Good arguments there, and for once addressing privacy-preserving age verification.
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
> There absolutely is you're just not aware of it.
Can you show here that you understand how privacy-preserving age verification works?
I mean the rest of your message really, really sounds like you don't. Don't get me wrong: I do agree that identity verification is bad. But it is not okay to say "I know of a system that is bad, and I don't know the nuances of how it could be implemented in a better way, so I will just assume that there is no better way".
Sure but that absolute opposition hasn't, as far I can tell at least, achieved an iota of success. So it's largely a self indulgent merit badge than an actual strategy.
Democracy is not "they" vs "us". Democracy is not "opposition has to be absolute". What you describe here is extremism. If you believe that anyone disagreeing with you is an extremist and that the only viable way to react is to be an extremist yourself, well... you are the extremist. Whether you are fighting extremists or not (this "they" you conveniently do not define) is unclear, though.
Why should you be able to traverse the internet anonymously? You cannot traverse real life society with the same expectations. Majority of the people traversing anonymously are doing so because they are routine troublemakers and do not want to bare consequences for their malicious actions. The ones fighting for this complete anonymity but not doing crime are naively just sweeping for bad actors.
One of the things that I liked about the old, text-based internet was the anonymity it provided. I particularly liked being able to engage in discussions about things that interested me without being sexualized, since nobody needed to know I was a teenage girl. No creepy messages, no looks up and down, no having to figure out ways to turn someone twice my age down without worrying if they'd react dangerously, no having to leave because someone more integral to the group was a creep and nobody would accept it if I spoke up, no worrying about my small statue making me a target for physical intimidation, etc.
(Now I am old, so it's different.)
It was very freeing to be able to talk about my interests (e.g. space, web development, and video game modding) without being subjected to the bullshit that people brought to the table if they saw me.
Not sure what you mean. I am totally against surveillance capitalism and TooBigTech. I am in favour of end-to-end encryption and privacy-preserving tech.
I shouldn't have to show an ID to buy a newspaper or to load the website of a newspaper. On the other end of the spectrum, I should not be allowed to buy a gun without showing an ID (and all sorts of other constraints).
Somewhere in the middle, I understand that we don't want to expose 8 year old kids to pornography, but I don't think that one has to wait to be 18 or 21 to be allowed to access it. Same for social media. Where and how exactly we set the limit is a societal choice to make.
I also believe that "living in a democracy" doesn't mean that "everybody agrees with me, always". Many times I am in the minority. What matters is that people are informed. Telling them that if they disagree with you they are either bad parents or fascists isn't constructive, IMHO.
There is a solution, it is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech. more consumer rights, in other words - that’s why this solution comes off as authoritarian, because there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
> there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
If you think that privacy-preserving age verification is the most authoritarian way to tackle this problem, then you really, really don't understand authoritarianism.
Now if you have tons of better and practical solutions to tackle this problem, I would suggest you start writing about them. I haven't read a lot about those solutions (other than "just ask someone who is not me to do it"), what I hear is mostly people yelling that only bad parents and fascists disagree with them.
I did. the burden isn’t on me to explain it to you, comrade. maybe you could start by actually addressing what I wrote. Or are you now expecting me to draft up a legislation draft before you’ll address my post? These types are always the same.
> [the solution] is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech
Pretty sure it has been tried in some countries, and the solution that those companies were happy to implement was... identity verification. There was a drama about Discord doing this, recently.
> Or are you now expecting me to draft up a legislation draft
Not at all. Just give me the name of a viable solution, so that I can search for it. It doesn't take a full day to write something like "privacy-preserving age verification", does it? I can't easily search for "JohnMakin says there are many good solutions, which ones are they?".
> Many people genuinely want to find a solution that is better for the children
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
That's the thing: it's not trivial to know what is possible and what is not. If you look at the messages in HN, many (most?) messages about privacy-preserving age verification are (at least partially) wrong. Tech-savvy people clearly do not understand the technology in details, and somehow they assume that normies do understand and are simply fascists or lazy.
It is my opinion that telling a normal person that they are a bad parent (or a fascist) because you disagree with them is probably not the best way to convince them.
I believe in democracy, which means that I don't call everyone disagreeing with me a fascist. In a democracy, if most of the population wants privacy-preserving age verification and I don't, then I am in the minority and must accept it. My role as a tech-savvy person is to help "normies" understand what it implies. Again, not to tell them that they must be fascists if they disagree with me.
Parents need to either control the internet, or control their children’s devices and screentime. The latter sounds like the obvious option, except that Google wants every second grader to have a school-mismanaged chromebook and Google wants to mediate control of the internet, and by pushing parents to the former they win on both fronts.
What about this: go ask parents why they allowed their kid to get a smartphone and access to social media, and only then decide whether they are morons, fascists or just bad parents?
I have a simple example: when all the kids have a smartphone, it is very hard to tell your kid that they cannot have one. When all the kids have a shared culture built around social media, it is very hard to tell yours to not conform. "It's okay my son, you don't need friends. Anyway the parents of all those kids are bad parents".
I don't have children, but it doesn't sound completely weird that parents may say "we should prevent most kids from accessing social media, so that my kid wouldn't be the weirdo if I don't let them have access".
In many school districts, unless you can afford private school or homeschooling its hard to tell a kid they can't have an iPhone, but impossible to tell them they can't have an iPad- at age six!
Age verification literally already exists in a way that doesn't require orwellian centralized control. The <meta rating> tag has existed for decades. If you want to restrict access force websites to apply these tags, then use a browser that obeys them. Parents control what their kids access, mostly, like it's been since forever.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
> Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
You (and many others) frame it as "the government versus the people". I think this is extremely naive.
Many, many, many parents are in favour of preventing social media access to kid, assuming it is done in a reasonable way. For instance, having a police officer follow every kid everywhere they go 24/7 is not a reasonable way, and everybody agrees on that. Now what if there was a reasonable way?
Ask yourself this: do you believe that privacy-preserving age verification is not a reasonable way, or do you know it? In order to know it, you have to understand how the cryptography works at some reasonable level. Do you? Most comments I read online come from people who believe and then repeat arguments they have read that confirm their beliefs.
I was noting that the Mullvad article actually addresses ZKP (which is good and a very rare thing), but that I found it was a bit evasive in a way that feels slightly manipulative to me (probably not on purpose).
> I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship".
It is worth recalling that "authoritarian" is a relatively neutral label for a political philosophy (like "liberal", "democrat", "capitalist" or "socialist"). It isn't that people are name calling, it is that authoritarian policies - like this one - consistently cause more harm than good. The label is basically a slur at this point because the disasters that the authoritarians trigger often veer into being massive and appalling spectacles. People tend not to be very evidence-based, so the people who lean authoritarian tend to try and rebrand to avoid being tarred with their philosophy's consistent failures, but it is still authoritarianism.
But the productive path forward isn't to try and be nice to the authoritarians and accommodate them with the rebranding. It is to adopt liberal policies. Like letting people read and comment anonymously on the internet.
I appreciate the comment, but I feel like you miss my point in a way that is (not purposely) manipulative, again.
I don't think that we would call "authoritarian" someone who would ask for, say, guns control. Or at least we wouldn't call "authoritarian" someone who is in favour of having more than 0 law, would we?
You are being manipulative by saying "If you want a law that I don't want, then you are an authoritarian. I mean no offence, it is just what you are". But reality is a lot more nuanced than that.
The vast majority of people who are in favour of age verification are not authoritarians. They really just consider "should kids have access to social media? Not until they are old enough". Whether or not it is technically possible is outside their knowledge. And the fact is that for age verification, there are technical solutions that are privacy-preserving (unlike e.g. ChatControl which is fundamentally building surveillance infrastructure).
And even for ChatControl: people who say "I would be in favour of a magic backdoor that would only work for the well-intentioned good guys" wouldn't count as "authoritarians", would they? It just so happens that there is no such thing as a magic backdoor, so they cannot have what they want.
What political philosophies do you think lay claim to these age verification laws?
There are a couple that aren't against it, but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian. Otherwise, you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them. There are alternatives here that are less authoritarian. Policy makers and the people supporting them don't want to use those approaches, because they support taking a more authoritarian approach.
These policies, in practice, are literally authoritarian policy. It isn't the most extreme form of it, but it isn't authoritarianism because I don't like it. I don't like it because, objectively, this is authoritarianism and authoritarianism tends not to work. Otherwise all the research I've seen suggests that kids shouldn't be using social media. If this wasn't likely to take out huge chunks of the healthy political dialog on the way it'd probably be tolerable.
If it is manipulation to point out that this is part of a class of strategies that have a history of horrible failures, then you have a very confused understanding of what manipulation is. This is an absolutely classic authoritarian "we can't just let people talk to each other however they like without the authorities being involved" play.
> but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian
I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
> you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them
How do the social media companies already know? Because they track everything? But if they ban kids, they don't track them anymore, do they? Or are you saying that social media companies should be able to track everybody everywhere, such that they can profile them and ban them from accessing social media?
> I don't like it because, objectively, this is authoritarianism
You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
> I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
The reason people are getting called authoritarian is because ZKP proofs are a massive and obvious improvement on what is actually being implemented. Can you point to anywhere that has implemented ZKPs? The linked article suggests that is quite hard to do.
I wouldn't be using an American IP right know if my local age verification laws required ZKPs.
> How do the social media companies already know?
They ask you your age when people sign up. That's good enough for me - I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
> You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
I haven't seen anyone complaining about that. Sounds like a non-issue. Why would anyone over the age of around 18 care? You should consider reading the linked article if you don't understand what the complaints people are making are. The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
Mullvad isn't writing this blog post because of the huge numbers of 12-16 year olds shelling out cash to them. It is because the authoritarians are making a play to destroy a sizeable chunk of the open web with a likely follow up of cracking down on free speech.
> The linked article suggests that is quite hard to do.
It's technical, just like getting E2EE right. Doesn't mean it's hard to use, as proven by the fact that billions of people use E2EE in WhatsApp and Signal without even realising it.
> I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
You seem to have a Manichaean view of the world. There is room for nuance between "let kids lie by clicking 'yes'" and identity verification.
> You should consider reading the linked article
Did you read it? There is a whole section that is titled "The Zero-Knowledge Proof alternative and the EU".
> The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification, and they criticise the infrastructure enabling identity verification. And then some more "slippery slope" arguments that are worth what they are worth (with the same kind of reasoning, we shouldn't have gun control, because the next step is to control everything, right?).
> Mullvad isn't writing this blog post because
Mullvad sells some kind of privacy (as much as a VPN can offer), and here they share their opinion about age verification. With which I mostly agree: the only viable age verification implementation is through ZKP. I tend to disagree with the slippery slope argument, and that "the government abuses everything they can". If you think like that, doesn't that make you an anarchist?
And your data on all those platforms - Google, Apple, Facebook, Twitter, etc. are ALL building comprehensive profiles on you, selling your data, and probably tossing it straight to the government in one way or another.
You can't sign up for a Facebook account without giving a live selfie.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
Indeed, well before Clearview, Facebook demonstrated they can identify faces and asked people to tag people in it, creating one of the earlier massive facial ID databases.
