Definitely the 'slippery slope' debate is worth having, but that's way more relevant than the 'should 10-year-olds be able to do whatever' (aka all or nothing internet) which I think, if we took a vote, most people would be fine with nominal age restrictions, on that basis and on that basis alone aka outside the 'scary government' issue, which is again, real and material but nevertheless a separate concept however pragmatically engulfed these things are.
The first three are physical things, not information. Porn can be debated, but the current age verification push is trying to impose blanket control on the entire information ecosystem. It's the digital equivalent of requiring ID to go anywhere or do anything, rather than just a few well-defined things.
Even if we view it as a good faith attempt (which it is not, remember what Edward Snowden exposed), the parental authority over a child's information diet is being transferred away from parents to tech companies. They're legally mandating you to give away your child's personal info (just age for now, but they'll demand more if we give them this) and make the decisions on what is suitable, instead of you making those decisions for your child.
These companies not only wanted that but they exploited the shit out of it for obscene profit! In many ways it was their unabated greed that has caused this situation: from addicting design of video feeds, grooming obscene spending habits, collectively doing as little as possible to keep predators and inappropriate content out of games for children.
And how could parents police effectively "the whole internet", it's like expecting them to police what their kids see and hear at school on lunch break x 1000 you cannot control all the things that can influence a child for better or worse. Maximum security prisons can't stop people from accessing the internet and making phone calls so what hope did parents ever have?
We could have avoided this if Google and Apple had enough decency to keep the bad stuff from becoming effortlessly, trivially accessible to children, but they made a fortune off Roblox instead of applying their policies and noticing the abundance of pornography and predators, they ignored Grok churning out CSAM as fast as people could request it, no response to court revelations that Zuckerburg's apps are teeming with sex traffickers, prostitutes and scammers, no response to apps excessively exploiting addiction other than making sure they get their cut.
So now we're caught between a rock and a hard place, a completely unsustainable system where everybody who should be accountable claims to have immunity, and parents are incapable of enforcing a healthy upbringing for their children in this mess.
No, it's social media, specifically. That's why it says social media. It's not everything, it's social media.
If you don’t want to use social media you don’t have to give away the info right?
Relationships are a concern (random people interacting with your child? Good Gosh!)
Privacy is a huge concern for children, way more so than is afforded we regular netizens.
"They're legally mandating you to give away your child's personal info " - no they are not, they're mandating age requirements, which is a separate thing.
Snowden did not bring up age restrictions.
"instead of you making those decisions for your child."
I'm sorry but today the choice is not by parents, the point of the age restrictions is so that parents ultimately can have a choice (they and provide access by their own accounts).
The 'all or nothing' issue of the internet is a big deal - parents don't really have a choice.
These are mostly ideological and rhetorical arguments, not grounded in pragmatism.
The pragmatic concern is 'abuse of control' (aka the 'general' Snowden argument), which is real, but can also be avoided if they do it right.
Granted, I don't have a lot of faith that they will do it well.
Are you aware that most library systems across most of the world require someone to be 16+ to open an account and/or take out books and materials? That's not restricting anything, that's preventing abuse by those not intellectually or emotionally capable of regulating their behaviour. The parent of the under 16 takes responsibility for their actions, essentially.
If you have to be 16+ to take materials out of a library, why should a minor be able to access _anything_ on the Internet without also having an adult check what it is you're doing? Why should a 12 year old be able to freely visit "innocent-website.tld" without it first being confirm the website actually is innocent? What if it's innocent today, but adopts a new doctrine tomorrow? There's a reason YouTube doesn't let you change a video upload after you've published it: you could upload nearly anything to replace your previously innocent and successful video.
Nothing changes between the physical world and the virtual one. The same problems exist, except the virtual one makes it easier to access much darker information.
Kids can’t buy their own phone. So parents can always enforce stuff at a hardware level if they set it up properly. It would be much better to just mandate that phones set up with a kid profile cannot access social media.
