I think there are many pros and cons to be said about age verification, but I think this method solves most problems this article supposes, if it is combined with other common practices in the EU such as deleting inactive accounts and such. These limitations are real, but tractable. IDs can be issued to younger teenagers, wallet infrastructure matures over time, and countries without strong identity systems primarily undermine their own age bans. Jurisdictions that accept facial estimation as sufficient verification are not taking enforcement seriously in the first place. The trap described in this article is a product of the current paradigm, not an inevitability.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".
Maybe worse, it encourages the push of personal computers to be more mobile like (the fact that we treat phones as different from computers is already a silly concept).
So when are we going to build a new internet? Anyone playing around with things like Reticulum? LoRA? Mesh networks?
I'm curious about the 'day after' scenario: what's the move if the state decides to regulate these into "illegality" because they bypass official channels? We have to remember that the devices aren't the problem... the real hurdle is the bureaucratic gatekeeping of communication. The problem are people, not devices.
So the answer is the same as any war: you make it too expensive to keep fighting. It's the same reason a bunch of barely trained people in the desert won a war against a force with far greater military power. It's the same reason a bunch of jungle people defeated the country that just won a world war. It's also the same reason a bunch of rednecks defeated the largest military in the world (at the time) and were able to create an even larger empire.
It's not hard to make them give up. It's going to be a cat and mouse game but it already is
[To the government Cornholio reading this and panicking because I mentioned a gun thing: no, I'm not threatening you.]
Just look at how ineffective governments are at stopping drugs. If people are motivated to smuggle things, they will. Is there going to be a booming black market in ESP32s? Probably not. But will motivated people manage to import them? Almost certainly.
To have a firearms permit here, I need a "Good Reason" - that's the language from the law verbatim. "I like guns" is not a Good Reason. In that vein, what would be your Good Reason for receiving an import license to bring in technology which is apparently widely used by radicals to defy duly-ratified legislation about communications visibility and enable the creation of side channels which break the law and can be used to proliferate CSAM, drugs, and terrorism? I'm sure any sane person would agree that those are bad things which need to be stopped. Perhaps you should take up a different hobby, like jogging.
And there we have it!
> despite how clever people like Sam Zeloof may be.
> The power imbalance is not in favor of the individual citizen.
2. Spurious radio transmissions from your spark gap set will be tracked down in an afternoon by government foxhunters, and then you'll be in jail for breaking the law.
I don't understand why people think they can meaningfully kinetically resist. The discussion now needs to be convincing the random voter why this is a problem for them, or the game is lost.
2) You've clearly never done a foxhunt
> The discussion now needs to be
Second off, guns are incredibly easy to make. Easy enough that they make them in prisons and Japan. But you know what's a million times easier than that? Radio. It's a common first electronics project. You can literally make it out of a few resisters, capacitors, and some wire.
Literally the cost of fighting this type of technology is taking down all wireless infrastructure. ALL of it. And even then it's still a god awfully expensive thing to fight because anyone with a hot pointy object, an electricity source, and some things that are slightly bad at conducting electricity can make a radio
You could say the same about firearms.
>Is a government really going to ban all electronics?
All electronics that can be freely programmed by the owner, not impossible.
> All electronics that can be freely programmed by the owner, not impossible.
Even Google and Apple can't keep themselves from getting jailbroken. You think that's going to be true about a $5 toy with a WiFi or Bluetooth chip in it.
It'll be too expensive
They have the propaganda advantage (think of the children, those who undermine the system are pedophiles by definition). They have the law (just reclassify such activity as aiding and abetting the distribution of child pornography). They have the scare tactics (nobody wants 30 years in prison and an entry on the sexual offender's register).
This war will be won with words and at most a few arrests, just to make an example, just like the war on terror and anonymous financial activity.
Privacy just doesn't matter for 99+% of the population as much as we think, which is very much unlike piracy or drugs for example. If this wasn't the case, we'd all be using Signal and Monero right now.
> There's not enough people to care.
But what, you're going to give up without a fight?
Even if you won't fight then why fight for your enemy by telling others not to fight?
But yes, your point is largely valid as long as enough people are willing to jump the ship.
Finally, the year of IPFS. Government messing too much with the internet will end up pushing people to use more "dangerous" internets that are completely unregulated and that is surely the opposite of the the stated purpose to protect young people.
... and if you create one, they can, and it's starting to look like they will, outlaw using it, regardless of what you use it for.
There are (to make up a number) ten desirable properties of the modern internet, and so far it's "Pick two", but novel combinations of the things you mentioned offer "Pick three" or possibly "Pick four" if adoption picks up.
For text, phone, and even image communication in urban and suburban areas, it sounds like there's real promise here. But we're not going to achieve parity with a global fiber + datacenter network by any means.
You don't need all ten to, say, organize a revolt.
We don't need to replace global fiber, we just need to demonstrate enough to inspire others. I'd be perfectly happy if we got just an old web text only system up.
Honestly, would be a lot easier if we could get encryption rules lifted from HAM operations. That's what's needed for long range, even if we won't get the high data rates. We don't need a YouTube to make a difference
And I know that government attempts to regulate reality too, but if you drive at 35 where the limit is 30, or speak to someone dodgy to get some marijuana or whatever, and get away with these and other heinous crimes, you're good!
The distinction really is whether you bake regulation into the technology or not. And it seems that technology is actually the new legal system. Or perhaps that should be the 'pre-legal system' as it won't allow you to do those things it determines as 'wrong'. Which is absolutely fine if you think government really does know best, or hell on earth for everyone else.
The problem with the current system is that the information was just too free. You could just drop in on anyone's conversation, like it or not. People started hoarding that information and look what we got: surveillance capitalism. The system reinforces itself to watch you, to tell you what to do, what to think, not just what to buy. And the system just wants to keep growing, so it's just going to continue to do that more and more. Sure, there's some nice things we get for the loss of all our privacy, but it comes at the cost of your humanity. They'll be costs to this new system too. It won't be all rainbows and sunshine, but I think it'll be better than this gloomy smog ridden world we have now.
We live in a time where it's actually possible to have a functioning world with no kings. Personally, I'm tired of them, aren't you?
The problem with the current system is the intersection of human nature and capitalism. Individuals have willingly adopted technology that aggressively surveils them in exchange for notional convenience and by and large are blandly unconcerned with the implications thereof. This also seems unavoidable as long as data collection and brokerage is permitted and profitable, and people value entertainment over critical thinking. This outcome was very accurately predicted by netizens when online advertisements first started popping up and a lot of time was spent wargaming what would happen if mass adoption lead to the net being a viable sales and marketing target.
After 35 years of observation I've had about enough of global communications systems and everything that comes from them. At this point there is very little one could say to convince me that the internet hasn't been one of our species largest fuckups.
But, on the other hand, I don't think that I can completely ignore the good it has brought to the world. If a person is motivated enough, he can pretty easily navigate through propaganda simply by choosing to consume information from different sources (for example, reading about the us from both the us perspective and russian or chinese perspective).
Of course, the main reason there aren't many people who do that is both simple but also complex. People don't have enough time at which they aren't either exhausted from work or life in general; or stressing about something that has to do with capitalism (either money, wars, work and etc). So at the little amount of free time that they do have - they aren't going to challenge their beliefs (or at least, the beliefs of those who surround them); It's exhausting, and it's easier to just read the propoganda, feel better about yourself because a good propaganda always have someone else to blame - and continue with your day to day life (if one can even call that life; because to me it seems more accurate to call it "existence").
But in any case, what you've said reminded me of this post and how the internet positively impacted one person; so even though I doubt it'll convince anyone of anything - it's still a very heartwarming story: <https://jimmyhmiller.com/raised>
* English isn't my first language so I apologize if there's any grammar mistake.
It's not other operating systems fault that they failed to invest into security. They should try and catch up instead of blaming people for not trusting their security on "regulatory capture".
It is the easiest cross platform distribution method between macOS and Linux. It actually does scale in that regard which is why it is so popular.
People are not locked up. Apps and their secrets are. The idea that any app should be able to read the secrets of any other is not essential for user freedom.
EUDI wallets are connected to your government issued ID. There is no "highly invasive age verification".
We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
You get it with the salts. When you want to prove you are 18+ you include salt for the "is aged over 18" claim, and the signed document with all the salts and the other side can validate if the document is signed and if your claim matches the document.
No face scanning, no driver license uploading to god-knows-where, no anything.
> to obtain 30 single use, easily trackable tokens that expire after 3 months
This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on. It is supposed to provide the "unlinkability". I don't feel competent enough to explain how those work.
> jailbreaking / "prevent tampering"
This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
> You have to blindly trust that the tokens will not be tracked
This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
Also we can't have a meaningful discussion without expanding on definition of "tracking".
Can the site owner track you when you verify if you are 18+? Not really, each token is unique, there should be no correlation here.
Can the government track you? No, not alone.
Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
Can they lie? Sure.
Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
Can they lie if you are using bbs+? Math says no.
It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.
Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".
And the best part… Age verification will not solve "children problem". I think it's parents problem to take care of their children, AV will be pretty easy to bypass - kid will just borrow ID for a moment and… voila! Govts (or some people) are creating problem and solution that do not exists.
I do not like way internet went, I do not like more way it's headed now.
> It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.
> Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".
Is this even actually possible? If you want any sort of identity verification you HAVE to trust someone, whether age or full ID. Literally impossible.
Zero trust systems in society don't work. If you don't care "who" then yes, zero trust is just fine... but then what's the point of "age verification"?
I don't think it's possible.
You don't have to trust somebody not to track how the resulting credential is used. And that is what "zero knowledge" means. It means that after you finish the protocol, nobody has learned anything but what they were supposed to learn (in this case, "the person at the other end of this connection is over 18"). If it leaks anything else about the person, it's not zero knowledge. If somebody learns which of the issued credentials was used, it's not zero knowledge. If parties can collude to get information they're not supposed to get, it's not zero knowledge.
It's a technical term of art, not some politician's bullshit. And it isn't complicated to understand.
The "open source" apps connect to proprietary backends run by a third party that you have to blindly trust. If EUDI wallets were truly open source and free from blindly trusting any authority, then you could simply remove that requirement and issue your own tokens without the use of potentially malicious third party.
I mean, you can. It's like with TLS certificates. The standard is there. The code is there. You can issue your own.
The question is, who will trust you?
Where I think we are not in agreement the question of "who to trust" and "for what purposes".
Are you going to trust me when I tell you that I'm over 18 if I provide you with the document signed by my cousin, Honest Ahmed?
Are you going to trust me when I show you the document signed by my government?
(this is the trick question, you don't have a choice, law says you must; there's a list of who you need to trust and for what purposes; like a certificate root store in your browser)
Note that I - as opposed to the posts parent - used an official trusted CA as an example.
TLS: I see your ID with some governments signature in your hand, I trust you to be you. EUDI: I see a note you wrote and I see some signed documents that you have just been to the government brain scanner, which attests you are not faking that note, and as a nice side effect the scanner scans other things in your brain, e.g. that you watch every advert diligently, send your current location regularly to your local police office and other things.
The problem is you are not creating a government issued single purpose device but you are confiscating something many user experience as a brain extension to be under the government's control as a whole.
You surely mean Honest Achmed? He gets a bad rap: https://bugzilla.mozilla.org/show_bug.cgi?id=647959
I can use my banking services through the web. Codifying the Google/Apple monopoly in law is gross.
For clarity, the US could over night make all European digital wallets nonfunctional by requiring app stores to remove them and have them uninstalled remotely (iirc there is such a feature but it’s very rarely used). Likely? No, still a very strange thing to put into law though.
Not for much longer. Stealing your data on mobile device is way too lucrative for the banks to pass on. All while pretending it's done for security.
That is not zero knowledge. Given that actual zero-knowledge systems are well understood, the only reason to deploy a system that allows that would be if you planned to abuse it.
That being said, it's my personal opinion that I'd love to simply have my device store a token and send it to any site when requested. I'd then like those sites to give me toggles to remove all non-verified content - and therefore my internet experience could be sans-juvenile squeakers.
> jailbreaking / "prevent tampering"
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
This is unacceptable. So much talk about independence from the US, you simply cannot make it a hard requirement to use the duopoly to be a citizen (as if it wasn't a quasi-hard requirement already)!
To be clear, I'm not in favor of a participation-in-society ban for jailbreaking your phone, but there's already precedent for it.
For cars, the local certification authority themselves decides what is road-worthy or not, not VW et al. You can add third party parts without the manufacturers consent. This is not the case for Android or iOS attestation, you're pretty much at the mercy of the foreign manufacturer and their local laws.
If you're expecting a perfect analogy, you're not going to find one. Law in its application also doesn't deal in exactness, but in generalities and vibes: that's why lawyers argue, and judges decide.
I'm familiar with the process for individually certifying unique and modified vehicles in several European countries. Invariably, the process is costly and onerous, which serves as a deterrent.
-children and women, harmed through unregulated and unobserved communications enabling human trafficking and the spread of CSAM.
-social healthcare systems, harmed by enabling the proliferation of illegal drugs, which leads to the over-taxing of an already straining public good, reducing access to people who would need help outside of drug-caused issues.
-society at large, harmed by enabling drug-funded terrorists to trade in weapons and coordinate their destructive actions out of sight of law enforcement.
For your and others' safety, please leave your signing keys at the door.
You're mistaken. SD-JWT with linkable ECDSA signature is the main mechanism. An unlinkable signature scheme is being discussed on the fringes of the EUDI-project (whether it be BBS+ or Longfellow) and very bare-bones support for Longfellow has been added to the reference wallet a month ago. However the Implementing Acts have no support for such a mechanism yet, and most member states will only implement ECDSA based mechanisms (SD-JWT and ISO 18013) for the foreseeable future.
It's therefore very likely the EUDI wallet and/or a age verification solutions will launch with issuer linkable ("easily trackable") signatures.
See also this thread: https://news.ycombinator.com/item?id=45363275
Most banking apps run on GrapheneOS, will this? Nearly all EU banking websites run on Firefox on Linux, will this?
Why did you not quote the App Store/Google Play Services part, which is much worse?
> There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
I'm sure this will be as diligently carried out as GDPR enforcement. [0].
Now your EU government requires you to have an unmodified Google or Apple device to use any age restricted services. Cementing the US mobile OS duopoly and locking out any free systems and desktop etc. forever.
Any governmental service taking part in this is a violation of civil rights and even if you don't care about those, maybe you care about digital sovereignty.
This is so lightly handwaved away, almost as if attention needs to be drawn away. By the looks of this I'd say the end of general computing might be the actual goal, and all the age verification is just yet another "think of the children" pretense?
Except the state is not a bank, of which there are many. The state is not optional, and trusting an American company with, of all things, the digital precondition for social existence, is suicidal.
If the "18+ claim" can't be linked to your identity and doesn't have any rate limits, someone can set up a token-as-a-service to sell tokens on the black market.
> Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
> Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
How does the math say no? Big tech companies already log absolutely everything. What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> Can they lie? Sure.
Well, they've lied to us over and over when it comes to surveillance, so I think at this point it's reasonable to assume they're lying unless it's technically impossible. Where's the in-person key verification that used to be in Whatsapp? How do the authorities get notified when someone makes a poorly thought out joke using Snapchat private messages before getting on a plane? Why is there a war on end-to-end encryption?
We're going to pay a fortune for these supposed zero knowledge systems and that's what it's about. Select companies are going to get paid to issue tokens and the scale is going to create a few new billionaires.
The people in charge are going to gain a ton of power when they betray everyone and disenfranchise us.
They can! Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.
> What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> How does the math say no
BBS+ signatures. Hashes you receive from the government and hashes you send to the site operator are different and not correlated.
So how would I use this on Linux then? Because I'd be rather unhappy if a bunch of websites became unusable on Linux due to government-mandated security restrictions.
My (Canadian) government's health portal already refuses to load if you use Linux (despite it being 100% web-based), meaning that I'm completely unable to book vaccinations or view procedure results without workarounds. Luckily it only checks the user agent, so it's pretty easy to override this right now, but that wouldn't be possible if cryptography/attestation were involved.
Governments and businesses have already decided that it's fine to mandate that you own an unmodified smartphone made by one of the major manufacturers, so it's not much of a stretch to assume that they will also eventually require you to run an attested OS image made by one of the two major manufacturers. The fact that some run Linux internally isn't going to help your case: governments do a lot of things internally that you're not allowed to do. I used to watch cops in Amsterdam park on the sidewalk to go get a kebab, for example.
Indeed according to some (i.e. the Commission) it's supposed to, but they should know better. And many member state wallet developers do know better.
Play Integrity can easily be bypassed unless you want to exclude a very large amount of users – especially disadvantaged people using older phones – because there are many vulnerable phones in use by those users, and you only need one to build such an age attribute faucet.
See also this comment: https://news.ycombinator.com/item?id=45363853
You've already lost. You're at the government's mercy. They can simply refuse to sign.
"Mr. John Smith, we noticed you've published some poorly-worded comments online. Why are you locked out of your account, you say? Oh, that's just an unfortunate technical issue with our signing system, happens all the time. Anyway, this is a friendly reminder for you to improve your online etiquette. Have a nice day."
You live in a democracy?
YES) the violation you describe is verifiable to a journalist. You publish story, and you keep the government accountable.
NO) Why are you even discussing if age verification is a good idea or not, you freak. It's not really up to you anyway. Go fix your country first.
What I can say that's at least tangentially relevant to the topic at hand is that I've lived for a couple of decades in both the USA and the EU, being a citizen of both, and have found Americans generally much more politically informed and involved. I find Europeans, particularly Irish, very well informed about U.S. politics that they are powerless to influence, and next to oblivious of anything going on at home. Given that Ireland has the EU Presidency right now and is choosing to use its bully pulpit to advocate for British-style draconian Internet regulation, that's doubly a shame.
Never. Cede. Ground. You'll never get it back, and one day the rights will be gone.
That is an astounding consensus in a system which regularly decides elections by 51%.
You're not getting mandated from up high: it is democratically enormously popular to do this.
The only reason we have any rights left is because the Australian government is - thankfully - comically incompetent.
"Australia is a lucky country" is a quote every Australian knows. Few know the full quote: "Australia is a lucky country, run mainly by second rate people who share its luck. It lives on other people's ideas, and, although its ordinary people are adaptable, most of its leaders (in all fields) so lack curiosity about the events that surround them that they are often taken by surprise." - Donald Horne.
I encourage all my teenage countrymen to use as many social media apps as they desire. Mullvad is a decent VPN and you can pay for it anonymously. Freedom of speech and freedom of association are your human rights. No government gets to take them away from you.
It might be popular to have age verification conceptually and only as long as it's only used "as advertised", which is not the same thing.
This is one of the biggest issues of democracy. As long as your propaganda machine is strong enough (and anti-privacy propaganda is one of the strongest) you can pass just about anything and pretend that society put on the shackles of surveillance and coercive control voluntarily.
People just submitted it. I don't know why. They "trust me". Dumb fucks.