You find it to be a negative that banks require identity verification to drain an account? Personally, I would refuse to keep my money with a bank that doesn’t do this.
most banks using faceid won't accept you go to a branch. because they contract with a provider who makes more money from building and selling a database than to fulfilling the contract with the banks.
> they accept money and direct deposit still with no KYC. But to get the money out? Oh no! We need a picture of your face!
Unauthorized deposits aren't nearly as much of a concern as unauthorized withdrawals, right? I'd imagine that there are far fewer malicious actors that try to deposit money into random bank accounts than there are ones that try to withdraw money from random bank accounts.
> And there’s no option for going in person.
Won't an in-person bank also take pictures of you via security cameras? I don't really understand your objection here, could you elaborate?
It used to be that you could expect to not have your likeness captured and transmitted to third parties for their AI model training and who knows what other nefarious purposes.
It seems like all expectation of privacy and anonymity evaporated in the last 5 years.
A bank's security camera feed isn't likely to be sold to dozens of companies.
It is all but guaranteed for Internet-based facial recognition services.
Hacked facial recognition data already is reportedly being used by scammers to not only bypass bank security but also to impersonate people to target their loved ones.
There is no lasting security gain by providing a selfie. There is a lasting security and privacy loss, however.
Additionally - furtherance of facial recognition technology would impact travelling to foreign jurisdictions.
One of the most common ways foreign travellers get flagged when travelling internationally is for social media posts made under their own name that their destination country's government may not like. Traditionally if you've kept yourself pseudo-anonymous, you've largely been safe. But if we get to a point where pseudo-anonymous accounts are associated with pictures of people's faces, it will become significantly less pleasant to travel internationally for a lot more people.
Asinine requirement by whatever risk management firm they use. A selfie provides nothing in terms of lasting security while simultaneously adding permanent risk.
Have you ever considered that it’s a front? You may think that store that never has customers is just run incompetent business people, but in reality the real objective is not the one you believe it to be, and it’s actually great if you were to refuse understanding that.
I've found that framing topics like this as primarily a pretext for different motives is a sure-fire way to be ignored by people you may want to convince.
As always, the goal in convincing others is to take someone from their current understanding and bring them closer to yours. You can't get there if you don't start the topic at their current understanding of it.
I'd consider it a negative that they trust a shitty webcam / selfie camera to cut the expenses of having an actual office with trained personnel.
Who aren't flawless of course, but selfies have been easily circumvented with photos or video game cameras.
Hell, at one point we had to implement age verification for a Japanese tobacco product website via a 3rd party vendor, I just used the wiki page's picture of a Japanese ID to test it, worked fine.
FB's policy on this is patchy. I've known people who have had accounts for years, who were suddenly asked to provide a selfie - often after posting political content. Their accounts were then either locked down permanently, or unlocked.
I also know people who created accounts from scratch without needing a selfie while connecting exclusively through a VPN. (Only some VPNs, work apparently.)
Supposedly FB uses device ID tracking, so if you're picked for selfie ID on a device and try to create an alt, you'll be selfie-ID'd again.
Using a different browser on desktop solves the problem for desktop but not for mobile.
And so on. Basically it's doable, sometimes. And sometimes it isn't.
I’ve configured my browser to disable certain tech like webgl, I get infinite captchad by google. Using vanilla chrome works fine. It might not be full blown attestation but it’s not great.
Fuck you google for ever thinking infinite captchas are acceptable.
"might as well abuse this tosser to train the AI a bit. Free compute and classification, hey!" - or so, I guess. They immediately know they'll never get you through :)
You don’t “have to”. They’re requested when travelling to the US - but from my experience it’s not enforced (at least not consistently, I’ve never been asked why it was blank on my forms)
I thought so too, and said so at a meeting at work when some colleagues were unwilling to travel to the US.
It turns out close contacts of some of my colleagues have been asked to show their Facebook accounts at the US border. There was a recent rule change about it.
Are you referring to financial accounts or social media accounts? (If social media accounts, I'm guessing you're referring to the US specifically, and during advance visa processing rather than at the border.)
this is reason enough to close the vast majority of them. if you're engaged in discussion, that's one type. the doomscrolling types, more addictive but very much more disposable.
That’s to post something on a garbage social media like Facebook. Facebook owns their site, so I believe they can require whatever they want, and your option is to not use them. Other services requiring Facebook (or an Apple or Google phone) and everyone using Facebook are separate problems, that should be handled specifically; I think it’s easier to leave Facebook than coerce Facebook into decency.
Fortunately on Hacker News, you still only need a username and password. And if spam is an issue, on lobste.rs you only need an invite.
It’s the end of large scale “global village” social media - good riddance if you ask me; I’ve left it years ago for more private spaces.
I wonder though how it will affect places like 4chan. I don’t really know if it’s still as anonymous as it used to be but that’s like a cornerstone of their existence.
Fun fact: America invented the social credit score, long before China, and they still have it. The only difference, is the lack of the word "social" in the system's name, but it's the same system.
“Introducing age verification is based on the state being able to force social media companies to verify their users’ identities”
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
> Nobody forced them to use their real names and post countless pictures of their faces alongside
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
> EU law gives every citizen a right to a bank account.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
There isn't much left of the free Internet anyway. Search engines no longer work, all discussion forums are ranked/censored by interest groups, mail delivery is between large entities.
Maybe we need an alternative set of root servers for a free Internet.
And content is increasingly produced for, and by, machines. Human initiative and/or access is increasingly incidental.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
Perhaps, but in both cases, I think that the principle problem is attempted control at the wrong portal.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
Would be nice to see something referral based. If you don't like X, block them. If X invited Y and Z and their invites behave poorly, you can block the whole tree. Kinda like lobste.rs referrals but for wider internet
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
Aside from social dynamics, a chief issue is that if you're relying on this as a mechanism for content filtering, personal relations have low predictive value.
E.g., I may really like a person's content, but not their curation or referrals to other accounts. Conversely, I might not care for a person, but their recommendations may be excellent. More common might be the case that a given account produces little or no content of their own, but makes reliably predictable (either good or bad) recommendations, which would be useful for further filtering. Or the highly verbose individual who emits a constant stream of near-drek, but an occasional diamond.
Content production, content curation, and talent spotting are all distinct skills. Success or lack in any one says little about the others. This is where Bayesian indicators (including relationships and referrer / invite relations) would probably be more robust.
That said, tainting an entire invite tree is likely useful, with a caveat that if a particular invitee has an independent, untainted, relation, they might be worth following.
In practice what I've found most useful is to have a pretty tight primary list of follows, ~50 or fewer, and a slightly broader secondary list. Allow recommendations be default (that is, re-shares / boosts), but curtail those too if problematic. Be quite liberal in blocking / muting anything in the least bit annoying or problematic.
Or participate in a selective group with excellent moderation. HN isn't quite there, but it approaches this ideal more closely than any other major forum I'm aware of presently.
Not true at all. Even small, insular, just-a-few-hundred users PHPBB-style forums have to run Cloudflare or Anubis to try to stem DDoS-style scraping, and have a constant patrol of moderators to stop AI spam posts.
Outbound mail gets harder every year as opaque reputation systems flag mailer daemons as false spam positives.
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
>Maybe we need an alternative set of root servers for a free Internet.
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
I would suggest that we should not conflate the internet with these corportate platforms. The internet still works fine for now. I can still stand up my own DoH resolvers, forums, chat servers, email servers, DNS servers, vpn servers, etc... Many social circles are bound to have a tech-nerd one or two layers removed. That used to be a pejorative.
The hardest part is the psychology. People think they have to be on the big platforms as that is where their friends and favorite streamers are. Willpower can bring back the old platforms onto the current fast internet. Critical and free thinking people can choose to ignore the big platforms if they wish. People can go to local stores to buy most things. There are arguments for and against all these points but I am choosing the aforementioned options and accepting the psychological challenges.
People can use old style self hosted platforms as a "fallback" and once people realize it is more private and they can speak freely amongst their friends it can get comfy real fast. Glowies are seething.
Some friends and I have private forums and chat servers. We talk shite all the time about Reddit threads yet none of us have Reddit accounts. We talk about HN threads, brain rot on Twitster and many other platforms free of censorship, free of voting brigades, people trying to force narratives, etc... Oh and most important, free of "AI".
Growing up I remember all the ads about avoiding narcotics talking about getting hooked on free samples and then going to jail for theft and/or possession. The people behind that propaganda didn't know drugs do cost money, dealers being dorky teens and twenty-somethings who are about as dangerous as a butterfly. But this propaganda also illustrates how some elements aren't very bright. The internet age with free email, free social media, etc. got everyone hooked and now Zuckerberg, et al. are giving doe-eyed, hat-in-hand, and crying poverty. If people were wise to those PSAs, past and present, they'd see how the loyal opposition has been playing with their cards face-up on the table under the guise of good intentions. Much like the pedophile scare during the teens, pun unintended, with Comet Ping Pong and then come 2024 it's revealed Epstein and his cadre of deviant cronies were doing it all along while deflecting poorly to innocent parties. Goodness knows what else is still right in front of our noses but their reality hasn't come to fruition in the zeitgest.
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
Do you have personal experience with going to high school parties and drug dealers being there trying to get you hooked on drugs? I ask because the scenario you're presenting here sounds like something out of a movie or TV show, and not real life.
You understood the opposite of what I wrote. Read the comment again, it's not about being hooked on drugs at all. It's about having them on the hook for blackmail.
And yes: Taking drugs or hanging out with people who take drugs is enough "kompromat" for a teen to then be extorted by drug dealers, because they don't want their parents to know.
Especially in countries where the law looks very lightly on extortion, looks very favourably on "young offenders", and is very lacking in empathy for young victims.
Not to mention: Do you think a 15 or 16 year old wants to go to the police and tell them that they are being used by drug dealers, when the first thing the police is going to do is also book the teen for drug use?
Drug dealing aren't just Mexican cartels or hood gangs, it's a network with branches into everywhere, and they need a constant supply of victims. Read some court proceedings from low-level drug cases, and you'll see how these criminals operate. It's not like TV.
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
It's going to come soon. Very soon. I mean they have started in the physical world by regulating 3d printers and cnc machines to submit what they are making to an AI to make sure they are not making gun parts.
This is why you don't rely on AI too much. An LLM may be able to decide what you can do if you run it via OpenAI or Anthropic's servers, but a text editor and your programming language of choice just does what it's asked to.
Alternatively, open source community software run by folks in a country that doesn't have any age verification laws/don't care less about them.
Just run it locally. On your laptop that now needs 128GB of memory and costs $4500. Oh and your AI chip is out of date in a year, and can't run the latest shit.
>and that you can no longer post anonymously on social media. You cannot be certain that your criticism of the government will not be followed up by the authorities.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
> did you think fifteen different three letter agencies weren't already watching you?
I think there was a reasonable expectation of anonymity, at least relative to other users. In the past you could access facebook with a VPN/proxy (and for a brief time, even tor) and use any name you wanted. But with forced identity verification you lose that little bit of anonymity.