I haven't found a parental control feature that works: we've tried several, but, generally, nothing survives the 'Hey, I'll just factory reset the device and start with a clean out-of-box-experience' bypass. Kids can figure this stuff out.
Even when we thought that things were under control, kids can easily procure new devices. Many families don't dispose of their old phones; it's not too hard for kids to find an older model that's been sitting around collecting dust, bring it to the schoolyard, and trade it like a baseball card.
I wish I had a good answer, and, distasteful as the age-verification might be, I'm open to such draconian measures at this point. If you say there are better ways to enforce this, I'd honestly love to hear the specifics.
The person selling the age gated item needs to take lawful measures to ensure they arent selling it to a minor. Their parents have nothing to do with it.
Your solution would be that if a 14 year old walks into a liquor store and doesnt have a note from their parents saying that they arent allowed to drink alcohol, then the store should be able to sell it to them.
This is literally what is being written into California law. The OS will have an "age flag" that is configured at device setup that passed to other apps. The law explicitly was written such that it wouldn't need identity verification, but that isn't stopping scaremongers claiming it as such.
That would easily be enforceable by making a "kid mode" enabled and locked down by a parent with a password mandatory on devices. Then you could have something like this:
Adult-Content: true
Age-Threshold: 18
eMediaMark is now Internet Content Rating the stuff I was remembering can be seen here: https://icr.chit.eu/
You can just take that, it's been there for decades.
Other parents are the problem, not technical setups.
There is controversy! My grandfather and his schoolmates all regularly brought hunting rifles on their trips to the schoolhouse and home (1930s), to hunt opportune meals. There was never any problem with school shootings, which IMO are likely the fault of the prison-authoritarian style that schools morphed into during the latter-half of the 20th century. He had me drink shots with him when I was under 10 years old, because he wanted to make sure I knew drinking was ultimately a boring, uninteresting, stupid activity. Alcohol was always available and I was even welcome to partake anytime (as long as I did it at home)... I hardly ever touched the stuff, and still don't even now. He was a police officer and firearms instructor in a big midwest town, he even taught me how to shoot around that age. He taught me that government is neither god nor good, it is just raw power that has to steal from someone to give to another.
I miss my grandfather so much!
Also, thank goodness my folks were computer illiterate; I never had issues with blocking software (though I would probably have defeated any... easily). I grew up looking at porn and gore occasionally from my very early teens. Maybe try teaching your children about the world instead of hiding them away from it?
The slope has already slipped.
This is IDENTITY verification, not “age verification.”
You cannot verify your age without uploading your ID.
Mozilla Persona comes to mind.
https://en.wikipedia.org/wiki/Mozilla_Persona
This will never happen of course because the objective is to track your every move. The government want to know every pseudonym you use on every website.
And I'm pretty sure we've all had an encounter with some creep in some random chat room too.
We talked about these things at school and at home. Don't share things with people you don't know etc. Idk if it's illegal to tell kids what to do these days. But when I grew up, we were occasionally also told to get off the computers and touch grass.
I hope I'll get to raise my future kids myself. I think I can do a better job than the government :)
My parents generation survived lead in gasoline and they never wore seatbelts or helmets.
"I think I can do a better job than the government :)"
Is exactly what their parents said about the government telling them they have to get their kids to wear seat belts and helmets.
I don't think this argument works for two reasons:
1) It don't address the materiality of the concern.
If 'creeps in chat rooms' are causing material harm, it's an issue, then youre making the 'anti vaxxer' / 'anti seatbelt' / 'anti helmet' argument.
I'm not saying you are - if 'creeps in chatrooms' really is a 'lesser issue' - then you're not making a bad argument at all.
The real issue is the 'materiality' of these things.
'Creeps in chatrooms' is a harder thing to assess, but it's real, if it is real, we can't just dismiss it.
