Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
if "it" is the middle finger, for sure. "terrifying" is a great choice of word for it.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
The methodology appears to be LLM driven, and the contextual framing which the conclusions are couched in, drive conclusions to a specific direction.
It does not clarify between two readings
1) Meta is driving Age verification efforts
2) Meta is being opportunistic with age verification efforts to further its own goals
The larger macro picture is that voters globally are tired of Tech firms and want something done about it.
The second macro trend is the inability of governments to handle/control tech, and are looking for reasons to bring tech to heel.
That’s context results in a sufficiently different degree of culpability and eventual path to resisting privacy reducing regulations.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
This type of GitHub-based open-source research project will become more common as more people use tools like Claude Code or Codex for research.
This file does not exactly fill me with confidence: https://github.com/upper-up/meta-lobbying-and-other-findings...
In one part of the report, there seems to be this implicit assumption that Linux and Horizon OS (Meta's VR OS) are somehow comparable and that Meta will be better equipped than Linux if age verification is required.
It doesn't explicitly say "This will allow Horizon OS to become the defacto OS and Linux will die out" but that seems to be the impression I'm getting which uhh... would make zero sense.
More broadly, this entire report (and others like it) are extremely annoying in that I've seen some Reddit comments either taking "lots of text" as a signal of quality or asking "Does anyone have proof that these claims are inaccurate" which is
a) Of course entirely backwards as far as burden of proof
b) Not even the right rubick because it's not facts versus lies, it's manufactured intent/correlations versus real life intent/correlations (ie; bullshit versus not)
All of this could be factually true without Meta being smart enough to play 5D chess
In this case they have named individuals and firms as well, without the degree of diligence that such call outs should warrant.
In its current state, I would count it as a prelude to witch hunts.
The Swiss implementation of eID may be hint that governments may/will take the responsibility to implement and maintain the tech, but the multiple intrusions and lobbying by Palantir and friends in the EU gives me the ick.
Firm: Trilligent (APCO Worldwide subsidiary), EU Role: EUR 680K for AI Act, DMA, DSA. US Connection: APCO offices in DC; Meta VP calls them "integrated members of our Meta team".
Firm: White & Case LLP, EU Role: EUR 50-100K. digital markets/services. US Connection: Lead international outside counsel, 70+ lawyer team.
Firm: FTI Consulting Belgium, EU Role: EUR 10-25K. US Connection: Subsidiary of FTI Consulting Inc (NYSE: FCN, HQ Washington DC).
[1] https://web.archive.org/web/20260314074025/https://www.reddi...
[2] https://www.reddit.com/r/linux/comments/1rtd51g/update_i_pul...
This sounds like the mere tip of the iceberg, as it is commented that they maintain two separate networks with no overlap (their age verification lobbying goes through local specialists with no international footprint).
Edit:
https://www.lobbyfacts.eu/datacard/trilligent?rid=5168569461...
Trilligent (APCO Worldwide subsidiary), clients for closed financial year, Jan 2024 - Dec 2024,
- meta platforms ireland limited and its various subsidiaries, 50'000€ - 99'999€: EU Green Deal, EU AI Act, the European strategy for a better internet for kids (BIK+), online safety.
- verifymy limited ( age verification business), 0€ - 10'000€: Digital Services Act; eIDAS Regulation; Strategy for a better Internet for kids (BIK+); EU Artificial Intelligence Act; General Data Protection Regulation.
- user rights gmbh, 0€ - 10'000€: Digital Services Act.
There's more money spent in lobbyism in the EU than anywhere else in the world. Lobbyism and downright corruption: like Qatari bribing EU MEPs [1] and police finding 1 million EUR in bills hidden at a MEP's apartment (in this case a bribe to explain publicly that Qatar is a country oh-so-respectful of human rights).
The EU is way more corrupt than the US and in many EU countries there's little private sector compared to the US. In France for example more than 60% of the GDP is public spending and all the big companies are state or partially state-owned or owned by people very close to the state.
And as to american companies bribing EU politicians: it's nothing new. IBM and Microsoft for example are two names everybody in the business knows have been splurging money to buy influence and illegal kickbacks have always been flying. It's just the way things have always been operating. Today you can very likely add Google and Palantir etc. to the list but it's nothing new.
EU politicians are whores. And cheap whores at that: investigative journalists have shown, in the past, the little amount of money that was needed to buy their votes. Most of them go into politics to extract as much taxpayers money as they can for their own benefit. They of course love to get bribes.
Also to try to not get caught, EU politicians voted themselves special powers and it's very difficult for the regular police to enter official EU buildings. I know an police inspector who went and arrested a MEP for possession of child porn: it required a very long procedure, way longer than usual, and the request of special authorization allowing them to enter the EU parliament (or EU commission, don't remember which but I think it was MEP at the EP).
American companies bribing EU politicians should scare you indeed: it's been ongoing since forever.
> The Swiss implementation of eID may be hint that governments may/will take the responsibility
Switzerland is in Europe but it's not in the EU: it's not representative of the insane corruption present in the EU institutions.
The real driver is as always, ad revenue. This time, advertisers want and need to know a real human is engaging the brand and Meta cannot see any other way in sight to assure this fact save for age verification.
this is just the latest evolution of surveillance capitalism.
