My instinct is also to retreat to technical solutions. But, unfortunately, it appears we engineers need to fight back in the legal and political domain to stand a chance.
This type of response is one I keep seeing, maybe it's becoming a meme
It doesnt make any sense as an argument because nothing stops one from doing _both_: 1. use a practical solution now and 2. "fight back in the legal and political domain" hoping to achieve another solution in the future
Common sense favors pursuing #1 as the opponent in #2 has "limitless" resources and the process is extremely slow
A cynic might even see advocating #2 at the expense of #1 as a "call to inaction", i.e., "please do nothing", as almost all readers are unlikely to pursue such a difficult and costly "solution"
Framing the two options as either-or, i.e., one or the other but not #1 and not both, encourages readers to give up, accept the status quo and "let others do it", assuming they dont have the ability to pursue #2 themselves
I like to think someone can come along with Jobs-like charisma and redefine the public's intuition for personal computing again. Foundation models with maximally deterministic harnesses, voice assistants with honest, tasteful amounts of roboticism, maybe data tenancy that doesn't make you feel like a surveilled ecosystem prisoner.
NVIDIA local AI builds are moving in that direction, but are wildly expensive. I think a lot of the current AI backlash (esp data-centers) comes from the public's accurate intuition that the current centralized, monopolistic, cloud-centric solution disempowers them, and eats any gains this magical technology would've brought them. Plugging a sliver box into the wall and your router, with no recurring fees; that would make people feel different about "taking our jobs" because they would be the unquestionable beneficiary.
> voice assistants with honest, tasteful amounts of roboticism
Do you mean like, hey chatbot stop trying to be my best friend ?
This marketing tone that every company I do business with cares deeply about me as a person - this corrosive hypocritical nonsense has obviously been sucked up into AI training materials.
I've really enjoyed playing around with https://github.com/markqvist/nomadnet and the reticulum protocol in general as a peer-to-peer alternative to www
It's not the "where" but the "that you link" which is ironic: referring to it by the https:// scheme turns it into a link (a fundamental aspect of www); a scheme like ssh:// or git:// would avoid this.
I don't think WWW will ever die but I can see a hard split coming eventually. Most people will just put up with the current state of the internet for a long time yet.
The WWW was at least created with egalitarian ideals, even if it failed to meet those ideals (despite succeeding far more than people want to credit.) It was available to everyone, it ostensibly allowed anyone to publish and communicate freely. It wasn't intended for only a single culture or subculture.
Whatever comes after will either be entirely controlled by corporate and government interests or gatekept against "normies," and thus be a homogeneous cultural bubble doomed to wither into self-referential senescence and die, and will be far less free, less powerful and less capable than the web. We'll never get anything with the transformative potential of the web again.
A world where your only options are GovNet or EliteWhiteHackerDudeSpace. I don't look forward to that at all.
I would rather go back to when the web was useful, and everything wasn't either paywalled or plastered with ads too. The web will never die, but this version of it is on borrowed time.
Neither does the normal web. It became this way. The ability to run decentralized is not what is preventing enshittification.
I would argue eg. a LoRa based Reticulum network is enshittification resistant, because of physical bandwidth and range limitations. It enforces decentralization and abuse/advertisement/... inherently doesn't scale, is not worth the effort. It favors authentic, low reach human2human information sharing.
That's no good if broad laws are passed that require age verification. It could be interpreted as even SSHing into a server that doesn't verify your age is illegal. Some decades ago it would have seemed too stupid to actually happen. Now I'm not so sure.
Why would I want anyone to "compete" with so-called "tech" companies if I believe their "business model" is fundamentally-flawed
The cause of this legislation is the proliferation of that "business model"
Namely, creating large audiences for advertising,^1 data collection and surveillance through intermediation, i.e., acting as a middleman, the opposite of peer-to-peer
"Big Tech" does not compete. It acquires potential competitors. It is sometimes questionable whether the "potential competitors" actually intend to compete as they are more than willing to sell out
Yeah, I feel as though people have seen the error of creating a free internet and are trying as much as possible to reverse it. It's kind of like how Photoshop (and most software companies honestly) have seen how selling a license in perpetuity does not work and opt for the rent-seeking monthly subscription route.
The age verification with the EU ID card can be implemented without leaking any identifying information. If it's gonna be like that is questionable, but it's technically possible.
Without American capitalism you wouldn't have computers, the Internet, smartphones, AI, electric cars and countless other things. That, and the Costco hot dogs mentioned in another reply.
These "economic freedoms", specifically the actions of so-called "tech" companies with respect to the internet, are the cause of "age verfification" legislation
The original internet had rules against using it for commercial activity
It lacked "economic freedoms"
FWIW I still found it worth using at the time, despite no so-called "tech" companies
It also lacked websites of unmanageable size with hundreds of millions of pages of user-generated content used as bait to lure in ad targets for data collection and surveillance, so-called "platforms" or "social media"
It lacked "age verification" to access those websites because those websites did not exist
There will be at least one HN reply arguing that the original internet sucked, or some other brainless dismissal
As if the internet we have now does not suck. Clearly, it does suck for some people
It is not a lack of "economic freedoms" on the internet that has led to "age verification". It's quite the opposite
Dude, we get it, you’re a super fan but these are some intellectually lazy comments. Our military is powerful, yes, but if you want to make some exceptional claims you need to show your homework demonstrating that kind of claimed huge leap over other economies (China, Russia, Germany, etc.). Be sure to explain how Iran is doing so well for so much less.
"The global Internets progenitor was the Advanced Research Projects Agency Network (ARPANET) financed and encouraged by the U.S. Department of Defense.
In order to understand the wonder that the Internet and various other components of the Net represent, we need to understand why the ARPANET Completion Report ends with the suggestion that the ARPANET is fundamentally connected to and born of computer science rather than of the military.
The Completion Report goes on to differentiate the research ARPA supported from the research done by the computer industry: The computer industry, in the main, still thinks of the computer as an arithmetic engine. Their heritage is reflected even in current designs of their communication systems. They have an economic and psychological commitment to the arithmetic engine model, and it can die only slowly.12 The Completion Report further analyzes this problem by tracing it back to the nations universities: furthermore, it is a view that is still reinforced by most of the nations computer science programs. Even universities, or at least parts of them, are held in the grasp of the arithmetic engine concept.13
Computer networking was developed and spread widely in an environment outside of commercial and profit considerations, an environment that supported such research."
Michael Hauben
Netizens: On the History and Impact of Usenet and the Internet (1997)
IEEE Computer Society Press
ISBN 0-8186-7706-6
HN commenters/voters may reject the use of the term "military" in the origin story of the internet
That's fine
However it was American taxpayers, through the _Department of Defense_, that financed the creation of the internet
That's government spending, not "American capitalism"
The original internet was non-commercial and was not the result of "American capitalism"
As above, the American computer industry (capitalism) at the time was not focused on computer networking and using computers for communication, it was focused on computers as "arithmetic engines"
To act like no private citizens or businesses contributed to the internet because it came out of DARPA is ignorant at best. DARPA literally pays private entities to do research for them to this day. It’s their primary mechanism for action. So confidently ignorant.
Take your Reddit tier America bad slop back to Reddit.
The only reason the US Gov had the expertise and resources to fund DARPA in the first place was because it was a massive capitalist country with enormous wealth
This is not an argument against American capitalism. It is a correction of the false assertion that "without American capitalism there would be no internet"
American capitalism can create ARPA but capitalism did not create the internet
Neither American companies, nor "private citizens" looking to profit, paid for the research into computer networking that resulted in the internet. At that time, there was no commerercial incentive to support such research
"Computer networking was developed and spread widely in an environment _outside_ of commercial and profit considerations, an environment that supported such research."
Hauben, Netizens: On the History and Impact of Usenet and the Internet (1997)
Without American capitalism, specifically "Big Tech", there would be no "age verification" legislation
Let's cut to the chase. The "age verfication" problem has nothing to do with "American capitalism" or other silly HN tangents. The issue is the lack of rules governing governing data collection, surveillance and advertising, rules that would interfere with the Big Tech "business model". "Age verification" will be another means of data collection for Big Tech but it could also intefere with Big Tech's access to U16 ad targets. It could interere with "indoctrination" into a belief system where Big Tech _is_ the internet
The truth is that the internet does not require "Big Tech" in order to exist and have value. I know this because I used it before so-called "tech" companies existed and, with respect to the state of the art _at that time_, it was amazing. Information was shared between internet users without any attempt to profit from it financially. Today, so-called "tech" companies intermediate (act as a middleman for) the sharing of other peoples' information over the internet in order to profit from data collection, surveillance and advertising. This is unnecessary
The myth that commenters supporting Silicon Valley try to spread is that the internet can only exist and have value if "Big Tech" exists. Their "business model" is "free" intermediation of information retrieval or communication over the internet, thus their argument in favor of status quo becomes something like "online advertising (and associated data collection and surveillance) is essential for the internet to survive"
Their next argument may be that a "healthy AI ecosystem" is necessary for the internet to survive
Smartphones and AI are tady's cancer, so good job America! Polluting the earth and its inhabitants once more. For electric cars, I have my doubts that without China we will have them, but I'll leave you simmer in your exceptionalism.
Except that the www came out of Switzerland, the first electric vehicles out of Scotland and Germany, the earliest descriptions of neural networks - also Scotland, and countless other things, like Rockets and whatnot, also out of Europe. But, sure, congrats on that ARPANet thing.
It is American ingenuity that turned academic curiosities like neural nets into usable products. The missing ingredient in places like Europe or Asia is not intelligence, it is a business friendly environment and the right incentives for entrepreneurs. This is why countries like China can copy existing stuff and make derivative improvements, but don't meaningfully innovate.
It's absolutely a slippery slope - but most parents know how this is a very real thing as well. There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter' - the intellectual debate over freedom of information is clouded by ideology.
Definitely the 'slippery slope' debate is worth having, but that's way more relevant than the 'should 10-year-olds be able to do whatever' (aka all or nothing internet) which I think, if we took a vote, most people would be fine with nominal age restrictions, on that basis and on that basis alone aka outside the 'scary government' issue, which is again, real and material but nevertheless a separate concept however pragmatically engulfed these things are.
> There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter' - the intellectual debate over freedom of information is clouded by ideology.
The first three are physical things, not information. Porn can be debated, but the current age verification push is trying to impose blanket control on the entire information ecosystem. It's the digital equivalent of requiring ID to go anywhere or do anything, rather than just a few well-defined things.
Even if we view it as a good faith attempt (which it is not, remember what Edward Snowden exposed), the parental authority over a child's information diet is being transferred away from parents to tech companies. They're legally mandating you to give away your child's personal info (just age for now, but they'll demand more if we give them this) and make the decisions on what is suitable, instead of you making those decisions for your child.
> the parental authority over a child's information diet is being transferred away from parents to tech companies
These companies not only wanted that but they exploited the shit out of it for obscene profit! In many ways it was their unabated greed that has caused this situation: from addicting design of video feeds, grooming obscene spending habits, collectively doing as little as possible to keep predators and inappropriate content out of games for children.
And how could parents police effectively "the whole internet", it's like expecting them to police what their kids see and hear at school on lunch break x 1000 you cannot control all the things that can influence a child for better or worse. Maximum security prisons can't stop people from accessing the internet and making phone calls so what hope did parents ever have?
We could have avoided this if Google and Apple had enough decency to keep the bad stuff from becoming effortlessly, trivially accessible to children, but they made a fortune off Roblox instead of applying their policies and noticing the abundance of pornography and predators, they ignored Grok churning out CSAM as fast as people could request it, no response to court revelations that Zuckerburg's apps are teeming with sex traffickers, prostitutes and scammers, no response to apps excessively exploiting addiction other than making sure they get their cut.
So now we're caught between a rock and a hard place, a completely unsustainable system where everybody who should be accountable claims to have immunity, and parents are incapable of enforcing a healthy upbringing for their children in this mess.
Relationships are a concern (random people interacting with your child? Good Gosh!)
Privacy is a huge concern for children, way more so than is afforded we regular netizens.
"They're legally mandating you to give away your child's personal info " - no they are not, they're mandating age requirements, which is a separate thing.
Snowden did not bring up age restrictions.
"instead of you making those decisions for your child."
I'm sorry but today the choice is not by parents, the point of the age restrictions is so that parents ultimately can have a choice (they and provide access by their own accounts).
The 'all or nothing' issue of the internet is a big deal - parents don't really have a choice.
These are mostly ideological and rhetorical arguments, not grounded in pragmatism.
The pragmatic concern is 'abuse of control' (aka the 'general' Snowden argument), which is real, but can also be avoided if they do it right.
Granted, I don't have a lot of faith that they will do it well.
> It's the digital equivalent of requiring ID to go anywhere or do anything, rather than just a few well-defined things.
Are you aware that most library systems across most of the world require someone to be 16+ to open an account and/or take out books and materials? That's not restricting anything, that's preventing abuse by those not intellectually or emotionally capable of regulating their behaviour. The parent of the under 16 takes responsibility for their actions, essentially.
If you have to be 16+ to take materials out of a library, why should a minor be able to access _anything_ on the Internet without also having an adult check what it is you're doing? Why should a 12 year old be able to freely visit "innocent-website.tld" without it first being confirm the website actually is innocent? What if it's innocent today, but adopts a new doctrine tomorrow? There's a reason YouTube doesn't let you change a video upload after you've published it: you could upload nearly anything to replace your previously innocent and successful video.
Nothing changes between the physical world and the virtual one. The same problems exist, except the virtual one makes it easier to access much darker information.
The library is one place out of the many places you could go, and the closest digital equivalent is a library website or an app. The Internet is not just a library, but a whole world of its own. We don't have blanket control laws that restrict all movement and speech in the real world based on verified age. The restrictions for minors are implemented at much more local levels.
We do need parental guidance like in the physical world, but such guidance should be issued by the parents, not the tech companies. Age verification is about giving your age and some other identifying metadata to the tech companies, and they hold the authority to decide what to filter. It should be other way around. The companies should expose metadata about their service and the content in their feeds via public APIs, and let people filter stuff locally on the device per the device owners' aka the parents' preferences. Oh wait. Such features will never reach mass adoption in the current software ecosystem. Software antitrust is a joke. These companies and the feds have the opposite incentives and do everything to sabotage local solutions. They've locked down what OS you can run on the hardware you bought, what apps are approved on their walled garden OS, and only the official apps can access their APIs. You don't have root on your own phone and it's a brick without remote authentication. Now they can sell you parenting plus many other things as their exclusive cloud service because "the market failed to deliver" and you can't really control what software runs on your own phone, much less your child's phone. This is the upstream problem and we ought to see it clearly and assign the blame correctly rather than trust those who deliberately created the problem to solve it.
The point is there are much better ways to enforce this - like just setting up proper parental controls on a device.
Kids can’t buy their own phone. So parents can always enforce stuff at a hardware level if they set it up properly. It would be much better to just mandate that phones set up with a kid profile cannot access social media.
The problem isn't an individual kids phone. It's their peers devices, or other ways they can explore the internet that isn't under their guardians control. This is a systemic issue that requires systemic approach. I am not making any claims about the qualities of currently discussed systemic solutions, but I do want to point out that the 'parents can just' argument is missing the mark.
All of the kids will get a fake account and a VPN? Putting barriers in place will likely have some effect in the intended direction.
> This assumes that it will actually solve the problem anyway
I wouldn't expect any policy to _solve_ a problem in such a way that the problem completely disappears from the world, much like theft being illegal doesn't eliminate theft, but it sure distinctiveness it for a lot of people.
You do know that many sites don’t work with a vpn. Like this one. You can’t create an account on HN with a vpn. Also, countries are starting to ban vpn ip blocks entirely. In fact, turkey was monitoring tor entry nodes and disappearing whomever provided them. Banned tor pretty damn fast. Vpns can be turned off in a snap.
I promise you that a hacker news does not have all known public VPN egress IPS blocked.
Even the big commercial providers that are advertising all over YouTube are constantly changing IP space so they can keep their customers able to pop into another Geo region and still get Netflix.
I've been battling with locking down my kid's devices for much of my life.
I haven't found a parental control feature that works: we've tried several, but, generally, nothing survives the 'Hey, I'll just factory reset the device and start with a clean out-of-box-experience' bypass. Kids can figure this stuff out.
Even when we thought that things were under control, kids can easily procure new devices. Many families don't dispose of their old phones; it's not too hard for kids to find an older model that's been sitting around collecting dust, bring it to the schoolyard, and trade it like a baseball card.
I wish I had a good answer, and, distasteful as the age-verification might be, I'm open to such draconian measures at this point. If you say there are better ways to enforce this, I'd honestly love to hear the specifics.
I'm fairly sure that Android requires parent permission to reset a device if it's a managed child device. Overall, the parental controls on Android have been sufficient for what my family has needed.
It seems like it should be relatively easy to create a dead man’s switch that sends you a message after a factory reset, and then you just take away the phone for however long is appropriate. Do most parental control tools just not include that for some reason?
children should not be 1 or 2 clicks away from graphic internet porn at all times and your unwillingness to make any compromises in order to stop this is frankly embarrassing.
please explain in exacting detail how you can prevent a child from accessing the internet without living in the woods, homeschooling them, and not allowing them to have friends or interact with another human being that has access to the internet.
That is definitely a difficult battle to fight, but why do you think kids can't bypass these government-level restrictions just as easily as they can your own? Especially since governments are usually slow to respond to whatever method of bypassing it is used, if they respond at all (especially once it's no longer the topic of the minute).
People can bypass these restrictions with video game character creation tools, with generative AI, with a VPN (something that's very hard to ban in practice because corporations rely on them, and of which some are free), with copy-pasting random ID photos from the internet, with borrowing a parent's or teacher's or other adult's ID, with using a website scraping alternative (some of which can be self-hosted, or hosted by one child for many others) instead of the website itself, and so on. Heck, they can use websites hosted in Russia (or other countries), like a lot of pirates do.
And whatever the easy bypass method ends up being, they'll all end up knowing it, because they go to school and talk to each other, and because they'll always have at least some access to some parts of the internet no matter what.
Meanwhile, these age verifications laws are labeling all the children (who don't bypass it) as children, and that information WILL be leaked, inevitably, as it already has been (from Discord, for example - a service that shamelessly retains and processes every message it hosts, even after the user 'deletes' it).
When ID info is leaked, it leaks the child's age, their real name, and (often) their real address, their phone number, and their appearance. A surprising amount of information might be deducible from any selfie or video that was required. And in combination with an app's other data (or other data about them that has been included in databases and/or leaked and/or shared on the internet previously and which can be matched to them based on email or phone number or username or browser cookies or IP address or etc), it can leak their interests, hobbies, hopes and fears (discussed with friends), favorite hangout spots, the name and location of the school they go to, their regular routines or travel schedules, etc - anything at all that they might have discussed via the app, or whatever might be concluded just by their proximity to their friends (e.g. maybe they don't directly know that a kid lives in X location or plays Y video game, but if every day they talk to a bunch of other kids who definitely live in X location and play Y video game, then they probably live in X location and play Y video game too).
When all that data is leaked, all that data is now available to predators. And it's very, very hard to remove it from the internet after it's out there.
That data, even just from a single leak, could make it so easy for someone to target a specific child, contact them, tailor their lies to seem as trustworthy and likable to the child as possible, anonymously harass them online, threaten them, stalk them, or attempt to persuade them that yes, he does know their parents, and they definitely sent him to pick them up from school.
To me, all these laws seem realistically likely to do is unintentionally but significantly endanger the children they claim to protect. I don't see how it can be anything but a devil's bargain, even if we only "think of the children" and disregard other concerns.
At the least, it should have been proven to be more effective than regular parental controls before even being considered as an option, but so far, it doesn't seem to be so at all. And if there's little to no additional benefit, or we're not sure if there's a benefit or not, or if it's shown to be less effective, then why ever choose it over the regular parental controls that don't carry this huge additional risk?
As to enforcing age limits otherwise, well. I confess I don't think there is any way children won't just find a way around. I think the best defense is just educating children about how to navigate the internet and its potential threats, making sure the children don't see their parents as distrusting of them or oppositional (so that they feel comfortable enough to go to their parents for help or reassurance if there's a problem, instead of hiding the problem because they don't want to be yelled at for being on the internet or such-and-such website at all), and - an element I think a lot of parents miss - making sure they have a lot of appealing options for things to do or ways to socialize outside of the internet. If you occupy their time by indulging their non-internet-focused hobbies and interests (and maybe engaging in them with them, to spend time with them), or letting them visit friends in person, then that's time they're not on the internet and likely don't even want to be. I think that this is the option that best sets up the kid to continue having a healthy relationship with the internet after they turn 18 and are even more out of your control.
That said, as far as device parental controls go: instead of focusing on phone-level controls, I recommend using your router's network-level parental controls, as well as the phone line controls for whatever company you get your data form (if they have a regular smartphone, as opposed to a more limited one, which do exist as an option). For your own wifi network, you can even set it up to use a whitelist of devices so that your kid can't even connect to it from a non-approved device. That doesn't stop them from potentially still sometimes accessing the internet using a friend's phone, but it'd cut down on how the amount time they have that access, and do so more effectively than government age restrictions. And in any case, you also can't always stop them from looking at a dirty magazine that they find at a friend's house, or from reading a hateful tract that someone hands them on the sidewalk, or from watching a terrible channel broadcast on a TV in a diner. But you can potentially influence how they handle it when they encounter these kinds of things.
This is not how any other thing that is banned for children is enforced. It makes no sense.
The person selling the age gated item needs to take lawful measures to ensure they arent selling it to a minor. Their parents have nothing to do with it.
Your solution would be that if a 14 year old walks into a liquor store and doesnt have a note from their parents saying that they arent allowed to drink alcohol, then the store should be able to sell it to them.
The proposed solution though is that all adults going into the store have to provide their full name and address and have it recorded by the store to buy alcohol - or any other +18 product they want to buy. These things are not equal.
And that is where details matter. You can implement age verification in such a way that no data gets transmitted anywhere. Ofc I wouldn't expect Meta to not take a chance of collecting even more user data and blame a law for doing it, but if the law is written well enough, it won't mandate a specific method. If it does, definitely oppose it imo.
Age verification implies that some authority, usually the tech company, checks your age. It's mandatory personal data harvesting. A method that doesn't require data to be transmitted anywhere is just local permissions and filtering. The tech company should broadcast the metadata of the content they're serving, then the decision to filter it should be made on the client-side according to the device owner's preferences. But big tech is constantly trying to sabotage this permission model by removing root from phones, mandating cloud accounts to use your computer, etc.
You can - but currently it’s all just done with random private companies that I would not trust with my email address never mind my passport or adult preferences.
Again - apple’s on device verification is a good idea for this. Apple just sends a ‘yes this is an adult’ message to reddit for example and now I can again participate in chrome up discussions.
mandating devices provide a `NoAdult` setting, so so browsers could check it and then send something like a `x-NoAdult` header would give websites a reasonable method for distinguishing minors (or people that just don't want adult content).
it's the old 80s/90s bead curtain separating the adult movies area from the rest of the video store. it keeps kids reasonably separated, and leans on parents making their kids mind. I think that's a reasonable target.
it would work without forcing every internet user that wants to use a given service from having to submit government identification, go through interviews, or sign up to massive centralized identification systems that will inevitably track every movement people make online.
if history is any indicator, those things will lead to breaches and abuse, and people's privacy will be violated.
if there's a legally mandated way for parents to stop their kids from peeking through the internet's bead curtain, that should be sufficient for most purposes.
if the argument is that bad or foreign websites might not implement it, it's not wrong, but that same problem exists with the mass-surveillance methods as well.
if you keep going down the path of forcing everything, eventually you end up with a national firewall, vpns are illegal, anything that can provide anonymity or pseudo-anonymity online is illegal, no one has privacy, and busybodies will spend all their time hunting folks for liking things they don't want them to like when the inevitable breaches come.
to your last point, sure, a 14 year old shouldn't be able to just wonder into a liquor store, but a 40 year old should.
> like just setting up proper parental controls on a device
This is literally what is being written into California law. The OS will have an "age flag" that is configured at device setup that passed to other apps. The law explicitly was written such that it wouldn't need identity verification, but that isn't stopping scaremongers claiming it as such.
Many parents don’t have the technical aptitude to set the controls up properly. I am a software engineer and I find it challenging to keep up with the nuances of parental control setup and how to adjust it as kids get older. Content is also imperfectly tagged and smart kids can easily find loopholes in most controls. Having a centralized ID validation system wouldn’t be an ideal solution but having something baked into the Internet itself to help parents shield their kids from inappropriate would be a good thing.
That’s what I mean by adding legislation to make it automatic.
If it’s a kids device, then it should just block social media as required by the law. I agree that right now it’s difficult to set up - but this is a choice from Apple and Google. Just mandate sensible defaults.
A hardware block is much more effective than anything else that can be faked.
Just have the phone ask ‘is this a phone for a child’ and if you select ‘yes’ then it’s done.
Wasn't there a (proposed) "standard" in 90s (eMediaMark, I remembered) that just added a Header to HTTP in order to have ancient browsers automatically filter adult content.
That would easily be enforceable by making a "kid mode" enabled and locked down by a parent with a password mandatory on devices. Then you could have something like this:
Yes that's basically what the California law does. It says all devices shall have parental controls and they shall actually work. But I thought you hated it.
Make it the law that if a computer account is set up as a kids account it must send some kind of not-adult header with all requests. Enforce that in the OS so it can’t be messed with.
Leave non-kid accounts alone.
Make it the default thing that happens if you set it up as a kids account so anyone can do it.
Thinking aloud here, but perhaps the answer is in the question: general-purpose computers get a free pass. Point being that kids generally don't use such things. Because otherwise I have exactly the same question as you. It's an existential question for software freedom.
Problem now is bunches of parents don’t give a damn. So if your kid gets phone locked up others will make fun of him at school and kid might be outsider.
Other parents are the problem, not technical setups.
>There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter'
There is controversy! My grandfather and his schoolmates all regularly brought hunting rifles on their trips to the schoolhouse and home (1930s), to hunt opportune meals. There was never any problem with school shootings, which IMO are likely the fault of the prison-authoritarian style that schools morphed into during the latter-half of the 20th century. He had me drink shots with him when I was under 10 years old, because he wanted to make sure I knew drinking was ultimately a boring, uninteresting, stupid activity. Alcohol was always available and I was even welcome to partake anytime (as long as I did it at home)... I hardly ever touched the stuff, and still don't even now. He was a police officer and firearms instructor in a big midwest town, he even taught me how to shoot around that age. He taught me that government is neither god nor good, it is just raw power that has to steal from someone to give to another.
I miss my grandfather so much!
Also, thank goodness my folks were computer illiterate; I never had issues with blocking software (though I would probably have defeated any... easily). I grew up looking at porn and gore occasionally from my very early teens. Maybe try teaching your children about the world instead of hiding them away from it?
This will never happen of course because the objective is to track your every move. The government want to know every pseudonym you use on every website.
I think you'll find some parents feel that way about digital porn, too. There's a difference in supporting these laws from a privacy standpoint, esp that router and cell provider based controls are effective
At least half of the people in this thread survived growing up with access to social without age verification.
And I'm pretty sure we've all had an encounter with some creep in some random chat room too.
We talked about these things at school and at home.
Don't share things with people you don't know etc.
Idk if it's illegal to tell kids what to do these days. But when I grew up, we were occasionally also told to get off the computers and touch grass.
I hope I'll get to raise my future kids myself. I think I can do a better job than the government :)
Soon enough you will realize that kids spend more time with their friends than with their parents. Most parents want their kids to be curious, build autonomy, and feel free. For this to work, they need a safe space. There are to place to enforce a policy: client side (parental control) or server side (age verification). Personally I don't want to transform my kids general purpose computer into a locked down infotainment machine. I think it would be a worst society if the norm becomes "this is not your device".
How are kids supposed to have a safe space "to be curious, build autonomy, and feel free" if they can't get out from the authoritarian hands of their parents or their government?
Good question. Maybe we can find the answer by getting them drunk at the strip club - two things that we'd be authoritarians if we prevented children from accessing.
"we've all had an encounter with some creep in some random chat room to"
My parents generation survived lead in gasoline and they never wore seatbelts or helmets.
"I think I can do a better job than the government :)"
Is exactly what their parents said about the government telling them they have to get their kids to wear seat belts and helmets.
I don't think this argument works for two reasons:
1) It don't address the materiality of the concern.
If 'creeps in chat rooms' are causing material harm, it's an issue, then youre making the 'anti vaxxer' / 'anti seatbelt' / 'anti helmet' argument.
I'm not saying you are - if 'creeps in chatrooms' really is a 'lesser issue' - then you're not making a bad argument at all.
The real issue is the 'materiality' of these things.
'Creeps in chatrooms' is a harder thing to assess, but it's real, if it is real, we can't just dismiss it.
2) "I think I can do a better job than the government "
If someone wants to protest the governments current age restrictions cigarettes - and also not vaccinate their kids - that's a choice.
But this argument is usually made by people who don't have kids in their life and haven't yet realized that 'the all or nothing internet' is not really a choice, it's chaos.
Lack of very basic regulations means people aren't afforded the opportunity, in a way the government is dictating that 'kids will get guns and porn and that's it'.
The alternative argument - is that we can have age restrictions and parents can then be in a position to actually be parents, and make a choice.
'Slippery slope notwithstanding' ... because it's a complciated issue
>At least half of the people in this thread survived growing up with access to social without age verification.
I was like 8 - 10 years old, I wandered into the "Adults Only" chat room on Microsoft Networks (Oh sweet, I thought, they have a small pen to keep the boring adults in, better check on them) and said "Hi everyone my name is X and I am Y years old" and everyone was nice to me and said hello. I got bored and left.
There isn't much left of the free Internet anyway. Search engines no longer work, all discussion forums are ranked/censored by interest groups, mail delivery is between large entities.
Maybe we need an alternative set of root servers for a free Internet.
I would suggest that we should not conflate the internet with these corportate platforms. The internet still works fine for now. I can still stand up my own DoH resolvers, forums, chat servers, email servers, DNS servers, vpn servers, etc... Many social circles are bound to have a tech-nerd one or two layers removed. That used to be a pejorative.
The hardest part is the psychology. People think they have to be on the big platforms as that is where their friends and favorite streamers are. Willpower can bring back the old platforms onto the current fast internet. Critical and free thinking people can choose to ignore the big platforms if they wish. People can go to local stores to buy most things. There are arguments for and against all these points but I am choosing the aforementioned options and accepting the psychological challenges.
People can use old style self hosted platforms as a "fallback" and once people realize it is more private and they can speak freely amongst their friends it can get comfy real fast. Glowies are seething.
Some friends and I have private forums and chat servers. We talk shite all the time about Reddit threads yet none of us have Reddit accounts. We talk about HN threads, brain rot on Twitster and many other platforms free of censorship, free of voting brigades, people trying to force narratives, etc... Oh and most important, free of "AI".
In a way it is the bad players that are ruining it. Yeah I can setup all manner of servers for this stuff, but the instant I miss a patch or a patch is late to be developed and you can be compromised in no time. And unfortunately it just becomes a game of endurance between you and the army of folks trying to crack systems open.
I have said it for decades, if there weren't bad players then we wouldn't need any of this security. That is a very utopian idea.
I have thought that a way to put people off is to have such an anaemic server that they wouldn't bother. Like a tiny RiscV board running Haiku that delivers basic HTML and email. There is little incentive to raid that thing. I haven't thought this idea through much however.