2) "I think I can do a better job than the government "
If someone wants to protest the governments current age restrictions cigarettes - and also not vaccinate their kids - that's a choice.
But this argument is usually made by people who don't have kids in their life and haven't yet realized that 'the all or nothing internet' is not really a choice, it's chaos.
Lack of very basic regulations means people aren't afforded the opportunity, in a way the government is dictating that 'kids will get guns and porn and that's it'.
The alternative argument - is that we can have age restrictions and parents can then be in a position to actually be parents, and make a choice.
'Slippery slope notwithstanding' ... because it's a complciated issue
I was like 8 - 10 years old, I wandered into the "Adults Only" chat room on Microsoft Networks (Oh sweet, I thought, they have a small pen to keep the boring adults in, better check on them) and said "Hi everyone my name is X and I am Y years old" and everyone was nice to me and said hello. I got bored and left.
- You have to have an approved browser.
- It has to be installed on an approved platform, Google or Apple, for which you have a valid account.
- You have to have an account on the posting platform.
- You have to get past moderation on the posting platform.
That's without age verification.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
I also know people who created accounts from scratch without needing a selfie while connecting exclusively through a VPN. (Only some VPNs, work apparently.)
Supposedly FB uses device ID tracking, so if you're picked for selfie ID on a device and try to create an alt, you'll be selfie-ID'd again.
Using a different browser on desktop solves the problem for desktop but not for mobile.
And so on. Basically it's doable, sometimes. And sometimes it isn't.
I wonder though how it will affect places like 4chan. I don’t really know if it’s still as anonymous as it used to be but that’s like a cornerstone of their existence.
Fortunately on Hacker News, you still only need a username and password. And if spam is an issue, on lobste.rs you only need an invite.
The www became infested with so-called "tech" companies acting as intermediaries (middlemen)
Lots of folks making money from surveillance ad system on the www. Oversized, unmanageable websites calling themselves "platforms"
The www is an ad network. Not a great place for non-commercial activity
Fortunately, the internet is more than the www. The internet was not created to collect behavioral data and deliver advertising as its primary purpose
People pay for an internet subscription, not a www subscription (or now a "social media subscription")
NVIDIA local AI builds are moving in that direction, but are wildly expensive. I think a lot of the current AI backlash (esp data-centers) comes from the public's accurate intuition that the current centralized, monopolistic, cloud-centric solution disempowers them, and eats any gains this magical technology would've brought them. Plugging a sliver box into the wall and your router, with no recurring fees; that would make people feel different about "taking our jobs" because they would be the unquestionable beneficiary.
It doesnt make any sense as an argument because nothing stops one from doing _both_: 1. use a practical solution now and 2. "fight back in the legal and political domain" hoping to achieve another solution in the future
Common sense favors pursuing #1 as the opponent in #2 has "limitless" resources and the process is extremely slow
A cynic might even see advocating #2 at the expense of #1 as a "call to inaction", i.e., "please do nothing", as almost all readers are unlikely to pursue such a difficult and costly "solution"
Framing the two options as either-or, i.e., one or the other but not #1 and not both, encourages readers to give up, accept the status quo and "let others do it", assuming they dont have the ability to pursue #2 themselves
If the plan is to provide "social media" to millions of people via SSH then yes one could forsee such an interpretation
These laws are targeting so-called "social media" provided by "Big Tech"
But there are anonymous comments across the web trying to portray this as something else. These comments are hilariously nonsensical
The cause of this legislation is the activity of so-called "Big Tech"
If there is collateral damage to others then that is the fault of "Big Tech". This is the cost of the Silicon Valley "business model"
There is no requirement that the internet be used to create "social media" or something else with large audiences^1 for advertising
Although that may be a Silicon Valley VC requirement
1. For example, the Malaysia legislation sets a threshhold of eight million users. List of SSH servers with over eight million users:
The WWW was at least created with egalitarian ideals, even if it failed to meet those ideals (despite succeeding far more than people want to credit.) It was available to everyone, it ostensibly allowed anyone to publish and communicate freely. It wasn't intended for only a single culture or subculture.