The EU has zero knowledge proof age verification systems, e.g. through your bank, which are secure and don't involve sending a copy of your ID and / or face scan to a dodgy US based 3rd party.
Personally I’d rather not see reposts of posts this recent, especially LLM posts.
Or maybe more specifically the structure, idk not much of a writer, but many of the sentences are solid journalist quality yet the right background is not being set nor the right transitions being given etc.
My dissatisfaction mode used to be boring high school newspaper sentences but the kids still seem to _assemble_ the details a tiny bit better.
There's a vocal portion of people which opposes any solution because "privacy, government overreach, surveillance ...". So instead of a solution like e.g. zero-proof age verification, that tries to minimize intrusions on privacy, the result is the worst of all worlds, maximum surveillance (but I guess it's ok if it is not the federal government, but meta), with minimum utility. Just look at the freaking mess that is trying to proof your identity in the US.
Now, what will the platform do with it? Concretely? As in: Name one bad outcome a reasonable parent would care about that's prohibited under these bills. If the bad thing happens due to willful negligence, then there needs to be some actual material consequence to someone at the platform provider.
meta could spend their billions lobbying for that, if they wanted to
edit: to be clear, I do think a government developed and maintained ZKP ID/age system is the best possible compromise, I just don't think we have any chance of getting it
I'm not on board with any of it, but the last thing I want is the government to control it.
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
Or, refuse to participate or use any tech that implements OS age verification (start with communication app Discord).
The reason nothing happened was because Snowden is still a State Dept or CIA asset. He's an actor and/or a limited hangout of some kind to show the US government and claim to be doing absolutely insane bullshit and nobody cares. New Zealand retroactively changed their laws (clearing John Key of any wrong doing for illegally spying on Kim Dotcom), allowing the GCHQ to legally spy on all their citizens.
As far as refusing to work for these companies, I was on Linux at work for over a decade. But after my last job I was forced to take a .NET role and with a $30k/yr paycut. It'd like to get back into a good role again where I can use Linux, but I'm not sure if I'd be willing to stand my ground on this issue, because I also don't want to lose my house and software jobs are incredibly scares right now. Unlike Snowden, I don't have a government paycheck coming in to continue spreading lies.
Turns out they were right
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
I'm 47, and I started using the internet in my early teens through BBS gateways. I've seen every age of the Internet, and there's always been widely available pornographic materials. Why all of a sudden is this a crisis?
Perhaps I'm missing something?
Pornography is a very convenient pretext. The real target is anonymity and pseudonymity. Both have been abundantly available on the early Internet. Both were and are being gradually squeezed out from it.
Various law enforcement agencies would love to know more, always more. The more the users are required to identify themselves, link their online identity (maybe pseudonymous for other users) to their official offline identity, the easier it is to find and catch criminals. Not only criminals, of course, but even if we assume 0% nefarious intent, and only the desire to catch the evildoers who swindle grandmas out of their life's savings, this still holds.
Operators of big sites also would benefit. Easier to ban disruptive users. Many great ways to turn the precise identity into targeted ads.
The internet has become a very serious, consequential space. More like... the "real world", which was considered separate from the internet in 1990s. Now they are inseparable, so the pressures of the "real world" are equally present offline and online.
What does seem to definitely be having a severe negative impact though is social media.
Because they worked on it for decades, and it's finally showing results.
> I've seen every age of the Internet, and there's always been widely available pornographic materials.
Just because something bad happened in the past, we should stay away from fixing it? Just because you didn't (probably) suffer as much as others, we should continue looking away? And that's leaving out that the world on all levels and corners today has become significant worse than in your youth.
> Why all of a sudden is this a crisis?
It's not all of a sudden. The calls' haven been around for a decade and longer, but research has become better over the years, so it's harder to ignore them. And now there is also AI, which significant speeds up the spreading of fake news, bot messages, sexualized deep fakes, and other very problematic content.
Any reasoning after that is just fluff to get people not looking at it critically to accept it.
I think that I'm biased to think "it shouldn't be a crisis" because I saw that stuff as a kid and turned out ok, it's a prime example of survivor bias, maybe someone who saw that stuff didn't turn out that well. Also one thing I've been wondering I'm not sure if that's the beginning of my everlong cynicism. If it is, then I might have been better off without being exposed to that material that early in my life.
But even then, I think if adults knew what we were up to, maybe they would have lobbied for stuff then too.
For my 10 year old, we don't allow youtube or any other algorithm doomscrolling feed. And no voice chat in online gaming. We plan on waiting until 13 for a phone, or behind-closed-doors internet, and we use parental controls.
I'm not presenting this as an argument for age verification, I think it's a naive solution that comes with major drawbacks and won't work anyway.
But the landscape is very different and I think we should try to understand where parents who support this are coming from, because lobbying from Meta or whatever isn't the only issue.
There are parents who have been making choices for their young kids and have to start letting go at some point as the kids age, and maybe, at whatever point parents stop monitoring, they would like the kids to not be fully in the deep end. I think we should acknowledge that and explain why age verification isn't a solution, rather than pretend the world is the same and pretend don't have any legitimate concerns by saying "well we turned out okay".