One very simple way to give parents control over what their children see and participate in without violating everyone else’s privacy is to create adult and social TLDs and require these sites to migrate to them. So instagram.com becomes instagram.social, etc. Then mandate that all consumer network equipment mfrs and internet providers provide easily accessible ways to block these TLDs. Maybe combine that with some public education materials to teach less savvy parents how to do this.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
Block how? You can block sites now and all it takes is a proxy/vpn to get around it. Nothing short of personalized age verification will work. The best we can do is make sure the age verification system is centralized by the government. The client sites can’t see who you are and the centralized government server should not be able to see the sites you visit.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
Whether such a system could be bypassed by a VPN would depend on exactly how the age verification works and whether said government decides to ban the use of VPNs.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
>Nothing short of personalized age verification will work.
Specifically, daily personalized age verification by the specific app/website, not by a third party.
>The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you.
Well, the government has the right to request proof that the company in question is properly conducting the age verification process. This means that the companies performing age verification will keep your personally identifying information (PII) and maintain an association between your PII and your account/activity on the platform.
On a different note, the government has the right to gather evidence of criminal activity, where the definition of "criminal" is under their discretion and if there happens to be a convenient stash of information that can be linked to your person, that's just a happy coincidence.
Reminder that the internet was created to be live and a indestructible means of reaching one and another, none of what you wrote can meaningfully do what you think it would.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
There was some optimism with .xxx that adult content producers would voluntarily switch over. Spoiler: almost none of them did, except for domain name availability reasons.
This is such a naive take, I see it a lot. Have you considered they can:
* Buy one themselves
* Get / use a friend's
* Use public internet access points
* Need one for school
* Use the smart fridge / tv / gaming console / anything with a browser
* Access stuff in Minecraft, Roblox, etc
You can only stop it by going offline and raising them in a cabin in the woods, which is a whole other thing.
What you can do is give them The Talk, of course (but that only helps / prevents to a point, it's more to prepare them for what they may find or how they can identify problematic things). And the other is to push back as a community effort, with e.g. many schools banning kids from having phones in the first place.
Have you considered that even if unwanted material was only accessible in physical form with age restriction for buying. Like porn magazines, cigarettes or alcoholic drinks, kids can still access them and find a way around it. You can ask older generations. Perhaps you can't stop it by "going offline and raising them in a cabin in the woods".
Best is to assume they have access to it one way or another if they seek it. The discussion should not be about banning vs allowing, it should be focused around how to deal with situations that arise regardless.
Education about the subject and why kids shouldn't seek access is quite effective, additionally they will be informed once they are allowed access. Think about how the last decades saw a sharp decline in smoking and alcohol consumption.
One problem (there are others) is that it's not always possible (or easy) to not give your kid a smartphone, or access to social media.
Imagine that your kid doesn't have those and is having a hard time at school because all the other kids do have them. They have a whole culture based around those, and your kid is excluded from it. What do you do? Tell your kid that it's okay to wait 10 more years before hoping to not be excluded?
What this misses is that many parents do allow their children to access social media because kids need to conform. If all the other kids have social media access, your kid is excluded by not having access.
Is it better to have TikTok AND friends, or no TikTok and no friends? Sure, the best is no TikTok and still have friends, but you can't always have it all.
Mullvad VPN is great. Mullvad Browser is a great balance for preventing fingerprinting and also usability vs the Tor Browser. Most browsers I've found, even ones with claimed fingerprinting protections, are easily traced by fingerprint.com and other tests. Mullvad beats it.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
Current policy is victim-blaming: it excludes from social media potential victims (children) but allows perpetrators (convicted csam users).
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
i never read a nat geo where a young girls innocence gets destroyed in 4k ultra hd , either way based on the behaviour of our ruling class it seems likely that the pedophiles are the ones instituting these laws
The problem is kids on social media. This doesn't need to be a problem for anyone except social media companies and social media users. Sloppy policymaking is making it a broader problem, but I don't think this is some nefarious scheme (at least in the U.S., it looks sketchier in Europe). It's just policymakers pulling the first proposal off the shelf to respond to intense demand for a policy from voters.
I don't think we have to accept that "kids on social media" is inherently a problem. I don't think kids on a 2005-era-myspace social media would be a problem. As I see it, "social media" is now defined as the highly addictive and exploitative products from Meta et. al., and we shouldn't have to destroy any semblance of free or private internet so that they can't be hindered in any way from making the maximum amount of profit and influence regardless of the harm it causes kids (and adults, too).
We've basically accepted the premise as a culture that exploiting adults is fine. Exploitation is so heavily baked into our culture that pushing back on it would cause too much upset.
If you're below 18, you deserve protection. Above 18? Good luck, babe.
I think one of the unintended consequences of age verification is going to be a whole host of unprepared 18 year olds getting full access to social media and getting absolutely one-shot by it. Think credit card sign ups on college campuses or predatory car dealerships near boot camps. There are going to be a lot more 18 year old boys gambling away their student loans and 18 year old girls signing up for OF, but it'll be fine, because they're 18! Not to mention they're going to be scam targets on the level of the elderly. And if you're exploited/scammed as an adult, it's your own fault.
Age verification/restriction without an educational component of some sort is just creating a future cohort of extremely vulnerable young adults for companies and bad actors to sink their teeth into.
Age verification is a project 2025 backdoor to ban porn, and also a way for Meta and others to advertise much more aggressively without violating age restrictions, and also a mass surveillance opportunity for the government. It is definitely not for the children or anyone’s safety. It threatens the most basic civil rights we have like free speech. The fact that so many people blindly support it is really depressing and disturbing.
The "First they came for the Communists" logic still holds. When government able to open the flood gate, the mandatory ID check will be slowly and surely be everywhere.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
Dont forget what kicked this age verification in first place. Initially they wanted do age verification for porn, and only year later they moved into social media seeing there's wasn't huge pushback.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
"Will the police stop and search people on the street looking for unauthorized phones? Prison sentences for buying a non-state computer on the black market? Charges of organized crime for smuggling in containers of open-source software on USB sticks?"
Come on, do people seriously believe this will happen?
I've really enjoyed playing around with https://github.com/markqvist/nomadnet and the reticulum protocol in general as a peer-to-peer alternative to www
The article says that California "will require identity verification at the operating system level starting in January 2027", but that isn't true. The bill [0] only requires that operating systems collect age information on account setup and then provide which of four buckets the age falls into. It's not requiring any kind of identity verification by the OS. It's just a box you fill in when you set up the computer.
I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
This put the power in the parents hands. They can set up their kids computer with a kids account and then all software and web services can just ask the OS if the user is an adult rather than all requiring their own ID verification.
I don't think it is overreach since its fairly simple to implement and non obtrusive. We have had multiple decades of failure from tech companies already to prove that they won't act on their own.
If you are putting individual parents up against Meta, Google, etc, the big tech companies easily win. As we have seen already.
> I don't think it is overreach since its fairly simple to implement and non obtrusive
Those two things have absolutely nothing to do with one another. Something being easy to implement is completely unrelated to whether forcing its implementation is overreach.
It's the State's responsibility once something affects enough people. That's why a law like this makes sense but should exempt OSes under some number of users. It's not great that we have such a harsh divide between "do whatever you want so long as not too many people are bothered" and "alright now the people have spoken and it's a State/national law," but it's the system we have and better than the people only getting a say with their wallets.
This conversation makes me wonder if age verification at the system level could be considered an externality for its cost to society as a whole, and the solution be to collect tax from any commercial sale of a desktop OS that doesn't implement a defined open standard. If there is any money raised it could be used for eg. education pieces on harm and harm reduction
Maybe it doesn't work in this case, but I think you both make great points. Just feel like there must be a way of bridging this gap
The state requires things sold to meet a bare minimum of safety. Cars sold require seat belts, movies/games sold require ratings. Devices sold have a meaningful parental controls flow.
Seat belts aren't forced on you - if you want to not use them and face the risk of fines, you can do so. Media ratings systems are informational, you can choose to let your kids watch R rated movies or above. Are they going to let parents have a choice when it comes to parental controls? What about non-parents?
That's my gripe with the age verification systems I've seen, there is no room for parental choice and no consideration for people that are adults and don't have kids using their computer.
I think the part that's the issue is the one where they mandate age verification. They're going to try that either way, the worst thing this could do is get people accustomed to the idea, but in practice the operating system they use already asked their age.
If (big if) governments really wanted to help parents and children in any meaningful way, they would ban the actual hardware used to give constant access to these platforms.
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
Interesting that no one is talking about identity verification likely coming anyway. I’m working on clawchrome.com, a real browser for agents. It can access any website because it’s the real browser.
I sure hope agents don’t swarm social media. But at the same time I think identity verification companies have a tougher problem, ai can produce real looking videos and documents. There’s probably no real way to verify someone purely through the internet at this point.
There are many usecases for agents having access to a real browser and many usecases for humans where work wise it's useful or for agent success in completing the task. Including any specific situations where sites may block "controlled" browsers, as well as co-working.
If an agent is controlling your own browser, it can get in the way of you being able to do work as well.
Additional security control, if you have control and audit trails regarding what the agent is doing, think things like not having access to the keys, cookies are unavailable through the api, certain sites blocked, especially for agents that run automated background tasks.
There's a ton of reasons really. Using stealth chromium forks can decrease security, potentially get you blocked from services/sites, and typically can be detected easily because Google is doing a lot more than just compiling Chromium to release Google Chrome now. That's why many of the stealth browsers out there are moving targets, and have tons of instances of being blocked.
So, if I as a website author would like to block the LLMs scarping my content or putting extra load and cost on my infrastructure, your project helps the actors who don't respect my decision and don't give a shit about consent to circumvent that?
> While the rest of the world is moving forward with identity verification plans, the EU has presented its own privacy-focused approach to age verification. In April 2026, Ursula von der Leyen, President of the European Commission, unveiled an age verification app with “the highest privacy standards in the world” and the presentation materials describe the app as “completely anonymous.”
I’m just afraid that membership countries will be too dumb to understand the difference, and for the population worldwide to be able to comprehend that it’s even possible. To be honest, ZK crypto is one hell of a party trick. Compared to tech where the premise is “we put a picture of your passport in a box, and when people want to know, we look and confirm.”
You mean the EU's fake snake oil zero-knowledge approach.
They've standardized two systems under the banner of "zero knowledge". One is actually zero knowledge. The other is trust-me snake oil. Guess which one is getting deployment.
ZKP is definitely a good idea, definitely more open for this kind of age verification than anything else.
And I don't buy the argument of "closing internet", social networks are a proprietary service and if you don't want to obey with the regulations, create your own website and post things there if you want. However you have to provide your identity to the domain name registry or to the intermediary. Also other services require you to verify your age or even provide your identity, this is just another one that comes way too late.
It is closing Internet. The same companies that produced the ills of social media are now pushing for a non-remedy (that doesn't prevent kids, and doesn't solve the problems they created) that only benefit them and not society. It's just like tobacco: it's toxic and probably overall should be banned because it does not benefit society (or anybody except tobacco executives). Do we make a mandatory nation-wide electronic log of whoever buys tobacco in the name of age verification?