Whatever comes after will either be entirely controlled by corporate and government interests or gatekept against "normies," and thus be a homogeneous cultural bubble doomed to wither into self-referential senescence and die, and will be far less free, less powerful and less capable than the web. We'll never get anything with the transformative potential of the web again.
A world where your only options are GovNet or EliteWhiteHackerDudeSpace. I don't look forward to that at all.
No, hard disagree. The web is great for indie content. Anyone can publish anything, at any time. And there's still plenty of great content out there.
Ads can be blocked, surveillance can be blocked, and social media sites can be avoided.
OK it's not an ad network
"Ads can be blocked, surveillance can be blocked and social media can be avoided"
Yes, hard agree
But if it's not an ad network then why would anyone need to "block" and "avoid"
It's an ad network
That's why the "blocking" and "avoiding" is necessary
The cause of this legislation is the proliferation of that "business model"
Namely, creating large audiences for advertising,^1 data collection and surveillance through intermediation, i.e., acting as a middleman, the opposite of peer-to-peer
"Big Tech" does not compete. It acquires potential competitors. It is sometimes questionable whether the "potential competitors" actually intend to compete as they are more than willing to sell out
1. For example, audiences over 8 million people
It's just an attempt to reverse the free internet and implement total surveillance.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
A much better idea was a .kids domain where the content was vetted, and you could allow-list your child's device to that. Much easier than trying to migrate everyone over to specific TLDs, especially when that ship has sailed already. But that never got traction either.
Edit to add: I used to work on "family safety" software. Blocking bad content doesn't work - it's too difficult of a problem. Walled gardens do work, however. The fact that there's not a push for the equivalent of an Apple App Store for kids is probably evidence of ulterior motives on behalf of regulators.
My family has tried the curated "kids" content from the major players: It's junk and not going to be interesting to a teenager. Your 14 year old is not going to be satisfied with a version of Netflix that's all Bluey and Daniel Tiger. And your 5 year old probably shouldn't be watching stuff that's made for teenagers. But our regulatory hammer knows only "kid" or "not-kid". You can't make a single walled garden.
Even within a single age. My 15 year old might not be ready for content that your 15 year old finds to be routine. How is YouTube going to know what is appropriate for any given 15 year old? Walled-off content and numerical age gating is just not a workable solution.
And even then, what about social networks showing porn? Chat apps like Whatsapp and Discord having porn etc groups?
Any platform that accepts user-generated content, from Pinterest to Ebay to forums, etc can host it. And that's just what's on the public internet.
Is it better to have TikTok AND friends, or no TikTok and no friends? Sure, the best is no TikTok and still have friends, but you can't always have it all.
"Also not using tiktok" could be one such filter.
* Buy one themselves
* Get / use a friend's
* Use public internet access points
* Need one for school
* Use the smart fridge / tv / gaming console / anything with a browser
* Access stuff in Minecraft, Roblox, etc
You can only stop it by going offline and raising them in a cabin in the woods, which is a whole other thing.
What you can do is give them The Talk, of course (but that only helps / prevents to a point, it's more to prepare them for what they may find or how they can identify problematic things). And the other is to push back as a community effort, with e.g. many schools banning kids from having phones in the first place.
One problem (there are others) is that it's not always possible (or easy) to not give your kid a smartphone, or access to social media.
Imagine that your kid doesn't have those and is having a hard time at school because all the other kids do have them. They have a whole culture based around those, and your kid is excluded from it. What do you do? Tell your kid that it's okay to wait 10 more years before hoping to not be excluded?
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
Specifically, daily personalized age verification by the specific app/website, not by a third party.
>The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you.