For what it's worth I have been running my own things since the 90's and not yet compromised. I disable the CPU mitigations and have a minimal firewall configuration. I do keep things patched and keep an eye on news regarding the public services I run but only enough that I can still call it a hobby. I try to only expose daemons that have been battle hardened on the internet for decades. In the early 2000s I ran phpBB and that was a little risky and did require hardening php.ini
There really isn't anything utopian however, it's just a hobby and a way to let friends communicate without big brother putting their peanut butter in our chocolate. If you don't feel comfortable tinkering then of course don't. Never feel pressured. One can always start off sharing their services with a few friends and not advertise it globally. Find a hacker friend that can help pen-test your stuff. Perhaps even restrict access to your friends IP addresses or the CIDR blocks of their ISP's to limit access. Or use wireguard to restrict access to a VPN. If it's a web daemon just adding simple authentication with obscure usernames and good passwords in front of it will get nullify most of the bots until one is comfortable sharing it with the world.
Probably one of the riskiest things I have set up was just this week exposing Unbound DoH to the internet. Unbound has had a handful of security issues in the past. The HN crawling bots are getting confused by this weird thing listening on port 443 but they just can't figure out how to connect to it. If it gets popped I will just nuke that VM and revoke the cert. There's nothing sensitive on it.
Outbound mail gets harder every year as opaque reputation systems flag mailer daemons as false spam positives.
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
And content is increasingly produced for, and by, machines. Human initiative and/or access is increasingly incidental.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
If you can at least attest who is responsible, other tests for AI-generation might be applied, with reputation following from that.
Sadly, that's bullshit most of us didn't ask for, and it's turning up all over the place, e.g., among book and short-story publishers, journalism, academic publishing, as well as blogs and social media.
Attesting who is responsible is more of that "bullshit most of us didn't ask for". I'm not interested in identifying myself so some cretin can know whether I am, or am not, an AI... particularly when the vast majority of posters on any platform act like NPCs anyway.
Would be nice to see something referral based. If you don't like X, block them. If X invited Y and Z and their invites behave poorly, you can block the whole tree. Kinda like lobste.rs referrals but for wider internet
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
Aside from social dynamics, a chief issue is that if you're relying on this as a mechanism for content filtering, personal relations have low predictive value.
E.g., I may really like a person's content, but not their curation or referrals to other accounts. Conversely, I might not care for a person, but their recommendations may be excellent. More common might be the case that a given account produces little or no content of their own, but makes reliably predictable (either good or bad) recommendations, which would be useful for further filtering. Or the highly verbose individual who emits a constant stream of near-drek, but an occasional diamond.
Content production, content curation, and talent spotting are all distinct skills. Success or lack in any one says little about the others. This is where Bayesian indicators (including relationships and referrer / invite relations) would probably be more robust.
That said, tainting an entire invite tree is likely useful, with a caveat that if a particular invitee has an independent, untainted, relation, they might be worth following.
In practice what I've found most useful is to have a pretty tight primary list of follows, ~50 or fewer, and a slightly broader secondary list. Allow recommendations be default (that is, re-shares / boosts), but curtail those too if problematic. Be quite liberal in blocking / muting anything in the least bit annoying or problematic.
Or participate in a selective group with excellent moderation. HN isn't quite there, but it approaches this ideal more closely than any other major forum I'm aware of presently.
Perhaps, but in both cases, I think that the principle problem is attempted control at the wrong portal.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
Not true at all. Even small, insular, just-a-few-hundred users PHPBB-style forums have to run Cloudflare or Anubis to try to stem DDoS-style scraping, and have a constant patrol of moderators to stop AI spam posts.
Not true. You can also make your code fast enough so your server doesn't get overloaded by three requests per second. Then you can just handle the requests.
There are multiple facets to the problem. Technical site performance is a very small part of those.
The disruption, manipulation, and most of all erosion of trust which bad-faith actors create (AI or otherwise) are the most serious issues in my experience. The concept of "evaporative cooling", in which a platform starting to go bad sees an accelerated departure of well-intentioned, high-value participants.
I agree with you that the PHP forum software is not fast at all. But, try hundreds of requests per second, including requests that require text searches.
Also, uh, how does speeding it up that help with the AI spam? (Sorry, I should have emphasized that part of my most more, since that's mostly the topic of this sub-thread I was replying to.)
>Maybe we need an alternative set of root servers for a free Internet.
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
You can still get a block on the grey market for (I believe) currently a 4-digit payment, which is not free, but it's quite accessible if you have any serious usage at all.
(It will be officially transferred to your name - there's nothing grey about the blocks themselves - the greyness is that RIRs officially forbid selling them, but they can't really do anything to stop it and they don't forbid buying.)
IPv6 blocks are still available from RIRs and you don't really have to care about anyone stuck in the 1980s if you don't want to.
Also each of the root servers is itself run by a different organization. If you had some clout, you could ask them to also host your alternate root server on the next IP address. Half of them are anycast blocks which means they likely have 253 addresses free as anycast blocks aren't really shareable.
One very simple way to give parents control over what their children see and participate in without violating everyone else’s privacy is to create adult and social TLDs and require these sites to migrate to them. So instagram.com becomes instagram.social, etc. Then mandate that all consumer network equipment mfrs and internet providers provide easily accessible ways to block these TLDs. Maybe combine that with some public education materials to teach less savvy parents how to do this.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
This idea has been around as long as the web, but you can't get momentum behind it.
A much better idea was a .kids domain where the content was vetted, and you could allow-list your child's device to that. Much easier than trying to migrate everyone over to specific TLDs, especially when that ship has sailed already. But that never got traction either.
Edit to add: I used to work on "family safety" software. Blocking bad content doesn't work - it's too difficult of a problem. Walled gardens do work, however. The fact that there's not a push for the equivalent of an Apple App Store for kids is probably evidence of ulterior motives on behalf of regulators.
One of the problems is the binary nature: we lump everyone between 0 and 18 years old into a "kids" bucket, but the content appropriate for a 17 year old is very different from the content appropriate for a 4 year old.
My family has tried the curated "kids" content from the major players: It's junk and not going to be interesting to a teenager. Your 14 year old is not going to be satisfied with a version of Netflix that's all Bluey and Daniel Tiger. And your 5 year old probably shouldn't be watching stuff that's made for teenagers. But our regulatory hammer knows only "kid" or "not-kid". You can't make a single walled garden.
Even within a single age. My 15 year old might not be ready for content that your 15 year old finds to be routine. How is YouTube going to know what is appropriate for any given 15 year old? Walled-off content and numerical age gating is just not a workable solution.
There was some optimism with .xxx that adult content producers would voluntarily switch over. Spoiler: almost none of them did, except for domain name availability reasons.
You're massively underestimating rule interpretation skills of horny teenagers and gambling game developers. Total segregation based on actual solid cold hard ruleset is pure gasoline to them.
What this misses is that many parents do allow their children to access social media because kids need to conform. If all the other kids have social media access, your kid is excluded by not having access.
Is it better to have TikTok AND friends, or no TikTok and no friends? Sure, the best is no TikTok and still have friends, but you can't always have it all.
That’s fine because an enforced TLD system would default to them being allowed to access social networks and parents having an easy way to block them. It makes it easier for parents to do their jobs and doesn’t affect everyone else. Want your kids to have access to social media? Just…do nothing.
This is such a naive take, I see it a lot. Have you considered they can:
* Buy one themselves
* Get / use a friend's
* Use public internet access points
* Need one for school
* Use the smart fridge / tv / gaming console / anything with a browser
* Access stuff in Minecraft, Roblox, etc
You can only stop it by going offline and raising them in a cabin in the woods, which is a whole other thing.
What you can do is give them The Talk, of course (but that only helps / prevents to a point, it's more to prepare them for what they may find or how they can identify problematic things). And the other is to push back as a community effort, with e.g. many schools banning kids from having phones in the first place.
Have you considered that even if unwanted material was only accessible in physical form with age restriction for buying. Like porn magazines, cigarettes or alcoholic drinks, kids can still access them and find a way around it. You can ask older generations. Perhaps you can't stop it by "going offline and raising them in a cabin in the woods".
Best is to assume they have access to it one way or another if they seek it. The discussion should not be about banning vs allowing, it should be focused around how to deal with situations that arise regardless.
Education about the subject and why kids shouldn't seek access is quite effective, additionally they will be informed once they are allowed access. Think about how the last decades saw a sharp decline in smoking and alcohol consumption.
I think the earlier commenter is right. If a parent fails to... well... "parent" that's on them. Locking down the internet to republican-approved sites only is not the answer.
One problem (there are others) is that it's not always possible (or easy) to not give your kid a smartphone, or access to social media.
Imagine that your kid doesn't have those and is having a hard time at school because all the other kids do have them. They have a whole culture based around those, and your kid is excluded from it. What do you do? Tell your kid that it's okay to wait 10 more years before hoping to not be excluded?
Block how? You can block sites now and all it takes is a proxy/vpn to get around it. Nothing short of personalized age verification will work. The best we can do is make sure the age verification system is centralized by the government. The client sites can’t see who you are and the centralized government server should not be able to see the sites you visit.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
>Nothing short of personalized age verification will work.
Specifically, daily personalized age verification by the specific app/website, not by a third party.
>The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you.
Well, the government has the right to request proof that the company in question is properly conducting the age verification process. This means that the companies performing age verification will keep your personally identifying information (PII) and maintain an association between your PII and your account/activity on the platform.
On a different note, the government has the right to gather evidence of criminal activity, where the definition of "criminal" is under their discretion and if there happens to be a convenient stash of information that can be linked to your person, that's just a happy coincidence.
Whether such a system could be bypassed by a VPN would depend on exactly how the age verification works and whether said government decides to ban the use of VPNs.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
Reminder that the internet was created to be live and a indestructible means of reaching one and another, none of what you wrote can meaningfully do what you think it would.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
As a parent of teenagers, I feel like the sites make it hard for parents.
When they were young, you had a choice between YouTube being completely locked down with no option to whitelist channels or letting them watch almost anything (although I think this has changed since but it's too late now for those of us with children that age).
Now, there is no way I can whitelist contact/groups on WhatsApp or Discord servers/friends. Once they hit 13, pretty much any option to restrict anything feels taken away from you as a parent.
Luckily, I have sensible children (I think!) but it's really hard as a parent trying to both be reasonably responsible, but not deny all technology, it's really hard to navigate a sensible course.
You gotta understand, the owners of these sites don't care about you, your kids or a good user experience. They care about serving ads, tracking your behavior and selling that behavior data to the highest bidder. If they get to your this behavior to your government ID, it will probably make it more valuable.
There's also a lot of room between YouTube (or even social media) and all technology...
The article says that California "will require identity verification at the operating system level starting in January 2027", but that isn't true. The bill [0] only requires that operating systems collect age information on account setup and then provide which of four buckets the age falls into. It's not requiring any kind of identity verification by the OS. It's just a box you fill in when you set up the computer.
I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
This put the power in the parents hands. They can set up their kids computer with a kids account and then all software and web services can just ask the OS if the user is an adult rather than all requiring their own ID verification.
It's the State's responsibility once something affects enough people. That's why a law like this makes sense but should exempt OSes under some number of users. It's not great that we have such a harsh divide between "do whatever you want so long as not too many people are bothered" and "alright now the people have spoken and it's a State/national law," but it's the system we have and better than the people only getting a say with their wallets.
This conversation makes me wonder if age verification at the system level could be considered an externality for its cost to society as a whole, and the solution be to collect tax from any commercial sale of a desktop OS that doesn't implement a defined open standard. If there is any money raised it could be used for eg. education pieces on harm and harm reduction
Maybe it doesn't work in this case, but I think you both make great points. Just feel like there must be a way of bridging this gap
The state requires things sold to meet a bare minimum of safety. Cars sold require seat belts, movies/games sold require ratings. Devices sold have a meaningful parental controls flow.
Seat belts aren't forced on you - if you want to not use them and face the risk of fines, you can do so. Media ratings systems are informational, you can choose to let your kids watch R rated movies or above. Are they going to let parents have a choice when it comes to parental controls? What about non-parents?
That's my gripe with the age verification systems I've seen, there is no room for parental choice and no consideration for people that are adults and don't have kids using their computer.
If something is illegal for kids to access it is illegal and therefore parental choice is being overriden by the state just like every single other thing that is illegal for kids to do such as smoke cigarettes, do drugs, drive etc.
I don't think it is overreach since its fairly simple to implement and non obtrusive. We have had multiple decades of failure from tech companies already to prove that they won't act on their own.
If you are putting individual parents up against Meta, Google, etc, the big tech companies easily win. As we have seen already.
> I don't think it is overreach since its fairly simple to implement and non obtrusive
Those two things have absolutely nothing to do with one another. Something being easy to implement is completely unrelated to whether forcing its implementation is overreach.
Which is why s/he mentioned both of them. *This* law is simple to implement *and* it's unobtrusive. It's actually a really good way to solve the problem without creating privacy concerns.
How do you verify someone’s age reliably without identifying them? Unless there’s some standard around zero-knowledge proofs they’re implementing that I’m not aware of, they’re probably going to end up identifying everyone as part of this system, since kids will try and bypass it and parents will demand it be made more robust. Kids will still bypass it no matter what we do.
You don't. The law we're discussing doesn't verify someone's age. Please stop calling it an age verification law, because that's completely disingenuous FUD.
I think the part that's the issue is the one where they mandate age verification. They're going to try that either way, the worst thing this could do is get people accustomed to the idea, but in practice the operating system they use already asked their age.
You can't sign up for a Facebook account without giving a live selfie.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
Indeed, well before Clearview, Facebook demonstrated they can identify faces and asked people to tag people in it, creating one of the earlier massive facial ID databases.
FB's policy on this is patchy. I've known people who have had accounts for years, who were suddenly asked to provide a selfie - often after posting political content. Their accounts were then either locked down permanently, or unlocked.
I also know people who created accounts from scratch without needing a selfie while connecting exclusively through a VPN. (Only some VPNs, work apparently.)
Supposedly FB uses device ID tracking, so if you're picked for selfie ID on a device and try to create an alt, you'll be selfie-ID'd again.
Using a different browser on desktop solves the problem for desktop but not for mobile.
And so on. Basically it's doable, sometimes. And sometimes it isn't.
You find it to be a negative that banks require identity verification to drain an account? Personally, I would refuse to keep my money with a bank that doesn’t do this.
Asinine requirement by whatever risk management firm they use. A selfie provides nothing in terms of lasting security while simultaneously adding permanent risk.
Have you ever considered that it’s a front? You may think that store that never has customers is just run incompetent business people, but in reality the real objective is not the one you believe it to be, and it’s actually great if you were to refuse understanding that.
I've found that framing topics like this as primarily a pretext for different motives is a sure-fire way to be ignored by people you may want to convince.
As always, the goal in convincing others is to take someone from their current understanding and bring them closer to yours. You can't get there if you don't start the topic at their current understanding of it.
> they accept money and direct deposit still with no KYC. But to get the money out? Oh no! We need a picture of your face!
Unauthorized deposits aren't nearly as much of a concern as unauthorized withdrawals, right? I'd imagine that there are far fewer malicious actors that try to deposit money into random bank accounts than there are ones that try to withdraw money from random bank accounts.
> And there’s no option for going in person.
Won't an in-person bank also take pictures of you via security cameras? I don't really understand your objection here, could you elaborate?
A bank's security camera feed isn't likely to be sold to dozens of companies.
It is all but guaranteed for Internet-based facial recognition services.
Hacked facial recognition data already is reportedly being used by scammers to not only bypass bank security but also to impersonate people to target their loved ones.
There is no lasting security gain by providing a selfie. There is a lasting security and privacy loss, however.
Additionally - furtherance of facial recognition technology would impact travelling to foreign jurisdictions.
One of the most common ways foreign travellers get flagged when travelling internationally is for social media posts made under their own name that their destination country's government may not like. Traditionally if you've kept yourself pseudo-anonymous, you've largely been safe. But if we get to a point where pseudo-anonymous accounts are associated with pictures of people's faces, it will become significantly less pleasant to travel internationally for a lot more people.
It used to be that you could expect to not have your likeness captured and transmitted to third parties for their AI model training and who knows what other nefarious purposes.
It seems like all expectation of privacy and anonymity evaporated in the last 5 years.
I'd consider it a negative that they trust a shitty webcam / selfie camera to cut the expenses of having an actual office with trained personnel.
Who aren't flawless of course, but selfies have been easily circumvented with photos or video game cameras.
Hell, at one point we had to implement age verification for a Japanese tobacco product website via a 3rd party vendor, I just used the wiki page's picture of a Japanese ID to test it, worked fine.
most banks using faceid won't accept you go to a branch. because they contract with a provider who makes more money from building and selling a database than to fulfilling the contract with the banks.
And your data on all those platforms - Google, Apple, Facebook, Twitter, etc. are ALL building comprehensive profiles on you, selling your data, and probably tossing it straight to the government in one way or another.
It’s the end of large scale “global village” social media - good riddance if you ask me; I’ve left it years ago for more private spaces.
I wonder though how it will affect places like 4chan. I don’t really know if it’s still as anonymous as it used to be but that’s like a cornerstone of their existence.
Are you referring to financial accounts or social media accounts? (If social media accounts, I'm guessing you're referring to the US specifically, and during advance visa processing rather than at the border.)
this is reason enough to close the vast majority of them. if you're engaged in discussion, that's one type. the doomscrolling types, more addictive but very much more disposable.
You don’t “have to”. They’re requested when travelling to the US - but from my experience it’s not enforced (at least not consistently, I’ve never been asked why it was blank on my forms)
I thought so too, and said so at a meeting at work when some colleagues were unwilling to travel to the US.
It turns out close contacts of some of my colleagues have been asked to show their Facebook accounts at the US border. There was a recent rule change about it.
That’s to post something on a garbage social media like Facebook. Facebook owns their site, so I believe they can require whatever they want, and your option is to not use them. Other services requiring Facebook (or an Apple or Google phone) and everyone using Facebook are separate problems, that should be handled specifically; I think it’s easier to leave Facebook than coerce Facebook into decency.
Fortunately on Hacker News, you still only need a username and password. And if spam is an issue, on lobste.rs you only need an invite.
Fun fact: America invented the social credit score, long before China, and they still have it. The only difference, is the lack of the word "social" in the system's name, but it's the same system.
I’ve configured my browser to disable certain tech like webgl, I get infinite captchad by google. Using vanilla chrome works fine. It might not be full blown attestation but it’s not great.
Fuck you google for ever thinking infinite captchas are acceptable.
"might as well abuse this tosser to train the AI a bit. Free compute and classification, hey!" - or so, I guess. They immediately know they'll never get you through :)
Good luck, I don’t know whether the slight line in the adjacent square is part of the traffic light and sometimes I just say fuck it and click random squares.
Google actually doesn't care whether you click that. They care about other things, like how quickly you complete the captcha. Slow down, pretend you're an old granny, and you'll be more likely to pass them.
Sometimes they've already decided you might be a bot, so they'll decide to claim you failed the first several rounds no matter what.
Sometimes I fantasize about getting the Google CEO to complete a reCAPTCHA in Tor Browser live as part of a courtroom trial to prove cheating business practices.
Can someone help me understand? Why is it not enough to just be able to manually set an age on local OS user account. If unset assume adult. If set applications can use it to verify age. Require admin permissions to change. All responsibility on parents to restrict admin and set the age. No data collection. No responsibility for services beyond a simple check. It seems like an incredibly simple solution with very little compromise on either side that gets everyone 95% of their stated goals.
EDIT: Oh it seems like that’s what the CA bill does? Seems good to me. I have zero problem with age restriction if age verification goes no further than mom buys kid iPhone enters birthdate, Instagram asks phone is user 18.
The compromise is that it is either really easy to work around, effectively defeating what it is trying to do, or it becomes tightly locked down to trusted devices only, destroying the free internet.
A full answer is somewhat dependent on specific implementation details, but the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary. Get another computer that identifies as an adult, and that isn't concerned about your age, to send the data to you.
And maybe that's a healthy way to think about it. That it doesn't matter if kids find it easy to work around. There is no child who hasn't been able to get their hands on alcohol when they want it, but perhaps the infinitesimally small amount of friction leaves many to second guess their choices? Then again, from what I see out there, just rationally explaining why alcohol might have negative consequences is enough to see that second guessing. Alcohol consumption amongst the youth has completely plummeted now that we no longer treat it as some magical taboo thing and finally started talking honestly about it. The same pattern has been observed over and over in other things with undesirable consequences for children.
Yeah there’s no getting around that kind of thing. My parents would unplug the router at night and take the power cable so i found another device in the house with the same cable and plugged it in. But my sister never did that so at least it worked for half of us.
I’m all for sane best efforts for restricting children’s access to mind warping materials online if the consequences on the overall internet are minimal which I think this does. I’m not on board with killing the internet as we know it to get from 80% of children off social media to 90%.
The problem with social media and to a lesser extent porn is addiction. If a kid had to go to a friend’s house or sneak on to their parents computer to scroll tiktok that’s already a huge step in a healthy direction.
Is it? Only around 10% of the population will develop an addiction (of any kind). About the same rate as the population who live chronic sedentary lifestyles, which comes with equally (or maybe even worse) health and social consequences. Where is the regulation that forces you to prove you are of a certain age to sit on the couch?
This seems like a lot of effort for something that impacts such a relatively small group of people — a group of people (in size) that we otherwise don't normally care about one bit. 10% of the population is marginalized time and time again. What's special about this particular case?
I would hazard a guess that much higher percentage than 10% of the population thinks that they themselves are on social media more than they’d like to be, whether thats addiction or not idk.
You’re probably right though, i don’t think 10 year olds should be on social media in any capacity. Why? Partially because they can easily get addicted sure, but also because really any amount of interaction with these platforms is bad for them because they are monstrous mind warping engagement machines.
> they are monstrous mind warping engagement machines.
No doubt kids will choose social media over cleaning their room. Would they choose social media over going outside to play, if society still allowed them to do that?
The "boob tube", so given the derogatory nickname due to the perception of much the same idea you present, may not have been able to take the warping engagement to the same extreme, but during its prime also didn't really capture the youth attention because the youth had better things to do, like disappear into the woods until nightfall. TV use has always been dominated by older people who, through things like failing health, have lost the ability to do anything better.
True addiction or not, it is worth noting that addiction doesn't happen overnight. One needs repeated exposure to develop the necessary neural pathways. This is why addiction shows up much more commonly in obviously tough environments. People use a device as an escape from their situation, which feeds the mechanisms necessary to develop an addiction. Social media is most certainly engineered to tick the "this is enjoyable" box, but that alone isn't enough to develop a problem. There needs to be something that sees someone want to use social media above all else on a regular basis and, as you point out, it is very likely that much more than 10% of the population don't actually find social media to be all that enjoyable; just more enjoyable than taking out the trash.
So, maybe we can reframe this as: All this work to continue to keep up not wanting to see kids without a metaphorical helicopter constantly over their heads as a result of an imagined boogieman that was invented in the past? Seems like a horribly misaligned effort.
> the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary.
They can do exactly the same with other proposed solutions - ask an adult to register a social media account with their id or pass selfie-age-verification for them.
That is when the conspiracies start popping up, because a lot of people agree with you, me included.
However, you cannot make parents actually use such systems, so ignoring the obvious control this gives nation states, giving states this power might help the children of those irresponsible parents, which is the only real argument I have heard, since the effects of it are the same if the child simply had responsible parents.
Well it’s not even necessarily irresponsible parents, good luck keeping your child from going anywhere you don’t want them to go if you have internet enabled devices in your house.
In my mind you have states mandate that adult content (porn, gore) and social media services are legally required to check for the age from the OS. No other sites need to do anything. No data collection or ID verification anywhere. All responsibility on parents.
I would imagine for the zealots out there its worth it to go further and destroy the entire internet to prevent a single 14 year old from jerking it to a tiddy. And then of course the advertisers want device attestation. At least it seems California is picking a sensible middle ground.
Because many children will have parents that arent responsible and that doesnt mean they deserve to be taken advantage of by a billion dollar corporation.
> EU law gives every citizen a right to a bank account.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
As a parent, what I find effective are content rating systems, be it for movies, games or apps, along with the ability to control and fine-tune them.
For example, with Apple's parental controls, I can blanket-decline access to Social Media apps, or to apps recommended for a specific age or older, and I can also allow exceptions as I see it fit (for example, my kids have no access to WhatsApp but they are allowed to use Signal, both have the same age recommendations)
This moves the responsibility for age verification to me, the parent, and provides me with suitable tools to monitor this. With this, there is no need for my kid or me to upload sensitive data or go through some bad age verification implementation.
Websites are more difficult to control, but not impossible.
Long story short - improve tooling for parents that allow more centralized control instead of mandating social media to do the age verification on their end.
It is similar to what Frank Zappa proposed when they were looking at age restrictions on records. He said, they should have the lyrics printed up so parents could decide if their kids should assess it. A decent moderate response.
Alas, the age restrictions came in and the big warning on the front covers was added. It did kind of backfire because that warning started to become a badge of quality to younger people. A similar thing could happen here. If you restrict it then it becomes the forbidden fruit.
I wonder (and don't hear anyone talking about it) if kids can't upload on social media and "publishing" platforms. Can they still host a website?
I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?
Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.
> Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
Today I cannot get a VPS without verifying my identity. Can you?
> I feel like most politicians and people don't understand privacy and the impact of breaking it.
I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".
Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.
> Today I cannot get a VPS without verifying my identity. Can you?
I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).
I meant more without scanning an actual ID or face.
> I feel like it doesn't start like this.
Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.
I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.
That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.
The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.
I do believe that there exist ZKPs, but then it raises more questions, like:
- Do we ban VPNs? I don't think we should.
- What happens if the ZKP doesn't work? It's not okay to fall back to identity verification, but then does that mean that the services are blocked if the ZKP infrastructure doesn't work?
I don't have any answers or strong opinions yet, but I feel like the legal/societal conversation should focus on "actions taken via XYZ" rather than "technology underlying XYZ". Similar to how GDPR, etc. cover actions like collection/storage of personal information, not specific technologies like cookies (despite what many believe!).
In particular, your examples bring these things to mind, which might be worth considering alongside:
- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.
- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.
- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.
- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?
- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.
- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!
The problem is kids on social media. This doesn't need to be a problem for anyone except social media companies and social media users. Sloppy policymaking is making it a broader problem, but I don't think this is some nefarious scheme (at least in the U.S., it looks sketchier in Europe). It's just policymakers pulling the first proposal off the shelf to respond to intense demand for a policy from voters.
I don't think we have to accept that "kids on social media" is inherently a problem. I don't think kids on a 2005-era-myspace social media would be a problem. As I see it, "social media" is now defined as the highly addictive and exploitative products from Meta et. al., and we shouldn't have to destroy any semblance of free or private internet so that they can't be hindered in any way from making the maximum amount of profit and influence regardless of the harm it causes kids (and adults, too).
We've basically accepted the premise as a culture that exploiting adults is fine. Exploitation is so heavily baked into our culture that pushing back on it would cause too much upset.
If you're below 18, you deserve protection. Above 18? Good luck, babe.
I think one of the unintended consequences of age verification is going to be a whole host of unprepared 18 year olds getting full access to social media and getting absolutely one-shot by it. Think credit card sign ups on college campuses or predatory car dealerships near boot camps. There are going to be a lot more 18 year old boys gambling away their student loans and 18 year old girls signing up for OF, but it'll be fine, because they're 18! Not to mention they're going to be scam targets on the level of the elderly. And if you're exploited/scammed as an adult, it's your own fault.
Age verification/restriction without an educational component of some sort is just creating a future cohort of extremely vulnerable young adults for companies and bad actors to sink their teeth into.
Dont forget what kicked this age verification in first place. Initially they wanted do age verification for porn, and only year later they moved into social media seeing there's wasn't huge pushback.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
It was funny here in Australia, they did it the other way. They banned social media for under 16 but didn't get around to porn until a few months later.
The "First they came for the Communists" logic still holds. When government able to open the flood gate, the mandatory ID check will be slowly and surely be everywhere.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
First they banned the children from smoking cigarettes, and I did not speak out, for I was not a cigarette. Then they came for the murderers and pedophiles, and I did not speak out, for I was not a murderer or pedophile. Then they came for the carjackers, and I did not speak out, for I was not a carjacker. Then they came for the people who said "Free Gaza!", and there was no one left to speak for me.
This is famously why ID checks at the liquor store led to the government eventually requiring a mandatory ID check anytime you walk the dog or go to the beach... except none of that happened.
I feel like one of the problems with “conservatism” (I’m using the term loosely here) is it fights to preserve the status quo, even if the status quo is already a bizzare compromise. If we want to envision a better future great, but preserving what we currently have as the “free internet” is just sad.
Age verification is fine, at least in theory. It’s the implementations that are bad.
More and more people agree that kids shouldn’t be on modern social media, including me. But most people also agree that mass surveillance is dangerous. The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
Better parental controls, more parental education, and site-specific age verification (Facebook etc. can require whatever PII they want to use their service) backed by incentives (whitelisting in parental controls, promoted as a “safe site” in parental education). Are these enough? Maybe not, but maybe mandatory ID and blocking VPNs aren’t enough as evidenced by people bypassing them. These (first three) are progress, that don’t yet require mass surveillance, and we can first see how effective they are then go from there.
I wish people wouldn’t say “age verification is bad”, it’s like “anti-work” and “defund the police”.
No, age-verification IS bad and is a slippery slope that will always lead to surveillance. If we don't stop this now everything will get worse. And trying to lump this in with other extreme rhetoric doesn't help. The answer is and always was "better parenting".
Everything good is a slippery slope: every step in the right direction is bad if you overshoot. Maybe age verification isn’t needed, and educating parents is important; but without more, they’d have to be ultra-helicopter parents to stop their kids from accessing social media.
At minimum, parents need other parents in their local community to be educated; and better parental controls, so they can give their kid a phone and computer (for good reasons like safety and education) that won’t let them access social media (even unintentionally, some parental controls are that bad). Both can be done without laws, only social pressure and at least the potential for new (locked-down) devices.
(In theory, kids should also be prevented from buying unlocked devices, like drugs and alcohol. And showing the local cashier your ID to buy a generic device (whose packaging is indistinguishable from other device packing, so it can’t be traced to you afterward) is technically a form of age verification. But in practice this may not be necessary, because hardware is too expensive for most kids.)
And in addition to that, it is the role of the parents to be having the say in what their kids should and shouldn't be doing. As far as I am concerned most governments stick their collective noses in where they are not required. And, yeah, I do agree that kids shouldn't be on social media. Having sid that, even some adults shouldn't be on social media...
> it is the role of the parents to be having the say in what their kids should and shouldn't be doing
The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle. So yes, I do agree that parents must talk to their children and explain what social media can lead to, including the dangers of internet predators and so on. But no, I don't agree that parental control is a general solution that will work for all kids out there. It never has.
<The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle>
Very true & having 6 kids of my own, I know that only too well. I still don't like the idea of Mr Government trying to tell me how to raise my family. Here in Australia the government seems to like that a lot...
Well the thing is that people often love when the government tells other families how to live, and partly for good reasons including enabling basic education for everyone. Partly the wants of the parents and the needs of the kids might be at odds. Society is a complex construct.
Governments are required to enforce that devices must give the choices to parents though, right? Otherwise devices won't give the choices to parents because it's more profitable if you don't.
If parents don't want their kids on social media, get them a dumb phone, or use the parental control features. Maybe some parents don't care, and that's their prerogative. None of this is about protecting children, it's about "protecting" adults from "bad ideas".
The problem is many parents will not do that. Do those children then deserve to be taken advantage of by social media corporations?
Generally, things that are harmful and addictive such as alcohol, cigarettes and casinos require age verification. We dont just put the onus on parents because a child with bad or absent parents still deserves to be shielded from alcoholism at 12 years old.
So are gambling and cigarettes. As a society we've decided a reasonable compromise is that you can get the freedom to harm yourself at a certain age where you're assumed to understand that you're harming yourself.
So? Not all reactionary (if you mean "conservative") takes are bad. Sometimes they're better than the alternative: accepting bad parenting as some default and working around it with technological restrictions.