Whether any given implementation is popular is a different question.
But people aren't attacking implementations: they're attacking the concept as though people don't want it.
But in surveys they do: by a huge margin, politically.
It's like how a generic candidate tends to reliably poll higher then a specific person.
"Why does this keep coming up" has the trivial answer of "because people overwhelmingly keep asking for it".
You can complain about the people being decieved if you want, but they still vote regardless.
The inherent problem with all zero knowledge identity solutions is that they also prevent any of the safeguards that governments want for ID checking.
A true zero knowledge ID check with blind signatures wouldn't work because it would only take a single leaked ID for everyone to authenticate their accounts with the same leaked ID. So the providers start putting in restrictions and logging and other features that defeat the zero knowledge part that everyone thought they were getting.
That is not true and "true zero knowledge ID check" + "age verification" with blind signatures is what's being implemented by the EU ID project.
So someone's id leaks. It happens. In EUDI there are things called "cryptographic accumulators of non-revocation proofs". If your ID leaks it goes into the accumulator. Similar to the certificate revocation lists. During check, you include claims "im over 18" and "my id is not in the accumulator".
This is included in the standard.
This is also (I can only assume) one of the reasons why EUDI wallets require play integrity / attestation / secure element on the device. So your private key won't be easily leaked and no one can steal your ID.
What happens when someone sets up a marketplace where people can sell those blind signatures using their ID for $2 each? And then kids just pay $2 to have someone else blindly use their ID to validate the account, because supposedly the system is structured so that nobody can tell which ID was used or tie it back to the account?
Access to this part of the card is secured by PAKE between the transport layer (TLS) encrypting and user interface providing NFC reader (for example phone with the app, or dedicated hardware) using a PIN.
In theory you cannot export your private key from the device (from the secure element), so for each $2 someone would have to quickly unlock their phone, scan code via the app and so on.
This is why true zero-knowledge systems for this sort of thing aren't practical and will never be. Because a SINGLE leak will break it and there will be no way to even detect it.
The attestation systems you reference don't even allow true zero knowledge attestation, they involve a trusted intermediary to convert your burned-in private key to a temporary key which you use for attestation with a third party.
And the temporary key isn't even a product of a blind signature. And it's rate limited. So if a service selling these temporary keys shows up they will be able to easily trace it to the burned-in key responsible - then revoke it and if possible initiate legal action.
This also means that whenever you register to a service using one of these schemes you are registering with your real identity, it's only a question of how hard and how many parties need to collude to extract it.
And in the event that they really do blindly sign tokens generated on your device, then their scheme will not survive adoption. As it gets adopted, the value of these blind signatures will rise and services that sell them will pop up. There will be no way of tracing the sold blind signature to the compromised/colluding device and rate limiting will merely necessitate a farm of such devices as opposed to a single leaked key.
*Note that Blind Signatures are Zero Knowledge.
You are mistaken. In the EUDI wallet project, unlinkable signature schemes are currently being discussed among cryptographers and a month ago Longfellow very basic support for Longfellow has been merged into the reference wallet.
You're making it seem that unlinkable signatures are very established and the default, while they are not. They're not yet properly defined, experimental and mostly unimplemented by member states. Linkable ECDSA signature are currently the default in the EUDI wallet project.
That's unnecessarily reductive.
Yes, every solution will have problems, but not all solutions have similar problems.
If a solution has problems such that it can be immediately reduced to security theater and bypassed by any teenager who cares, it's just extra hassle and privacy degradation for the rest of us.
These details matter. If a weak solution is regulated into law and the government discovers kids are easily bypassing it, they will immediately pivot into requiring more restrictions on it.
We've had decades of age gating being "are you 18+ or not" yet it is only now that talks of something more enforceable are coming up. This discussion is largely about how one can create a sense of safety and protection. For the more extreme end it's face scans and submitting ID. Even though these are bypassed by any teenager who cares they are still being pushed seriously because it instills that sense of safety and protection for children. Security theater is just a part of managing the internet and not going away unfortunately.
That's the only solution that truly protects user privacy and security. Video games and especially mature content should not require age verification. People's lives can be permanently destroyed over perfectly legal sexual fantasies, and thus anything that increases the risk of the information being tracked is unacceptable.
So like CT logs, but several orders of magnitude bigger? I thought centralized TLS revocation lists failed due to scale. How will this differ?
The EUDI spec is tech neutral.
What the EUDI mandates is a high level of assurance under the eIDAS 2.0 regulation and the use of a secure element or a trusted execution environment to store the key.
IIRC that was only for a prototype or reference implementation.
There's some clever kids out there but come on.
https://www.forbes.com/sites/federicoguerrini/2025/08/10/who...
How? If it’s analyzes my ID 100% client side I can fake any info I want. If my ID goes to a server, it’s compromised IMO.
I think the zero proof systems being touted are like ephemeral messaging in Snapchat. That is, we’re being sold something that’s impossible and it only “works” because most people don’t understand enough to know it’s an embellishment of capabilities. The bad actors will abuse it.
Zero proof only works with some kind of attestation, maybe from the government, and there needs to be some amount of tracking or statistics or rate limiting to make sure everyone in a city isn’t sharing the same ID.
Some tracking turns into tracking everything, probably with an opaque system, and the justification that the “bad guys” can’t know how it works. We’ve seen it over and over with big tech. Accounts get banned or something breaks and you can’t get any info because you might be a bad guy.
Does your system work without sending my ID to a server and without relying on another party for attestation?
The verifier gets no other information than the strictly necessary (issuer, expiry, that kind of thing) and the over 18 bit, but can trust that it's from a real credential.
That's not strictly a zero knowledge proof based system, though, but it is prvacy-preserving.
But no, we're not talking about the case where there's no trust at all in the government, because then you don't get verifiable credentials at all. We're talking about building privacy-preserving credentials that actually have a use.
amplifying your point, there is effectively no way for the layperson to make this distinction. And because the app needs to send data over an encrypted channel, it would be difficult at best for a sophisticated person to determine whether their info is being sent over the wire.
All of this is reputation management: if technical experts broadly agree the system does what it says, then all of us have to accept that in aggregate that's probably good enough and significantly better then many other areas.
Devices are built from the ground up to prevent even sophisticated users from tapping them to verify we aren't being lied to. The average person thinks that "hackers" will mobilize if things get too bad and they're completely wrong.
Tamper proof, encrypted chains of trust start from the second a device gets power and it's infecting everything from appliances to phones to computers. Get ready for a future where your rented toaster has parts serialization that can't be bypassed.
As someone that patches their OS on the regular, this would be pretty interesting.
you get your sd-jwt document signed once and you reuse it for like 30 days or so.
> you get your sd-jwt document signed once and you reuse it for like 30 days or so
So it still gets routed through the government once a month if you plan on using it.
You get your document with fields like "can drive", "is over 18" and so on. It's valid for some time; physical ID is valid for like 10 years and then you have to get a new document, this digital one is valid for lets say 30 days and if it expires you get a new one.
Then you present only those fields you want, when you want, without anyone talking to the government at all. All the other party needs to check is "is the document valid" and "do presented fields match the document". Like checking a tls certificate for a given domain name or purpose.
Strictly speaking there is no "routing through the government" of any information. The government just "issues a certificate" valid for X days without knowledge with whom, how or when you are using it.
I don't understand how you keep claiming there is no "routing through the government" right next to your explanations that the government is the one providing the documents every 30 days.
Obviously something in the document is tied to your ID and the government has mechanisms to revoke it. No matter how many layers you put on top of that, this all has to come back to the government's control.
I understand that the salts can be sent to 3rd party websites. However there's obviously a reason that those are only valid for 30 days instead of indefinitely.
If I choose to share that salt, and provide my name, someone could hash all that information and compare it to the government-issued document to verify if my name really is john smith (or if my claim "I'm over 18" is valid).
If I don't, they have no way of knowing.
> no "routing through the government"
> government is the one providing the documents
I'm also lost. I mean, this is the government issued ID we are talking about, right? How are you expected to get it if not from the government? "Are you over 18" claim is part of that government issued ID.
They don't have to know which sites or when you are visiting, but they do have to issue you the document.
(To be clear, there are also other options, it doesn't have strictly to be government; for example banks around here can provide ID documents - for their clients. There's a list of who is trusted for what https://eidas.ec.europa.eu/efda/trust-services/browse/eidas/...).
> However there's obviously a reason that those are only valid for 30 days instead of indefinitely.
It's the same reason why we prefer tls certificates with short lifespans.
All these services have accounts, and the only time you need to do an age check is when the account is created.
The reusing another ID is an issue. In some countries they will have a in person check to verify only you can load your ID into your phone. But then you still have the problem of sending a verification QR code to someone else and have them verify it. This might be solved by rolling time-gated QR codes and by making it illegal to verify someone else's verifications. But this is a valid concern and a problem that still needs solving.
Might be breaking news, but the state already has your passport ID in a server.
Can we go back to defaulting to parenting instead of nanny-states? Maybe make "age sensitive" websites include this fact into a header (or whatever) so that parents can decide who in their household can access which content. Instead of having some overreaching corpo-government implementing draconian "verification" systems.
If I want to live under the thumb of a strongly verified "benevolent" dictatorship, I'll move to China. No need to create a second China at home.
Switzerland is working on a system that does the former, but if Government really wants to identify users, they can still ask the company to provide the age verification tokens they collected, since the Government hosts a centralized database that associates people with their issued tokens.
For unlinkability, I think the plan is to essentially issue single use IDs/"certificates", but it's not implemented in the Beta.
The Swiss design actually doesn't store the issued tokens centrally. It only stores a trust root centrally and then a verifier only checks the signature comes from that trust root (slightly simplified).
The Swiss E-ID system stores people identifiers and token status lists in their so-called "Base Registry". From https://swiyu-admin-ch.github.io/technology-stack/#credentia...
> Decentralized Identifiers (DID) developed by the W3C represent an identifier standard that provides a subject-controlled method for identifying individuals, organizations, or objects online. In the swiyu Trust Infrastructure, DIDs are utilized as a standard identifier for issuers and verifiers. They are centrally hosted on the swiyu Base Registry.
> In this protocol, the trusted authority issues certifications (“trust statements”) concerning the identity (i.e., who is the real-world identity controlling a DID) and legitimacy (i.e., who is allowed to issue or verify credentials of a specific VC schema) about an entity as SD-JWT VC and publishes these trust statements in the trust registry.
> Token Status Lists are signed, maintained and published by the credential issuers but hosted on the Base Registry.
The base registry stores identifiers of issuers and verifiers, not credential holders.
Even the status register does not contain the tokens themselves:
> Within these status lists, each index (i.e., status entry) documents the validity of one VC. The corresponding index is captured in the VC’s metadata to allow for a decentralized status information retrieval that does not require verifiers or the VC holder to contact the issuer.
Of course, each issuer needs to maintain a list of the credentials they have issued in order to be able to ever revoke them. That's unavoidable.
Just to be clear, here I am not concerned about the verifiers, I am concerned about the authority (Government).
> The base registry stores identifiers of issuers and verifiers, not credential holders.
If the verifiers provide the verification tokens to the Government, can't the Government identify the original issuer even if they don't store them? Don't these tokens contain the DID of the issuer? Please correct me if I'm wrong, maybe I didn't get this part right.
> That's not how that works - they can prove they check by showing logs, rather than VPs
Logs can be manipulated, VPs can't. If I had a company and I was forced to verify users, I'd try to store those VPs for as long as possible, for my own protection.
> There's even legal limits on what identifiers they can store and for how long
I was not aware of this. Is that documented anywhere?
The average person does not understand the math behind zero-knowledge proofs. They only see that state infrastructure is gatekeeping their web access. Furthermore, if the wallet relies on a centralized server for live revocation checks, the identity provider might still be able to log those authentication requests, effectively breaking anonymity at the state level.
On a practical level, this method verifies the presence of an authorized device rather than the actual human looking at the screen. Unless the wallet demands a live biometric scan for every single age check, they will simply bypass the system using a shared family computer or a parent's unlocked phone. We used to find our way around any sort of nanny software (remember net nanny)
what you are describing still remains a bubble and I really hope Americans aren't looking at EU for any sort of public policy directions here.
One of the most highly valued tech companies of today makes a software that sometimes talks its user's into killing themselves. Some guy put "uwu notices bulge" on a bullet casing and shot Charlie Kirk: things turned out fine indeed.
Requiring everyone to show their id on every website will not change that. It will limit free speech though.
1) zkcreds-rs (zk-creds) [1]
2) zkLogin (Sui Foundation) [2]
3) TLSNotary [3]
4) DECO (Chainlink/Cornell) [4]
5) Anon-Aadhaar [5]
[1] https://github.com/rozbb/zkcreds-rs
[2] https://github.com/mystenlabs/sui/tree/main/sdk/zklogin
[3] https://github.com/tlsnotary/tlsn
[4] https://chain.link/education/zero-knowledge-proof-zkp#preser...
https://github.com/eu-digital-identity-wallet
Everything's very much WIP, but it aims to provide a detailed Archictecture and Reference Framework/Technical Specifications and a reference implementation as a guideline for national implementations:
https://github.com/eu-digital-identity-wallet/eudi-doc-archi...
https://github.com/eu-digital-identity-wallet/eudi-wallet-re...
https://github.com/eu-digital-identity-wallet/eudi-doc-stand...
You'll find several (still evolving) Technical Specifications regarding ZKPs (including a discussion area) in the latter.
Or they want to spy on people.
With LLMs and paid actors wreaking havoc on social media I do think that social media needs pivot towards allowing only human users on it. I wrote about this here: https://blog.picheta.me/post/the-future-of-social-media-is-h...
> derives an age attribute such as "over 18" from a passport or ID, without disclosing any other information
Well, as soon someone points their chinaphone camera on a passport, it is already over.
This whole setup is a nightmare fuel.
You want to check over 18? Fine, let adults set their kids devices in a "child" mode. Problem solved.
No need to create a stasi dreamland.
Was this discarded? Is it not necessary anymore? Can someone without writing their own implementation use the app without using any of those two?
I'm a citizen of a European Union member, I trust my government to issue me an ID and use said ID in my interactions with the state, I do not trust my state with anything more than that.
Someone brought up the need for device attestation for trust purposes (to avoid token smuggling for example). That would surely defeat the purpose (and make things much much worse for freedom overall). If you have a solution that doesn't require device attestation, how does that solve the smuggling issue (are tokens time-gated, is there a limit to token generation, other things)?
This would only work with something like MS TPM 2 / Apple Secure Enclave (device attestation), which is anti-freedom by design. I was curious if they found a way around that (maybe with time/rate limits, or some actual useful use of blockchain tech).
If Apple can remotely lock the device that an user bought mistakenly (for example because some corporation somewhere fat-fingers some entries), that fundamentally means the user doesn't own the device they bought and paid for. Add on top DRM and all the other evil that comes along with attestation.
Plus, you can still disable TPM2 (if you don't want to run Windows on your machine), you can never disable Apple's implementation.
How about a system like Google Authenticator in which google knows nothing about which websites I'm logging into. Except, obviously, it'd have to be some kind of cryptographically signed response. e.g., website puts up a QR code (according to some standard) asking "is the user 18+", I scan with the phone, and the ID app, without accessing internet (like google authenticator) responds.
I suppose that might need a secure computing environment, so no rooted phone etc. But, of course, there's a simple workaround. Any adult can give their phone to a child. As long as that vulnerability is there, there's no such thing as a guarantee on the responses no matter what way you build it.
When a client attempts to access an age-restricted URL, the server redirects to a custom URI scheme which begins a negotiation for requesting verification. The server signs a message and provides it to the client. The client verifies there’s not additional info or metadata before encrypting. It then forwards to the government server. The government server decrypts the message and signs a response. This goes back to the client which forwards to the server.
I haven’t fully ironed out all the details but got so far as nearly completing the server-client negotiation. The tricky part is ensuring each stage prevents MitM tampering while allowing the client to see what is in a request so that there’s no metadata which would allow a site to track the user, nor a government to track sites a user accesses.
In that system does the age verification result come with some sort of ID linked to my government issued ID card? Say, if I delete my account on a platform after verifying and then create a new one, will the platform get the same ID in the second verification, allowing it to connect the two and track me? Or is this ID global, potentially allowing to track me through all platforms I verified my age on?
What a verification process looks like from the user perspective? Do I have to, as it happens now, pull out my phone, use it as a card reader (because I don't have a dedicated NFC device on my computer), enter the pin, and then I'll be verified on my computer so I can start browsing social media feed? Or, perhaps, you guys have come up with a simpler mechanism?
Most systems right now have you load data in your phone. Then when a check happens, you scan a QR code. You then get a screen on your phone saying X wants to know Y and Z about you, do you want to share this information? Then you just choose yes or no.
For your social media example. You would just get a QR code on your pc, then pull out your phone, scan and verify, then start browsing social media on your pc.
If they did the right thing and only asked for the over 18 bit, then they wouldn't have a trackable identifier.
You can have no system at all, which gives you freedom and privacy, but not age verification. You can have ID uploads, which give you age verification and freedom, but not privacy. You can have a ZKP-based system, which gives you age verification and privacy, but not freedom. This is because you need a way to prevent one unscrupulous ID owner from issuing millions of valid assertions for any interested user.
I'm not saying it's right or wrong, you tell me, I just want to point at this random timeline.
Hoovering up less data would be a really fucking good start. There's something about babies and bathwater, but by god this has proven to be very dangerous bathwater time and time again.
Passport recognition is also spotty. The ID verification providers used by banks do not recognise Indian passports.
Will we exclude a few million people because it’s too expensive to verify that they are over 18?
Add this to “falsehoods programmers believe about ID verification”.
Yes. We absolutely will. KYC services is something that no one wants and everyone hates, thus there is no motivation to make it better. And if any, "better" might mean more invasive, because that means more data to mine and sell.
So, sure, excluding millions of people from KYC because it's cheaper to reject them than it is to study their documents - is the right decision business wise.
I am speaking as a person in the very same position.
Are there, say, two other potential use cases that anyone has come up with yet?
Everyone does realize we're being constantly tracked by telemetry, right?
A proper ZK economy would mitigate the vast majority of that tracking (by taking away any excuse for those in power to do so under the guise of "security") and create a market for truly-secure hardware devices, while still keeping the whole world at maximal security and about as close to theoretical optimum privacy as you're going to get. We could literally blanket the streets with cameras (as if they aren't already) and still have guarantees we're not being tracked or stored on any unless we violate explicit rules we pre-agree to and are enforceable by our lawyers. ZK makes explicit data custody rules the norm, rather than it all just flowing up to whatever behemoth silently owns us all.
I know laws are boring and tech is exciting, but sometimes there's no technological solution to a societal problem. Good old laws, police, fines, prison, is all you need.