Well, the government has the right to request proof that the company in question is properly conducting the age verification process. This means that the companies performing age verification will keep your personally identifying information (PII) and maintain an association between your PII and your account/activity on the platform.
On a different note, the government has the right to gather evidence of criminal activity, where the definition of "criminal" is under their discretion and if there happens to be a convenient stash of information that can be linked to your person, that's just a happy coincidence.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
Maybe we need an alternative set of root servers for a free Internet.
The hardest part is the psychology. People think they have to be on the big platforms as that is where their friends and favorite streamers are. Willpower can bring back the old platforms onto the current fast internet. Critical and free thinking people can choose to ignore the big platforms if they wish. People can go to local stores to buy most things. There are arguments for and against all these points but I am choosing the aforementioned options and accepting the psychological challenges.
People can use old style self hosted platforms as a "fallback" and once people realize it is more private and they can speak freely amongst their friends it can get comfy real fast. Glowies are seething.
Some friends and I have private forums and chat servers. We talk shite all the time about Reddit threads yet none of us have Reddit accounts. We talk about HN threads, brain rot on Twitster and many other platforms free of censorship, free of voting brigades, people trying to force narratives, etc... Oh and most important, free of "AI".
I have said it for decades, if there weren't bad players then we wouldn't need any of this security. That is a very utopian idea.
I have thought that a way to put people off is to have such an anaemic server that they wouldn't bother. Like a tiny RiscV board running Haiku that delivers basic HTML and email. There is little incentive to raid that thing. I haven't thought this idea through much however.
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
which brings you right back to verification...
Occasional communities may survive in a walled garden fashion.
Sorry, Tim Berners-Berners-Lee.
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
(It will be officially transferred to your name - there's nothing grey about the blocks themselves - the greyness is that RIRs officially forbid selling them, but they can't really do anything to stop it and they don't forbid buying.)
IPv6 blocks are still available from RIRs and you don't really have to care about anyone stuck in the 1980s if you don't want to.
Also each of the root servers is itself run by a different organization. If you had some clout, you could ask them to also host your alternate root server on the next IP address. Half of them are anycast blocks which means they likely have 253 addresses free as anycast blocks aren't really shareable.
EDIT: Oh it seems like that’s what the CA bill does? Seems good to me. I have zero problem with age restriction if age verification goes no further than mom buys kid iPhone enters birthdate, Instagram asks phone is user 18.
These sorts of rules can only ever achieve "mildly difficult".
However, you cannot make parents actually use such systems, so ignoring the obvious control this gives nation states, giving states this power might help the children of those irresponsible parents, which is the only real argument I have heard, since the effects of it are the same if the child simply had responsible parents.
In my mind you have states mandate that adult content (porn, gore) and social media services are legally required to check for the age from the OS. No other sites need to do anything. No data collection or ID verification anywhere. All responsibility on parents.
I would imagine for the zealots out there its worth it to go further and destroy the entire internet to prevent a single 14 year old from jerking it to a tiddy. And then of course the advertisers want device attestation. At least it seems California is picking a sensible middle ground.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
More and more people agree that kids shouldn’t be on modern social media, including me. But most people also agree that mass surveillance is dangerous. The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
Better parental controls, more parental education, and site-specific age verification (Facebook etc. can require whatever PII they want to use their service) backed by incentives (whitelisting in parental controls, promoted as a “safe site” in parental education). Are these enough? Maybe not, but maybe mandatory ID and blocking VPNs aren’t enough as evidenced by people bypassing them. These (first three) are progress, that don’t yet require mass surveillance, and we can first see how effective they are then go from there.
I wish people wouldn’t say “age verification is bad”, it’s like “anti-work” and “defund the police”.
Age verification will always lead to more surveillance. People need to just be more mindful of what their children are doing online, maybe stop giving them smartphones, and just be parents.
This can't be that hard. Can't I get an electronic certificate/flag verified by a trusted third party using my ID, where this cert retains no PII? This is what I come up with after not thinking very hard about the problem, and I can't be alone.