Our ancestors here in France literally fought the nazis so you don't have to have a nazi-approved « Ausweis » to go wherever suits you. We would be well inspired to follow their example.
Whilst getting excited about 'loss of freedom' the reason these companies are getting forced into this is because they've become so large, fundamentally evil and untrustworthy that we can't regulate them in to doing better so we have to ban susceptible citizens from consuming their output. See tobacco, alcohol, porn, cannabis, driving licences for other examples. /s
Age verification is fine, at least in theory. It’s the implementations that are bad.
More and more people agree that kids shouldn’t be on modern social media, including me. But most people also agree that mass surveillance is dangerous. The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
Better parental controls, more parental education, and site-specific age verification (Facebook etc. can require whatever PII they want to use their service) backed by incentives (whitelisting in parental controls, promoted as a “safe site” in parental education). Are these enough? Maybe not, but maybe mandatory ID and blocking VPNs aren’t enough as evidenced by people bypassing them. These (first three) are progress, that don’t yet require mass surveillance, and we can first see how effective they are then go from there.
I wish people wouldn’t say “age verification is bad”, it’s like “anti-work” and “defund the police”.
No, age-verification IS bad and is a slippery slope that will always lead to surveillance. If we don't stop this now everything will get worse. And trying to lump this in with other extreme rhetoric doesn't help. The answer is and always was "better parenting".
And in addition to that, it is the role of the parents to be having the say in what their kids should and shouldn't be doing. As far as I am concerned most governments stick their collective noses in where they are not required. And, yeah, I do agree that kids shouldn't be on social media. Having sid that, even some adults shouldn't be on social media...
> it is the role of the parents to be having the say in what their kids should and shouldn't be doing
The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle. So yes, I do agree that parents must talk to their children and explain what social media can lead to, including the dangers of internet predators and so on. But no, I don't agree that parental control is a general solution that will work for all kids out there. It never has.
<The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle>
Very true & having 6 kids of my own, I know that only too well. I still don't like the idea of Mr Government trying to tell me how to raise my family. Here in Australia the government seems to like that a lot...
Governments are required to enforce that devices must give the choices to parents though, right? Otherwise devices won't give the choices to parents because it's more profitable if you don't.
How is that the answer when even parents don't have the right tools for this. are parents supposed to surveil their kids 24/7 and monitor their internet traffic?
Why is the internet special, do you also believe physical stores shouldn't check for ID for cigarettes and alcohol, because the solution is better parenting?
in real life people can see you and determine your age at a rough estimate and be able to tell if you're an adult or not. Do you support having to turn on your webcam and show your face in real time then, to talk to strangers on the internet? many age verification sites are doing just that.
So? Not all reactionary (if you mean "conservative") takes are bad. Sometimes they're better than the alternative: accepting bad parenting as some default and working around it with technological restrictions.
"Reactionary"'s origins as far are pure political DARVO and gaslighting anyway. It originated in the French revolution and basically declared "You are morally wrong for being horrified at my horrific and evil actions." That origin tainted the term for me personally.
The actual modern reactionary meaning of "referrant to a mythical past as a standard" always felt like it deserved a better term. But nobody would get what you were saying if you called them a "fairytaleland resident" or similar.
HN is filled with people who are on the other side of an "internet best practices" information divide.
For everyone else, the internet is already a shit show and a half. They want control, because it means putting a stop to being predated upon, or more nihilistically, harming the firms that are harming them.
I don't know how to let other commenters see how bad it is, or make the gulf in view points clear.
Giving up control is always a mistake - they never do what they promised and you never get back the control. There is never a refutation to this fac: just a childish "But I want it!".
Everything good is a slippery slope: every step in the right direction is bad if you overshoot. Maybe age verification isn’t needed, and educating parents is important; but without more, they’d have to be ultra-helicopter parents to stop their kids from accessing social media.
At minimum, parents need other parents in their local community to be educated; and better parental controls, so they can give their kid a phone and computer (for good reasons like safety and education) that won’t let them access social media (even unintentionally, some parental controls are that bad). Both can be done without laws, only social pressure and at least the potential for new (locked-down) devices.
(In theory, kids should also be prevented from buying unlocked devices, like drugs and alcohol. And showing the local cashier your ID to buy a generic device (whose packaging is indistinguishable from other device packing, so it can’t be traced to you afterward) is technically a form of age verification. But in practice this may not be necessary, because hardware is too expensive for most kids.)
I don't believe children should be on social media. Some other people might not share that belief. Should be up to parents to decide what's okay for their kids, not governments or companies.
Age verification will always lead to more surveillance. People need to just be more mindful of what their children are doing online, maybe stop giving them smartphones, and just be parents.
I think you’re missing that this abdication of personal freedoms to the government in the form of government imposed restrictions on cigarette and alcohol sales is precisely how we’ve gotten to this point over time; arguably following a planned strategy. People who normalized prior subordination to government in the case like cigarettes, alcohol and other things; are now already even more primed to abdicate even more freedom to mommy and daddy government than the prior generation.
It seems clear to me that America is heading into an extremely repressive system where even the nominal use of America may just end up falling by the wayside within the lifetimes of some people alive today. Functionally speaking the, notional or spiritual death of America happened a very long time ago, probably 1840 but obviously no later than the outcome of the Civil War which turned a decentralized union of federated states that formed a republic, into a centralized dictatorial federal power and later the groundwork for becoming the empire we are only 55-80 years after the Civil War, depending on how you want to look at it.
I think people forget that there would have been people who experienced the Civil War that destroyed the central premise of the Constitution, that sovereign states join in a Union to cooperate, and the formation of the Empire of America by no later than the end of WWII.
Those things never happen abruptly, they happen in following a long strategic plan based on objectives not timelines. Part of such a plan is causing ever increasing dependence, deference, and subjugation to government, which is really just someone else’s control over you, the people who make up the “government”, instead of your own control over you. Part of that is giving the impression that money and daddy government will take care of the children, as a tool to psychologically manipulate people by hijacking their instinctual care and concern for protecting children.
It’s why and how they’re more pushing age verification, not ban for minors with similar criminal penalties for anyone who allows minors on the internet/social media. No, you as an adult need to confirm and tie your identity to the digital fingerprint that is tied to all the data that was and is collected about your activity over the last 20+ years … to protect the children of course.
It’s why some people refer to the majority of humans as cattle. You just have to herd them around and they moo and then start fattening up on corn instead of grass, just like the last generation did before they were harvested.
We don't let kids turn up to school drunk because they went to the cornershop on the way to school. I guarantee that would be happening if alcohol sales were not age gated and enforced by the government.
In the same way kids should not be infecting their minds with social media slop, or porn, or plenty of other internet content.
The only way this is stopped is when a social norm is created which shames all but the most negligent parents into compliance.
At the moment the absent and bad parents have all the power. Their kids scroll all night for memes, injest YouTube brainrot and turn up at school disruptive. Kids with responsible parents either want to that as well, or can't escape it.
Surveillance from age gates is a red herring. That horse bolted long ago. You are surveilled already by tech bros when voluntarily logging in, or by making yourself stand out a mile by using a VPN and a uncommon browser setup. This data gets handed to your government on request.
Having an anonymous VPN won't stop the tech bros or an authoritarian government forming, or bring one down.
People taking part in their existing democracy and maintaining the foundation of that is the best course of action. Raising a generation of kids not addicted to internet brainrot is a key part of this.
So maybe there should be better education for parents. Maybe there's other solutions. I can't accept that the nanny state parenting our children for us is the way to go. If people are being negligent of keeping their children safe, maybe they should face consequences for that. The point is, the parents should be solely responsible for deciding what's appropriate for their children, and if they don't have the resources maybe that's something that should be addressed, or if they're not doing their job that should be addressed, but age verification just ain't it.
I don’t think social media is intrinsically bad, just the toxic popular social medias. Did kids in the 1990s with access to internet forums have stunted social development?
> More and more people agree that kids shouldn’t be on modern social media, including me.
Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do? You and the "more and more" people who agree with you are cordially invited to fuck off.
> The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
The solution is for you to get over your bullshit, not to chase impossible pipe dreams.
That's what was in the California bill that we all complained about until Linux got an exemption. We called it an age verification bill even though it has nothing to do with age verification, and was all about making sure every OS has a parental controls feature.
I think the solution would be to make the business model of surveillance capitalism unfeasible. If algorithmic social media would be prohibited from offering their services for free, it would solve most of the problems the age verification laws are trying to achieve. Kids would basically disappear if their parents are not paying for them. Most parents would disappear too in fact, which would be good for everyone's mental health. And it wouldn't remove choice. You can still choose to use use Facebook or TikTok, if you subscribe and pay. It would basically act like a slop tax.
Can someone help me understand? Why is it not enough to just be able to manually set an age on local OS user account. If unset assume adult. If set applications can use it to verify age. Require admin permissions to change. All responsibility on parents to restrict admin and set the age. No data collection. No responsibility for services beyond a simple check. It seems like an incredibly simple solution with very little compromise on either side that gets everyone 95% of their stated goals.
EDIT: Oh it seems like that’s what the CA bill does? Seems good to me. I have zero problem with age restriction if age verification goes no further than mom buys kid iPhone enters birthdate, Instagram asks phone is user 18.
The compromise is that it is either really easy to work around, effectively defeating what it is trying to do, or it becomes tightly locked down to trusted devices only, destroying the free internet.
A full answer is somewhat dependent on specific implementation details, but the simplest approach is much like the simplest way to acquire alcohol or other age-restricted product as a child: Ask someone else to act as an intermediary. Get another computer that identifies as an adult, and that isn't concerned about your age, to send the data to you.
And maybe that's a healthy way to think about it. That it doesn't matter if kids find it easy to work around. There is no child who hasn't been able to get their hands on alcohol when they want it, but perhaps the infinitesimally small amount of friction leaves many to second guess their choices? Then again, from what I see out there, just rationally explaining why alcohol might have negative consequences is enough to see that second guessing. Alcohol consumption amongst the youth has completely plummeted now that we no longer treat it as some magical taboo thing and finally started talking honestly about it. The same pattern has been observed over and over in other things with undesirable consequences for children.
Yeah there’s no getting around that kind of thing. My parents would unplug the router at night and take the power cable so i found another device in the house with the same cable and plugged it in. But my sister never did that so at least it worked for half of us.
I’m all for sane best efforts for restricting children’s access to mind warping materials online if the consequences on the overall internet are minimal which I think this does. I’m not on board with killing the internet as we know it to get from 80% of children off social media to 90%.
The problem with social media and to a lesser extent porn is addiction. If a kid had to go to a friend’s house or sneak on to their parents computer to scroll tiktok that’s already a huge step in a healthy direction.
Is it? Only around 10% of the population will develop an addiction (of any kind). About the same rate as the population who live chronic sedentary lifestyles, which comes with equally (or maybe even worse) health and social consequences. Where is the regulation that forces you to prove you are of a certain age to sit on the couch?
This seems like a lot of effort for something that impacts such a relatively small group of people — a group of people (in size) that we otherwise don't normally care about one bit. 10% of the population is marginalized time and time again. What's special about this particular case?