But I don't look at this on a purely technological level. These identity-based systems are instruments of control. Right now everything is still in flux with how these tools will be used and how accessible they are to the general population and the many minorities therein. I simply don't trust our politicians to do the right thing short-term and long-term. The establishment of the GDPR has been a major victory for better privacy legislation and now the Commission wants to hollow it out. The Commission also wants chat control to increase the amount of mass surveillance in Europe.
There is a potential future, where we all win. But I am highly skeptical, that in the current political climate, we will end up there.
I've heard they even want to mandate periodic re-checks now which is insane. The internet should remain free.
Besides, if parents don't want to give access to social media they can just not give their kids a phone, or just use the many parental control features available on it. Every phone has this these days.
And even if the government wants to ban this stuff for all kids (which I would not agree with but ok I don't have kids so I don't really care and parents do seem to want this), they don't have to enforce it this way. They can just make the parents liable if the kids are found to have access.
To me this is just another attempt at internet censorship and control.
Tbh, when I read that "platforms face a choice between excluding lawful users and monitoring everyone." I don't have much understanding.
No gov. ID, no participation. It's not like you cannot go outside and talk to people anymore so let's not pretend that being on insta is some sort of universal human right and anybody barred from it is some sort of terrible tragedy.
And I have zero illusion privacy is compromised, it is trivial to identify devices these days, so it doesn't even work technically.
Next sentence we hear some empty bickering about digital sovereignty. This is all bullshit.
There is certainly a market for desktop OS as well. This creates a market for freedom.gov, shady as it is.
The system you're describing is good for the masses, not for those with power.
You should never trust the government
If there's a fundamental culture shift, there's an easy way to prevent children from using the internet:
- Don't give them an unlocked device until they're adults
- "Locked" devices and accounts have a whitelist of data and websites verified by some organization to be age-appropriate (this may include sites that allow uploads and even subdomains, as long as they're checked on upload)
The only legal change necessary is to prevent selling unlocked devices without ID. Parents would take their devices from children and form locked software and whitelisting organizations.
It's my job as a parent (and I have several kids...) to monitor the things they consume and talk with them about it.
I don't want some blanket ban on content unless it's "age appropriate", because I don't approve that content being banned. (honestly - the idea of "age appropriate" is insulting in the first place)
Fuck man, I can even legally give my kids alcohol - I don't see why it's appropriate to enforce what content I allow them to see.
And I have absolutely all of the same tools you just discussed today. I can lock devices down just fine.
Age verification is a scam to increase corporate/governmental control. Period.
- Many parents don't think about restricting their kids' online exposure at all. And I think a larger issue than NSFW is the amount of time kids are spending: 5 hours according to this survey from 2 years ago https://www.apa.org/monitor/2024/04/teen-social-use-mental-h.... Educating parents may be all that is needed to fix this, since most parents care about their kids and restrict them in other ways like junk food
- Parents that want to restrict their kids struggle with ineffective parental controls: https://beasthacker.com/til/parental-controls-arent-for-pare.... Optional parental controls would fix this
I don't think they will, and this is because there's an inherent conflict of interest from these large tech companies about actually protecting my kids.
To be blunt: They don't give a fuck, they make money. They will pick money over kids EVERY time.
My current answer is that absolutely none of my children are allowed anywhere near these devices. Mandating shitty age verification laws isn't going to somehow make these companies act responsibly... it's just going to drive alternatives that are actually respectful out of business with additional legislative burden, while Google and Apple continue to act irresponsibly and unethically.
Further - it continues to enshrine the idea that parent's aren't responsible for their kids (see your first point)... The parents that are already neglecting this space will point to laws like this and go "look, the government is doing this for me!". Which is exactly wrong, and exactly what these companies want parents to think (again - the alternative, that parents actually engage and realize just how fucking morally bankrupt these bastards are, hurts bottom lines)
If you want change - remove the damn duopoly. Break them up. Force open markets. Force inter-compatibility.
This is not rocket science. This is basic political science we've known about for literally hundreds of years, the only difference is that our government in the US has been fucking useless because of regulatory capture (of which this will worsen) and the perceived national security & economic value of "owning" the tech stack used internationally.
"Security" when used in these contexts has very little to do with protecting you, or me, or our kids. It has a whole lot to do with protecting corporate bottom lines and governmental control.
Did you mean "mandatory" parental controls? All current systems are optional and as you describe they are frequently ineffective, so not clear why keeping things like they are would be different.
I also don’t mean “mandatory” as in “the software manufacturer must implement parental controls” like the Colorado bill. There only needs to exist one decent operating system, one decent messaging service, etc. with good parental controls; parents can use those technologies and block the others. Although regulators could pressure specific popular platforms like YouTube, and maybe that would be fine, I think it would be better to incentivize and support add-ons or alternatives (e.g. kid-safe YouTube frontend).
In the USA it depends on the state. Federal guidelines for alcohol law does suggest exemptions for children drinking under the supervision of their parents, but that's not uniformly adopted. 19 states have no such exceptions, and in many of the remaining 31, restaurants may be banned from allowing alcohol consumption by minors even when their parents are there.
Another thing: I fundamentally disagree with certain age rarings for kids content. Some explicit violence is rated OK for young audiences, but insert a swear word or a some skin and the age rating is bumped up? This rating system is nonhelp at all. I have to review each bit of content anyway before I can be certain.
* it's a bit sarcastic, but tbh it isn't such a bad idea, considering the negative impact that porn has.
I'm currently struggling with FitBit. Since about the start of the year, my kids can no longer sync their watches to their phones. The "solution" is to completely disable all parental controls on their Google accounts.
yup we should all be able, to talk to our kids instead of screaming at them.
Having children should be a privilege, not a human right. Especially when the majority of children end up being abused either way (either physically, emotionally or both). It is far more common to have abusive or neglectful parents than it seems.
More simply: If ID checks are fully anonymous (as many here propose when the topic comes up) then every kid will just have their friends’ older sibling ID verify their account one afternoon. Or they’ll steal their parents’ ID when they’re not looking.
Discussions about kids and technology on HN are very weird to me these days because so many commenters have seemingly forgotten what it’s like to be a kid with technology. Before this current wave of ID check discussions it was common to proudly share stories of evading content controls or restrictions as a kid. Yet once the ID check topic comes up we’re supposed to imagine kids will just give up and go with the law? Yeah right.
If we must have controls, I hope the process of circumventing them continues to teach skills that are useful for other things.
This problem probably can't be solved entirely technologically, but technology can definitely be a part of solving it. I'm sure it's possible to make parental controls that most kids can't bypass, because companies can make DRM that most adults can't bypass.
This is exactly what I meant by my above comment: It’s like the pro-ID check commenters have become completely disconnected from how young people work.
Someone’s 18 year old sibling isn’t going to be stopped by “should know better”. They probably disagree with the law on principal and think it’s dumb, so they’re just helping out.
But imagine if a locked device was treated like alcohol. Most kids get access to alcohol at some point despite it being illegal, often from older siblings, and rarely with legal consequences for the adult. But it's much less of an issue, because most kids don't get it consistently. Furthermore, "good" kids understand that it's bad, and even some "bad" kids understand that they must limit themselves.
Is it though? When older sibling helps younger sibling with "accessing Steam", or something reasonable like that, even the most sensible and thoughtful older sibling won't be interested in "culture shifts" that block gaming fun.
The alcohol and seatbelt analogies try to elevate equivalence, but miss the mark by a lot. Even one drop of alcohol is obviously not suitable for underage. No seatbelt increases risk no matter your age. "Social media" exposure for the young person is often completely fine and full of "young person" content and activity.
Since people are already talking about using the law instead of parenting this needs clarification. Are the parents the one that would revoke their privileges or the government?
Exactly the same way that kids used in former days to get cigarettes or alcohol: simply ask a friend or a sibling.
By the way: the owners of the "well-known" beverage shops made their own rules, which were in some sense more strict, but in other ways less strict than the laws:
For example some small shop in Germany sold beverages with little alcohol to basically everybody who did not look suspicious, but was insanely strict on selling cigarettes: even if the buyer was sufficiently old (which was in doubt strictly checked), the owner made serious attempts to refuse selling cigarettes if he had the slightest suspicion that the cigarettes were actually bought for some younger person. In other words: if you attempted to buy cigarettes, you were treated like a suspect if the owner knew that you had younger friends (and the owner knew this very well).
(So you need to keep all your stuff into one device to be fully tracked easily. And have no control over your device, share your location… )
Digital ID with binary assertion in the device is an API call that Apple's app store curation can ensure is called on app launch or switch. Just checking on launch or focus resolves that problem. It's no longer the account being verified per se, it's the account and the use.
A government could implement the equivalent of China's great firewall. Even if it doesn't stop everyone, it would stop most people. The main problem I suspect is that it would be widely unpopular in the US or Europe, because (especially younger) people have become addicted to porn and brainrot, and these governments are still democracies.
the future of the industry is probably ai slop, personalised ai, and so on
one of the purposes of the porn industry in 00s was money laundering: cash only, large stores with no CCTV, very sparse records, not possible to objectively value why a dvd was being sold for $85
Being grist in the mill of that industry, however, only leads to being ground up for the consumption of others.
Porn is not just political information about human right abuses, government overreach or heavily censored overview of concentration camps for "group X". People can live just fine with government censorship buying into any kind of propaganda.
Kids would find a way to access porn though. Whatever it VPNs, tor or USB stick black market. Government cant even win war on drugs and you expect them to successfully ban porn. What a joke.
What will be blocked are news outlets that don't agree with the government propaganda.
My kid logs out of this account so he can watch restricted content. I wonder - what is PG rating for logged out experience?
- I always give my children unlocked devices, because I know what they are doing
- Internet is not a safe space, and there will always be means of circumventing protections. Age verifications do not protect anybody
- Parents do not want to 'rise children' they give phones to kids and expects youtube to show kids only good stuff. They expect this from platform
If parents think it's okay for their kids to use Facebook/X/whatever somehow responsibly, they should not be punished or prosecuted for that. Yes, I do believe it applies to alcohol too.
It's how it works in physical world. We let the parents to decide whether hiking/swimming/football/walking to the school are too dangerous for their kids. We let the parents to decide which books are suitable for their kids. But somehow when it comes to the internet it's the government's job. I can't help but think there is an astroturf movement manufacturing the consent rn.
I think either is better than the staus quo. In the first case the parent is waiving away the protections, and in the second the kid is.
Even if a kid buys alcohol, I think it's healthier that they do it by breaking rules and faking ids and knowing that they are doing something wrong, than just doing it and having no way to know it's wrong (except a popup that we have been trained by UX to close without reading (fuck cookie legislation))
Trying to enforce parental controls via regulation may only be as effective as Europe enforcing the DMA against Apple. But maybe not, because there's a huge market; if Apple XOR Android does it, they'll gain market share. Or governments can try incentive instead of regulation (or both) and fund a phone with better parental controls. Europe wants to launch their own phone; such a feature would make it stand out even among Americans.
You mean this culture shift is needed for the masses but I don't think that's the case. In my widest social circle I am not aware of anyone giving alcohol to young kids (yes by the time they are 16ish yes but even that's rare). Most guardians would willingly do similar with locked devices.
The real problem is that the governments/companies won't get to spy on you if locked devices are given to children only. They want to spy on us all. That's the missing cultural shift.
Considering the echo chamber in which I was at school, my friends would have simply used some Raspberry Pi (or a similar device) to circumvent any restriction the parents imposed on the "normal" devices.
Oh yes: in my generation pupils
- were very knowledgeable in technology (much more than their parents and teachers) - at least the nerds who were actually interested in computers (if they hadn't been knowledgeable, they wouldn't have been capable of running DOS games),
- had a lot of time (no internet means lots of time and being very bored),
- were willing to invest this time into finding ways to circumvent technological restrictions imposed upon them (e.g. in the school network).
Hypothetically, if every kid in your social circle had their device "locked", the adults would probably have a very hard time the kids away from their devices, or just relent, because the kids would be very unhappy. Although maybe with today's knowledge, most people will naturally restrict new kids who've never had unrestricted access, causing a slow culture shift.
Of course no personal details should be provided to the site that requests age confirmation. Just "barer of this token" is an adult.
In Poland we have the same setup.
The whitelist would be decided by the market: the parents have the unlocked device, there are multiple solutions to lock it and they choose one. Which means that in theory, the dominant whitelist would be one that most parents agree is effective and reasonable; but seeing today's dominant products and vendor lock-in...
SOME parents give their children access to their ID. That is NOT the same as ALL parents, and therefore is not a reason not to give those parents a helping hand.
Even just informing children that they're entering an adult space has some value, and if they then have to go ask their parents to borrow their wallet, that's good enough for me.
I'm sure it will occasionally happen. But kids are terrible at keeping secrets, so they will only have the unlocked device for temporary periods, and I believe infrequent use of the modern internet is much, much less damaging than the constant use we see problems from today. A rough analogy, comparing social media to alcohol: it's as if today kids are suffering from chronic alcoholism, and in the future, kids occasionally get ahold of a six pack.
You understand that to many people that is a very obvious reason why we should never do this and they do not want that culture shift, right?
BTW this is a terrible idea. What if I can afford only one computer but have a household of four?
Any parent can be reckless and give their children all kinds of things - poison, weapons, pornographic magazines ... at some point the device has enough protective features and it is the parents responsibility.
I could not control how my parents were going to raise me, I was only able to play with the hand I was dealt. I hate the idea that parents are sacrosanct and do not share blame in these situations. At the same time, if this is just the family situation you're given and you're handed a device unaware of the implications, who is going to protect you from yourself and others online if your parents won't? Should anyone?
What shift?
The problem of "kids accessing the Internet" is a purposeful distraction from the intent of these laws, which is population-level surveillance and Verified Ad Impressions.
But laws alone won't fix this, and laws aren't necessary (except maybe a law that prevents kids from buying phones). In the article, the child's devices had parental controls, but they were ineffective. There's demand for a phone with better parental controls, so it will come, and more parents are denying access, so their kids will become less alienated.
Ridiculous take.
We don't disagree on whether it is actually a problem, you just have your opinion about facts.
We also have no way to actually measure this even if we wanted to do an experiment. So comparing this very soft science to climate change is a bit out of pocket.
Sorry, WHAT? No way to measure it? My god, are we talking about the same thing? Are you sure you haven't missed past 12-24 months of increased reporting on the matter from several different angles, from cognitive skills, anxiety, sexual drive, and so on?
EOT for me.
* according to this survey from over 2 years ago: https://www.apa.org/monitor/2024/04/teen-social-use-mental-h...
To give perspective: in my high school, there were a few kids who vaped in bathrooms, but the majority (including me) did not; we were told many times that it was unhealthy, and anyone caught vaping would be suspended. Everyone I know (including me) had social media, we were not told it was unhealthy (only to not use it too much, not give out PII, avoid bullying, etc.), and it wasn't even policed in some classrooms.
In the United States, you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using, yet somehow, the same social responsibility seems thrown out the window for parents and the web.
Yes, children are clever - I was one once. If you want to actually protect children and not create the surveillance state nightmare scenario we all know is going to happen (using protecting children as the guise, which is ironic, because often these systems are completely ineffective at doing so anyway) - then give parents strong monitoring and restriction tools and empower them to protect their children. They are in a much better and informed position to do so than a creepy surveillance nanny state.
That is, after all, the primary responsibility of a parent to begin with.
There is almost literally documented examples of Facebook executives twirling their mustaches wondering how they can get kids more addicted. This isn't a few bands with swear words, and in fact, I think that the damage these social media companies are doing is in fact, reducing the independence teens and kids that have that were the fears parents originally had.
I dunno, are you uncertain about your case at all or just like. I just like, can't help but start with fuck these companies. All other arguments are downstream of that. Better the nanny state than Nanny Zuck.
The solution would then be to break them up or do things like require adversarial interoperability, rather than ineffective non-sequiturs like requiring them to ID everyone.
The perverse incentive comes from a single company sitting on a network effect. You have to use Facebook because other people use Facebook, so if the algorithm shows you trash and rage bait you can't unilaterally decide to leave without abandoning everyone still there, and the Facebook company gets to show ads to everyone who uses it and therefore wants to maximize everyone's time wasted on Facebook, so the algorithm shows you trash and rage bait.
Now suppose they're not allowed to restrict third party user agents. You get a messaging app and it can send messages to people on Facebook, Twitter, SMS, etc. all in the same interface. It can download the things in "your feed" and then put it in a different order, or filter things out, and again show content from multiple services in the same interface, including RSS. And then that user agent can do things like filter out adult content, if you want it to.
We need to fix the actual problem, which is that the hosting service shouldn't be in control of the user interface to the service.
Is that really a non-sequitur though? Cigarettes are harmful and addictive so their sale is age gated. So too for alcohol. Gambling? Also yes. So wouldn't age gating social media be entirely consistent in that case?
Not that I'm necessarily in favor of it. I agree that various other regulations, particularly interoperability, would likely address at least some of the underlying concerns. But then I think it might not be such a bad idea to have all of the above rather than one or the other.
If I try to go to an adult website, or even just a discord server with adult content, I need to upload my ID. And now there's numerous third parties who now are looking at my ID, and I have no idea if I can trust them with my info. Indeed, I probably can't, given how many of them have already been breached.
Of all the people, PornHub actually has a pretty good write-up on this (1) (2), and they refer to "device-based" age verification, where you verify your identity once to say, Google or whoever. Then your device proves your age. Fewer middlemen. One source of truth.
I am not against age verification. I am against the surveillance state.
(1) https://www.pornhub.com/blog/age-verification-in-the-news
(2) https://www.xbiz.com/news/281228/opinion-why-device-based-ag...
This is still an absurdity. You don't need the device to prove the age of the user to the service, you need the service to provide the age restriction of the content to the device. Then the device knows if the user is an adult or a kid and thereby knows whether to display the content, and you don't need Google to know that.
At which point there is no reason to invade everyone's privacy with IDs because parents can just make their choice when configuring the device their kids use and have the device rather than the service choose what to display.
When I was a kid, I played neopets. For whatever reason, they age gated some content (maybe messaging or other social features) because when you sign up you have to specify your age. I was young, so I didn't know I could lie on the internet, so I said I was 10 or something. And then my friend who did lie and say he was 18+ wanted to be my friend on neopets, but I couldn't be his friend because I needed to get parent permission to access that feature.
Anyway, I printed out a permission slip, asked my mom to sign it, and she signed it without looking at it. I mailed it to neopets (we didn't have a scanner) and soon enough I was playing with the big kids!
Anyway, one could say that my mom was neglectful for having not read it before signing it, or one could say that she merely trusted me that I wasn't asking her for permission to watch porn. But it's not a stretch to think that even with ID laws, parents can still let their kids access whatever they want by giving them access to accounts or devices that have already verified identity. Granted, I don't see parents giving their kids their PornHub password, but kids can be crafty, if they want to access adult content, they'll find a way. I don't know if this is true, but someone on discord said they just uploaded an AI generated license and got age verified.
> If I went to the store and asked for a pack of cigarettes
online
> and I have no idea if I can trust them with my info
Why did you trust how your ID was scanned (if carded)?