Maybe its naive to think that harvesting PII isn't the point.
I sometimes wonder what HN would be like with age verification.
Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do? You and the "more and more" people who agree with you are cordially invited to fuck off.
> The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
The solution is for you to get over your bullshit, not to chase impossible pipe dreams.
age verification is a cover for universal internet IDs. you'll never be able to go online and do anything anonymously again.
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
It is worth recalling that "authoritarian" is a relatively neutral label for a political philosophy (like "liberal", "democrat", "capitalist" or "socialist"). It isn't that people are name calling, it is that authoritarian policies - like this one - consistently cause more harm than good. The label is basically a slur at this point because the disasters that the authoritarians trigger often veer into being massive and appalling spectacles. People tend not to be very evidence-based, so the people who lean authoritarian tend to try and rebrand to avoid being tarred with their philosophy's consistent failures, but it is still authoritarianism.
But the productive path forward isn't to try and be nice to the authoritarians and accommodate them with the rebranding. It is to adopt liberal policies. Like letting people read and comment anonymously on the internet.
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
I wonder if EU law could give every citizen a right to a google or Apple account, including a forced recovery option if the account is 'deactivated'?
If at some point such an account becomes essential to function in society, access to such an account becomes a legal mandate.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
That's a severe human-rights issue.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
"EU laws", the EU in general is plainly the excuse that will carry the day - people seem to believe this 'good cop' rendition.
I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
[0] https://media.reclaimthenet.org/docs/california-ab-1043-digi...
If you want to keep your kids safe get an OS that supports it?
Why is it the state’s responsibility?
If you're below 18, you deserve protection. Above 18? Good luck, babe.
I think one of the unintended consequences of age verification is going to be a whole host of unprepared 18 year olds getting full access to social media and getting absolutely one-shot by it. Think credit card sign ups on college campuses or predatory car dealerships near boot camps. There are going to be a lot more 18 year old boys gambling away their student loans and 18 year old girls signing up for OF, but it'll be fine, because they're 18! Not to mention they're going to be scam targets on the level of the elderly. And if you're exploited/scammed as an adult, it's your own fault.
Age verification/restriction without an educational component of some sort is just creating a future cohort of extremely vulnerable young adults for companies and bad actors to sink their teeth into.
I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?
Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.
Today I cannot get a VPS without verifying my identity. Can you?
> I feel like most politicians and people don't understand privacy and the impact of breaking it.
I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".
Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.
I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).
I meant more without scanning an actual ID or face.
> I feel like it doesn't start like this.
Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.
I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.
That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.
The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.
In particular, your examples bring these things to mind, which might be worth considering alongside:
- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.
- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.
- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.
- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?
- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.
- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!
the beginning of the freedom of every person to become a developer
When they were young, you had a choice between YouTube being completely locked down with no option to whitelist channels or letting them watch almost anything (although I think this has changed since but it's too late now for those of us with children that age).
Now, there is no way I can whitelist contact/groups on WhatsApp or Discord servers/friends. Once they hit 13, pretty much any option to restrict anything feels taken away from you as a parent.
Luckily, I have sensible children (I think!) but it's really hard as a parent trying to both be reasonably responsible, but not deny all technology, it's really hard to navigate a sensible course.
There's also a lot of room between YouTube (or even social media) and all technology...
For example, with Apple's parental controls, I can blanket-decline access to Social Media apps, or to apps recommended for a specific age or older, and I can also allow exceptions as I see it fit (for example, my kids have no access to WhatsApp but they are allowed to use Signal, both have the same age recommendations)
This moves the responsibility for age verification to me, the parent, and provides me with suitable tools to monitor this. With this, there is no need for my kid or me to upload sensitive data or go through some bad age verification implementation.
Websites are more difficult to control, but not impossible.
Long story short - improve tooling for parents that allow more centralized control instead of mandating social media to do the age verification on their end.
