Ultimately I think this is about as good of a response as they could have given without completely abandoning the concept -- and I think they're right to point out that they can't completely abandon the concept of age verification due to the existence and proliferation of this type of legislation. Assuming they're telling the truth here, I think this is about the best I could expect from them (and I'm really glad they're publishing the technical details of their automatic age verification).
For 90%+ of users, nothing changes. Most users never access age-restricted content or change their default safety settings.
If you're among the less than 10% of users who do need to verify, we'll give you options, designed to tell us only your age and never your identity. And if you choose not to verify, here’s exactly what happens: you keep your account, your servers, your friends list, your DMs, and voice chat. The only thing that changes is you won't be able to access age-restricted content or change certain default safety settings designed to protect teens. Nothing else about your Discord experience changes.
Seems sensible. Still, if Discord asks my name, I'm out. It's not like I'm using it very much anyway. I know it's a different thing for people whose communities live in Discord.
I'm not sure how interesting or meaningful this is, but I know a lot of people were discussing this before implementation, so I thought people might like to see this, although I don't know if it really resolves concerns, or just minimizes them.
I mean, in the end, it’s driven by laws written in the UK, many EU countries, Australia, many US states, with more being drafted.
There’s no escaping from laws. The only way to stop such things is at the ballot box.
Any open source alternative would also be subject to things like the UK’s OSA. Just see large mastodon servers.
Discord wanted to be a good boy to get ahead of more laws (see: Reddit being fined by the UK for not doing ID verification of age), but this reversal will only be temporary. As a company, they have to follow laws.
Companies need to flex their influence and just start geoblocking areas with such legislation. Don't comply with the laws, take the toy away for everyone in the bad jurisdictions until people remove those responsible for the legislation.
I agree because I disagree with internet identification. I also can't deny that it would set a bad precedent. There have been so many consumer friendly laws enforced by the EU that I benefit from, I'd hate for these companies to "just flex" and ignore those laws just cause they can.
If any and all international compliance breaks down there's nothing left.
In the end it boils down to “we’re waiting until we can try convince you to be less mad”. The same concerns still exist, and if their plan in the second half of the same year is to just try the same with more time spent on blog posts, I don’t see why the reaction should be different
we really need a better form of verification that is not uploading your face or id directly to these companies… something through the government that gives a simple code that returns a list of restrictions or not.
There’s been some decent conversation in cryptography circles about some kind of zero-knowledge proof system. It would require a trusted authority to verify your age one time, and they would issue you a digital token. After that, the token could be used to answer a specific question like “is the bearer of this token older than X age?” and return an authenticated yes or no without leaking your birthdate or any other information to the asker.
By itself, it doesn’t solve the problem of guaranteeing the token-bearer is the person it was issued for, but it’s by far the most privacy-respecting option and makes all these face-scanning, ID-retaining startups look like overengineered ticking time bombs.
It seems like a really robust system could be built atop zk-SNARKs… and in the meantime I’m personally not comfortable with any alternatives to that.
As someone who formerly worked for a company that is pretty much a "overengineered ticking time bomb" I think it's just a hard problem to solve, especially in a reusable way.
shit -- better than the current systems. It seems like a fairly easy solution to a very compromising problem. It solves so many issues -- like the absolute gong show that is the social security numbers etc.
In Portugal, this is how the age verification system is being implemented.
We already have a system to sign in online with our real ID. They call it a digital key, and it basically lets a site access certain legal information about you (what information is being shared is displayed to you before you press accept) to verify your real identity. This system is typically used by government sites and banks, since those are the two places that actually require strong verification.
What they're going to do for age verification is repurpose this already existing system (read: create a separate pipeline specifically just for age verification, so sites don't have the API permissions to request any other info) so that all a website gets when they check your age is a yes or no. They don't get the actual age, only a token. The government's database is the only one that has this info and never passes it along. They're the only ones allowed to keep your data, which you've already given them when you were born and registered as a citizen anyway.
As far as systems goes, this is the one that seems the most sensible and I'm glad I won't have to upload a photo of my ID to a random website, something I'll never do regardless.
In the US a parent/guardian can add a minor to an account and they can have a credit card issued in the minor's name (since it's technically illegal to use a card not in your name). I imagine there are also provisions for emancipated minors. To a vendor, the minor appears as a valid credit card holder. A vendor would be unaware who is the primary account holder.
You can also open a bank account in most (all?) states at 16 with parental/guardian approval and be issued a debit card. Debit cards do appear as debit and not credit to a vendor, but they wouldn't be able to determine the age.
Things might have changed in the 20+ years since I was that age with a credit card and debit card though.
Many adults also may not be able to get credit cards if they have bad credit. It also still has the same issue of de-anonymization, which is the real point of all of this: monitoring and control of speech for fascist ends.
This was never a problem that needed solving, merely a manufactured hysteria to ram though tools for controlling the public and further shaping public discourse.
discord can take CCs but not every adult has one. balooga's method really would solve the problem. It also takes the auth away from visa's near monopoly.
It depends on the specific law whether or not that works. The UK’s OSA allows credit card existence as verification, but the laws from US states do not.
This feature should also go a long way to help manage servers without age gating channels.
A new spoiler channel option. We know many communities use age-restricted channels not for adult content, but for topics people prefer to engage with on their own terms: spoilers, politics, and heavier conversations. We’re building a dedicated spoiler channel option so communities don’t have to age-gate their server just to give members that choice.
sparksbet | 5 hours ago
Ultimately I think this is about as good of a response as they could have given without completely abandoning the concept -- and I think they're right to point out that they can't completely abandon the concept of age verification due to the existence and proliferation of this type of legislation. Assuming they're telling the truth here, I think this is about the best I could expect from them (and I'm really glad they're publishing the technical details of their automatic age verification).