(edit: reworked the tone in response to feedback)
It's not just targeted advertising, though you can open youtube kids/instagram/tiktok and see plenty of that and age brackets happen to perfectly align with leaked metas' advertising brackets. (5-10, 10-12) (group A), 13-15 (group B), 16-17 (group C), 18-24, 24-30.
I think it's largely driven by the increasing computing power
Try to start an ISP and/or become a public Certificate Authority.You will quickly run into steep requirement (admin and financial). To buy IP address space, get peering partners for traffic transit, hosting dns, hosting email (good luck getting mail delivered to the big providers without having your own users verified via mobile number). Try to build a mobile app, or phone or runtime - all the key signing, binary signing involved, the entire security model from hardware/firmware, boot, memory access, runtime safety and on and on. Then there are the intelligence agencies and various countries surveillance laws, information laws.
If you add it all together, we are already monitored 100%. They want to linked and prove the monitored device is linked a certain human beyond a doubt. Email, Mobile, Full names are not enough, they want your biometrics too. They want you serial numbers of devices and mac addresses of networked devices and SIM cards. They want it all.They want your children to have devices with camera, mic and gps trackers in. Your kids will be part of kompromat before they reach adulthood and some of them will be blackmailed by government agents and other bad actors throughout life. Some kids will be trafficked with the help of all these tech solutions, because they know exactly where your kids are at every moment.
Add home assistants, smart tv's with cameras, toys with cameras, outdoor cameras, shopping mall cameras everywhere, in-vehicle cameras and mics. Bluetooth beacons everywhere.
Add it all up and ask yourself, is this truly about child safety? Not at all. I'd argue they would be more exposed. If they wanted children safer, they'd recommend parents and schools to 100% remove kids from the internet or devices with public internet access. Why does a 10 year old need to know how to join a teams meeting and being comfortable on a video call?
Not to mention the access to weird porn and gore sites that WILL traumatize a young mind.
Then contemplate what all this data will be used for in the hands of extremists, nazi's, dictators, the effects on free speech & journalism, the propaganda machines reach on you and your family.
The internet is 10000% cooked and no longer open. It's better to disconnect from it at this point.
As I understand it, the age verification laws are part of a three pronged plan to eliminate privacy, freedom of speech and freedom of expression online.
The goals being to expand current police abuses to include LGBTQ++, reporters, democrats, non-whites, non-christians, demonstrators, etc.
It all is predictable and makes perfect sense if you assume the goal is to hold control over the white house in 2029 while being even less popular than they currently are.
maybe since minors can't enter into a contract they can't agree to TOS and therefore their content is ineligible to be used as LLM training material? just guessing.
Are people in that group powerful, influential and wealthy?
Would that group benefit from being able to use state power against individuals who just won't stop shining light on injustice?
The political planets have aligned in many nations for private industry to lobby for this power, sating their own goals as advertisers and the state's goals as authoritarians. This is an open conspiracy between every tech giant and every government to perpetually identify every action that every person ever makes online for the sakes of advertising, propagandizing, surveiling, persecuting, and imprisoning people.
It is not a coincidence that this is occurring in all western nations at the same time; these economies are incredibly large and active, and these governments have been under attack from the far-right for decades.
America needs another Zappa.
The right has figured out that they can keep queer kids (especially trans kids) in the closet if they don't let them learn what their "difference" actually is. It's "don't say gay" applied to the internet.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Cpt America in the Winter Soldier
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
If not, who has been paying to lobby for these age verification laws ?
That seems a question that we should have an answer to.
Forcing an age check upon linux install seems anti-competitive, and a violation of freedom of speech allowed by the Constitution.
Also impractical and ineffective, unless they plan on some sort of bio-metric confirmation of age.
Will they outlaw computation itself, or constrain a personal quota so that only corporations can access approved LLMs and certainly not run a local AGI ?
As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
Of course they would want this -- as long as the OS reports that the user is over 18 via such a system, then Meta is legally off the hook for any COPPA violations.
Not advocating for this policy but if a critical argument against it is that policymakers can expect an analogous amount of computer innovation migrating out of the US as it saw in the 80s, then I think policymakers won't care remotely. Quite literally I think the lower bound for the proportion of global computer innovation happening in the US is 70%.
This should be easy. Just in one of dialogs ask user to create a file 'me_age.txt' with age inside. No changes to OS at all. This will be the 'interface'. Any program can read the file. As far as I understand that's all California law requires (or will require).
Not sure about other versions. Strict verification would require binding to property software/services. Which is equivalent of reporting every user on every install.
I'm pretty sure most kids older than 12 do have access to kitchen knives. And actively use them too.
I generally agree with your point. But at the same time access to the internet resouces and to gun or a chaisaw is not the same.
I have no problem securing a few items if my home, but I have no control over whatever is available on the net.
Sure, I can write some firewall rules or create "kid's account" on a streaming platform, but I can do this for every single known service, chat, IM group etc.
In this case, it is the data from the website, not the electronic device itself, that is seen as the item being transacted and regulated by age gates, no? The attempts to actually regulate it do feed back into changes on the electronic device, but the real cause of concern (per the protect the kids argument, if that is the real reason is debatable) is a company providing data directly to a child that parents find objectionable. That transaction doesn't have a parent directly involved currently.
