. Duck walk Zuckerburg.
This is all assuming good faith interest in "the children," which we cannot assume when what government will gain from this is a total, global surveillance state.
Last time I checked there's no scientific consensus if social media causes harm at all. The best studies found null or very small effects. So yeah, I am skeptical it is harmful.
Parents are competing with multi-trillion dollar companies who have invested untold amounts of cash and resources into making their content addictive. When parents try to help their children, it's an uphill battle -- every platform that has kids on it also tends to have porn, or violence, or other things, as these platform generally have disappointingly ineffective moderation. Most parents turn to age verification because it's the only way they can think of to compete with the likes of Meta or ByteDance, but the issue is that these platforms shouldn't have this content to begin with. Platforms should be smaller -- the same site shouldn't be serving both pornography and my school district's announcement page and my friend's travel pictures. Large platforms are turning their unwillingness to moderate into legal and privacy issues, when in fact it should simply be a matter of "These platforms have adult content, and these ones don't". Then, parents can much more easily ban specific platforms and topics. Right now there's no levers to pull or adjust, and parent s have their hands tied. You can't take kids of Instagram or TikTok -- they will lose their friends. I hate the fact that the "keep up with my extended family" platform is the same as the "brainrot and addiction" one. The platforms need to be small enough that parents actually have choices on what to let in and what not to. Until either platforms are broken up via. antitrust or until the burden of moderation is on the company, we're going to keep getting privacy-infringing solutions.
If you support privacy, you should support antitrust, else we're going to be seeing these same bills again and again and again until parents can effectively protect their children.
We are missing accessible cryptographic infrastructure for human identity verification.
For age verification specifically, the only information that services need proof of is that the users age is above a certain threshold. i.e. that the user is 14 years or older. But in order to make this determination, we see services asking for government ID (which many 14-year-olds do not have), or for invasive face scans. These methods provide far more data than necessary.
What the service needs to "prove" in this case is three things:
1. that the user meets the age predicate
2. that the identity used to meet the age predicate is validated by some authority
3. that the identity is not being reused across many accounts
All the technologies exist for this, we just haven't put them together usefully. Zero knowledge proofs, like Groth16 or STARKs allow for statements about data to be validated externally without revealing the data itself. These are difficult for engineers to use, let alone consumers. Big opportunity for someone to build an authority here.
>We are missing accessible cryptographic infrastructure for human identity verification.
like most proposed solutions, this just seems overcomplicated. we don't need "accessible cryptographic infrastructure for human identity". society has had age-restricted products forever. just piggy-back on that infrastructure.
1) government makes a database of valid "over 18" unique identifiers (UUIDs)
2) government provides tokens with a unique identifier on it to various stores that already sell age-restricted products (e.g. gas stations, liquor stores)
3) people buy a token from the store, only having to show their ID to the store clerk that they already show their ID to for smokes (no peter thiel required)
4) website accepts the token and queries the government database and sees "yep, over 18"
easy. all the laws are in place already. all the infrastructure is in place. no need for fancy zero-knowledge proofs or on-device whatevers.
What you’re describing is infrastructure that doesn’t necessarily exist right now for use online, and has all the privacy problems described. Why should I have to share more than required?
it has none of the privacy problems described, and 95% of the infrastructure exists right now (have you ever purchased smokes or alcohol?)
to go on tiktok, you enter a UUID once onto your account, and thats it. the only person that sees your id card is the store clerk that glances at the birth date and says "yep, over 18" when you are buying the "age token" or whatever you want to call it. no copies of your id are made, it cant be hacked, theres no electronics involved at all. its just like buying smokes. theres no tie between your id and the "age token" UUID you received.
theres no fanciness to it, either. itd be dead simple, low-tech, cheap to implement, quick to roll out. all of the enforcement laws already exist.
>Why should I have to share more than required?
you shouldnt. having to prove age to use the internet is super dumb. but thats the way the winds are blowing apparently. if im gonna have to prove my age to use the internet, id much rather show my id to the same guy i buy smokes from (and already show my id to) than upload my id to a bunch of random services.
Sorry I'd misunderstood I thought you were describing infrastructure that already exists and making a comparison to just using your ID.
The problem with this scheme is that it's exactly as protective as requiring someone to tick a "I'm of legal age" tickbox in the software they wish to access. Anyone who is of legal age can buy UUIDs and pass them around to folks who are not.
Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.
For the ultra-controlling, setting up a "kid's account" using the tools already provided in mainstream OS's [0][1] is a fine option.
[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>
[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>
>The problem with this scheme is that it's exactly as protective as requiring someone to tick a "I'm of legal age" tickbox in the software they wish to access.
no, it is exactly as protective as the protections for purchasing alcohol or buying smokes or other controlled substances/products.
buying smokes/alcohol when underage is obviously harder than "click this box". (did you ever try to buy smokes/alcohol when underage? you cant just go up to the clerk at the store when you are 14 and say "trust me bro, im 18/19/21".)
>Anyone who is of legal age can buy UUIDs and pass them around to folks who are not.
same for smoking and alcohol. i could go to the store right now and buy smokes, then hand them to my 10 year old.
we have laws already in place to punish selling smokes/alcohol to underagers, and laws for consuming smokes/alcohol when underage. we can apply those laws to your internet-age-token.
most people seem fine with the current trade-off for smokes/alcohol. i see no reason why tiktok needs to be treated as more dangerous than either.
>Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.
i agree with this and everything you said afterwards. id rather not have any of it.
> no, it is exactly as protective as the protections for purchasing alcohol or buying smokes...
Right. That's exactly as protective as that tickbox. [0] As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age. Unlike with the proposed ID-collection-and-retention schemes (that are authoritarian's wet dreams) the vendor of the UUID is not responsible for ensuring that that UUID is not later used by someone who is not of-age.
If you were to -say- make alcohol vendors liable for the actions of of-age people who pass on alcohol to not-of-age people, then you'd see serious attempts to control distribution.
[0] Don't forget the existence of preexisting parental controls in every major OS. IME, this is a hurdle that's at least as difficult to surmount as the ID check done in non-chain convenience stores.
>Right. That's exactly as protective as that tickbox. [0]
no, it isn't, for reasons already mentioned but i will say it again for clarity:
- a 14 year old can click "im of age" on a checkbox.
- a 14 year old cannot go into a gas station and buy smokes. they will be declined.
>As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age.
again... same with smokes and alcohol! but we are okay with how smokes and alcohol are regulated right now.
tiktok is not worse than a bottle of vodka. we are okay with how vodka is regulated. tiktok does not need even more strict age-verification than vodka.
it is not perfect, but it is absolutely more stringent than a checkbox. if you still doubt me, please send one of your 12-14 year old family members to buy a pack of smokes or a bottle of vodka at the nearest store. i will wait for your report.
I mostly agree but unless these UUID age tokens are of limited life, it's more like buying the kid an unlimited amount of vodka and cigarettes with one action. If the tokens were good for one use, or a short time period, it would be more workable.
sure, make them good for like 1 year or 3 months or something.
or make them good for 1 month, but sold in 12-packs.
> or make them good for 1 month, but sold in 12-packs.
...if these tokens are as protective as you claim they are, why would it be important for them to expire?
Would you also advocate for the token issued by authoritarians' preferred "send a video of yourself [0] and/or your government-issued photo ID [1] to some random third-party for-profit company" check to frequently expire? If not, what's up with the discrepancy?
[0] Or of someone physically near you who is of-age
[1] See [0]
you seem really eager to catch me in some sort of "aha gotcha!" scenario so that you can... what? feel good about winning a hackernews argument? you are trying to argue with someone who largely shares the exact same views as you. the only difference between us is that im offering up alternatives and you are hoping that if you yell loud enough that everyone will forget about age verification.
age verification is already being rolled out. so we can either suck it up and try advocate for less shitty versions, or we can bicker amongst ourselves while id/video-based age verification continues to be implemented everywhere.
>...if these tokens are as protective as you claim they are, why would it be important for them to expire?
read above for the conversation that occurred.
>Would you also advocate for the token issued by authoritarians' preferred "send a video of yourself [0] and/or your government-issued photo ID [1] to some random third-party for-profit company" check to frequently expire? If not, what's up with the discrepancy?
a) no, obviously not, because i dont advocate for video or id-based age verification.
b) i know that you know this, and are just pretending to be ignorant for some weird ass reason: various age verification implementations have different risks and benefits.
for some implementations, users are forced to give up significant amounts of privacy in favor of increased accuracy. other implementations give up less privacy, at the risk of reduced accuracy. look at discords implementation for a recent example (it was easier to spoof the client-side verification than the server-side id-based one. more privacy, less accuracy). this type of balancing act is not new. we do the same balancing act with alcohol, smoking, gambling, healthcare, security, development, etc.
so, when looking at potential mitigations for less-accurate methods, while maintaining the same level of privacy, a sensible option is to make the UUIDs time-bound which will limit the time an illicit token is valid. this makes much less sense for id/video-based verification, because they have higher accuracy than my version (paid for by giving up your privacy).
---------
something you said earlier: "Your time and energy are better spent resisting the expansion,".
so, go do that. find the people that are really pushing for age verification, and argue with them. instead of replying to me, use that time to call your state representative or something. im not your opponent here. if it were up to me, we wouldnt have age verification in the first place. you already know that my stance is anti-age verification!
my proposal is not perfect. i dont like age verification. you can have the karma from this argument, its cool, you can "win". what more do you want me to say?
> age verification is already being rolled out...
So was "REAL ID", and that took ~fifteen years to bring all the holdouts to heel. It wasn't till the start of the COVID disaster that FedGov could make compliance a condition of receiving enough essential Federal funds to force the remaining objectors to comply.
Compliance with bad plans is not automatically mandatory.
> what more do you want me to say?
It'd be great if you'd stop accepting the premise of authoritarians and reject the publicly-stated premise that motivates these systems. While it may not be clear to folks at the moment, they are no less bad than the systems that help -say- Texas law enforcement track down Texan women and doctors who are in violation of the Texas abortion ban.
I don't give a shit if you say that you do stop accepting the publicly-stated premise. [0] I just hope that one day in the not too distant future you do.
[0] I would -in fact- not believe you if you said you did in reply to this comment.
> Compliance with bad plans is not automatically mandatory.
To put a really fine point on this: every entity that rolls over and compiles with these "age verification" plans has put up less of a fight than 4chan.
When 4chan is one of the heroes, you know that something rotten is going on.
Your hypothetical 14-year-old needs to first be able to bypass the parental controls that come with every modern OS. You keep ignoring that.
(Also, like, did you ever go to college? Live in a dorm or apartment with underage students? It was super common for of-age people to buy and distribute booze to substantially underage students. Everyone knew it was happening all the damn time.)
> they are obviously not liable if i buy something legitimately, go home, and feed it to my kid. in that case, i am liable...
And if you changed up the rules to make them liable, you'd see serious attempts at controlling distribution.
What has been the state of the art in parental controls for quite some time is like the current regulatory regime for booze and tobacco. The single thing that needs to change to make it exactly the same would be to make it substantially illegal for US-based publishers to not tag the porn/violence/etc that they publish with age-restriction tags. [0]
What's being proposed and is currently implemented by several big-name sites is even more invasive.
> we are okay with how smokes and alcohol works right now.
I'm not. Either booze and tobacco need to be made into Schedule I substances, or their regulation needs to become much more lax. But I recognize that my opinion on the topic is considered to be somewhat out-of-the-ordinary.
[0] This might already be the law of the land right now. I haven't bothered to check.
>Your hypothetical 14-year-old needs to first be able to bypass the parental controls that come with every modern OS. You keep ignoring that.
because they dont matter. parental controls exist today but have been deemed ineffective for the age verification conversation, for whatever stupid reason. so we are stuck trying to figure something else out. do i wish we could just use the existing basic parental controls instead of whatever the hell we are going to end up with? obviously!
the easiest "something else" is to piggy-back on existing age-restriction regulations (i.e. smokes, alcohol, gambling) because they have broad (obviously not ubiquitous, but broad) support. we have decades of experience with them.
and, to that end, you create a little token and you show your id to the store clerk to buy it. the "protect the children" people are satisfied (its the same process everything else age-restricted!), and i dont need to send my id to a peter thiel company. it preserves privacy, it re-uses existing laws, it re-uses existing infrastructure, etc.
> ...but have been deemed ineffective for the age verification conversation, for whatever stupid reason.
Consider that such arguments (just like the arguments of Prohibitionists that resulted in the rise to power of Organized Crime) are made in a varied combination of ignorance and bad faith, and that we should loudly reject them in the strongest possible terms.
To be clear, I'm asserting that the claim that preexisting parental controls are insufficient is an argument made in ignorance and bad faith, not your assertion that the argument is being made.
>Consider that such arguments [...] we should loudly reject them in the strongest possible terms.
me and you can yell into the void all we want. and i will continue to do so!
but, age verification is already here. so while i continue to yell about how stupid it is, i am also going to propose options that i feel like are less bad than what is being actively rolled out right now.
> ...i am also going to propose options that i feel like are less bad than what is being actively rolled out right now.
As I mentioned, what you propose is exactly as useful and protective as what we have now. What we have now has been roundly rejected by the authoritarians pushing this expansion of power and influence. Your time and energy are better spent resisting the expansion, rather than suggesting alternatives that those authoritarians will never accept (and tacitly accepting their premise in the process).
>As I mentioned, what you propose is exactly as useful and protective as what we have now.
i disagree, for reasons i have already said and for other reasons i havent yet.
but it is clear that we wont end up agreeing, so no need for us to keep going.
A 21-year-old in a dorm buying booze for a 19 year old dorm-mate is a bit different from doing the same for a 14 year old.
What about a 17 year old? 16? Many folks who go to college are younger than people seem to realize... and teenagers of all ages often like to party.
It's very rare to run into anyone under 18 living in a college dorm. There are a few 17 year olds, even fewer younger than that. Sure there are high schoolers taking classes, but as full-time residential students? Not many.
Right. Not many, but not zero. Enough that if you also went to college, we collectively probably know of at least a handful.
So.
What about a 17 year old? 16? Many folks who go to college are younger than people seem to realize... and teenagers of all ages often like to party.The government will want some way to uncover who bought the token. They'll probably require the store to record the ID and pretend like since it's a private entity doing it, that it isn't a 4A violation. Then as soon as the token is used for something illegal they'll follow the chain of custody of the token and find out who bought it.
No matter what the actual mechanism is, I guarantee they will insist on something like that.
if the goal is to "protect children", or just generally make parts of the internet age-gated, my proposal is 100% fine.
if the goal is "surveil everyone using the internet", yes, very obviously my proposal would not be selected, and you will have to upload your id to various 3rd-party id verifiers.
I think something like your proposal actually sounds the most logical. I just think they will bolt on chain of custody tracking to it, while promising it will only be used for finding "terrorists" or something.
Yes, while I was reading the article I couldn't help but think about notaries public. Seems like something like that would be government's go-to for this if they weren't quite so overfed on tech industry contributions that lead them down the path of AI solutions.
I'm not sure that's the right answer here, but I think it ticks a lot boxes for the state.
The nice thing about something bolted on like that is that it is not an essential feature of the core design and has no bearing on the original goal. It can be removed or reformed. The same isn't true of the approaches we are heading towards now.
A significant obstacle to adoption is that cryptographic research aims for a perfect system that overshadows simpler, less private approaches. For instance, it does not seem that one should really need unlinkability across sessions. If that's the case, a simple range proof for a commitment encoding the birth year is sufficient to prove eligibility for age, where the commitment is static and signed by a trusted third party to actually encode the correct year.
I agree. I've been researching a lot of this tech lately as a part of a C2PA / content authenticity project and it's clear that the math are outrunning practicality in a lot of cases.
As it is we're seeing companies capture IDs and face scans and it's incredibly invasive relative to the need - "prove your birth year is in range". Getting hung up on unlinkable sessions is missing the forest for the trees.
At this point I think the challenge has less to do with the crypto primitives and more to do with building infrastructure that hides 100% of the complexity of identity validation from users. My state already has a gov't ID that can be added to an apple wallet. Extending that to support proofs about identity without requiring users to unmask huge amounts of personal information would be valuable in its own right.
Your crypto nerd dream is vulnerable to the fact that someone under 18 can just ask someone over 18 to make an account for them. All age verification is broken in this way.
There is a similar problem for people using apps like Ubereats to work illegally by buying an account from someone else. However much verification you put in, you don't know who is pressing the buttons on the screen unless you make the process very invasive.
You seem to have missed requirement #3 -> tracking and identifying reuse.
An 18-year-old creating an account for a 12-year-old is a legal issue, not a service provider issue. How does a gas station keep a 21-year-old from buying beer for a bunch of high school students? Generally they don't, because that's the cops' job. But if they have knowledge that the 21-yo is buying booze for children, they deny custom to the 21-yo. This is simple.
> How does a gas station keep a 21-year-old from buying beer for a bunch of high school students?
They don't? Teenagers can easily get their hands on alcohol... you just need to know the right person at school who has a cool older brother. If their older brother is really cool they can get weed too!
The police absolutely do not have the time to investigate the crime of making a discord account for someone.
Even if the problem is perfectly solved to anonymize the ID linked to the age, you still have the issue that you need an ID to exercise your first amendment right. 1A applies to all people, not just citizens, and it's considered racist in a large part of the US to force someone to possess an ID to prove you are a citizen (to vote) let alone a person (who is >= 18y/o) w/ 1A rights.
You are missing the point.
They don't care whether you are 14 or not. They want your biometrics and identification. "Think of the children" is just a pretense.