With security cameras present, where did that scanned data end up?
You have something (human communication) which is not intrinsically harmful -- indeed it is intrinsically necessary -- but has been made harmful on purpose. That is very much unlike those other things, where the harm is in their very nature and isn't prevented by the provider just not being a schmuck on purpose.
That makes age gating a farce, because kids need to be able to communicate with other people, but you would end up in one of these scenarios, each of which is inane: 1) Providers all put up age restrictions and meaningfully enforce them and then teenagers are totally prohibited from communicating over the internet. 2) Providers all put up "age restrictions" which teenagers bypass in ten seconds and the whole thing is a pointless fraud. 3) You try to separate places for kids from places for adults, but then either a) Adults prefer adult spaces where they're not censored, so they congregate there and those spaces get the network effect, and then teens have to sneak in even if they're not looking for adult content because that's where the bulk of all content is, or b) Nobody likes to show ID even if they're an adult so adults congregate in the least restrictively moderated space where they don't have to show ID, and that space gets the network effect. Then to the extent that they censor, they're censoring the adults which is the thing that wasn't supposed to happen, and to the extent that they don't censor, you have a "kid space" that contains adult content.
It's a trash fire specifically because there's a network effect, which is an aggregating force causing adults and kids to be in the same space so they can communicate with each other. Then the space with the network effect would either have to censor the adults even though they can't leave because of the network effect, or not censor the adults and then have adult content in the space the kids have to be because of the network effect.
The way you fix this is not by trying to separate the kids ad adults into separate networks, it's by tagging specific content so the client device can choose not to display adult content if they're a kid. Which also solves the privacy issue because you don't have to provide any ID to the service when the choice of what content to display happens on the client and the service is only tasked with identifying the content.
I'm not sure how those two positions connect.
Execs bad, so laws requiring giving those execs everyone's IDs, instead of laws against twirled mustaches?
First of all, would we restrict all internet access, or just access to certain known sites and VPNs, letting everything else through because it's too insignificant even if it technically might merit being blocked for kids? I don't think a global internet block for minors is a good idea.
On wired internet, restricting access for devices that aren't clearly tied to individual users is problematic. Imposing age verification overhead on anyone who runs a network is unacceptable and unworkable. Locking non-mobile devices to individual users, in order to have mandatory software that blocks or sends age signals to the ISP, is also unacceptable and unworkable.
For mobile devices, maybe. There's a privacy problem if it's required for sim cards to be paid using credit cards, but if we do that, or if that's already effectively the case, I think it's fair that anyone who has an active credit card should be permitted on the "adult" internet. For multi-line accounts, we could make it a crime for the account holder to misrepresent age of the user of a line, i.e. to claim they're an adult when they're really a minor. Not very different from minors and cigarettes. It's not universally illegal for a parent to supply them, but it is in some places, and it should be.
For me this is a crux, at least in principle. Once online media is so centralized... the from argument freedom is diminished.
There are differences between national government power and international oligopoly but... even that is starting to get complicated.
That said... This still leaves the problem in practice. We get decrees that age-restriction is mandatory. There will be bad compliance implementations. Privacy implications.
Meanwhile a while... how much will we actually gain when it comes to child protection.
You can come up will all sorts of examples proving "Facebook bad" but that doesn't mean these things are fixed when/if regulation actually comes into play.
Wild times when we're seeing highest voted Hacker News commenters call for the nanny state.
If you're thinking these regulations will be limited to singular companies or platforms you don't use, there is no reason to believe that's true.
There was already outrage on Hacker News when Discord voluntarily introduced limited ID checks for certain features. The invitations to bring on the nanny state reverse course very quickly when people realize those regulations might impact the sites they use, too.
A lot of the comments I'm seeing assume that only Facebook or other platforms will be impacted, but there's now way that would be the case.
How about taking all these websites that require PII onto their own members-only domain?
This actually should have been in place and well fleshed-out before Google & Microsoft started pushing their "account" nonsense.
Who would be responsible if a child developed alcohol addiction? A nicotine problem? Any other addiction?
Exactly. The same people that should be responsible for giving them unfettered access to an internet that is no longer safe. Even adults have to be wary of getting hooked on scrolling, and while I agree that the onus is on the companies, it has been demonstrated over and over again that they will not be held to account for their behavior.
So the only logical choice left that actually preserves freedom is for parents to get off their ass and keep their child safe. Parent's that don't use filtering and monitoring software with their children should be charged with neglect. They are for sending a kid into the cold without a coat, or letting them go hungry, why is it different sending them onto the internet?
And to your last point: You are dead wrong. No government anywhere in the world has demonstrated that they have the resources, expertise, or technical knowledge to solve this problem. The most famously successful attempt is the Chinese Great Firewall, which is breached routinely by folks. As soon as a government controls what speech you are allowed to consume, the next logical step for them is to restrict what speech you can say, because waging war on what people access will always fail. I mean, Facebook alone already contains tons of content that's against its terms of service, and they have more money than God, so either they actually want that content there, or they are too understaffed to deal with the volume, and the volume problem only ever increases.
So in my view, you are the one against freedom by advocating for the government to control the speech adults can access for the sake of "protecting the children" when the actual people that are socially, morally, and legally culpable for that protection are derelict in their duties.
The government literally actively prevents people selling all these things to children, rather than permit a free for all and then expect parents to take responsibility for steering their kids away from them.
Maybe it's about time that the proven predatory companies be restricted to something like their own adults-only internet cafes where age can be checked at the door.
They had their chance with the open internet and they blew it.
I mean, historically speaking, we blamed the tobacco companies.
Also, if they were genuinely responsible, why can a child's parents be held accountable for them developing an addiction? The company was responsible, not the parent... do you see how ignorant that sounds?
Gambling isn’t introducing substance into user system it is making use of existing brain chemicals.
Social media companies engineered every piece of addictive mechanisms from gambling to alter brain chemistry or reactions of users.
Nah, I just need to not equivocate between them. The use of the same term to describe activities that produce a dopamine response as is used for ingestion of chemicals that create a direct physical dependence is little more than a propaganda tactic.
The problem with comparing social media use to tobacco is that they are completely different. It's like saying weed is just like heroin because they both make you feel good. It's reductive and not productive.
The completely anti-social media stance ignores the good parts of social media. People can connect from across the planet and found others who shares the same views or experiences. People who are marginalized can find community where none may exist in their local area. So we should approach this more carefully and grounded.
There are internet forums, chats, e-mail, blogs, there is no inherent need for "big social media" as we know. I do understand those companies made it much easier for average person to participate but still using internet forum or e-mail isn't exactly rocket science.
Here we are on HN, where no one is changing the layout and not doing much to drive engagement. Some days I don't even open any discussion because there is a lot of stuff that is not interesting for me.
"Big social media" companies had already multiple people speaking up explaining that they specifically made changes to drive engagement to hook people up and keep them scrolling without "creating compelling content". They specifically tuned feed algorithms to promote lowest common denominator trash content that makes people react in anger/frustration/whatever and not "creating/promoting compelling content".
I think most people remember the earlier days of Twitter where having a centralized place with strong discoverability led to unique communities forming and expressing themselves. I shouldn't need to say this but, it obviously wasn't all sunshine and rainbows. So I'm not saying these platforms were perfect or without major issues. I am say that their unique nature is not something that can be replicated via other mediums. It simply doesn't scale.
Honestly I'm not seeing the issue with these platforms wanting to maximize time users spend on them. That's the goal of every business. What seems to get lost though is self control. TikTok being fun and enjoyable does not mean that you are incapable of closing the app. It's like banning phones from leaving your house because you are so addicted to texting and apps. You cannot fully control what comes up on most social media. But as any therapist will tell you, all you can control is your response. I just think there is a space for big social media sites in the world. I don't even use them, but I can recognize the impact they have made with the good and the bad.
It's simply not legitimate to redefine "addiction" as anything that people might have an emotional or psychological motivation to participate in.
People trying to use the same terminology to describe social media as is used to describe tobacco or alcohol are trying to sneakily attach the negative associations of those substances to something unrelated entirely to them.
This is a form of deception, and a silly one, since social media has lots of negative aspects that can be argued against in their own right, without needing to engage in manipulative dialog.
There are plenty of perfectly valid parallels between addiction to alcohol, gambling, porn, social media, junk food, etc. Are you denying that?
You can't just declare anyone comparing them to be disingenuous or disrespectful to those who are addicted. In fact what really seems disingenuous is the huge volume of this kind of pedantry in the thread by you and the same few accounts. Feels like misdirection away from the actual discussion about how to truly mitigate these addictions. Would appreciate your actual thoughts on this.
I appreciate GPs point about giving “parents strong monitoring and restriction tools and empower them to protect their children”. That’s good. That acknowledges that we can and should give parents tools to deal with their kids and not let them fend for themselves (one nuclear family all alone) against the various algorithms, child group pressure, and so on.
But on the whole I’m tired of the road to serfdom framing on anything that regulates corporations.
Yes. Let’s be idealistic for a minute; the Internet was “supposed to” liberate us. Now we have to play Defense every damn day. And the best we have to offer is a false choice between nanny state and tech baron vulturism?
For a second just imagine. An Internet that empowers more than it enslaves. That makes us more equal. It’s difficult but you can try.
Meta is the bozo in a panel van with no windows. All The legit porn sites put up Big Blinking Neon Signs.
Better to use some kind of secure drop web portal (perhaps https://securedrop.org/) that's actually designed for that kind of thing, though.
why-not-both.jpg
Maximizing corporate freedom leads inevitably to corporate capture of government.
Opposing either government concentration of power alone or corporate concentration of power alone is doomed to failure. Only by opposing both is there any hope of achieving either.
Applying that principle to age-verification, which I think is inevitable: Prefer privacy-preserving decoupled age-verification services, where the service validates minimum age and presents a cryptographic token to the entity requiring age validation. Ideally, discourage entities from collecting hard identification by holding them accountable for data breaches; or since that's politically infeasible, model the service on PCI with fines for poor security.
The motivation for this regime is to prevent distribution services from holding identification data, reducing the information held by any single entity.
This is the wrong implementation.
You require sites hosting adult content to send a header indicating what kind of content it is. Then the device can do what it wants with that information. A parent can then configure their child's device not to display it, without needing anybody to have an ID or expecting every government and lowest bidder to be able to implement the associated security correctly.
It doesn't matter what kind of cryptography you invent. They either won't use it to begin with or will shamelessly and with no accountability violate the invariants taken as hard requirements in your theoretical proof. If you have to show your ID to the lowest bidder, you're pwned, so use the system that doesn't have that.
Neither do ID requirements. If you're purposely allowing in kids then you're allowing in everyone, because kids generally don't have ID.
Meanwhile you exclude the parent who is separated from their spouse and wants to check up on where their kid is hanging out when the kid is living with the other parent, and the investigative journalist who doesn't have a young kid or their kid is 16 but the detection system guesses they're 26.
And that's on top of having the lowest bidder building a biometrics database of children.
This is a huge self own. I can't believe I'm reading this on a website called "hacker news".
But you're right, 'twas a bit much.
Then close their business. Age verification just makes their crimes even more annoying.
Ah, oh, decision makers are shareholders themselves and are benefiting from this too.
How about we reject all institutional nannies?
It is much easier to implement user-controlled on-device settings than any sort of over-the-Internet verification scheme. Parents purchase their children's devices and can adjust those settings before giving it to their kids. This is the crux of the problem, and all other arguments are downstream of this.
I'm going to move off-grid and become a sovereign citizen.
If you genuinely believe that this is about those moustache twirling executives, then I have a bridge to sell you.
Have you ever wondered why and how these systems are being implemented? Have you ever gone why Discord / Twitch / what have you and why now? Have you ever thought that this might be happening because of Nepal and the fears of another Arab spring?
https://www.aljazeera.com/news/2025/9/15/more-egalitarian-ho...
I think too many people on this platform don't understand what this is about. This is about power. It's not about what's good for you or the children. Or for the constituents. It's about power. Real power. Karp-ian "scare enemies and on occasion kill them" power.
There are many ways in which such a system could be implemented. They could have asked people to use a credit card. Adult entertainment services have been using this as a way to do tacit age verification for a very long time now. Or, they could have made a new zero-knowledge proof system. Or, ideally, they could have told the authorities to get bent. †
Tech is hardly the first industry to face significant (justifiable or unjustifiable) government backlash. I am hesitant to use them as examples as they're a net harm, whereas this is about preventing a societal net harm, but the fossil fuel and tobacco industries fought their governments for decades and straight up changed the political system to suit them. ††
FAANG are richer than they ever were. Even Discord can raise more and deploy more capital than most of the tobacco industry at the time. It's also a righteous cause. A cause most people can get behind (see: privacy as a selling point for Apple and the backlash to Ring). But they're not fighting this. They're leaning into it.
Let's take a look at what Discord asked people for a second, the face scan,
If you choose Facial Age Estimation, you’ll be prompted to record a short video selfie of your face. The Facial Age Estimation technology runs entirely on your device in real time when you are performing the verification. That means that facial scans never leave your device, and Discord and vendors never receive it. We only get your age group.
There was an article that went viral for spoofing this, https://age-verifier.kibty.town/ // https://news.ycombinator.com/item?id=46982421 . In the article, the author found by examining the API response the system was sending,
k-id, the age verification provider discord uses doesn't store or send your face to the server. instead, it sends a bunch of metadata about your face and general process details.
We're anthropomorphising machines. A machine doesn't need pictures; "a bunch of metadata" will do just fine.
We are assuming that the surveillance state will require humans sitting in a shadow-y room going over pictures and videos. It won't. You can just use a bunch of vectors and a large multi-modal model instead. Servers are cheap and never need to eat or sleep.
Certain firms are already doing this for the US Gov, https://x.com/vxunderground/status/2024188446214963351 / https://xcancel.com/vxunderground/status/2024188446214963351
We can assume de facto that Discord is also doing profiling along vectors (presumably behavioral and demographic features) which that author described as,
after some trial and error, we narrowed the checked part to the prediction arrays, which are outputs, primaryOutputs and raws.
turns out, both outputs and primaryOutputs are generated from raws. basically, the raw numbers are mapped to age outputs, and then the outliers get removed with z-score (once for primaryOutputs and twice for outputs).
In general, Discord seems to have fairly reliable data about the other applications the user is running. Discord also has data about your voice and now your face.
Is some or all of this data being turned into features that are being fed to this third-party k-ID? https://www.k-id.com/
https://www.forbes.com/sites/mattgardner1/2024/06/25/k-id-cl...
https://www.techinasia.com/a16z-lightspeed-bet-singapore-par...
k-ID is (at first glance) extracting fairly similar data from Snapchat, Twitch etc. With ID documents added into the mix, this certainly seems like a very interesting global profiling dataset backstopped with government documentation as ground truth.
I'm sure that's totally unrelated. :)
-
† like they already have for algorithmic social media and profiling, https://www.newyorker.com/magazine/2024/10/14/silicon-valley...
Somehow there's tens to hundreds of millions available for crypto causes and algorithmic social media crusades, but there's none for the "existential threat" of age verification.
†† Once again, this is old hat. See also: Turbotax, https://www.propublica.org/article/inside-turbotax-20-year-f...
if folks actually wanted to protect minors they would age restrict internet ACCESS instead of letting adults personal details get spewed all over the world for bad actors to take advantage of.
That’s because “freedom” is complicated and doesn’t precisely map to the interests of any of the major actors. Its largely a war between parties seeking control for different elites for different purposes.
Vilify them all you want, but same has been done with nicotine products, alcohol products, etc. and to GPs point, we SM as a toy for our children to play with. We chose to change the rules (laws, regulations, etc) because capitalists can never be simply trusted to do what's best for anything except their bottom line. That's a fundamental law no different than inertia or gravity in a capitalistic society. That's why regulators exist. Until you regulate it, they will wear their villain badge and rake in the billions. It's easy to be disliked when the topic of your disdain is what makes you filthy rich (in other words, they don't care what you or I think of what they're doing).
As an example, I’ve been a fairly strict parent with devices and content access. But, I do let my son play Switch games with his friends which requires the internet. I feel it’s ok in moderation, he plays no more than about 3 hours a week.
Their position was to compare it to alcohol, guns, and tobacco, not bands using naughty words. Alcohol and tobacco definitely enter mustache swirling territory, getting children addicted and funding misinformation on the harms of their product.
No one. You’ll see a few politicians and more individuals stuck to their principles, but anyone with major clout sees the writing on the wall and is simply working to entrench their power.
> Better the nanny state than Nanny Zuck.
Indeed, what lolberts fail to understand usually is not a choice between government vs “freedom” it’s a choice between the current government and whoever will fill up the power vacuum left by the government.
lol
The state can imprison you. Zuck can't.
There is no digital equivalent of "flash an ID card and be done with it" in the surveillance state era of the internet. Using a CC is the closest we have and even then you're giving data away.
Additionally, the laws I've read mandate that no data be retained, so you have stronger legal protections than typical credit card use, or even giving your ID to a store clerk for age restricted purchases (many stores will scan it without asking, and in some states scanning is required).
I expect most forums or discussion groups in practice actually don't have child-inappropriate content, and already moderate such things because the members don't want it.
A child with an iPhone, Xbox, and a Windows Laptop won't be able to install discord unless the parent explicitly lets them, or opts out of all the parental controls those platforms have to offer.
The tech is here already, this is not about keeping children safe.
Do you have an A+++++ oven with three panes of glass? It's [relatively] safe to touch and instead of monitoring if a child is somewhere near the oven you have to monitor if the child does not actively open the oven. That's much easier.
As a parent you quickly learn that when you don't actively prevent major accidents it ends up costing you much more time, stress, screaming, etc.
It worked really well up until she got a school managed chromebook for homework with no access controls.
Drugs, alcohol, cigarettes, pornography were all illegal for me to access as a kid but I wouldn’t have had any trouble getting any of it.
PS This post is partly satire, I will leave it to you as to which part is serious.
Same goes for alcohol and cigarettes.
In the US, if you had regular access to those things, you had parents who didn’t care.
It’s also not about kids on the margin. The vast majority of 8 year olds in the US have not tried alcohol, drugs, or cigarettes.
I can’t rely speak to post Cold War Romania.
At 16 it was easier, but at 8 it wasn’t hard.
Same goes for alcohol and cigarettes.
If you had regular access to those things you had parents who didn’t care.
It’s also not about kids on the margin. The vast majority of 8 year olds have not tried alcohol, drugs, or cigarettes.
If you were regularly smoking cigarettes, drinking alcohol, and reading porn magazines at 8 yeas, your parents fell down on the job. An 8 year old doesn’t have the wherewithal to hide that from parents who are paying attention.
> Now, as an adult, I can see more ways I could have gotten it if I wanted it.
Yeah a kid with the mind of an adult could access all kinds of illegal material.
Making it illegal to rob a bank doesn’t mean that’s it’s literally impossible. It’s about stopping enough people from trying that society functions.