Controlling the device itself and saying free game if a parent has allowed them access is a bit like saying that if a parent has allowed a kid to get to the store, there should be no further restrictions on what they can buy, including any of the above three items.
Is this a thing?
My 10yo has used all three of those things. If there were some legislation requiring they be "secured" before my son could be in my presence, obviously I'd oppose it, along with every other reasonable parent.
That requires cooperation, but since most adult websites don’t want children to be visiting them, cooperation shouldn’t be hard to get. Governments can pass a law and businesses can set a config flag. For uncooperative websites, child-locked devices can check a blacklist.
Then it’s up to parents to make sure their kids only have child-locked devices and for stores to not sell unlocked devices to kids. It’s never going to perfect, but it doesn’t doesn’t have to be to change community norms.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”. I think the OS is a better place than the website. (Let security conscious folks use a standalone device too if desired.)
The astroturfing stuff is obviously sus, I don’t have a feel for whether this is egregious by the standards of $T companies or just par.
Of course, the EU option of using proper ZK proofs etc sounds way better as portrayed in the OP. But when you actually dig in, doesn’t the EU effectively mandate OS support too, eg https://eudi.dev/1.7.1/architecture-and-reference-framework-..., https://github.com/eu-digital-identity-wallet/eudi-doc-archi... ? Maybe this isn’t set yet but it seems a likely direction at least.
Perhaps the "overwhelming" sentiment is paid actors? Or people whose jobs depend on not having that risk assigned to their employers?
We should also update all FOSS license terms to explicitly exclude Meta or any affilites from using any software licensed under them.
Heck, Linus Torvalds should just add an amendment to the next release of the Linux Kernel that makes it illegal to use in any jurisdiction that requires age verification laws.
This would obviously cause such a massive disruption (especially in California) that the age laws would have to be rolled back immediately.
This seems like a no-brainer to me but I am admittedly ignorant on this situation. I'm sure there's a good reason why this isn't happening if anyone cares to explain.
If this was somehow introduced without anyone noticing and deployed, imagine the damage it would cause.
If we're fantasizing here, I like to imagine two major OS makers trying to comply these laws, fail miserably, and let FOSS OSes and kernels more recognition in the desktop market.
Ideally, getting these servers to auto turn off the day this goes into effect ("In compliance with this new law, Linux is now temporarily unusable. Please <call to action>.") would be glorious for getting the bill staved off, or killed.
It would hurt some productivity, but that is a risk these lawmakers taking donations are probably willing to make.
What exactly do you think Linux is? I would say that Linux would be forked in like 2 seconds, a bunch of different companies would start offering "attested Linux," and all you'd have to do was change your repos and update.
I would say that, but what would really happen is that we'd find out that Canonical, Red Hat, and a bunch of other distributions had been talking to the government for a year behind closed doors and they're already ready to roll out attested Linux. Debian would argue about it for six months, and then do the same thing. Hell, systemd will require age attestation as a dependency. Devuan and any other stubborn distribution would face 9000 federal lawsuits, while having domain names blocked, and the Chinese hardware necessary to run them seized at the ports with the receivers locked up on terrorism charges.
I have no idea where the confidence of the IT tech comes from. You (we) are something between a mechanic and a highly-skilled janitor.
Update the terms to indicate that you can do what you want, but this OS is probably not compliant with states run by evil dipshits.
Arguably they would be more materially advantaged if they were forced to KYC/validate ages, not the platform; because sure, there's a cost to doing it, but presumably having hard data on who your customer actually is, with age and address and everything, is worth a lot more than the verification cost. And being able to say "We're legally required to gather this" gives a lot of PR cover (even though it'd be followed with "but we're giddy to do so and we will abuse this data and you every way we possibly can. No one at Meta believes you are human. We hate you as much as you hate us, but we're stuck in this together, endlessly loathing the supernatural force that keeps us working together.")
But, On the flip side: I also don't doubt that Meta is doing this, because the purpose of a system is what it does, and the leadership at Meta has done nothing in the past four years to demonstrate that they're capable of cogent thought and execution. We want to believe there's some evil plan, and maybe there is, but in all likelihood one day we'll learn that they're just... unintelligent.
These laws, that attempt to move "age verification" into the OS, 100% absolve Meta (and all the Meta owned "properties") from any legal liability so long as all of Meta's app's follow the law's required "ask the OS for the age signal of the user".
Any "bad stuff" which then gets shown to "underage users" then becomes "not Meta's fault, they followed the legally proscribed way to check the age of the user, and the OS said this user was 'old enough'" and Apple/Google then get to shoulder the liability (and pay out for the class action lawsuits) for failing to provide a proper age signal.
That's the "material advantage" gained by Meta by pushing these laws.
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a "grassroots" child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta's apps face zero new mandates.
Not saying I think it's a good idea to provide the year of birth to all sites, but (session ID, year of birth) is the only information they would need. The problem is proving who's behind the keyboard at the time of asking, which would require challenge-response, and is why I think this should be an online platform, not a hardware PKI gadget with keys inevitably tied to individuals.
It seems dead though...
Anthropic donated $20 million to Public First Action, a PAC that promotes Republican Senator Marsha Blackburn and her sponsored Kids Online Safety Act (KOSA), a bill that will force everyone to scan their faces and IDs to use the internet under the guise of saving the children.