"Reactionary"'s origins as far are pure political DARVO and gaslighting anyway. It originated in the French revolution and basically declared "You are morally wrong for being horrified at my horrific and evil actions." That origin tainted the term for me personally.
The actual modern reactionary meaning of "referrant to a mythical past as a standard" always felt like it deserved a better term. But nobody would get what you were saying if you called them a "fairytaleland resident" or similar.
HN is filled with people who are on the other side of an "internet best practices" information divide.
For everyone else, the internet is already a shit show and a half. They want control, because it means putting a stop to being predated upon, or more nihilistically, harming the firms that are harming them.
I don't know how to let other commenters see how bad it is, or make the gulf in view points clear.
Giving up control is always a mistake - they never do what they promised and you never get back the control. There is never a refutation to this fac: just a childish "But I want it!".
How is that the answer when even parents don't have the right tools for this. are parents supposed to surveil their kids 24/7 and monitor their internet traffic?
Why is the internet special, do you also believe physical stores shouldn't check for ID for cigarettes and alcohol, because the solution is better parenting?
The internet has explicitly R-18 chats. Random IRC channels are not nightclubs. I am moving the goal posts back, if you touch them again we're escorting you off of the field.
in real life people can see you and determine your age at a rough estimate and be able to tell if you're an adult or not. Do you support having to turn on your webcam and show your face in real time then, to talk to strangers on the internet? many age verification sites are doing just that.
I get that you don't, all I'm trying to do (and failing) is have a discussion, apply critical thinking and be able to articulate a position. I'm neither fully opposed to it, nor fully in support of it. I'm always seeking nuance. I've found out lazy reductionism is the cause of much suffering and loss in the world, I can be bothered with the tedious nuance, especially for a topic I know a thing or two about in my own view.
Unfortunately karma systems on sites like this are not conducive to such a discussion. I want to challenge your opposition to the age verification regime, so that I can be better informed, and you will stand on a more firm ground, articulating your views with solid arguments instead of "i don't like it".
Oh, okay. Well in that case then the answer is no, I don't support any of this.
Of course I'm happy to talk about my positions but there is little nuance to my position tbh: I remain entirely unconvinced by the justification for proposed measures and believe that the entire discussion even happening is essentially a framing error. We're all talking about what should be done about this. About what, specifically? And, well, why now?
I grew up on the Internet. I've had essentially unfettered and unmonitored access to it since I was maybe 11 or 12. Me and my cohort of classmates often talked about sites like Rotten or Motherless at the lunch table, and certainly age inappropriate content like on Newgrounds and Lord help us, Ebaum's World.
Now okay, things have changed. (I'm still quite online for better or worse, so please don't get the idea that I don't see that the modern internet has different child safety concerns than the one I grew up on.) But somehow, the rhetoric is exactly the same as always. It's the same damn thing. No matter how the times change, it's the same "protect the children against the evils of sex and pornography!"
Uh huh. I realize not everyone has a universal shared experience, but from my point of view, the problem with kids and inappropriate content isn't just a story of negligent platforms. It is the story of 1. Hormonally unstable kids going through puberty who will often stop at nothing, 2. Platforms that are more or less indifferent and will do whatever gets them money, and 3. People who take on the immense responsibility that parenthood entails then expect the whole of society to take care of them.
I don't know what to tell people, I get that this is a terribly uncomfortable fact, but the number one reason why adolescents get involved with porn and sex is because they explicitly are seeking it out and want to be. It is nothing to do with the porn industries or lack of Internet regulation, it's their goddamn bodies.
It's absolutely true that I had access to content far more disturbing in all metrics than the old playboys under the mattress of yesteryear. I am not claiming this is ideal or that it should be the case. I'm just saying that it happened and the generation that was there is here right now, and we're fine.
But maybe social media is just simply too much. It puts kids at too much risk and they can't handle it. I think we're selling a lot of adolescents very short here without at least giving them a chance to have a bit of freedom, but fine. Let's fix this.
How? It's simple. When you are a kid, the first computer and phone or whatever kids get these days, is given to you by a parent. What we can do is make decent parental controls. We don't even need strong identity verification. We just need to be able to provide a way for apps and sites to voluntarily block children.
This sounds eerily similar to California AB 1043, and it is. I think that California AB 1043 is also bad for many reasons. Firstly, I know this is going to be expanded in many uncomfortable directions; it doesn't take a genius to make basic extrapolations. Secondly, I feel it is poorly written and confusing; what's an app store? Why does the law require all apps to request and store the age bracket information? What is an app? Does GNU sed now need to, by law, request the age bracket information from systemd and store it somewhere? And no, it isn't acceptable to just try to "do what they mean", it's a badly written bill. We shouldn't accept badly written legislation, but apparently in the past couple years or so the situation that had been ongoing for the past 3 decades or so with the Internet suddenly became extremely urgent to fix Right Now (in a couple of years) so we had to rush out shitty legislation that makes no sense.
So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.
So we won't even just get sensible parental controls. We'll get weird parental control like legislation, having to send a live stream of our faces to sketchy companies who pinky swear to not leak it by accident, enter our credit card information into sites that definitely won't get breached, and scan our goddamn government IDs to access basic chat functionality that we already use today, in some cases. Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is. (It sure was helpful for one of my friends who was gay and could access resources on the internet when his conservative parents were unhelpful. I suppose everyone is allowed to raise their kids how they like, but I can see the duality of how it's also not always the case that the parents know best.)
To say that I think this is all beyond farcical is a massive understatement. So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place and I don't like engaging with things that I know are coming from the wrong place. I'm not saying you or anyone in particular actually has bad intent by any means, just that I don't believe this entire movement at all.
> We're all talking about what should be done about this. About what, specifically? And, well, why now?
There is a seemingly endless lists of victims to crimes happening online. Not only that studies that are coming out in recent years are showing lots and lots of adverse effects against children that grew up with unfiltered access to the modern internet. The internet you grew up in as you probably know is long gone, the iPhone-era internet, with tiktok, instagram, youtube,etc.. is a whole other ballgame. Not only that, people depend on it a lot more, it is not a whole lot different than any other real-life infrastructure, except it was built without any planning around how it impacts those that it affects. When you open a business you need a permit, when you accept or reject customers in a real world business there are laws, even when you simply have a gathering in a public park, above a certain number of people you need a permit. All these laws originated as a result of people getting harmed.
Why? To be frank there are lots of whys. The big-tech companies like Meta and OpenAI are using this valid concern and narrative, so that they can swoop in, save the day and then do some really nasty evil crap (not just profiteering). and like so much else these days, these ghouls win because people like HNers can't be bothered with critical thinking, they're allowed to get away with what they do because the alternative those who can actually solve this present is preservation of the status-quo (I can rant a lot about how this is also how the downfall of America is being orchestrated, but that's a distraction).
> I grew up on the Internet.
That internet is gone, dead, a thing of history. Your experience is invalid. Take some time to see how r/Teachers in subreddit is observing the change in kids these days. The internet you grew up in was young, it was not widely adapted at a global scale, you didn't rely on ebaum's world to function day to day but you'd be hard-pressed to even get vital medical care these days without a smartphone on hand, logging into random sites and installing random apps. Even with porn, it was one thing over a slow connection with not a whole lot of awareness, you have kids even under 12 watching porn on smartphones.
Take a step back and think about this, someone who is unable to consent to sexual activity is partaking in one, and the people that are particpants on the other side of the sexual experience are adults who can consent. Sex is used because it's a lazy of making an argument, but the point remains, it doesn't matter what your anecdotal experience is, many for example say they were fine having sex with their hot teacher in highschool, but we send such teachers to decades in prison for grooming and sexual abuse of a minor. It is the simple fact that society has decided consent is required for certain activities, and age of consent has been established. The means of the interaction is irrelevant, non-consensual participation of certain activities is illegal, and laws must mean something and must be enforced equally.
> Hormonally unstable kids going through puberty who will often stop at nothing
That is irrelevant. If we can stop one kid from interacting with a pedophile or having life-long psychological issues, it's a win. and honestly results are irrelevant here, the means is not a way to justify the ends. the means here exist because it's the law, society has decided it's wrong. If you think kids should watch porn, that's a different story and it would be same as agreeing they should be sleeping with adult prostitutes or get into strip clubs. The internet doesn't change what's happening. Watching a naked stripper in person and watching that same woman do the same thing on a screen are not different types of non-consensual sexual activities.
Your argument about "they'll just want it more" is not correct either. The same argument has been tried with alcohol and cigarettes. Right now the alcohol industry is suffering because Gen-Z don't want to drink, same with smoking. All the efforts to curb those are paying off. Gen-Z are much more prudish and seek out social conservatism because they're seeing the penalty of this reckless disregard to the harms being done to a person's mind.
It used to be boomers and older generations would say "look at me, i grew up being beaten near-death and I turned out ok" too, anecdotal experience doesn't make things right.
> California AB 1043
I don't know much about it, but restricting social media and internet access to kids is happening globally, and for a good reason too.
Just consider one thing in this discussion: it isn't about being a prude, but about actual harm, actual suffering, actual abuse that's happening.
> So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.
Parents have a responsibility, but so does every member of society. You have a responsiblity to not hand over a child a gun, poison, alcohol, keys to your vehicle,etc.. when you interact with others you are responsible for your part of that interaction. You don't get to flash your private parts at children, and you don't get to do that same thing through a screen either. Being over the internet, again, does not change what's happening. Things being terrible since the dawn of the internet because laws not catching up to tech, doesn't make those terrible things acceptable.
> So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place
I don't disagree that this is coming from the wrong place, at least in the US. But the only reason we're talking about it is because the problem it is solving is very real and extremely pressing. It has widespread societal support. As I keep mentioning on HN, there are privacy preserving ways that don't involve 3rd parties or the government tracking what sites you visit. But we're not having that discussion, we're letting Meta and Elon musk solve the problem and destroy what little is left of the good side of the internet. Law makers are not being presented with alternatives. I demand my lawmakers solve this problem one way or the other! it is not ok, if I can stop one vicitm of sex trafficking, one victim of pedos, one person from forming an unhealthy sexual mindset and runing their lives (see all the "looksmaxing" people now for example), it's worth it. I wish I won't have go give up my privacy and what little I cherish about the internet, but I am fine doing only work on a computer and going back to the pre-internet way of doing things if that is the price. But there is no need for that, there is a way everyone arguing in good-faith wins. We can pay anonymously with crypto, and authenticate with fido2/yubikey just fine, homomorphic encryption exists, EMV payment cards already implement a challenge-response authentication, the tech is there to solve this and a whole lot of other things but we're letting Meta solve it with a 3rd party id verification system that involves passports and id cards, and facial recognition, and surveillance instead.
> Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is.
Harmful content, not merely inappropriate. You can't reasonably prevent access to an internet connected device. To say that parents should do something but not anyone else silly, both parties have a responsibility. if someone interacts with you, you are responsible for how you respond. And it isn't only children, same applies with those that are mentally incapacitated (we just use "but the kids" because it's easier to make the same point). The problem is there, your response being "we shouldn't solve it" is only letting those with bad intentions solve it in a way that benefits their evil intent.
Lastly, don't believe in any movement, the whole idea that you have to be for or against a thing wholesale is severe epidemic. Things get worse and worse because of it. Democracy is dying because of this as well. Find the courage and endurance to keep asking critical questions, keep debating, keep convincing your peers of not just this but so many other topics. Either we are governed by those who appeal to our emotions, or by those who appeal to our reason.
But parents should be penalized/inconvenienced if they can't control their children, not the store/website.
In some states, bounty hunters can find violators of various laws and bring them to the state in exchange for money. Allowing bountry hunters to be on the lookout for underagers trying to enter stores and report them could be a profitable endeavor for both the bounty hunters and the state, providing a market-based incentive to protecting children.
Stores/websites should only be penalized if they are specifically targeting and inviting children to enter.
Certainly there are some types of stores that are very safe for children to enter. So, the exception should be structured like this: "Stores that only sell these items mean that parents will not be fined if children enter it unaccompanied." Additional conditions could be attached, e.g. "a safe store shall verify the ID of anyone purchasing alcohol." And maybe other benefits can be attached to being a "safe" store, like tax incentives, etc. If the store violates that condition, then it should pay a fine or lose any other benefits of being considered a "safe" store. But a business should have a right not to be a "safe store" and the duty to prevent children from entering those should 100% fall on the parents.
But in real life, if you sell cigarettes to a 5 year old, you'll probably go to prison.
Isn't a reasonable approach to the internet, to have a protocol by which individuals can prove they have a state issued identity that proves they are above a certain age, and nothing more than that to the website? That way the website doesn't need to check anything other than presence of a cryptographic identifier and validate it. And parents as you noted are responsible, but only to make sure their state issued cryptographic secrets can't be used by their children. it could be as simple as having an NFC capable state issued IDs that can do a challenge-response with the browser/os. We already sort of do this with EMV payment cards. Websites have to validate a payment card is authentic by asking for the CVV code for example.
Age verification has always existed in the physical world, such as at bars and casinos. I just dont see why the internet should be immune to real world rules we decided upon for good reason.
This has nothing to do with parenting. It's surveillance. They failed to do it through child porn argument. They are doing it through 'social media is harmful for children' argument. People did not bite on the former. They ate up the latter out of hate for social media platforms.
I don't believe children should be on social media. Some other people might not share that belief. Should be up to parents to decide what's okay for their kids, not governments or companies.
Age verification will always lead to more surveillance. People need to just be more mindful of what their children are doing online, maybe stop giving them smartphones, and just be parents.
I don’t think social media is intrinsically bad, just the toxic popular social medias. Did kids in the 1990s with access to internet forums have stunted social development?
Because the patterns of consumption and harm are very different. It's the constancy and immediacy of social media that makes up the major part of its harm. It's not something where a 15 minute smoke break or a weekend binge is the main mode of consumption and harm. So the parents have a lot more opportunity and power to handle it if they give it reasonable time and attention.
I think you’re missing that this abdication of personal freedoms to the government in the form of government imposed restrictions on cigarette and alcohol sales is precisely how we’ve gotten to this point over time; arguably following a planned strategy. People who normalized prior subordination to government in the case like cigarettes, alcohol and other things; are now already even more primed to abdicate even more freedom to mommy and daddy government than the prior generation.
It seems clear to me that America is heading into an extremely repressive system where even the nominal use of America may just end up falling by the wayside within the lifetimes of some people alive today. Functionally speaking the, notional or spiritual death of America happened a very long time ago, probably 1840 but obviously no later than the outcome of the Civil War which turned a decentralized union of federated states that formed a republic, into a centralized dictatorial federal power and later the groundwork for becoming the empire we are only 55-80 years after the Civil War, depending on how you want to look at it.
I think people forget that there would have been people who experienced the Civil War that destroyed the central premise of the Constitution, that sovereign states join in a Union to cooperate, and the formation of the Empire of America by no later than the end of WWII.
Those things never happen abruptly, they happen in following a long strategic plan based on objectives not timelines. Part of such a plan is causing ever increasing dependence, deference, and subjugation to government, which is really just someone else’s control over you, the people who make up the “government”, instead of your own control over you. Part of that is giving the impression that money and daddy government will take care of the children, as a tool to psychologically manipulate people by hijacking their instinctual care and concern for protecting children.
It’s why and how they’re more pushing age verification, not ban for minors with similar criminal penalties for anyone who allows minors on the internet/social media. No, you as an adult need to confirm and tie your identity to the digital fingerprint that is tied to all the data that was and is collected about your activity over the last 20+ years … to protect the children of course.
It’s why some people refer to the majority of humans as cattle. You just have to herd them around and they moo and then start fattening up on corn instead of grass, just like the last generation did before they were harvested.
We don't let kids turn up to school drunk because they went to the cornershop on the way to school. I guarantee that would be happening if alcohol sales were not age gated and enforced by the government.
In the same way kids should not be infecting their minds with social media slop, or porn, or plenty of other internet content.
The only way this is stopped is when a social norm is created which shames all but the most negligent parents into compliance.
At the moment the absent and bad parents have all the power. Their kids scroll all night for memes, injest YouTube brainrot and turn up at school disruptive. Kids with responsible parents either want to that as well, or can't escape it.
Surveillance from age gates is a red herring. That horse bolted long ago. You are surveilled already by tech bros when voluntarily logging in, or by making yourself stand out a mile by using a VPN and a uncommon browser setup. This data gets handed to your government on request.
Having an anonymous VPN won't stop the tech bros or an authoritarian government forming, or bring one down.
People taking part in their existing democracy and maintaining the foundation of that is the best course of action. Raising a generation of kids not addicted to internet brainrot is a key part of this.
So maybe there should be better education for parents. Maybe there's other solutions. I can't accept that the nanny state parenting our children for us is the way to go. If people are being negligent of keeping their children safe, maybe they should face consequences for that. The point is, the parents should be solely responsible for deciding what's appropriate for their children, and if they don't have the resources maybe that's something that should be addressed, or if they're not doing their job that should be addressed, but age verification just ain't it.
That's contradictory logic. If you have to parent your children a certain way or else the state will take them away, then you aren't solely responsible, and the state is a nanny state.
Why isn't there a simple solution in the software world that's functionally equivalent to flashing your ID at the liquor store? They get the verification they need with no permanent record of your PII.
This can't be that hard. Can't I get an electronic certificate/flag verified by a trusted third party using my ID, where this cert retains no PII? This is what I come up with after not thinking very hard about the problem, and I can't be alone.
Maybe its naive to think that harvesting PII isn't the point.
In theory, sure, an identity verifier could issue you you a bunch of single use JWTs signed by them that contain `{"over18":"true", "nonce": 12748583..., "iss": "<issuerurl>"}`, signed by their key. A relying party just needs to know the public keys of all the issuers they trust, and can consume this JWT, verify it, and never learn anything about your IRL identity.
The important things are that they must issue a bunch at once. (Otherwise, correlating who you are becomes easy). They must keep no record tying nonce or the full JWT to an individual identity. Something user local or otherwise trustworthy (not keeping logs), needs to hold on to these, and send them out as needed, being very very careful never to reuse one (as that would enable cross site tracking). Lastly a relying party must be required to trust many issuers, not just those they are colluding with track users across sites with this.
The European Commission actually proposed pretty much exactly this system, also with a variation where instead of revealing the signed token, a ZSNARK proof (that you possess a validly signed token with the over18 attribute from a specific issuer) could be given to the relying party instead (to make it impossible for issuer and relying party to collude to release your identity). Many people here seemed to not like it.
That's what was in the California bill that we all complained about until Linux got an exemption. We called it an age verification bill even though it has nothing to do with age verification, and was all about making sure every OS has a parental controls feature.
Also, imagine being able to filter posts by the age of the writer. I think it would be interesting to be able to compare the responses to a post by age.
Or to just filter everything by age, and view HN as anything from AI Hype Club to Graybeard's Tavern.
If nothing else, it would get rid of all the bots and AI nonsense.
> More and more people agree that kids shouldn’t be on modern social media, including me.
Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do? You and the "more and more" people who agree with you are cordially invited to fuck off.
> The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
The solution is for you to get over your bullshit, not to chase impossible pipe dreams.
Growing up I remember all the ads about avoiding narcotics talking about getting hooked on free samples and then going to jail for theft and/or possession. The people behind that propaganda didn't know drugs do cost money, dealers being dorky teens and twenty-somethings who are about as dangerous as a butterfly. But this propaganda also illustrates how some elements aren't very bright. The internet age with free email, free social media, etc. got everyone hooked and now Zuckerberg, et al. are giving doe-eyed, hat-in-hand, and crying poverty. If people were wise to those PSAs, past and present, they'd see how the loyal opposition has been playing with their cards face-up on the table under the guise of good intentions. Much like the pedophile scare during the teens, pun unintended, with Comet Ping Pong and then come 2024 it's revealed Epstein and his cadre of deviant cronies were doing it all along while deflecting poorly to innocent parties. Goodness knows what else is still right in front of our noses but their reality hasn't come to fruition in the zeitgest.
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
Do you have personal experience with going to high school parties and drug dealers being there trying to get you hooked on drugs? I ask because the scenario you're presenting here sounds like something out of a movie or TV show, and not real life.
You understood the opposite of what I wrote. Read the comment again, it's not about being hooked on drugs at all. It's about having them on the hook for blackmail.
And yes: Taking drugs or hanging out with people who take drugs is enough "kompromat" for a teen to then be extorted by drug dealers, because they don't want their parents to know.
Especially in countries where the law looks very lightly on extortion, looks very favourably on "young offenders", and is very lacking in empathy for young victims.
Not to mention: Do you think a 15 or 16 year old wants to go to the police and tell them that they are being used by drug dealers, when the first thing the police is going to do is also book the teen for drug use?
Drug dealing aren't just Mexican cartels or hood gangs, it's a network with branches into everywhere, and they need a constant supply of victims. Read some court proceedings from low-level drug cases, and you'll see how these criminals operate. It's not like TV.
ZKP is definitely a good idea, definitely more open for this kind of age verification than anything else.
And I don't buy the argument of "closing internet", social networks are a proprietary service and if you don't want to obey with the regulations, create your own website and post things there if you want. However you have to provide your identity to the domain name registry or to the intermediary. Also other services require you to verify your age or even provide your identity, this is just another one that comes way too late.
It is closing Internet. The same companies that produced the ills of social media are now pushing for a non-remedy (that doesn't prevent kids, and doesn't solve the problems they created) that only benefit them and not society. It's just like tobacco: it's toxic and probably overall should be banned because it does not benefit society (or anybody except tobacco executives). Do we make a mandatory nation-wide electronic log of whoever buys tobacco in the name of age verification?
Our ancestors here in France literally fought the nazis so you don't have to have a nazi-approved « Ausweis » to go wherever suits you. We would be well inspired to follow their example.
I hope [semi-]decentralized applications like Hyphanet and Matrix take off with teens as the lockdowns ensue, because they will grow into adults with the same cyber/cipherpunk mentality we '80s & '90s kids grew up with.
Rule 1 of The Internet hasn't changed, it's: never put your real info into the boxes. Never!
If (big if) governments really wanted to help parents and children in any meaningful way, they would ban the actual hardware used to give constant access to these platforms.
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
You mean the EU's fake snake oil zero-knowledge approach.
They've standardized two systems under the banner of "zero knowledge". One is actually zero knowledge. The other is trust-me snake oil. Guess which one is getting deployment.
> While the rest of the world is moving forward with identity verification plans, the EU has presented its own privacy-focused approach to age verification. In April 2026, Ursula von der Leyen, President of the European Commission, unveiled an age verification app with “the highest privacy standards in the world” and the presentation materials describe the app as “completely anonymous.”
I’m just afraid that membership countries will be too dumb to understand the difference, and for the population worldwide to be able to comprehend that it’s even possible. To be honest, ZK crypto is one hell of a party trick. Compared to tech where the premise is “we put a picture of your passport in a box, and when people want to know, we look and confirm.”
Isn't age verification actually a good thing? If you want a free internet, you don't let your kids browse these websites. Otherwise, it allows you to make sure they aren't watching "hurtful" content.
No, forcing everyone to verify their age is a terrible thing. That's not the same thing as keeping kids away from potentially harmful websites or people. That is positive, but it's awfully weird to enforce it by doing this terrible thing that hurts the open Internet when almost every single kid on the Internet is using a device and Internet connection provided by their guardian. Seems like we could figure something out that doesn't literally require every website to process your identification and completely destroy anonymity.
Idk why people are so obsessed with this issue. Having to verify your age to access adult content seems completely reasonable. If you go into a grocery store and you bought a carrot you dont have to show age verification. if you also buy a beer you do.
Why is everyone so opposed to the internet working this way?
You are suggesting it's simply a matter of adults verifying their ages to access adult content. But it isn't! We're being asked to either scan our faces or provide our government IDs, to access basic online interactivity we already have, on the likes of Discord and Playstation Network, in an effort that is rolling out slowly worldwide. No need for porn or sex at all. These things aren't even required by governments yet. Companies are so eager, they're jumping ahead of schedule.
But would I scan my face to be able to watch porn? Of course not, that's insane. This isn't real life where someone can take a look and go "sure he looks 18" and do no real verification at all. This is the Internet. I'm not going to send a live stream of my face to some company, and by the way we have some real true five star companies stepping up to the plate to provide verification services, and have it literally be associated with my intention to download porn. Firstly, why would I want the site operators to even have any more information about me than necessary? Aren't sex stores awkward enough as it is? Secondly, it's the Internet, as soon as that information leaves my computer "encrypted in transit" I may as well treat it as potentially compromised already.
(Though just to be clear, real life is getting spookier too. With Flock cameras popping up everywhere, we can celebrate the death of privacy IRL while we celebrate it online, too! I am aware that certain countries killed privacy much earlier than others, no need to point it out.)
The long and short of it is that people will (and largely already have) just stop browsing porn sites when invasive "age" (often actually government ID) verification is required, which I reckon is the primary intent here. It seems to dovetail nicely with the other obvious PR campaigns against adult content, porn and sex work in the past decade. They've worked quite hard to try to make people forget "the internet is for porn" era.
What's crazier is there was Less age verification than what is being proposed right now back when people phoned in to order a VHS using your credit card. Remember when credit cards were a godsend for the adult industry? The funny thing is that now, you're lucky if you can use your credit card at all for porn, thanks to the anti porn movement that happens to coalesce suspiciously closely to this movement. And in some cases, it seems that merely providing a credit card is no longer seen as sufficient evidence of adulthood. True, you could just steal your parent's credit card... Just like you could 30 years ago. Or just like how you can get a fake ID. Does that mean we should treat everyone trying to buy adult content as if they may have stolen their parents credit card by default?
2. Because I am an adult.
Most of us are. Almost 80% of us are over the age of 18, at least going by U.S. demographics.
And, we're under 18 for less than around 22% of our lives.
The Internet is not some international daycare program. It is an interconnected network of computers. The connections are managed by adults. It's true that there's always workarounds like free Wi-Fi hotspots, but by and large to be online is to be connected to an Internet plan managed by an adult. That means we already should be able to prevent children from having unfettered access to harmful content with basically no modifications to how the internet itself works.
We've had the ability to do this for almost as long as the Internet existed, and Windows 2000 shipped with a fairly comprehensive system using PICS rules from third parties like RSACi. This system didn't require adults to monitor everything their children did 24/7, and it didn't require adults to constantly scan their face or provide their government ID to sketchy third parties to access chat functionality.
Nobody used it of course, because parents didn't actually give a shit in that era. I'd know, I grew up and had plenty of access to adult content long before turning 18. I am not suggesting this is necessarily ideal, but it also isn't this weird cataclysmic issue that it suddenly became literally like a year ago or so. The internet has worked this way since its inception and somehow only just now is everyone in a panicked frenzy. Now I hate to be dismissive, but that's a load of USDA Grade-A Horse Shit.
So I am wholly against kneecapping the concept of unfettered private communication on the internet because we can't get the parents of 20% of people to do their job for the first 20% of said people's lives.
--
This whole thing stinks rank to me. I get that big tech companies and social media platforms have not given parents very good tools to manage what their kids can see and do on the Internet, but everyone acts as if this is just Machiavellian evil as they twirl their mustaches and laugh. Don't get me wrong, I fully believe that they knowingly make money off of providing inappropriate content to children. The only problem is that a lot of those children's parents knew that too and simply didn't care. And now, instead of just finally making parental control work, something we've certainly had the technology to do since the 90s, we're going to institute mandatory ID laws for all unfettered communication. Hurray. Blast confetti in the street for this victory against evil.
But to me I look at this "activism" and debate in favor of online ID laws and all I can see are anti-abortion protestors at my local clinic.
(I wrote this as if I am an avid porn consumer, because writing it any other way felt cowardly. But that said, I am not. My true passion is Internet privacy, and if I have to go to bat for Internet porn to help that cause it is no problem for me.)
I warned people about 4 years ago that this would happen. Checking people's IDs online for accessing certain kinds of porn on telegram and Discord is much more popular than you would have thought.
I told these admins this was immensely irresponsible. They said they just didn't want to get sued by an angry parent whose child joined some porn group. I was mocked endlessly. Now this. I'm not surprised.
>and that you can no longer post anonymously on social media. You cannot be certain that your criticism of the government will not be followed up by the authorities.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
> did you think fifteen different three letter agencies weren't already watching you?
I think there was a reasonable expectation of anonymity, at least relative to other users. In the past you could access facebook with a VPN/proxy (and for a brief time, even tor) and use any name you wanted. But with forced identity verification you lose that little bit of anonymity.
Also, if the government arrests you for making a post, the issue is them arresting you, not your post not being anonymous.
Like, criticizing the government shouldnt just be possible because you can hide behind a fake name. It should be legal with your face name and address attached to it as well
> consequence of introducing identity verification is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media.
on which major social media networks can you post anonymously today? HN is a rare bird in that regard.
None of the social media networks my teens are bugging me to sign up for (IG, TT, Snapchat, etc.) have anonymous registration.
Interesting that no one is talking about identity verification likely coming anyway. I’m working on clawchrome.com, a real browser for agents. It can access any website because it’s the real browser.
I sure hope agents don’t swarm social media. But at the same time I think identity verification companies have a tougher problem, ai can produce real looking videos and documents. There’s probably no real way to verify someone purely through the internet at this point.
There are many usecases for agents having access to a real browser and many usecases for humans where work wise it's useful or for agent success in completing the task. Including any specific situations where sites may block "controlled" browsers, as well as co-working.
If an agent is controlling your own browser, it can get in the way of you being able to do work as well.
Additional security control, if you have control and audit trails regarding what the agent is doing, think things like not having access to the keys, cookies are unavailable through the api, certain sites blocked, especially for agents that run automated background tasks.
There's a ton of reasons really. Using stealth chromium forks can decrease security, potentially get you blocked from services/sites, and typically can be detected easily because Google is doing a lot more than just compiling Chromium to release Google Chrome now. That's why many of the stealth browsers out there are moving targets, and have tons of instances of being blocked.
So, if I as a website author would like to block the LLMs scarping my content or putting extra load and cost on my infrastructure, your project helps the actors who don't respect my decision and don't give a shit about consent to circumvent that?
Hi 30 minute old account. Whats crazy is that you think you just made some sort of point.
Like what I was driving at here was that Smartphones are not the only possible platform you would need to withhold from kids to get the desired outcome.
And its also silly to think that these controls aren't serving the interests of the very degenerates you claim to hate. Why are you in complete thrall to them, making burner accounts to stick up for them, I do not know.
I agree with @protocolture (Robotech... nice). I will be handing GrapheneOS phones, Qubes OS laptops, and Mullvad subscriptions to my [future] kids and teaching them how the world really works and how to stay safe. I will teach them how to torrent, and how to sysadmin like it was reading and writing. I will teach them to treat the internet like a real life spy vs spy battlezone, basically always falsify and poison as much as possible, the vital information about one's self. I will teach them to hate both Apple and Microsoft, and the reasons why they should hate them.
What I won't do is lock them down, like so much of this comment section is in support of doing. I am disgusted by the death of the cyberpunk ethos from the turn of the millennium.
Yeah pretty much where I am going to have to go with my kid.
I had a job interview at a school ages ago, and while I didnt expect to take it I still asked. How much of your security risk comes from inside the student population, and how much is external. And they said, 100% external. The students hadnt so much as knocked on a port in 10 years. And that horrified me. School as I see it, is a safe place to learn opsec, and you learn opsec by failing. Either that or these kids have the network completely pwned but I didnt get that feeling.
My kiddo will have a desktop soonishly and very much is getting an education in good opsec.
IMO it's the end of the end of a free Internet. Toxic social media traffic, spam bots, hackers, and AI have taken over the majority of internet traffic a long time ago, thus the beginning of the end passed by as we slept.