GunnarRunnar | 6 hours ago
Seems sensible. Still, if Discord asks my name, I'm out. It's not like I'm using it very much anyway. I know it's a different thing for people whose communities live in Discord.
[OP] updawg | 6 hours ago
I'm not sure how interesting or meaningful this is, but I know a lot of people were discussing this before implementation, so I thought people might like to see this, although I don't know if it really resolves concerns, or just minimizes them.
stu2b50 | 6 hours ago
I mean, in the end, it’s driven by laws written in the UK, many EU countries, Australia, many US states, with more being drafted.
There’s no escaping from laws. The only way to stop such things is at the ballot box.
Any open source alternative would also be subject to things like the UK’s OSA. Just see large mastodon servers.
Discord wanted to be a good boy to get ahead of more laws (see: Reddit being fined by the UK for not doing ID verification of age), but this reversal will only be temporary. As a company, they have to follow laws.
redwall_hp | 2 hours ago
Companies need to flex their influence and just start geoblocking areas with such legislation. Don't comply with the laws, take the toy away for everyone in the bad jurisdictions until people remove those responsible for the legislation.
CptBluebear | an hour ago
I agree because I disagree with internet identification. I also can't deny that it would set a bad precedent. There have been so many consumer friendly laws enforced by the EU that I benefit from, I'd hate for these companies to "just flex" and ignore those laws just cause they can.
If any and all international compliance breaks down there's nothing left.
Macha | 5 hours ago
In the end it boils down to “we’re waiting until we can try convince you to be less mad”. The same concerns still exist, and if their plan in the second half of the same year is to just try the same with more time spent on blog posts, I don’t see why the reaction should be different
zod000 | 5 hours ago
This does nothing to resolve the main issues and they know it. They are just trying to minimize the backlash.
tomf | 4 hours ago
we really need a better form of verification that is not uploading your face or id directly to these companies… something through the government that gives a simple code that returns a list of restrictions or not.
balooga | 4 hours ago
There’s been some decent conversation in cryptography circles about some kind of zero-knowledge proof system. It would require a trusted authority to verify your age one time, and they would issue you a digital token. After that, the token could be used to answer a specific question like “is the bearer of this token older than X age?” and return an authenticated yes or no without leaking your birthdate or any other information to the asker.
By itself, it doesn’t solve the problem of guaranteeing the token-bearer is the person it was issued for, but it’s by far the most privacy-respecting option and makes all these face-scanning, ID-retaining startups look like overengineered ticking time bombs.
It seems like a really robust system could be built atop zk-SNARKs… and in the meantime I’m personally not comfortable with any alternatives to that.
phoenixrises | 3 hours ago
As someone who formerly worked for a company that is pretty much a "overengineered ticking time bomb" I think it's just a hard problem to solve, especially in a reusable way.
tomf | 3 hours ago
shit -- better than the current systems. It seems like a fairly easy solution to a very compromising problem. It solves so many issues -- like the absolute gong show that is the social security numbers etc.
Please make this and get rich. :)
Sheep | 2 hours ago
In Portugal, this is how the age verification system is being implemented.
We already have a system to sign in online with our real ID. They call it a digital key, and it basically lets a site access certain legal information about you (what information is being shared is displayed to you before you press accept) to verify your real identity. This system is typically used by government sites and banks, since those are the two places that actually require strong verification.
What they're going to do for age verification is repurpose this already existing system (read: create a separate pipeline specifically just for age verification, so sites don't have the API permissions to request any other info) so that all a website gets when they check your age is a yes or no. They don't get the actual age, only a token. The government's database is the only one that has this info and never passes it along. They're the only ones allowed to keep your data, which you've already given them when you were born and registered as a citizen anyway.
As far as systems goes, this is the one that seems the most sensible and I'm glad I won't have to upload a photo of my ID to a random website, something I'll never do regardless.
indirection | 3 hours ago
Discord can accept credit cards, at least in the US, because they are only given to people over 18.
sparkle | 3 hours ago
In the US a parent/guardian can add a minor to an account and they can have a credit card issued in the minor's name (since it's technically illegal to use a card not in your name). I imagine there are also provisions for emancipated minors. To a vendor, the minor appears as a valid credit card holder. A vendor would be unaware who is the primary account holder.
You can also open a bank account in most (all?) states at 16 with parental/guardian approval and be issued a debit card. Debit cards do appear as debit and not credit to a vendor, but they wouldn't be able to determine the age.
Things might have changed in the 20+ years since I was that age with a credit card and debit card though.
redwall_hp | 2 hours ago
Many adults also may not be able to get credit cards if they have bad credit. It also still has the same issue of de-anonymization, which is the real point of all of this: monitoring and control of speech for fascist ends.
This was never a problem that needed solving, merely a manufactured hysteria to ram though tools for controlling the public and further shaping public discourse.
tomf | 3 hours ago
discord can take CCs but not every adult has one. balooga's method really would solve the problem. It also takes the auth away from visa's near monopoly.
stu2b50 | 3 hours ago
It depends on the specific law whether or not that works. The UK’s OSA allows credit card existence as verification, but the laws from US states do not.
Eji1700 | 3 hours ago
I basically agree with everything else said, my only thought is maybe they missed a tech deadline as well and had to push anyways.
Slystuff | 38 minutes ago
This feature should also go a long way to help manage servers without age gating channels.