The legislative angle taken by companies like Anthropic is that they will provide the censorship gatekeeping infrastructure to scan all user-generated content that gets posted online for "appropriateness", guaranteeing AI providers a constant firehose of novel content they can train on and get paid for the free training. AI companies will also get paid to train on videos of everyone's faces and IDs.
As for why Blackburn supports KOSA:
Asked what conservatives’ top priorities should be right now, Senator Blackburn answered, “protecting minor children from the transgender [sic] in this culture and that influence.” She then talked about how KOSA could address this problem, and named social media platforms as places “where children are being indoctrinated.”
If Anthropic, the PACs it supports and Blackburn get their way with KOSA, the end result will be that anything posted on the internet will be able to be traced back to you.
Every time I point it out, including with actual quotes from the research showing the problems with it, I get downvoted on HN.
This headline is becoming one of those “too good to fact check” clams because the people posting it know it will drive traffic.
Doing ID or this fake age verification with anything other than a physical secure element is a dumb regulation that going to create its own regulatory arbitrages and spawn very powerful and profitable black and grey markets. Poor laws create criminal economic opportunity, and digital id is just creating a massive one.
Between Meta being behind a digital id initiative under the pretext of alleged "age verification" and the Debian project leads pivoting to political objectives, it appears gen Z now has a cause to build tech against and fight for. These are dying organizations that cannot innovate and they've attracted a pestilence that is pivoting them to the easier problem of political maneuvering. as it's easier to militate for what nobody wants than to make something anyone actually wants.
The upside is that people get to be hackers again. Tools to cleanse our networks and systems of Meta and other surveillance companies and the influence of these compromised organizations are an OS install and a vibecoding weekend away.
What does this mean? Free software was always a politics of itself.
However this is the kind of investigation that Reddit is famous for, which ends up causing more harm than good, like the Boston bombing investigation.
Age verification, for example, is coming no matter what - there’s a big enough chunk of voters tired of tech globally.
Governments are also tired of dealing with tech and want to bring them to heel.
These macro forces are far more significant than the amounts identified on lobbying in this investigation (~$63 mn iirc)
Given the title, the reading of the article implies Meta is driving age verification.
The content of the investigation, reads more as meta taking advantage of the push for age verification to move it to the OS layers.
https://web.archive.org/web/20260313125244/https://old.reddi...
EDIT: why is it deleted now?
most platforms won't voluntarily adopt privacy-preserving verification when the surveillance version gives them more data. Regulation would need to mandate the privacy-preserving approach specifically, not just "verify age somehow.
Of course, when money becomes a significant portion of how the second one happens, things can get complicated.
The issue that should rather worry you is that people
- don't delete their Meta/Facebook/WhatsApp/Instagram/Threads/... account because of this proposal,
- don't strongly urge friends and colleagues to do the same.
And for a lawmaker who is considering retirement, "become a lobbyist" is often the most lucrative career option.
Now who are you imagining will pass effective laws against lobbying?
Presidential Candidate Mitt Romney
Power corrupts.
The research has a lot of these:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So the “research” isn’t some groundbreaking discoveries by a Redditor. It’s an afternoon worth of Claude Code slop where they couldn’t even take the time to get the real documents into the local workspace so Claude Code could access them. It’s now getting repeated by sites like Theo gadgetreview.com because the people posting to these sites aren’t reading the report either.
The reason is that europeans have nothing to win from those "winner-take-all" platforms the US has built in the past decades. Europe has built zero of them.
It contributes very little to Europe's GDP or the overall being of the european. And in some cases, it eats Europe's GDP, moving economic activity back to the US. This is different than for Americans which big tech is a net-positive contributor to society in my POV, mainly because how much economic activity $ it generates.
Big techs provide huge paychecks and made a lot of people rich in the US, and most of its GDP growth in the last decade. But it's a double-edged sword.
They will make laws in favor of them in detriment of the average American, while minting more billionaries than Europe could ever dream of.
Europe will take a long time to get the digital revolution the US already did, but it'll mostly come from regulations and government initiatives. And will be net-positive for humans living in Euope, not for owners of corporations.
I’d write my senator but they won’t do shit. Is there anything that can seriously be done?
Do you know how democracy works? There are these people called representatives. They are hired by you. They pass laws. They only get to continue having a job if people like you vote for them. When you tell them "I don't like the law you are passing", they are hearing "the people who hire me are angry with me". The more people that are angry at what they're doing, the more their job is at risk.
They do what the lobbyists say because somebody else is doing the work, and they get paid (by the lobbyist). But they won't have a job to get paid for if the voters don't vote for them again. So your entire defense against tyranny and bad laws is you speaking out. If you never talk to your reps (or vote), you're telling them you don't care what kind of government it is, and they really will do whatever they want.
You have to tell them how you feel, along with all the rest of us. That's the only power we have.
In addition to that, tell everyone you know. Your friends, family, coworkers, the dude running the local gas station. Explain to them why government-mandated surveillance of everything they do on a computer is a bad idea. Ask them to talk to their reps.
https://news.ycombinator.com/item?id=47361235
https://github.com/upper-up/meta-lobbying-and-other-findings...