The state of the world before the internet was that it was hard to keep a kid from ever glimpsing a titty, but it was relatively easy to keep a kid from having regular access to hard core porn-much, much easier than it is now. My take is that as a society we need to figure out some way to make this easy enough for parents to do that it becomes the default. Just like drugs, alcohol, and porno mags.
Another issue is that online porn and algorithmic brain rot is free (at least enough of it is). With IRL contraband, lack of money is a big limiting factor for kids. The IRL equivalent would be if the local liberal let 8 year olds checkout hard core porn DVDs.
All this talk of “glimpses” is you trying to read too deep into a single example.
I’m not using my adult mind to figure out how I could have gotten this stuff as a kid. I’m using my adult mind to recognize that if I had been motivated as a kid, there are additional ways I. as a kid, would have been able to figure out how to get it.
I’m not throwing my hands up in the air and saying this is impossible or that we should just open up access. I’m saying requiring ID for access wasn’t effective before and it won’t be effective in a world with easier access. Yet the cost of that is quite high. Scan these threads for actual ideas, I’m not arguing for any particular one but there are plenty of them and some I think are good.
Were they accessible to you, or do you just think they were accessible to you? How many of these teenagers who would let you try a cigarette would have been willing to keep supplying you cigarettes regularly. How many would have been willing to keep buying you alcohol?
>All this talk of “glimpses” is you trying to read too deep into a single example.
No, it's glimpses, because it's about at the very least semi-regular access, not preventing every single child from having tiny amounts of alcohol. Look at my reply the other poster in this thread. There are dozens of studies that show conclusively that minimum age drinking laws reduce alcohol use among children, and reduce alcoholism later in life.
>I’m saying requiring ID for access wasn’t effective before
But yes it was effective. Read the studies. Minimum age drinking laws have been shown almost universally to be effective. Not at stopping every child from drinking but at harm reduction.
>I’m using my adult mind to recognize that if I had been motivated as a kid, there are additional ways I. as a kid, would have been able to figure out how to get it.
The level an effort an 8 year old would have to go through to get regular access to cigarettes and alcohol in the US, would require an enormous level of motivation which almost no 8 year old has, and it would be outright impossible to do without a semi-observant parent noticing.
That's the whole point of making it hard to do.
It takes much less effort for a kid to walk to the library and check out a hardcore porn DVD than it does for him to convince an 18 year old to buy one for him. Most kids just aren't going to go through the hassle of doing the latter, but they'd do the former in a heartbeat. All things being equal, greater motivation is required to overcome greater obstacles.
Disinterest was what really “saved” me from these vices but lacking that, it was my parents. I also had access to perfectly legal things that were bad for me that I actually wanted and it was my parents who helped me there too; no mandatory ID required.
>I could have easily gotten a teenager to get me cigarettes (and drugs, but I didn’t know what those were really). I had also already tasted alcohol. Any of this I could have stolen from any number of places.
You never tried it so you have no idea how well it would have worked. You really think those teenagers would have kept giving you cigarettes for free? You didn't even know what drugs were so I don't know how you could possible know there were teenagers you knew who would have just given them to you.
Again I'm sure you could have stolen a few cigarettes, or a few bottles of alcohol. But your parents would have smelled both on you or caught you quickly because 8 year olds are idiots. Then they would have cut your access to teenagers or locked up their liquor better. And because of age restriction laws, that's all it would take for them to keep you away from it.
It doesn't sound like you have kids and it's probably been a while since you were 8, but you are severely overestimating the ability of a 2nd grader to get away with anything.
>but lacking that, it was my parents
Of course it was your parents. Mandatory ID laws aren't going to stop terrible parents from letting their kid have a beer every night before bed time. They make it easier for well well meaning parents to do the right thing and keep their kids out of stuff they shouldn't have.
Again minimum age and ID laws have been proven to reduce access and reduce alcohol and cigarette use. Even if you were some kind of criminal genius 2nd grader capable of stealing a few bottles of wine a week, you would be an outlier. There's no room for debate that these laws have their intended effect.
There’s no gaslighting going on here. “As an adult Looking back to when I was an 8 year old, I belong that had I been motivated I could have acquired alcohol and cigarettes” is not a persuasive argument that most or even many 8 years olds have access to alcohol and cigarettes.
It’s not even a good argument that you had access because you don’t know that you did.
“I think that I could have got teenagers to get me cigarettes” is not good evidence that you had access to cigarettes. Maybe there were teenagers who would have given you enough cigarettes to feed a habit. Maybe the first 5 you asked would have told you to get lost and you would have given up.
We’ll never know because you didn’t try it. But again even if you had, the evidence shows that minimum ages laws substantially reduce the number of cigar smoked by kids, and the rate of kids who smoke.
If you want to make the argument that the price of making people show ID isn’t worth that benefit then fine make that argument. But you can’t make the argument that minimum ages laws don’t have their intended effect.
So even if you don't believe I have the capacity to understand that a teenager I know (who was also a child) who was doing drugs, smoking, etc., would absolutely have gotten me what I wanted; it doesn't follow that I didn't have the access I actually had. "We'll never know" is false. I know, because I was there.
As far as minimum age laws not having their intended effect, again, it's easy when you're the one saying what all the arguments are...
the only barrier I have ever had to doing stupid things was the wrath of my parents. the punishment(s) levied when I did stupid shit was always such that I would very seldom-to-never-again consider doing whatever stupid shit I did. it always starts and ends with parents. you can put in whatever "laws" you want (which will always get weaponized politically at some point either immediately or at a later time) but end of the day the buck starts and stops with parents...
https://pmc.ncbi.nlm.nih.gov/articles/PMC3018854/ https://pmc.ncbi.nlm.nih.gov/articles/PMC3586293/ https://pmc.ncbi.nlm.nih.gov/articles/PMC4961607/ https://www.nytimes.com/roomfordebate/2015/02/10/you-must-be... https://www.cdc.gov/alcohol/underage-drinking/minimum-legal-...
If you care to google it there are dozens of additional studies that all say the same thing.
2. You're writing this as if you don't understand what it's like growing up in a country where 8 year olds don't have easy access to alcohol, cigarettes, and drugs.
And you're writing this as if you don't understand what it's like growing up was a kid growing up in America specifically. My young children and the young children of everyone I now could not regularly drink alcohol or smoke cigarettes without their parents knowing about it. When I was 8 I couldn't have done either regularly without my parents knowing about it.
Again this isn't about stopping every single kid in the world from ever trying alcohol. This is about making it harder for them get and easier for parents to enforce.
>end of the day the buck starts and stops with parents...
That's a completely unrealistic view of the world and it's just flat out wrong on the face of it because every study we have on the subject shows that minimum drink age laws reduce harm--they work. If it were solely up to the parent they wouldn't work.
The easier you make it for parents to do the right thing, the more of them will do it.
... and honest:
- they will honestly tell you that they'd be very happy to see you dead when you impose restrictions upon them (people who are older will of course possibly get into legal trouble for such a statement)
- they will tell they they wish you'd never have given birth to them (or aborted them)
- they will tell you that since they never wanted to be born, they owe you nothing
- ...
And this entire thing is about bad parenting. Its always easier to just give the kid a tablet and go back to whatever you were doing. Its always better to actually interact with the kid. That trade-off of time is important because if you mess up when they are young, you spend a lot more time handling issues later on. That time you gained by giving them a tablet will get payed back someday, usually with interest. That's what is happening here.
We've had pediatricians shame us for feeding our kids what they're willing to eat and not magically forcing "a more varied diet" down their throats at every meal, despite them being perfectly healthy by every objective metric. There are laws making it technically illegal for us to leave our kids unsupervised at home for any period of time in any condition, even a few minutes if one of us is running slightly late from work/appointments.
Your not-quite-2-year-old is too tall for a rear-facing car-seat? You're a bad parent, possibly a criminal and putting them at risk by flipping the seat to face forward, a responsible parent spends hundreds of dollars they don't have on several different seats to maybe find one that fits better or have their kid ride uncomfortably and arguably unsafely with their legs hyper-extended up the seatback.
Miss a flu shot because you were busy? Careful you don't come off as an antivaxxer.
And all of this and more on top of changing diapers, doctors' appointments, daycare, preschool, school, family activities and full time jobs?
Yeah, when my kids are old enough to engage with social media I will teach them how to use it responsibly, warn them about the dangers, make myself available to them if they have any problems, enforce putting the phones down at dinner and and keep a loose eye on their usage. Fortunately/unfortunately for them they have a technically sophisticated father who knows how to log web activity on the family router without their knowledge. So if anything goes sideways I'll have some hard information to look at. Most families don't have that level of technical skill.
Thank you for that.
Kids are great at forcing you to prioritize. All of a sudden pre-ground coffee is worth it.
I'm against these age-verification laws, but to say it's impossible to comply with open-source software isn't really true.
But it isn't fine. How long before that's no longer an option?
A few years ago it was "Apple won't let me side load apps, which is fine, I'll run android" now that's coming back and getting locked down even more.
How long before normal computers will all have signed bootloaders with only the OEM's OS of choice allowed to boot, 4 chains deep of verifying signatures on hardware security chips?
Its unfortunate that the application of this rule is being performed at the software level via ad-hoc age verification as opposed to the device level (e.g. smartphones themselves). However that might require the rigimirole of the state forcibly confiscating smartphones from minors or worrying nepalise outcomes.
Don't punish the rest of the web for crappy parenting and crappy incentives by companies/govts.
On the flip side, I do think we should also hold companies more accountable for this. We collectively prevented companies from advertising tobacco to minors through regulation with a pretty massive success rate. These companies know how harmful social media can be on youth, and there is little to no effective regulation around how children learn about these platforms and get enticed into them.
The clearest example is LGBTQ kids who want to talk to other LGBTQ kids, or enjoy LGBTQ content, without fundamentalist or just homophobic/transphobic parents finding out. Children of fundamentalist or cult members who want an escape from the cult are another common category.
You're saying the status quo and I think its fair to state you wouldn't intentionally design the status quo. Unless we have some wizard wheeze where we can easily arrest and detain or otherwise effectively punish parents without further reducing the quality of life for their children.
The difference though is that parents are generally the ones to give their kids their phones and devices. These devices could send headers to websites saying "I'm a kid" -- but this system doesn't exist, and parents apparently don't use existing parental controls properly or at all.
And there would be ways to work around it. If people find that privacy-preserving age verification is not good enough because "some kids will work around it", then nothing is good enough, period. Some will always work around anything.
> The difference though is that parents are generally the ones to give their kids their phones and devices.
But either way I disagree. This comment sums up my point: https://news.ycombinator.com/item?id=47122715#47128105
It's not as easy as you may believe to prevent that type of access.
Parents are legally and socially expected to keep their kids away from tobacco and alcohol. You're breaking legal and social convention if you allow your kids to access dangerous drugs.
Capitalist social media is exactly as dangerous as alcohol and tobacco. Somebody should be held responsible for that, and the legal and social framework we already have for dealing with people who want to get kids addicted to shit works fairly well.
This argument is quite close to what gov'ts are "trying" to do here! And I tihnk you'll find very few people ammenable to the idea that we should allow cigarettes to be sold to underaged people (even if in practice they still get access).
The argument on the "don't do the social media ban" side is quite an uphill battle if you dig into this metaphor too much
They work hand in hand with governments around the world, that's why they get the tax breaks. In return they hand over details about your opinions, social networks and whereabouts, not to mention facial recognition data via Facebook. They aren't remotely capitalist in any real sense since they have a bad business model.
Most actual studies done on this topic find very little evidence this is true.
It's a run-of-the-mill moral panic. People breathlessly repeating memes about whatever "kids these days" are up to and how horrible it is, as adults have done for thousands of years.
I expect some emotional attacks in response for questioning the big panic of the day, but before you do so please explore:
[1] Effects of reducing social media use are small and inconsistent: https://www.sciencedirect.com/science/article/pii/S266656032...
[2] Belief in "Social media addiction" is wholly explained by media framing and not an actual addiction: https://www.nature.com/articles/s41598-025-27053-2
[3] No causal link between time spent on social media and mental health harm: https://www.theguardian.com/media/2026/jan/14/social-media-t...
[4] The Flawed Evidence Behind Jonathan Haidt's Panic Farming: https://reason.com/2023/03/29/the-statistically-flawed-evide...
The problem is that it's bloody hard to actually do this. I'm in a war with my 7yo about youtube; the terms of engagement are, I can block it however I want from the network side, and if he can get around it, he can watch.
Well, after many successful months of DNS block, he discovered proxies. After blocking enough of those to dissuade him, he discovered Firefox DNS-over-HTTPS, making it basically impossible to block him without blocking every Cloudflare IP or something. Would love to be wrong about that, but it seems like even just blocking a site is basically impossible without putting nanny-ware right on his machine; and that's only a bootable Linux USB stick away from being removed unless I lock down the BIOS and all that, and at that point it's not his computer and the rules of engagement have been voided.
For now I'm just using "policy" to stop him, but IMO the tools that parents have are weak unless you just want your kid to be an iPad user and never learn how a computer works at all.
> the terms of engagement are, I can block it however I want from the network side, and if he can get around it, he can watch.
You're treating this as a technical problem, not a parental rules problem. Your own rules say he's allowed to watch!
You have to set the expectations and enforce it as a parent.
Is it impractical to keep an eye on what he's doing on his computer, i.e. physically checking in on him from time to time?
How about holding him responsible for his own behavior, to develop respect for the rules you impose? Is it just hopeless, and if so how come? Is it impossible for him to understand why you don't want him watching certain content or why he should care about being worthy of your trust?
I'm not judging here, I'm genuinely curious.
I might suggest explaining this to him, providing a uBlock filter to sanitize the page, and requiring use of said filter.
Of course! That's the whole point. The computer's in a highly visible area of the home. The point was to try to get him to learn a little about networks with some built-in motivation, but I didn't expect the arms race to end so easily.
Still, there's an awful lot of excellent educational content on YouTube. It seems unfortunate to block access to that. Have you considered self hosting an alternative frontend for it?
Well, that means directly doing things on the endpoint, which I don't want to do. One could work around that with a Linux USB; I could block USB boot, but then I'm just giving him an iPad, right? What's the point?
The goal is the learning exercise that puts Youtube as a reward mechanism for getting around my blocks. I just hoped to not run out of options so quickly.
The end user is faced with a choice. Either add the local root certificate or else all TLS connections will be rejected. Booting off a USB won't get around it.
At this point this is a bog standard approach taken by any corporate IT department that takes network security even half seriously.
Granted, certain types of proxy will still work since automated approaches to filtering page content itself are not particularly robust. You could always write a custom heuristic to detect the YouTube frontend though. Would probably be quite easy since the elements have predictable names.
That said it doesn't really seem like blocking is what you're actually after. It's unfortunate the cat and mouse game being used as a learning activity concluded so quickly but maybe just have a chat with him about the psychological issues posed by algorithmic feeds and user generated content in general?
I'll mention again, a self hosted alternative frontend for YouTube might address most of the objections you have to it in the first place.
Maybe it would help not to think that your son is out on the ice with you right now. Because I feel like that’s how you’re treating him. And at least in the situation you described he’s beginning to skate circles around you!
If he’s smart enough to outwit you then maybe he’s smart enough for you to start explaining to him whatever the reasons are you don’t want him to do certain things. I get it. You don’t want him to do some things but at the same time you don’t want to curtail his ambition and agency to do other things. Am I on the right track?
I won’t tell you what to do about that. I mean I could, but I hope that this was useful enough, whatever I mean to be doing here.
Maybe you need to take a step back and revise your feel for the game that you’re playing on your own before you intend to prepare him to start too. The ‘game’ of life and making one’s living.
That's not exactly accurate. The two key parts of the attractive nuisance law are a failure to secure something combined with the victim being too young to understand the risks.
So if you put a trampoline in your front yard, that's an easy attractive nuisance case.
If you put a pool in your back yard with a fence and a locked gate, it would be much harder to argue that it was an attractive nuisance.
If a 17 year old kid comes along and breaks into your back yard by hopping a 6-foot tall fence, you'd also have a hard time knowing they didn't understand that their activities came with some risk. Most cases are about very young children, though there are exceptions
This is exactly what one of our neighbors did when I was growing up.
All the kids loved it.
There just weren't very many lawsuits back then like there are now after the number of attorneys proliferated so much.
To be as safe as they could, the parents put the trampoline in a pit where the bouncing surface was at ground level.
If you drove by, you wouldn't even be able to see it, or have any idea that it was there.
Unless there was somebody bouncing at the time.
You should have seen the look on peoples' faces when they drove down our street and saw that for the first time :)
The legal doctrine is also not specific to the US, of course.
The Internet is basically the final frontier where this harmful law doesn't reach, though the Karens are really trying to expand their power there.
But I didn't have emotionally mature parents, and I'm sure so many children growing up now don't either. They're going to read arguments like these and say they're already doing enough. Maybe they truly believe they are, even if they're mistaken. Or maybe they won't read arguments like these at all. Parenting methods are diverse but smartphones are ubiquitous.
So yes, I agree that parents need to be held accountable, but I'm torn on if the legal avenue is feasible compared to the cultural one. Children also need more social support if they can't rely on their parents like in my case, or tech is going to eat them alive. Social solutions/public works are kind of boring compared to technology solutions, but society has been around longer than smartphones.
You can argue that many parents are less than ideal parents, but that is not sufficient to justify having the state step in. You also have to show that the state is less bad.
Decades of data on the foster system strongly suggests otherwise. The state, by any objective measure, is terrible at raising children.
I was told over and over by in hindsight unqualified persons that emotional abuse wasn't real abuse, so after a few years I was disinclined to seek help.
If I had had even one person that supported me unconditionally instead of none at all, even if that person wasn't a parent, I'm fairly certain I would have turned out differently. That was just a matter of luck, and I came out empty-handed. I never felt comfortable talking about what I was exposed to online with anyone, and that only hurt me further, but I was a child and couldn't see another option.
Is it more important to prevent your son from being weaponized and turned into a little ball of hate and anger, and your daughter from spending her teen years depressed and encouraged to develop eating disorders, or to make sure they can binge the same influencers as their "friends"?
Literally every kid/teen-targeted movie has championed or contradicted this for decades. Yes even “back in the day.” Hell what is the end of Grease? Sandy changes who she is to conform with the greasers and everyone cheers including her man who allegedly liked her as she was before? I don’t even get what they’re saying at the end.
Conform, be an individual, the message is always shifting and always has. You’re a jock, you’re a nerd. Jocks beat up nerds and get the girls. Oh wait in this movie the nerds actually win and are rewarded for being themselves though.
There wasn’t some special time where you were taught the right lesson that everyone now is missing out on, and there were plenty of lessons passed on to you that we have thankfully eradicated I imagine. Growing up is complicated. Social dynamics are complicated. The way they are portrayed is also complicated. We’re all having to adapt and try our best here, no one has the exact answer
My point is all of this stuff is inconsistent regardless of target audience or decade.