“Introducing age verification is based on the state being able to force social media companies to verify their users’ identities”
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
> Nobody forced them to use their real names and post countless pictures of their faces alongside
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
cool to see the eu pushing on the zkp approach. that was my first instinct when i read about this. add a zkp header to http with optional upgrading to "adult" content and it's done.
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
It's going to come soon. Very soon. I mean they have started in the physical world by regulating 3d printers and cnc machines to submit what they are making to an AI to make sure they are not making gun parts.
This is why you don't rely on AI too much. An LLM may be able to decide what you can do if you run it via OpenAI or Anthropic's servers, but a text editor and your programming language of choice just does what it's asked to.
Alternatively, open source community software run by folks in a country that doesn't have any age verification laws/don't care less about them.
Just run it locally. On your laptop that now needs 128GB of memory and costs $4500. Oh and your AI chip is out of date in a year, and can't run the latest shit.
There is no bona fide desire to solve the problem by the social media companies which are profiting from our kids. As a parent, I can never find the option to enable parental controls on apps like YouTube (especially on TV). This option is easy enough to implement locally without requiring any accounts or OS-level age support. However, clearly the goal is not to protect the children but to enable mass scale surveillance and profit from it.
Even when I manage to enable parental controls by using a dedicated app or account (what nonsense is it that I need to create an account to restrict access!!!) the content being served is dubiously appropriate for the age group, aside from having no value whatsoever other than the intended goal of perpetuating addiction.
"Will the police stop and search people on the street looking for unauthorized phones? Prison sentences for buying a non-state computer on the black market? Charges of organized crime for smuggling in containers of open-source software on USB sticks?"
Come on, do people seriously believe this will happen?
Of course. Anyone who has even a little life experience knows that children, even more so, teenagers, will circumvent these measures, so they will fail at scale.
But what won't fail is the obligation to provide your id to 'verification providers', who are obligated to provide it to websites, all of which are obligated to hand over your identity to the authorities the moment they ask - the verification provider included.
So it's just mass surveillance, finally sold to the public through 'think of the children!'.
i think in most cases sites like HN for example would be exempt due to not having enough users.
The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.
When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.
A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.
Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.
You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.
Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.
Age verification is a project 2025 backdoor to ban porn, and also a way for Meta and others to advertise much more aggressively without violating age restrictions, and also a mass surveillance opportunity for the government. It is definitely not for the children or anyone’s safety. It threatens the most basic civil rights we have like free speech. The fact that so many people blindly support it is really depressing and disturbing.
Social media (et al) already know each user's age.
They could "protect the children" at will. They simply choose not to.
Why this kabuki?
"Yes, please, regulate us" while making any formal regulation moot?
Directing attention away from the bot plague?
Pushing age verification to protect their algorithmic hate machines?
Monkey motion to avoid talking about true privacy? (Specifically, all data encrypted *at rest* using translucent database strategies.)
In conclusion, I can't treat these age verification proposals as good faith efforts while the core rot of the social medias remain unmitigated.
I think the solution would be to make the business model of surveillance capitalism unfeasible. If algorithmic social media would be prohibited from offering their services for free, it would solve most of the problems the age verification laws are trying to achieve. Kids would basically disappear if their parents are not paying for them. Most parents would disappear too in fact, which would be good for everyone's mental health. And it wouldn't remove choice. You can still choose to use use Facebook or TikTok, if you subscribe and pay. It would basically act like a slop tax.
I've said this before and I'll say it again. Just like radio was the wild west back when it first started, the internet is so today and eventually it will be licensed and regulated in the same way.
Mullvad VPN is great. Mullvad Browser is a great balance for preventing fingerprinting and also usability vs the Tor Browser. Most browsers I've found, even ones with claimed fingerprinting protections, are easily traced by fingerprint.com and other tests. Mullvad beats it.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
Social media itself was the beginning of the end. Once we largely replaced a decentralized networks of blogs and websites with 4 giant sites containing content copied from the other 3 the jig was up. Many of the social media sites don't play nice with search engines and include features that auto-delete content or block linking to other websites as well.
I hate it and I hate that this is what became popular instead of what the internet was in its heyday. It's sad to see.
Honestly, I'm kind of glad this is happening. Online is a bottomless well of libertarians and anarchists and Blueskiers and QAnons. It was always a neckbeard paradise.
It's not just kids it's bad for. Too many people don't have the agency or social/emotional insight to take care of themselves.
Whilst getting excited about 'loss of freedom' the reason these companies are getting forced into this is because they've become so large, fundamentally evil and untrustworthy that we can't regulate them in to doing better so we have to ban susceptible citizens from consuming their output. See tobacco, alcohol, porn, cannabis, driving licences for other examples. /s
This won't down the bot population. There are hundreds of millions of people in poverty who have this digital identity issued by their government that is mostly worthless to them. They'll sell it for $50, and there will be a bot running around with their name.
First of all, having to buy each account for $50 instead of spinning up thousands for free would shut down most botnets as the economics would no longer work. Second, the move toward identity verification will eventually make even selling accounts like this impossible. You can only sell your identity once.
I stand by what I originally said, though I admit it was a bit inflammatory. Everyone wants to have their cake and eat it too. Social/mass media is being used to disrupt western democracies. This is not the future we all wanted for the internet, but humans ruin literally everything. So we have to deal with reality here, meaning identity verification will become a non-negotiable. The masses may rail against it, but it's necessary and inevitable.
>First of all, having to buy each account for $50 instead of spinning up thousands for free would shut
Would cost them chump change. You've added an operating expense. When bot farms have giant walls of smartphones bolted into specially-designed rigs, that means they're already used to operating costs that are non-trivial.
>Second, the move toward identity verification will eventually make even selling accounts like this impossible.
How do you figure that? Even if some scheme is invented where a person can verify that it's them, that will be part of the sale. They will make it possible for the third party to do the verification too. If you've got some genius scheme though where that is impossible, I'd love to hear it. Something that only the person themselves can do, and others can't impersonate them even with permission.
Theoretically it limits supply. Pragmatically, it limits supply to whatever fraction of the world's poorest 4 billion people are easy enough to cut a deal with. In other words, "still sufficient to cause the same sorts of misery as identity-less bots already cause".
Good arguments there, and for once addressing privacy-preserving age verification.
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
Age verification literally already exists in a way that doesn't require orwellian centralized control. The <meta rating> tag has existed for decades. If you want to restrict access force websites to apply these tags, then use a browser that obeys them. Parents control what their kids access, mostly, like it's been since forever.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
> Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
You (and many others) frame it as "the government versus the people". I think this is extremely naive.
Many, many, many parents are in favour of preventing social media access to kid, assuming it is done in a reasonable way. For instance, having a police officer follow every kid everywhere they go 24/7 is not a reasonable way, and everybody agrees on that. Now what if there was a reasonable way?
Ask yourself this: do you believe that privacy-preserving age verification is not a reasonable way, or do you know it? In order to know it, you have to understand how the cryptography works at some reasonable level. Do you? Most comments I read online come from people who believe and then repeat arguments they have read that confirm their beliefs.
I was noting that the Mullvad article actually addresses ZKP (which is good and a very rare thing), but that I found it was a bit evasive in a way that feels slightly manipulative to me (probably not on purpose).
> Many people genuinely want to find a solution that is better for the children
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
Not all children have active parents. I do not believe those children deserve to be taken advantage of or hurt simply because they happen to have bad parents.
The "laziness" argument doesnt work if the people being lazy (parents) are not the people being hurt (children)
That's the thing: it's not trivial to know what is possible and what is not. If you look at the messages in HN, many (most?) messages about privacy-preserving age verification are (at least partially) wrong. Tech-savvy people clearly do not understand the technology in details, and somehow they assume that normies do understand and are simply fascists or lazy.
It is my opinion that telling a normal person that they are a bad parent (or a fascist) because you disagree with them is probably not the best way to convince them.
I believe in democracy, which means that I don't call everyone disagreeing with me a fascist. In a democracy, if most of the population wants privacy-preserving age verification and I don't, then I am in the minority and must accept it. My role as a tech-savvy person is to help "normies" understand what it implies. Again, not to tell them that they must be fascists if they disagree with me.
There is a solution, it is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech. more consumer rights, in other words - that’s why this solution comes off as authoritarian, because there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
> there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
If you think that privacy-preserving age verification is the most authoritarian way to tackle this problem, then you really, really don't understand authoritarianism.
Now if you have tons of better and practical solutions to tackle this problem, I would suggest you start writing about them. I haven't read a lot about those solutions (other than "just ask someone who is not me to do it"), what I hear is mostly people yelling that only bad parents and fascists disagree with them.
I did. the burden isn’t on me to explain it to you, comrade. maybe you could start by actually addressing what I wrote. Or are you now expecting me to draft up a legislation draft before you’ll address my post? These types are always the same.
> [the solution] is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech
Pretty sure it has been tried in some countries, and the solution that those companies were happy to implement was... identity verification. There was a drama about Discord doing this, recently.
> Or are you now expecting me to draft up a legislation draft
Not at all. Just give me the name of a viable solution, so that I can search for it. It doesn't take a full day to write something like "privacy-preserving age verification", does it? I can't easily search for "JohnMakin says there are many good solutions, which ones are they?".
Why should you be able to traverse the internet anonymously? You cannot traverse real life society with the same expectations. Majority of the people traversing anonymously are doing so because they are routine troublemakers and do not want to bare consequences for their malicious actions. The ones fighting for this complete anonymity but not doing crime are naively just sweeping for bad actors.
One of the things that I liked about the old, text-based internet was the anonymity it provided. I particularly liked being able to engage in discussions about things that interested me without being sexualized, since nobody needed to know I was a teenage girl. No creepy messages, no looks up and down, no having to figure out ways to turn someone twice my age down without worrying if they'd react dangerously, no having to leave because someone more integral to the group was a creep and nobody would accept it if I spoke up, no worrying about my small statue making me a target for physical intimidation, etc.
(Now I am old, so it's different.)
It was very freeing to be able to talk about my interests (e.g. space, web development, and video game modding) without being subjected to the bullshit that people brought to the table if they saw me.
Same goes for the internet though. Privacy controls would be at a government level. All that we need is a way to actually hold someone accountable for their actions on the internet. Websites dont need to see who the actual person is.
Not sure what you mean. I am totally against surveillance capitalism and TooBigTech. I am in favour of end-to-end encryption and privacy-preserving tech.
I shouldn't have to show an ID to buy a newspaper or to load the website of a newspaper. On the other end of the spectrum, I should not be allowed to buy a gun without showing an ID (and all sorts of other constraints).
Somewhere in the middle, I understand that we don't want to expose 8 year old kids to pornography, but I don't think that one has to wait to be 18 or 21 to be allowed to access it. Same for social media. Where and how exactly we set the limit is a societal choice to make.
I also believe that "living in a democracy" doesn't mean that "everybody agrees with me, always". Many times I am in the minority. What matters is that people are informed. Telling them that if they disagree with you they are either bad parents or fascists isn't constructive, IMHO.
Parents need to either control the internet, or control their children’s devices and screentime. The latter sounds like the obvious option, except that Google wants every second grader to have a school-mismanaged chromebook and Google wants to mediate control of the internet, and by pushing parents to the former they win on both fronts.
My point was that having the state regulate stuff is not always a bad idea.
The problem for many parents is that all the other kids have it. It's not always easy to develop a relationship with your kid to convince them that they don't need to conform and have friends.
So I can imagine that many parent would be relieved if access to social media was slightly more complicated, such that maybe it would be more normal to not have access to social media.
We've encountered this with things like Minecraft and Roblox and had conversations and suggested alternatives to it. It hasn't proven to be an issue, but I'm holding out hope that these platforms continue to collapse as our kids get older.
Yes, because children deserve to simultaneously not be under constant surveillance by their parents but still be protected from bad actors. Hence we should collectively, as a society, protect them.
What about this: go ask parents why they allowed their kid to get a smartphone and access to social media, and only then decide whether they are morons, fascists or just bad parents?
I have a simple example: when all the kids have a smartphone, it is very hard to tell your kid that they cannot have one. When all the kids have a shared culture built around social media, it is very hard to tell yours to not conform. "It's okay my son, you don't need friends. Anyway the parents of all those kids are bad parents".
I don't have children, but it doesn't sound completely weird that parents may say "we should prevent most kids from accessing social media, so that my kid wouldn't be the weirdo if I don't let them have access".
In many school districts, unless you can afford private school or homeschooling its hard to tell a kid they can't have an iPhone, but impossible to tell them they can't have an iPad- at age six!
> I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship".
It is worth recalling that "authoritarian" is a relatively neutral label for a political philosophy (like "liberal", "democrat", "capitalist" or "socialist"). It isn't that people are name calling, it is that authoritarian policies - like this one - consistently cause more harm than good. The label is basically a slur at this point because the disasters that the authoritarians trigger often veer into being massive and appalling spectacles. People tend not to be very evidence-based, so the people who lean authoritarian tend to try and rebrand to avoid being tarred with their philosophy's consistent failures, but it is still authoritarianism.
But the productive path forward isn't to try and be nice to the authoritarians and accommodate them with the rebranding. It is to adopt liberal policies. Like letting people read and comment anonymously on the internet.
I appreciate the comment, but I feel like you miss my point in a way that is (not purposely) manipulative, again.
I don't think that we would call "authoritarian" someone who would ask for, say, guns control. Or at least we wouldn't call "authoritarian" someone who is in favour of having more than 0 law, would we?
You are being manipulative by saying "If you want a law that I don't want, then you are an authoritarian. I mean no offence, it is just what you are". But reality is a lot more nuanced than that.
The vast majority of people who are in favour of age verification are not authoritarians. They really just consider "should kids have access to social media? Not until they are old enough". Whether or not it is technically possible is outside their knowledge. And the fact is that for age verification, there are technical solutions that are privacy-preserving (unlike e.g. ChatControl which is fundamentally building surveillance infrastructure).
And even for ChatControl: people who say "I would be in favour of a magic backdoor that would only work for the well-intentioned good guys" wouldn't count as "authoritarians", would they? It just so happens that there is no such thing as a magic backdoor, so they cannot have what they want.
What political philosophies do you think lay claim to these age verification laws?
There are a couple that aren't against it, but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian. Otherwise, you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them. There are alternatives here that are less authoritarian. Policy makers and the people supporting them don't want to use those approaches, because they support taking a more authoritarian approach.
These policies, in practice, are literally authoritarian policy. It isn't the most extreme form of it, but it isn't authoritarianism because I don't like it. I don't like it because, objectively, this is authoritarianism and authoritarianism tends not to work. Otherwise all the research I've seen suggests that kids shouldn't be using social media. If this wasn't likely to take out huge chunks of the healthy political dialog on the way it'd probably be tolerable.
If it is manipulation to point out that this is part of a class of strategies that have a history of horrible failures, then you have a very confused understanding of what manipulation is. This is an absolutely classic authoritarian "we can't just let people talk to each other however they like without the authorities being involved" play.
> but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian
I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
> you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them
How do the social media companies already know? Because they track everything? But if they ban kids, they don't track them anymore, do they? Or are you saying that social media companies should be able to track everybody everywhere, such that they can profile them and ban them from accessing social media?
> I don't like it because, objectively, this is authoritarianism
You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
> I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
The reason people are getting called authoritarian is because ZKP proofs are a massive and obvious improvement on what is actually being implemented. Can you point to anywhere that has implemented ZKPs? The linked article suggests that is quite hard to do.
I wouldn't be using an American IP right know if my local age verification laws required ZKPs.
> How do the social media companies already know?
They ask you your age when people sign up. That's good enough for me - I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
> You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
I haven't seen anyone complaining about that. Sounds like a non-issue. Why would anyone over the age of around 18 care? You should consider reading the linked article if you don't understand what the complaints people are making are. The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
Mullvad isn't writing this blog post because of the huge numbers of 12-16 year olds shelling out cash to them. It is because the authoritarians are making a play to destroy a sizeable chunk of the open web with a likely follow up of cracking down on free speech.
> The linked article suggests that is quite hard to do.
It's technical, just like getting E2EE right. Doesn't mean it's hard to use, as proven by the fact that billions of people use E2EE in WhatsApp and Signal without even realising it.
> I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
You seem to have a Manichaean view of the world. There is room for nuance between "let kids lie by clicking 'yes'" and identity verification.
> You should consider reading the linked article
Did you read it? There is a whole section that is titled "The Zero-Knowledge Proof alternative and the EU".
> The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification, and they criticise the infrastructure enabling identity verification. And then some more "slippery slope" arguments that are worth what they are worth (with the same kind of reasoning, we shouldn't have gun control, because the next step is to control everything, right?).
> Mullvad isn't writing this blog post because
Mullvad sells some kind of privacy (as much as a VPN can offer), and here they share their opinion about age verification. With which I mostly agree: the only viable age verification implementation is through ZKP. I tend to disagree with the slippery slope argument, and that "the government abuses everything they can". If you think like that, doesn't that make you an anarchist?
You have misunderstood the article. It says, and I quote,
> Right now, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is currently designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model.
So you have failed the test of pointing at somewhere that has implemented ZKP. You can try again if you like.
> I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification,
Again, this is factually wrong. And it is why people are getting labelled as "authoritarian" - they proposed a system that sounded decent, then they actually implemented something else that is a standard authoritarian ID system with a fig leaf for people to pretend they didn't. As was expected, given that this always looked like an ID card play with a false moustache.
> I tend to disagree with the slippery slope argument
They haven't made it up the hill yet, they're already down the slope. the EU implementation doesn't use ZKP. That's a big part of why they're being included as one of the authoritarian forces in this push that people are upset about.
> I am not sure I get the argument of "it's not finished, but I will pretend that it is because it's convenient for me".
> The European Commission has announced that a new age verification app designed to protect children online is ready for deployment. In a recent statement, President of the Commission Ursula von der Leyen, confirmed that the technology is ready and will soon be available for citizens to use.
Am I to pretend and believe the EU Commission or am I to shun their lies and believe you on the subject of whether this age verification app is ready? But maybe Mullvad are wrong here, I dunno. Maybe they have implemented a ZKP scheme. Have they? I'm interested in the details, love me a good ZKP. How does this armed and fully operational app, here and now, today, in this moment, implement a ZKP?
> Switzerland is another one that seems to be going towards a privacy-preserving solution. Is Switzerland known for being an authoritarian country?
I've heard literally 0 complaints about whatever Switzerland might be doing. You'll notice the Mullvad statement doesn't mention them either.
Please read my original comment again. I said Mullvad had good arguments, I just criticised the way ZKP is generally dismissed, including in their article. You then went for your "this is all authoritarian, that's the definition of authoritarianism, etc".
If you want to go back to the origin, sure let's do that. My criticism was really JUST that one could explain privacy-preserving age verification in a constructive way, without always framing it in the manipulative way that implies that it is not technically feasible. And apparently you agree with that.
> I've heard literally 0 complaints about whatever Switzerland might be doing.
Haven't you? I have heard many comments just like yours, implying that "whoever wants to verify the age is an authoritarian".
Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
> There absolutely is you're just not aware of it.
Can you show here that you understand how privacy-preserving age verification works?
I mean the rest of your message really, really sounds like you don't. Don't get me wrong: I do agree that identity verification is bad. But it is not okay to say "I know of a system that is bad, and I don't know the nuances of how it could be implemented in a better way, so I will just assume that there is no better way".
Democracy is not "they" vs "us". Democracy is not "opposition has to be absolute". What you describe here is extremism. If you believe that anyone disagreeing with you is an extremist and that the only viable way to react is to be an extremist yourself, well... you are the extremist. Whether you are fighting extremists or not (this "they" you conveniently do not define) is unclear, though.
Sure but that absolute opposition hasn't, as far I can tell at least, achieved an iota of success. So it's largely a self indulgent merit badge than an actual strategy.
Current policy is victim-blaming: it excludes from social media potential victims (children) but allows perpetrators (convicted csam users).
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
i never read a nat geo where a young girls innocence gets destroyed in 4k ultra hd , either way based on the behaviour of our ruling class it seems likely that the pedophiles are the ones instituting these laws
Back to the internet's peer-to-peer roots. Many protocols besides the www
The www became infested with so-called "tech" companies acting as intermediaries (middlemen)
Lots of folks making money from surveillance ad system on the www. Oversized, unmanageable websites calling themselves "platforms"
The www is an ad network. Not a great place for non-commercial activity
Fortunately, the internet is more than the www. The internet was not created to collect behavioral data and deliver advertising as its primary purpose
People pay for an internet subscription, not a www subscription (or now a "social media subscription")
My instinct is also to retreat to technical solutions. But, unfortunately, it appears we engineers need to fight back in the legal and political domain to stand a chance.
This type of response is one I keep seeing, maybe it's becoming a meme
It doesnt make any sense as an argument because nothing stops one from doing _both_: 1. use a practical solution now and 2. "fight back in the legal and political domain" hoping to achieve another solution in the future
Common sense favors pursuing #1 as the opponent in #2 has "limitless" resources and the process is extremely slow
A cynic might even see advocating #2 at the expense of #1 as a "call to inaction", i.e., "please do nothing", as almost all readers are unlikely to pursue such a difficult and costly "solution"
Framing the two options as either-or, i.e., one or the other but not #1 and not both, encourages readers to give up, accept the status quo and "let others do it", assuming they dont have the ability to pursue #2 themselves
I like to think someone can come along with Jobs-like charisma and redefine the public's intuition for personal computing again. Foundation models with maximally deterministic harnesses, voice assistants with honest, tasteful amounts of roboticism, maybe data tenancy that doesn't make you feel like a surveilled ecosystem prisoner.
NVIDIA local AI builds are moving in that direction, but are wildly expensive. I think a lot of the current AI backlash (esp data-centers) comes from the public's accurate intuition that the current centralized, monopolistic, cloud-centric solution disempowers them, and eats any gains this magical technology would've brought them. Plugging a sliver box into the wall and your router, with no recurring fees; that would make people feel different about "taking our jobs" because they would be the unquestionable beneficiary.
> voice assistants with honest, tasteful amounts of roboticism
Do you mean like, hey chatbot stop trying to be my best friend ?
This marketing tone that every company I do business with cares deeply about me as a person - this corrosive hypocritical nonsense has obviously been sucked up into AI training materials.
So I agree 100%.
I've really enjoyed playing around with https://github.com/markqvist/nomadnet and the reticulum protocol in general as a peer-to-peer alternative to www
That you link to a github is ironic in the worst way possible.
There is nothing ironic in using the current status quo to spread something we hope will replace it. It's called pragmatism.
Where should the code be hosted, then?
It's not the "where" but the "that you link" which is ironic: referring to it by the https:// scheme turns it into a link (a fundamental aspect of www); a scheme like ssh:// or git:// would avoid this.
How about the internet?
On a distributed network where the content is always available, maintaining X amount of copies in an autonomous manner.
We need to evolve the protocols beyond simple HTTP servers.
> The www is an ad network. Not a great place for non-commercial activity
No, hard disagree. The web is great for indie content. Anyone can publish anything, at any time. And there's still plenty of great content out there.
Ads can be blocked, surveillance can be blocked, and social media sites can be avoided.
"No, hard disagree."
OK it's not an ad network
"Ads can be blocked, surveillance can be blocked and social media can be avoided"
Yes, hard agree
But if it's not an ad network then why would anyone need to "block" and "avoid"
It's an ad network
That's why the "blocking" and "avoiding" is necessary
I have to admit, I'm kind of looking forward to what comes after the inevitable death of the www.
I don't think WWW will ever die but I can see a hard split coming eventually. Most people will just put up with the current state of the internet for a long time yet.
Gopher and Usenet died
IRC lives, discord be damned!
Why?
The WWW was at least created with egalitarian ideals, even if it failed to meet those ideals (despite succeeding far more than people want to credit.) It was available to everyone, it ostensibly allowed anyone to publish and communicate freely. It wasn't intended for only a single culture or subculture.
Whatever comes after will either be entirely controlled by corporate and government interests or gatekept against "normies," and thus be a homogeneous cultural bubble doomed to wither into self-referential senescence and die, and will be far less free, less powerful and less capable than the web. We'll never get anything with the transformative potential of the web again.
A world where your only options are GovNet or EliteWhiteHackerDudeSpace. I don't look forward to that at all.
I would rather go back to when the web was useful, and everything wasn't either paywalled or plastered with ads too. The web will never die, but this version of it is on borrowed time.
I2P already exists and is usable.
But is it resistant to enshittification?
It has about the same problems with finding content that the www has, its just in the earlier stages
This has nothing to do with enshittification.
Yes, because it does not depend on a single entity, for-profit or not.
Neither does the normal web. It became this way. The ability to run decentralized is not what is preventing enshittification.
I would argue eg. a LoRa based Reticulum network is enshittification resistant, because of physical bandwidth and range limitations. It enforces decentralization and abuse/advertisement/... inherently doesn't scale, is not worth the effort. It favors authentic, low reach human2human information sharing.
The internet itself is not enshittified. Certain websites and services on it are. Ever heard of HN?
That's no good if broad laws are passed that require age verification. It could be interpreted as even SSHing into a server that doesn't verify your age is illegal. Some decades ago it would have seemed too stupid to actually happen. Now I'm not so sure.
"It could be interpreted as even SSHing into a server that doesn't verify your age is illegal."
If the plan is to provide "social media" to millions of people via SSH then yes one could forsee such an interpretation
These laws are targeting so-called "social media" provided by "Big Tech"
But there are anonymous comments across the web trying to portray this as something else. These comments are hilariously nonsensical
The cause of this legislation is the activity of so-called "Big Tech"
If there is collateral damage to others then that is the fault of "Big Tech". This is the cost of the Silicon Valley "business model"
There is no requirement that the internet be used to create "social media" or something else with large audiences^1 for advertising
Although that may be a Silicon Valley VC requirement
1. For example, the Malaysia legislation sets a threshhold of eight million users. List of SSH servers with over eight million users:
Don't worry. Your government is creating plenty of laws to make to blatantly expensive to run anything that can compete with them.
Why would I want anyone to "compete" with so-called "tech" companies if I believe their "business model" is fundamentally-flawed
The cause of this legislation is the proliferation of that "business model"
Namely, creating large audiences for advertising,^1 data collection and surveillance through intermediation, i.e., acting as a middleman, the opposite of peer-to-peer
"Big Tech" does not compete. It acquires potential competitors. It is sometimes questionable whether the "potential competitors" actually intend to compete as they are more than willing to sell out
1. For example, audiences over 8 million people
Once again American capitalism ruins everything for everyone.
Not only that. The Eu is also implementing 'age verification', at the same time with - surprise - digital id.
It's just an attempt to reverse the free internet and implement total surveillance.
Yeah, I feel as though people have seen the error of creating a free internet and are trying as much as possible to reverse it. It's kind of like how Photoshop (and most software companies honestly) have seen how selling a license in perpetuity does not work and opt for the rent-seeking monthly subscription route.
The age verification with the EU ID card can be implemented without leaking any identifying information. If it's gonna be like that is questionable, but it's technically possible.
For $5 I'll give you an age token from my card.
Yeah but $1.50 Costco hot dogs! I got nothing more on that.
The irony of writing this on this particular board, out of all places.
Without American capitalism you wouldn't have computers, the Internet, smartphones, AI, electric cars and countless other things. That, and the Costco hot dogs mentioned in another reply.
The world would still have them but perhaps not as quickly is the only difference.
"Without American capitalism you wouldn't have computers, the internet, ..."
In fact, the internet was born out of the American military, i.e., government, and American universities, not "American capitalism"
The first time I used this internet, there were rules against using it for commerce
Was 0
https://news.ycombinator.com/threads?id=gunsle
https://news.ycombinator.com/threads?id=matchbok3
But the widespread adoption and cheap client devices are a product of the market economy.
The American military would not exist without the economic freedoms we have.
We don't have any of these so-called 'econonic freedoms'. Anybody can be de-banked at any time.
These "economic freedoms", specifically the actions of so-called "tech" companies with respect to the internet, are the cause of "age verfification" legislation
The original internet had rules against using it for commercial activity
It lacked "economic freedoms"
FWIW I still found it worth using at the time, despite no so-called "tech" companies
It also lacked websites of unmanageable size with hundreds of millions of pages of user-generated content used as bait to lure in ad targets for data collection and surveillance, so-called "platforms" or "social media"
It lacked "age verification" to access those websites because those websites did not exist
There will be at least one HN reply arguing that the original internet sucked, or some other brainless dismissal
As if the internet we have now does not suck. Clearly, it does suck for some people
It is not a lack of "economic freedoms" on the internet that has led to "age verification". It's quite the opposite
Dude, we get it, you’re a super fan but these are some intellectually lazy comments. Our military is powerful, yes, but if you want to make some exceptional claims you need to show your homework demonstrating that kind of claimed huge leap over other economies (China, Russia, Germany, etc.). Be sure to explain how Iran is doing so well for so much less.
Um, where did I mention China or Russia?
Intellectually lazy? What are you even talking about? Stay on topic, you are embarrassing yourself.
There was no advertising on the internet, originally
This was before the www
American capitalism and the American government and its policies are intertwined. You are arguing literally nothing.
"The global Internets progenitor was the Advanced Research Projects Agency Network (ARPANET) financed and encouraged by the U.S. Department of Defense.
In order to understand the wonder that the Internet and various other components of the Net represent, we need to understand why the ARPANET Completion Report ends with the suggestion that the ARPANET is fundamentally connected to and born of computer science rather than of the military.
The Completion Report goes on to differentiate the research ARPA supported from the research done by the computer industry: The computer industry, in the main, still thinks of the computer as an arithmetic engine. Their heritage is reflected even in current designs of their communication systems. They have an economic and psychological commitment to the arithmetic engine model, and it can die only slowly.12 The Completion Report further analyzes this problem by tracing it back to the nations universities: furthermore, it is a view that is still reinforced by most of the nations computer science programs. Even universities, or at least parts of them, are held in the grasp of the arithmetic engine concept.13
Computer networking was developed and spread widely in an environment outside of commercial and profit considerations, an environment that supported such research."
https://www.columbia.edu/~hauben/book-pdf/CHAPTER 7.pdfHN commenters/voters may reject the use of the term "military" in the origin story of the internet
That's fine
However it was American taxpayers, through the _Department of Defense_, that financed the creation of the internet
That's government spending, not "American capitalism"
The original internet was non-commercial and was not the result of "American capitalism"
As above, the American computer industry (capitalism) at the time was not focused on computer networking and using computers for communication, it was focused on computers as "arithmetic engines"
Apologies for the broken URL
https://www.columbia.edu/~hauben/book-pdf/CHAPTER%%207.pdf
https://web.archive.org/web/20260506140344if_/https://www.co...
To act like no private citizens or businesses contributed to the internet because it came out of DARPA is ignorant at best. DARPA literally pays private entities to do research for them to this day. It’s their primary mechanism for action. So confidently ignorant.
Take your Reddit tier America bad slop back to Reddit.
And the WWW is a Swiss invention.
British or European. Inventor was British, working for a European organisation.
The only reason the US Gov had the expertise and resources to fund DARPA in the first place was because it was a massive capitalist country with enormous wealth
Did the USSR have a space program?
Yeah but like didn’t it bankrupt them?
Meanwhile the USA barely blinked at the Space Race spending
Which is very well known for collecting taxes, right? :D
This is not an argument against American capitalism. It is a correction of the false assertion that "without American capitalism there would be no internet"
American capitalism can create ARPA but capitalism did not create the internet
Neither American companies, nor "private citizens" looking to profit, paid for the research into computer networking that resulted in the internet. At that time, there was no commerercial incentive to support such research
"Computer networking was developed and spread widely in an environment _outside_ of commercial and profit considerations, an environment that supported such research."