The biggest shocker to me has been just how "cheap" a lot of people are to buy off. Mandelson is complaining about air miles FFS. So much of this is a few thousand here, some fancy tickets there, a jet ride elsewhere, etc. In my mind it was always much, much bigger sums that people were selling their countries & souls out for, sadly, it turns out a lot of people, even in really high positions, are shockingly cheap.
[1] https://en.wikipedia.org/wiki/Relationship_of_Peter_Mandelso...
Instead of just creating a course that explains how to child-proof a device, we have to surveil everyone.
No offline devices. Commercial vendors get your biometric data (and the equivalent of your driver's license / SSN). Every application on the OS can query your data.
If you think it stops with one bill, after they get all the infrastructure for this in place? You're fooling yourself. The whole point of this is to identify you, on every web page you visit, every app you open, on every device you own. Once bills are passed, it's very hard to get them revoked or nullified.
This is the most aggregious, authoritarian, Big Brother government surveillance system ever devised, and it's already law. I am fucking terrified.
(Yes, the EU has a less horrifying version of this. But Google, Apple, and Microsoft still control most of the devices in the world, and they are US companies.)
Because it's hopeless? It's been proven time and time again there's nothing the average person can do to fight this sort of thing.
It's just better to sit back and watch as everything gets ruined.
Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you're over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor's cloud. The EU's Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don't act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.
The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.
https://en.wikipedia.org/wiki/Qualified_website_authenticati...
What you have in the EU is this: https://noyb.eu/en/project/dpa/dpc-ireland
> Now that the mask has fully fallen, we have to take every step possible to root out American influence.
You have literal rogue states in your union that neutralize the entirety of it, as the above shows. It's a joke. The EU is a joke. A single country is enough to mean US tech can do whatever it wants, similarly a single other country is enough to mean Russia can largely do what it wants.
The others are of course in on it too. Which is why for all the empty EU talk on US big tech you've never heard them talk about the Irish DPA and what they all enable. Strange right? Would think that this would be a priority. But it shows that even if the rest weren't in on it, just one country would be enough. And it could even be a tiny place like Luxembourg.
Laws and regulations aren't worth the paper they're written on if they're not enforced. The current ones aren't enforced at all, why would any new ones be? Did you know that there was a long period where hosting European citizens' PII on US-controlled servers (like Amazon instances in Europe) was illegal, after the "Privacy Shield" was deemed unlawful? No one cared. Did you know that this is currently the case again, because the thing that replaced it has once again had its basis ripped out from under it by Trump? Once again, no one cares, and indeed EU governments and corporations are _still_ making migrations _to_ US clouds.
Not that it matters, within a few years RN will be running France and AfD will be running Germany and you don't have to pretend any more as the "mask will have fallen" just as much.
When a company such as meta pursues mass-sniffing, is it still a company or is it just a spy-agency? Meta isn't even hiding this anymore. I am glad to finally understand why these "age verification" is pushed globally. Meta pays well.
Quis custodiet ipsos custodes?
"You implemented a law that enables vibe-coding pedophiles to deploy apps that find all the children. Please resign."
0: https://www.yahoo.com/news/articles/reddit-user-uncovers-beh...
I'm on a short phone break and this is the first I've heard about this. Commenting to ask if anyone can explain this. If not, it'll be a reminder for me to research later.
I'm not sure I'm on board with age verification, but I'm certainly opposed to all forms of identity linkage and tracking. Maybe this is a middle ground?
I'd still prefer if parents disciplined their own kids by limiting device access and controlling their peer groups instead of putting us all into a rats nest of surveillance.
Its like they want to keep being seen as the bad guys.
The patches on top of this are really bad. For instance, we are seeing "AI" biometric video detectors with a margin-of-error of 5-7 years (meaning the validation studies say when the AI says you're 23-25 you can be considered 18+), totally inadequate to do the job this new legislation demands.
one scary observation is that each year, less and less people care. at least, this is true among my students. plenty of them believe the 'protect the children' line and are more than willing to do whatever the government/big tech suggests. or they just shrug ("what difference would i make?").
for context, i teach at a college level, in tech. a few of my classes are from the cybersec program, one of the programs that should understand and care about the implications of bills like these, and even the majority of them do not care about this stuff anymore. they grew up with instagram and facebook and cameras everywhere. they grew up knowing that any little fuck up they have is recorded and posted online. they know that by the time they go to college, all of their data has already been leaked a few times. they never really had an expectation of privacy in the first place, so it just isnt a big deal.
as someone who interacts with this next generation of "hackers" on a daily basis... the concept of cypherpunk is gone. i got into this field because of my beliefs. they are going into this field because they want a chance at buying a house some day, and know that big tech has big bucks.
i am tired. and i recognize that this is exactly what they (lobbyists, meta, etc.) want! but i am tired and discouraged. more and more i find myself having to actively fight the urge to give up. i am not ready to give up just yet... but, i am sorry to say that as someone closer to retirement than i am comfortable admitting, i only have so much energy left.
Because social media already has the age info exactly?
I think an OS and a web platform with accounts are different product categories. Not even sure what an interpretation of the bill that would affect meta would be.
Then it shouldn't be difficult to comply.