That is when the conspiracies start popping up, because a lot of people agree with you, me included.
However, you cannot make parents actually use such systems, so ignoring the obvious control this gives nation states, giving states this power might help the children of those irresponsible parents, which is the only real argument I have heard, since the effects of it are the same if the child simply had responsible parents.
Well it’s not even necessarily irresponsible parents, good luck keeping your child from going anywhere you don’t want them to go if you have internet enabled devices in your house.
In my mind you have states mandate that adult content (porn, gore) and social media services are legally required to check for the age from the OS. No other sites need to do anything. No data collection or ID verification anywhere. All responsibility on parents.
I would imagine for the zealots out there its worth it to go further and destroy the entire internet to prevent a single 14 year old from jerking it to a tiddy. And then of course the advertisers want device attestation. At least it seems California is picking a sensible middle ground.
I wonder (and don't hear anyone talking about it) if kids can't upload on social media and "publishing" platforms. Can they still host a website?
I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?
Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.
> Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
Today I cannot get a VPS without verifying my identity. Can you?
> I feel like most politicians and people don't understand privacy and the impact of breaking it.
I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".
Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.
> Today I cannot get a VPS without verifying my identity. Can you?
I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).
I meant more without scanning an actual ID or face.
> I feel like it doesn't start like this.
Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.
I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.
That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.
The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.
I do believe that there exist ZKPs, but then it raises more questions, like:
- Do we ban VPNs? I don't think we should.
- What happens if the ZKP doesn't work? It's not okay to fall back to identity verification, but then does that mean that the services are blocked if the ZKP infrastructure doesn't work?
I don't have any answers or strong opinions yet, but I feel like the legal/societal conversation should focus on "actions taken via XYZ" rather than "technology underlying XYZ". Similar to how GDPR, etc. cover actions like collection/storage of personal information, not specific technologies like cookies (despite what many believe!).
In particular, your examples bring these things to mind, which might be worth considering alongside:
- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.
- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.
- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.
- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?
- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.
- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!
I've said this before and I'll say it again. Just like radio was the wild west back when it first started, the internet is so today and eventually it will be licensed and regulated in the same way.
i think in most cases sites like HN for example would be exempt due to not having enough users.
The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.
When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.
A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.
Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.
You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.
Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.
There is no bona fide desire to solve the problem by the social media companies which are profiting from our kids. As a parent, I can never find the option to enable parental controls on apps like YouTube (especially on TV). This option is easy enough to implement locally without requiring any accounts or OS-level age support. However, clearly the goal is not to protect the children but to enable mass scale surveillance and profit from it.
Even when I manage to enable parental controls by using a dedicated app or account (what nonsense is it that I need to create an account to restrict access!!!) the content being served is dubiously appropriate for the age group, aside from having no value whatsoever other than the intended goal of perpetuating addiction.
As a parent, what I find effective are content rating systems, be it for movies, games or apps, along with the ability to control and fine-tune them.
For example, with Apple's parental controls, I can blanket-decline access to Social Media apps, or to apps recommended for a specific age or older, and I can also allow exceptions as I see it fit (for example, my kids have no access to WhatsApp but they are allowed to use Signal, both have the same age recommendations)
This moves the responsibility for age verification to me, the parent, and provides me with suitable tools to monitor this. With this, there is no need for my kid or me to upload sensitive data or go through some bad age verification implementation.
Websites are more difficult to control, but not impossible.
Long story short - improve tooling for parents that allow more centralized control instead of mandating social media to do the age verification on their end.
As a parent of teenagers, I feel like the sites make it hard for parents.
When they were young, you had a choice between YouTube being completely locked down with no option to whitelist channels or letting them watch almost anything (although I think this has changed since but it's too late now for those of us with children that age).
Now, there is no way I can whitelist contact/groups on WhatsApp or Discord servers/friends. Once they hit 13, pretty much any option to restrict anything feels taken away from you as a parent.
Luckily, I have sensible children (I think!) but it's really hard as a parent trying to both be reasonably responsible, but not deny all technology, it's really hard to navigate a sensible course.
> consequence of introducing identity verification is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media.
on which major social media networks can you post anonymously today? HN is a rare bird in that regard.
None of the social media networks my teens are bugging me to sign up for (IG, TT, Snapchat, etc.) have anonymous registration.
palata | 17 hours ago
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
userbinator | 16 hours ago
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
benfortuna | 16 hours ago
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
esseph | 16 hours ago
There absolutely is you're just not aware of it.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
palata | 7 hours ago
Can you show here that you understand how privacy-preserving age verification works?
I mean the rest of your message really, really sounds like you don't. Don't get me wrong: I do agree that identity verification is bad. But it is not okay to say "I know of a system that is bad, and I don't know the nuances of how it could be implemented in a better way, so I will just assume that there is no better way".
homeonthemtn | 16 hours ago
palata | 7 hours ago
Democracy is not "they" vs "us". Democracy is not "opposition has to be absolute". What you describe here is extremism. If you believe that anyone disagreeing with you is an extremist and that the only viable way to react is to be an extremist yourself, well... you are the extremist. Whether you are fighting extremists or not (this "they" you conveniently do not define) is unclear, though.
Hizonner | 3 hours ago
Avicebron | 16 hours ago
ElProlactin | 16 hours ago
Xorakios | 15 hours ago
AuthAuth | 13 hours ago
watwut | 8 hours ago
I actually can. For real. I can not get job or housing anonymously, but overwhelming majority of my real life interactions are anonymous.
Mezzie | 2 hours ago
(Now I am old, so it's different.)
It was very freeing to be able to talk about my interests (e.g. space, web development, and video game modding) without being subjected to the bullshit that people brought to the table if they saw me.
palata | 7 hours ago
I shouldn't have to show an ID to buy a newspaper or to load the website of a newspaper. On the other end of the spectrum, I should not be allowed to buy a gun without showing an ID (and all sorts of other constraints).
Somewhere in the middle, I understand that we don't want to expose 8 year old kids to pornography, but I don't think that one has to wait to be 18 or 21 to be allowed to access it. Same for social media. Where and how exactly we set the limit is a societal choice to make.
I also believe that "living in a democracy" doesn't mean that "everybody agrees with me, always". Many times I am in the minority. What matters is that people are informed. Telling them that if they disagree with you they are either bad parents or fascists isn't constructive, IMHO.
JohnMakin | 16 hours ago
palata | 7 hours ago
If you think that privacy-preserving age verification is the most authoritarian way to tackle this problem, then you really, really don't understand authoritarianism.
Now if you have tons of better and practical solutions to tackle this problem, I would suggest you start writing about them. I haven't read a lot about those solutions (other than "just ask someone who is not me to do it"), what I hear is mostly people yelling that only bad parents and fascists disagree with them.
Nasrudith | 3 hours ago
palata | 3 hours ago
JohnMakin | 2 hours ago
I did. the burden isn’t on me to explain it to you, comrade. maybe you could start by actually addressing what I wrote. Or are you now expecting me to draft up a legislation draft before you’ll address my post? These types are always the same.
palata | 2 hours ago
I am confused. Did you? Do you mean this:
> [the solution] is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech
Pretty sure it has been tried in some countries, and the solution that those companies were happy to implement was... identity verification. There was a drama about Discord doing this, recently.
> Or are you now expecting me to draft up a legislation draft
Not at all. Just give me the name of a viable solution, so that I can search for it. It doesn't take a full day to write something like "privacy-preserving age verification", does it? I can't easily search for "JohnMakin says there are many good solutions, which ones are they?".
mhurron | 16 hours ago
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
palata | 7 hours ago
That's the thing: it's not trivial to know what is possible and what is not. If you look at the messages in HN, many (most?) messages about privacy-preserving age verification are (at least partially) wrong. Tech-savvy people clearly do not understand the technology in details, and somehow they assume that normies do understand and are simply fascists or lazy.
It is my opinion that telling a normal person that they are a bad parent (or a fascist) because you disagree with them is probably not the best way to convince them.
I believe in democracy, which means that I don't call everyone disagreeing with me a fascist. In a democracy, if most of the population wants privacy-preserving age verification and I don't, then I am in the minority and must accept it. My role as a tech-savvy person is to help "normies" understand what it implies. Again, not to tell them that they must be fascists if they disagree with me.
QuadmasterXLII | 16 hours ago
benfortuna | 16 hours ago
cdrnsf | 16 hours ago
palata | 7 hours ago
palata | 7 hours ago
I have a simple example: when all the kids have a smartphone, it is very hard to tell your kid that they cannot have one. When all the kids have a shared culture built around social media, it is very hard to tell yours to not conform. "It's okay my son, you don't need friends. Anyway the parents of all those kids are bad parents".
I don't have children, but it doesn't sound completely weird that parents may say "we should prevent most kids from accessing social media, so that my kid wouldn't be the weirdo if I don't let them have access".
QuadmasterXLII | 4 hours ago
idiotsecant | 16 hours ago
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
palata | 7 hours ago
You (and many others) frame it as "the government versus the people". I think this is extremely naive.
Many, many, many parents are in favour of preventing social media access to kid, assuming it is done in a reasonable way. For instance, having a police officer follow every kid everywhere they go 24/7 is not a reasonable way, and everybody agrees on that. Now what if there was a reasonable way?
Ask yourself this: do you believe that privacy-preserving age verification is not a reasonable way, or do you know it? In order to know it, you have to understand how the cryptography works at some reasonable level. Do you? Most comments I read online come from people who believe and then repeat arguments they have read that confirm their beliefs.
I was noting that the Mullvad article actually addresses ZKP (which is good and a very rare thing), but that I found it was a bit evasive in a way that feels slightly manipulative to me (probably not on purpose).
roenxi | 7 hours ago
It is worth recalling that "authoritarian" is a relatively neutral label for a political philosophy (like "liberal", "democrat", "capitalist" or "socialist"). It isn't that people are name calling, it is that authoritarian policies - like this one - consistently cause more harm than good. The label is basically a slur at this point because the disasters that the authoritarians trigger often veer into being massive and appalling spectacles. People tend not to be very evidence-based, so the people who lean authoritarian tend to try and rebrand to avoid being tarred with their philosophy's consistent failures, but it is still authoritarianism.
But the productive path forward isn't to try and be nice to the authoritarians and accommodate them with the rebranding. It is to adopt liberal policies. Like letting people read and comment anonymously on the internet.
palata | 7 hours ago
I don't think that we would call "authoritarian" someone who would ask for, say, guns control. Or at least we wouldn't call "authoritarian" someone who is in favour of having more than 0 law, would we?
You are being manipulative by saying "If you want a law that I don't want, then you are an authoritarian. I mean no offence, it is just what you are". But reality is a lot more nuanced than that.
The vast majority of people who are in favour of age verification are not authoritarians. They really just consider "should kids have access to social media? Not until they are old enough". Whether or not it is technically possible is outside their knowledge. And the fact is that for age verification, there are technical solutions that are privacy-preserving (unlike e.g. ChatControl which is fundamentally building surveillance infrastructure).