In general, any government already has your information, and it's naive to think that they don't; if you pay taxes, have ever had a passport, etc. they already have all identifying information that they could need. For services, or for the government knowing what you do (which services you visit), then a zero-knowledge proof would work in this case.
The companies don’t, and th government already has your government id.
Age verification is a tough problem.
I ran into this when building a kids' education app a few years ago. We explored a bunch of options, from asking for the last four digits of their parents' SSN (which felt icky, even though it's just a partial number) to knowledge-based authentication (like security questions, but for parents).
Ultimately, we went with a COPPA-compliant verification service, but it added friction to the signup process.
It's a trade-off between security and user experience, and there's no perfect solution, unfortunately.
Here is an example of the problem with inference-based verification:
They could just issue a x509 cert with an above 18 attribute and nothing else.
You're not 18 yet?
No Problem we just give you two certs with different valid from/to ranges that overlap and don't give away your birthday.
Problem solved.
Steelmanning the opposing position: one adult shares their certificate with every child on the planet.
Because it has no attributes (not even a unique serial number that could be used to track it) the whole scheme is now defeated.
Which, adult is merely someone who's just turned 18. What're the chances that any of them just post the thing up on 4chan? (I'm going to go with 100% chance of that happening.)
I was hoping for more on "... The only way to prove that you checked is to keep the data indefinitely." What do the laws say on this? What data is this? I would have assumed that just like a bouncer can check my ID and hand it back to me, a digital system can verify my identity and not hold onto everything (e.g. the actual photo of my ID).
Zero-knowledge proofs exist, that verify that a user's id holds certain properties, without leaking said ID.
> "Social media is going the way of alcohol, gambling, and other social sins: societies are deciding it’s no longer kids’ stuff."
Oh, remember those good old times when alcohol was kids' stuff.......
In Italy it is common for 13 and 14 year olds to have a glass of wine with dinner. The sin is not drinking, it is gluttony.
Age checks sound simple, but they tend to turn into “please create a permanent ID for the internet.” I’d love a version that’s more like a one-time wristband than a loyalty card.
mandatory loyalty card (won't sell you bread if you don't present it) with additional database of your extra-shop activities
> Some observers present privacy-preserving age proofs involving a third party, such as the government, as a solution, but they inherit the same structural flaw: many users who are legally old enough to use a platform do not have government ID. In countries where the minimum age for social media is lower than the age at which ID is issued, platforms face a choice between excluding lawful users and monitoring everyone. Right now, companies are making that choice quietly, after building systems and normalizing behavior that protects them from the greater legal risks. Age-restriction laws are not just about kids and screens. They are reshaping how identity, privacy, and access work on the Internet for everyone.
This rebuttal to privacy preserving approaches isn't compelling. Websites can split the difference and use privacy preserving techniques when available, and fall back to other methods when the user doesn't have an ID. I'd go further and say websites should be required to prioritize privacy preserving techniques where available.
There is a separate issue of improving access to government ID. I think that is important for reasons outside of age verification. Increasingly voting, banking, etc... already relies on having an ID.
Does each service really need to collect this data from the user directly? They could instead have the user authorise them by e.g. OAuth2 to access their age with one of the de-facto online-identity-providers. I would be surprised if they didn't implement an API for this sometime soon, cause it would place them as the source of truth and give them unique access to that bit of user data. Seems like a chance and position they wouldn't want to lose.
I like the solution Tim Burners-Lee is working on. Lets hope he has some success.
https://www.theguardian.com/technology/2026/jan/29/internet-...
Comment was deleted :(
Someone explain me like I'm 5: there are some solutions already in effect that are based on cryptographically generated, anonymous, one-time use tokens that allow to confirm adults's age without being tied up yo your ID. Why on earth even technically skilled people completely ignore those? Is this pure NIMBY ignorance or am missing something?
Because those solutions always have obvious flaws. If the cryptographic token is anonymous, how do you know the user verifying is the same one who generated the token? How do you know the same cryptographic key isn't verifying several accounts belonging to other people?
They are one time use by definition. You can't know they are used by respectful owner, but the idea is you have to provide a new token every few weeks/months. Much like when using other services nowadays, I mean even Gmail will have you authorize every few months even if you didn't log out. Plus you fine/prosecute those who sell/misuse theirs. Just like you prosecute adults who buy kids alcohol or other substances.
Obvious flaws are OK. I absolutely hate the Nirvana fallacy that you people think is acceptable here, while hundreds of millions of kids suffer from serious developmental issues, as reported left and right by all kinds of organizations and governments themselves.
The purpose is to control the Internet. They've been trying this for ages. They tried with terrorism and other things. Now the excuse is protecting children.
Not exactly a good moment for this caste of politicians to pretend they care about children's well-being, though.
It's kind of weird to me how every article on this topic here has people rushing to comment within a couple minutes with some generic "yes I too support ID checks for internet use!". Has the vibe really shifted so much among tech-literate people?
Although there is some organic support, there is a lot of coordinated astroturfing. It’s apparent if you watch the discussions across platforms, there are obvious shared talking points that come in waves.
Governments (and a few companies) really want this.
What are some links to HN comments that you (or anyone else) feel is "coordinated astroturfing"?
The site guidelines ask users to send those to us at hn@ycombinator.com rather than post about it in the threads, but we always look into such cases when people send them.
It almost invariably turns out to simply be that the community is divided on a topic, and this is usually demonstrable even from the public data (such as comment histories). However, we're not welded to that position—if the data change, we can too.
Thanks for replying. I will make an effort to compile a list when I see it in the future. I’ve observed several cases where green names (and a few longstanding accounts) all made the same point, posted in the same time frame, with language matching what I would see on Reddit and X. It could just be organic but it was very suspicious.
I do think that HN does a better job than most at containing this (thanks for your hard work).
> What are some links to HN comments that you (or anyone else) feel is "coordinated astroturfing"?
I don't think that there is any definitive way to prevent or detect this anymore. The number of personnel dedicated to online manipulation has grown too much, and the technology has advanced too far.
These are now discussions that states and oligarchs have interests in, not Juicero or smart skillet astroturfing. And this remains a forum that people use to indicate elite support for their arguments.
There's never been a definitive way and yes, the bar is probably rising.
All is not lost, though: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
You have a goal, eg “ChatGPT recommends my zero-knowledge ID verification company to people looking to comply with EU law xyz”, a set of “money queries” you track weekly, eg “what are people on hacker news saying about age verification,” “what are people on Reddit saying about age verification,” “how to comply with age verification 2026,” etc.
The citations from a hit on one money query informs the content to create for the next. It gives you information about what a model finds “citable.” You repackage that.
A more organic discussion would maybe include W3C Verifiable Credentials, the various ISO standards, official implementations and their tradeoffs, etc. But that would link to authoritative sources that would already be cited.
I guess the new thing here is you don’t need popularity on HN so much as info on what models cite. You make contributions motivated by “money queries” you track.
This is an area of huge commercial interest, eg “what leggings should I buy? Lululemon isn’t as good as it used to be,” so it’ll probably be packaged and sold over time by providers and sourced organically through user interactions.
> Governments (and a few companies) really want this.
The cynic in me fears they don't want a privacy-preserving solution, which blinds them to 'who'. Because that would satisfy parents worried about their kids and many privacy conscious folks.
Rather, they want a blank check to blackmail or imprison only their opponents.
That’s not cynicism, it’s reality.
Add to this that more and more sites and services are hostile to VPN connections and obfuscated email address for account registration. Worse still is that for existing accounts introducing ID req'ts, the next step in these changes is your prior anonymous activity could easily become a retro-liablit.y
[dead]
I think Larry (not, not that Larry, the other one) spilled the beans in 2024:
"Citizens will be on their best behavior, because we’re constantly recording and reporting everything that is going on" - Larry Ellison
(I seem to recall from the context of the quote, he isn't saying this is the future he wants, but it's a future he's not particularly opposed to)
But the real threat is "accidental" database leaks from private websites. Let's say you live in a state where abortion isn't legal, and you sign up for a web forum where people discuss getting out-of-state abortions. As soon as that website is required to collect real names (which it will be), it becomes unusable, because nobody can risk getting doxxed.
Maybe the US gov needs more tor users and is therefore doing this to drive more traffic to the onion network.
Comment was deleted :(
This is not a cynical take, it is blindingly obvious. Right now, governments around the world are watching, salivating over what is effectively remote control over the literal thoughts of and total surveillance over their entire population. They are itching insatiably to get control over these systems.
In my state, I caught a circuit court judge shilling on a certain well known "social media" site for the establishment of a lottery in our state. He framed it as a "We the People vs the corrupt politicians" issue--with him being firmly on the side of We the People of course.
When I challenged him on his rhetoric, my comment INSTANTLY disappeared. I thought maybe it was a fluke, so I tried again, and the next comment insta-disappeared also.
Soon thereafter I was locked out of the account and asked to provide a "selfie" to confirm my identity. (I declined.)
[dead]
> It’s apparent if you watch the discussions across platforms, there are obvious shared talking points that come in waves
This is true of basically any issue discussed on the internet. Saying it must be astroturfing is reductive
Comment was deleted :(
> It’s apparent if you watch the discussions across platforms, there are obvious shared talking points that come in waves.
How do you know what is "shared talking points" vs "humans learning arguments from others" and simply echoing those? Unless you work at one of the social media platforms, isn't it short of impossible to know what exactly you're looking at?
It could be, and you’re right that I can’t prove anything beyond a doubt. But there is an entire industry built around professionally manipulating public opinion for money, and the groups most interested in deanonymizing the internet are well resourced. Simple inductive reasoning will tell you that a portion of the support is likely astroturfed.
> there is a lot of coordinated astroturfing.
Interesting. Are you saying all the concerns raised by the proponents of ID verification are invalid and meritless? For example,
1. Foreign influence campaigns
2. Domestic influence campaigns
3. Filtering age-appropriate content
I’m sure there are many other points with various degree of validity.
If you drive out everyone with identity filters, those folks will naturally flock to sites run in nations without the same controls. I don't think you really solve anything except to push traffic elsewhere.
Instead it would be more appropriate to let sites pass headers, such as "we have adult content", thst you could filter on the network or client side. It's still voluntary, of course. Anyone will just visit sites that don't have the checks if necessary.
> Interesting. Are you saying all the concerns raised by the proponents of ID verification are invalid and meritless?
In the US, #1 and #2 are invalid and meritless. Wholly and without reservation. One of the huge reasons for the First Amendment is to ensure that people are able to counter lies uttered in the public sphere with truth.
#3 is handled by parental controls that have existed in mainstream OSs for quite some time now. [0][1][2] However, those preexisting parental controls don't justify additional expansion of the power and influence of authoritarians, so here we are.
[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>
[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>
[2] <https://support.google.com/android/answer/16766047?hl=en-rw>
> In the US, #1 and #2 are invalid and meritless. Wholly and without reservation. One of the huge reasons for the First Amendment is to ensure that people are able to counter lies uttered in the public sphere with truth.
How does digital ID prevents you from speaking out? For example, 2nd amendment requires a lot of hoops in some jurisdictions, which were deemed constitutional, and not violating 2nd amendment. Same with the 1st amendment. You can argue that with digital IDs there will be less privacy and anonymity than before, but it’s a different story.
Moreover, influence campaigns are not about truth or lies, but about making the public loose face on the institutions. A good example of it today is Russia, where the public does not believe that democratic elections are possible at all, in principle.
> #3 is handled by parental controls that have existed in mainstream OSs for quite some time now.
It is not handled perfectly at all, and easily bypassed. To pretend that information access on the internet can be regulated through parental controls is ridiculous.
> How does digital ID prevents you from speaking out?
What? In the US, arguments #1 and #2 are entirely invalid and meritless. As I mentioned:
One of the huge reasons for the First Amendment is to ensure that people are able to counter lies uttered in the public sphere with truth.
> A good example of it today is Russia, where...
We're talking about the US. Many other governments (and governed people) do not agree that freedom of speech is important or even desirable.
> It is not handled perfectly at all, and easily bypassed.
For quite some time now it has been handled at least as well as these new schemes that authoritarians (and those that profit from their actions) are strong-arming companies into preemptively complying with.
> Moreover, influence campaigns are not about truth or lies, but about making the public loose face on the institutions.
If the institution that's being actually damaged by losing face [0] is (or is intimately associated with) one that has spent the last many decades normalizing the replacement of cogent political discussion with Twitter-grade zingers and ragebait, and is now finding it difficult to engage in cogent discussion then, well, they've made the bed they're now forced to lie in. The way out of that bed is sustained, good faith, cogent discussion, rather than building dossiers and the automated infrastructure for information restriction.
But, in truth, most of the folks pushing these systems aren't interested in cogent discussion and are arguing for them in some combination of ignorance and bad faith.
[0] As is often the case in matters like this, I expect the claimed damage is far, far greater than the actual damage.
> You address lies with truth. I don't see what requiring videos of your face and photo ID has to do with this.
How do you address lies with truth if the distribution of lies and truth is uncontrollable?
> We're talking about the US. Many other governments (and governed people) do not agree that freedom of speech is important or even desirable.
The example of Russia has nothing to do with freedom of speech. Read again.
Moreover, as I stated earlier, we already have documentation requirements for 2nd amendment, so why not for the 1st? Asking for ID to post on the internet does not preclude you from exercising your rights.
> The way out of that bed is sustained, good faith, cogent discussion, rather than building dossiers and the automated infrastructure for information restriction.
How can you make a good faith argument if the whole space is polluted by bots, trolls, and various influence groups? Perhaps your argument is in good faith, and factually correct, but for one of you there may be 10,000 bots. So, what value is in your voice?
> But, in truth, most of the folks pushing these systems aren't interested in cogent discussion and are arguing for them in some combination of ignorance and bad faith.
This quite a reach. I personally believe that people who have zero chance to get a real life backlash in their community will engage in bad faith arguments, etc.
> Perhaps your argument is in good faith, and factually correct, but for one of you there may be 10,000 bots. ... How can you make a good faith argument [in this scenario?]
In exactly the same way urban dwellers made cogent, good faith arguments back in the late 1800s when one could never hope to keep up with the pace of printed material available for sale, and there were far, far more people speaking in the area than one could have a conversation with in a day, let alone half a year.
Falsehood flies, and the truth comes limping after it.
> How do you address lies with truth if the distribution of lies and truth is uncontrollable?
The same way you have for the last two-hundred and fifty years.
> The example of Russia has nothing to do with freedom of speech.
I'm aware. That's why I dragged the conversation back on topic.
> This quite a reach. [sic]
When put into its surrounding context, it is a plain statement of fact and reasonable assessment of the situation.
[0] and the essay that contains that sentiment
[dead]
> there are obvious shared talking points that come in waves.
Groups of people who wake up at the same time of the day often have a tendency to be from a similar place, hold similar values and consume similar media.
Just because a bunch of people came to the same conclusion and have had their opinions coalesce around some common ideas, doesn't mean it's astroturfing. There's a noticeable difference between the opinions of HN USA and HN EU as the timezones shift.
More than a few companies. Nothing would allow advertisers to justify raising ad rates quite like being able to point out that their users are real rather than bots.
> there is a lot of coordinated astroturfing. It’s apparent if you watch the discussions across platforms, there are obvious shared talking points that come in waves.
Is that really evidence of astroturfing? If we're in the middle of an ongoing political debate, it doesn't seem that far fetched for me that people reach similar conclusions. What you're hearing then isn't "astro-turfing" but one coalition, of potentially many.
I often hear people terrified that the government will have a say on what they view online, while being just fine with google doing the same. You can agree or disagree with my assesment, but the point is that hearing that point a bunch doesn't mean it's google astroturfing. It just means there's an ideology out there that thinks it's different (and more opressive seemingly) when governments do it. It means all those people have a similar opinion, probably from reading the same blogs.
Well the hard thing about astroturfing is that only the people running the platform have the hard data to prove it beyond any reasonable doubt.
But I don't think we need 99.99% confidence -- isn't even acknowledged that 30% of twitter is bots or something? I think it's safe to conclude there's astroturfing on any significant political issue.
Also as far as documented cases, there were documented cases of astroturfing around fracking [1], or pesticides [2]
1. https://journals.sagepub.com/doi/10.1177/2057047320969435 2. https://www.corywatson.com/blog/monsanto-downplay-roundup-ri...
An ex friend of mine was once involved in some thing where they got paid to astroturf for Monsanto. Despite living in the city, they suddenly developed deeply informed opinions about glyphosate and how important it is for agriculture, and they would share these opinions aggressively in online discussions along with pro-Monsanto articles. It was disturbing to watch because the behavior was completely uncharacteristic (and seemingly in conflict with their core beliefs). One day they quit doing it just as suddenly.
This was before the heyday of influencer culture, so I can only imagine how sophisticated things are nowadays. It’s not always bots.
I recommend the book Trust Me, I’m Lying for a deep but somewhat dated look at the online influence industry.
That's fascinating. I'd love to read an account from somebody who's been through that pipeline about how it worked.
> it doesn't seem that far fetched for me that people reach similar conclusions.
How do you suppose it is that millions of people, separated by vast geographic distances, somehow all reach similar conclusions all at once?
Related: How do you suppose it is that out of 350-700+ million people (depending on whose numbers you believe), there's always only two "choices" and both of them suck?
In the same way that they came up with the idea of divine being(s) in the image of man that rule nature.
In the same way that patriarchy rose amongst them all.
In the same way that a shared currency was deemed necessary.