With that being said, i think explaining _in detail_ why you’re laying down certain rules can go a LONG way toward building some trust and productive dialogue with your child. Maybe you’ll find out they are more mature than you give them credit, can loosen up a bit. Or maybe a reasonable compromise can be found. Or maybe they’ll be bitter for a few months, but they’ll at least understand “why”.
If everyone was banned from facebook we would have organised them via text messages or email. That's the main point of social media age restrictions, individually banning kids is too punishing on those kids so parents and teachers don't try. Doing it across the whole population is much better.
So even if their own child has no phone at all, they have access to the internet through other children's unlimited mobile access.
I would start with banning cellphones.
because their parents didn’t read the research or don’t care about the opportunity cost because it can’t be that big of a deal or it would not be allowed or legal right? at least not until their kid gets into a jam or shows behavioral issues, but even then they don’t evaluate, they often just fall prey to the next monthly subscription to cancel out the effects of the first: medication
So many questions. Are you campaigning against billboards in your city? Do you avoid taking your kids to any business that has digital signage? I assume you completely abstain from all types of movies and TV? What about radio or books?
What are you, personally, doing on HN?
Fascinating.
I dunno man, going over to friends’ houses to watch movies, play console games, later to show each other funny YouTube videos, and in high school to do computer-based writing projects, group presentations, and digital video projects are parts of my childhood I wouldn’t trade for anything. I hope my kids get those experiences with their peers.
But let's assume the majority of parents can actually do this. The problem with social media is not an individual one! We've fallen into a Nash Equilibrium, a game theory trap where we all defect and use our phones. If you don't have a phone or social media nowadays you will have much more trouble socializing than those who do, even though everyone would be better off if nobody used phones. As a teenager, you don't want to be the only one without a phone or social media. And so I truly do think the only solution is with higher level coordination.
Now, it's possible that the government isn't the right organization to enforce this coordination. Unfortunately, we don't really have any other forms of community that work for this. People already get mad at HOA's for making them trim their lawn; imagine an HOA for blocking social media! I do think the idea of a community doing this would be great though, assuming (obviously) that it was easy to move on and out of, as well as local. This would also help adults!
So to be honest, I don't think parents have the individual power to fix this, even with their kids.
All parental moderation mechanisms can and should be implemented as opt-in on-device settings. What governments need to do is pressure companies to implement those on-device settings. And what we can do as open-source developers is beat them to the punch. Each parent will decide whether or not to use them. Some people will, some won't. It's not Bob's responsibility to parent Charlie's children. Bob and Charlie must parent their own children.
To the people arguing that parents are too dumb to control their children's tech usage because they themselves are tech-illiterate: millennia ago, we invented this new thing called fire. Most people were also "too dumb" to keep their children away from the shiny flames. People didn't know what it was or how dangerous it could be. So the tribe leader (who, by the way, gropes your children) proposed a solution: centralize control of all the fire. Only the tribe leader gets to use it to cook. Everyone else just needs to listen to him. Remember, it's all for you and your children's safety.
Of all the things, a "save-the-children prolegomena to the Prometheus myth" certainly wasn't on my bingo card today. So thank you for that, but I'm not aware of any reports of fire-keeping in the way you've described. Societies and religions do have sacred traditions related to fire (like Zoroastrians) but that doesn't come with restrictions on practical use AFAIK.
The tribe leader refers to certain rich and powerful folks that have infiltrated governments and are running some of the largest businesses.
The fire refers to instant communication over the Internet. This relatively new technology has the potential to paralyze old power structures and reshape civilization. It's understandable why governments et al are panicking. They know their authority will wane under global free speech unless they do something.
We've literally watched things unfold in real time out in the open in the last year I don't know how much more obvious it could be that child-protections are the bad-faith excuse the powers that be are using here. Combined with their control of broadcasting/social media, it's the very thing they're pushing narratives in lockstep over. All this to effectively tie online identities to real people. Quick and easy digital profiles/analytics on anyone, full reads on chat history assessments of idealogies/political affiliations/online activities at scale, that's all this ever was and I _know_ hackernews is smart enough to see that writing on the wall. Ofc porn sites were targeted first with legislation like this, pornography has always been a low-hanging fruit to run a smear campaign on political/idealogical dissidents. It wasn't enough, they want all platform activity in the datasets.
I can't help but feel like the longer we debate the merits of good parenting, the faster we're just going to speedrun losing the plot entirely. I think it goes without saying that no shit good parenting should be at play, but this is hardly even about that and I don't know why people take the time of day. It's become reddit-caliber discussion and everyone's just chasing the high of talking about how _they_ would parent in any given scenario, and such discussion does literally nothing to assess/respond to the realities in front of us. In case I'm not being clear, talking about how correct-parenting should be used in lieu of online verification laws is going to do literally nothing to stop this type of legislation from continually taking over. It's not like these discussions and ideas are going to get distilled into the dissent on the congressional floors that vote on these laws. It is in it's own way a slice of culture war that has permeated into the nerd-sphere.
There are some parents genuinely concerned with parenting. We should give them the tools to do that and thereby removing them from the discourse, then we can focus on the bad faith people that want more control. I think there are still enough well-meaning people in governments that if we popularize on-device settings, it will prevent age verification in at least a handful of countries, and that's good enough to keep the spark of the free Internet going until we figure out a more permanent solution.
You think the idea of parents, not governments, being responsible for parenting doesn't translate well to voters? In the country founded on the idea of freedom from overreaching governance and personal responsibility?
what i'm saying is these discussions around parenting have had zero impacts on preventing the passage/implementation of such legislation/policies to date despite many smart people in here understanding what's actually at stake. and it's very likely that these parenting discussions will again go on to have absolutely zero impact on preventing the continued impelmentation of id verification on platforms. these policies/legislations aren't simply being implemented because people have failed to fully thought-exercise out good/bad parenting styles enough yet in the marketplace of ideas, it's becoming a reality because we aren't collectively raising awareness of the downstream ways this legislation will be harnessed for shitty outcomes. we aren't talking about it for what it is, but instead talking about it in the way they want us to talk about it. these parenting discussion points have been beaten to death and nothing new or novel is being shared, and rather than looking straight at the wolves right here in the room with us (data brokerage & who benefits from this type of data brokerage & figuring out how to stop it) people just look at each other and get butthurt about idealogical parenting differences. it's literally a slice of the now-ever-so-common 2d culture war we're all acutely aware exists, right here on hackernews, and we're all actively participating.
May the best legal person win!
This doesn't put the parents off the hooks, if you or anyone can share any resources that are as easily consumable, viral and applicable as the content that is the issue that can reach parents I would be happy to help it spread.
The reality is kids today are facing the most advanced algorithms and even the most competent parents have a high bar to reach.
The solution is simple.
I want to permit whatever the pixels are on a childs screen. Full stop. That hasn't been solved for a reason. Because developing such a gate would work and not allow algorithms to reach kids directly and indirectly.
The alternative is not ideal, but until there's something better, what it will be and that's well proven for the mental health side of things of raising resilient kids who don't become troubled young adults - no need for social media, or touch screens until 10-13.
There are lots of ways to create with technology, and learning to use words (llms) and keyboards seems to increasingly have merit.
At this point, that isn't true anymore. There was social media when the parents were school aged. The world didn't start when you were 10 and the Internet is a half century old.
Being literate in something isn't just knowing how to use it, but how to manage it's use for one's self and for others.
Once you see the importance of it, knowing where/how to start to manage what kids are exposed to that is age or developmentally appropriate for them is entirely a different skill to meet and manage the digtial literacy of another human, especially a child.
The mistake in this reasoning is assuming that they are actually interested in protecting the children.
The world is becoming increasingly more uncertain geopolitically. We have incipient (and actual) wars coming, and near term potential for societal disruption from technological unemployment. Meanwhile social media has all but completely undermined broadcast media as a means of social control.
This isn't about protecting children. It's about preventing a repeated of the Arab Spring in western countries later this decade.
"Think of the children" is the oldest trick in the book, and should always be met with skepticism.
The character.ai one is gut wrenching.
We'll try anything, it seems, other than hold internet companies accountable for the society destroying shit they publish.
And it's not jusy children who's lives they are destroying.
We live in a shared world with shared responsibilities. If you are working on a product, or ever did work on a product, that made the internet worse rather than better, you have a shared responsibility to right that wrong. And parents do have to protect their kids, but they can't do it alone with how systematically children are targeted today by predatory tech companies.
If anything, we should be banning the collection of any age related information to access social media and more mature content. We need companies to respect privacy, rather than legislation even more privacy violations.
This is how the "predatory debt" involved has built up, and grown exponentially until now, and the only thing Facebook considers as a solution would be to pay it down using other peoples' resources instead of their own.
No one else has matching leverage and the dollar figure would be many billions if not a full trillion or more, which is about what it's worth, and who else could afford that except Facebook?
So it has to come from the collective subtraction of everyone's complete privacy. Just to amount to something comparable.
Add that up and it shows you how valuable privacy really is and what it's worth in dollar figures.
Yes, do the math, privacy is worth more than Facebok no matter what, it always was and always will be.
You can't have both, so big tech should jettison Meta. Who else could afford it?
A more non-existential solution would be for Meta to fully fund a completely anonymous internet to replace the one that they soiled from the beginning, and let them keep the (anti-)social-media exclusive network separate.
It was going to be like MySpace where most people were expected to remain anonymous like the internet had always been, and only those who actually wanted to be identifiable could reveal as much information as they personally wanted to.
But no, Facebook wanted everybody's personally identifiable information as table stakes, not only those who really wanted to promote themselves or gain personal recognition.
There was no other way to sign up.
I thought people would be too smart for that. But Facebook was "free" to use, and learned a lot from it's first major gamescourge, Zynga.
Naturally I've been waiting for it to stand the test of time, and it does look like it has been a complete failure when it comes to being worthwhile.
Facebook started out with enshittification as a business model but the next major escalation came when people had to have an "account" before they could even browse the site any more.
People who had actually enjoyed it were somewhat pressured to join just so they could continue following those who were promotional. Linkedin did this too and made it no longer worth visiting either. So much for supporting the members who were intended to be promoted.
You can only imagine my shock years ago when I found out Facebook was a billion-dollar company.
Things like this were never even supposed to be worth money.
Undo the damage or otherwise come up with a way to shield kids from it. I won't let my own kids anywhere near the open web the way it is today. It's poison for young minds and needs to be fixed or gated off. Like alcohol at this point.
The biggest changes to the Internet over the last few years are usually in the political spaces. There are a few other things but mostly its political. Those other things always existed but now they are online. But this isn't the fault of the communications medium, its the ills of society leaking into online spaces. If we banned those things online, you still as a parent have to worry about them happening IRL. Its better to talk to your kids about these dangers honestly and it always has been. Its always been easier to just prevent your children from being exposed to those dangers but that usually backfires later on. Banning unpopular political discourse to do that has never been the answer to these issues. But in this case, banning discourse is the goal and children are just the excuse. As proof of this, the same government pushing this only instituted a real drinking age in the last 10 years, in a country known for making liquor.
I'm floored lol. What gives you this impression?
The worst part of this inflammatory nonsense is that, sadly, I'm probably the only person that will read your full comment. And I fundamentally disagree with your thesis of attributing this to "politics". Social media and its effects were poisonous long before "politics" were so prominent. You could see it even during early Obama times. The simple infinite scroll and forcing individuals to so regularly compare themselves to each other was already awful long before "politics".
I understand where you are coming from but age gating is not the answer for a communication medium.
This maybe applies to adults. It does not to children that cannot yet fend for themselves. You are basically throwing them to the wolves. This can be your choice, but it won't be mine.
Because parents don’t abuse massive surveillance tools.
Given that most abuse happens in the family and by parents maybe it’s a bad idea to give them so much power
Exactly, nowhere.
If I‘m contra B, it doesn’t mean I pro A
As a kid, my dad sat me down and explained how porn could destroy my life. It's not hard to get people to act in their own self interest once they know what's destructive for them.
The problem is that most parents don't even understand just how damaging social media is.
The government took over most parenting functions, one at a time, until the actual parent does or is capable of doing very little parenting at all. If the government doesn't like the fact that it has become the parent of these children, perhaps it shouldn't have undermined the actual parents these last 80 years. At the very least, it should refrain from usurping ever more of the parental role (not that there is much left to take).
You yourself seem to be insulated from this phenomena, maybe you're unaware that it is occurring. Maybe it wouldn't change your opinions even if you were aware.
>If you want to actually protect children
What if I don't want to protect children (other than my own) at all? Why would you want to be these children's parents (you suggest you or at least others want to "protect" them), which strongly implies that you will act in your capacity as government, but then get all grumpy that other people are wanting to protect children by acting in their capacity of government?
> you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using
In the example here, there are 3 things where age verification is required AND parents have responsibility.
It’s not just one or the other.
The same responsibilities are not “thrown out”, they are never acknowledged in the first place.
I think this is the right way to solve the problem.
For example, I think websites should have a header or something that indicates a recommended age level, and what kinds of more mature content and interactions it has, so that filters can use that without having to use heuristics.
Even if the world was full of responsible parents, there are still people and groups that want to establish a surveillance state. These systems are focused on monitoring and tracking online activity / limiting access to those who are willing to sacrifice their own personal sovereignty for access to services.
There is most definitely a cult that is obsessed with the book of revelation and seeing Biblical prophecy fulfilled, and if that isn't readily obvious to folks at this juncture in time, I'm not sure what it will take. I guess they'll have to roll out the mark of the beast before people will be willing to admit it.
You should need to show ID and prove you're over 18 to enter a church. At least we know they're actually harmful to children.
I hope society comes to the former conclusion and the egregious attack on freedom of speech on the internet is discontinued.
It’s not a fair fight. These are multi-billion dollar companies with international reach and decades of investment and research weaponized against us to make us all little addicts.
Additionally, it’s not fair or reasonable to ask parents to screen literally everything their kids do with a screen at all times any more than it was reasonable for your parents to always know what you were watching on TV at all times.
This is bootstraps/caveat emptor by a different name. It’s not “I want someone else to raise my kids.” It’s “the current state of affairs shouldn’t be so hostile that I have to maintain constant digital vigilance over my children.” Hell if you do people then lecture you about how “back in their day they played in the street and into the night” and call you a helicopter parent
That was an incredibly rude personal attack and completely unwarranted. You cannot talk to people like that here.
I won’t be discussing this with you further. Have a good rest of your week.
Good lord, Silicon Valley must have lead pipes.
There is a local dive bar down the street. I haven't expressly told my kids that entering and ordering an alcoholic drink is forbidden. In fact, that place has a hamburger stand out front on weekends and I wouldn't discourage my kids from trying it out if they were out exploring. I still expect that the bartender would check their ID before pulling a pint for them.
It takes a village to raise a child. There are no panopticons for sale the next isle over from car seats. We are doing our best with very limited tooling from the client to across the network (of which the tremendously incompetent schools make a mockery with an endless parade of new services and cross dependencies). It will take a whole of society effort to lower risks.
All kinds of laws are applied to services provided via Internet. For example, once upon a time people said collecting sales tax was an insurmountable problem and a disaster for ecommerce. Time passes and what do you know, people figured out ways to comply with laws.
Age gating is not the same thing, there is no transfer of goods. It's someone's arbitrary idea of what should and shouldn't be allowed on the internet. And it's pretty clear at this point that it's about control over information. Plenty of articles on the subject if you care to look.
You have made a claim that age gating some online services is an "arbitrary idea." I don't see how that is different from taxes at all. Taxes are likewise an "arbitrary idea." Taxes are likewise a societal control measure.
There is no need for articles to explain a very straightforward truth. If you are unable to make the case for something, claiming unspecified writings elsewhere doesn't get you any further.
The positives and negatives of Internet usage are more extreme than broadcast media but less than alcohol/guns. The majority of people lack the skills to properly censor Internet without hovering over the child's shoulder full-time as you would with a gun. Best you can do is keep their PC near you, but it's not enough.
We agree that a creepy surveillance nanny state is not the solution, but training parents to do the censorship seems unattainable. As we do for guns/alcohol/cigarettes, mass education about the dangers is a good baseline.
EDIT: And some might disagree about never having access to alcohol!
If people want to push, they should just push to make these set up options more ubiquitous, obvious and standardized. And perhaps fund some advertising for these features.
I don't see why your kid should be browsing reddit.
I mean even only allow whitelisted sites. As I say this can be standardized further.
These measures I truly believe do not need to be 100% foolproof so long as the hurdle is high enough that children give up it's fine. And these measures could potentially notify a parent of a suspected breach or attempt to game it, without intruding too much into the child's privacy.
Things have definitely been converging toward making it impossible for non-corporations to manage the devices they own, the network they run, etc.
I agree that ECH is perhaps a stumbling block although as you say MitM, this is indeed possible to pursue considering the whole set up child account on device thing going on with many of these devices.
On the rest of of your points fair enough, but again I ask is it actually proportionate? Are we talking about children or black hats?
What are you going to do when every application (including web browsers) simply ignores and bypass your DNS filtering "for security" and every site is opaque (e.g. wikipedia looks just like pornhub to your router and every site is using one of a small number of major frontend proxies like cloudflare that's actively specifically working toward traffic opacity)? It happens that every major commercial non-server OS vendor (except Redhat?) is an ad company now, so they all have a reason to block your ability to filter traffic/restrict your configuration to only what they allow. And they're all working toward that.
There needs to be a strict (as in MDM level) parental control system.
Furthermore there needs to be a "School Mode" which allows the devices to be used educationally but not as a distraction. This would work far better than a ban.
When I was a kid, when I reached a certain age, 13 I think, there was nothing my parents good could do to stop me from learning from my own mistakes. I think using blanket laws and tech to curb internet behavior is just going to backfire.
[0]: https://news.clemson.edu/the-safer-you-feel-the-less-safely-...
Even with this, the problem requires more than pushing a button. Time, thought, and adjustment are needed. Like home maintenance, its necessary but not everyone can do it without help.
Getting AI assistance is good advice.
As a human, I'd love to see the rest of you fools quit that. If HN ever starts to algorithm me I'll be gone too.
PS Mom, I don't know why cnn doesn't work anymore. ;)
As for news, the art of discovering what in your subjective reality exists in the objective reality is something I don't expect well ever get gud at.
In fact being held to a standard that adults hold themselves to is frequently seen as a rite of passage. I'm a big girl now and I put on my big girl pants to prove it.
It's obviously not a 1/1 comparison here, because providing ID to access the internet is not analogous to providing ID to purchase a pack of Cowboy Killers but we can extrapolate to a certain extent.
(inb4 DAE REGULATING FOR-PROFIT CORPORATIONS == NANNY STATE?!?!?!?!?)
We've never properly acted upon reports of predators grooming children by investigating them, charging them, holding trials, and handing down sentences on any sort of large scale. There's a patchwork of LEOs that have to handle things and they have to do it right. Once the packets are sent over state lines, we have to involve the feds, and that's another layer.