And even for ChatControl: people who say "I would be in favour of a magic backdoor that would only work for the well-intentioned good guys" wouldn't count as "authoritarians", would they? It just so happens that there is no such thing as a magic backdoor, so they cannot have what they want.
roenxi | 5 hours ago
There are a couple that aren't against it, but to actually implement age controls in the way they are being bought in you basically need to be an authoritarian. Otherwise, you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them. There are alternatives here that are less authoritarian. Policy makers and the people supporting them don't want to use those approaches, because they support taking a more authoritarian approach.
These policies, in practice, are literally authoritarian policy. It isn't the most extreme form of it, but it isn't authoritarianism because I don't like it. I don't like it because, objectively, this is authoritarianism and authoritarianism tends not to work. Otherwise all the research I've seen suggests that kids shouldn't be using social media. If this wasn't likely to take out huge chunks of the healthy political dialog on the way it'd probably be tolerable.
If it is manipulation to point out that this is part of a class of strategies that have a history of horrible failures, then you have a very confused understanding of what manipulation is. This is an absolutely classic authoritarian "we can't just let people talk to each other however they like without the authorities being involved" play.
palata | 4 hours ago
I don't see how this sentence can make any sense at all in the context of ZKPs. Can you elaborate?
> you'd be persuaded by arguments like Mullvad's that the social media companies already know how old their users are and don't need a centralised authority to tell them
How do the social media companies already know? Because they track everything? But if they ban kids, they don't track them anymore, do they? Or are you saying that social media companies should be able to track everybody everywhere, such that they can profile them and ban them from accessing social media?
> I don't like it because, objectively, this is authoritarianism
You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
roenxi | 4 hours ago
The reason people are getting called authoritarian is because ZKP proofs are a massive and obvious improvement on what is actually being implemented. Can you point to anywhere that has implemented ZKPs? The linked article suggests that is quite hard to do.
I wouldn't be using an American IP right know if my local age verification laws required ZKPs.
> How do the social media companies already know?
They ask you your age when people sign up. That's good enough for me - I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
> You would have to explain that. The government provides a service that allows you to prove that you are old enough without the government learning anything from you and without the service learning anything other than the fact that you are old enough, and you call that "objectively authoritarianism"?
I haven't seen anyone complaining about that. Sounds like a non-issue. Why would anyone over the age of around 18 care? You should consider reading the linked article if you don't understand what the complaints people are making are. The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
Mullvad isn't writing this blog post because of the huge numbers of 12-16 year olds shelling out cash to them. It is because the authoritarians are making a play to destroy a sizeable chunk of the open web with a likely follow up of cracking down on free speech.
palata | 2 hours ago
The EU initiative explicitly mentions ZKP: https://ageverification.dev/.
> The linked article suggests that is quite hard to do.
It's technical, just like getting E2EE right. Doesn't mean it's hard to use, as proven by the fact that billions of people use E2EE in WhatsApp and Signal without even realising it.
> I'm not an authoritarian. I'm not out to create a watertight way to stop people communicating if they want to.
You seem to have a Manichaean view of the world. There is room for nuance between "let kids lie by clicking 'yes'" and identity verification.
> You should consider reading the linked article
Did you read it? There is a whole section that is titled "The Zero-Knowledge Proof alternative and the EU".
> The reason you don't see any authoritarianism is you haven't actually looked at how the schemes are being implemented.
I actually have. Have you? Seems like you haven't read the article. Mullvad is complaining about the fact that the app seems to support both ZKP and identity verification, and they criticise the infrastructure enabling identity verification. And then some more "slippery slope" arguments that are worth what they are worth (with the same kind of reasoning, we shouldn't have gun control, because the next step is to control everything, right?).
> Mullvad isn't writing this blog post because
Mullvad sells some kind of privacy (as much as a VPN can offer), and here they share their opinion about age verification. With which I mostly agree: the only viable age verification implementation is through ZKP. I tend to disagree with the slippery slope argument, and that "the government abuses everything they can". If you think like that, doesn't that make you an anarchist?
Animats | 16 hours ago
- You have to have an approved browser.
- It has to be installed on an approved platform, Google or Apple, for which you have a valid account.
- You have to have an account on the posting platform.
- You have to get past moderation on the posting platform.
That's without age verification.
tmpz22 | 16 hours ago
ElProlactin | 16 hours ago
dd8601fn | 10 hours ago
Cider9986 | 16 hours ago
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
simulator5g | 16 hours ago
Cthulhu_ | 9 hours ago
drivebyhooting | 15 hours ago
IAmGraydon | 14 hours ago
iririririr | 14 hours ago
rockskon | 10 hours ago
iririririr | an hour ago
all banks contract with fly-by-night faceid providers who have zero oversight or provide no governance info anywhere.
rockskon | 46 minutes ago
Maybe we'll get there eventually? But you should be more wary about making such absolute claims.
drivebyhooting | 13 hours ago
But to get the money out? Oh no! We need a picture of your face! And there’s no option for going in person.
ethmarks | 13 hours ago
Unauthorized deposits aren't nearly as much of a concern as unauthorized withdrawals, right? I'd imagine that there are far fewer malicious actors that try to deposit money into random bank accounts than there are ones that try to withdraw money from random bank accounts.
> And there’s no option for going in person.
Won't an in-person bank also take pictures of you via security cameras? I don't really understand your objection here, could you elaborate?
drivebyhooting | 11 hours ago
It seems like all expectation of privacy and anonymity evaporated in the last 5 years.
rockskon | 10 hours ago
It is all but guaranteed for Internet-based facial recognition services.
Hacked facial recognition data already is reportedly being used by scammers to not only bypass bank security but also to impersonate people to target their loved ones.
There is no lasting security gain by providing a selfie. There is a lasting security and privacy loss, however.
SiempreViernes | 5 hours ago
bluefirebrand | 4 hours ago
rockskon | an hour ago
Even back in 2014, malware was coming out that steals facial recognition data directly from smart phones themselves.
https://www.theregister.com/security/2024/02/15/stolen-ios-u...
The GDPR isn't a silver bullet.
Additionally - furtherance of facial recognition technology would impact travelling to foreign jurisdictions.
One of the most common ways foreign travellers get flagged when travelling internationally is for social media posts made under their own name that their destination country's government may not like. Traditionally if you've kept yourself pseudo-anonymous, you've largely been safe. But if we get to a point where pseudo-anonymous accounts are associated with pictures of people's faces, it will become significantly less pleasant to travel internationally for a lot more people.
kelseyfrog | 12 hours ago
jpc0 | 12 hours ago
Having just gone through the annual KYC checks required by my bank/s I don't think this opinion stands universally.
Can also confirm to open an account I need to provide a live selfie and verifiable government ID.
rockskon | 10 hours ago
roysting | 8 hours ago
rockskon | an hour ago
As always, the goal in convincing others is to take someone from their current understanding and bring them closer to yours. You can't get there if you don't start the topic at their current understanding of it.
GeoAtreides | 8 hours ago
WHAT? No KYC? what are those banks?! I have friends in South America who would pay really good money (cash) to know
Cthulhu_ | 9 hours ago
Who aren't flawless of course, but selfies have been easily circumvented with photos or video game cameras.
Hell, at one point we had to implement age verification for a Japanese tobacco product website via a 3rd party vendor, I just used the wiki page's picture of a Japanese ID to test it, worked fine.
megous | 4 hours ago
KellyCriterion | 10 hours ago
LazyGooze | 8 hours ago
TheOtherHobbes | 8 hours ago
I also know people who created accounts from scratch without needing a selfie while connecting exclusively through a VPN. (Only some VPNs, work apparently.)
Supposedly FB uses device ID tracking, so if you're picked for selfie ID on a device and try to create an alt, you'll be selfie-ID'd again.
Using a different browser on desktop solves the problem for desktop but not for mobile.
And so on. Basically it's doable, sometimes. And sometimes it isn't.
tencentshill | 2 hours ago
iririririr | 14 hours ago
throwawayk7h | 13 hours ago
Animats | 10 hours ago
hsbauauvhabzb | 9 hours ago
Fuck you google for ever thinking infinite captchas are acceptable.
subscribed | 7 hours ago
tardedmeme | 3 hours ago
gorgoiler | 13 hours ago
kakacik | 9 hours ago
maccard | 9 hours ago
Symbiote | 7 hours ago
It turns out close contacts of some of my colleagues have been asked to show their Facebook accounts at the US border. There was a recent rule change about it.
no-name-here | 9 hours ago
nicce | 7 hours ago
This got extended to every traveler, visa or not.
damnesian | 52 minutes ago
armchairhacker | 8 hours ago
Fortunately on Hacker News, you still only need a username and password. And if spam is an issue, on lobste.rs you only need an invite.
somewhatgoated | 7 hours ago
I wonder though how it will affect places like 4chan. I don’t really know if it’s still as anonymous as it used to be but that’s like a cornerstone of their existence.
palata | 6 hours ago
tjpnz | 6 hours ago
thenthenthen | 6 hours ago
tardedmeme | 3 hours ago
wffurr | 3 hours ago
gizajob | 16 hours ago
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
inetknght | 14 hours ago
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
gizajob | 7 hours ago
SapporoChris | 16 hours ago
mylifeandtimes | 16 hours ago
I wonder if EU law could give every citizen a right to a google or Apple account, including a forced recovery option if the account is 'deactivated'?
If at some point such an account becomes essential to function in society, access to such an account becomes a legal mandate.
Avicebron | 16 hours ago
firecall | 16 hours ago
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
xdennis | 14 hours ago
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
verisimi | 13 hours ago
"EU laws", the EU in general is plainly the excuse that will carry the day - people seem to believe this 'good cop' rendition.
asjgGa6 | 16 hours ago
Maybe we need an alternative set of root servers for a free Internet.
dredmorbius | 16 hours ago
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
2001zhaozhao | 16 hours ago
which brings you right back to verification...
dredmorbius | 13 hours ago
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
cobertos | 13 hours ago
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
AuthAuth | 13 hours ago
dredmorbius | an hour ago
Aside from social dynamics, a chief issue is that if you're relying on this as a mechanism for content filtering, personal relations have low predictive value.
E.g., I may really like a person's content, but not their curation or referrals to other accounts. Conversely, I might not care for a person, but their recommendations may be excellent. More common might be the case that a given account produces little or no content of their own, but makes reliably predictable (either good or bad) recommendations, which would be useful for further filtering. Or the highly verbose individual who emits a constant stream of near-drek, but an occasional diamond.
Content production, content curation, and talent spotting are all distinct skills. Success or lack in any one says little about the others. This is where Bayesian indicators (including relationships and referrer / invite relations) would probably be more robust.
That said, tainting an entire invite tree is likely useful, with a caveat that if a particular invitee has an independent, untainted, relation, they might be worth following.
In practice what I've found most useful is to have a pretty tight primary list of follows, ~50 or fewer, and a slightly broader secondary list. Allow recommendations be default (that is, re-shares / boosts), but curtail those too if problematic. Be quite liberal in blocking / muting anything in the least bit annoying or problematic.