Escpecially in matters of governance, there is something to be said about how humans like to organise themselves. No country has truly escaped capitalism so far.
You noticed the facts, but completely failed to understand how the facts came to be.
> In the same way that they came up with the idea of divine being(s) in the image of man that rule nature.
Thanks to the diligent efforts of the Priesthood, of course, who never cease in their 'education' of humanity as to the 'truth.'
Before the world came under centralized control of the Priesthood, there were many tribes of 'Nephelim'--or no-faith-God-people. (ne-phe-el-im.)
(Nope, it has nothing to do with aliens. Guess who is telling that lie also?)
> In the same way that patriarchy rose amongst them all.
Not among my ancestors the Cherokee. They were a matriarchy. They were wiped out (genocided) by foreigners who were controlled by a paternal Priesthood.
In our own history, we were once ruled by such a priesthood. They were called the Nicotani, or Ani-Kutani. They grew insolent and arrogant and eventually crossed the line when one of them raped a man's wife. They were subsequently exterminated, to the last man.
> In the same way that a shared currency was deemed necessary.
By whom? Who made that decision for you? Is it you who is deciding to get rid of cash and make everything digital too, so that you can be even more easily tracked, controlled, monitored...enslaved?
> Escpecially in matters of governance, there is something to be said about how humans like to organise themselves.
That's just the thing. It's not you organizing yourself.
Sorry, I don't quite understand your argument. There will always be people with different ideas. That is what makes us human. My argument is that such ideas and the societies that are organised from them are quite fleeting (as noted by your matriarch example). Genocidal priesthood may have forced people in one region to believe in divinity, but I doubt that with the technology at the time, they would have enabled the expansion of so many other religion - abrahamic religions, Buddhism, Hinduism, Sikh etc etc.
Again, I did not come up with currency and it does not matter if I personally believed in it. Enough people did and now we have capitalism. The people organised themselves, and if it is not what they wanted, history has a recording of many many revolutions and uprisings.
"A few"?
"Real" user verification is a wet dream to googlr, meta, etc. Its both a ad inflation and a competive roadblock.
The benefits are real: teens are being preyed upon and socially maligned. State actors and businesses alike are responsible.
The technology is not there nor are governments coordinating appropiate digital concerns. Unsurprising because no one trusts gov, but then implicitly trust business?
Yeah, so obviously, its implementation that will just move around harms.
I think we should be careful of writing off this sea change as simple professional influence campaigns. That kind of thinking is just what got Trump to the Whitehouse, and is currently getting the immigrants rounded up.
Things that didn't seem likely to have broad support previously, now are seen as acceptable. In the 90's no one could envision rounding up immigrants. No one could envision uploading an ID card to use ICQ. No one could envision the concept of DE-naturalization or getting rid of birthright citizenship.
Today, in the US for instance, there are entire new generations of people alive. And many, many people who were alive in the 90's are gone. Well these new people very much can envision these things. And they seem to have stocked the Supreme Court to make all these kinds of things a reality.
All because the rest of us keep dismissing all of this as just harmless extreme positions that no one in society really supports. We have to start fighting things like this with more than, "It's not real."
You don’t think the current admin uses influence campaigns? They are called “influence” campaigns for a reason; they are intended to shape both beliefs and behaviors.
Things that have broad support now may have that support primarily because of longstanding influence campaigns.
Both the widespread growth in smoking, and its later drop in popularity, are often credited to determined influence campaigns. You are not immune to propaganda!
>In the 90's no one could envision rounding up immigrants.
Both Clinton and Obama deported way more people than Trump.
Obama wasn't around in the 90's.
And Clinton only deported 2 million across his entire 8 years in office. With a laser focus on convicted criminals as part of a war on drugs. (Now the efficacy of the old "War on Drugs" can be argued, but the numbers can't. We have the records.)
I think you're conflating the number of "returns", defined in the 90's as people who were not allowed to enter at the border; and "deportations", defined in the 90's as people who were in the US, and then we put on a plane back out of the US. IE - "Returns" were people who showed up at the border, sea port, airport or border checkpoint; asked to get in, and we said no. Basically, the nice people.
What you mean is that Clinton simply didn't let anyone into the country. This is true. (Again, we have the records. Clinton refused entry to the US more than any president in US history.) He didn't, however, round up immigrants living in the US on this scale and deport them like we're seeing today. People would never have allowed for that.
To put numbers on it, Trump is on year 5, and has already processed more formal removal orders than Clinton did by year 8. Not only that, voluntary removals were near non-existent under Clinton in the 90's. Today, for just this year alone, they sit at around 1.5 million.
> Both Clinton and Obama deported way more people than Trump.
You are correct. Further, I suggest that Democrats and Democrat-controlled media cultivate a delusional worldview which allows their supporters to ignore the right-wing brutality consistently and continually imposed by Democrat leaders.
How do you feel about the second Trump admin's nationwide, made-for-TV DHS/ICE siege?
Ineffective. Too much noise, too little removals.
Do you think Trump's first term was a failure because he didn't deport as many people as Obama?
Trump's first term was a total failure for many reasons. He didn't implement nothing of his agenda successfully.
If one feels anything about it at all, it's a sign they're taking the Made-for-TV movie seriously.
Never take TV seriously.
The key mistake is even watching it in the first place.
"If you don't read the newspaper, you're uninformed. If you do read the newspaper, you're misinformed." - Mark Twain
> "If you don't read the newspaper, you're uninformed. If you do read the newspaper, you're misinformed." - Mark Twain
I love the quote, thanks for sharing.
Here is a more extended quote from Jefferson on the same subject:
“To your request of my opinion of the manner in which a newspaper should be conducted, so as to be most useful, I should answer, ‘by restraining it to true facts and sound principles only.’ Yet I fear such a paper would find few subscribers.
It is a melancholy truth, that a suppression of the press could not more completely deprive the nation of its benefits, than is done by its abandoned prostitution to falsehood. Nothing can now be believed which is seen in a newspaper. Truth itself becomes suspicious by being put into that polluted vehicle. The real extent of this state of misinformation is known only to those who are in situations to confront facts within their knowledge with the lies of the day.
I really look with commiseration over the great body of my fellow citizens, who, reading newspapers, live and die in the belief that they have known something of what has been passing in the world in their time; whereas the accounts they have read in newspapers are just as true a history of any other period of the world as of the present, except that the real names of the day are affixed to their fables.
General facts may indeed be collected from them, such as that Europe is now at war, that Bonaparte has been a successful warrior, that he has subjected a great portion of Europe to his will, etc., etc.; but no details can be relied on.
I will add, that the man who never looks into a newspaper is better informed than he who reads them; inasmuch as he who knows nothing is nearer to truth than he whose mind is filled with falsehoods and errors. He who reads nothing will still learn the great facts, and the details are all false.”
- Thomas Jefferson
[dead]
Comment was deleted :(
The industry clearly prefers a system in which using the internet requires full identification. There are many powerful interests that support this model:
- Governments benefit from easier monitoring and enforcement.
- The advertising industry prefers verified identities for better targeting.
- Social media companies gain more reliable data and engagement.
- Online shopping companies can reduce fraud and increase tracking.
- Many SaaS companies would also welcome stronger identity verification.
In short, anonymity is not very profitable, and governments often favor identification because it increases oversight and control.
Of course, this leads to political debate. Some point out that voting often does not require ID, while accessing online services does. The usual argument is that voting is a constitutional right. However, one could argue that access to the internet has become a fundamental part of modern life as well. It may not be explicitly written into the Constitution, but in practice it functions as an essential right in today’s society.
You are missing the age/ID verification tech companies, who profit from violating privacy here. They have a strong incentive to try and convince/trick governments into legally requiring their services.
When anonymity is outlawed, then only outlaws will be anonymous.
There’s some nuance here.
Realizing that much of the internet is totally toxic to children now and should have a means of keeping them out is distinct from agreeing to upload ID to everything.
A better implementation would be to have a device/login level parental control setting that passed age restriction signals via browsers and App Stores. This is both a simpler design and privacy friendly.
I like this take. Ultimately the only people responsible for what kids consume are the parents. It’s on them to control their kids’ internet access, the government has no place in it. If you want to punish someone for a child being exposed to inappropriate content, punish the negligence of the parents.
There already is a means to keep children away from toxic content: parents (possibly with the help of locally run content blocking software).
I've thought the same.
At least here in US: Google/Apple device controls allow app to request whether user meets age requirements. Not the actual age, just that the age is within the acceptable range. If so, let through, if not, can't proceed through door.
I know I am oversimplifying.
But I like this approach vs. uploading an ID to TikTok. Lesser of many evils?
This also means the only operating systems allowing access to the internet will be these with the immense surveillance and ad-infested.
Not at all. You require websites to respect the signal of its set just like GPC. If there’s no signal it fails open. And if a kid installs Linux and sets the signal themselves, well, who cares, they can also sneak into R rated movies. It’s enough friction to kill the ubiquity.
It doesn't sound simple. Now there needs to be some kind of pipeline that can route a new kind of information from the OS (perhaps from a physical device) to the process, through the network, to the remote process. Every part of the system needs to be updated in order to support this new functionality.
It's not simple, but it's also not new. mTLS has allowed for mutual authentication on the web for years. If a central authority was signing keys for adults, none of the protocol that we currently use would need to change (although servers would need to be configured to check signatures)
and is it easier to implement id checks for each online account that people have, had, and will ever have in the future?
parents need to start parenting by taking responsibility on what their kids are doing, and government should start governing with regulations on ad tech, addictive social media platforms, instead of using easily hackable platforms for de anonymization, which in turn enable mass identity theft.
>and is it easier to implement id checks for each online account that people have, had, and will ever have in the future?
No, I think both ideas are bad.
now?
I think it's quite embarrassing that the WWW exists since more than 3 decades and still there's no mechanism for privacy friendly approval for adults apart from sending over the whole ID. Of course this is a huge failure of governments but probably also of W3C which rather suggests the 100,000th JavaScript API. Especially in times of ubiquitous SSO, passkeys etc. The even bigger problem is that the average person needs accounts at dozens if not hundreds of services for "normal" Internet usage.
That being said, this is a 1 bit information, adult in current legislation yes/no.
> and still there's no mechanism for privacy friendly approval for adults apart from sending over the whole ID. Of course this is a huge failure of governments but probably also of W3C
I consider it a huge success of the Internet architects that we were able to create a protocol and online culture resilient for over 3 decades to this legacy meatspace nonsense.
> That being said, this is a 1 bit information, adult in current legislation yes/no.
If that's all it would take to satisfy legislatures forever, and the implementation was left up to the browser (`return 1`) I'd be all for it. Unfortunately the political interests here want way more than that.
SSO and passkeys don't solve adult verification. I don't see how this problem is embarrassing for the www - it's a hard problem in a socially permissible way (eg privacy) that can successfully span cultures and governments. If you feel otherwise, then solutions welcome!
There's a high chance the government is attempting to influence public opinion by using botted comments, which is easier than ever to pull off.
Seems like these articles and the subsequent top replies saying
"use a token from the device so the ID never leaves, this is way better right!"
This is the true objective. They actually want DEVICE based ID.
I want LESS things that are tied to me financially and legally to be stolen when(not if) these services and my device are compromised.
This is what the LLMs are actually good for.
it's a solid business model actually
I'm inclined to agree.
I also think the FUD they've succeeded in creating around the use of LLMs for code generation (there's a portion of the management class that seems to genuinely believe that Claude Code is AGI) is the greatest marketing operation of our lifetimes.
Yeah, I've been saying for years that LLMs are a technology that basically unlock three major new technologies:
1. Automatic shaping of online community discussions (social media, bots, etc)
2. Automatic datamining, manipulating and reacting to all digitally communicated conversations (think dropping calls or MITM manipulation of conversations between organizers of a rival poltical party in swing districts proir to an election, etc. CointelPro as a service)
3. Giving users a new UI (speech) with which they can communicate with computer applications
If you dig into the CEO of the The Age Verification Providers Association (AVPA), he has spent years going out of his way to spam pro-age verification propaganda across random sites like Techdirt and Michael Geist's blog.
Its not unreasonable to assume that he would seek to automate his bullshit.
See here for some examples:
https://www.techdirt.com/2022/08/26/who-would-benefit-from-c...
https://www.michaelgeist.ca/2025/10/senate-bill-would-grant-...
Unless you live in North Korea, no there is not. This is pure conspiracy theory.
well at least your screen name is accurate, which is more than can be said of your comment.
There are better and there are really really bad ways to do ID checks. In a world that is increasingly overwhelmed by bots I don't see how we can avoid proof-of-humanity and proof-of-adulthood checks in a lot of contexts.
So we should probably get ahead of this debate and push for good ways to do part-of-identity-checks. Because I don't see any good way to avoid them.
We could potentially do ID checks that only show exactly what the receiver needs to know and nothing else.
> We could potentially do ID checks that only show exactly what the receiver needs to know and nothing else.
A stronger statement: we know how to build zero-knowledge proofs over government-issued identification, cf. https://zkpassport.id/
The services that use these proofs then need to implement that only one device can be logged in with a given identity at a time, plus some basic rate limiting on logins, and the problem is solved.
Thank you - this gets way too few attention especially among tech folks. People act like uploading your government ID to random online services was the only solution to this problem, which is really just a red herring.
Uploading IDs is the only solution we will get unless the people who care about privacy come up with something better.
OP literally highlighted a working solution. The EU is actively pursuing a knowledge proof solution that doesn't require uploading IDs.
Yes this is what I'm thinking about!
The challenge here though is to prove to the user, especially without forcing the user to go into technical details, that it is indeed private and isn't giving away details.
The user needs to be able to sandbox an app like that and have full control of its communications.
Comment was deleted :(
When ID checks are rolled out there is immediate outrage. Discord announced ID checks for some features a couple weeks ago and it has been a non-stop topic here.
From what I’ve seen, most of the pro-ID commenters are coming from positions where they assume ID checks will only apply to other people, not them. They want services they don’t use like TikTok and Facebook to become strict, but they have their own definitions of social media that exclude platforms they use like Discord and Hacker News. When the ID checks arrive and impact them they’re outraged.
Regulation for thee, not for me.
This is what I was wondering too. It doesn't seem genuine. Most people in tech I know will strongly oppose ID checks for internet use, rightfully so.
I think that not doing partial-identity checks invite bot noise into conversations. We could have id checks that only check exactly what needs to be checked. Are you human? Are you an adult? And then nothing else is known.
Identity checks do not prevent bot noise. They just increase the difficulty for bot operators a bit (steal / buy identities or verified accounts). Added bonus for them: Their bot comments now appear more authentic.
We have a Scylla vs Charybdis situation, where lack of ID leads to an internet of bots, while on the other end we get a dystopia where everything anyone has ever said about any topic is available to a not-so-liberal government. Back in the day, it was very clear that the second problem was far worse than the first. I still think it is, but I sure see arguments for how improved tooling, and more value in manipulating sentiment, makes the first one quite a bit worse than it was in, say, 1998.
> Back in the day, it was very clear that the second problem was far worse than the first.
This is still the case. The difference now is that the astroturfed bot accounts are pushing for fascism (I.E., the second problem).
It's very odd. I see it everywhere I go.
I think a lot of the younger generation supports it, actually. They didn't really grow up with a culture of internet anonymity and some degree of privacy.
The younger generation is growing up where the internet is a giant dumpster fire of enshitification that a tanker full of gasoline just got poured on in the form of AI chatbots. With agents becoming even easier the equivalent of script kiddies are going to make it so much worse.
Privacy with respect to the government was one of the final pillars, but when everything placed on the internet is absorbed by the alphabets of government agencies, and the current admin does searches of it as their leisure they understand nothing is anonymous anymore.
It's funny that this is what the younger generation is going to think Millennials and older are completely stupid for still supporting. The current structure only benefits corporations and bots.
Giving up one's privacy and anonymity will solve nothing. Bots will buy stolen IDs and use those anyway, as well.
A lot of people are unhappy with the state of the Internet and the safety of people of all ages on it. I believe we should be focusing on building a way to authenticate as a human of a nation without providing any more information, and try to raise the bar for astroturfing to be identity theft.
There's absolutely some astroturfing happening, but I wouldn't discount that there is some organic support as well. Journalists have been pushing total de-anonymization of the internet for a while now, and there are plenty of people susceptible to listening to them.
It does feel like a shift, and sometimes coordinated signaling. This post was at the top of this thread not long ago. Now it's all pro-age verification posts.
It's inauthentic at best. The four horsemen of the infocaplypse are drugs, pedos, terrorists, and money laundering - they trot out the same old tired "protect the children!" arguments every year, and every year it's never, ever about protecting children, it's about increasing control of speech and stamping out politics, ideology, and culture they disapprove of. For a recent example, check out the UK's once thriving small forum culture, the innumerable hobby websites, collections of esoteric trivia, small sites that simply could not bear the onerous requirements imposed by the tinpot tyrants and bureaucrats and the OSA.
It's never fucking safety, or protecting children, or preventing fraud, or preventing terrorism, or preventing drugs or money laundering or gang activities. It's always, 100% of the time, inevitably, without exception, a tool used by petty bureaucrats and power hungry politicians to exert power and control over the citizens they are supposed to represent.
They might use it on a couple of token examples for propaganda purposes, but if you look throughout the world where laws like this are implemented, authoritarian countries and western "democracies" alike, these laws are used to control locals. It's almost refreshingly straightforward and honest when a country just does the authoritarian things, instead of doing all the weaselly mental gymnastics to justify their power grabs.