Previously, I would have said it's up to platforms like Discord to organize internal resources to make sure that the proper authorities received reports, because it felt like there were instances of people being reported and nothing happening on the platform's side. Now, given recent developments, I'm not sure we can count upon authorities to actually do the job.
Well, I can't speak for parents (as in all parents). I can, however, tell you what we did.
When two of my kids were young we gave them iPods. The idea was to load a few fun educational applications (I had written and published around 10 at the time). Very soon they asked for Clash of Clans to play for a couple of hours on Saturdays. We said that was OK provided they stuck to that rule.
Fast forward to maybe a couple of months later. After repeated warnings that they were not sticking to the plan and promises to do so, I found them playing CoC under the blankets at 11 PM, when they were supposed to be sleeping and had school the next day.
I did not react and gave no indication of having witnessed that.
A couple of days later I asked each of them to their room and asked them to place their top ten favorite toys on the floor.
I then produced a pair of huge garbage bags and we put the toys in them, one bag for each of the kids.
I also asked for their iPods.
No anger, no scolding, just a conversation at a normal tone.
I asked them to grab the bags and follow me.
We went outside, I opened the garbage bin and told them to throw away their toys. It got emotional very quickly. I also gave them the iPods and told them to toss them into the bin.
After the crying subsided I explained that trust is one of the most delicate things in the world and that this was a consequence of them attempting to deceive us by secretly playing CoC when they knew the rules. This was followed by daily talks around the dinner table to explain just how harmful and addictive this stuff could be, how it made them behave and how important it was to honor promises.
Another week later I asked them to come into the garage with me and showed them that I had rescued their favorite toys from the garbage bin. The iPods were gone forever. And now there was a new rule: They could earn one toy per month by bringing top grades from school, helping around the house, keeping their rooms clean and organized and, in general, being well behaved.
That was followed by ten months of absolutely perfect kids learning about earning something they cherished every month. Of course, the behavior and dedication to their school work persisted well beyond having earned their last toy. Lots of talks, going out to do things and positive feedback of course.
They never got the iPods back. They never got social media accounts. They did not get smart phones until much older.
To this day, now well into university, they thank me for having taken away their iPods.
So, again, I don't know about parents in the aggregate, but I don't think being a good parent is difficult.
You are not there to be an all-enabling friend, you are there to guide a new human through life and into adulthood. You are there to teach them everything and, as I still tell them all the time, aim for them to be better than you.
Precisely. I am not saying I am perfect as a parent or that this was the best possible approach to the situation we had. Nobody is and perfect parenting is an absolute myth.
I knew full well just how addictive gaming could be because I experienced it in my 20's. Needless to say that the "shock and awe" consequence to their deceit was not the result of a single data point. We had been seeing changes in behavior over time (six months or so). The objective was three fold: Take away the device that delivered the addictive behavior. Take away something of value to them. Make them earn it back with positive behavior.
The decision was not planned and the consequences were not communicated in advance. Few things in life are like that. Sometimes people discover the consequences of their actions (or understand them) when they are sprung on them because of something they did. Drunk driving being one possible (though not perfect) example of this.
In this case, it worked. Perhaps we got lucky. Not sure. I also did highlight that I cannot speak for all parents. I did the best I thought made sense at the time. Based on the outcome, many years later, I can say it worked.
To the critics on this thread: Your mileage may vary. Some of the comments sound juvenile, perhaps you'll understand if you ever become a parent and face similar circumstances. Then see what you think of someone who thinks they know better from behind a keyboard than you did in the moment and without having to be responsible for the outcomes (which is a multi-year commitment).
Dating myself, I fully experienced the negative side of gaming back around the time of games like Duke Nukem, etc. I worked nights for a few years. I'd get home at 2 AM fully awake from having driven home. I'd sit down and play for four hours, maybe more. No social element at all in those days. I quick when I started to have nightmares and realized it was because of the games. Decades later, with kids, there was no way I was going to let a ten year old destroy their brains with an addictive substance in the form of a game.
Going back to culture and socialization, I don't really know what the answer might be today, much less in the future. Maybe AI friends will be crucially important (I shudder to think this could be true). Some of it comes down to family structure and dynamics. Our cultural makeup means that we are very often in family-and-friends gathering with 20 to 50 people. That does help kids relate to humans more than keyboards, yet the danger is still there.
Maybe this is where schools might need to become far closer to community organizations than (sorry, I have to...) centers for indoctrination. I attended private school most of my young life. One of the interesting aspects of this is that the parents all knew each other and socialized. We would go to each others homes, throw parties, travel together, etc. This is very different from the (again, I'm sorry, I must...) typical US school-as-a-cattle-ranch approach where you have a high school with 4000 students. I know I am being very opinionated and maybe a bit elitist due to my young experience, it should be noted that this was in a third world country...so, when I say "private school" the reader should not imagine what that might mean in the US.
My point is that things are becoming very complex at a social level and we, as a society, need to make sure that kids grow up to be solid adults. Today there are so many opportunities for them get lost in screens that I truly don't know what social problems might come out of this mess. Games are but one part of it.
> lies to own children about throwing their toys away
1. Teach children about consequences... by using clear expectations, timely feedback, and proportional responses.
2. Teach children about consequences... by allowing wrongdoing to become a festering mess until it "justifies" some big punishment that comes as deliberate emotional trauma and surprise.
Separately from asking which one is more "effective" at conditioning an immediate behavior, each choice also affects how those kids are going to behave when they are in any position to set and enforce rules. Being a role-model is hard.
True enough. Of course, you are not going to get that in this case. All I can say is that those commenting here about potentially cataclysmic consequences are likely precisely the kind of people who will practice the kind of soft "friend class" parenting that can result in really troubled kids. If they even have kids at all, because some of the comments by others sound infantile.
The other narrative that is utterly false is that of role models in the negative sense. Almost all of you are one or two generations away from a culture and style of parenting where beating the kids was considered normal and even good parenting. An era where teachers beating kids in school was also normal and accepted. And yet, that has largely not survived the generational divide except in some segments of some cultures.
Raising kids and being a role model isn't a matter of single events or experiences, it is, like most other things in the human condition, a matter of building a relationship over time and understanding that life usually is a rollercoaster ride, not a straight-and-flat road.
So anyone can walk into a shop and purchase these things unrestricted? It's not the responsibility of the seller too?
Guns yes, you can buy a schmidt-rubin cartridge rifle or black powder revolver sent straight to your home from an online (even interstate) vendor no ID or background check, perfectly legal.
Alcohol yes, you can order wine straight to your house without ID.
These are all somewhat less known "loopholes" but not really turned out to be a problem despite no meaningful controls on the seller. You probably didn't even know about these loopholes, actually -- that's how little of a problem it's been.
> you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using
You can only expect so much from individual responsibility. At some point you need to structure society to compensate for the inevitable failures that occur.
> They are in a much better and informed position to do so than a creepy surveillance nanny state.
I'd rather live in a nanny state than ever trust american parenting. We've demonstrated a million times over that that doesn't work and produces even more fucked up people and abused children.
The way to keep kids from eating (yummy) lead-based paint chips was not holding parents accountable to what their kids ate, but banning lead-based paint.
> then give parents strong monitoring and restriction tools
As written, this sounds very glib. I cannot take this comment seriously without a game theory scenario with multiple actors.
It starts by banning kids from the internet, entirely. It starts with putting age restrictions on who can buy internet connected devices. It starts by arresting parents and teachers who hand pre-literacy kids an always-online iPad. It starts with an overwhelming propaganda campaign: Posters, Commercials, After-School Specials, D.A.R.E. officers, red ribbon week.
Then, ultimately, it still finishes with an age-gated internet where every adult is required to upload their extremely valuable personal information to for-profit companies, for free (With the added weight of being forced to agree to extreme ToS, like arbitration agreements).
So what do we do? I agree that the age of entry to the internet should match other vices (currently 21+ in the US, although really that should probably be 18+)...
It will never be acceptable for a single country's police state to extend across international borders, so... we just ban all of the UK and Australia from every web service until they get withdrawals and promise to stay nice? That could be a start.
But this whole situation in like 'freedom of speech' once you start picking and choosing what counts as "acceptable" speech, then suddenly you lose everything. You literally can't make everyone happy, because everything subjective is open to contradiction - and because there are freaks in the world who will never be satisfied by anything less than a complete global ban of everything.
Who gets a say? Do the Amish get to tell us what we are allowed to do? Where do you draw the line? You can't. Completely open is the only acceptable choice. But I still vote we start publicly mocking the parents who give their kids an ipad, and treat them like they just gave that kid a cigarette. Because seriously, they're ruining that kid.
If government does not want kids to have access to the naughty bits of the internet but thinks there's something worth sharing with children then the government should provide a public internet for kids and THATS the site that will ask for a login known to belong to a kid. We already do public schooling with public funding and we do not let rando adults sit in classrooms with kids and they get a school id. Boot <18's off the public internet AT THE SOURCE when internet connectivity is PURCHASED / CONTRACTED FOR with a valid adult id / proof of age, but allow them vpn access into whatever the government thinks the child should have access to, like the schools page, I would say online encyclopedias or wikipedia type things but I'm not sure if government wants children to read about the variety of so many different things on this planet we're sorta trapped on and lets face it, restricting communications of the kids to points outside the control of parents is exactly what the government is complaining about, the government does not want kids to have free access to information.
Think of a phone or tablet that can only access the network through either a proxy or vpn but otherwise locked down. It certainly seems like it doesn't require much programming, heck have trump vibe code it for all I care.
I mean yeah, parents could just teach their kids the tough stuff because thats how it used to work anyways, well that and the libraries and schools but those can be pruned of bad books and bad teachers at the request of government anyways right? The kids could also be interviewed periodically by government to inventory what topics they have discussed with their parents to weed out the 't' or 'g' words.
I mean yeah I don't see a place for facebook in that intranet but isn't that sort of the point, we all know big social media will be incentivised to promote engagement with less regard for safety, so why do kids need facebook anyways? The instagrams and ticktalks are worse although maybe government should make a child friendly ticktalk type school social network, call it trumps school for kids for all I care, folks in power right now and a significant part of the US believe that trump knows whats good for kids right?
I mean obviously the libraries have to be REALLY REALLY cleaned up but thats just a detail. But why are parents forcing internet wierdos onto their kids with these smartphones / porno studios in their pockets? What do they think chester the molester on ticktalk is gonna have the kid upload their id? even if he does, do we really want that? c'mon man
"But it's behavioural!" I hear you cry. "What's stopping children from going out, buying a cheap unlocked smartphone / visiting their public library / hacking the parental control system, and going on the internet anyway?" And that's an excellent objection! But, what's stopping children from playing in traffic?
That’s why most people make sure it doesn’t happen
Did you forget what web site you're on?
People, for the most part, have no respect for the law. They usually haven't even read the law. They have respect for what they consider appropriate or inappropriate behaviour. (Knowingly breaking the law is, in most instances, considered an inappropriate behaviour – except copyright law, which people only care about if there are immediately-visible enforcement mechanisms. Basically everyone is fine with copying things from Google Images into their PowerPoint presentations… but I digress.) Most people would object to murder, even if the law didn't forbid it. This distinction is important.
Is there a law that says "children must not play in traffic"? Probably! Haven't the foggiest idea which it would be, though. That law (if it exists) is not why children don't play in traffic. The law against giving alcohol to children (if it exists) is not why we don't give alcohol to children. We can establish similar social norms for deliberately-addictive, deceptive, dangerous computer systems, such as modern corporate social media.
Drawing out the alcohol analogy further, you can actually buy alcohol on Amazon, subject to an ID check. I'm not sure why no one bats an eye at this, but somehow e.g. porn or other adult-only services are different.
It's long been an established, reasonable stance that it is both the parent's responsibility and decision to allow or deny certain things, and it's also illegal for businesses to completely undermine the parent's ability to act as that gatekeeper for their kids.
I'm in favour of this, so long as the restriction is narrow. Children shouldn't be on Facebook, but they should be able to participate in the RuneScape forums under a pseudonym, or contribute to Wikipedia (provided they understand the "no, nothing can be deleted ever" nature of the edit history).
However, most of the things we'd want to prohibit for children, aren't actually good for anyone. It would be much easier, in one sense, to blanket-ban the bad guys: no new accounts may be created on services like Facebook or Discord, unless they change their ways.
When you say “We‘ll try everything” that is simply not true, in particular what we do not try is strict consumer protection laws which prohibits targeting children. Europe used to have such laws in the 1980s and the 1990s, but by the mid-1990s authorities had all but stopped enforcing them.
We have tried consumer protection, and we know it works, but we are not trying it now. And I think there is exactly one reason for that, the tech lobby has an outsized influence on western legislators and regulators, and the tech industry does not want to be regulated.
If parents can't handle that they can give them up to the state.
We cannot expect every parent to be able to protect their children when they are being predated on by dozens of multi-million dollar companies, and the state is on the side of the companies.
Those kids shouldn't even have a mobile device to play said game. That's where the parents can, and should, make a difference: don't let your kid even have a smartphone in the first place.
And the reason we have these ads is that corporations are hoping that the kids will indeed disobey, and whine constantly at their parents, until they have their way (as directed to by the targeted ad). There was a good reason why targeting kids in ads used to be illegal in Europe.
The parents' job is to say no. If they're letting themselves be influenced too, that's bad parenting.
They aren't. The target for those games are middle aged, "middle class" women. Especially childless women. You just don't realize that the loud sounds and bright colors appeal to another demographic other than children. Usually those games are terrible for (as in the children don't like them) children. Its because those are usually pay to win games and adults can just out-spend them (and the adults are often terrible winners).
Imagine a gun range that was well aware that their grounds were being used in nefarious ways. We'd shut it down. A hospital that just blindly gave out pain killers to anyone that asked. We'd shut it down.
Does this mean that a zero tolerance policy is what should be used to shut things down? I don't think so. We have some agency to control things, though.
Politicians' whole basis for nearly every campaign is "you're helpless, let us fix it for you."
For the vast majority of problems plaguing society, the answer isn't government, it's for people changing their behavior. Same goes for parenting.
But unfortunately, "you're an adult, figure it out" isn't the greatest campaign slogan (if you want to win).
the surveillance state is possible, achievable, and a few coordination games away from deployment with backing from a majority who should know better
inertia kills, I dunno
A counterargument to your point that children are clever - I was also one once.
The only real solution is to keep children off of the internet and any internet connected device until they are older. The problem there is that everything is done on-line now and it is practically impossible to avoid it without penalizing your child.
If social media and its astroturfers want to avoid outright age bans, they need to stop actively exploiting children and accept other forms of regulation, and it needs to come with teeth.
We could mandate that companies that market the products actually have to deliver effective solutions.
Social media operators love the surveillance state idea. That's why they aren't pushing against this.
I even cancelled YT Premium because their "made for kids" system interfered with being able to use my paid adult account. I urge other people to do the same when the solutions offered are insufficient.
If you make such a restriction, they'll secretly buy some cheap "unrestricted" device like some Raspberry Pi (just like earlier generations bought their secret "boob magazines").
I love gaming, but I hate all the smutt games. It discredits the medium, essentially what has also happened to anime.
I don't really want to turn on age-based filters (to the point that I've never investigated if they even exist) but at this rate, there's hardly anything worth looking at in the recent feed.
It's just hard to imagine that's anything close to what Nintendo wants users to experience, but I guess they need the money.
Your kid is screwed either way. Unless he moves to India.
But to answer your question directly - kids having whisky and I can go after whoever sold/provided it to them using existing legal means if I think it serious enough.
Object.
Internet, communication medium <- not a physical object.
If it was a device that you were using to access that communication, then yes I would agree with you, but at that point they would have to age-gate the computer that gives you that access.
This is clear as day and all you are doing ins proving yourself wrong.
I'd say this comparison is good -- we as a society have decided that people who provide alcohol, guns, and cigarettes are responsible if children are provided them. You don't get to say 'hey, you didn't watch your child, they wandered into my shop, I sold to them 2 liters of vodka and a shotgun'.
The real question is why do we leave it to parents or intrusive surveillance instead of holding companies accountable?
You've missed the point. No legislator or politician cares about what the parents are doing.
What they care about is gaining greater control of people's data to then coerce them endlessly (with the assitance of technology) into acting as they would liike. To do that, they need all that info.
"The children" is the sugar on the pill of de-anonymised internet.
Why this utter drivel is the top comment is beyond me, unbelievable.
It is plausible that the same applies to the digital realm.
You could, for example, make it illegal to target children with targeted advertising campaigns and addictive content. Then throw the executives who authorized such programs in jail. Punish the people causing the harm.
Stronger punishment creates more of an incentive to age verify. Which is basically why it's happening now.
There is a difference between identifying specific children, and running programs that target children more generally; and / or having research that shows how your product harms children, and failing to do anything to stop it. We can tackle both of those issues without requiring age verification. We're headed down the path of age verification because we know now that not only is social media harmful, it's especially harmful to kids, and has been specifically targeted to them. Those are things that can be fixed, regardless of how you feel about age verification. Its not different than tobacco being not allowed to create advertisements for kids; its the same type of people doing the same types of things in the end.
Gee, I wonder if the executives who are suspected of doing such things haven't spent the last 100 years building the infrastructure necessary to avoid charges, let alone jail time? Large corporate legal departments, wink-wink-nudge-nudge command and control hierarchies where nothing incriminating is ever put into writing, voluminous intra-office communications that bury even the circumstantial evidence so deeply no jury could understand it even if the plaintiffs/state could uncover it, etc.
Anyone over the age of 12 that thinks corporate entities can be made to be accountable in a meaningful way is more than naive. They are cognitively defective. Or is it that you realize they can't be held accountable but you'd rather maintain the status quo than contemplate a country which abolished them and enforced that all business was the conducted by sole proprietorships and (small-n) partnerships?
Sure, there's a lot of corruption right now. Doesn't have to stay that way.
Ah. I see, you believe that the godzilla monsters are useful and that you know how to make leashes for them that will definitely work this time.
The funny thing is, just like how politicians have been led to believe that AI data centres create jobs, politicians think this system can be managed responsibly so that only they can get access to its data [0].
[0] https://cybernews.com/security/global-data-leak-exposes-bill...
I’ve never met a single person who believed Facebook was a force for good. Why allow it to exist in its current form at all.
If these companies are the new town square then make a real online town square run by the government people can use if they so choose and then break up the monopolies that are destroying the fabric of all the societies on the globe.
We never in a million years should have allowed these companies to establish global scale communications platforms without the ability to properly moderate them with human intervention and that’s not even to speak of the actual nefarious intent they possess to drive engagement and the anti democratic techno feudalist sickening shit we see from their CEOs like Thiel et al.
They are a plague on our species that makes sport betting apps look like childs play.
1) Persona (Identity Vendor) Exposure (Feb 20, 2026): researchers discovered an exposed frontend belonging to Persona, an identity verification vendor used by platforms like Discord. This system was performing over 260 distinct checks, including facial recognition and "adverse media" screening, raising massive concerns about the scope creep of age verification.