Or participate in a selective group with excellent moderation. HN isn't quite there, but it approaches this ideal more closely than any other major forum I'm aware of presently.
EarlKing | 13 hours ago
beej71 | 13 hours ago
tumult | 10 hours ago
1970-01-01 | 16 hours ago
smitty1e | 15 hours ago
Occasional communities may survive in a walled garden fashion.
Sorry, Tim Berners-Berners-Lee.
gorgoiler | 13 hours ago
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
NoMoreNicksLeft | 12 hours ago
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
Bender | 3 hours ago
The hardest part is the psychology. People think they have to be on the big platforms as that is where their friends and favorite streamers are. Willpower can bring back the old platforms onto the current fast internet. Critical and free thinking people can choose to ignore the big platforms if they wish. People can go to local stores to buy most things. There are arguments for and against all these points but I am choosing the aforementioned options and accepting the psychological challenges.
People can use old style self hosted platforms as a "fallback" and once people realize it is more private and they can speak freely amongst their friends it can get comfy real fast. Glowies are seething.
Some friends and I have private forums and chat servers. We talk shite all the time about Reddit threads yet none of us have Reddit accounts. We talk about HN threads, brain rot on Twitster and many other platforms free of censorship, free of voting brigades, people trying to force narratives, etc... Oh and most important, free of "AI".
tobadzistsini | 16 hours ago
carlosjobim | 15 hours ago
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
I know it's a tangent.
olyjohn | 13 hours ago
carlosjobim | 6 hours ago
And yes: Taking drugs or hanging out with people who take drugs is enough "kompromat" for a teen to then be extorted by drug dealers, because they don't want their parents to know.
Especially in countries where the law looks very lightly on extortion, looks very favourably on "young offenders", and is very lacking in empathy for young victims.
Not to mention: Do you think a 15 or 16 year old wants to go to the police and tell them that they are being used by drug dealers, when the first thing the police is going to do is also book the teen for drug use?
Drug dealing aren't just Mexican cartels or hood gangs, it's a network with branches into everywhere, and they need a constant supply of victims. Read some court proceedings from low-level drug cases, and you'll see how these criminals operate. It's not like TV.
hkon | 16 hours ago
the beginning of the freedom of every person to become a developer
NopIdoN | 16 hours ago
pizzly | 14 hours ago
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
hkon | an hour ago
CM30 | 5 hours ago
Alternatively, open source community software run by folks in a country that doesn't have any age verification laws/don't care less about them.
righthand | 14 hours ago
olyjohn | 13 hours ago
irusensei | 8 hours ago
Barrin92 | 16 hours ago
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
ranger_danger | 7 hours ago
I think there was a reasonable expectation of anonymity, at least relative to other users. In the past you could access facebook with a VPN/proxy (and for a brief time, even tor) and use any name you wanted. But with forced identity verification you lose that little bit of anonymity.
falkensmaize | 16 hours ago
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
dyauspitr | 16 hours ago
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
_heimdall | 15 hours ago
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
dyauspitr | 15 hours ago
imtringued | 6 hours ago
Specifically, daily personalized age verification by the specific app/website, not by a third party.
>The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you.
Well, the government has the right to request proof that the company in question is properly conducting the age verification process. This means that the companies performing age verification will keep your personally identifying information (PII) and maintain an association between your PII and your account/activity on the platform.
On a different note, the government has the right to gather evidence of criminal activity, where the definition of "criminal" is under their discretion and if there happens to be a convenient stash of information that can be linked to your person, that's just a happy coincidence.
enoeht | 16 hours ago
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
harshreality | 15 hours ago
xeonmc | 15 hours ago
cobertos | 13 hours ago
hdgvhicv | 10 hours ago
thefz | 9 hours ago
Cthulhu_ | 9 hours ago
* Buy one themselves
* Get / use a friend's
* Use public internet access points
* Need one for school
* Use the smart fridge / tv / gaming console / anything with a browser
* Access stuff in Minecraft, Roblox, etc
You can only stop it by going offline and raising them in a cabin in the woods, which is a whole other thing.
What you can do is give them The Talk, of course (but that only helps / prevents to a point, it's more to prepare them for what they may find or how they can identify problematic things). And the other is to push back as a community effort, with e.g. many schools banning kids from having phones in the first place.
trashb | 6 hours ago
Best is to assume they have access to it one way or another if they seek it. The discussion should not be about banning vs allowing, it should be focused around how to deal with situations that arise regardless.
Education about the subject and why kids shouldn't seek access is quite effective, additionally they will be informed once they are allowed access. Think about how the last decades saw a sharp decline in smoking and alcohol consumption.
palata | 6 hours ago
One problem (there are others) is that it's not always possible (or easy) to not give your kid a smartphone, or access to social media.
Imagine that your kid doesn't have those and is having a hard time at school because all the other kids do have them. They have a whole culture based around those, and your kid is excluded from it. What do you do? Tell your kid that it's okay to wait 10 more years before hoping to not be excluded?
Cthulhu_ | 9 hours ago
And even then, what about social networks showing porn? Chat apps like Whatsapp and Discord having porn etc groups?
Any platform that accepts user-generated content, from Pinterest to Ebay to forums, etc can host it. And that's just what's on the public internet.
palata | 6 hours ago
Is it better to have TikTok AND friends, or no TikTok and no friends? Sure, the best is no TikTok and still have friends, but you can't always have it all.
j1elo | 4 hours ago
account42 | an hour ago
Cider9986 | 16 hours ago
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
apt-apt-apt-apt | 15 hours ago
Porn has always been around (national geographic, anyone), and parents can use screen time to limit access for their children if they want.
nomilk | 15 hours ago
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
lkramer | 8 hours ago
thin_carapace | 14 hours ago
neves | 15 hours ago
JumpCrisscross | 15 hours ago
_heimdall | 15 hours ago
duskdozer | 6 hours ago
Mezzie | 2 hours ago
If you're below 18, you deserve protection. Above 18? Good luck, babe.
I think one of the unintended consequences of age verification is going to be a whole host of unprepared 18 year olds getting full access to social media and getting absolutely one-shot by it. Think credit card sign ups on college campuses or predatory car dealerships near boot camps. There are going to be a lot more 18 year old boys gambling away their student loans and 18 year old girls signing up for OF, but it'll be fine, because they're 18! Not to mention they're going to be scam targets on the level of the elderly. And if you're exploited/scammed as an adult, it's your own fault.
Age verification/restriction without an educational component of some sort is just creating a future cohort of extremely vulnerable young adults for companies and bad actors to sink their teeth into.
SilverElfin | 15 hours ago
emodendroket | 15 hours ago
locusm | 15 hours ago
phantomathkg | 14 hours ago
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
MyMemoryfails | 13 hours ago
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
0x073 | 12 hours ago
8cvor6j844qw_d6 | 14 hours ago
Topology1 | 14 hours ago
Come on, do people seriously believe this will happen?
1vuio0pswjnm7 | 13 hours ago
The www became infested with so-called "tech" companies acting as intermediaries (middlemen)
Lots of folks making money from surveillance ad system on the www. Oversized, unmanageable websites calling themselves "platforms"
The www is an ad network. Not a great place for non-commercial activity
Fortunately, the internet is more than the www. The internet was not created to collect behavioral data and deliver advertising as its primary purpose
People pay for an internet subscription, not a www subscription (or now a "social media subscription")
thefz | 9 hours ago
s-zeng | 7 hours ago
hypersoar | 13 hours ago
I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
[0] https://media.reclaimthenet.org/docs/california-ab-1043-digi...
Gigachad | 12 hours ago
nodrog3000 | 12 hours ago
If you want to keep your kids safe get an OS that supports it?
Why is it the state’s responsibility?
Gigachad | 12 hours ago
If you are putting individual parents up against Meta, Google, etc, the big tech companies easily win. As we have seen already.
nocman | 11 hours ago
Those two things have absolutely nothing to do with one another. Something being easy to implement is completely unrelated to whether forcing its implementation is overreach.
kelseyfrog | 12 hours ago
idle_zealot | 12 hours ago
true_religion | 10 hours ago
kakacik | 9 hours ago
mhotchen | 6 hours ago
Maybe it doesn't work in this case, but I think you both make great points. Just feel like there must be a way of bridging this gap
bryan_w | 11 hours ago
godshatter | an hour ago
That's my gripe with the age verification systems I've seen, there is no room for parental choice and no consideration for people that are adults and don't have kids using their computer.
j45 | 12 hours ago
idle_zealot | 12 hours ago
ares623 | 11 hours ago
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
Nasrudith | 3 hours ago
gvkhna | 10 hours ago
I sure hope agents don’t swarm social media. But at the same time I think identity verification companies have a tougher problem, ai can produce real looking videos and documents. There’s probably no real way to verify someone purely through the internet at this point.
falsepositive44 | 8 hours ago
gvkhna | 6 hours ago
If an agent is controlling your own browser, it can get in the way of you being able to do work as well.
Additional security control, if you have control and audit trails regarding what the agent is doing, think things like not having access to the keys, cookies are unavailable through the api, certain sites blocked, especially for agents that run automated background tasks.
There's a ton of reasons really. Using stealth chromium forks can decrease security, potentially get you blocked from services/sites, and typically can be detected easily because Google is doing a lot more than just compiling Chromium to release Google Chrome now. That's why many of the stealth browsers out there are moving targets, and have tons of instances of being blocked.
falsepositive44 | 4 hours ago
sshine | 9 hours ago
All that you need to know is that I am above 18 years of age.
You don't need to know how old I am, what my birthday is, what state I was born in, my gender, or when my passport expires.
The downside with ZK cryptography is the complexity. Something would have to be insanely inconvenient to justify it.
alecco | 9 hours ago
swiftcoder | 9 hours ago
The last ~third of the article is about the EU's zero-knowledge approach
falsepositive44 | 8 hours ago
sshine | 6 hours ago
I’m just afraid that membership countries will be too dumb to understand the difference, and for the population worldwide to be able to comprehend that it’s even possible. To be honest, ZK crypto is one hell of a party trick. Compared to tech where the premise is “we put a picture of your passport in a box, and when people want to know, we look and confirm.”
Hizonner | 3 hours ago
They've standardized two systems under the banner of "zero knowledge". One is actually zero knowledge. The other is trust-me snake oil. Guess which one is getting deployment.
swiftcoder | 2 hours ago
secult | 9 hours ago
selfhoster1312 | 9 hours ago
Our ancestors here in France literally fought the nazis so you don't have to have a nazi-approved « Ausweis » to go wherever suits you. We would be well inspired to follow their example.
officialchicken | 9 hours ago
But don't teach them how to navigate the world and interact with both good and bad.
northernsausage | 9 hours ago
gaiagraphia | 8 hours ago
Instead, in 10 years I'll probably have to log in with an iris scan to check the (ai-powered) time, and pay for the privilege.
armchairhacker | 8 hours ago
More and more people agree that kids shouldn’t be on modern social media, including me. But most people also agree that mass surveillance is dangerous. The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
Better parental controls, more parental education, and site-specific age verification (Facebook etc. can require whatever PII they want to use their service) backed by incentives (whitelisting in parental controls, promoted as a “safe site” in parental education). Are these enough? Maybe not, but maybe mandatory ID and blocking VPNs aren’t enough as evidenced by people bypassing them. These (first three) are progress, that don’t yet require mass surveillance, and we can first see how effective they are then go from there.