People who support this are ignorant or ideologically aligned with authoritarianism. There's no middle ground; anonymity and privacy are liberty and freedom. If you can't have the former you won't have the latter.
I think it's complicated by the turning tide on the health effects of social media.
So people are kind of primed for "makes sense to keep kids from these attention driven platforms"
But I think the average person isn't understanding the implications of the facial/id scanning.
Could be astroturfing
> Has the vibe really shifted so much among tech-literate people?
Actually, yes, it seems to have shifted quite a bit. As far as I can tell, it seems correlated with the amount of mis/disinformation on the web, and acceptance of more fringe views, that seems to make one group more vocal about wanting to ensure only "real people" share what they think on the internet, and a sub-section of that group wanting to enforce this "real name" policy too.
It in itself used to be fringe, but really been catching on in mainstream circles, where people tend to ask themselves "But I don't have anything to hide, and I already use my real name, why cannot everyone do so too?"
I don't support ID for internet use, only for adult content specifically. There's things on Discord that would shock you to your core if you saw some of it, I don't think children should be blindly exposed to any of it. Specifically porn. Tumblr almost got kicked out of the app store over porn, they went the route of banning it and killing what to me felt like a dying social media platform as things stood.
Do you think strip clubs and bars should stop IDing people at the door? I don't. Why should porn sites be any different?
The difference is that at the strip club, you show your ID to the bouncer, who makes sure its valid and that the photo matches your face, and then forgets all about it. Online, that data is stored forever.
The principle of online ID checks is completely sound; the implementation is not.
That's pretty much over, too. PatronScan and others collect and share data as a first-class feature, e.g., to broadly 86 people.
The implementation is sound. Instead of getting an ID, the bouncer gets a serial number from you, he calls his government contact who tells him you are of age. The serial number is meaningless to him.
This would be impractical in meatspace, but works perfectly fine on the internet.
Instead of checking your ID, the bouncer sends you over to the shady broker, who takes a video of your face, photograph of your ID, checks you in the various databases (who knows, maybe you've been a bad boy previously), and only then gives you the permission slip to enter the club.
The data stays with them[1].
I think you grossly underplay the current practices.
[1] there's no hard, irrefutable proof companies like Persona (intimately connected with known law abusers, ie US government) keep their promises or obey the law.
Where in your metaphor are the club next door using Persona instead of that implementation, and the EU's reference implementation requiring a Google Play integrity check to acquire a serial number in the first place?
You're proposing that every porn site on the planet pings a user's government's API to see if they're adult or not? In other words, that any random site is able to contact hundreds of APIs.
Absolutely, yes. They don’t ping to see that you are of age, but that the random challenge generated by your ID checks out.
Where is it implemented that way?
In the proposal from the European Union, and in the implementation in Denmark.
Huh, interesting. Do you know if the government sees the identity of the company and the person being verified?
[edit] I did a little reading and it sounds like the company does not query the government with your ID. You get the cryptographic ID from the government, and present it to a company who is able to verify its validity directly. My source is mostly this: https://www.eff.org/deeplinks/2025/04/age-verification-europ...
If you're technically inclined I suggest you look at the Technical documentation for the implementation we're rolling out in denmark (It's in english): https://digst.dk/media/5gybwsaq/implementing-age-verificatio...
Awesome, thanks for the link.
Until sex, sexuality, and sexual fantasies no longer have any potential stigma associated with them, any sort of verification to view mature content is unacceptable.
That sort information can permanently destroy peoples lives.
I think the word you're missing is fatigue.
The average tech literate person keep seeing their data breached over and over again. Not because THEY did anything wrong, but because these Corpos can't help themselves. No matter how well the tech literate person secures their privacy it has become clear that some Corpo will eventually release everything in an "accident" that causes their efforts to become meaningless.
After a while it's only human for fatigue to build up. You can't stop your information from getting out there. And once it's out there it's out there forever.
Meanwhile every Corpo out there in tech is deliberately creating ways to track you and extract your personal information. Taking steps to secure your information ironically just makes you stand out more and narrows the pool you're in to make it easier to find you and your information. And again you're always just one "bug" from having it all be for nothing.
I still take some steps to secure my privacy, I'm not out there shouting my social security information or real name. But that's habit. I no longer believe that privacy exists.
To the extent we ever had it in the past was simply the insurmountable restrictions on tracking and pooling the information into some kind of organization and easy lookup. Now that it is easier and easier to build profiles on mass numbers of people and to organize those and rank them the illusion is gone. Privacy is dead. Murdered.
And people are tired of pretending otherwise.
People are saying privacy is dead for decades, yet privacy continually declines more and more. And there's still quite a ways it can go from here. The defeatist attitude only helps further erosion.
Please don’t mistake description for advocacy.
Noted. But really, I'm also saying your description is wrong.
> Has the vibe really shifted so much among tech-literate people?
HN has largely shifted away from tech literacy and towards business literacy in recent years.
Needless to say that an internet where every user's real identity is easily verifiable at all times is very beneficial for most businesses, so it's natural to see that stance here.
You talk about tech literacy, but then conflate age verification with knowing someone's identity. You should see the work people are doing to perform age verification in a way that preserves privacy, for example the EU and Denmark.
I mean there has always been some part of the tech literate people that were like that, they were just less likely to post about it on forums. Heck after the eternal September it wasn't uncommon for 'jokes' about requiring a license to use the internet.
Its weird how all these 1,000 IQ innovators suddenly can't figure it out.
I dont think they want to figure it out. They think the internet should be stagnant unchanging and eternal as it currently exists because it makes the most money. If you disagree you're either a normie, bot, or need to parent harder or something. There is nothing you can do don't dare try to change it.
The audience shifted from tech-literate to the opposite.
Too may in tech for the money that’s for sure. No fundamentals, just drilled leetcode.
I think so. A lot of people think the internet now is a somewhat negative construct and don’t feel so strongly about it somewhat dying away.
Beware the vocal minority. Internet comment sections only tell you the sentiments of people who make comments.
HN comments sentiment seems to shift over the age of the thread and time of day.
My suspicion is that the initial comments are from people in the immediate social circle of the poster. They share IRC or Slack or Discord or some other community which is likely to be engaged and have already formed strong opinions. Then if the story gains traction and reaches the front page a more diverse and thoughtful group weighs in. Finally the story moves to EU or US and gets a whole new fresh take.
I’m not surprised that people who support something are the ones most tuned in to the discussion because for anyone opposed they also have their own unrelated thing they care about. So the supporters will be first since they’re the originators.
The average tech “literate” person uses discord, social media, a GitHub with their real name, a verified LinkedIn, and Amazon Echo.
These are not the same people from 30 years ago. The new generation has come to love big brother. All it took to sell their soul was karma points.
Many of the things you mention are also tools that many people use in a professional context which mostly doesn't work if you try to be anonymous. Yes, some people choose to be pseudonymous but that mostly doesn't work if your real-life and virtual identities intersect, such as attending conferences or company policies that things you write for company publications be under your real name.
I highly doubt the sentiment is from real humans. If anything, it proves that a web-of-trust-based-attestation-of-humanity is the real protection the internet needs.
The vibe has shifted quite a bit among the general populace, not just in tech.
The short version is that voters want government to bring tech to heel.
From what I see, people are tired of tech, social media, and enshittified apps. AI hype, talk of the singularity, and fears about job loss have pushed things well past grim.
Recent social media bans indicate how far voter tolerance for control and regulation has shifted.
This is problematic because government is also looking for reasons to do so. Partly because big tech is simply dominant, and partly because governments are trending toward authoritarianism.
The solution would have been research that helped create targeted and effective policy. Unfortunately, tech (especially social media) is naturally hostile to research that may paint its work as unhealthy or harmful.
Tech firms are burned by exposés, user apathy, and a desire to keep getting paid.
The lack of open research and access to data blocks the creation of knowledge and empirical evidence, which are the cornerstones of nuanced, narrowly tailored policy.
The only things left on the table are blunt instruments, such as age verification.
This is a VC site, when the revenue generating model of the Internet has strongly shifted into surveillance capitalism overdrive.
Cui bono?
> Has the vibe really shifted so much among tech-literate people?
Yes.
Or more honestly, there was always an undercurrent of paternalistic thought and tech regulation from the Columbine Massacre days [0] to today.
Also for those of us who are younger (below 35) we grew up in an era where anonymized cyberbullying was normalized [1] and amongst whom support for regulating social media and the internet is stronger [2].
The reality is, younger Americans on both sides of the aisle now support a more expansive government, but for their party.
There is a second order impact of course, but most Americans (younger and older) don't realize that, and frankly, using the same kind of rhetoric from the Assange/Wikileaks, SOPA, and the GPG days just doesn't resonate and is out of touch.
Gen X Techno-libertarianism isn't counterculture anymore, it's the status quo. And the modern "tech-literate" uses GitHub, LinkedIn, Venmo, Discord, TikTok, Netflix, and other services that are already attached to their identity.
[0] - https://www.nytimes.com/1999/05/02/weekinreview/the-nation-a...
[1] - https://www.nytimes.com/2013/09/14/us/suicide-of-girl-after-...
[2] - https://www.washingtonpost.com/politics/2022/06/09/why-young...
[dead]
Better to let a hundred people’s “privacy” be violated than to let another child be radicalized or abused or misled by online predation.
> Better to let a hundred Black men be hanged than to let another White woman be radicalized or abused or misled by their predation.
This is how you sound to me.
> “privacy”
Why did you put "privacy" in scare quotes?
The information being collected isn’t inherently private. Usage patterns, facial analysis, stylometry, etc.
there is a lot you can do to determine a person’s age without ever having to see a formal ID.
I don't subscribe to this. I value my privacy more.
It’s bots pushing another false narrative. You’ll notice this in anything around politics or intelligence the past 10+ years, with big booms around 2016 and 2024 “for some reason”
No. There are significant numbers of real people who genuinely support this type of thing. Dismissing it as "bots" or a "false narrative" leads to complacency that allows this stuff to pass unchallenged.
The problem is: The people who typically support this type of thing are either technically illiterate and they support it, because it sounds good. Or they are promoting these laws because they actually want more surveillance and control. It's not about protecting children.
I still haven't read any truly compelling argument, why this type of surveillance is actually effective and proportionate.
Comment was deleted :(
I used to be so against this but after the never ending cat and mouse game with my kids (especially my son) I don't think the tech crowd really appreciates how frustrating it is and how many different screens there are.
Tons of data also showing higher suicide rates, depression rates, eating disorders etc. so it's not as if there is no good side to this.
If they are so intent on disobeying what makes you they won't just use a VPN or ask someone older to login for them (or any other workaround, depending on the technology)?
I think the tech crowd appreciates how hard it is to lock down access to tech, since they were the kids bypassing the restrictions
You are the one handing them those screens.
Comment was deleted :(
> Tons of data also showing higher suicide rates
Here is the data:
https://www.cdc.gov/mmwr/volumes/66/wr/mm6630a6.htm
and the more recent data:
https://afsp.org/suicide-statistics/
I was a child of the 90's, where the numbers were higher, where we had peak PMRC.
> depression rates
Have these changed? Or have we changed the criteria for what qualifies as "depression"? We keep changing how we collect data, and then dont renormalized when that collection skews the stats. This is another case of it, honestly.
> eating disorders
Any sort of accurate data collection here is a recent development:
https://pmc.ncbi.nlm.nih.gov/articles/PMC7575017/
> never ending cat and mouse game with my kids (especially my son)
Having lived this with my own, I get it. Kids are gonna be kids, and they are going to break the rules and push limits. When I think back to the things I did as a kid at their age, they are candidly doing MUCH better than I, or my peer group was. Drug use, Drinking, ( https://usafacts.org/articles/is-teen-drug-and-alcohol-use-d... ) teen pregnancy are all down ( https://www.congress.gov/crs-product/R45184 )
As a tech-literate person, I'm not 100% against the concept of ID if only because I think people will be more reasonable if they weren't anonymous.
This conflicts with my concerns about government crackdowns and the importance of anonymity when discussing topics that cover people who have a monopoly on violence and a tendency to use it.
So it's not entirely a black/white discussion to me.
Both Google and Facebook have enforced real identity and its not improved the state of peoples comments at all. I don't think anonymity particular changes what many people are willing to say or how they say it, people are just the creature you see and anonymity simple protects them it doesn't change their behaviour all that much.
I think opt-in ID is great. Services like Discord can require ID because they are private services*. Furthermore, I think that in the future, a majority of people will stay on services with some form of verification, because the anonymous internet is noisy and scary.
The underlying internet should remain anonymous. People should remain able to communicate anonymously with consenting parties, send private DMs and create private group chats, and create their own service with their own form of identity verification.
* All big services are unlikely to require ID without laws, because any that does not will get refugees, or if all big services collaborate, a new service will get all refugees.
The problem is this is only true for values of "reasonable" that are "unlikely to be viewed in a negative light by my government, job, or family; either now or at any time in the future". The chilling effect is insane. There was a time in living memory when saying "women should be able to vote" was not a popular thing.
I mean, this is _literally the only thing needed_ for the Trump admin to tie real names to people criticizing $whatever. Does anyone want that? Replace "Trump" with "Biden", "AOC", "Newsom", etc. if they're the ones you disagree with.
> Replace "Trump" with "Biden", "AOC", "Newsom", etc. if they're the ones you disagree with.
Stop trying to reason with fascists.
Everyone in the world knows that the Democrats you named are too ideologically aligned with right-wing hatred to ever leverage the repressive power of the state apparatus in the same way Republicans do.
Obama carried on where Bush left off. I think Biden was at least marginally better, at the very least I admire him for ripping off the Afghanistan bandaid, but the amount of effort he put onto rolling back executive overreach was minimum if anything.
You're saying that Biden, AOC, and Newsom are "ideologically aligned with right-wing hatred"? This is not something I've ever heard a human being say. Almost afraid to ask, but where's that coming from?
Why did AOC stop calling them "concentration camps" when Biden took office?
> I think people will be more reasonable if they weren't anonymous.
I've seen people post appalling shit on fuckin LinkedIn under their own names.
Strong moderation keeps Internet spaces from devolving into cesspools. People themselves have no shame.
Same. Also on Facebook and Nextdoor (with real names and addresses).
Real name moderator is a fallacy.
That's what I believe as well. Anons have turned the internet into an unsafe cesspit. It's the opposite of a "town square."
Internet anonymity is FAR from something new.
When you’re young, the overwhelming and irrepressible desire to overcome society's proscriptions to satisfy your intellectual and sexual curiosity is natural and understandable. The open Internet made that easier than ever, and I enjoyed that freedom when I was younger—though I can’t say it was totally harmless.
When you’re older and have children—especially preteens and teenagers—you want those barriers up, because you’ve seen just how fucked up some children can get after overexposure to unhealthy materials and people who want to exploit or harm them.
It’s a matter of perspective and experience. As adults age, their natural curiosity evolves into a desire to protect their children from harm.
The only thing this is going to achieve is to bar unverified users form the vaguely reputable and mainstream places into the small, completely unregulated spaces, sites and networks.
I presume you prefer hard requirement of IDs.
I'm saying this will make kids go to i2p, tor, to the obscure fora in countries not giving a f* about western laws.
As a parent to the teens and teens, THIS makes me concerned. The best vpns are very hard to detect (I know, I try it myself).
> I'm saying this will make kids go to i2p, tor, to the obscure fora in countries not giving a f* about western laws.
Some will, but most won't. Similarly, most kids who are dissuaded from buying alcohol because they don't have ID are not going to break the law to get it, or switch to hard drugs as an alternative.
You can't let perfect be the enemy of better.
I my kids' school some 30% of the kids vape. They don't drink because it's no longer a thing in this generation. Those who want to get the alcohol still get it very easily (by the means of £10 tip for the bum).
I agree with your last paragraph but the current development (for example the intentionally imprecise OSA in the UK) is NOT aimed at "protecting children" (whenever I hear someone say "think of the children" Id prefer they stopped thinking of mine all the time, creeps).
Here's the long article unpicking it in details: https://consoc.org.uk/the-online-safety-act-privacy-threats-...
> Under the cover of protecting children – a catchphrase repeated as the reason for the urgency of the legislation – the government has already conferred on itself future powers to access end-to-end encrypted messages (as soon as the technology becomes available), as well as powers to restrict what can and cannot be said on social media platforms as regards “false communication”. The categorisation debate reveals a kind of mission creep toward the spread of information, and the government’s inability to control it – rather than the actual harm information may cause.
Notice: the stated lie is "we protect the children!" but the intention of the act is to access everything everywhere.
Predictably the MPs are ramping up the pressure calling for more https://committees.parliament.uk/work/8641/social-media-misi...
And more: https://www.ibtimes.co.uk/uk-government-vpn-restrictions-onl...
And more: https://support.apple.com/en-gb/122234
And more: https://www.gov.uk/government/news/keeping-children-safe-onl...
And more! https://www.bbc.co.uk/news/articles/cp82447l84ko
AND THEN: https://cybernews.com/news/and-then-mullvads-anti-surveillan...
Do you really, honestly, hand on heart believe that it's just about "protecting the kids"?
At heart, I do believe that the politicians are well-intended. It's difficult to argue that we shouldn't try to prevent the production and dissemination of CSAM. That traffickers in CSAM are more sophisticated than ever, and encrypted communications combined with the dark web help them cover their tracks are undeniable facts.
Freedom of speech is not, and has never been absolute. For example, it's unlawful to lie about the content of food and drug products. Fraud is unlawful. We also hold people liable for defamation.