It is like in the novel 1984. But stupid. Probably more like minority report - but also stupid. All aided by Meta bribing lobbyists to do their bidding.
"Do such breaches make it trivial to lie to age and identity verification systems?"
"1B identity records exposed in ID verification data leak" https://news.ycombinator.com/item?id=47348440#
$70 million is chump change for Meta, yet is far more money than I’ll ever have and does so much to influence state legislation.
I remember from peak net neutrality discussions during trump 1 maybe around 2017-2018 ant saw an article on theverge.com (that cannot find now) and biggest sum to individual politician was around $200k, when median values were much much lower.
Politicians are selling tens of billions of dollars (if not hundreds of billions) worth of revenue to ISPs for couple or dozen million. Literally 1000x return on investment (if successful).
I remember local politician (I am not from US) got caught taking 100k bribe from a company for helping with alleged highway construction procurement. Project was valued ~1B - 10 000x return on investment (if they wouldn't have been caught).
[1] I am sorry, not "corruption", but "lobbying".
It says apps must use the age signal as proof the user is a minor, and then behave according to all California laws regarding that. (I'm not a lawyer, but that's my read.)
So, does this apply to applications that run locally? What if an under 13 year old tries to read a text file with lots of swear words or ascii b00bs? Does emacs need to stop them? cat? xterm?
Microsoft has a trillion dollars in liability now because every historical OS is illegal, and every adult user of that historical OS (that you don't ask for their age) is a monetary fine.
$2500 fine for Microsoft for letting me continue use Windows 10 in Colorado, cause they never asked my age.
Also hilariously the law openly FORBIDS checking the user's identity to verify age. It says you MUST NOT collect any more information than is necessary to comply with the law. And complying with the law only requires that you ASK the user to TELL YOU their age, so my non-lawyer take is that if you do anything else like checking ID you can and probably will be prosecuted
‘The “child safety” rhetoric masks a competitive strategy that shifts liability from platforms to operating system makers.’
https://www.robpanico.com/articles/display/presence-derived-...
(posting link because it would be too much for a comment)
I don't see it as coincidence that with all these laws passing, suddenly he announces a secure, "controlled", "locked down" version of systemd. Why, RedHat and Ubuntu can simply drop in this new variant, pay a small fee, and be done with compliance.
Psychology has a higher success rate...just tell them that their parents use it....
There are many systems where accuracy is loose and that is its core feature...for example postal addresses worldwide...I can a mistake in the address but the letter or package will still get there...
The very last people you should trust when it comes to "protecting the children."
(Maybe some unspoken element of concern over social media bots, too - as they evolve from spamming copy+pasted comments to being near-indistinguisable from actual human accounts?)
And a serious question: with deepest respect to the author for their extraordinarily impressive time and effort in this investigation... Why was this not already flagged by political reporters or investigative journalists? I'm not American so maybe I don't understand the media structure over there but it feels like SOMEONE should have been all over this way before it's gotten to the point described in this post.
Corporations literally buy the laws they want and Silicon Valley is the newest lobbying monster. Genuinely terrifying.
Have at it Meta, you broke it you most certainly bought it!
I looked at the original analysis and it was fraught with language that leads to specific conclusions. It was most certainly LLM aided, if not generated.
I am not ascribing malice, but the author seems inexperienced with the repercussions of making assertions out of partial knowledge.
Also: Good grief, this article is also written via LLM! Human+machine comes up with theory that goes viral, and then Humans+machines amplify it? Is this the brilliant future we have to look forward to?
A movie is a distinct piece of content. A website and an app can be a container for lots of different content.
Clicking through to the "findings" shows that they didn't even try to feed proper data into Claude when the AI bot was blocked or couldn't access the documents. Some examples:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So Claude then goes on to propose "Potential Role" that postulates connections might exist, but then caveats it by saying that no evidence was found:
> This negative finding is inconclusive due to inability to access Schedule I grant detail data in the actual 990 filings (PDF downloads returned 403 errors, and ProPublica's filing viewer loads data dynamically).
This is what happens when you try to lead an LLM toward a conclusion and it behaves as if your conclusion is true. Hacker News is usually quick to dismiss incomplete and lazy LLM content. I assume this is getting upvotes because it's easy to turn a blind eye to the obvious LLM problems when the output is agreeing with something you believe.
And it snowballs, the more favorable laws someone buys, the more favorable their position, and the more they can buy in the future. The transition from "democratic facade" to "outright oligarchy" will be swift and seamless.
Digital-ID (Aadhar) was heavily pushed by USAID and other US-deepstate associates; the same with digital-money and the "demonetization". Bill Gates's org actively tests out things on actual humans like guinea pigs, before globalizing the "solutions". These days all of this is kind of redundant since the phone-number + verification has become essentially a necessity to live in the city in any part of world today.
The prev. Govt. had considered doing this "login with your ID or no internet" scheme (to "protect" people no doubt) back in 2012s - there were explicit statements about disallowing people who would not authenticate with Aadhar, but it was shelved (likely because of their unpopularity).
If our current "Dear Leader" were to propose this, I think a significant population would opt-in simply because of a sense of belonging to a hero-worship-cult.
The state is determined to ensure that every human be their slave.