Hauben, Netizens: On the History and Impact of Usenet and the Internet (1997)
Without American capitalism, specifically "Big Tech", there would be no "age verification" legislation
Let's cut to the chase. The "age verfication" problem has nothing to do with "American capitalism" or other silly HN tangents. The issue is the lack of rules governing governing data collection, surveillance and advertising, rules that would interfere with the Big Tech "business model". "Age verification" will be another means of data collection for Big Tech but it could also intefere with Big Tech's access to U16 ad targets. It could interere with "indoctrination" into a belief system where Big Tech _is_ the internet
The truth is that the internet does not require "Big Tech" in order to exist and have value. I know this because I used it before so-called "tech" companies existed and, with respect to the state of the art _at that time_, it was amazing. Information was shared between internet users without any attempt to profit from it financially. Today, so-called "tech" companies intermediate (act as a middleman for) the sharing of other peoples' information over the internet in order to profit from data collection, surveillance and advertising. This is unnecessary
The myth that commenters supporting Silicon Valley try to spread is that the internet can only exist and have value if "Big Tech" exists. Their "business model" is "free" intermediation of information retrieval or communication over the internet, thus their argument in favor of status quo becomes something like "online advertising (and associated data collection and surveillance) is essential for the internet to survive"
Their next argument may be that a "healthy AI ecosystem" is necessary for the internet to survive
*commercial
*interfere
Smartphones and AI are tady's cancer, so good job America! Polluting the earth and its inhabitants once more. For electric cars, I have my doubts that without China we will have them, but I'll leave you simmer in your exceptionalism.
Except that the www came out of Switzerland, the first electric vehicles out of Scotland and Germany, the earliest descriptions of neural networks - also Scotland, and countless other things, like Rockets and whatnot, also out of Europe. But, sure, congrats on that ARPANet thing.
Final sentence was unnecessary.
Can you point to the stock markets and silicon valley, and tech leaders and military of those countries?
Oh, wait...
Those are bad things to have.
It is American ingenuity that turned academic curiosities like neural nets into usable products. The missing ingredient in places like Europe or Asia is not intelligence, it is a business friendly environment and the right incentives for entrepreneurs. This is why countries like China can copy existing stuff and make derivative improvements, but don't meaningfully innovate.
Thank god we have "American ingenuity" to enshittify new inventions. Where would we be without that?
[flagged]
It's absolutely a slippery slope - but most parents know how this is a very real thing as well. There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter' - the intellectual debate over freedom of information is clouded by ideology.
Definitely the 'slippery slope' debate is worth having, but that's way more relevant than the 'should 10-year-olds be able to do whatever' (aka all or nothing internet) which I think, if we took a vote, most people would be fine with nominal age restrictions, on that basis and on that basis alone aka outside the 'scary government' issue, which is again, real and material but nevertheless a separate concept however pragmatically engulfed these things are.
> There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter' - the intellectual debate over freedom of information is clouded by ideology.
The first three are physical things, not information. Porn can be debated, but the current age verification push is trying to impose blanket control on the entire information ecosystem. It's the digital equivalent of requiring ID to go anywhere or do anything, rather than just a few well-defined things.
Even if we view it as a good faith attempt (which it is not, remember what Edward Snowden exposed), the parental authority over a child's information diet is being transferred away from parents to tech companies. They're legally mandating you to give away your child's personal info (just age for now, but they'll demand more if we give them this) and make the decisions on what is suitable, instead of you making those decisions for your child.
> the parental authority over a child's information diet is being transferred away from parents to tech companies
These companies not only wanted that but they exploited the shit out of it for obscene profit! In many ways it was their unabated greed that has caused this situation: from addicting design of video feeds, grooming obscene spending habits, collectively doing as little as possible to keep predators and inappropriate content out of games for children.
And how could parents police effectively "the whole internet", it's like expecting them to police what their kids see and hear at school on lunch break x 1000 you cannot control all the things that can influence a child for better or worse. Maximum security prisons can't stop people from accessing the internet and making phone calls so what hope did parents ever have?
We could have avoided this if Google and Apple had enough decency to keep the bad stuff from becoming effortlessly, trivially accessible to children, but they made a fortune off Roblox instead of applying their policies and noticing the abundance of pornography and predators, they ignored Grok churning out CSAM as fast as people could request it, no response to court revelations that Zuckerburg's apps are teeming with sex traffickers, prostitutes and scammers, no response to apps excessively exploiting addiction other than making sure they get their cut.
So now we're caught between a rock and a hard place, a completely unsustainable system where everybody who should be accountable claims to have immunity, and parents are incapable of enforcing a healthy upbringing for their children in this mess.
> It's the digital equivalent of requiring ID to go anywhere or do anything, rather than just a few well-defined things.
No, it's social media, specifically. That's why it says social media. It's not everything, it's social media.
For now.
Banning selling alcohol to children is a slippery slope to banning candy and then banning food and then banning giving water to children. Right?
> They're legally mandating you to give away your child's personal info
If you don’t want to use social media you don’t have to give away the info right?
If you don't want to use ~~social media~~ any website that could contain content deemed as "adult".
And what's "adult"? Hardcore pornography? Sex ed material? Otherwise-G-rated content that happens to have a gay person in it?
Information is a material concern
Relationships are a concern (random people interacting with your child? Good Gosh!)
Privacy is a huge concern for children, way more so than is afforded we regular netizens.
"They're legally mandating you to give away your child's personal info " - no they are not, they're mandating age requirements, which is a separate thing.
Snowden did not bring up age restrictions.
"instead of you making those decisions for your child."
I'm sorry but today the choice is not by parents, the point of the age restrictions is so that parents ultimately can have a choice (they and provide access by their own accounts).
The 'all or nothing' issue of the internet is a big deal - parents don't really have a choice.
These are mostly ideological and rhetorical arguments, not grounded in pragmatism.
The pragmatic concern is 'abuse of control' (aka the 'general' Snowden argument), which is real, but can also be avoided if they do it right.
Granted, I don't have a lot of faith that they will do it well.
> It's the digital equivalent of requiring ID to go anywhere or do anything, rather than just a few well-defined things.
Are you aware that most library systems across most of the world require someone to be 16+ to open an account and/or take out books and materials? That's not restricting anything, that's preventing abuse by those not intellectually or emotionally capable of regulating their behaviour. The parent of the under 16 takes responsibility for their actions, essentially.
If you have to be 16+ to take materials out of a library, why should a minor be able to access _anything_ on the Internet without also having an adult check what it is you're doing? Why should a 12 year old be able to freely visit "innocent-website.tld" without it first being confirm the website actually is innocent? What if it's innocent today, but adopts a new doctrine tomorrow? There's a reason YouTube doesn't let you change a video upload after you've published it: you could upload nearly anything to replace your previously innocent and successful video.
Nothing changes between the physical world and the virtual one. The same problems exist, except the virtual one makes it easier to access much darker information.
The library is one place out of the many places you could go, and the closest digital equivalent is a library website or an app. The Internet is not just a library, but a whole world of its own. We don't have blanket control laws that restrict all movement and speech in the real world based on verified age. The restrictions for minors are implemented at much more local levels.
We do need parental guidance like in the physical world, but such guidance should be issued by the parents, not the tech companies. Age verification is about giving your age and some other identifying metadata to the tech companies, and they hold the authority to decide what to filter. It should be other way around. The companies should expose metadata about their service and the content in their feeds via public APIs, and let people filter stuff locally on the device per the device owners' aka the parents' preferences. Oh wait. Such features will never reach mass adoption in the current software ecosystem. Software antitrust is a joke. These companies and the feds have the opposite incentives and do everything to sabotage local solutions. They've locked down what OS you can run on the hardware you bought, what apps are approved on their walled garden OS, and only the official apps can access their APIs. You don't have root on your own phone and it's a brick without remote authentication. Now they can sell you parenting plus many other things as their exclusive cloud service because "the market failed to deliver" and you can't really control what software runs on your own phone, much less your child's phone. This is the upstream problem and we ought to see it clearly and assign the blame correctly rather than trust those who deliberately created the problem to solve it.
> We do need parental guidance like in the physical world, but such guidance should be issued by the parents, not the tech companies.
By putting up ID roadblocks, that forces the parents to intervene. That's the point :)
The point is there are much better ways to enforce this - like just setting up proper parental controls on a device.
Kids can’t buy their own phone. So parents can always enforce stuff at a hardware level if they set it up properly. It would be much better to just mandate that phones set up with a kid profile cannot access social media.
The problem isn't an individual kids phone. It's their peers devices, or other ways they can explore the internet that isn't under their guardians control. This is a systemic issue that requires systemic approach. I am not making any claims about the qualities of currently discussed systemic solutions, but I do want to point out that the 'parents can just' argument is missing the mark.
This assumes that it will actually solve the problem anyway. Kids just get a fake account or a VPN anyway.
Addiction is the worst part and that is only going to happen on your own device.
All of the kids will get a fake account and a VPN? Putting barriers in place will likely have some effect in the intended direction.
> This assumes that it will actually solve the problem anyway
I wouldn't expect any policy to _solve_ a problem in such a way that the problem completely disappears from the world, much like theft being illegal doesn't eliminate theft, but it sure distinctiveness it for a lot of people.
You do know that many sites don’t work with a vpn. Like this one. You can’t create an account on HN with a vpn. Also, countries are starting to ban vpn ip blocks entirely. In fact, turkey was monitoring tor entry nodes and disappearing whomever provided them. Banned tor pretty damn fast. Vpns can be turned off in a snap.
I promise you that a hacker news does not have all known public VPN egress IPS blocked.
Even the big commercial providers that are advertising all over YouTube are constantly changing IP space so they can keep their customers able to pop into another Geo region and still get Netflix.
Yeah I’m sure the kids are going to be devastated they can’t read HN
They will just rediscover Bluetooth. Kids have always passed around stuff they weren't supposed to have.
Source: I was a kid once, we had no cell phones. Porn on 5.25" floppies was a thing.
I was a kid once, we had no floppy drives. 'Borrowing' your Dad's Playboy or Penthouse mags was the thing.
Cool, definitely better than endless scrolling on the 'you are not good enough'-machine ticktok.
I've been battling with locking down my kid's devices for much of my life.
I haven't found a parental control feature that works: we've tried several, but, generally, nothing survives the 'Hey, I'll just factory reset the device and start with a clean out-of-box-experience' bypass. Kids can figure this stuff out.
Even when we thought that things were under control, kids can easily procure new devices. Many families don't dispose of their old phones; it's not too hard for kids to find an older model that's been sitting around collecting dust, bring it to the schoolyard, and trade it like a baseball card.
I wish I had a good answer, and, distasteful as the age-verification might be, I'm open to such draconian measures at this point. If you say there are better ways to enforce this, I'd honestly love to hear the specifics.
I'm fairly sure that Android requires parent permission to reset a device if it's a managed child device. Overall, the parental controls on Android have been sufficient for what my family has needed.
It seems like it should be relatively easy to create a dead man’s switch that sends you a message after a factory reset, and then you just take away the phone for however long is appropriate. Do most parental control tools just not include that for some reason?
Get an iPhone and don't give your kid the password to the iCloud account. That password is required after factory reset to make use of the device.
wish I had a good reply, and, distasteful as this comment might be. I'm open to giving a draconian response:
Fuck you and and fuck your unwillingness to parent your god-damned kids
children should not be 1 or 2 clicks away from graphic internet porn at all times and your unwillingness to make any compromises in order to stop this is frankly embarrassing.
Your kids shouldn't be on the fucking internet, period
And you are an irresponsible parent for allowing them to be
please explain in exacting detail how you can prevent a child from accessing the internet without living in the woods, homeschooling them, and not allowing them to have friends or interact with another human being that has access to the internet.
That is your problem, not mine
That is definitely a difficult battle to fight, but why do you think kids can't bypass these government-level restrictions just as easily as they can your own? Especially since governments are usually slow to respond to whatever method of bypassing it is used, if they respond at all (especially once it's no longer the topic of the minute).
People can bypass these restrictions with video game character creation tools, with generative AI, with a VPN (something that's very hard to ban in practice because corporations rely on them, and of which some are free), with copy-pasting random ID photos from the internet, with borrowing a parent's or teacher's or other adult's ID, with using a website scraping alternative (some of which can be self-hosted, or hosted by one child for many others) instead of the website itself, and so on. Heck, they can use websites hosted in Russia (or other countries), like a lot of pirates do.
And whatever the easy bypass method ends up being, they'll all end up knowing it, because they go to school and talk to each other, and because they'll always have at least some access to some parts of the internet no matter what.
Meanwhile, these age verifications laws are labeling all the children (who don't bypass it) as children, and that information WILL be leaked, inevitably, as it already has been (from Discord, for example - a service that shamelessly retains and processes every message it hosts, even after the user 'deletes' it).
When ID info is leaked, it leaks the child's age, their real name, and (often) their real address, their phone number, and their appearance. A surprising amount of information might be deducible from any selfie or video that was required. And in combination with an app's other data (or other data about them that has been included in databases and/or leaked and/or shared on the internet previously and which can be matched to them based on email or phone number or username or browser cookies or IP address or etc), it can leak their interests, hobbies, hopes and fears (discussed with friends), favorite hangout spots, the name and location of the school they go to, their regular routines or travel schedules, etc - anything at all that they might have discussed via the app, or whatever might be concluded just by their proximity to their friends (e.g. maybe they don't directly know that a kid lives in X location or plays Y video game, but if every day they talk to a bunch of other kids who definitely live in X location and play Y video game, then they probably live in X location and play Y video game too).
When all that data is leaked, all that data is now available to predators. And it's very, very hard to remove it from the internet after it's out there.
That data, even just from a single leak, could make it so easy for someone to target a specific child, contact them, tailor their lies to seem as trustworthy and likable to the child as possible, anonymously harass them online, threaten them, stalk them, or attempt to persuade them that yes, he does know their parents, and they definitely sent him to pick them up from school.
To me, all these laws seem realistically likely to do is unintentionally but significantly endanger the children they claim to protect. I don't see how it can be anything but a devil's bargain, even if we only "think of the children" and disregard other concerns.
At the least, it should have been proven to be more effective than regular parental controls before even being considered as an option, but so far, it doesn't seem to be so at all. And if there's little to no additional benefit, or we're not sure if there's a benefit or not, or if it's shown to be less effective, then why ever choose it over the regular parental controls that don't carry this huge additional risk?
As to enforcing age limits otherwise, well. I confess I don't think there is any way children won't just find a way around. I think the best defense is just educating children about how to navigate the internet and its potential threats, making sure the children don't see their parents as distrusting of them or oppositional (so that they feel comfortable enough to go to their parents for help or reassurance if there's a problem, instead of hiding the problem because they don't want to be yelled at for being on the internet or such-and-such website at all), and - an element I think a lot of parents miss - making sure they have a lot of appealing options for things to do or ways to socialize outside of the internet. If you occupy their time by indulging their non-internet-focused hobbies and interests (and maybe engaging in them with them, to spend time with them), or letting them visit friends in person, then that's time they're not on the internet and likely don't even want to be. I think that this is the option that best sets up the kid to continue having a healthy relationship with the internet after they turn 18 and are even more out of your control.
That said, as far as device parental controls go: instead of focusing on phone-level controls, I recommend using your router's network-level parental controls, as well as the phone line controls for whatever company you get your data form (if they have a regular smartphone, as opposed to a more limited one, which do exist as an option). For your own wifi network, you can even set it up to use a whitelist of devices so that your kid can't even connect to it from a non-approved device. That doesn't stop them from potentially still sometimes accessing the internet using a friend's phone, but it'd cut down on how the amount time they have that access, and do so more effectively than government age restrictions. And in any case, you also can't always stop them from looking at a dirty magazine that they find at a friend's house, or from reading a hateful tract that someone hands them on the sidewalk, or from watching a terrible channel broadcast on a TV in a diner. But you can potentially influence how they handle it when they encounter these kinds of things.
This is not how any other thing that is banned for children is enforced. It makes no sense.
The person selling the age gated item needs to take lawful measures to ensure they arent selling it to a minor. Their parents have nothing to do with it.
Your solution would be that if a 14 year old walks into a liquor store and doesnt have a note from their parents saying that they arent allowed to drink alcohol, then the store should be able to sell it to them.
The proposed solution though is that all adults going into the store have to provide their full name and address and have it recorded by the store to buy alcohol - or any other +18 product they want to buy. These things are not equal.
And that is where details matter. You can implement age verification in such a way that no data gets transmitted anywhere. Ofc I wouldn't expect Meta to not take a chance of collecting even more user data and blame a law for doing it, but if the law is written well enough, it won't mandate a specific method. If it does, definitely oppose it imo.
Age verification implies that some authority, usually the tech company, checks your age. It's mandatory personal data harvesting. A method that doesn't require data to be transmitted anywhere is just local permissions and filtering. The tech company should broadcast the metadata of the content they're serving, then the decision to filter it should be made on the client-side according to the device owner's preferences. But big tech is constantly trying to sabotage this permission model by removing root from phones, mandating cloud accounts to use your computer, etc.
You can - but currently it’s all just done with random private companies that I would not trust with my email address never mind my passport or adult preferences.
Again - apple’s on device verification is a good idea for this. Apple just sends a ‘yes this is an adult’ message to reddit for example and now I can again participate in chrome up discussions.
[dead]
mandating devices provide a `NoAdult` setting, so so browsers could check it and then send something like a `x-NoAdult` header would give websites a reasonable method for distinguishing minors (or people that just don't want adult content).
it's the old 80s/90s bead curtain separating the adult movies area from the rest of the video store. it keeps kids reasonably separated, and leans on parents making their kids mind. I think that's a reasonable target.
it would work without forcing every internet user that wants to use a given service from having to submit government identification, go through interviews, or sign up to massive centralized identification systems that will inevitably track every movement people make online.
if history is any indicator, those things will lead to breaches and abuse, and people's privacy will be violated.
if there's a legally mandated way for parents to stop their kids from peeking through the internet's bead curtain, that should be sufficient for most purposes.
if the argument is that bad or foreign websites might not implement it, it's not wrong, but that same problem exists with the mass-surveillance methods as well.
if you keep going down the path of forcing everything, eventually you end up with a national firewall, vpns are illegal, anything that can provide anonymity or pseudo-anonymity online is illegal, no one has privacy, and busybodies will spend all their time hunting folks for liking things they don't want them to like when the inevitable breaches come.
to your last point, sure, a 14 year old shouldn't be able to just wonder into a liquor store, but a 40 year old should.
that's literally what the california law, that we keep calling an "age verification law" even though it has nothing to do with age verification, does
> like just setting up proper parental controls on a device
This is literally what is being written into California law. The OS will have an "age flag" that is configured at device setup that passed to other apps. The law explicitly was written such that it wouldn't need identity verification, but that isn't stopping scaremongers claiming it as such.
Many parents don’t have the technical aptitude to set the controls up properly. I am a software engineer and I find it challenging to keep up with the nuances of parental control setup and how to adjust it as kids get older. Content is also imperfectly tagged and smart kids can easily find loopholes in most controls. Having a centralized ID validation system wouldn’t be an ideal solution but having something baked into the Internet itself to help parents shield their kids from inappropriate would be a good thing.
That’s what I mean by adding legislation to make it automatic.
If it’s a kids device, then it should just block social media as required by the law. I agree that right now it’s difficult to set up - but this is a choice from Apple and Google. Just mandate sensible defaults.
A hardware block is much more effective than anything else that can be faked.
Just have the phone ask ‘is this a phone for a child’ and if you select ‘yes’ then it’s done.
Wasn't there a (proposed) "standard" in 90s (eMediaMark, I remembered) that just added a Header to HTTP in order to have ancient browsers automatically filter adult content.
That would easily be enforceable by making a "kid mode" enabled and locked down by a parent with a password mandatory on devices. Then you could have something like this:
suggested here: https://digitalbiztalk.com/article/a-better-way-the-adult-co...eMediaMark is now Internet Content Rating the stuff I was remembering can be seen here: https://icr.chit.eu/
You can just take that, it's been there for decades.
Yes that's basically what the California law does. It says all devices shall have parental controls and they shall actually work. But I thought you hated it.
I am curious if you know how to enforce this on a general purpose computer.
This isn’t that hard to solve.
Kids have their own account on the computer.
Make it the law that if a computer account is set up as a kids account it must send some kind of not-adult header with all requests. Enforce that in the OS so it can’t be messed with.
Leave non-kid accounts alone.
Make it the default thing that happens if you set it up as a kids account so anyone can do it.
Thinking aloud here, but perhaps the answer is in the question: general-purpose computers get a free pass. Point being that kids generally don't use such things. Because otherwise I have exactly the same question as you. It's an existential question for software freedom.
Problem now is bunches of parents don’t give a damn. So if your kid gets phone locked up others will make fun of him at school and kid might be outsider.
Other parents are the problem, not technical setups.
Ok but everyone suffering because some parents are bad seems like a shitty policy.
It is not „some parents”, problem is really big.
Okay, so we need to have stronger and more strict CPS enforcement
If parents can't take care of their kids they clearly should be taken away
>There's no controversy in having drugs, guns, alcohol, porn and other things 'behind the counter'
There is controversy! My grandfather and his schoolmates all regularly brought hunting rifles on their trips to the schoolhouse and home (1930s), to hunt opportune meals. There was never any problem with school shootings, which IMO are likely the fault of the prison-authoritarian style that schools morphed into during the latter-half of the 20th century. He had me drink shots with him when I was under 10 years old, because he wanted to make sure I knew drinking was ultimately a boring, uninteresting, stupid activity. Alcohol was always available and I was even welcome to partake anytime (as long as I did it at home)... I hardly ever touched the stuff, and still don't even now. He was a police officer and firearms instructor in a big midwest town, he even taught me how to shoot around that age. He taught me that government is neither god nor good, it is just raw power that has to steal from someone to give to another.
I miss my grandfather so much!
Also, thank goodness my folks were computer illiterate; I never had issues with blocking software (though I would probably have defeated any... easily). I grew up looking at porn and gore occasionally from my very early teens. Maybe try teaching your children about the world instead of hiding them away from it?
> It's absolutely a slippery slope
The slope has already slipped.
This is IDENTITY verification, not “age verification.”
You cannot verify your age without uploading your ID.
In theory you could do this with 3rd party verification and zero knowledge proofs orchestrated by the users browser.
Mozilla Persona comes to mind.
https://en.wikipedia.org/wiki/Mozilla_Persona
This will never happen of course because the objective is to track your every move. The government want to know every pseudonym you use on every website.
I think you'll find some parents feel that way about digital porn, too. There's a difference in supporting these laws from a privacy standpoint, esp that router and cell provider based controls are effective
At least half of the people in this thread survived growing up with access to social without age verification.
And I'm pretty sure we've all had an encounter with some creep in some random chat room too.
We talked about these things at school and at home. Don't share things with people you don't know etc. Idk if it's illegal to tell kids what to do these days. But when I grew up, we were occasionally also told to get off the computers and touch grass.
I hope I'll get to raise my future kids myself. I think I can do a better job than the government :)
Soon enough you will realize that kids spend more time with their friends than with their parents. Most parents want their kids to be curious, build autonomy, and feel free. For this to work, they need a safe space. There are to place to enforce a policy: client side (parental control) or server side (age verification). Personally I don't want to transform my kids general purpose computer into a locked down infotainment machine. I think it would be a worst society if the norm becomes "this is not your device".
How are kids supposed to have a safe space "to be curious, build autonomy, and feel free" if they can't get out from the authoritarian hands of their parents or their government?
Good question. Maybe we can find the answer by getting them drunk at the strip club - two things that we'd be authoritarians if we prevented children from accessing.
As if there's no difference between harmful substances combined with lewd activity, and talking with people on a video game.
https://metro.co.uk/2026/06/01/uk-considering-banning-kids-s...
"we've all had an encounter with some creep in some random chat room to"
My parents generation survived lead in gasoline and they never wore seatbelts or helmets.
"I think I can do a better job than the government :)"
Is exactly what their parents said about the government telling them they have to get their kids to wear seat belts and helmets.
I don't think this argument works for two reasons:
1) It don't address the materiality of the concern.
If 'creeps in chat rooms' are causing material harm, it's an issue, then youre making the 'anti vaxxer' / 'anti seatbelt' / 'anti helmet' argument.
I'm not saying you are - if 'creeps in chatrooms' really is a 'lesser issue' - then you're not making a bad argument at all.
The real issue is the 'materiality' of these things.
'Creeps in chatrooms' is a harder thing to assess, but it's real, if it is real, we can't just dismiss it.
2) "I think I can do a better job than the government "
If someone wants to protest the governments current age restrictions cigarettes - and also not vaccinate their kids - that's a choice.
But this argument is usually made by people who don't have kids in their life and haven't yet realized that 'the all or nothing internet' is not really a choice, it's chaos.
Lack of very basic regulations means people aren't afforded the opportunity, in a way the government is dictating that 'kids will get guns and porn and that's it'.
The alternative argument - is that we can have age restrictions and parents can then be in a position to actually be parents, and make a choice.
'Slippery slope notwithstanding' ... because it's a complciated issue
Yes and that chaos is called freedom
[dead]
>At least half of the people in this thread survived growing up with access to social without age verification.
I was like 8 - 10 years old, I wandered into the "Adults Only" chat room on Microsoft Networks (Oh sweet, I thought, they have a small pen to keep the boring adults in, better check on them) and said "Hi everyone my name is X and I am Y years old" and everyone was nice to me and said hello. I got bored and left.
There isn't much left of the free Internet anyway. Search engines no longer work, all discussion forums are ranked/censored by interest groups, mail delivery is between large entities.
Maybe we need an alternative set of root servers for a free Internet.
I would suggest that we should not conflate the internet with these corportate platforms. The internet still works fine for now. I can still stand up my own DoH resolvers, forums, chat servers, email servers, DNS servers, vpn servers, etc... Many social circles are bound to have a tech-nerd one or two layers removed. That used to be a pejorative.
The hardest part is the psychology. People think they have to be on the big platforms as that is where their friends and favorite streamers are. Willpower can bring back the old platforms onto the current fast internet. Critical and free thinking people can choose to ignore the big platforms if they wish. People can go to local stores to buy most things. There are arguments for and against all these points but I am choosing the aforementioned options and accepting the psychological challenges.
People can use old style self hosted platforms as a "fallback" and once people realize it is more private and they can speak freely amongst their friends it can get comfy real fast. Glowies are seething.
Some friends and I have private forums and chat servers. We talk shite all the time about Reddit threads yet none of us have Reddit accounts. We talk about HN threads, brain rot on Twitster and many other platforms free of censorship, free of voting brigades, people trying to force narratives, etc... Oh and most important, free of "AI".
In a way it is the bad players that are ruining it. Yeah I can setup all manner of servers for this stuff, but the instant I miss a patch or a patch is late to be developed and you can be compromised in no time. And unfortunately it just becomes a game of endurance between you and the army of folks trying to crack systems open.
I have said it for decades, if there weren't bad players then we wouldn't need any of this security. That is a very utopian idea.
I have thought that a way to put people off is to have such an anaemic server that they wouldn't bother. Like a tiny RiscV board running Haiku that delivers basic HTML and email. There is little incentive to raid that thing. I haven't thought this idea through much however.
For what it's worth I have been running my own things since the 90's and not yet compromised. I disable the CPU mitigations and have a minimal firewall configuration. I do keep things patched and keep an eye on news regarding the public services I run but only enough that I can still call it a hobby. I try to only expose daemons that have been battle hardened on the internet for decades. In the early 2000s I ran phpBB and that was a little risky and did require hardening php.ini
There really isn't anything utopian however, it's just a hobby and a way to let friends communicate without big brother putting their peanut butter in our chocolate. If you don't feel comfortable tinkering then of course don't. Never feel pressured. One can always start off sharing their services with a few friends and not advertise it globally. Find a hacker friend that can help pen-test your stuff. Perhaps even restrict access to your friends IP addresses or the CIDR blocks of their ISP's to limit access. Or use wireguard to restrict access to a VPN. If it's a web daemon just adding simple authentication with obscure usernames and good passwords in front of it will get nullify most of the bots until one is comfortable sharing it with the world.
Probably one of the riskiest things I have set up was just this week exposing Unbound DoH to the internet. Unbound has had a handful of security issues in the past. The HN crawling bots are getting confused by this weird thing listening on port 443 but they just can't figure out how to connect to it. If it gets popped I will just nuke that VM and revoke the cert. There's nothing sensitive on it.
Outbound mail gets harder every year as opaque reputation systems flag mailer daemons as false spam positives.
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
And content is increasingly produced for, and by, machines. Human initiative and/or access is increasingly incidental.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
> keeping that alternative clanker-free
which brings you right back to verification...
Verification tells you that a human being is behind it, not that a human being made it.
If you can at least attest who is responsible, other tests for AI-generation might be applied, with reputation following from that.
Sadly, that's bullshit most of us didn't ask for, and it's turning up all over the place, e.g., among book and short-story publishers, journalism, academic publishing, as well as blogs and social media.
Attesting who is responsible is more of that "bullshit most of us didn't ask for". I'm not interested in identifying myself so some cretin can know whether I am, or am not, an AI... particularly when the vast majority of posters on any platform act like NPCs anyway.
Would be nice to see something referral based. If you don't like X, block them. If X invited Y and Z and their invites behave poorly, you can block the whole tree. Kinda like lobste.rs referrals but for wider internet
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
There are several problems with this.
Aside from social dynamics, a chief issue is that if you're relying on this as a mechanism for content filtering, personal relations have low predictive value.
E.g., I may really like a person's content, but not their curation or referrals to other accounts. Conversely, I might not care for a person, but their recommendations may be excellent. More common might be the case that a given account produces little or no content of their own, but makes reliably predictable (either good or bad) recommendations, which would be useful for further filtering. Or the highly verbose individual who emits a constant stream of near-drek, but an occasional diamond.
Content production, content curation, and talent spotting are all distinct skills. Success or lack in any one says little about the others. This is where Bayesian indicators (including relationships and referrer / invite relations) would probably be more robust.
That said, tainting an entire invite tree is likely useful, with a caveat that if a particular invitee has an independent, untainted, relation, they might be worth following.
In practice what I've found most useful is to have a pretty tight primary list of follows, ~50 or fewer, and a slightly broader secondary list. Allow recommendations be default (that is, re-shares / boosts), but curtail those too if problematic. Be quite liberal in blocking / muting anything in the least bit annoying or problematic.
Or participate in a selective group with excellent moderation. HN isn't quite there, but it approaches this ideal more closely than any other major forum I'm aware of presently.
Just peeping Fediverse for a few years i can only imagine how toxic that would get. It would be a constant ideological war.
Perhaps, but in both cases, I think that the principle problem is attempted control at the wrong portal.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
The trick is to stay small. If your network only has a few millions of people, nobody targets it.
Not true at all. Even small, insular, just-a-few-hundred users PHPBB-style forums have to run Cloudflare or Anubis to try to stem DDoS-style scraping, and have a constant patrol of moderators to stop AI spam posts.
Not true. You can also make your code fast enough so your server doesn't get overloaded by three requests per second. Then you can just handle the requests.
There are multiple facets to the problem. Technical site performance is a very small part of those.
The disruption, manipulation, and most of all erosion of trust which bad-faith actors create (AI or otherwise) are the most serious issues in my experience. The concept of "evaporative cooling", in which a platform starting to go bad sees an accelerated departure of well-intentioned, high-value participants.
See the original article from 2010: <https://web.archive.org/web/20101012105003/https://blog.bumb...> (HN discussion: <https://news.ycombinator.com/item?id=1777665>).
And an interesting follow-up, 2015: <https://blogs.cornell.edu/info2040/2015/10/14/the-evaporativ...> (HN discussion, from 2025: <https://news.ycombinator.com/item?id=42597962>).
I agree with you that the PHP forum software is not fast at all. But, try hundreds of requests per second, including requests that require text searches.
Also, uh, how does speeding it up that help with the AI spam? (Sorry, I should have emphasized that part of my most more, since that's mostly the topic of this sub-thread I was replying to.)