You're right that technology would allow governments to cast a broad net over communication and open the door to certain kinds of abuse. It's a completely legitimate concern.
This is where legal and constitutional protections can come into play. The ability to collect communications should be coupled with safeguards to prevent people from being prosecuted for lawful speech. To have one without the other would be a tragedy. And, yes, sometimes despots need to be dealt with through violent means (politics by other means, see Clausewitz).
So you basically want to prevent your children from doing what you did at their age?
And you don't mind that freedoms of all of us would be restricted as a result?
And then, we keep blaming boomers for those restrictions.
> And you don't mind that freedoms of all of us would be restricted as a result?
Usually the people who say things like that really just want to restrict everyone's freedoms. Everything else is just bluster.
Freedom to do what, exactly? You realize that the extreme opposite of laws and restrictions meant to maintain a working social order is anarchy, right?
> Freedom to do what, exactly?
You may be failing to comprehend the concept of "freedom".
Please, O wise one, explain "freedom" to the political scientist and lawyer you're talking to. Let me get my popcorn first.
I am so sorry. I didn't realize you had a *political science* degree.
I'll get my simpleminded ass out of here leave this discussion to the scientists.
Alternatively, you could provide a substantive and respectful argument instead of a snipe, as you should have done in the first place.
I'm sorry but I don't think I have the proper training to debate someone so far outside of my intellectual weight class.
> Please, O wise one, explain "freedom" to the political scientist and lawyer you're talking to. Let me get my popcorn first.
If you think only "political scientists and lawyers" have to decide what a freedom is, you have quite a totalitarian mindset.
If you have some arguments, pray tell. "I'm the smartest guy here" is not an argument. It's just something an NPC would say when they run out of arguments.
PS: This is not ad hominem. It's a dismissal of your claim of authority.
I'm afraid you missed the point of my reply. You have to assume here that the people you're arguing with may, in fact, be as smart as, or even more knowledgeable than you regarding certain subjects; and that dismissive replies like "You may be failing to comprehend the concept of 'freedom'" put you way out of line and at risk of having your ass handed to you. Come armed with substance, not snipes.
Where I said that?
You didn’t say that; the person I was responding to did. https://news.ycombinator.com/item?id=47123782
You responded to me :)
There's 190,000 pages of CFR that are essentially bound as law, almost entirely written and maintained by unelected bureaucrats.
They've been deciding what "freedom" is for a long time (even deciding what constitutional rights are, on occasion, see ATF bureaucrats constantly publishing and changing rules re-deciding what constitutional restraints they think there are on the 2A).
Of course, these "scientist and lawyers" know they have this power, and are so seeped in it, they occasionally forget when they step out of the ivory tower that the plebs (and indeed, the foundational ideals USA was built on written by those such as Locke) usually either disagree with it or aren't aware that much of the USA functions under "credentialism/technocrat makes right" and the scientist and the lawyer as the arbiter of freedom.
This feels like one of those moments when the technocrats forget that they've shed the thin façade they hide behind.
No political thread would be complete without a Second Amendment absolutist joining the conversation in order to derail it. They're joining sooner than ever!
The opposite of something like Bastiat's ideal of the law is something more like the law of tyranny or law of the plunderer. Anarchy I place somewhere closer to the middle -- better than the law of a tyrant because at least under anarchy the law of the tyrant isn't legitimized even if it still might be enforced by might.
Yes, in exactly the same way that my dad would want me to only use SawStop table saws so that I don't lose a finger like he did.
As for "freedoms," you're not free to vote or drink alcohol below a certain age. And before the internet, minors couldn't purchase pornography, either. Some people perceive this change as a return to normal, not an egregious destruction of freedom.
> As for "freedoms," you're not free to vote or drink alcohol below a certain age. And before the internet, minors couldn't purchase pornography, either. Some people perceive this change as a return to normal, not an egregious destruction of freedom.
I am not talking about pornography or alcohol at all.
I hope you are aware that requiring an ID to surf the internet leads to total censoring and self-censoring of the complete internet. There goes your privacy, anonymity, and right to free speech.
If your country's regime really wanted to address pornography or alcohol, I'm pretty sure they would be able to shut it down without requiring everyone's identity. The issue is, they are just using these topics to manipulate people, and you are failing to that trap.
> requiring an ID to surf the internet
Who's proposing this? I don't want to argue over a straw man.
Age verification === require an ID
Right. I meant the "to surf the internet" part. Who's proposing this, exactly? No government is mentioned in the article that is doing or considering this.
They are talking about it in the context of "high risk" services and social media, but not the Internet as such.
SawStop table saws still suffer from kickback like other table saws, which is arguably much more dangerous than losing a finger and can even cause lethal injury. The SawStop mechanism might provide an illusion of safety that results in users being less careful with their work.
I think the solution we really need is age verification for table saws. Of course, it goes without saying that the saw should also monitor the user's cuts to make sure they're connected with the right national suppliers who can supply material to meet their needs, and to ensure that you aren't using the saw to cut any inappropriate materials from unregistered sources.
Ah, yes, the old "safety mechanism doesn't protect against all dangers, therefore it has no value" argument. Right.
The door is over there. Take the baby out with the bathwater as you leave. -->
> When you’re older and have children—especially preteens and teenagers—you want those barriers up, because you’ve seen just how fucked up some children can get after overexposure to unhealthy materials.
You mean that you shirk your responsibility to teach your child how to protect themself on the Internet, and instead trust the faceless corp to limit their access at the cost of everyone's privacy? How does this make sense...
They may be looking at the societal level and saying: "I can attempt to teach my kids best practices, but I've learned I sure can't rely on my peers to do the same with their kids...", then feeling like the outcome of that, if left as-is, is societal decline... and then believing that something needs to be done beyond the individual level.
If a business demands you reveal your identity as a condition of use, and you would rather maintain your anonymity, you can choose not to use that business. It's not like these companies are providing essential services necessary for life.
Heck, you can't even obtain housing -- which is an essential service -- without having to provide identity in most cases.
Some people would argue though that if the friend group is on Facebook/Discord or whatever, and they aren't going to move off to cater to the person rejecting those services, then those services are at least essential to maintaining those social ties. They decided that giving up their data was a tradeoff worth it.
What remains to be seen is if the outcome of teenagers becoming social pariahs is really worse than the alternatives.
If not joining social media with friends has been seriously detrimental to teens by making them social pariahs, I'm sure we'd have heard plenty of horror stories by now, as these services have been around for over 20 years. Compare against the horror stories we have heard about those who have gone down the dark roads social media has opened to them that ended in tragedy.
"Age-restriction laws push platforms toward intrusive verification systems that often directly conflict with modern data-privacy law" - when you make rules contradictory, someone always violate these laws, and you can use selective persecution to "convince" companies to favor you, the incumbent politician. You don't even have to use such power, just a "joke" may be enough to send have any rational CEO licking your shoes.
European proponents of "anti-big-tech action" make it pretty explicit - broad discretionary power should be given to executive branch, because otherwise "international corporations" will use "loopholes" (and these "loopholes" are, in practice, explicitly written laws used as intended).
Social media, at least, are reaching the state the smoking had in the 80's when it started to be banned. After an era of praising (00's) scepticism followed (10's) until an underage ban comes (20's). Maybe in the 30's they will be banned in public spaces!
The problem of identifying a value for each person is very difficult. But government's role stops there. Until the teenager's screen more factors stay in the middle (parents, peers, criminals). I am curious how it turns out eventually. As a parent, I have already banned SM for my children, so not "affected" by the new policy.
Ban in public spaces might not make sense since there isn't a proximity hazard like smoke. But I can imagine after kids are banned from social media and we see how this was an obviously positive effect on their mental health, we will begin to acknowledge that this stuff is toxic for adults as well.
We could start to ban many of the mechanisms social media companies have deployed over the last 10 years. Infinite scrolling, algorithmic feeds of "creator" content, AI generated ragebait from bot accounts, etc. I'd love to see social media reverted back to when it was just holiday photos from your friends.
Age Verification is very hard to do without exposing personal information (ask me how I know). I feel it should be solved by a platform company - someone like Apple (assuming we trust apple with our personal information but seems like we already do) - and the platform (ios) should be able to simply provide a boolean response to "is this person over 18" without giving away all the personal information behind the age verification.
Now the issue of which properties can "ask to verify your age" and "apple now knows what you're looking at" is still an unsolved problem, but maybe that solution can be delivered by something like a one time offline token etc.
But again, this is a very hard problem to solve and I would personally like to not have companies verify age etc.
We've spent 30 years telling people "don't share personal info online" and now the compliance path is "upload your ID or face so you can browse memes"
Non of which is necessary to verify you crossed age threshold. Websites are just lazy, maybe on purpose. Accepting this kind of low effort age verification would be foolish.
Isn't it a simpler solution to create some protocol for a browser or device announce an age restricted user is present and then have parents lock down devices as they see fit?
Aside from the privacy concerns, all this age verification tech seems incredibly complicated and expensive.
I think this solution exists (e.g. android parental lock, but also ISP routers). But parents and industry have failed to do so on a greater scale. So legislation is going for a more affirmative action that doesn't require parental consent or collaboration.
A service provider of adult content now cannot serve a child, regardless of the involvement or lack thereof of a parent.
Age verification is age discrimination.
Some can be 50 and still be clueless who to trust and what to do.
Every kind of discrimination merely shifts the burden.
And thinking of the children as an excuse for draconian law is itself child abuse. It's using children as a shield to take cover.
EDIT: I'd like to add that if age verification becomes a thing, we should also have an online drug test, insurance verification, financial wellbeing tests, mental health checks and a badge of dishonor for anyone who fails to comply.
Is this article AI-generated? https://www.pangram.com/history/f421130b-eefc-4f8c-b380-da0a... . I find it worrying that authors don't disclose the amount of AI assistance used in drafting and editing upfront. It sets a worrying precedent where everything is AI unless proven otherwise.
I'm certain there is a way to verify age without compromise of privacy or identity. I'm sure it's possible to build some oAuth like flow that could allow sites to verify both human-ness and age. The systems and corporations that gate that MUST (in the RFC sense) be separate from the systems and corporations that want the verification.
Do we need laws to make this happen? What methods can be used to aid adoption? Do site operators really want to know the humanness and ages or are those just masks on adding more surveillance?
The thing that needs to be age banned, or really just banned, is algorithmic feeds with infinite scroll. Kids (and adults) need to just interact with their friends, and block all the bait.
For adults, I think a legal opt-in-only policy would work well. And require reconsent with every major algorithm change.
What's always got me about this is when I was in school I had it absolutely drilled into me that I should never expose personal information online to anyone, I completely saw the logic in that and so heavily limit the personal data I give out. Now we're just expecting people to completely go against that and give away the most personal details possible to companies who cannot prove what they are or are not doing with it just because governments have decided that's best now?
The people pushing for this resent schools because they instill a sense of dignity in the population.
They are bothered that you were taught such things and have made sure that your children will never be exposed to such information.
They want to kill anonymity on the open web. This is why I am against that.
Comment was deleted :(
Surprisingly there is solutions that work just fine.
It's like bankid or myid works in Scandinavian countries.
When you need to identify yourself you are challenged by a 3rd party trusted service.
Making this a age verification should be very easy.
I really do think age verification should be at the device level, not per app or website. Parents can and should lock down their children's devices. I know device manufacturers don't want to take on that legal burden, but the tech is _right there!_
Starts off with a flawed assumption, playing into the hands of people who want surveillance.
"The only way to prove that someone is old enough to use a site is to collect personal data about who they are. And the only way to prove that you checked is to keep the data indefinitely."
If you start by legislating that you can't collect personal data or ID, then you are forced to do your age verification through other means. And legislate the government can't see what websites a user is visiting if you can to stop overreach. End result is a workable solution, zero knowledge proof or similar where government (the source of your ID documents) signs a token brokered by a proxy.
But when you start arguments from the position of 'no way to do this without violating privacy', the end result will be to violate privacy, because it seems an awful lot of people are demanding age verification and will sacrifice if they believe it is necessary.
The internet isn’t the same as it was when we were growing up, unfortunately. I miss the days of cruising DynamicHTML while playing on GameSpy but… yeah. It became an absolute clusterfuck and I’m not surprised they now want to enforce age restrictions.
Maybe TBL is right and we need a new internet? I don’t have the answer here, but this one is too commercialized and these companies are very hawkish.
Well there are technical solutions for this: blind signatures.
I could generate my own key, have the government blind sign it upon verifying my identity, and then use my key to prove I'm an adult citizen, without anyone (even the signing government) know which key is mine.
Any veryfying entity just need to know the government public key and check it signed my key.
The ID check laws are about matching an identity to a user account.
If the identity check was blind it wouldn't actually be an identity check. It would be "this person has access to an adult identity".
If there is truly no logging or centralization, there is no limit on how many times a single ID could be used.
So all it takes is one of those adult blind signatures to be leaked online and all the kids use it to verify their accounts. It's a blind process, so there's no way to see if it's happening.
Even if there was a block list, you would get older siblings doing it for all of their younger siblings' friends because there is no consequence. Or kids stealing their parents' signature and using it for all of their friends.
I don't quite get your point. The signer is blind to what it signs, but that does not mean there is no identity per se.
A signed key is still unique.
- You can still check that user 1 and user 2 don't use the same key.
- You can still issue a challenge to the user every 10 days to make sure he has indeed access to his key and not just borrowed it.
- You can still enforce TPM use of said keys, so that they cannot be extracted or distributed online, but require a physical ID card.
- You can still do whatever revocation system you want for the cases when a key is stolen or lost.
Really the "blind" nature of the signature changes nothing to what you would normally do with a PKI.
You're only describing a half-blind system.
If the site you send your information to gets a uniquely identifying piece of information, that's not blind to your identity.
> - You can still check that user 1 and user 2 don't use the same key.
The systems described elsewhere in the thread give people a set of signatures that can't be traced back to their source.
I was thinking the same thing. Why don't we just get a key from the government?
> Why don't we just get a key from the government?
Because one could argue that the government could keep track of the keys they give away.
That is where blind signing is interesting. The government can sign _your_ key without knowing it.
I would argue that this has nothing to do with age verification, but everything to do with getting identifiable data on all of us.
In my experience the people who want "privacy preserving age verification" are the same people who want "encryption backdoors but only for the good guys." Shockingly the technically minded among them do seem to recognize the impossibility of the latter, without applying the same chain of thought to the former.
They are fundementally different problems. It is already the governments job to maintain a record of their citizens and basic demographic information like age.
Private actors are already offering verification as a paid service. They are accumulating vast troves of private date to offer the service.
The elephant in the room is 'unverified' users will overwhelmingly be underage kids, and that absence will be tracked across the internet. This whole thing inadvertently exposes who are the kids vs the adults programmatically.
Second, if all it takes to get into underage spaces is not being verified, predators *will* notice and exploit this hole.
Even the absence of information is information.
> The Roblox games site, which recently launched a new age-estimate system, is already suffering from users selling child-aged accounts to adult predators seeking entry to age-restricted areas, Wired reports.
I rest my case.
> Second, if all it takes to get into underage spaces is not being verified, predators *will* notice and exploit this hole.
Which once people realize that, it all becomes really silly. The only way it would really work is by verifying that people are children, so only children can be in the gated location. But then you need to do mass surveillance on children and I think even the average person realizes this just makes that a great place for predators and the damage caused by a leak is far greater to children. Not to mention the impractical nature of it as children are less likely to able to verify themselves and honestly, you expect kids to jump through extra hoops?
Anyone that believes these systems will keep predators away from children haven't thought about even the most basic aspects of how these systems work. They cannot do what they promise
Age verification is one of the dumbest things humanity is wasting it's resources on.
From every political angle, the messaging seems to be "we want you to give birth to many kids, but we don't trust you raising them"
The powers that be are 'correcting' the mistake of the anonymous internet where anyone can call a politician fat and the police can't arrest them for it.
Comment was deleted :(
This is my problem with the Discord situation too:
Big tech don't have wait for an outright government ban when they can just say that we are a teen-only site by default and everyone have to verify if they are over 18 or not. This age verification will affect everyone no matter what.
How about we accept age verification but every parliamentary type that voted in favor goes to jail for just one year for each data breach?
Practically that means all of them will be imprisoned for life, of course.
people really believe this coordinated push across jurisdictions is about kids and verifying their age? this excuse to try to end pseudonimity on the web is as old as the mainstream internet itself
to a lot of people it never sat well that people could just go online and say whatever they want, and communicate with each other unsupervised at large scale, and be effectively untargetable while doing so - that model of the internet was only allowed because it happened under the radar and those uncomfortable with it have been fighting it since they got the memo
the companies pushing hardest for age verification are the same ones whose business model depends on knowing exactly who you are. the child safety framing is convenient cover for a data collection problem they were already trying to solve.
kids will just use their parents' credentials. it's not an edge case, it will actually just be a default behavior, I promise. platforms need to be safe by default, but that's the problem - safe by default doesn't play nice with engagement. platforms need engagement for profit. chicken and egg.
Comment was deleted :(
Comment was deleted :(
I‘m not too knowledgeable about this, but couldn’t you just provide a government issued key to every citizen and give a service provider that key and it‘s only valid if you’re above a certain age?
I don't get the alcohol analogy as in most places it's 100% legal for minors to consume alcohol in the home with parental permission in the USA. In public it's a different story.
'You must be 13 years old or older to create an account on this forum.'
Yeah, sure. Whatever you say, Jack.
"Verifying age undermines everyone's data protection"
That's the whole point, right? A pretense to remove any remaining anonymity from communications?