In history we had four media revolutions (printing press, radio, television, Internet), each greatly disrupting and reshaping society. This is the fifth (social media and maybe AI).
All these revolutions had the same theme: increased reach of information, increased speed of transmission, increased density (information amount per unit of time), and centralization of information sources. Now we seem to reach the limits of change. No more reach, since our information networks span the entire globe. No more speed, since transmission times are close to how fast we can perceive things. The only things left to change are even more centralization and tighter feedback loops (changing the information based on how the recipient reacts).
Given all that, this media revolution might be the last one, so there is a gold rush among the elites to come out on top.
These are the same governments that file criminal charges when you compare lying leader to Pinocchio (Germany). The UK records something like 30 arrests per day for social media posts. Just imagine how much better they could do, if you were not pseudo-anonymous in the Internet!
For example a gambling site could require MitID auth, but only request proof-of-age and nothing else. You can see in the app which information is being requested, like with OAuth.
I really don’t see the problem.
You're not missing anything. It's just an AI generated summary of the original GitHub link https://github.com/upper-up/meta-lobbying-and-other-findings
I found the original article much easier to read anyways
Why is this never relevant politically? Its the same with the Epstein files, terrible things happen and we just hand-wring. It seems like the US electorate, doesn't know, doesn't care or is otherwise distracted. I don't see how the US is ever going to get shit together if it accepts this sort of corruption.
> A Reddit researcher just exposed
>The technical reality hits harder than policy abstractions.
> Here’s where the lobbying gets surgical.
At least the author posted a link to the dataset in a comment so it survived:
https://github.com/upper-up/meta-lobbying-and-other-findings
I want to open my wallet. It should be the top comment.
If everybody who cared to and lived in the affected districts called they would kill the bill just to clear their phone-lines.
I think it's a little late for that.
That's when you know the new world has begun.
Zero-knowledge proofs are the way to go for this type of thing, I find it mind-boggling that the US lets itself be bamboozled into complete lack of privacy.
My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.
Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS
With no proof it will protect anyone from proven harm.
That said, government agencies have been doing a terrible job at keeping the private information of citizens safe. But it is nowhere nearly as bad as the US. My best childhood friend died in very questionable circumstances in 2009 in the US in very questionable circumstances. He had a US citizenship and we never really found out what had happened(to the point where we never really got any definitive proof that he had died). But that didn't stop me from trying and I was blown away by the fact that I could log into a US government website, register with a burner mail, pay 2 bucks with an anonymous gift credit/debit card and get a scanned copy of his death certificate in my email. And I didn't even have to provide his passport/id/anything. Just his name.
Point is, the US has been terrible at privacy for as long as I can remember. It is probably worse now with Facebook and Ellison holding TikTok.
And according to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
Not exactly a good moment for this particular caste of politicians/elites to pretend they care about children's well-being!
The benefit of zero-knowledge proofs is that the hide information about the ID and who it belongs to.
That’s also a limitation for how useful they are as an ID check mechanism. At the extreme, it reduces to “this user has access to an ID of someone 18+”. If there is truly a zero-knowledge construction using cryptographic primitives then the obvious next step is for someone to create an ad-supported web site where you click a button and they generate a zero-knowledge token from their ID for you to use. Zero knowledge means it can’t be traced back to them. The entire system is defeated.
This always attracts the rebuttal of “there will always be abuse, so what?” but when abuse becomes 1-click and accessible to every child who can Google, it’s not a little bit of abuse. It’s just security theater.
So the real cryptographic ID implementations make compromises to try to prevent this abuse. You might be limited to 3 tokens at a time and you have to request them from a central government mechanism which can log requests for rate limiting purposes. That’s better but the zero-knowledge part is starting to be weakened and now your interactions with private services require an interaction with a government server.
It’s just not a simple problem that can be solved with cryptographic primitives while also achieving the actual ID goals of these laws.
once you get this you stop asking why the tech details are the way they are.
Judges in other countries (Texas) found out this kind of law was a violation of the Free Speech.
Since when Free Speech do not apply to -16y old?
Made laws are made, then killed by courts later one.
The only authority that can be trusted to do age verification is the government.
You know, those people who give you birth certificates, passports, SSNs, driver's licenses, etc.
The idea that parental supervision here is sufficient has been shown to be wholly inadequate. I'm sorry but that train has sailed. Age verification is coming. It's just a question of who does it and what form it takes.
Take Youtube, for example. I think it should work like this:
1. If you're not of sufficient age, you simply don't see comments. At all;
2. Minors shouldn't see ads. At all;
3. Videos deemed to have age-restricted content should be visible;
4. If you're not logged in, you're treated as an age-restricted user; and
5. Viewing via a VPN means you need age verification regardless of your country of origin.
It's not perfect. It doesn't have to be.
https://github.com/upper-up/meta-lobbying-and-other-findings
This (an end to general purpose computing) isn't anything that people can prevent through civil channels. It will happen with or without public approval. You will have as much control over it as you had over the decision to go to war with Iran. It will never be on any ballot. People who help will get rich, people who don't, won't. Eventually, people who help will barely be middle class, and people who don't, won't. Their kids will own your kids.
If anything, Meta’s utility would seem to shrink if the OS handles proof of being a real person.
Why does Apple always get a free pass?