The future is balkanized.
Occasional communities may survive in a walled garden fashion.
Sorry, Tim Berners-Berners-Lee.
Already exists: Opennic.org
>Maybe we need an alternative set of root servers for a free Internet.
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
You can still get a block on the grey market for (I believe) currently a 4-digit payment, which is not free, but it's quite accessible if you have any serious usage at all.
(It will be officially transferred to your name - there's nothing grey about the blocks themselves - the greyness is that RIRs officially forbid selling them, but they can't really do anything to stop it and they don't forbid buying.)
IPv6 blocks are still available from RIRs and you don't really have to care about anyone stuck in the 1980s if you don't want to.
Also each of the root servers is itself run by a different organization. If you had some clout, you could ask them to also host your alternate root server on the next IP address. Half of them are anycast blocks which means they likely have 253 addresses free as anycast blocks aren't really shareable.
One very simple way to give parents control over what their children see and participate in without violating everyone else’s privacy is to create adult and social TLDs and require these sites to migrate to them. So instagram.com becomes instagram.social, etc. Then mandate that all consumer network equipment mfrs and internet providers provide easily accessible ways to block these TLDs. Maybe combine that with some public education materials to teach less savvy parents how to do this.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
This idea has been around as long as the web, but you can't get momentum behind it.
A much better idea was a .kids domain where the content was vetted, and you could allow-list your child's device to that. Much easier than trying to migrate everyone over to specific TLDs, especially when that ship has sailed already. But that never got traction either.
Edit to add: I used to work on "family safety" software. Blocking bad content doesn't work - it's too difficult of a problem. Walled gardens do work, however. The fact that there's not a push for the equivalent of an Apple App Store for kids is probably evidence of ulterior motives on behalf of regulators.
One of the problems is the binary nature: we lump everyone between 0 and 18 years old into a "kids" bucket, but the content appropriate for a 17 year old is very different from the content appropriate for a 4 year old.
My family has tried the curated "kids" content from the major players: It's junk and not going to be interesting to a teenager. Your 14 year old is not going to be satisfied with a version of Netflix that's all Bluey and Daniel Tiger. And your 5 year old probably shouldn't be watching stuff that's made for teenagers. But our regulatory hammer knows only "kid" or "not-kid". You can't make a single walled garden.
Even within a single age. My 15 year old might not be ready for content that your 15 year old finds to be routine. How is YouTube going to know what is appropriate for any given 15 year old? Walled-off content and numerical age gating is just not a workable solution.
This only works if ALL TLDs become strictly regulated, which goes against the idea of a free, open and distributed internet.
And even then, what about social networks showing porn? Chat apps like Whatsapp and Discord having porn etc groups?
Any platform that accepts user-generated content, from Pinterest to Ebay to forums, etc can host it. And that's just what's on the public internet.
There was some optimism with .xxx that adult content producers would voluntarily switch over. Spoiler: almost none of them did, except for domain name availability reasons.
Plot twist: in a few years all the indie and counterculture web appropriates .xxx domains to evade AI crawling and legislative interference.
And then suspiciously the .xxx registry jacks up the prices to herd everyone back
You're massively underestimating rule interpretation skills of horny teenagers and gambling game developers. Total segregation based on actual solid cold hard ruleset is pure gasoline to them.
What this misses is that many parents do allow their children to access social media because kids need to conform. If all the other kids have social media access, your kid is excluded by not having access.
Is it better to have TikTok AND friends, or no TikTok and no friends? Sure, the best is no TikTok and still have friends, but you can't always have it all.
That’s fine because an enforced TLD system would default to them being allowed to access social networks and parents having an easy way to block them. It makes it easier for parents to do their jobs and doesn’t affect everyone else. Want your kids to have access to social media? Just…do nothing.
It seems to me that the supply of friends is more or less unlimited, such that it's pretty reasonable to apply filters when choosing who to befriend.
"Also not using tiktok" could be one such filter.
That may be true in theory, but not so much in practice where they only have so many people in their classes and extracurriculars.
At last the best option is to have the cake but not eat it too!
I don't get why a problem specific of parenthood should apply to everyone else. Don't give your kid a smartphone then.
This is such a naive take, I see it a lot. Have you considered they can:
* Buy one themselves
* Get / use a friend's
* Use public internet access points
* Need one for school
* Use the smart fridge / tv / gaming console / anything with a browser
* Access stuff in Minecraft, Roblox, etc
You can only stop it by going offline and raising them in a cabin in the woods, which is a whole other thing.
What you can do is give them The Talk, of course (but that only helps / prevents to a point, it's more to prepare them for what they may find or how they can identify problematic things). And the other is to push back as a community effort, with e.g. many schools banning kids from having phones in the first place.
Have you considered that even if unwanted material was only accessible in physical form with age restriction for buying. Like porn magazines, cigarettes or alcoholic drinks, kids can still access them and find a way around it. You can ask older generations. Perhaps you can't stop it by "going offline and raising them in a cabin in the woods".
Best is to assume they have access to it one way or another if they seek it. The discussion should not be about banning vs allowing, it should be focused around how to deal with situations that arise regardless.
Education about the subject and why kids shouldn't seek access is quite effective, additionally they will be informed once they are allowed access. Think about how the last decades saw a sharp decline in smoking and alcohol consumption.
I think the earlier commenter is right. If a parent fails to... well... "parent" that's on them. Locking down the internet to republican-approved sites only is not the answer.
I can see that you don't get the problem, indeed.
One problem (there are others) is that it's not always possible (or easy) to not give your kid a smartphone, or access to social media.
Imagine that your kid doesn't have those and is having a hard time at school because all the other kids do have them. They have a whole culture based around those, and your kid is excluded from it. What do you do? Tell your kid that it's okay to wait 10 more years before hoping to not be excluded?
Block how? You can block sites now and all it takes is a proxy/vpn to get around it. Nothing short of personalized age verification will work. The best we can do is make sure the age verification system is centralized by the government. The client sites can’t see who you are and the centralized government server should not be able to see the sites you visit.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
>Nothing short of personalized age verification will work.
Specifically, daily personalized age verification by the specific app/website, not by a third party.
>The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you.
Well, the government has the right to request proof that the company in question is properly conducting the age verification process. This means that the companies performing age verification will keep your personally identifying information (PII) and maintain an association between your PII and your account/activity on the platform.
On a different note, the government has the right to gather evidence of criminal activity, where the definition of "criminal" is under their discretion and if there happens to be a convenient stash of information that can be linked to your person, that's just a happy coincidence.
Whether such a system could be bypassed by a VPN would depend on exactly how the age verification works and whether said government decides to ban the use of VPNs.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
I don’t mean bypass as in get around the verification system I mean bypass as in its one flaw can be mitigated by using a VPN.
Just add as an SRV or TXT dns record. Give the power to the owner of the device to allow it or not.
Reminder that the internet was created to be live and a indestructible means of reaching one and another, none of what you wrote can meaningfully do what you think it would.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
Using TLDs as any kind of categorization has failed long ago.
As a parent of teenagers, I feel like the sites make it hard for parents.
When they were young, you had a choice between YouTube being completely locked down with no option to whitelist channels or letting them watch almost anything (although I think this has changed since but it's too late now for those of us with children that age).
Now, there is no way I can whitelist contact/groups on WhatsApp or Discord servers/friends. Once they hit 13, pretty much any option to restrict anything feels taken away from you as a parent.
Luckily, I have sensible children (I think!) but it's really hard as a parent trying to both be reasonably responsible, but not deny all technology, it's really hard to navigate a sensible course.
You gotta understand, the owners of these sites don't care about you, your kids or a good user experience. They care about serving ads, tracking your behavior and selling that behavior data to the highest bidder. If they get to your this behavior to your government ID, it will probably make it more valuable.
There's also a lot of room between YouTube (or even social media) and all technology...
Safe Vision app
The article says that California "will require identity verification at the operating system level starting in January 2027", but that isn't true. The bill [0] only requires that operating systems collect age information on account setup and then provide which of four buckets the age falls into. It's not requiring any kind of identity verification by the OS. It's just a box you fill in when you set up the computer.
I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
[0] https://media.reclaimthenet.org/docs/california-ab-1043-digi...
This put the power in the parents hands. They can set up their kids computer with a kids account and then all software and web services can just ask the OS if the user is an adult rather than all requiring their own ID verification.
Forcing all OS to do this is a bit of overreach though no?
If you want to keep your kids safe get an OS that supports it?
Why is it the state’s responsibility?
It's the State's responsibility once something affects enough people. That's why a law like this makes sense but should exempt OSes under some number of users. It's not great that we have such a harsh divide between "do whatever you want so long as not too many people are bothered" and "alright now the people have spoken and it's a State/national law," but it's the system we have and better than the people only getting a say with their wallets.
This conversation makes me wonder if age verification at the system level could be considered an externality for its cost to society as a whole, and the solution be to collect tax from any commercial sale of a desktop OS that doesn't implement a defined open standard. If there is any money raised it could be used for eg. education pieces on harm and harm reduction
Maybe it doesn't work in this case, but I think you both make great points. Just feel like there must be a way of bridging this gap
I think it only affects devices that are sold. So free software, you install yourself won’t meet that theshold.
Well it may end up with some porn-hungry kids compiling their own Unix core build on their own, not a bad even if unintended direction
The state requires things sold to meet a bare minimum of safety. Cars sold require seat belts, movies/games sold require ratings. Devices sold have a meaningful parental controls flow.
Seat belts aren't forced on you - if you want to not use them and face the risk of fines, you can do so. Media ratings systems are informational, you can choose to let your kids watch R rated movies or above. Are they going to let parents have a choice when it comes to parental controls? What about non-parents?
That's my gripe with the age verification systems I've seen, there is no room for parental choice and no consideration for people that are adults and don't have kids using their computer.
If something is illegal for kids to access it is illegal and therefore parental choice is being overriden by the state just like every single other thing that is illegal for kids to do such as smoke cigarettes, do drugs, drive etc.
OS-level is so much better than app-level. App-level means redoing the work for each app and increasing the odds of issues.
I don't think it is overreach since its fairly simple to implement and non obtrusive. We have had multiple decades of failure from tech companies already to prove that they won't act on their own.
If you are putting individual parents up against Meta, Google, etc, the big tech companies easily win. As we have seen already.
> I don't think it is overreach since its fairly simple to implement and non obtrusive
Those two things have absolutely nothing to do with one another. Something being easy to implement is completely unrelated to whether forcing its implementation is overreach.
Which is why s/he mentioned both of them. *This* law is simple to implement *and* it's unobtrusive. It's actually a really good way to solve the problem without creating privacy concerns.
How do you verify someone’s age reliably without identifying them? Unless there’s some standard around zero-knowledge proofs they’re implementing that I’m not aware of, they’re probably going to end up identifying everyone as part of this system, since kids will try and bypass it and parents will demand it be made more robust. Kids will still bypass it no matter what we do.
You don't. The law we're discussing doesn't verify someone's age. Please stop calling it an age verification law, because that's completely disingenuous FUD.
Its the responsibility of legislators to reflect the legislative will of the people.
The issue is it's a few incremental steps away from nto being that way and the first step is really the issue.
I think the part that's the issue is the one where they mandate age verification. They're going to try that either way, the worst thing this could do is get people accustomed to the idea, but in practice the operating system they use already asked their age.
Just look at how far privacy has slipped in the last 25 years, it won't take another 25 to get there. Maybe less than a decade.
So, to post something in 2027:
- You have to have an approved browser.
- It has to be installed on an approved platform, Google or Apple, for which you have a valid account.
- You have to have an account on the posting platform.
- You have to get past moderation on the posting platform.
That's without age verification.
You can't sign up for a Facebook account without giving a live selfie.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
Well yeah, Facebook has been a data harvesting scheme from the beginning. It was originally called LifeLog. It is not part of the “free” web.
Indeed, well before Clearview, Facebook demonstrated they can identify faces and asked people to tag people in it, creating one of the earlier massive facial ID databases.
FB's policy on this is patchy. I've known people who have had accounts for years, who were suddenly asked to provide a selfie - often after posting political content. Their accounts were then either locked down permanently, or unlocked.
I also know people who created accounts from scratch without needing a selfie while connecting exclusively through a VPN. (Only some VPNs, work apparently.)
Supposedly FB uses device ID tracking, so if you're picked for selfie ID on a device and try to create an alt, you'll be selfie-ID'd again.
Using a different browser on desktop solves the problem for desktop but not for mobile.
And so on. Basically it's doable, sometimes. And sometimes it isn't.
Seems fairly robust. So why is spam and misinformation so incredibly rampant still?
just use a video of a video game character and pause the video at the required face positions
[flagged]
It gets worse. Banks now require pictures of faces to fucking close the account and pull the money out.
ATM are taking a picture when withdrawing since decades :-)
You find it to be a negative that banks require identity verification to drain an account? Personally, I would refuse to keep my money with a bank that doesn’t do this.
The relationship was established decades ago and they accept money and direct deposit still with no KYC.
But to get the money out? Oh no! We need a picture of your face! And there’s no option for going in person.
> The relationship was established decades ago and they accept money and direct deposit still with no KYC.
Having just gone through the annual KYC checks required by my bank/s I don't think this opinion stands universally.
Can also confirm to open an account I need to provide a live selfie and verifiable government ID.
> Having just gone through the annual KYC checks required by my bank/s I don't think this opinion stands universally.
What is the "annual KYC check"? Your bank is afraid you became someone else during the year or what?
Asinine requirement by whatever risk management firm they use. A selfie provides nothing in terms of lasting security while simultaneously adding permanent risk.
Exept they do actually do facial rec against the government database, to my knowledge anyways.
This is a requirement for two different banks I have, very likely for the rest as well.
Doing the live selfie route I don't need to provide tons of other documents.
For banks without the live selfies I need police certified docs for ID and address.
And the big thing for KYC every year is proof of current residence.
Have you ever considered that it’s a front? You may think that store that never has customers is just run incompetent business people, but in reality the real objective is not the one you believe it to be, and it’s actually great if you were to refuse understanding that.
I've found that framing topics like this as primarily a pretext for different motives is a sure-fire way to be ignored by people you may want to convince.
As always, the goal in convincing others is to take someone from their current understanding and bring them closer to yours. You can't get there if you don't start the topic at their current understanding of it.
The option for going in person involves a balaclava.
> they accept money and direct deposit still with no KYC. But to get the money out? Oh no! We need a picture of your face!
Unauthorized deposits aren't nearly as much of a concern as unauthorized withdrawals, right? I'd imagine that there are far fewer malicious actors that try to deposit money into random bank accounts than there are ones that try to withdraw money from random bank accounts.
> And there’s no option for going in person.
Won't an in-person bank also take pictures of you via security cameras? I don't really understand your objection here, could you elaborate?
A bank's security camera feed isn't likely to be sold to dozens of companies.
It is all but guaranteed for Internet-based facial recognition services.
Hacked facial recognition data already is reportedly being used by scammers to not only bypass bank security but also to impersonate people to target their loved ones.
There is no lasting security gain by providing a selfie. There is a lasting security and privacy loss, however.
So that's the concern? But GDPR solved this, just don't consent to them selling your likeness for AI training purposes.
Trusting untrustworthy companies aside, that doesn't resolve the issue of hacked facial recognition data.
Even back in 2014, malware was coming out that steals facial recognition data directly from smart phones themselves.
https://www.theregister.com/security/2024/02/15/stolen-ios-u...
The GDPR isn't a silver bullet.
Additionally - furtherance of facial recognition technology would impact travelling to foreign jurisdictions.
One of the most common ways foreign travellers get flagged when travelling internationally is for social media posts made under their own name that their destination country's government may not like. Traditionally if you've kept yourself pseudo-anonymous, you've largely been safe. But if we get to a point where pseudo-anonymous accounts are associated with pictures of people's faces, it will become significantly less pleasant to travel internationally for a lot more people.
*2024, not 2014
You have way more trust for these companies actually following laws than I do
It used to be that you could expect to not have your likeness captured and transmitted to third parties for their AI model training and who knows what other nefarious purposes.
It seems like all expectation of privacy and anonymity evaporated in the last 5 years.
> they accept money and direct deposit still with no KYC.
WHAT? No KYC? what are those banks?! I have friends in South America who would pay really good money (cash) to know
I'd consider it a negative that they trust a shitty webcam / selfie camera to cut the expenses of having an actual office with trained personnel.
Who aren't flawless of course, but selfies have been easily circumvented with photos or video game cameras.
Hell, at one point we had to implement age verification for a Japanese tobacco product website via a 3rd party vendor, I just used the wiki page's picture of a Japanese ID to test it, worked fine.
Yeah, it's ridiculous in an age where you can have backgrounds replaced on the fly in video calls.
most banks using faceid won't accept you go to a branch. because they contract with a provider who makes more money from building and selling a database than to fulfilling the contract with the banks.
Do you have proof of this? This comes off as conjecture.
ask you ai chatbot or do 5second google search.
all banks contract with fly-by-night faceid providers who have zero oversight or provide no governance info anywhere.
I did Google this. It seems to be a small number of banks doing this right now. A far cry from "all banks".
Maybe we'll get there eventually? But you should be more wary about making such absolute claims.
And your data on all those platforms - Google, Apple, Facebook, Twitter, etc. are ALL building comprehensive profiles on you, selling your data, and probably tossing it straight to the government in one way or another.
And just so we're clear: these companies are building these profiles even if you haven't registered and/or logged into their services.
“In one way or another” is doing a huge amount of work in that sentence. The spectrum of privacy postures there is massive.
Indeed:
Google collects 20 times more telemetry from Android devices than Apple from iOS (therecord.media) [but Apple still collects a lot!]
https://news.ycombinator.com/item?id=26639261
It’s the end of large scale “global village” social media - good riddance if you ask me; I’ve left it years ago for more private spaces.
I wonder though how it will affect places like 4chan. I don’t really know if it’s still as anonymous as it used to be but that’s like a cornerstone of their existence.
Global village can just be code for Tower of Babel. It was knocked down for a reason.
And you have to declare your accounts to border police prior to international travel.
Are you referring to financial accounts or social media accounts? (If social media accounts, I'm guessing you're referring to the US specifically, and during advance visa processing rather than at the border.)
> and during advance visa processing rather than at the border.)
This got extended to every traveler, visa or not.
this is reason enough to close the vast majority of them. if you're engaged in discussion, that's one type. the doomscrolling types, more addictive but very much more disposable.
You will also be denied entry if you say you don't have a Facebook account, since they'll think you're hiding it.
You don’t “have to”. They’re requested when travelling to the US - but from my experience it’s not enforced (at least not consistently, I’ve never been asked why it was blank on my forms)
I thought so too, and said so at a meeting at work when some colleagues were unwilling to travel to the US.
It turns out close contacts of some of my colleagues have been asked to show their Facebook accounts at the US border. There was a recent rule change about it.
Is that some US thing? As as European I've never experienced this, on any continent (barring Antarctica)
don't forget what's been going on for a few decades already: a personal phone number that ties your home address, billing, etc etc.
- If you want to enter the United States you must have a social media account to vet for your love of Dear Leader.
I totally agree with that, and all those points scare me a lot more than privacy-preserving age verification.
They all started with something as innocuous as privacy preserving age verification
They all started with chocolate. I don't see your point. Remove all laws?
That’s to post something on a garbage social media like Facebook. Facebook owns their site, so I believe they can require whatever they want, and your option is to not use them. Other services requiring Facebook (or an Apple or Google phone) and everyone using Facebook are separate problems, that should be handled specifically; I think it’s easier to leave Facebook than coerce Facebook into decency.
Fortunately on Hacker News, you still only need a username and password. And if spam is an issue, on lobste.rs you only need an invite.
This was 2018 China. Oh jeah add id verification to that as well.
Fun fact: America invented the social credit score, long before China, and they still have it. The only difference, is the lack of the word "social" in the system's name, but it's the same system.
[dead]
is remote attestation possible in a web browser already?
Mobile, yes. Not sure about desktop.
That's Google's new captcha design - they want you to scan a code on your phone to reuse your mobile's attestation on your desktop.
I’ve configured my browser to disable certain tech like webgl, I get infinite captchad by google. Using vanilla chrome works fine. It might not be full blown attestation but it’s not great.
Fuck you google for ever thinking infinite captchas are acceptable.
"might as well abuse this tosser to train the AI a bit. Free compute and classification, hey!" - or so, I guess. They immediately know they'll never get you through :)
Good luck, I don’t know whether the slight line in the adjacent square is part of the traffic light and sometimes I just say fuck it and click random squares.
Google actually doesn't care whether you click that. They care about other things, like how quickly you complete the captcha. Slow down, pretend you're an old granny, and you'll be more likely to pass them.
Sometimes they've already decided you might be a bot, so they'll decide to claim you failed the first several rounds no matter what.
Sometimes I fantasize about getting the Google CEO to complete a reCAPTCHA in Tor Browser live as part of a courtroom trial to prove cheating business practices.
So don't post on Facebook or whatever. It's a waste of time anyway. Why would I want to add more garbage to the dumpster fire?
Can someone help me understand? Why is it not enough to just be able to manually set an age on local OS user account. If unset assume adult. If set applications can use it to verify age. Require admin permissions to change. All responsibility on parents to restrict admin and set the age. No data collection. No responsibility for services beyond a simple check. It seems like an incredibly simple solution with very little compromise on either side that gets everyone 95% of their stated goals.
EDIT: Oh it seems like that’s what the CA bill does? Seems good to me. I have zero problem with age restriction if age verification goes no further than mom buys kid iPhone enters birthdate, Instagram asks phone is user 18.
The compromise is that it is either really easy to work around, effectively defeating what it is trying to do, or it becomes tightly locked down to trusted devices only, destroying the free internet.
It'll be easy to work around no matter what. We don't succeed at keeping under age kids from getting alcohol. Adults give it to them.
These sorts of rules can only ever achieve "mildly difficult".
How would you work around it without admin access to the computer?
A full answer is somewhat dependent on specific implementation details, but the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary. Get another computer that identifies as an adult, and that isn't concerned about your age, to send the data to you.
And maybe that's a healthy way to think about it. That it doesn't matter if kids find it easy to work around. There is no child who hasn't been able to get their hands on alcohol when they want it, but perhaps the infinitesimally small amount of friction leaves many to second guess their choices? Then again, from what I see out there, just rationally explaining why alcohol might have negative consequences is enough to see that second guessing. Alcohol consumption amongst the youth has completely plummeted now that we no longer treat it as some magical taboo thing and finally started talking honestly about it. The same pattern has been observed over and over in other things with undesirable consequences for children.
Yeah there’s no getting around that kind of thing. My parents would unplug the router at night and take the power cable so i found another device in the house with the same cable and plugged it in. But my sister never did that so at least it worked for half of us.
I’m all for sane best efforts for restricting children’s access to mind warping materials online if the consequences on the overall internet are minimal which I think this does. I’m not on board with killing the internet as we know it to get from 80% of children off social media to 90%.
The problem with social media and to a lesser extent porn is addiction. If a kid had to go to a friend’s house or sneak on to their parents computer to scroll tiktok that’s already a huge step in a healthy direction.
> The problem [...] is addiction.
Is it? Only around 10% of the population will develop an addiction (of any kind). About the same rate as the population who live chronic sedentary lifestyles, which comes with equally (or maybe even worse) health and social consequences. Where is the regulation that forces you to prove you are of a certain age to sit on the couch?
This seems like a lot of effort for something that impacts such a relatively small group of people — a group of people (in size) that we otherwise don't normally care about one bit. 10% of the population is marginalized time and time again. What's special about this particular case?
I would hazard a guess that much higher percentage than 10% of the population thinks that they themselves are on social media more than they’d like to be, whether thats addiction or not idk.
You’re probably right though, i don’t think 10 year olds should be on social media in any capacity. Why? Partially because they can easily get addicted sure, but also because really any amount of interaction with these platforms is bad for them because they are monstrous mind warping engagement machines.
> they are monstrous mind warping engagement machines.
No doubt kids will choose social media over cleaning their room. Would they choose social media over going outside to play, if society still allowed them to do that?
The "boob tube", so given the derogatory nickname due to the perception of much the same idea you present, may not have been able to take the warping engagement to the same extreme, but during its prime also didn't really capture the youth attention because the youth had better things to do, like disappear into the woods until nightfall. TV use has always been dominated by older people who, through things like failing health, have lost the ability to do anything better.
True addiction or not, it is worth noting that addiction doesn't happen overnight. One needs repeated exposure to develop the necessary neural pathways. This is why addiction shows up much more commonly in obviously tough environments. People use a device as an escape from their situation, which feeds the mechanisms necessary to develop an addiction. Social media is most certainly engineered to tick the "this is enjoyable" box, but that alone isn't enough to develop a problem. There needs to be something that sees someone want to use social media above all else on a regular basis and, as you point out, it is very likely that much more than 10% of the population don't actually find social media to be all that enjoyable; just more enjoyable than taking out the trash.
So, maybe we can reframe this as: All this work to continue to keep up not wanting to see kids without a metaphorical helicopter constantly over their heads as a result of an imagined boogieman that was invented in the past? Seems like a horribly misaligned effort.
> the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary.
They can do exactly the same with other proposed solutions - ask an adult to register a social media account with their id or pass selfie-age-verification for them.
That is when the conspiracies start popping up, because a lot of people agree with you, me included.
However, you cannot make parents actually use such systems, so ignoring the obvious control this gives nation states, giving states this power might help the children of those irresponsible parents, which is the only real argument I have heard, since the effects of it are the same if the child simply had responsible parents.
Well it’s not even necessarily irresponsible parents, good luck keeping your child from going anywhere you don’t want them to go if you have internet enabled devices in your house.
In my mind you have states mandate that adult content (porn, gore) and social media services are legally required to check for the age from the OS. No other sites need to do anything. No data collection or ID verification anywhere. All responsibility on parents.
I would imagine for the zealots out there its worth it to go further and destroy the entire internet to prevent a single 14 year old from jerking it to a tiddy. And then of course the advertisers want device attestation. At least it seems California is picking a sensible middle ground.
Because many children will have parents that arent responsible and that doesnt mean they deserve to be taken advantage of by a billion dollar corporation.
Well to that i would say we should probably start at the source.
EU law gives every citizen a right to a bank account.
I wonder if EU law could give every citizen a right to a google or Apple account, including a forced recovery option if the account is 'deactivated'?
If at some point such an account becomes essential to function in society, access to such an account becomes a legal mandate.
> EU law gives every citizen a right to a bank account.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
Does the constitution of any EU country allow them to de-bank people? Or even freezing entire accounts instead of some fixed amount inside them?
That's a severe human-rights issue.
I mean, try getting a job without an email account and a cell phone number.
Indeed.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
People love the EU and its oh-so-lovely legislation to keep them safe/lose privacy.
"EU laws", the EU in general is plainly the excuse that will carry the day - people seem to believe this 'good cop' rendition.
As a parent, what I find effective are content rating systems, be it for movies, games or apps, along with the ability to control and fine-tune them.
For example, with Apple's parental controls, I can blanket-decline access to Social Media apps, or to apps recommended for a specific age or older, and I can also allow exceptions as I see it fit (for example, my kids have no access to WhatsApp but they are allowed to use Signal, both have the same age recommendations)
This moves the responsibility for age verification to me, the parent, and provides me with suitable tools to monitor this. With this, there is no need for my kid or me to upload sensitive data or go through some bad age verification implementation.
Websites are more difficult to control, but not impossible.
Long story short - improve tooling for parents that allow more centralized control instead of mandating social media to do the age verification on their end.
It is similar to what Frank Zappa proposed when they were looking at age restrictions on records. He said, they should have the lyrics printed up so parents could decide if their kids should assess it. A decent moderate response.
Alas, the age restrictions came in and the big warning on the front covers was added. It did kind of backfire because that warning started to become a badge of quality to younger people. A similar thing could happen here. If you restrict it then it becomes the forbidden fruit.
That's what the California law does
I wonder (and don't hear anyone talking about it) if kids can't upload on social media and "publishing" platforms. Can they still host a website?
I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?
Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.
> Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
Today I cannot get a VPS without verifying my identity. Can you?
> I feel like most politicians and people don't understand privacy and the impact of breaking it.
I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".
Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.
> Today I cannot get a VPS without verifying my identity. Can you?
I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).
I meant more without scanning an actual ID or face.
> I feel like it doesn't start like this.
Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.
I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.
That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.
The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.
Yeah I agree with all of that.
I do believe that there exist ZKPs, but then it raises more questions, like:
- Do we ban VPNs? I don't think we should.
- What happens if the ZKP doesn't work? It's not okay to fall back to identity verification, but then does that mean that the services are blocked if the ZKP infrastructure doesn't work?
I don't have any answers or strong opinions yet, but I feel like the legal/societal conversation should focus on "actions taken via XYZ" rather than "technology underlying XYZ". Similar to how GDPR, etc. cover actions like collection/storage of personal information, not specific technologies like cookies (despite what many believe!).
In particular, your examples bring these things to mind, which might be worth considering alongside:
- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.
- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.
- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.
- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?
- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.
- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!
The problem is kids on social media. This doesn't need to be a problem for anyone except social media companies and social media users. Sloppy policymaking is making it a broader problem, but I don't think this is some nefarious scheme (at least in the U.S., it looks sketchier in Europe). It's just policymakers pulling the first proposal off the shelf to respond to intense demand for a policy from voters.
I don't think we have to accept that "kids on social media" is inherently a problem. I don't think kids on a 2005-era-myspace social media would be a problem. As I see it, "social media" is now defined as the highly addictive and exploitative products from Meta et. al., and we shouldn't have to destroy any semblance of free or private internet so that they can't be hindered in any way from making the maximum amount of profit and influence regardless of the harm it causes kids (and adults, too).
We've basically accepted the premise as a culture that exploiting adults is fine. Exploitation is so heavily baked into our culture that pushing back on it would cause too much upset.
If you're below 18, you deserve protection. Above 18? Good luck, babe.
I think one of the unintended consequences of age verification is going to be a whole host of unprepared 18 year olds getting full access to social media and getting absolutely one-shot by it. Think credit card sign ups on college campuses or predatory car dealerships near boot camps. There are going to be a lot more 18 year old boys gambling away their student loans and 18 year old girls signing up for OF, but it'll be fine, because they're 18! Not to mention they're going to be scam targets on the level of the elderly. And if you're exploited/scammed as an adult, it's your own fault.
Age verification/restriction without an educational component of some sort is just creating a future cohort of extremely vulnerable young adults for companies and bad actors to sink their teeth into.
[dead]
That's a problem, but I'm not sure its the problem. There are plenty of issues that wouldn't be fixed by prevent kids from using social media.
If you deleted all your social media and AI platform accounts today you would wake up tomorrow and be no worse off.
Dont forget what kicked this age verification in first place. Initially they wanted do age verification for porn, and only year later they moved into social media seeing there's wasn't huge pushback.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
It was funny here in Australia, they did it the other way. They banned social media for under 16 but didn't get around to porn until a few months later.
I mean, even if more things on the internet get restriced it wouldnt affect me since Im not a minor.
[dead]
The "First they came for the Communists" logic still holds. When government able to open the flood gate, the mandatory ID check will be slowly and surely be everywhere.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
First they banned the children from smoking cigarettes, and I did not speak out, for I was not a cigarette. Then they came for the murderers and pedophiles, and I did not speak out, for I was not a murderer or pedophile. Then they came for the carjackers, and I did not speak out, for I was not a carjacker. Then they came for the people who said "Free Gaza!", and there was no one left to speak for me.
This is famously why ID checks at the liquor store led to the government eventually requiring a mandatory ID check anytime you walk the dog or go to the beach... except none of that happened.
I would call github a social media platform. So yes that would be a problem, even if my own projects are somewhere else.
None of this age verification is about children. The end of the free internet is the point.