Governments are endlessly infested with the worst people. They look back at historical attempts at totalitarianism and think to themselves, "Let's facilitate something like that, but worse".
good breakdown of the tradeoffs but it kinda stops at critique. explains why age verification becomes invasive but doesnt really propose what a workable alternative looks like. feels like we need concrete models or architectures not just pointing out the trap.
Everything is a trade off in the world. I think that people who are anti-id ignore this but for me personally it’s harder and harder to accept the trade offs of an internet without id. AI has only accelerated this, I don’t want to live in a world where the average person unknowingly interacts with bots more than other individuals and where black market actors can sway public opinion with armies of bots.
I think most people are aligned here, and that an internet without identification is inevitable whether we like it or not.
Astroturfing was already a thing.
Identification fixes nothing here, you log with your account, plug in the AI.
The problems with social media have nothing to do with ID and everything to do with godawful incentives, the argument seems to be that it's a large price to pay but that it's worth it. Worth it for what? The end result is absolutely terrible either way
Astroturfing will still be a thing after ID. What, you think the government is going to go after their own bot armies?
I think it would be a lot more difficult for anyone to do and it isn’t like people will be using government platforms at least not in the west
>I think it would be a lot more difficult for anyone to do
Why? Like, what makes you think that?
Because of ID tracking? Say you have attach your government approved ID to use social media. It is now trivial to check how many accounts you have made and how much you have posted. You certainly can't be posting faster than the fastest typist in the world. And if you're mostly just copy pasting, is the quality of the posts actually worth engaging with?
While I am not against internet ID, there is a case to be made for social media for the harms they are causing.
It is now trivial to check how many posts many people in social media make with their own accounts, and astroturfing campaigns still happen.
Why would social media companies fight against this? They, much like the public actually like the engagement. That is the whole problem.
Look at X, where you can now see where people are posting from, do people honestly engage with the feature? No, they don't bother to check if they agree with the content and they use it as an excuse to dismiss in bad faith if they don't like the content.
This is not a control problem, social media networks are not at a loss of options in how to engage with this, they don't want to, the point can be made that states might want to fix this and are unable to, but if that was actually the case there's half a dozen better ways to do that, among them, banning the services.
The idea that the entirety of the population ought to throw privacy away so people can still browse Instagram is repugnant to me.
I think we're speaking past each other. I'm talking about the way a single user can create multiple accounts on a single platform to create the illusion of consensus. If you repeatedly see a single user creating many posts / comments on a single topic, it quickly satiates your attention.
With an approved ID, it will be trivial to enforce 1 ID 1 account on 1 platform. This is not possible now.
To my knowledge, no country has tried it before up until recently. The issue of government distrust is valid, but that shifts the problem to one of government accountability, not accessibility. Demand the rule of law to be upheld, hold those in power accountable and be vigilant of their trespasses, do not abdicate what little power you hold. That is what is required for civil society to function properly.
Let's say the government issues hundreds of thousands of IDs to people who don't exist and uses them to verify bots (or room full of paid humans) that post pro-government messages all day, at "normal" rates that a human posts.
It's amazing how there is a much larger crowd, of completely real people, who approve of the government, than those nasty dissenters. We know they're real people because we trust the government vouching for its own IDs.
And because of the real ID policy, the government can also ask the social media company for the ID used by opposed posters, and find out where they live and "visit" them, maybe "warn" them.
Hooray for democracy!
This sounds like an unreasonable amount of distrust in a government. If a government is truly malicious, it no longer matters if an ID was issued in the first place.
Take the current US administration. If they were to point the finger at a user for something the government didn't like, I doubt many people will agree, and more likely people will be opposed to the government than the user. The most important thing is to prevent government from abusing violence on the people for speaking up, which is somewhat lacking in the US.
More effort should be done to hold governments accountable, not finding ways to skirt around it.
It doesn't even have to be malicious. The UK government had the https://en.wikipedia.org/wiki/Windrush_scandal where it lost the only identity documents of thousands of people, and also tried to remove them from the UK for not having these documents.
Governments shouldn't work like Google's technical support, where they are in 100% control and you have zero recourse if they don't like you, or even if they just fuck up. Governments should be accountable to their people, there need to be systems (like courts) to rein in the government's unlawful actions. It goes without saying that government shouldn't build fully centralised systems of authority, and certainly shouldn't be implicitly trusted by third parties - because when they do that, things go badly for the citizens of that government. Or citizens of other countries (see e.g. the USA fucking with ICC staff)
...and yet here we are, discussing systems that would lock people out of all sorts of things if they won't or can't get a trusted proof they're in a central database we trust the custodians of 100% - those custodians never make mistakes or abuse their position, right? Why the rush to adopt the more fragile system?
What I worry about is more and more "nudge theory" or dark patterns coming in; you may be entitled to something, or have rights, and the government doesn't like people having that, or paying for people to have it. They won't say "no, people can't have these rights and entitlements" and take the hit at the ballot box (though sometime they do and that is strictly worse), but they will deliberately put in roadblocks and gotchas (digital or otherwise) that oh-so-unfortunately sometimes don't work, or are cumbersome and thus discourage people from exercising their rights.
1) ID checks will not close the trade off. Real IDs are easily available on the market. Thus criminals will used them no problem. It's the law-abiding privacy-minded people (like me) who would be hurt the most.
2) Your point is valid. I too want to know whether I am engaging with a bot or a person. This is impossible now and it will be impossible once ID check becomes ubiquitous.
3) I will be happy to see (or not) a blue checkmark by the profile name. Just like in Twitter. That's enough.
100% correct. At this point the harms to children from social media use are very well documented.
Like everything else in society, there are tradeoffs here, I'm much more concerned with the damage done to children's developing brains than I am to violations of data privacy, so I'm okay with age verification, however draconian it may be.
> At this point the harms to children from social media use are very well documented
Our middle child (aged 12) has an Android phone, but it has Family Link on it.
Nominally he gets 60 mins of phone time per day, but he rarely even comes close to that, according to Family Link he used it for a total of 17 minutes yesterday. One comes to the conclusion that with no social media apps, the phone just isn't that attractive.
He seems to spend most of his spare time reading or playing sports...
I commend this but I always try to think about the arguments for something like cigarettes. People didn’t buy the argument that parents need to be preventing their kids from smoking
most kids dont have parents who care to that degree.
As part of the unofficial bargain in which we limit screen time I get to spend a big chunk of my spare time driving him (and his siblings) to and from various sports fixtures.
Just one of the many joys of parenting :)
We need to destroy privacy and anonymity online for the noble goal of the government banning teenagers from looking at Twitter and Instagram?
If it's a concern, parents can prevent or limit their children's use. If all this were being done to prevent consistent successful terrorist attacks in the US with tens of thousands of annual casualties, I'd say okay maybe there is an unavoidable trade-off that must be made here, but this is so absurd.
"Preserving privacy and anonymity online" is not an inherent good. It depends on how it is being used and what the consequences on society are.
Thus far, privacy and anonymity have been used to get children addicted to garbage, distribute CSAM, create elaborate schemes of financial fraud (cryptocurrency), and develop drug distribution networks.
It's completely reasonable to limit privacy in order to combat these social evils.
It isn’t just about teenagers though I think I outlined that? We need to make sure people online are real people and yes we should prevent kids from being exposed to algorithms designed to addict then.
Adults are nearly as susceptible to such addiction. If this is the goal then the actual legislation should be to prohibit social media companies from doing it to anyone. (I think this would be government overreach and a possible first amendment violation, though. I say this as a center-left person who deeply hates what Musk has done to Twitter. I would even describe myself as an anti-free speech person; I just respect the nation's laws and the principle that the state should not be able to imprison you just for speech.)
Do you genuinely believe the major tech companies and gov reps actually want to close their addiction revenue taps?
No the argument is bad actors will reliably find a way to bypass these systems at an industrial scale while you'll instead snag honest people instead.
Look at the facebook real name policy.
This sounds a lot like the pro-gun rhetoric of bogging down the "good" gun owners but not doing enough to the "bad" gun owners.
It's not really the same. The good guy/bad guy gun rhetoric has deeply racist roots.
But beyond that we can look at places similar things have been rolled out.
Facebook has a real name policy and is overflowing with fraudsters and ai slop
Although I can't figure out how to sign up for a second telegram account with their phone number restriction that hasn't stopped multiple scammers hitting me up every day on the service.
On YouTube, their demographics has ladies in their 30s watching nursery rhyme videos by the millions because mothers give their children their phone.
On social media, scammers tend to take over the accounts of dead people because the deceased don't update their passwords after a data breach. Your ID card policy, however strict, isn't going to stop the most common attack vector
So I don't know what you're trying to solve with id checks: parents hand their logged in devices to their children, scammers raid the accounts of the verified dead, existing systems clearly aren't working and strictly enforcing ineffective security theater isn't going to change this
I'm all for empathizing with the concerns but doing something that doesn't work isn't a solution
On telegram and YouTube, I take your points, thank you.
To be honest, I find many holes the ID method myself and it stems from the free and abundant nature of the internet where anything goes everywhere. If I could take an analogy, it's like we have allowed casinos to be built all around the neighborhood and now have no political will to stop children from entering, though I do concede that it's much easier to stop a child from entering a casino than access to internet. Perhaps China was on to something with the great firewall, though I doubt the efficacy of that method as well.
But back to the use of ID, is there not an argument to be made that doing something is better than nothing? Personally, I would like the banning of algorithmic content and that online peers should only be found through intent and not recommended by the platform, but I digress.
> I think that people who are anti-id ignore this
No we do not.
>I don’t want to live in a world where the average person unknowingly interacts with bots more than other individuals and where black market actors can sway public opinion with armies of bots.
That is not the argument for identification on many places on the internet. It's not even the argument that the gov reps pushing it typically make. And why would it be. The companies that go along with all this don't want to get rid of all bots and public opinion campaigns. They make money off of many of those.
You're not thinking more than one step ahead. If you let a third party define who "has ID", "is human", etc. you give that third party control over you. You already gave control of your attention away to the sites who host the UGC, now you also give away control of your sense of reality.
At any point they can tell a real human what they can and can't say, and if they go against their masters, their "real human" status is revoked, because you trust the platform and not the person.
If we want to go full conspiritard, we could accuse those of wanting to control speech to be the financial backers of those flooding social media with AI slop: https://www.youtube.com/watch?v=-gGLvg0n-uY -- this fictional video thematically marries Metal Gear Solid 2's plot with current events: "perfect AI speech, audio and video synthesis will drown out reality [...] That is when we will present our solution: mandatory digital identity verification for all humans at all times"
I am though. In the world I live in I already have to give power over myself to corporations and a government, I don’t buy this as an argument for continuing to let internet companies skirt existing laws.
I don't know what to say. You will live in a world "where the average person unknowingly interacts with bots more than other individuals and where black market actors can sway public opinion with armies of bots", even more so after you and I and everyone on the planet are compelled to provide our identity at all times.
The various government actions trying to force "robust" age verification on the internet are being woefully naive in trusting other internet companies and letting them skirt existing laws on data protection.
That's not even mentioning other factions whose real goal is in shutting down legal speech that doesn't meet their Christian agenda: https://theintercept.com/2024/08/16/project-2025-russ-vought...
You are being a useful idiot, sorry. Your weakness is what politicians exploit when they say "think of the children", you fail to see the amoral power-grabs hiding beneath their professed sentiment.
I don't want you encouraging people to demand my identity because you trust "authorities" taking yours
(Disclaimer: American perspective)
Why don't we have PKI built in to our birth certificates and drivers licenses? Why hasn't a group of engineers and experts formed a consortium to try and solve this problem in the least draconian and most privacy friendly way possible?
newer passports and driver licenses do.
ID verification doesn't protect against that. Why not? Because there are a lot of people that will trade their ID for a small amount of money, or log someone/something in. IDs are for sale, like everyone who was ever a high school student knows for "some" reason.
Plus what you're asking would require international id verification for everyone, which would first mostly make those IDs a lot cheaper. But there's a second negative effect. The organizations issuing those IDs, governments, are the ones making the bot armies. Just try to discuss anything about Russia, or how bad some specific decision of the Chinese CCP is. Or, if you're so inclined: think about how having this in the US would mean Trump would be authorizing bot armies.
This exists within China, by the way, and I guarantee you: it did not result in honest online discussion about goods, services or politics. Anonymity is required.
If there's only a centralized system that uses digital IDs to hand off providers only a "yay" or "nay"...
A lot of talk and no solutions. Exactly the reason we are where we are.
Liquor stores, bars, strip clubs, adult bookstores, or similar businesses don't let kids in. Movie theatres don't let a 10 year old in to an R-rated movie. The tech industry ignored their social responsibility to keep kids away from adult and age-inappropriate content. Now, they are facing legal requirements to do so. Tough for them, but they could have been more proactive.
It's insanely dangerous to have so much data stored on so many servers that are inevitably not maintained.
I am so surprised by the comments on this thread. I was not expecting to see so many people on Hacker News in favor of this. As is typically the case with things like this, the reasoning stems from agreeing with the goal of age verification, with little regard to whether age verification could ever actually work. It reminds me in some sense to the situation with encryption where politicians want encryption that blocks "the bad guys" while still allowing "the good guys" to sneak in if necessary. Sure, that sounds cool, it's not possible though. I suppose DRM is a better analogue here, an increasingly convoluted system that slowly takes over your entire machine just so it can pretend that you can't view video while you're viewing it.
To be clear, tackling the issue of child access to the internet is a valuable goal. Unfortunately, "well what if there was a magic amulet that held the truth of the user's age and we could talk to it" is not a worthwhile path to explore. Just off the top of my head:
1. In an age of data leaks, identity theft, and phishing, we are training users to constantly present their ID, and critically for things as low stakes as facebook. It would be one thing if we were training people to show their ID JUST for filing taxes online or something (still not great, but at least conveys the sensitivity of the information they are releasing), but no, we are saying that the "correct future" is handing this information out for Farmville (and we can expect its requirement to expand over time of course). It doesn't matter if it happens at the OS level or the web page level -- they are identical as far as phishing is concerned. You spoof the UI that the OS would bring up to scan your face or ID or whatever, and everyone is trained to just grant the information, just like we're all used to just hitting "OK" and don't bother reading dialogs anymore.
2. This is a mess for the ~1 billion people on earth that don't have a government ID. This is a huge setback to populations we should be trying to get online. Now all of a sudden your usage of the internet is dependent on your country having an advanced enough system of government ID? Seems like a great way for tech companies to gain leverage over smaller third world companies by controlling their access to the internet to implementing support for their government documents. Also seems like a great way to lock open source out of serious operating system development if it now requires relationships with all the countries in the world. If you think this is "just" a problem of getting IDs into everyone's hands, remember that it a common practice to take foreign worker's passports and IDs away from them in order to hold them effectively hostage. The internet was previously a powerful outlet for working around this, and would now instead assist this practice.
3. Short of implementing HDCP-style hardware attestation (which more or less locks in the current players indefinitely), this will be trivially circumvented by the parties you're attempting to help, much like DRM was.
Again, the issues that these systems are attempting to address are valid, I am not saying otherwise. These issues are also hard. The temptation to just have an oracle gate-checker is tempting, I know. But we've seen time and again that this just (at best) creates a lot of work and doesn't actually solve the problem. Look no further than cookie banners -- nothing has changed from a data collection perspective, it's just created a "cookie banner expert" industry and possibly made users more indifferent to data collection as a knee-jerk reaction to the UX decay banners have created on the internet as a whole. Let's not 10 years from now laugh about how any sufficiently motivated teenager can scan their parent's phone while they're asleep, or pay some deadbeat 18 year-old to use their ID, and bypass any verification system, while simulateneously furthering the stranglehold large corporations have over the internet.
Whatever happened to all the innovation the tech world was capable of? This is 100% a solvable problem. It only needs the will and good law.
1) Person signs up with discord with fake name and fake email.
2) Discord asks (state system) for an age validation.
3) In pop up window, state validates the persons age with ID matching with face recognition.
3) State system sends token to discord with yes or no with zero data retention in the state records.
4) Discord takes action on the account.
What is so hard about this?
I want to sincerely ask whether you read my post, because your response is so unrelated I believe you might accidentally be responding to another post? If so, please ignore the rest, which is only intended in the case where you are actually responding to what I wrote.
Your system seems to address none of the issues I listed. For example, I argue that one difficulty is in the fact that these systems would be highly phishable -- a property that is present in your described "easy" solution. Your system trains users to become accustomed to being pestered by pop up windows that ask to see their ID and use their camera. Congrats, I can now trivially make a pop up a window that looks like this UI and use it to steal your info, as the user will just respond on auto-drive, as we have repeatedly shown both in user studies and in our own lived experiences. I also explained how a system like this would assist in the practice of trapping migrant workers by confiscating their government credentials [1]. This is a huge problem today in Asia, and one of the few outlets captive workers can use to escape this control is the internet -- a "loophole" your system would dutifully close for these corporations.
I am happy to have a discussion about this -- it's how we come up with new solutions! But that requires reading and responding to the concerns I brought up, not assuming that my issue is that I can't imagine implementing a glorified OAuth login flow.
1. There's tons of articles about this, here is one of the first ones that comes up on Google: https://www.amnesty.org/en/latest/news/2025/05/saudi-arabia-...
> these systems would be highly phishable
Well this is true of all of the internet, yes?
https://bankingjournal.aba.com/2025/08/report-financial-inst...
https://www.cyberdefensemagazine.com/the-rise-in-phishing-sc...