Alas, the age restrictions came in and the big warning on the front covers was added. It did kind of backfire because that warning started to become a badge of quality to younger people. A similar thing could happen here. If you restrict it then it becomes the forbidden fruit.
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
I know it's a tangent.
https://www.derekthompson.org/p/why-everything-became-televi...
I feel like one of the problems with “conservatism” (I’m using the term loosely here) is it fights to preserve the status quo, even if the status quo is already a bizzare compromise. If we want to envision a better future great, but preserving what we currently have as the “free internet” is just sad.
Our ancestors here in France literally fought the nazis so you don't have to have a nazi-approved « Ausweis » to go wherever suits you. We would be well inspired to follow their example.
But don't teach them how to navigate the world and interact with both good and bad.
All that you need to know is that I am above 18 years of age.
You don't need to know how old I am, what my birthday is, what state I was born in, my gender, or when my passport expires.
The downside with ZK cryptography is the complexity. Something would have to be insanely inconvenient to justify it.
The last ~third of the article is about the EU's zero-knowledge approach
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
I think there was a reasonable expectation of anonymity, at least relative to other users. In the past you could access facebook with a VPN/proxy (and for a brief time, even tor) and use any name you wanted. But with forced identity verification you lose that little bit of anonymity.
Like, criticizing the government shouldnt just be possible because you can hide behind a fake name. It should be legal with your face name and address attached to it as well
Porn has always been around (national geographic, anyone), and parents can use screen time to limit access for their children if they want.
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
I sure hope agents don’t swarm social media. But at the same time I think identity verification companies have a tougher problem, ai can produce real looking videos and documents. There’s probably no real way to verify someone purely through the internet at this point.
To that, I have also what I consider my "forever hardware" were I can do what I want offline.
Not saying other stuff won't creep in for various pragmatic reasons but it will be kept at arms length at best.
The answer is whenever you think your child is ready to view porn.
I remember our famous pornless desktop computers at LAN parties in high school.
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
Come on, do people seriously believe this will happen?
Rule 1 of The Internet hasn't changed, it's: never put your real info into the boxes. Never!
They could "protect the children" at will. They simply choose not to.
Why this kabuki?
"Yes, please, regulate us" while making any formal regulation moot?
Directing attention away from the bot plague?
Pushing age verification to protect their algorithmic hate machines?
Monkey motion to avoid talking about true privacy? (Specifically, all data encrypted *at rest* using translucent database strategies.)
Instead, in 10 years I'll probably have to log in with an iris scan to check the (ai-powered) time, and pay for the privilege.
on which major social media networks can you post anonymously today? HN is a rare bird in that regard.
None of the social media networks my teens are bugging me to sign up for (IG, TT, Snapchat, etc.) have anonymous registration.
I told these admins this was immensely irresponsible. They said they just didn't want to get sued by an angry parent whose child joined some porn group. I was mocked endlessly. Now this. I'm not surprised.
I hate it and I hate that this is what became popular instead of what the internet was in its heyday. It's sad to see.
Internet has become a messy and dangerous place. Anybody with money can access it, that not necessarily means somebody with common sense.
90s, early 2000s, we would go to the internet to have good time.
2020s, people are ditching internet and new techs to afford having an offline life.
It doesn't really help their case to parrot Musk-level misinformation...
https://www.pragencyone.co.uk/blog/elon-musk-misinformation-...
https://www.independent.co.uk/news/uk/home-news/wales-englan...
But what won't fail is the obligation to provide your id to 'verification providers', who are obligated to provide it to websites, all of which are obligated to hand over your identity to the authorities the moment they ask - the verification provider included.
So it's just mass surveillance, finally sold to the public through 'think of the children!'.
The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.
When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.
A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.
Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.
You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.
Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
It's not just kids it's bad for. Too many people don't have the agency or social/emotional insight to take care of themselves.