What even is the free internet at this point? What are we losing? It’s all just television now.
https://www.derekthompson.org/p/why-everything-became-televi...
I feel like one of the problems with “conservatism” (I’m using the term loosely here) is it fights to preserve the status quo, even if the status quo is already a bizzare compromise. If we want to envision a better future great, but preserving what we currently have as the “free internet” is just sad.
Spot on. Too much freedom = peasants revolting.
Age verification is fine, at least in theory. It’s the implementations that are bad.
More and more people agree that kids shouldn’t be on modern social media, including me. But most people also agree that mass surveillance is dangerous. The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
Better parental controls, more parental education, and site-specific age verification (Facebook etc. can require whatever PII they want to use their service) backed by incentives (whitelisting in parental controls, promoted as a “safe site” in parental education). Are these enough? Maybe not, but maybe mandatory ID and blocking VPNs aren’t enough as evidenced by people bypassing them. These (first three) are progress, that don’t yet require mass surveillance, and we can first see how effective they are then go from there.
I wish people wouldn’t say “age verification is bad”, it’s like “anti-work” and “defund the police”.
No, age-verification IS bad and is a slippery slope that will always lead to surveillance. If we don't stop this now everything will get worse. And trying to lump this in with other extreme rhetoric doesn't help. The answer is and always was "better parenting".
Everything good is a slippery slope: every step in the right direction is bad if you overshoot. Maybe age verification isn’t needed, and educating parents is important; but without more, they’d have to be ultra-helicopter parents to stop their kids from accessing social media.
At minimum, parents need other parents in their local community to be educated; and better parental controls, so they can give their kid a phone and computer (for good reasons like safety and education) that won’t let them access social media (even unintentionally, some parental controls are that bad). Both can be done without laws, only social pressure and at least the potential for new (locked-down) devices.
(In theory, kids should also be prevented from buying unlocked devices, like drugs and alcohol. And showing the local cashier your ID to buy a generic device (whose packaging is indistinguishable from other device packing, so it can’t be traced to you afterward) is technically a form of age verification. But in practice this may not be necessary, because hardware is too expensive for most kids.)
And in addition to that, it is the role of the parents to be having the say in what their kids should and shouldn't be doing. As far as I am concerned most governments stick their collective noses in where they are not required. And, yeah, I do agree that kids shouldn't be on social media. Having sid that, even some adults shouldn't be on social media...
> it is the role of the parents to be having the say in what their kids should and shouldn't be doing
The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle. So yes, I do agree that parents must talk to their children and explain what social media can lead to, including the dangers of internet predators and so on. But no, I don't agree that parental control is a general solution that will work for all kids out there. It never has.
<The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle>
Very true & having 6 kids of my own, I know that only too well. I still don't like the idea of Mr Government trying to tell me how to raise my family. Here in Australia the government seems to like that a lot...
Well the thing is that people often love when the government tells other families how to live, and partly for good reasons including enabling basic education for everyone. Partly the wants of the parents and the needs of the kids might be at odds. Society is a complex construct.
Governments are required to enforce that devices must give the choices to parents though, right? Otherwise devices won't give the choices to parents because it's more profitable if you don't.
I won't disagree with that. And "better parenting" is a solution. However, what about the children who don't have the advantage of "better parenting"?
Rightfully blaming bad parents is reactionary
If parents don't want their kids on social media, get them a dumb phone, or use the parental control features. Maybe some parents don't care, and that's their prerogative. None of this is about protecting children, it's about "protecting" adults from "bad ideas".
The problem is many parents will not do that. Do those children then deserve to be taken advantage of by social media corporations?
Generally, things that are harmful and addictive such as alcohol, cigarettes and casinos require age verification. We dont just put the onus on parents because a child with bad or absent parents still deserves to be shielded from alcoholism at 12 years old.
Social Media companies taking advantage of people is a whole other conversation, and isn't just an issue with minors.
So are gambling and cigarettes. As a society we've decided a reasonable compromise is that you can get the freedom to harm yourself at a certain age where you're assumed to understand that you're harming yourself.
>Rightfully blaming bad parents is reactionary
So? Not all reactionary (if you mean "conservative") takes are bad. Sometimes they're better than the alternative: accepting bad parenting as some default and working around it with technological restrictions.
"Reactionary"'s origins as far are pure political DARVO and gaslighting anyway. It originated in the French revolution and basically declared "You are morally wrong for being horrified at my horrific and evil actions." That origin tainted the term for me personally.
The actual modern reactionary meaning of "referrant to a mythical past as a standard" always felt like it deserved a better term. But nobody would get what you were saying if you called them a "fairytaleland resident" or similar.
I always read "reactionary" as "oh no, someone did something! now I have to react by getting angry!" and it seems to fit well enough.
The slippery slope was ad-sponsored social media in the first place. Ban it at the source rather than trying to fix downstream problems.
HN is filled with people who are on the other side of an "internet best practices" information divide.
For everyone else, the internet is already a shit show and a half. They want control, because it means putting a stop to being predated upon, or more nihilistically, harming the firms that are harming them.
I don't know how to let other commenters see how bad it is, or make the gulf in view points clear.
Giving up control is always a mistake - they never do what they promised and you never get back the control. There is never a refutation to this fac: just a childish "But I want it!".
I agree. That's why the government shouldn't stop toddlers from buying guns.
How is that the answer when even parents don't have the right tools for this. are parents supposed to surveil their kids 24/7 and monitor their internet traffic?
Why is the internet special, do you also believe physical stores shouldn't check for ID for cigarettes and alcohol, because the solution is better parenting?
I never had to get my ID checked to be able to talk to strangers.
Did you to talk to the strangers in the night club when you were 11? Or were there several completely separate reasons for why you couldn't?
The internet has explicitly R-18 chats. Random IRC channels are not nightclubs. I am moving the goal posts back, if you touch them again we're escorting you off of the field.
Most things that happen at nightclubs are not R-18 either.
That doesn't make adult spaces equivalent to family friendly spaces, off the field now sir.
in real life people can see you and determine your age at a rough estimate and be able to tell if you're an adult or not. Do you support having to turn on your webcam and show your face in real time then, to talk to strangers on the internet? many age verification sites are doing just that.
Did you mean to reply to me? I evidently do not support the age verification regime, so no...
maybe?
I get that you don't, all I'm trying to do (and failing) is have a discussion, apply critical thinking and be able to articulate a position. I'm neither fully opposed to it, nor fully in support of it. I'm always seeking nuance. I've found out lazy reductionism is the cause of much suffering and loss in the world, I can be bothered with the tedious nuance, especially for a topic I know a thing or two about in my own view.
Unfortunately karma systems on sites like this are not conducive to such a discussion. I want to challenge your opposition to the age verification regime, so that I can be better informed, and you will stand on a more firm ground, articulating your views with solid arguments instead of "i don't like it".
Oh, okay. Well in that case then the answer is no, I don't support any of this.
Of course I'm happy to talk about my positions but there is little nuance to my position tbh: I remain entirely unconvinced by the justification for proposed measures and believe that the entire discussion even happening is essentially a framing error. We're all talking about what should be done about this. About what, specifically? And, well, why now?
I grew up on the Internet. I've had essentially unfettered and unmonitored access to it since I was maybe 11 or 12. Me and my cohort of classmates often talked about sites like Rotten or Motherless at the lunch table, and certainly age inappropriate content like on Newgrounds and Lord help us, Ebaum's World.
Now okay, things have changed. (I'm still quite online for better or worse, so please don't get the idea that I don't see that the modern internet has different child safety concerns than the one I grew up on.) But somehow, the rhetoric is exactly the same as always. It's the same damn thing. No matter how the times change, it's the same "protect the children against the evils of sex and pornography!"
Uh huh. I realize not everyone has a universal shared experience, but from my point of view, the problem with kids and inappropriate content isn't just a story of negligent platforms. It is the story of 1. Hormonally unstable kids going through puberty who will often stop at nothing, 2. Platforms that are more or less indifferent and will do whatever gets them money, and 3. People who take on the immense responsibility that parenthood entails then expect the whole of society to take care of them.
I don't know what to tell people, I get that this is a terribly uncomfortable fact, but the number one reason why adolescents get involved with porn and sex is because they explicitly are seeking it out and want to be. It is nothing to do with the porn industries or lack of Internet regulation, it's their goddamn bodies.
It's absolutely true that I had access to content far more disturbing in all metrics than the old playboys under the mattress of yesteryear. I am not claiming this is ideal or that it should be the case. I'm just saying that it happened and the generation that was there is here right now, and we're fine.
But maybe social media is just simply too much. It puts kids at too much risk and they can't handle it. I think we're selling a lot of adolescents very short here without at least giving them a chance to have a bit of freedom, but fine. Let's fix this.
How? It's simple. When you are a kid, the first computer and phone or whatever kids get these days, is given to you by a parent. What we can do is make decent parental controls. We don't even need strong identity verification. We just need to be able to provide a way for apps and sites to voluntarily block children.
This sounds eerily similar to California AB 1043, and it is. I think that California AB 1043 is also bad for many reasons. Firstly, I know this is going to be expanded in many uncomfortable directions; it doesn't take a genius to make basic extrapolations. Secondly, I feel it is poorly written and confusing; what's an app store? Why does the law require all apps to request and store the age bracket information? What is an app? Does GNU sed now need to, by law, request the age bracket information from systemd and store it somewhere? And no, it isn't acceptable to just try to "do what they mean", it's a badly written bill. We shouldn't accept badly written legislation, but apparently in the past couple years or so the situation that had been ongoing for the past 3 decades or so with the Internet suddenly became extremely urgent to fix Right Now (in a couple of years) so we had to rush out shitty legislation that makes no sense.
So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.
So we won't even just get sensible parental controls. We'll get weird parental control like legislation, having to send a live stream of our faces to sketchy companies who pinky swear to not leak it by accident, enter our credit card information into sites that definitely won't get breached, and scan our goddamn government IDs to access basic chat functionality that we already use today, in some cases. Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is. (It sure was helpful for one of my friends who was gay and could access resources on the internet when his conservative parents were unhelpful. I suppose everyone is allowed to raise their kids how they like, but I can see the duality of how it's also not always the case that the parents know best.)
To say that I think this is all beyond farcical is a massive understatement. So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place and I don't like engaging with things that I know are coming from the wrong place. I'm not saying you or anyone in particular actually has bad intent by any means, just that I don't believe this entire movement at all.
> We're all talking about what should be done about this. About what, specifically? And, well, why now?
There is a seemingly endless lists of victims to crimes happening online. Not only that studies that are coming out in recent years are showing lots and lots of adverse effects against children that grew up with unfiltered access to the modern internet. The internet you grew up in as you probably know is long gone, the iPhone-era internet, with tiktok, instagram, youtube,etc.. is a whole other ballgame. Not only that, people depend on it a lot more, it is not a whole lot different than any other real-life infrastructure, except it was built without any planning around how it impacts those that it affects. When you open a business you need a permit, when you accept or reject customers in a real world business there are laws, even when you simply have a gathering in a public park, above a certain number of people you need a permit. All these laws originated as a result of people getting harmed.
Why? To be frank there are lots of whys. The big-tech companies like Meta and OpenAI are using this valid concern and narrative, so that they can swoop in, save the day and then do some really nasty evil crap (not just profiteering). and like so much else these days, these ghouls win because people like HNers can't be bothered with critical thinking, they're allowed to get away with what they do because the alternative those who can actually solve this present is preservation of the status-quo (I can rant a lot about how this is also how the downfall of America is being orchestrated, but that's a distraction).
> I grew up on the Internet.
That internet is gone, dead, a thing of history. Your experience is invalid. Take some time to see how r/Teachers in subreddit is observing the change in kids these days. The internet you grew up in was young, it was not widely adapted at a global scale, you didn't rely on ebaum's world to function day to day but you'd be hard-pressed to even get vital medical care these days without a smartphone on hand, logging into random sites and installing random apps. Even with porn, it was one thing over a slow connection with not a whole lot of awareness, you have kids even under 12 watching porn on smartphones.
Take a step back and think about this, someone who is unable to consent to sexual activity is partaking in one, and the people that are particpants on the other side of the sexual experience are adults who can consent. Sex is used because it's a lazy of making an argument, but the point remains, it doesn't matter what your anecdotal experience is, many for example say they were fine having sex with their hot teacher in highschool, but we send such teachers to decades in prison for grooming and sexual abuse of a minor. It is the simple fact that society has decided consent is required for certain activities, and age of consent has been established. The means of the interaction is irrelevant, non-consensual participation of certain activities is illegal, and laws must mean something and must be enforced equally.
> Hormonally unstable kids going through puberty who will often stop at nothing
That is irrelevant. If we can stop one kid from interacting with a pedophile or having life-long psychological issues, it's a win. and honestly results are irrelevant here, the means is not a way to justify the ends. the means here exist because it's the law, society has decided it's wrong. If you think kids should watch porn, that's a different story and it would be same as agreeing they should be sleeping with adult prostitutes or get into strip clubs. The internet doesn't change what's happening. Watching a naked stripper in person and watching that same woman do the same thing on a screen are not different types of non-consensual sexual activities.
Your argument about "they'll just want it more" is not correct either. The same argument has been tried with alcohol and cigarettes. Right now the alcohol industry is suffering because Gen-Z don't want to drink, same with smoking. All the efforts to curb those are paying off. Gen-Z are much more prudish and seek out social conservatism because they're seeing the penalty of this reckless disregard to the harms being done to a person's mind.
It used to be boomers and older generations would say "look at me, i grew up being beaten near-death and I turned out ok" too, anecdotal experience doesn't make things right.
> California AB 1043
I don't know much about it, but restricting social media and internet access to kids is happening globally, and for a good reason too.
Just consider one thing in this discussion: it isn't about being a prude, but about actual harm, actual suffering, actual abuse that's happening.
> So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.
Parents have a responsibility, but so does every member of society. You have a responsiblity to not hand over a child a gun, poison, alcohol, keys to your vehicle,etc.. when you interact with others you are responsible for your part of that interaction. You don't get to flash your private parts at children, and you don't get to do that same thing through a screen either. Being over the internet, again, does not change what's happening. Things being terrible since the dawn of the internet because laws not catching up to tech, doesn't make those terrible things acceptable.
> So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place
I don't disagree that this is coming from the wrong place, at least in the US. But the only reason we're talking about it is because the problem it is solving is very real and extremely pressing. It has widespread societal support. As I keep mentioning on HN, there are privacy preserving ways that don't involve 3rd parties or the government tracking what sites you visit. But we're not having that discussion, we're letting Meta and Elon musk solve the problem and destroy what little is left of the good side of the internet. Law makers are not being presented with alternatives. I demand my lawmakers solve this problem one way or the other! it is not ok, if I can stop one vicitm of sex trafficking, one victim of pedos, one person from forming an unhealthy sexual mindset and runing their lives (see all the "looksmaxing" people now for example), it's worth it. I wish I won't have go give up my privacy and what little I cherish about the internet, but I am fine doing only work on a computer and going back to the pre-internet way of doing things if that is the price. But there is no need for that, there is a way everyone arguing in good-faith wins. We can pay anonymously with crypto, and authenticate with fido2/yubikey just fine, homomorphic encryption exists, EMV payment cards already implement a challenge-response authentication, the tech is there to solve this and a whole lot of other things but we're letting Meta solve it with a 3rd party id verification system that involves passports and id cards, and facial recognition, and surveillance instead.
> Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is.
Harmful content, not merely inappropriate. You can't reasonably prevent access to an internet connected device. To say that parents should do something but not anyone else silly, both parties have a responsibility. if someone interacts with you, you are responsible for how you respond. And it isn't only children, same applies with those that are mentally incapacitated (we just use "but the kids" because it's easier to make the same point). The problem is there, your response being "we shouldn't solve it" is only letting those with bad intentions solve it in a way that benefits their evil intent.
Lastly, don't believe in any movement, the whole idea that you have to be for or against a thing wholesale is severe epidemic. Things get worse and worse because of it. Democracy is dying because of this as well. Find the courage and endurance to keep asking critical questions, keep debating, keep convincing your peers of not just this but so many other topics. Either we are governed by those who appeal to our emotions, or by those who appeal to our reason.
I think minors shouldn't be in any store period unless accompanied by their parent or guardian.
you feel the same way about websites then?
Yes.
But parents should be penalized/inconvenienced if they can't control their children, not the store/website.
In some states, bounty hunters can find violators of various laws and bring them to the state in exchange for money. Allowing bountry hunters to be on the lookout for underagers trying to enter stores and report them could be a profitable endeavor for both the bounty hunters and the state, providing a market-based incentive to protecting children.
Stores/websites should only be penalized if they are specifically targeting and inviting children to enter.
Certainly there are some types of stores that are very safe for children to enter. So, the exception should be structured like this: "Stores that only sell these items mean that parents will not be fined if children enter it unaccompanied." Additional conditions could be attached, e.g. "a safe store shall verify the ID of anyone purchasing alcohol." And maybe other benefits can be attached to being a "safe" store, like tax incentives, etc. If the store violates that condition, then it should pay a fine or lose any other benefits of being considered a "safe" store. But a business should have a right not to be a "safe store" and the duty to prevent children from entering those should 100% fall on the parents.
But in real life, if you sell cigarettes to a 5 year old, you'll probably go to prison.
Isn't a reasonable approach to the internet, to have a protocol by which individuals can prove they have a state issued identity that proves they are above a certain age, and nothing more than that to the website? That way the website doesn't need to check anything other than presence of a cryptographic identifier and validate it. And parents as you noted are responsible, but only to make sure their state issued cryptographic secrets can't be used by their children. it could be as simple as having an NFC capable state issued IDs that can do a challenge-response with the browser/os. We already sort of do this with EMV payment cards. Websites have to validate a payment card is authentic by asking for the CVV code for example.
Age verification has always existed in the physical world, such as at bars and casinos. I just dont see why the internet should be immune to real world rules we decided upon for good reason.
> "better parenting"
This has nothing to do with parenting. It's surveillance. They failed to do it through child porn argument. They are doing it through 'social media is harmful for children' argument. People did not bite on the former. They ate up the latter out of hate for social media platforms.
I don't believe children should be on social media. Some other people might not share that belief. Should be up to parents to decide what's okay for their kids, not governments or companies.
Age verification will always lead to more surveillance. People need to just be more mindful of what their children are doing online, maybe stop giving them smartphones, and just be parents.
I don’t think social media is intrinsically bad, just the toxic popular social medias. Did kids in the 1990s with access to internet forums have stunted social development?
Did kids in the 1990s with access to internet forums have stunted social development?
"He's intelligent, an underachiever, alienated from his parents, has few friends. A classic case for recruitment by the Soviets." — War Games
More seriously, internet forums weren't designed to be addictive. They were designed to communicate.
That's the difference between the past and the present.
Old school Internet forums and sites were not designed to be addictive.
The "time on site" KPI and its variants is the root of all evil.
Somehow this "leave it to the parents" logic isn't followed when it comes to cigarettes or alcohol. Why is social media different?
Because the patterns of consumption and harm are very different. It's the constancy and immediacy of social media that makes up the major part of its harm. It's not something where a 15 minute smoke break or a weekend binge is the main mode of consumption and harm. So the parents have a lot more opportunity and power to handle it if they give it reasonable time and attention.
Are 14-year-olds always with their parents?
I think you’re missing that this abdication of personal freedoms to the government in the form of government imposed restrictions on cigarette and alcohol sales is precisely how we’ve gotten to this point over time; arguably following a planned strategy. People who normalized prior subordination to government in the case like cigarettes, alcohol and other things; are now already even more primed to abdicate even more freedom to mommy and daddy government than the prior generation.
It seems clear to me that America is heading into an extremely repressive system where even the nominal use of America may just end up falling by the wayside within the lifetimes of some people alive today. Functionally speaking the, notional or spiritual death of America happened a very long time ago, probably 1840 but obviously no later than the outcome of the Civil War which turned a decentralized union of federated states that formed a republic, into a centralized dictatorial federal power and later the groundwork for becoming the empire we are only 55-80 years after the Civil War, depending on how you want to look at it.
I think people forget that there would have been people who experienced the Civil War that destroyed the central premise of the Constitution, that sovereign states join in a Union to cooperate, and the formation of the Empire of America by no later than the end of WWII.
Those things never happen abruptly, they happen in following a long strategic plan based on objectives not timelines. Part of such a plan is causing ever increasing dependence, deference, and subjugation to government, which is really just someone else’s control over you, the people who make up the “government”, instead of your own control over you. Part of that is giving the impression that money and daddy government will take care of the children, as a tool to psychologically manipulate people by hijacking their instinctual care and concern for protecting children.
It’s why and how they’re more pushing age verification, not ban for minors with similar criminal penalties for anyone who allows minors on the internet/social media. No, you as an adult need to confirm and tie your identity to the digital fingerprint that is tied to all the data that was and is collected about your activity over the last 20+ years … to protect the children of course.
It’s why some people refer to the majority of humans as cattle. You just have to herd them around and they moo and then start fattening up on corn instead of grass, just like the last generation did before they were harvested.
Maybe because they're not comparable.
By the same logic, we should allow the sale of cigarettes to minors.
We don't let kids turn up to school drunk because they went to the cornershop on the way to school. I guarantee that would be happening if alcohol sales were not age gated and enforced by the government.
In the same way kids should not be infecting their minds with social media slop, or porn, or plenty of other internet content.
The only way this is stopped is when a social norm is created which shames all but the most negligent parents into compliance.
At the moment the absent and bad parents have all the power. Their kids scroll all night for memes, injest YouTube brainrot and turn up at school disruptive. Kids with responsible parents either want to that as well, or can't escape it.
Surveillance from age gates is a red herring. That horse bolted long ago. You are surveilled already by tech bros when voluntarily logging in, or by making yourself stand out a mile by using a VPN and a uncommon browser setup. This data gets handed to your government on request.
Having an anonymous VPN won't stop the tech bros or an authoritarian government forming, or bring one down.
People taking part in their existing democracy and maintaining the foundation of that is the best course of action. Raising a generation of kids not addicted to internet brainrot is a key part of this.
So maybe there should be better education for parents. Maybe there's other solutions. I can't accept that the nanny state parenting our children for us is the way to go. If people are being negligent of keeping their children safe, maybe they should face consequences for that. The point is, the parents should be solely responsible for deciding what's appropriate for their children, and if they don't have the resources maybe that's something that should be addressed, or if they're not doing their job that should be addressed, but age verification just ain't it.
That's contradictory logic. If you have to parent your children a certain way or else the state will take them away, then you aren't solely responsible, and the state is a nanny state.
Why isn't there a simple solution in the software world that's functionally equivalent to flashing your ID at the liquor store? They get the verification they need with no permanent record of your PII.
This can't be that hard. Can't I get an electronic certificate/flag verified by a trusted third party using my ID, where this cert retains no PII? This is what I come up with after not thinking very hard about the problem, and I can't be alone.
Maybe its naive to think that harvesting PII isn't the point.
In theory, sure, an identity verifier could issue you you a bunch of single use JWTs signed by them that contain `{"over18":"true", "nonce": 12748583..., "iss": "<issuerurl>"}`, signed by their key. A relying party just needs to know the public keys of all the issuers they trust, and can consume this JWT, verify it, and never learn anything about your IRL identity.
The important things are that they must issue a bunch at once. (Otherwise, correlating who you are becomes easy). They must keep no record tying nonce or the full JWT to an individual identity. Something user local or otherwise trustworthy (not keeping logs), needs to hold on to these, and send them out as needed, being very very careful never to reuse one (as that would enable cross site tracking). Lastly a relying party must be required to trust many issuers, not just those they are colluding with track users across sites with this.
The European Commission actually proposed pretty much exactly this system, also with a variation where instead of revealing the signed token, a ZSNARK proof (that you possess a validly signed token with the over18 attribute from a specific issuer) could be given to the relying party instead (to make it impossible for issuer and relying party to collude to release your identity). Many people here seemed to not like it.
California just mandated a simple solution in this style.
That's what was in the California bill that we all complained about until Linux got an exemption. We called it an age verification bill even though it has nothing to do with age verification, and was all about making sure every OS has a parental controls feature.
Age verification is fine, at least in theory. It’s the implementations that are bad.
I sometimes wonder what HN would be like with age verification.
I doubt we have that many underage kids here.
I think you'd be surprised.
Also, imagine being able to filter posts by the age of the writer. I think it would be interesting to be able to compare the responses to a post by age.
Or to just filter everything by age, and view HN as anything from AI Hype Club to Graybeard's Tavern.
If nothing else, it would get rid of all the bots and AI nonsense.
> More and more people agree that kids shouldn’t be on modern social media, including me.
Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do? You and the "more and more" people who agree with you are cordially invited to fuck off.
> The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
The solution is for you to get over your bullshit, not to chase impossible pipe dreams.
> Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do?
Uhmm... Yes they do? That's... the whole point of living in a society? With laws? So we can collectively decide what is and isn't desired?
Children are also banned from purchasing alcohol or going to the casino. There are tons of things we collectively decided children shouldn't do.
why aren't you using your full government name as your handle here on HN?
age verification is a cover for universal internet IDs. you'll never be able to go online and do anything anonymously again.
Growing up I remember all the ads about avoiding narcotics talking about getting hooked on free samples and then going to jail for theft and/or possession. The people behind that propaganda didn't know drugs do cost money, dealers being dorky teens and twenty-somethings who are about as dangerous as a butterfly. But this propaganda also illustrates how some elements aren't very bright. The internet age with free email, free social media, etc. got everyone hooked and now Zuckerberg, et al. are giving doe-eyed, hat-in-hand, and crying poverty. If people were wise to those PSAs, past and present, they'd see how the loyal opposition has been playing with their cards face-up on the table under the guise of good intentions. Much like the pedophile scare during the teens, pun unintended, with Comet Ping Pong and then come 2024 it's revealed Epstein and his cadre of deviant cronies were doing it all along while deflecting poorly to innocent parties. Goodness knows what else is still right in front of our noses but their reality hasn't come to fruition in the zeitgest.
> getting hooked on free samples
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
I know it's a tangent.
Do you have personal experience with going to high school parties and drug dealers being there trying to get you hooked on drugs? I ask because the scenario you're presenting here sounds like something out of a movie or TV show, and not real life.
You understood the opposite of what I wrote. Read the comment again, it's not about being hooked on drugs at all. It's about having them on the hook for blackmail.
And yes: Taking drugs or hanging out with people who take drugs is enough "kompromat" for a teen to then be extorted by drug dealers, because they don't want their parents to know.
Especially in countries where the law looks very lightly on extortion, looks very favourably on "young offenders", and is very lacking in empathy for young victims.
Not to mention: Do you think a 15 or 16 year old wants to go to the police and tell them that they are being used by drug dealers, when the first thing the police is going to do is also book the teen for drug use?
Drug dealing aren't just Mexican cartels or hood gangs, it's a network with branches into everywhere, and they need a constant supply of victims. Read some court proceedings from low-level drug cases, and you'll see how these criminals operate. It's not like TV.
[dead]
[dead]
ZKP is definitely a good idea, definitely more open for this kind of age verification than anything else. And I don't buy the argument of "closing internet", social networks are a proprietary service and if you don't want to obey with the regulations, create your own website and post things there if you want. However you have to provide your identity to the domain name registry or to the intermediary. Also other services require you to verify your age or even provide your identity, this is just another one that comes way too late.
It is closing Internet. The same companies that produced the ills of social media are now pushing for a non-remedy (that doesn't prevent kids, and doesn't solve the problems they created) that only benefit them and not society. It's just like tobacco: it's toxic and probably overall should be banned because it does not benefit society (or anybody except tobacco executives). Do we make a mandatory nation-wide electronic log of whoever buys tobacco in the name of age verification?
Our ancestors here in France literally fought the nazis so you don't have to have a nazi-approved « Ausweis » to go wherever suits you. We would be well inspired to follow their example.
a.k.a. Think of the children.
But don't teach them how to navigate the world and interact with both good and bad.
I hope [semi-]decentralized applications like Hyphanet and Matrix take off with teens as the lockdowns ensue, because they will grow into adults with the same cyber/cipherpunk mentality we '80s & '90s kids grew up with.
Rule 1 of The Internet hasn't changed, it's: never put your real info into the boxes. Never!
If (big if) governments really wanted to help parents and children in any meaningful way, they would ban the actual hardware used to give constant access to these platforms.
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
That is what they would do if they wanted UFO sightings back and police brutality evidence disappearing.
People can still record all they want, they just need to wait until getting home to upload the content.
It would be an excellent case for zero-knowledge cryptography:
All that you need to know is that I am above 18 years of age.
You don't need to know how old I am, what my birthday is, what state I was born in, my gender, or when my passport expires.
The downside with ZK cryptography is the complexity. Something would have to be insanely inconvenient to justify it.
> It would be an excellent case for zero-knowledge cryptography:
The last ~third of the article is about the EU's zero-knowledge approach
You mean the EU's fake snake oil zero-knowledge approach.
They've standardized two systems under the banner of "zero knowledge". One is actually zero knowledge. The other is trust-me snake oil. Guess which one is getting deployment.
yes, I'm aware, although the article does not mention that distinction
> While the rest of the world is moving forward with identity verification plans, the EU has presented its own privacy-focused approach to age verification. In April 2026, Ursula von der Leyen, President of the European Commission, unveiled an age verification app with “the highest privacy standards in the world” and the presentation materials describe the app as “completely anonymous.”
I’m just afraid that membership countries will be too dumb to understand the difference, and for the population worldwide to be able to comprehend that it’s even possible. To be honest, ZK crypto is one hell of a party trick. Compared to tech where the premise is “we put a picture of your passport in a box, and when people want to know, we look and confirm.”
People don't read, just comment
Judges and lawmakers are lawyers and a significant chunk of them are Boomers. Good luck with that.
Isn't age verification actually a good thing? If you want a free internet, you don't let your kids browse these websites. Otherwise, it allows you to make sure they aren't watching "hurtful" content.
No, forcing everyone to verify their age is a terrible thing. That's not the same thing as keeping kids away from potentially harmful websites or people. That is positive, but it's awfully weird to enforce it by doing this terrible thing that hurts the open Internet when almost every single kid on the Internet is using a device and Internet connection provided by their guardian. Seems like we could figure something out that doesn't literally require every website to process your identification and completely destroy anonymity.
Idk why people are so obsessed with this issue. Having to verify your age to access adult content seems completely reasonable. If you go into a grocery store and you bought a carrot you dont have to show age verification. if you also buy a beer you do.
Why is everyone so opposed to the internet working this way?
1. Because it isn't what you are saying it is.
You are suggesting it's simply a matter of adults verifying their ages to access adult content. But it isn't! We're being asked to either scan our faces or provide our government IDs, to access basic online interactivity we already have, on the likes of Discord and Playstation Network, in an effort that is rolling out slowly worldwide. No need for porn or sex at all. These things aren't even required by governments yet. Companies are so eager, they're jumping ahead of schedule.
But would I scan my face to be able to watch porn? Of course not, that's insane. This isn't real life where someone can take a look and go "sure he looks 18" and do no real verification at all. This is the Internet. I'm not going to send a live stream of my face to some company, and by the way we have some real true five star companies stepping up to the plate to provide verification services, and have it literally be associated with my intention to download porn. Firstly, why would I want the site operators to even have any more information about me than necessary? Aren't sex stores awkward enough as it is? Secondly, it's the Internet, as soon as that information leaves my computer "encrypted in transit" I may as well treat it as potentially compromised already.
(Though just to be clear, real life is getting spookier too. With Flock cameras popping up everywhere, we can celebrate the death of privacy IRL while we celebrate it online, too! I am aware that certain countries killed privacy much earlier than others, no need to point it out.)