Your example about migrant workers is not an internet problem, it is a government problem. And a capitalism problem. I mean migrant workers? Why do these workers need to migrate? Usually because the U.S. has probably decimated their country.
But never mind, I agree that this is an unsolvable problem, not from lack of capability, but because we are ruled by sociopaths and most humans have been hacked by their addiction pathways. And I do not care about Saudi Arabia or Asia because I do not live there. And I do not care if they block all of the internet. We do not need it for anything, even less so for organizing.
Maybe we should just leave the internet, which is only a capitalist and government collusion to make people spend money. All the internet did was concentrate power to a few oligarchs. For everything good that the internet has provided I can show you ten things that are not only bad, but 1000 times worse, like monkey torture video sharing.
If I had kids today they would not even use the internet until they were out of my care. I only have six accounts on the internet. Including HN. I do not view porn, gamble, have any social media, and in fact I am trying to became un-homeless so I can go back to a flip phone.
IMHO, the answer is not a fee internet, the answer is leaving the internet. But it seems you made and make a nice living at all of this so I see what a sacrifice that would be for you. You are probably part of the reason I am homeless today, with the separation for wealth and all that. I see that you dnated to a bunch of neoliberal types and that fits. Seems you had over $17,000 to give to politicians. That is more than I survive on for a year. I mean, you do not need to do any work at all today. You could retire right now.
Sorry for the unrelated rant, but needed to get that off my chest for myself. Just tired of wealthy people trying to perfect a horrible system and technology that keeps making them money. You pretend like you care about the poor, like the migrant worker, but that is just laughable. If you did you would be against capitalism. You would give up all you own and follow Christ or Buddha or whatever. I mean you got $20 million and what did you do? You started making addictive games. And then you donate to these neoliberals who are no different than the neoconservatives.
Love, a old homeless guy who left Cisco in 1999 because he saw where all of this was going and who is currently sitting in a hotel he cannot afford because the 2002 minivan he lives in just lost its water pump.
If you need help (monetary or otherwise), please email me at tolmasky |at| gmail |dot| com. This is a sincere offer. I can't tell how much is hyperbole in your post, but if you're going through that and I can help, I'd be happy to.
> I mean you got $20 million and what did you do? You started making addictive games.
I refrained from responding to the rest since it seems that there is a deeper issue, but I could not help setting the record straight here. I think everyone who has ever played Bonsai Slice will firmly attest to it being the opposite of addicting. My parents never let me own a game console so I never really wrapped my head around games, and made exactly the kind of game someone like that would come up with: a deep tech exploration, to hopefully make progress on two problems that were plaguing me at the time: 1) how little mobile UI had seemed to progress (instead getting stuck in one-tap local maxima), and 2) building an app that is generally considered to be the worst candidate for a pure immutable language... in a pure immutable language in order to serve as a forcing function to surface new ideas in the space. I've always believed that if you wanted to make a general purpose programming language, you should probably try to have as much varied experience as possible, or otherwise you'll end up with a domain-specific language that is misused for every other domain (this is how I would describe most programming languages. In fact, I'd say most programming languages are written for the niche use case of writing a compiler, since they are written by compiler writers. Ironic that that is the last thing most get used for.). As such, I made a decision to start actually writing a wide variety of apps.
I sent you an email to continue our conversation.
Innovation doesn't need a big brother looking over your shoulder all the time. We have enough tracking tech on the web, no need to make it official as well. So yes, the "will" is missing, especially with the many misbehaviour states have shown towards privacy and surveillance.
A little legislative change and you can kiss your zero-proof goodbye if any infrastructure is established. This is about making intelligent decisions in your life. Your suggestion is far from innovative.
We will see real innovation in mechanisms to sideline age verification.
Defending the free internet nowadays means defending these sv criminals.
Isn't clear whether the paradox is biometric verification or ID data collection.
Not really. If you take their rhetoric at face value ("Think of the children") then sure, it undermines everyone's data protection.
I will go as far as to assume that no one on HN believes this is done for the children. It's been done to censor people and ID the majority of normies online. And when you think of this, the undermining of everyone's data protection is note an undesired side effect, it's the goal.
Every age verification scheme is really an identity verification scheme, "age" is just the acceptable entry point. Once the infrastructure exists to verify you are 18, it can verify you are not on a watchlist, verify your creditworthiness, verify your political associations.
You are not building a parental filter. You are building rails.
"Protect the children" is the canonical playbook for every surveillance expansion since forever. The children get protected for six months. The infrastructure stays forever.
I wonder how much time we have before being asked to enter the government issued ID in a card reader so websites can read age and biometric data from the chip.
Hence why Illinois has already mame it illegal.
It’s the same as scanning for CSAM, or encryption-backdoors “to catch criminals”.
Of course we hate child abuse.
Of course we hate criminals.
Of course we hate social media addicting our kids.
But they’re just used as emotional framing for the true underlying desire: government surveillance.
(For the record: I am not into conspiracy theories; the EU has seen proposals for - imho technically impossible - “legally-breakable encryption” alone in 2020, 2022, and 2025; now we”ll also see repeated attempts at the “age verification” thing to force all adults to upload their IDs to ‘secure’ web portals)
parents: won't somebody else put some rules and safeguards in place to protect my children?
Most of them probably don't even have kids of their own, they just hate social media for exposing children to conservative ideas and want to ban it to prevent that.
More like fear of exposing their children to anything other than carefully curated "conservative" ideas.
It's amazing how much it's possible to foment arguments against something if you are very well funded and a regulation will cost your industry a lot of money.
Age verification is a good thing. Giving children unrestricted access to hardcore pornography is bad for them. Whatever arguments you want to make, fundamentally this is true.
Age verification is fundamentally harmful and is an attack on user privacy. Age verification is being heavily lobbied for by tech companies that are hoping to get rich off of violating your privacy.
Anonymous age verification is fundamentally impossible. It is especially a bad idea for adult content, as a person's perfectly legal sexual beliefs and fantasies can permanently destroy their lives if that information got out. Parental controls are the only ethical, secure, and privacy protecting way forward here.
You are begging the question. If age verification is required, it's not 'perfectly legal' to access weird porn without going through age verification.
There is no right, or even a debate about whether there should be a right, to consume digital streams of other people engaging in sexual acts in total anonymity without proving age. In fact being able to do this at all is something that didn't exist until about 25 years ago, before that you had to drive down to a video store and rent a DVD or tape. At that video store you would have to show an ID to get an account, and there would be a permanent record at the store of what you have rented.
I get that people want to watch people engage in acts that they themselves find embarrassing and shameful. I don't agree that this is healthy, but if it's legal then I have no standing to complain much. However, it's not legal to provide videos of hardcore sex to children, which you are insisting is necessary to allow adults to consume videos of hardcore sex acts in perfect anonymity, which wasn't even a thing that was possible until very recently. Your argument is just stupid and absurd on its face.
I think this should work like OpenID connect but with just a true/false.
PS = pr0n site
AV = age verification site (conforming to age-1 spec and certified)
PS: Send user to AV with generated token
AV: Browser arrives with POST data from PS with generated token
AV: AV specific flow to verify age - may capturing images/token in a database. May be instant or take days
AV: Confirms age, provides link back to original PS
PS: Requests AV/status response payload:
{
"age": 21,
"status": "final"
}
I don't know if this is already the flow, but I suspect AV is sending name, address, etc... All stuff that isn't needed if AV is a certified vendor.
That solution still violates user privacy.
A better solution would be a simple "minor" flag that is only included on the devices of minors. No third party verification required for adults.
That works until minor-removing-flag proxys start popping up.
All of my kids devices are identified, at device level, as children's devices. They could've trivially exposed this as metadata to allow sites to enforce "no under 18" use. However, I'd disagree that my bigger concern for my kids isn't that they'd see a boob or a penis, but that they'd see an influencer who'd try to radicalize them to some extremist cause, and that's usually not considered 18+ content.
And either way, none of that requires de-anonymizing literally everyone on the internet. I'd be more than happy to see governments provide cryptographically secure digital ID and so that sites can self-select to start requiring this digital ID to make moderation easier.
The problem with that is that sites/apps will retain the identifier, either to use the Digital ID for login (not just one-time age verification), because they want to retain as much information as possible for later usage or sale, or because a government told them they have to retain it so all their social media activity can be easily linked to them.
That's what we have now, but mandatorily, and without the anti-sockpuppet protection a true ID would provide.
I have conspiracy theories about the conspiracy theories about digital ID. The people who benefit the most from fake people posting are spambots, sockpuppets, disinfo peddlers, and astroturfers.
And either way, I firmly believe that a site should be free allow you to log in without a digital ID... I just would like to be able to know who doesn't have one so I can know who's a real human being and who is an appendage.
Palantir.
Isn't hosting stuff on tor/i2p the solution here? Putting stuff technically out of bounds of regulation had always seemed like the ideal end goal
Isn't this the same debate as airports post 9/11, whether you can have both privacy and security? Seems conclusive, no.
My main takeaway from this is that politicians seem to have given up on making "social media" less harmful by regulating it, and instead focus on gatekeeping access, with the added perk of supplying security services and ad tyrants with yet another data pump.
This thread is gonna be full of HN users blaming the parents for a systemic problem isn’t it?
Yup.
I have been a kid and now a parent. It is impossible with the tools available to proof kids from the internet. If it's not a parent it's at a friends house, school devices, or a dedicated sense of curiosity.
Two things tech companies want to protect:
The perception of anonymity
Who gets to collect that information
I agree that a smaller loop of people should have that data but the loop is growing every day.
So if it ruins the perception anonymity for young naieve users so be it.
I'm not saying it's impossible to be somewhat anon, I'm just saying untrained users should understand the environment they're interacting with before they get hooked on useless products.
Imagine an OIDC type solution but for parents might work here.
Basically, kids can sign up for an account triggering a notification to parents. The parent either approves or rejects the sign in. Parents can revoke on demand. See kids login usage to various apps/services. Gets parental restrictions in the login flow without making it a PITA.
It's just another way to surveil the population and won't cause any real problems for anyone who can work around it.
"The only way to prove that someone is old enough to use a site is to collect personal data about who they are."
This is not true, as others have pointed out. Kind of sad to see no mention of privacy-preserving technology already in use in an IEEE article.
(thats the point)
All adults proof their identify multiple times per month: Every time they access digital health records, or when they use any electronic payment.
Just make Google/Apple reveal part of that data (age > x years) to websites and apps.
Boom, done. Privacy guarded. Easy.
>Every time they access digital health records, or when they use any electronic payment.
This is the internet.
Among those who were very familiar with it, the smartest money never started doing things like that.
zero knowledge cryptography solves this
Only in theory, and only if you blindly trust a third party. The implementations in practice are still massive privacy violations.
what third party do you need? The program can be opensource. The verification can be done onchain
Is there any production ready implementation out there?
ZKP is integrated in Google Wallet and has been running in production for a few months. We (Google) released the ZKP library as open source last year (this is the library used in production).
Announcement: https://blog.google/innovation-and-ai/technology/safety-secu...
Library: https://github.com/google/longfellow-zk
Paper: https://eprint.iacr.org/2024/2010
Afterwards, folks from ISRG produced an independent implementation https://github.com/abetterinternet/zk-cred-longfellow with our blessing and occasional help. I don't know if the authors would call it "production ready" yet, but it is at least code complete, fast enough, and interoperable with ours.
Thanks. I'll have a look.
That’s the point: enable mass surveillance and thee loss of privacy under the guise of another cause, usually “protecting the children”.
I feel like the ending undermines the whole piece. Throwing your hands up and going "we should do nothing" isn't really a solution. If a compromise exists I think it's adding age requests on device setup. There wouldn't be any verification but it could be used as a way to limit access to content globally. Content provides would just need a simple API to check if the age range fits and move right along.
This puts more onus on parents and guardians to ensure their child's devices are set up correctly. The system wouldn't be perfect and people using something like Gentoo would be able to work around it, but I think it helps address the concerns. A framework would need to be created for content providers to enforce their own rating system but I don't think it's an impossible task. It obviously wouldn't cover someone not rating content operating out of Romania, but should be part of the accepted risk on an open internet.
Personally I do agree with the "do nothing" stance, but I don't think it's going to hold up among the wider public. The die is cast and far too many average people are supporting moves like this. So the first defense should be to steer that conversation in a better way instead of stonewalling.
> Personally I do agree with the "do nothing" stance, but I don't think it's going to hold up among the wider public. The die is cast and far too many average people are supporting moves like this. So the first defense should be to steer that conversation in a better way instead of stonewalling.
I agree with this, and I find it frustrating how many people refuse to see this. It seems a lot of people would rather be "right" than compromise and keep the world closer to their stated values.
Imagine if regular TV with age warnings in the beginning of programs made you fax your ID to the channel headquarters before you could watch PG13+ or whatever movie. This is obviously a privacy nightmare and a suboptimal solution.
A good solution that respects privacy and helps reduce the exposure to harmful content at a young age is not very obvious though (but common sense and parental guidance seems to be the first step)
I don't see why platforms would have to store the data indefinitely.
Once you are verified, you just flip a bit "verified" in the database and delete all identification data.
No reason to store the data indefinitely
Big Tech refused to work together to implement a age flag that parents would setup on the children device, now we get each European and each USA state with their own special rules.
That was the goal.
I can understand the need to restrict some stuff kids can see, like when I was a teen it me hours and hours to download one 2 minute porn clip from kazaa, but these days you could download a lifetime worth in one weekend. That can't be healthy.
That being said nothing about these laws is about protecting children; their primary purpose is to crack down on the next Just Stop Oil or Palestine Action so for that reason should be opposed.
> their primary purpose is to crack down on the next Just Stop Oil or Palestine Action so for that reason should be opposed.
Could you explain to me how a digital id standard involving a mechanism for zero knowledge proof of identity is supposed to help the government crack down on activists (skipping the fact you are using UK examples for a EU spec)?
Take into account the reality we live in where every communication platform already requires you to provide your phone number and you can't get a phone number without providing an ID the European Union please, not some disconnected threat model.
> ...but these days you could download a lifetime worth in one weekend.
Uh. I could check in the back of my parents' closet (hidden under some fabric) for at least a decade's worth of dirty magazines. It's true that that's less than a lifetime's worth of pictures and articles, but I'd say that that's effectively equivalent.
> That can't be healthy.
The only thing that's unhealthy is not being able to talk frankly and honestly about sex and sexuality with your peers, parents, and other important adults in your life. Well, that and never being told that sex leads to pregnancy, or how to recognize common STDs... but you're likely to get that "for free" if you're able to talk frankly and honestly about sex and sexuality.
It's to continue the culture of bullying and lack-of-accountability by and for the perversely rich oligarchy.
For you'll need to be accounted while they do the counting.
If government is concerned shouldn't government just deliver auth based on birth certificate for everyone to use?
In most countries is illegal for small children to drive or to use fire arms. And it's their parents job to not let them to.
Instead of requiring IDs, we should let parents manage what their children do online.
"Think of the children" is merely a political argument to get a law to be popular among normal people.
this is a broader parenting problem, the state doesn't need to do this
politicians are interested in it because they're begging for some way to censor the internet, which would actually be even worse for parenting because now it prevents children from ever learning to be responsible with these highly addictive platforms
30 years of internet were possible with relative freedom, without spying and surveillance. All of the sudden it's not possible.
Governments recycle "Think of the children" mantra and they are again after terrorists and bad guys.
Mandatory age check is not going to reduce the number of criminals online. Period.
We should focus on teaching parents how to educate their children properly, and teach children how to safely browse the internet and how to avoid common scams and pitfalls.
I played Roblox when I was a teenager and all the time my aunt told me to be careful of who I talked to online, as they could be a pedo. Even though there wasn't a constant monitoring from my parents or family, her words were repeated many times that I actually thought 5 times before sharing any kind of personal information online, back then.
Helping parents would be useful rather than telling them to "just do it".
The pain in trying to set up fortnite and minecraft online as parents is unsummounted, involving creating half a dozen accounts with different companies just to get some form of control. Far easier to just give them an adult account.
The process to create a child account should be seamless and no harder than creating an adult account.
>Governments recycle "Think of the children" mantra and they are again after terrorists and bad guys.
nope, they are going after dissenters, not bad guys. It's how it always ends up.
if you are paying for internet access you have to be over 18, no?
and if you have internet access without paying, that means someone else is legally responsible for your access
"problem solved" ?
Famously children can only access internet from wifi paid for by their parents.
I'm not for these draconian age verification nonsense, but this isn't a valid argument.
It is a valid alternative avenue towards a legal implementation of "child safeguarding" IMO. Someone pays for the internet, that person is responsible for what minors do on their connection. If they have trouble doing that we can use normal societal mechanisms like idk social services, education, and government messaging.
This is the way it works with e.g. alcohol and cigarettes, most places. Famously kids can just get a beer from a random fridge and chug it, but someone 16/18/21+ will be responsible and everyone seems mostly fine with this.
If protecting children were the actual intended outcome, this would have been the logical way to do it. Since it isn't what they're actually doing, instead using personally identifiable information to establish your age, we can only assume it's an attempt to deanonymize the internet.
This will never work.
I regularly talk to other parents at the school gates who have no idea that permissions on mobiles even exist, let alone that they can choose what they let each app have access to.
The general public people just dont care.
Yes, it's hard work to build a society where people behave responsibly and in their best interests. But I'd prefer we actually put in the effort rather than go for the easy authoritarian option out of basically laziness and contempt for your fellow man.