I wish people wouldn’t say “age verification is bad”, it’s like “anti-work” and “defund the police”.
sunaookami | 6 hours ago
ian_holt | 6 hours ago
p2detar | 5 hours ago
The only effective tools parents have is to disallow or remove devices from their kids. It will work at the beginning but as they grow up it will become impossible, since at some point kids get influenced mostly by their friends' circle. So yes, I do agree that parents must talk to their children and explain what social media can lead to, including the dangers of internet predators and so on. But no, I don't agree that parental control is a general solution that will work for all kids out there. It never has.
ian_holt | 4 hours ago
Very true & having 6 kids of my own, I know that only too well. I still don't like the idea of Mr Government trying to tell me how to raise my family. Here in Australia the government seems to like that a lot...
pocksuppet | an hour ago
notepad0x90 | 5 hours ago
Why is the internet special, do you also believe physical stores shouldn't check for ID for cigarettes and alcohol, because the solution is better parenting?
jchw | 5 hours ago
SiempreViernes | 5 hours ago
notepad0x90 | an hour ago
RiverCrochet | 4 hours ago
notepad0x90 | an hour ago
jenscow | 5 hours ago
Rightfully blaming bad parents is reactionary
coldtea | 5 hours ago
So? Not all reactionary (if you mean "conservative") takes are bad. Sometimes they're better than the alternative: accepting bad parenting as some default and working around it with technological restrictions.
Nasrudith | 3 hours ago
The actual modern reactionary meaning of "referrant to a mythical past as a standard" always felt like it deserved a better term. But nobody would get what you were saying if you called them a "fairytaleland resident" or similar.
pocksuppet | an hour ago
intended | 5 hours ago
For everyone else, the internet is already a shit show and a half. They want control, because it means putting a stop to being predated upon, or more nihilistically, harming the firms that are harming them.
I don't know how to let other commenters see how bad it is, or make the gulf in view points clear.
Nasrudith | 3 hours ago
pocksuppet | an hour ago
armchairhacker | 4 hours ago
At minimum, parents need other parents in their local community to be educated; and better parental controls, so they can give their kid a phone and computer (for good reasons like safety and education) that won’t let them access social media (even unintentionally, some parental controls are that bad). Both can be done without laws, only social pressure and at least the potential for new (locked-down) devices.
(In theory, kids should also be prevented from buying unlocked devices, like drugs and alcohol. And showing the local cashier your ID to buy a generic device (whose packaging is indistinguishable from other device packing, so it can’t be traced to you afterward) is technically a form of age verification. But in practice this may not be necessary, because hardware is too expensive for most kids.)
insane_dreamer | 2 hours ago
Hugsbox | 5 hours ago
Age verification will always lead to more surveillance. People need to just be more mindful of what their children are doing online, maybe stop giving them smartphones, and just be parents.
lmz | 5 hours ago
roysting | 4 hours ago
It seems clear to me that America is heading into an extremely repressive system where even the nominal use of America may just end up falling by the wayside within the lifetimes of some people alive today. Functionally speaking the, notional or spiritual death of America happened a very long time ago, probably 1840 but obviously no later than the outcome of the Civil War which turned a decentralized union of federated states that formed a republic, into a centralized dictatorial federal power and later the groundwork for becoming the empire we are only 55-80 years after the Civil War, depending on how you want to look at it.
I think people forget that there would have been people who experienced the Civil War that destroyed the central premise of the Constitution, that sovereign states join in a Union to cooperate, and the formation of the Empire of America by no later than the end of WWII.
Those things never happen abruptly, they happen in following a long strategic plan based on objectives not timelines. Part of such a plan is causing ever increasing dependence, deference, and subjugation to government, which is really just someone else’s control over you, the people who make up the “government”, instead of your own control over you. Part of that is giving the impression that money and daddy government will take care of the children, as a tool to psychologically manipulate people by hijacking their instinctual care and concern for protecting children.
It’s why and how they’re more pushing age verification, not ban for minors with similar criminal penalties for anyone who allows minors on the internet/social media. No, you as an adult need to confirm and tie your identity to the digital fingerprint that is tied to all the data that was and is collected about your activity over the last 20+ years … to protect the children of course.
It’s why some people refer to the majority of humans as cattle. You just have to herd them around and they moo and then start fattening up on corn instead of grass, just like the last generation did before they were harvested.
squigz | 3 hours ago
phatfish | 5 hours ago
In the same way kids should not be infecting their minds with social media slop, or porn, or plenty of other internet content.
The only way this is stopped is when a social norm is created which shames all but the most negligent parents into compliance.
At the moment the absent and bad parents have all the power. Their kids scroll all night for memes, injest YouTube brainrot and turn up at school disruptive. Kids with responsible parents either want to that as well, or can't escape it.
Surveillance from age gates is a red herring. That horse bolted long ago. You are surveilled already by tech bros when voluntarily logging in, or by making yourself stand out a mile by using a VPN and a uncommon browser setup. This data gets handed to your government on request.
Having an anonymous VPN won't stop the tech bros or an authoritarian government forming, or bring one down.
People taking part in their existing democracy and maintaining the foundation of that is the best course of action. Raising a generation of kids not addicted to internet brainrot is a key part of this.
Hugsbox | 5 hours ago
armchairhacker | 4 hours ago
insane_dreamer | 2 hours ago
Hizonner | 3 hours ago
Has it occurred to you that nobody cares, or should care, about your opinions about what other people and other people's kids do? You and the "more and more" people who agree with you are cordially invited to fuck off.
> The solution is to propose ways to block kids from modern social media (that actually works) without mass surveillance.
The solution is for you to get over your bullshit, not to chase impossible pipe dreams.
y0eswddl | 2 hours ago
age verification is a cover for universal internet IDs. you'll never be able to go online and do anything anonymously again.
pocksuppet | an hour ago
falsepositive44 | 8 hours ago
davkan | 7 hours ago
EDIT: Oh it seems like that’s what the CA bill does? Seems good to me. I have zero problem with age restriction if age verification goes no further than mom buys kid iPhone enters birthdate, Instagram asks phone is user 18.
9rx | 7 hours ago
davkan | 7 hours ago
9rx | 7 hours ago
And maybe that's a healthy way to think about it. That it doesn't matter if kids find it easy to work around. There is no child who hasn't been able to get their hands on alcohol when they want it, but perhaps the infinitesimally small amount of friction leaves many to second guess their choices? Then again, from what I see out there, just rationally explaining why alcohol might have negative consequences is enough to see that second guessing. Alcohol consumption amongst the youth has completely plummeted now that we no longer treat it as some magical taboo thing and finally started talking honestly about it. The same pattern has been observed over and over in other things with undesirable consequences for children.
davkan | 6 hours ago
I’m all for sane best efforts for restricting children’s access to mind warping materials online if the consequences on the overall internet are minimal which I think this does. I’m not on board with killing the internet as we know it to get from 80% of children off social media to 90%.
The problem with social media and to a lesser extent porn is addiction. If a kid had to go to a friend’s house or sneak on to their parents computer to scroll tiktok that’s already a huge step in a healthy direction.
9rx | 6 hours ago
Is it? Only around 10% of the population will develop an addiction (of any kind). About the same rate as the population who live chronic sedentary lifestyles, which comes with equally (or maybe even worse) health and social consequences. Where is the regulation that forces you to prove you are of a certain age to sit on the couch?
This seems like a lot of effort for something that impacts such a relatively small group of people — a group of people (in size) that we otherwise don't normally care about one bit. 10% of the population is marginalized time and time again. What's special about this particular case?
Duralias | 7 hours ago
However, you cannot make parents actually use such systems, so ignoring the obvious control this gives nation states, giving states this power might help the children of those irresponsible parents, which is the only real argument I have heard, since the effects of it are the same if the child simply had responsible parents.
davkan | 7 hours ago
In my mind you have states mandate that adult content (porn, gore) and social media services are legally required to check for the age from the OS. No other sites need to do anything. No data collection or ID verification anywhere. All responsibility on parents.
I would imagine for the zealots out there its worth it to go further and destroy the entire internet to prevent a single 14 year old from jerking it to a tiddy. And then of course the advertisers want device attestation. At least it seems California is picking a sensible middle ground.
trashb | 7 hours ago
I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?
Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?
I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.
palata | 6 hours ago
Today I cannot get a VPS without verifying my identity. Can you?
> I feel like most politicians and people don't understand privacy and the impact of breaking it.
I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".
Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.
trashb | 6 hours ago
I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).
I meant more without scanning an actual ID or face.
> I feel like it doesn't start like this.
Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.
I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.
That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.
The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.
palata | 4 hours ago
I do believe that there exist ZKPs, but then it raises more questions, like:
- Do we ban VPNs? I don't think we should.
- What happens if the ZKP doesn't work? It's not okay to fall back to identity verification, but then does that mean that the services are blocked if the ZKP infrastructure doesn't work?
chriswarbo | 5 hours ago
In particular, your examples bring these things to mind, which might be worth considering alongside:
- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.
- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.
- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.
- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?
- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.
- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!
assimpleaspossi | 6 hours ago
IshKebab | 6 hours ago
It doesn't really help their case to parrot Musk-level misinformation...
https://www.pragencyone.co.uk/blog/elon-musk-misinformation-...
https://www.independent.co.uk/news/uk/home-news/wales-englan...
datagreed | 6 hours ago
notepad0x90 | 5 hours ago
The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.
When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.
A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.
Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.
You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.
Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.
elwebmaster | 5 hours ago
pflenker | 5 hours ago
For example, with Apple's parental controls, I can blanket-decline access to Social Media apps, or to apps recommended for a specific age or older, and I can also allow exceptions as I see it fit (for example, my kids have no access to WhatsApp but they are allowed to use Signal, both have the same age recommendations)
This moves the responsibility for age verification to me, the parent, and provides me with suitable tools to monitor this. With this, there is no need for my kid or me to upload sensitive data or go through some bad age verification implementation.
Websites are more difficult to control, but not impossible.
Long story short - improve tooling for parents that allow more centralized control instead of mandating social media to do the age verification on their end.
diebillionaires | 3 hours ago
jvvw | 3 hours ago
When they were young, you had a choice between YouTube being completely locked down with no option to whitelist channels or letting them watch almost anything (although I think this has changed since but it's too late now for those of us with children that age).
Now, there is no way I can whitelist contact/groups on WhatsApp or Discord servers/friends. Once they hit 13, pretty much any option to restrict anything feels taken away from you as a parent.
Luckily, I have sensible children (I think!) but it's really hard as a parent trying to both be reasonably responsible, but not deny all technology, it's really hard to navigate a sensible course.
insane_dreamer | 2 hours ago
on which major social media networks can you post anonymously today? HN is a rare bird in that regard.
None of the social media networks my teens are bugging me to sign up for (IG, TT, Snapchat, etc.) have anonymous registration.