The long and short of it is that people will (and largely already have) just stop browsing porn sites when invasive "age" (often actually government ID) verification is required, which I reckon is the primary intent here. It seems to dovetail nicely with the other obvious PR campaigns against adult content, porn and sex work in the past decade. They've worked quite hard to try to make people forget "the internet is for porn" era.
What's crazier is there was Less age verification than what is being proposed right now back when people phoned in to order a VHS using your credit card. Remember when credit cards were a godsend for the adult industry? The funny thing is that now, you're lucky if you can use your credit card at all for porn, thanks to the anti porn movement that happens to coalesce suspiciously closely to this movement. And in some cases, it seems that merely providing a credit card is no longer seen as sufficient evidence of adulthood. True, you could just steal your parent's credit card... Just like you could 30 years ago. Or just like how you can get a fake ID. Does that mean we should treat everyone trying to buy adult content as if they may have stolen their parents credit card by default?
2. Because I am an adult.
Most of us are. Almost 80% of us are over the age of 18, at least going by U.S. demographics.
And, we're under 18 for less than around 22% of our lives.
The Internet is not some international daycare program. It is an interconnected network of computers. The connections are managed by adults. It's true that there's always workarounds like free Wi-Fi hotspots, but by and large to be online is to be connected to an Internet plan managed by an adult. That means we already should be able to prevent children from having unfettered access to harmful content with basically no modifications to how the internet itself works.
We've had the ability to do this for almost as long as the Internet existed, and Windows 2000 shipped with a fairly comprehensive system using PICS rules from third parties like RSACi. This system didn't require adults to monitor everything their children did 24/7, and it didn't require adults to constantly scan their face or provide their government ID to sketchy third parties to access chat functionality.
Nobody used it of course, because parents didn't actually give a shit in that era. I'd know, I grew up and had plenty of access to adult content long before turning 18. I am not suggesting this is necessarily ideal, but it also isn't this weird cataclysmic issue that it suddenly became literally like a year ago or so. The internet has worked this way since its inception and somehow only just now is everyone in a panicked frenzy. Now I hate to be dismissive, but that's a load of USDA Grade-A Horse Shit.
So I am wholly against kneecapping the concept of unfettered private communication on the internet because we can't get the parents of 20% of people to do their job for the first 20% of said people's lives.
--
This whole thing stinks rank to me. I get that big tech companies and social media platforms have not given parents very good tools to manage what their kids can see and do on the Internet, but everyone acts as if this is just Machiavellian evil as they twirl their mustaches and laugh. Don't get me wrong, I fully believe that they knowingly make money off of providing inappropriate content to children. The only problem is that a lot of those children's parents knew that too and simply didn't care. And now, instead of just finally making parental control work, something we've certainly had the technology to do since the 90s, we're going to institute mandatory ID laws for all unfettered communication. Hurray. Blast confetti in the street for this victory against evil.
But to me I look at this "activism" and debate in favor of online ID laws and all I can see are anti-abortion protestors at my local clinic.
(I wrote this as if I am an avid porn consumer, because writing it any other way felt cowardly. But that said, I am not. My true passion is Internet privacy, and if I have to go to bat for Internet porn to help that cause it is no problem for me.)
You should not enforce the people to identify themself, you should force the websites to label the content (e.g. 12+, 16+ or 18+).
10 years ago I thought all the cool cats would be hanging out on old skool communities on Tor via meshnet connections.
Instead, in 10 years I'll probably have to log in with an iris scan to check the (ai-powered) time, and pay for the privilege.
Oracle CEO told openly how this is how they will control us. They are not even embarrassed anymore
I warned people about 4 years ago that this would happen. Checking people's IDs online for accessing certain kinds of porn on telegram and Discord is much more popular than you would have thought.
I told these admins this was immensely irresponsible. They said they just didn't want to get sued by an angry parent whose child joined some porn group. I was mocked endlessly. Now this. I'm not surprised.
Yeah a lot is about to change with this all. I've already picked my side and nope not gonna ID to use your website. Will do without, fine with that.
Same here. Need an ID then I don't need you.
To that, I have also what I consider my "forever hardware" were I can do what I want offline.
Not saying other stuff won't creep in for various pragmatic reasons but it will be kept at arms length at best.
>and that you can no longer post anonymously on social media. You cannot be certain that your criticism of the government will not be followed up by the authorities.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
> did you think fifteen different three letter agencies weren't already watching you?
I think there was a reasonable expectation of anonymity, at least relative to other users. In the past you could access facebook with a VPN/proxy (and for a brief time, even tor) and use any name you wanted. But with forced identity verification you lose that little bit of anonymity.
Also, if the government arrests you for making a post, the issue is them arresting you, not your post not being anonymous.
Like, criticizing the government shouldnt just be possible because you can hide behind a fake name. It should be legal with your face name and address attached to it as well
Every political system seems to tend towards fascism though. When it does happen, you'll be glad they're only trying to arrest your alias.
> consequence of introducing identity verification is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media.
on which major social media networks can you post anonymously today? HN is a rare bird in that regard.
None of the social media networks my teens are bugging me to sign up for (IG, TT, Snapchat, etc.) have anonymous registration.
Interesting that no one is talking about identity verification likely coming anyway. I’m working on clawchrome.com, a real browser for agents. It can access any website because it’s the real browser.
I sure hope agents don’t swarm social media. But at the same time I think identity verification companies have a tougher problem, ai can produce real looking videos and documents. There’s probably no real way to verify someone purely through the internet at this point.
I can't really connect the dots here. If you hope agents don't swarm social media, why are your working on a real browser for agents?
There are many usecases for agents having access to a real browser and many usecases for humans where work wise it's useful or for agent success in completing the task. Including any specific situations where sites may block "controlled" browsers, as well as co-working.
If an agent is controlling your own browser, it can get in the way of you being able to do work as well.
Additional security control, if you have control and audit trails regarding what the agent is doing, think things like not having access to the keys, cookies are unavailable through the api, certain sites blocked, especially for agents that run automated background tasks.
There's a ton of reasons really. Using stealth chromium forks can decrease security, potentially get you blocked from services/sites, and typically can be detected easily because Google is doing a lot more than just compiling Chromium to release Google Chrome now. That's why many of the stealth browsers out there are moving targets, and have tons of instances of being blocked.
So, if I as a website author would like to block the LLMs scarping my content or putting extra load and cost on my infrastructure, your project helps the actors who don't respect my decision and don't give a shit about consent to circumvent that?
That’s at the request of a user they aren’t operating autonomously.
If you think something will win, invest in that thing.
When should children be given a smartphone?
The answer is whenever you think your child is ready to view porn.
Ah the smartphone, the only device with which children could possibly view porn.
I remember our famous pornless desktop computers at LAN parties in high school.
[flagged]
Hi 30 minute old account. Whats crazy is that you think you just made some sort of point.
Like what I was driving at here was that Smartphones are not the only possible platform you would need to withhold from kids to get the desired outcome.
And its also silly to think that these controls aren't serving the interests of the very degenerates you claim to hate. Why are you in complete thrall to them, making burner accounts to stick up for them, I do not know.
I agree with @protocolture (Robotech... nice). I will be handing GrapheneOS phones, Qubes OS laptops, and Mullvad subscriptions to my [future] kids and teaching them how the world really works and how to stay safe. I will teach them how to torrent, and how to sysadmin like it was reading and writing. I will teach them to treat the internet like a real life spy vs spy battlezone, basically always falsify and poison as much as possible, the vital information about one's self. I will teach them to hate both Apple and Microsoft, and the reasons why they should hate them.
What I won't do is lock them down, like so much of this comment section is in support of doing. I am disgusted by the death of the cyberpunk ethos from the turn of the millennium.
Yeah pretty much where I am going to have to go with my kid.
I had a job interview at a school ages ago, and while I didnt expect to take it I still asked. How much of your security risk comes from inside the student population, and how much is external. And they said, 100% external. The students hadnt so much as knocked on a port in 10 years. And that horrified me. School as I see it, is a safe place to learn opsec, and you learn opsec by failing. Either that or these kids have the network completely pwned but I didnt get that feeling.
My kiddo will have a desktop soonishly and very much is getting an education in good opsec.
IMO it's the end of the end of a free Internet. Toxic social media traffic, spam bots, hackers, and AI have taken over the majority of internet traffic a long time ago, thus the beginning of the end passed by as we slept.
https://en.wikipedia.org/wiki/Decentralized_web
So there are walled gardens with restrictions. The internet will route around these restrictions.
Just wishful thinking, but I hoped more will move to IRC and GPG emails.
Linux + Website needs to return as the ultimate form of self publishing. Back when an internet search was the platform.
“Introducing age verification is based on the state being able to force social media companies to verify their users’ identities”
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
> Nobody forced them to use their real names and post countless pictures of their faces alongside
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
Never. Life in the real world is better without it.
I completely agree with you. Unfortunately, most of the world seems to disagree with us.
cool to see the eu pushing on the zkp approach. that was my first instinct when i read about this. add a zkp header to http with optional upgrading to "adult" content and it's done.
hey claude build me a small social media site i can use with my friends...
the beginning of the freedom of every person to become a developer
I can't let you do that, Dave
Sometime in the future.
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
It's going to come soon. Very soon. I mean they have started in the physical world by regulating 3d printers and cnc machines to submit what they are making to an AI to make sure they are not making gun parts.
This is why you don't rely on AI too much. An LLM may be able to decide what you can do if you run it via OpenAI or Anthropic's servers, but a text editor and your programming language of choice just does what it's asked to.
Alternatively, open source community software run by folks in a country that doesn't have any age verification laws/don't care less about them.
“Sure just refill your credits for $200 and resubscribe for 1 year.”
Just run it locally. On your laptop that now needs 128GB of memory and costs $4500. Oh and your AI chip is out of date in a year, and can't run the latest shit.
"I'm sorry but I can't fulfill requests that might potentially harm young sebastian."
Good!
Internet has become a messy and dangerous place. Anybody with money can access it, that not necessarily means somebody with common sense.
90s, early 2000s, we would go to the internet to have good time.
2020s, people are ditching internet and new techs to afford having an offline life.
Social media has never been a part of free internet
There is no bona fide desire to solve the problem by the social media companies which are profiting from our kids. As a parent, I can never find the option to enable parental controls on apps like YouTube (especially on TV). This option is easy enough to implement locally without requiring any accounts or OS-level age support. However, clearly the goal is not to protect the children but to enable mass scale surveillance and profit from it. Even when I manage to enable parental controls by using a dedicated app or account (what nonsense is it that I need to create an account to restrict access!!!) the content being served is dubiously appropriate for the age group, aside from having no value whatsoever other than the intended goal of perpetuating addiction.
Well, no, certainly not the beginning of the end.
"Will the police stop and search people on the street looking for unauthorized phones? Prison sentences for buying a non-state computer on the black market? Charges of organized crime for smuggling in containers of open-source software on USB sticks?"
Come on, do people seriously believe this will happen?
Isn't it happening in the USA right now at borders and it happened before when encryption was a munition?
> Today, 30 people are arrested every day in the United Kingdom for posting something online that authorities classify as “grossly offensive.”
It doesn't really help their case to parrot Musk-level misinformation...
https://www.pragencyone.co.uk/blog/elon-musk-misinformation-...
https://www.independent.co.uk/news/uk/home-news/wales-englan...
Of course. Anyone who has even a little life experience knows that children, even more so, teenagers, will circumvent these measures, so they will fail at scale.
But what won't fail is the obligation to provide your id to 'verification providers', who are obligated to provide it to websites, all of which are obligated to hand over your identity to the authorities the moment they ask - the verification provider included.
So it's just mass surveillance, finally sold to the public through 'think of the children!'.
Does anyone think of social media as free?
i think in most cases sites like HN for example would be exempt due to not having enough users.
The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.
When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.
A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.
Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.
You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.
Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.
Age verification is a project 2025 backdoor to ban porn, and also a way for Meta and others to advertise much more aggressively without violating age restrictions, and also a mass surveillance opportunity for the government. It is definitely not for the children or anyone’s safety. It threatens the most basic civil rights we have like free speech. The fact that so many people blindly support it is really depressing and disturbing.
Social media (et al) already know each user's age.
They could "protect the children" at will. They simply choose not to.
Why this kabuki?
In conclusion, I can't treat these age verification proposals as good faith efforts while the core rot of the social medias remain unmitigated.just leave the walled gardens
I think the solution would be to make the business model of surveillance capitalism unfeasible. If algorithmic social media would be prohibited from offering their services for free, it would solve most of the problems the age verification laws are trying to achieve. Kids would basically disappear if their parents are not paying for them. Most parents would disappear too in fact, which would be good for everyone's mental health. And it wouldn't remove choice. You can still choose to use use Facebook or TikTok, if you subscribe and pay. It would basically act like a slop tax.
I've said this before and I'll say it again. Just like radio was the wild west back when it first started, the internet is so today and eventually it will be licensed and regulated in the same way.
Oh boy, that means I'll be a real pirate! I can't wait
I'm so tired of this constant pressure.
Mullvad VPN is great. Mullvad Browser is a great balance for preventing fingerprinting and also usability vs the Tor Browser. Most browsers I've found, even ones with claimed fingerprinting protections, are easily traced by fingerprint.com and other tests. Mullvad beats it.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
One more reason not to use social media. Except anon discussion boards.
Social media itself was the beginning of the end. Once we largely replaced a decentralized networks of blogs and websites with 4 giant sites containing content copied from the other 3 the jig was up. Many of the social media sites don't play nice with search engines and include features that auto-delete content or block linking to other websites as well.
I hate it and I hate that this is what became popular instead of what the internet was in its heyday. It's sad to see.
Honestly, I'm kind of glad this is happening. Online is a bottomless well of libertarians and anarchists and Blueskiers and QAnons. It was always a neckbeard paradise.
It's not just kids it's bad for. Too many people don't have the agency or social/emotional insight to take care of themselves.
[flagged]
[flagged]
Whilst getting excited about 'loss of freedom' the reason these companies are getting forced into this is because they've become so large, fundamentally evil and untrustworthy that we can't regulate them in to doing better so we have to ban susceptible citizens from consuming their output. See tobacco, alcohol, porn, cannabis, driving licences for other examples. /s
[dead]
[dead]
[flagged]
This won't down the bot population. There are hundreds of millions of people in poverty who have this digital identity issued by their government that is mostly worthless to them. They'll sell it for $50, and there will be a bot running around with their name.
First of all, having to buy each account for $50 instead of spinning up thousands for free would shut down most botnets as the economics would no longer work. Second, the move toward identity verification will eventually make even selling accounts like this impossible. You can only sell your identity once.
I stand by what I originally said, though I admit it was a bit inflammatory. Everyone wants to have their cake and eat it too. Social/mass media is being used to disrupt western democracies. This is not the future we all wanted for the internet, but humans ruin literally everything. So we have to deal with reality here, meaning identity verification will become a non-negotiable. The masses may rail against it, but it's necessary and inevitable.
>First of all, having to buy each account for $50 instead of spinning up thousands for free would shut
Would cost them chump change. You've added an operating expense. When bot farms have giant walls of smartphones bolted into specially-designed rigs, that means they're already used to operating costs that are non-trivial.
>Second, the move toward identity verification will eventually make even selling accounts like this impossible.
How do you figure that? Even if some scheme is invented where a person can verify that it's them, that will be part of the sale. They will make it possible for the third party to do the verification too. If you've got some genius scheme though where that is impossible, I'd love to hear it. Something that only the person themselves can do, and others can't impersonate them even with permission.
>How do you figure that?
Because it limits supply. The percentage of the population willing to do this will eventually run out of identities to sell.
>Because it limits supply.
Theoretically it limits supply. Pragmatically, it limits supply to whatever fraction of the world's poorest 4 billion people are easy enough to cut a deal with. In other words, "still sufficient to cause the same sorts of misery as identity-less bots already cause".
Good arguments there, and for once addressing privacy-preserving age verification.
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
Age verification literally already exists in a way that doesn't require orwellian centralized control. The <meta rating> tag has existed for decades. If you want to restrict access force websites to apply these tags, then use a browser that obeys them. Parents control what their kids access, mostly, like it's been since forever.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
> Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
You (and many others) frame it as "the government versus the people". I think this is extremely naive.
Many, many, many parents are in favour of preventing social media access to kid, assuming it is done in a reasonable way. For instance, having a police officer follow every kid everywhere they go 24/7 is not a reasonable way, and everybody agrees on that. Now what if there was a reasonable way?
Ask yourself this: do you believe that privacy-preserving age verification is not a reasonable way, or do you know it? In order to know it, you have to understand how the cryptography works at some reasonable level. Do you? Most comments I read online come from people who believe and then repeat arguments they have read that confirm their beliefs.
I was noting that the Mullvad article actually addresses ZKP (which is good and a very rare thing), but that I found it was a bit evasive in a way that feels slightly manipulative to me (probably not on purpose).
> Many people genuinely want to find a solution that is better for the children
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
Not all children have active parents. I do not believe those children deserve to be taken advantage of or hurt simply because they happen to have bad parents.
The "laziness" argument doesnt work if the people being lazy (parents) are not the people being hurt (children)
> at the expense of
That's the thing: it's not trivial to know what is possible and what is not. If you look at the messages in HN, many (most?) messages about privacy-preserving age verification are (at least partially) wrong. Tech-savvy people clearly do not understand the technology in details, and somehow they assume that normies do understand and are simply fascists or lazy.
It is my opinion that telling a normal person that they are a bad parent (or a fascist) because you disagree with them is probably not the best way to convince them.
I believe in democracy, which means that I don't call everyone disagreeing with me a fascist. In a democracy, if most of the population wants privacy-preserving age verification and I don't, then I am in the minority and must accept it. My role as a tech-savvy person is to help "normies" understand what it implies. Again, not to tell them that they must be fascists if they disagree with me.
There is a solution, it is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech. more consumer rights, in other words - that’s why this solution comes off as authoritarian, because there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
> there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
If you think that privacy-preserving age verification is the most authoritarian way to tackle this problem, then you really, really don't understand authoritarianism.
Now if you have tons of better and practical solutions to tackle this problem, I would suggest you start writing about them. I haven't read a lot about those solutions (other than "just ask someone who is not me to do it"), what I hear is mostly people yelling that only bad parents and fascists disagree with them.
> I would suggest you start writing about them.
I did. the burden isn’t on me to explain it to you, comrade. maybe you could start by actually addressing what I wrote. Or are you now expecting me to draft up a legislation draft before you’ll address my post? These types are always the same.
> I did.
I am confused. Did you? Do you mean this:
> [the solution] is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech
Pretty sure it has been tried in some countries, and the solution that those companies were happy to implement was... identity verification. There was a drama about Discord doing this, recently.
> Or are you now expecting me to draft up a legislation draft
Not at all. Just give me the name of a viable solution, so that I can search for it. It doesn't take a full day to write something like "privacy-preserving age verification", does it? I can't easily search for "JohnMakin says there are many good solutions, which ones are they?".
If you are naive enough to think it really is 'just the tip' how are you not an involuntary parent already?
I would love to be insulted by that, but I genuinely can't tell what point you're fumbling toward. Try again when you've sobered up.
Do you believe people should be able to traverse the internet anonymously?
Why should you be able to traverse the internet anonymously? You cannot traverse real life society with the same expectations. Majority of the people traversing anonymously are doing so because they are routine troublemakers and do not want to bare consequences for their malicious actions. The ones fighting for this complete anonymity but not doing crime are naively just sweeping for bad actors.
One of the things that I liked about the old, text-based internet was the anonymity it provided. I particularly liked being able to engage in discussions about things that interested me without being sexualized, since nobody needed to know I was a teenage girl. No creepy messages, no looks up and down, no having to figure out ways to turn someone twice my age down without worrying if they'd react dangerously, no having to leave because someone more integral to the group was a creep and nobody would accept it if I spoke up, no worrying about my small statue making me a target for physical intimidation, etc.
(Now I am old, so it's different.)
It was very freeing to be able to talk about my interests (e.g. space, web development, and video game modding) without being subjected to the bullshit that people brought to the table if they saw me.
> You cannot traverse real life society with the same expectations.
I actually can. For real. I can not get job or housing anonymously, but overwhelming majority of my real life interactions are anonymous.
Same goes for the internet though. Privacy controls would be at a government level. All that we need is a way to actually hold someone accountable for their actions on the internet. Websites dont need to see who the actual person is.
You can't. Even if you haven't registered or logged in, companies like Facebook have identified you and track you everywhere you go.
[dead]
Yes. At least to read.
Not sure what you mean. I am totally against surveillance capitalism and TooBigTech. I am in favour of end-to-end encryption and privacy-preserving tech.
I shouldn't have to show an ID to buy a newspaper or to load the website of a newspaper. On the other end of the spectrum, I should not be allowed to buy a gun without showing an ID (and all sorts of other constraints).
Somewhere in the middle, I understand that we don't want to expose 8 year old kids to pornography, but I don't think that one has to wait to be 18 or 21 to be allowed to access it. Same for social media. Where and how exactly we set the limit is a societal choice to make.
I also believe that "living in a democracy" doesn't mean that "everybody agrees with me, always". Many times I am in the minority. What matters is that people are informed. Telling them that if they disagree with you they are either bad parents or fascists isn't constructive, IMHO.
Parents need to either control the internet, or control their children’s devices and screentime. The latter sounds like the obvious option, except that Google wants every second grader to have a school-mismanaged chromebook and Google wants to mediate control of the internet, and by pushing parents to the former they win on both fronts.
Requiring parents to police their child's every move is not going to end well.
And having the state do it is better?
The state mandates laws that say we cannot sell guns to kids. Is that a bad idea? Would you rather let the parents deal with that?
I'd like parents to parent and develop a relationship with their kids. Comparing the internet to guns is a stretch.
My point was that having the state regulate stuff is not always a bad idea.
The problem for many parents is that all the other kids have it. It's not always easy to develop a relationship with your kid to convince them that they don't need to conform and have friends.
So I can imagine that many parent would be relieved if access to social media was slightly more complicated, such that maybe it would be more normal to not have access to social media.
We've encountered this with things like Minecraft and Roblox and had conversations and suggested alternatives to it. It hasn't proven to be an issue, but I'm holding out hope that these platforms continue to collapse as our kids get older.
Yes, because children deserve to simultaneously not be under constant surveillance by their parents but still be protected from bad actors. Hence we should collectively, as a society, protect them.
What about this: go ask parents why they allowed their kid to get a smartphone and access to social media, and only then decide whether they are morons, fascists or just bad parents?
I have a simple example: when all the kids have a smartphone, it is very hard to tell your kid that they cannot have one. When all the kids have a shared culture built around social media, it is very hard to tell yours to not conform. "It's okay my son, you don't need friends. Anyway the parents of all those kids are bad parents".
I don't have children, but it doesn't sound completely weird that parents may say "we should prevent most kids from accessing social media, so that my kid wouldn't be the weirdo if I don't let them have access".
In many school districts, unless you can afford private school or homeschooling its hard to tell a kid they can't have an iPhone, but impossible to tell them they can't have an iPad- at age six!
> I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship".
It is worth recalling that "authoritarian" is a relatively neutral label for a political philosophy (like "liberal", "democrat", "capitalist" or "socialist"). It isn't that people are name calling, it is that authoritarian policies - like this one - consistently cause more harm than good. The label is basically a slur at this point because the disasters that the authoritarians trigger often veer into being massive and appalling spectacles. People tend not to be very evidence-based, so the people who lean authoritarian tend to try and rebrand to avoid being tarred with their philosophy's consistent failures, but it is still authoritarianism.
But the productive path forward isn't to try and be nice to the authoritarians and accommodate them with the rebranding. It is to adopt liberal policies. Like letting people read and comment anonymously on the internet.
I appreciate the comment, but I feel like you miss my point in a way that is (not purposely) manipulative, again.
I don't think that we would call "authoritarian" someone who would ask for, say, guns control. Or at least we wouldn't call "authoritarian" someone who is in favour of having more than 0 law, would we?
You are being manipulative by saying "If you want a law that I don't want, then you are an authoritarian. I mean no offence, it is just what you are". But reality is a lot more nuanced than that.
The vast majority of people who are in favour of age verification are not authoritarians. They really just consider "should kids have access to social media? Not until they are old enough". Whether or not it is technically possible is outside their knowledge. And the fact is that for age verification, there are technical solutions that are privacy-preserving (unlike e.g. ChatControl which is fundamentally building surveillance infrastructure).
And even for ChatControl: people who say "I would be in favour of a magic backdoor that would only work for the well-intentioned good guys" wouldn't count as "authoritarians", would they? It just so happens that there is no such thing as a magic backdoor, so they cannot have what they want.
What political philosophies do you think lay claim to these age verification laws?
There are a couple that aren't against it, but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian. Otherwise, you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them. There are alternatives here that are less authoritarian. Policy makers and the people supporting them don't want to use those approaches, because they support taking a more authoritarian approach.
These policies, in practice, are literally authoritarian policy. It isn't the most extreme form of it, but it isn't authoritarianism because I don't like it. I don't like it because, objectively, this is authoritarianism and authoritarianism tends not to work. Otherwise all the research I've seen suggests that kids shouldn't be using social media. If this wasn't likely to take out huge chunks of the healthy political dialog on the way it'd probably be tolerable.
If it is manipulation to point out that this is part of a class of strategies that have a history of horrible failures, then you have a very confused understanding of what manipulation is. This is an absolutely classic authoritarian "we can't just let people talk to each other however they like without the authorities being involved" play.
> but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian
I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
> you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them
How do the social media companies already know? Because they track everything? But if they ban kids, they don't track them anymore, do they? Or are you saying that social media companies should be able to track everybody everywhere, such that they can profile them and ban them from accessing social media?
> I don't like it because, objectively, this is authoritarianism
You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
> I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
The reason people are getting called authoritarian is because ZKP proofs are a massive and obvious improvement on what is actually being implemented. Can you point to anywhere that has implemented ZKPs? The linked article suggests that is quite hard to do.
I wouldn't be using an American IP right know if my local age verification laws required ZKPs.
> How do the social media companies already know?
They ask you your age when people sign up. That's good enough for me - I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
> You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
I haven't seen anyone complaining about that. Sounds like a non-issue. Why would anyone over the age of around 18 care? You should consider reading the linked article if you don't understand what the complaints people are making are. The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
Mullvad isn't writing this blog post because of the huge numbers of 12-16 year olds shelling out cash to them. It is because the authoritarians are making a play to destroy a sizeable chunk of the open web with a likely follow up of cracking down on free speech.
> Can you point to anywhere that has implemented ZKPs?
The EU initiative explicitly mentions ZKP: https://ageverification.dev/.
> The linked article suggests that is quite hard to do.
It's technical, just like getting E2EE right. Doesn't mean it's hard to use, as proven by the fact that billions of people use E2EE in WhatsApp and Signal without even realising it.
> I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
You seem to have a Manichaean view of the world. There is room for nuance between "let kids lie by clicking 'yes'" and identity verification.
> You should consider reading the linked article
Did you read it? There is a whole section that is titled "The Zero-Knowledge Proof alternative and the EU".
> The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification, and they criticise the infrastructure enabling identity verification. And then some more "slippery slope" arguments that are worth what they are worth (with the same kind of reasoning, we shouldn't have gun control, because the next step is to control everything, right?).
> Mullvad isn't writing this blog post because
Mullvad sells some kind of privacy (as much as a VPN can offer), and here they share their opinion about age verification. With which I mostly agree: the only viable age verification implementation is through ZKP. I tend to disagree with the slippery slope argument, and that "the government abuses everything they can". If you think like that, doesn't that make you an anarchist?
You have misunderstood the article. It says, and I quote,
> Right now, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is currently designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model.
So you have failed the test of pointing at somewhere that has implemented ZKP. You can try again if you like.
> I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification,
Again, this is factually wrong. And it is why people are getting labelled as "authoritarian" - they proposed a system that sounded decent, then they actually implemented something else that is a standard authoritarian ID system with a fig leaf for people to pretend they didn't. As was expected, given that this always looked like an ID card play with a false moustache.
> I tend to disagree with the slippery slope argument
They haven't made it up the hill yet, they're already down the slope. the EU implementation doesn't use ZKP. That's a big part of why they're being included as one of the authoritarian forces in this push that people are upset about.
> the EU implementation doesn't use ZKP
The EU implementation is work in progress. I am not aware of any country using it for age verification.
I am not sure I get the argument of "it's not finished, but I will pretend that it is because it's convenient for me".
> You can try again if you like.
Switzerland is another one that seems to be going towards a privacy-preserving solution. Is Switzerland known for being an authoritarian country?
> I am not sure I get the argument of "it's not finished, but I will pretend that it is because it's convenient for me".
> The European Commission has announced that a new age verification app designed to protect children online is ready for deployment. In a recent statement, President of the Commission Ursula von der Leyen, confirmed that the technology is ready and will soon be available for citizens to use.
https://commission.europa.eu/news-and-media/news/european-ag...
Am I to pretend and believe the EU Commission or am I to shun their lies and believe you on the subject of whether this age verification app is ready? But maybe Mullvad are wrong here, I dunno. Maybe they have implemented a ZKP scheme. Have they? I'm interested in the details, love me a good ZKP. How does this armed and fully operational app, here and now, today, in this moment, implement a ZKP?
> Switzerland is another one that seems to be going towards a privacy-preserving solution. Is Switzerland known for being an authoritarian country?
I've heard literally 0 complaints about whatever Switzerland might be doing. You'll notice the Mullvad statement doesn't mention them either.
Please read my original comment again. I said Mullvad had good arguments, I just criticised the way ZKP is generally dismissed, including in their article. You then went for your "this is all authoritarian, that's the definition of authoritarianism, etc".
If you want to go back to the origin, sure let's do that. My criticism was really JUST that one could explain privacy-preserving age verification in a constructive way, without always framing it in the manipulative way that implies that it is not technically feasible. And apparently you agree with that.
> I've heard literally 0 complaints about whatever Switzerland might be doing.
Haven't you? I have heard many comments just like yours, implying that "whoever wants to verify the age is an authoritarian".
Let's stop here, we're not going anywhere.
Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
Who is this "they" you speak of?
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
> There's nothing sinister going on here
There absolutely is you're just not aware of it.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
Meta already requires your ID to sign up so hasn't anonymity already ended?
How many people do you know signing up for meta accounts?
We are talking about social media here aren't we? And accessing it anonomously?
> There absolutely is you're just not aware of it.
Can you show here that you understand how privacy-preserving age verification works?
I mean the rest of your message really, really sounds like you don't. Don't get me wrong: I do agree that identity verification is bad. But it is not okay to say "I know of a system that is bad, and I don't know the nuances of how it could be implemented in a better way, so I will just assume that there is no better way".
I trust client side verification to not leak data as much as I trust copilot to not leak data.
Ripe for abuse.
I strongly disagree.
Democracy is not "they" vs "us". Democracy is not "opposition has to be absolute". What you describe here is extremism. If you believe that anyone disagreeing with you is an extremist and that the only viable way to react is to be an extremist yourself, well... you are the extremist. Whether you are fighting extremists or not (this "they" you conveniently do not define) is unclear, though.
Don't be an extremist. Let's compromise. We'll only eat one of your children. We'll even let you pick!
Sure but that absolute opposition hasn't, as far I can tell at least, achieved an iota of success. So it's largely a self indulgent merit badge than an actual strategy.
This is so lame, it seems like a small number of pedophiles have forced us to deal with all this age verification stuff.
Porn has always been around (national geographic, anyone), and parents can use screen time to limit access for their children if they want.
Current policy is victim-blaming: it excludes from social media potential victims (children) but allows perpetrators (convicted csam users).
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
I don't necessarily agree with all these measures, but there is a lot more harm in social media than just pedophiles hunting children.
i never read a nat geo where a young girls innocence gets destroyed in 4k ultra hd , either way based on the behaviour of our ruling class it seems likely that the pedophiles are the ones instituting these laws