(fwiw I regularly talk to parents who are quite aware of various parental controls and use them effectively, combined with talking to their kids and just general good parenting practices)
This is the answer. If you provide internet access to someone, you're responsible for it. It's a generally established law from a Torrenting PoV, so isn't it equally applicable to downloading content unsuitable for children. Sure it'll destroy offering free wifi, but that always was tricky from a legal PoV around responsibilities.
Ideally the law would require websites (and apps) to provide some signed age requirement token to the client (plus possibly classification) instead of the reverse. Similarly OS and web clients should be required to provide locked down modes where the maxium age and/or classification could be selected. As a parent I would the be able to setup my child device however I wish without loss of privacy.
Is it bypassable by a sufficiently determined child? Yes, but so it is the current age verification nonsense.
> if you are paying for internet access you have to be over 18, no?
No, that's not the case.
every contract by every ISP i have ever signed has required me to be over the age of 18 to enter the contract.
In many countries, it's possible to get a prepaid SIM with data access - without any ID or age requirement whatsoever.
ah, fair, but with an easy enough fix. make data-enabled SIM cards be 18+ (or whatever age). show ID to the store clerk at purchase time, just like if you were buying smokes/alcohol.
And then how does public wifi work? Stand outside a Weatherspoons, or just walk down a highstreet with free internet, back to square one
seems dead simple to me: if you host public wifi, you are responsible for the people that use it. easy!
just like you already are responsible for what happens on your free public network (torrenting, hacking, CSAM, etc.) in most jurisdictions
(for what its worth, i think age verification is dumb. but it looks like we're getting it one way or the other)
unless your kid never goes to public school that isn't true
or goes outside at all. free wifi is everywhere
Free wifi generally is everywhere, however it is often heavily filtered and firewalled to stop being doing things the internet owner wouldnt approve of.
I have a problem with an open internet and allowing open access to everything the internet can offer to young children.
It cannot be a friction-less experience. Allowing children to see gore and extreme porn at a young age is not healthy. And then we have all the "trading" platforms (gambling).
Even though my brothers were able to get many hard drugs when I was young, around 1977, there was a lot of friction. Finding a dealer, trusting them, etc. Some bars would not card us but even then there was risk and sometimes they got caught. In NY we could buy cigarettes, no friction, and the one drug I took when I was young, addicted to them at 16, finally quitting for good at 20. I could have used some friction there.
So how do we create friction? Maybe hold the parents liable? They are doing this with guns right now, big trial is just finishing and it looks like a father who gave his kid an ak47 at 13 is about to go to jail.
I would like to see a state ID program when the ID is just verified by the State ID system. This way nothing needs to be sent to any private party. Sites like Discord could just get a OK signal from the state system. They could use facial recognition on the phone that would match it with the ID.
Something needs to be done however. I disagree that the internet needs to be open to all at any age. You do not need an ID to walk into a library, but you need one to get into a strip club. I do not see why that should not be the same on the internet.
I'm happy to see the IEEE talking about this, and to see the topic getting attention in the technical press. The problem is, I think (for the most part) that technical people already Get It. Who we need to convince are average, non-technical voters who don't know, don't understand, think it's a good thing, or would happily jump feet-first into a wood chipper if someone told them it would protect the children.
I also suspect that social media has damaging effects on kids, and they probably shouldn't have access to it, but not like this. I'd probably be quicker to support something like saying that individuals <18 aren't allowed to buy or possess a phone or tablet that has access to an app store or web browser, and only offers voice- and text-based communications channels. Ok, so now it all happens on a laptop? What's "a tablet?" Is a Chromebook a tablet? It's fucking impossible.
Comment was deleted :(
I don’t understand this.
Age verification is not more difficult than a payment system.
I mean, if I can pay on a website without the website to know my credit card number, I should be able to prove my age without the website to know anything about me either.
France has a ID verification system for all its service. You’d think they should be able to provide a hook that lets people prove they’re over the age limit to any third party without the third party knowing. It seems fairly basic.
There is a solution to this.
There are privacy issues on the internet, but I think this ain’t one.
> The only way to prove that someone is old enough to use a site is to collect personal data about who they are. And the only way to prove that you checked is to keep the data indefinitely.
Well isn't this premise false from the get go? Many countries (not the US sure, but others) have digitised ID. Services can request info from the ID provider; in this case social media websites would simply request a bool isOver16, literally one bit of information, to grant access. No other information needs to be leaked, and no need for idiotic setups like sending photos of your passport to god knows what website (or god knows what external vendor that website uses for ID verification).
Seems silly to worry about this when social media itself is predicated on collecting gigabytes of data about you daily.
Again, this is not about half assed solutions that force you to send photos of your passport to websites. That's a terrible idea for the reasons discussed in the article. But it's obviously false that this is the only way.
Corporate interests don’t care about data privacy or security they care about liability and compliance which are not the same thing.
Major banks and government institutions can’t even be bothered to implement the NIST password guidelines. If they got their gdpr soc2 fedramp whatever it’s green lights and the rest is insurance.
Same people who are on Epstein files wants to protect children?
No. They want to fuck everybody.
The point is to undermine data protection; this debate is useless. It's a question about power and control, not a technical one. The people lobbying for this don't care about children, and neither are they getting big support from a constituency clamoring for this. This is an intelligence initiative, and a donor initiative from people who are in a position to control the platform (all computing and communications) after it is locked down.
It's not even worth talking about online. There's too much inorganic support for the objectives of nation-states and the corporations that own them.
Legislation has been advanced in Colorado demanding that all OSes verify the user's age. It will fail, but it will be repeated 100 times, in different places, smuggled attached to different legislation, the process and PR strategies refined and experimented with, versions of it passed in Australia, South Korea, maybe the UK and Europe, and eventually passed here. That means that "general purpose" computing will be eventually be lost to locked bootloaders.
https://www.pcmag.com/news/colorado-lawmakers-push-for-age-v...
[edit: I'm an idiot, they already passed it in California https://www.hunton.com/privacy-and-cybersecurity-law-blog/ca...]
And it will be an entirely engineered and conscious process by people who have names. And we will babble about it endlessly online, pretending that we have some control over it, pretending that this is a technical discussion or a moral discussion, on platforms that they control, that they allow us to babble on as an escape valve. Then, one day the switch will flip, and advocacy of open bootloaders, or trading in computers that can install unattested OSes, will be treated as organized crime.
All I can beg you to do is imagine how ashamed you'll be in the future when you're lying about having supported this now, or complaining that you shouldn't have "trusted them to do it the right way." Don't let dumb fairytales about Russians, Chinese, Cambridge Analytics and pedophile pornography epidemics have you fighting for your own domination. Maybe you'll be the piece of straw that slows things down just enough that current Western oligarchies collapse before they can finish. Maybe we'll get lucky.
Polls and ballots show that none of this stuff has majority organic support. But polls can be manipulated, and good polls have to be publicized for people to know they're not alone, and not afraid they're misunderstanding something. If both candidates on the ballot are subverted, the question never ends up on the ballot.
The article itself says nothing that hasn't been said before, and stays firmly under the premise that access to content online by under-18s is suddenly one of the most critical problems of our age, rather than a sad annoyance. What is gained by having this dumb discussion again?
Comment was deleted :(
It's crazy to me that we want to force age verification on every service across the Internet before we ban phones in school. I could understand being in favor of both, or neither, but implementing the policy that impacts everybody's privacy before the one that specifically applies within government-run institutions is just so disappointingly backwards it's tempting to consider conspiracy-like explanations.
The advantage, I think, of age verification by private companies over cellphone bans in public schools is that cellphone bans appear as a line-item on the government balance sheet, whereas the costs of age verification are diffuse and difficult to calculate. It's actually quite common for governments to prefer imposing costs in ways that make it easier for the legislators to throw up their hands and whistle innocently about why everything just got more expensive and difficult.
And the argument over age verification for merely viewing websites, which is technically difficult and invasive, muddles the waters over the question of age verification for social media profiles, where underage users are more likely to get caught and banned by simple observation. The latter system has already existed for decades -- I remember kids getting banned for admitting they were under 13 on videogame forums in the '00s all the time. It seems like technology has caused people to believe that the law has to be perfectly enforceable in order to be any good, but that isn't historically how the law has worked -- it is possible for most crimes to go unsolved and yet most criminals get caught. If we are going to preserve individual privacy and due process, we need to be willing to design imperfect systems.
> It's crazy to me that we want to force age verification on every service across the Internet before we ban phones in school.
France banned phones in elementary and noddles schools in 2018. It's not the only European country to have done so.
As a parent, I'm happy that social bans are finally a thing.
But, I don't get the approach. It's not like social media starts being a positive in our life at 20. The way these companies do social media is harmful to mental health at every age. This is solving the wrong problem.
The solution is to take away their levers to make the system so addictive. A nice space to keep in touch with your friends. Nothing wrong with that.
I'm going to state that at one point I was one of the young people this kind of legislation is meaning to protect. I was exposed to pornography at too young an age and it became my only coping mechanism to the point where as an adult it cost me multiple jobs and at one point my love life.
I don't think this legislation would have helped me. I found the material I did outside of social media and Facebook was not yet ubiquitous. I did not have a smartphone at the time, only a PC. I stayed off social media entirely in college. Even with nobody at all in my social sphere, it was still addicting. There are too many sites out there that won't comply and I was too technically savvy to not attempt to bypass any guardrails.
The issue in my case was not one of "watching this material hurt me" in and of itself. It was having nobody to talk to about the issues causing my addiction. My parents were conservative and narcissistic and did not respect my privacy so I never talked about my addiction to them. They already punished me severely for mundane things and I did not want to be willingly subjected to more. To this day they don't realize what happened to me. The unending mental abuse caused me to turn back to pornography over and over. And I carried a level of shame and disgust so I never felt comfortable disclosing my addiction to any school counselors or therapists for decades. The stigma around sexual issues preventing people from talking about them has only grown worse in the ensuing years, unfortunately.
At most this kind of policy will force teenagers off platforms like Discord which might help with being matched with strangers, but there are still other avenues for this. You cannot prevent children from viewing porn online. You cannot lock down the entire Internet. You can only be honest with your children and not blame or reproach them for the issues they have to deal with like mine did.
In my opinion, given that my parents were fundamentally unsafe people to talk to, causing me to think that all people were unsafe, then the issue of pornography exposure became an issue. In my case, I do not believe there was any hope for me that additional legislation or restrictions could provide, outside of waking up to my abuse and my sex addiction as an adult decades later. Simply put, I was put into an impossible situation, I didn't have any way to deal with it as a child, and I was ultimately forsaken. In life, things like those just happen sometimes. All I can say was that those who forsook me were not the platforms, not the politicians, but the people who I needed to trust the most.
I believe many parents who need to think about this issue simply won't. The debate we're having here on this tech-focused site is going to pass by them unnoticed. They're not going to seriously consider these issues and the status quo will continue. They won't talk with their children to see if everything's okay. I don't have many suggestions to offer except "find your best family," even if they aren't blood related.
"In cases when regulators demand real enforcement rather than symbolic rules, platforms run into a basic technical problem. The only way to prove that someone is old enough to use a site is to collect personal data about who they are."
These so-called "platforms" already collect data about who people are in order to facilitate online advertising and whatever else the "platform" may choose to do with it. There is no way for the user to control where that data may end up or how it may be used. The third party can use the data for any purpose and share it with anyone (or not). Whether they claim they do or don't do something with the data is besides the point, their internal actions cannot be verified and there are no enforceable restrictions in the event a user discovers what they are doing and wants to stop them (at that point it may be too late for the user anyway)
"Tech" journalists and "tech bros" routinely claim these "platforms" know more about people than their own families, friends and colleagues
That's not "privacy"
Let's be honest. No one is achieving or maintaining internet "privacy" by using these "platforms", third party intermediaries (middlemen) with a surveillance "business model", in order to communicate over the internet
On the contrary, internet "privacy" has been diminishing with each passing year that people continue to use them
The so-called "platforms" have led to vast repositories of data about people that are used every day by entities who would otherwise not be legally authorised or technically capable of gathering such surveillance data. Most "platform" users are totally unaware of the possibilities. The prospect of "age verification" may be the wake up call
"Age verification" could potentially make these "platforms" suck to a point that people might stop using them. For example, it might be impossible to implement without setting off users' alarm bells. In effect, it might raise more awareness of how the vast quantity of data about people these unregulated/underregulated third parties collect "under the radar" could be shared with or used by other entities. Collecting ID is above the radar and may force people to think twice
The "platforms" don't care about "privacy" except to control it. Their "business model" relies on defeating "privacy", reshaping the notion into one where privacy from the "platform" does not exist
Internet "privacy" and mass data collection about people via "platforms" are not compatible goals
"... our founders displayed a fondness for hyperbolic vilification of those who disagreed with them. In almost every meeting, they would unleash a one-word imprecation to sum up any and all who stood in the way of their master plans.
"Bastards!" Larry would exclaim when a blogger raised concerns about user privacy."
- Douglas Edwards, Google employee number 59, from 2011 book "I'm feeling lucky"
If a user decides to stop using a third party "platform" intermediary (middleman) that engages in data collection, surveillance and ad services, for example, because they wish to avoid "age verification", then this could be the first step toward meaningful improvements in "internet privacy". People might stop creating "accounts", "signing in" and continuing to be complacent toward the surreptititious collection of data that is subsequently associated with their identity to create "profiles"
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[flagged]
[flagged]
>"None of this is an argument against protecting children online. It is an argument against pretending there is no tradeoff"
Tradeoff acknowledged, and this runs both sides, there's hundreds of risks that these policies are addressing.
To mention a specific one, I was exposed to pornography online at age 9 which is obviously an issue, the incumbent system allowed this to happen and will continue to do so. So to what tradeoffs in policy do detractors of age verification think are so terrible that it's more important than avoiding, for example, allowing kids first sexual experiences to be pornography. Dystopian vibes? Is that equivalent?
Or, what alternative solutions are counter-proposed to avoid these issues without age verification and vpn bans.
Note 2 things before responding:
1)per the original quote, it is not valid to ignore the trade offs with arguments like "child abuse is an excuse to install civilian control by governments"
2) this was not your initiave, another group is the one making huge efforts to intervene and change the status quo, so whatever solution is counterproposed needs to be new, otherwise, as an existing solution, it was therefore ineffective.
If any of those is your argument, you are not part of the conversation, you have failed to act as wardens of the internet, and whatever systems you control will be slowly removed from you by authorities and technical professionals that follow the regulations. Whatever crumbs you are left as an admin, will be relegated to increasingly niche crypto communities where you will be pooled with dissidents and criminals of types you will need to either ignore or pretend are ok. You will create a new Tor, a Gab, a Conservapedia, a HackerForums, and you will be hunted by the obvious and inequivocal right side of the law. Your enemy list will grow bigger and bigger, the State? Money? The law? God? The notion of right and wrong which is like totally subjective anyways?
> I was exposed to pornography online at age 9....allowing kids first sexual experiences to be pornography
I was initially exposed to pornography at 8 years old, by finding a disgarded magazine in a hedge. However this was pretty soft.
I was exposed to serious pornography at 10 years by finding a hidden VHS tape in the back of a drawer at a friends house and getting curious. This was hardcore German stuff with explicit violence. This has caused me to have therapy in my lifetime.
This was all in the 80s by the way.
Therefore anything you are mentioning happened long before the internet, and is totally possible in a completely offline world as well. So how do these new digital laws 'protect children' again?
I think there's a non-trivial legal and ethical difference between distributing material (whether as a sale or not, or for profit or not) and a child finding material that was distributed to an adult.
The equivalence with alcohol would be finding an alcohol bottle in your parent's cabinet. It's not the same as buying alcohol while you are 10, and it's in no way an excuse to allow the sale of alcohol to minors.
My new comment
We should just ban smartphones, it's where a great deal of the harm comes from and is harder for parents to manage. No need for children to have cameras connected to the internet whether via smartphones or computers.
Device based attestation seems like the way to go largely; it doesn't solve the problem, but it's good enough that it would cover most cases.
Not really. It just pushes the responsibility onto parents, who already have no idea how security works or what their kids are doing on their phones.
I know many will disagree and that is ok. Imo we need global id based on nation states national id. I know that the US doesn't have that, but the rest of the developed world do. I don't want id on porn sites because I don't think that is necessary, but I want bot-free social media, 13+ sharing forums like reddit and I want competitive games where if you are banned you need your brothers id to try cheating again.
From the second paragraph:
> And the only way to prove that you checked is to keep the data indefinitely.
This is not true and made me immediately stop reading. If a social media app uses a third party vendor to do facial/ID age estimation, the vendor can (and in many cases does) only send an estimated age range back to the caller. Some of the more privacy invasive KYC vendors like Persona persist and optionally pass back entire government IDs, but there are other age verifiers (k-ID, PRIVO, among others) who don't. Regulators are happy with apps using these less invasive ones and making a best effort based on an estimated age, and that doesn't require storing any additional PII. We really need to deconflate age verification from KYC to have productive conversations about this stuff. You can do one thing without doing the other.
If you don't keep and cross-reference documents it is really easy to circumvent, e.g. by kids asking their older siblings to sign them up.
I don't think a bulletproof age verification system can be implemented on the server side without serious privacy implications. It would be quite easy to build it on the client side (child mode) but the ones pushing for these systems (usually politicians) don't seem to care about that.
Yep, it is easy to circumvent, and the silver lining of all of this is that regulators don't care. They care that these companies made an effort in guessing.
Crafted by Rajat
Source Code