2) Victorian Department of Education (Jan 2026): a breach impacting all 1,700 government schools exposed student names and encrypted passwords. This is a primary example of how child-related data remains a high-value target.
3) Prosura Data Breach (Jan 4, 2026): this financial services firm suffered a breach of 300,000 customer records.
4) University of Sydney (Dec 2025): a code library breach affected 27,000 people right as the new legislation was rolling out.
> Australia's Social Media Ban is a Win for Gambling Companies
https://www.patreon.com/posts/146315894 (supporting links and transcript)
https://www.crikey.com.au/2025/12/12/pro-teen-social-media-b... (the smoking gun)
Undermining data protection and privacy is clearly the point. The fact that it's happening everywhere at the same time makes it look to me like a bunch of leaders got together and decided that online anonymity is a problem.
It's not like kids having access to adult content is a new problem after all. Every western government just decided that we should do something about it at roughly the same time after decades of indifference.
The "age verification" story is casus belli. This is about ID, political dissent, and fears of people being exposed to the wrong brand of propaganda.
How far does it go? Are all bugs features? Shall we assume that Boeing (via MCAS) and Ford (via the Pinto) were trying to kill their passengers? There's a difference between ulterior motive and incompetent execution of expressed intention.
People do hide their intentions but that doesn’t give us a license to reduce complex system dynamics to absurdities.
Design features tend to persist.
The phrase/idiom "the purpose of a system is what it does" maps best to situations where a multiple decisions within a system make little sense when viewed through the lens of the stated purpose, but make perfect sense if the actual outcome is the desired one.
It is an invitation to analyze a system while suspending the assumption of good faith on the part of the implementors.
It’s not that simple. Especially not in politics but even in the domain you’re referencing, have you ever seen Mozilla’s bug tracker? Once your project is so big and involves so many people you move beyond fixing everything you want.
There may be central planning at play, in this case I assume there is, but to claim it necessarily is relies on an oversimplification that doesn’t exist in human political machines that are a giant ship of theseus essentially. There’s no identity -> management capacity proven anywhere enough to make that kind of claim. Institutions inherit and have emergent behavior driven by the dynamics of their constituents/individuals. That includes the inability to create imagined outcomes reliably. The platonic intent and physical regimes cannot be integrated.
"People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public." - Adam Smith
I don't like age verification in general, for anything. The age gates in our society are very subjective.
Many times my Dad would buy alcohol at the grocery store w/ me (underage) in tow, but they never asked for my ID or refused to sell to him. Now, when I go buy alcohol as an adult with my wife (we are both in our mid-late 30s) they ask to see her ID as well as mine? If she leaves her ID at home then she has to wait in the car because they will refuse the sale if she comes into the store and cannot prove her age.
Buying a case of beer with a group of 8 year olds? No problem. Bottle of wine for you and your wife? Let me get both IDs.
Putting up artificial walls is inviting someone to look behind them.
Back in 1999 I was attending a city university and their computer labs were a mix of older Pentium machines running Windows 98 secured by netnanny. They disabled floppy booting in the BIOS and password protected it. Thing is, the old Dell cases were real easy to pop open and pull the CMOS battery out. That killed the BIOS password so I was able to floppy boot the machine and rename netnanny.exe to nutnanny.exe and Win 98 ran unimpeded. When I was done I would rename the exe, reboot and go on about my day. Nice try, uni admins.
I remember plenty of times in my early 20s buying alcohol and they wanted to see the ID of everyone waiting on my car.
In Australia you buy alcohol at the drive through. One person is 18 and you’re good.
Give our personal devices have the ability to verify our age and identity securely and store on device like they do our fingerprint or face data.
Services that need access only verify it cryptographically. So my iPhone can confirm I’m over 21 for my DoorDash app in the same way it stores my biometric data.
The challenge here is the adoption of these encryption services and whether companies can rely on devices for that for compliance without having to cut off service for those without it set up.
If we fight every and any solution, we may end up with their solution, becauase they build it. We end up in the position of saying "don't use the thing they built" without offering alternatives. I'd rather be saying "use whatbwe built, ita is better."
The hardware providers already have the information. You only need to make them reveal it to 3rd parties.
We should be able to verify facts about people on the internet without compromising personal data. Giving platforms the ability to select specific demographics will, in my view, make the web a better place. It doesn’t just let us age restrict certain platforms, but can also make them more authentic. I think it’s really important to be able to know some things to be true about users, simply to avoid foreign election interference via trolling, preventing scams and so much more.
With this, enforcement would also be increasingly easy: Platforms just have to prove that they’re using this method, e.g. via audit.
It would allow someone with an mDL on their device to present only their age instead of other identifying information.
And that your iPhone and other devices become more restrictive if this is not implemented.
I presume most devices in the world do not have a solution to this (desktop windows computer for instance).
I’m not sure if it’s a good idea for like every porn website in the world to require a secret enclave to work. But this sounds better to me than storing users photo ids in an s3 bucket
The only reasonable way to deal with children on the Internet is to treat Internet access like access to alcohol/drugs. There is no need for children to access the Internet full stop.
Internet is a network in which everything can connect to everything, and every connected machine can run clients, servers, p2p nodes and what not. Controlling every possible endpoint your child might connect to is not feasible. Shutting the entire network down because "won't somebody please think of the children" is not acceptable.
And, don't let them trick you. This is the endgoal. An unprecedented level of control over the flow of information.
Absolutely.
This is much better than destroying "the greatest source of knowledge in the history" to make it safe for kids.
First of all, you cannot know that, since plenty of people before you learnt that stuff from libraries.
>So you would deny children the greatest source of knowledge in the history?
Yes, because other sources of knowledge exist and are much more appropriate for children. It is also the greatest source of despicable stuff in history. When you turn 18, have fun exploring the world wide web.
This is a false premise already; the company can check the age (or have a third party like iDIN [0] do it), then set a marker "this person is 18+" and "we verified it using this method at this date". That should be enough.
and there is nothing I or the few (in terms of power) well-meaning government and corporate actors can do to change that.
He is currently prepping to overthrow his local Pizzeria while the rest of us argue as if social media even exists anymore (it doesn't, it's just algorithmic TV now).
Better than muddying the waters trying to make it less addictive but then letting them on there when their brains aren't ready.
It doesn't have to be perfect and there will of course be easy workarounds to hid the warnings for people that want. The goal is to improve the situation though, not solve it perfectly. Like putting information about the dangers of smoking on packages of smokes; it doesn't stop people from smoking but it does make the danger very easy to learn.
In china there are places to scan you device and get coupons. usually at elevators in residential buildings so they can track also if you're arriving or leaving easily.
In the US every store tracks and report to ad networks your Bluetooth ids. and we know what happens to ad networks.
US now requires cars to report data, which was optional before (e.g. onstar) and china joined on this since the ev boom.
the public id space is booming.
This isn't true, there is no federal requirement for a cellular modem in cars. Most modern cars have one, but nothing prevents you from disabling or removing it. I certainly would not tolerate such a "bug" in by car.
> In the US every store tracks and report to ad networks your Bluetooth ids.
This also isn't true, modern phones randomize Bluetooth identifiers. I personally disable Bluetooth completely.
and yeah, your phone gives all the deniability and randon ids, etc. but if you allow apps to access location it's game over. also, just go see that google sells one option where you pay by people who saw you ad physically entered a store. (ps: sadly, I implemented the DSP side of this)
I am not sure I understand this.
I am aware that manufacturers benefit from spying on people through car telemetry, or else they would not shoulder the cost of providing a cell plan. But, I, the owner of the vehicle, have every right to literally cut the cord (or simply unplug and remove the cellular modem).
> and yeah, your phone gives all the deniability and randon ids, etc. but if you allow apps to access location it's game over.
I don't. I run GrapheneOS (fully degoogled), and the only apps allowed to access location services are OSMand and a self-hosted Home Assistant instance. Of course that does not change the fact that millions of other people are being spied on.
So there is absolutely no way to change that and give out IDs from the age of 14? You can already get an ID for children in Germany https://www.germany.info/us-de/service/reisepass-und-persona...
This is a problem that has to be solved by the government and not by private tech companies.
This is a lazy cop out to say "we have tried nothing and we are all out of ideas"
Another example where this plays a role are voter registration and ID requirements for voting in the US. It is entirely bizarre to me how these discussions just accept it as a law of nature that it's expensive and a lot of effort to get an ID. This is something that could be changed.
https://arxiv.org/abs/2602.16800
"We show that large language models can be used to perform at-scale deanonymization. With full Internet access, our agent can re-identify Hacker News users and Anthropic Interviewer participants at high precision, given pseudonymous online profiles and conversations alone, matching what would take hours for a dedicated human investigator. "
(This is a genuine question) please could you describe the underlying problem that age verification is attempting to solve?
To regulate access to addicting material. This is done in the physical world - why should digital be lawless when it applies to the same human behaviors?
I've been addicted to a lot of digital media parts in harmful ways and I had the luck and support to grow out of most of it. A lot of people are not that lucky.
If governments want to require private companies to verify ages, those same governments need to provide accessible ways for their citizens to get verification documents, starting from the same age that is required.
The latter may not be great, but eating potato chips all day also probably isn't, and I don't think the government should outlaw minors eating potato chips. Plus it's variable: some get positive, educational, pro-social, productive outcomes from social media and some don't. Gambling is always bad in the limit.
A simple rule could probably be that if a website can make you lose over $200 of real money, it should probably require age verification. I don't see why other things should.
The cynic in me says that's not why governments want identity confirmation for gambling websites. It's so you can't dodge the taxman
There are options that don't involve any ID uploads whatsoever.
For example, with a German ID you can provide proof that you are older than 18 without giving up any identifying information. I mean, nobody uses this system at the moment, but it does exist and it works.
You could buy 19 gallons of milk for that money (80 liters).
Many of the worst present on the internet is not age gated at all, you have millions of porn websites without even a "are you over 18" popup. There are plethora of toxic forums...
Of course it's a complex problem, but the current approach sacrifice a lot of what made the internet possible and I don't like it.
This is what I find most insane about the UK's age verification law. It's literally so easy to find adult content without proving your age... You can literally just type in "naked women" into a search engine and get porn...
To call it ineffective would be an understatement. Finding adult content on the web almost just as easy as it's always been. The only thing it's made harder is accessing adult content from the normie-web – you can't access porn on places like Reddit anymore, but you can access porn on 4chan and other dodgy adult sites.
If the argument is "think about the kids" there are more effective ways to do it... Requiring device-level filtering for example would likely be more effective because it could just blacklist domains with hosting adult content unless unrestricted. It would also put more power in the parents hands about what is and what isn't restrict.
I think that if you block all porn, social media, etc. all that does is create an opportunity for kids to be shifted to platforms controlled by bad actors. Adults fall victim to pig butchering schemes where they're given 100% fake investment apps that look completely real and they don't realize they're getting scammed until they try to get their money out of the system. There was a story in Canada about a guy and his daughter that thought they had $1 million in savings and it was a pig butchering scam with a fake app.
Are kids today equipped to deal with that? What happens when someone tells a kid to get app XYZ because it's un-moderated, but that app is controlled by a bad actor? Imagine a Snapchat like platform promising ephemeral messaging with simple username / password on-boarding so parents don't see account creation emails, but the app is run by organized crime.
I don't even know how you handle it if they manage to normalize the idea of children sending ID to random platforms. In addition to getting platform shifted and exploited, kids will be vulnerable to sending their real ID to bad actors.
The whole thing seems insane to me. Spend some money on education. That's the only long-term option.
Every security attempt becomes a facade or veil in time, unless it's nothing. Capture nothing, keep nothing, say nothing. Kids are smart AF and will outlearn you faster than you can think. Don't even try to capture PII ever. Watch the waves and follow their flow, make things for them to learn from but be extremely careful how you let the grownups in, and do it in pairs, never alone.
The reason you don’t see it in policy discussion from the officials pushing these laws is because removal of anonymity is the point. It’s nit about protecting kids, it never was. It’s about surveillance and a chilling effect on speech.
LOL.
Of course these technologies keep existing, and you end up with the worst, most wretched people implementing them, and we're all worse off. Concretely, few people are working on ZKPs for age verification because the hive mind of "good people" who know what ZKPs are make working on age verification social anathema.
Society would be better off paying cryptography researchers and engineers at NIST.
Similar to how there is specific channels for children on the TV. Perhaps the government can even incentivize such channels. It would also make it easier for parents to monitor and set boundaries. Parents would only need to monitor if the tv is still tuned to disney channel or similar instead of some adult channels.
Similarly this kind of method could be applied to online spaces. Ofcourse there will be some kids that will find ways around it but they will most likely be outliers.
Children shouldn't be associating with other children, except in small groups. Even the typical classroom count is far too large. They become the nastiest, most horrible versions of themselves when they congregate. A good 90% of the pathology of public schools can be blamed on the fact that, by definition, public schools require large numbers of children to congregate.
The problem with social media isn't the inherent mixing of children and technology, as if web browsers and phones have some action-at-a-distance force that undermines society; it's the 20 years or so they spent weaponizing their products into an infinite Skinner box. Duck walk Zuckerburg.
This is all assuming good faith interest in "the children," which we cannot assume when what government will gain from this is a total, global surveillance state.
https://www.theguardian.com/technology/2026/jan/29/internet-...
If you support privacy, you should support antitrust, else we're going to be seeing these same bills again and again and again until parents can effectively protect their children.
For age verification specifically, the only information that services need proof of is that the users age is above a certain threshold. i.e. that the user is 14 years or older. But in order to make this determination, we see services asking for government ID (which many 14-year-olds do not have), or for invasive face scans. These methods provide far more data than necessary.
What the service needs to "prove" in this case is three things:
1. that the user meets the age predicate
2. that the identity used to meet the age predicate is validated by some authority
3. that the identity is not being reused across many accounts
All the technologies exist for this, we just haven't put them together usefully. Zero knowledge proofs, like Groth16 or STARKs allow for statements about data to be validated externally without revealing the data itself. These are difficult for engineers to use, let alone consumers. Big opportunity for someone to build an authority here.
like most proposed solutions, this just seems overcomplicated. we don't need "accessible cryptographic infrastructure for human identity". society has had age-restricted products forever. just piggy-back on that infrastructure.
1) government makes a database of valid "over 18" unique identifiers (UUIDs)
2) government provides tokens with a unique identifier on it to various stores that already sell age-restricted products (e.g. gas stations, liquor stores)
3) people buy a token from the store, only having to show their ID to the store clerk that they already show their ID to for smokes (no peter thiel required)
4) website accepts the token and queries the government database and sees "yep, over 18"
easy. all the laws are in place already. all the infrastructure is in place. no need for fancy zero-knowledge proofs or on-device whatevers.
No matter what the actual mechanism is, I guarantee they will insist on something like that.
if the goal is "surveil everyone using the internet", yes, very obviously my proposal would not be selected, and you will have to upload your id to various 3rd-party id verifiers.
I'm not sure that's the right answer here, but I think it ticks a lot boxes for the state.
to go on tiktok, you enter a UUID once onto your account, and thats it. the only person that sees your id card is the store clerk that glances at the birth date and says "yep, over 18" when you are buying the "age token" or whatever you want to call it. no copies of your id are made, it cant be hacked, theres no electronics involved at all. its just like buying smokes. theres no tie between your id and the "age token" UUID you received.
theres no fanciness to it, either. itd be dead simple, low-tech, cheap to implement, quick to roll out. all of the enforcement laws already exist.
>Why should I have to share more than required?
you shouldnt. having to prove age to use the internet is super dumb. but thats the way the winds are blowing apparently. if im gonna have to prove my age to use the internet, id much rather show my id to the same guy i buy smokes from (and already show my id to) than upload my id to a bunch of random services.
Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.
For the ultra-controlling, setting up a "kid's account" using the tools already provided in mainstream OS's [0][1] is a fine option.
[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>
[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>
no, it is exactly as protective as the protections for purchasing alcohol or buying smokes or other controlled substances/products.
buying smokes/alcohol when underage is obviously harder than "click this box". (did you ever try to buy smokes/alcohol when underage? you cant just go up to the clerk at the store when you are 14 and say "trust me bro, im 18/19/21".)
>Anyone who is of legal age can buy UUIDs and pass them around to folks who are not.
same for smoking and alcohol. i could go to the store right now and buy smokes, then hand them to my 10 year old.
we have laws already in place to punish selling smokes/alcohol to underagers, and laws for consuming smokes/alcohol when underage. we can apply those laws to your internet-age-token.
most people seem fine with the current trade-off for smokes/alcohol. i see no reason why tiktok needs to be treated as more dangerous than either.
>Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.
i agree with this and everything you said afterwards. id rather not have any of it.
Right. That's exactly as protective as that tickbox. [0] As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age. Unlike with the proposed ID-collection-and-retention schemes (that are authoritarian's wet dreams) the vendor of the UUID is not responsible for ensuring that that UUID is not later used by someone who is not of-age.
If you were to -say- make alcohol vendors liable for the actions of of-age people who pass on alcohol to not-of-age people, then you'd see serious attempts to control distribution.
[0] Don't forget the existence of preexisting parental controls in every major OS. IME, this is a hurdle that's at least as difficult to surmount as the ID check done in non-chain convenience stores.
no, it isn't, for reasons already mentioned but i will say it again for clarity:
- a 14 year old can click "im of age" on a checkbox.
- a 14 year old cannot go into a gas station and buy smokes. they will be declined.
>As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age.
again... same with smokes and alcohol! but we are okay with how smokes and alcohol are regulated right now.
tiktok is not worse than a bottle of vodka. we are okay with how vodka is regulated. tiktok does not need even more strict age-verification than vodka.
it is not perfect, but it is absolutely more stringent than a checkbox. if you still doubt me, please send one of your 12-14 year old family members to buy a pack of smokes or a bottle of vodka at the nearest store. i will wait for your report.
(Also, like, did you ever go to college? Live in a dorm or apartment with underage students? It was super common for of-age people to buy and distribute booze to substantially underage students. Everyone knew it was happening all the damn time.)
> they are obviously not liable if i buy something legitimately, go home, and feed it to my kid. in that case, i am liable...
And if you changed up the rules to make them liable, you'd see serious attempts at controlling distribution.
What has been the state of the art in parental controls for quite some time is like the current regulatory regime for booze and tobacco. The single thing that needs to change to make it exactly the same would be to make it substantially illegal for US-based publishers to not tag the porn/violence/etc that they publish with age-restriction tags. [0]
What's being proposed and is currently implemented by several big-name sites is even more invasive.
> we are okay with how smokes and alcohol works right now.
I'm not. Either booze and tobacco need to be made into Schedule I substances, or their regulation needs to become much more lax. But I recognize that my opinion on the topic is considered to be somewhat out-of-the-ordinary.
[0] This might already be the law of the land right now. I haven't bothered to check.
because they dont matter. parental controls exist today but have been deemed ineffective for the age verification conversation, for whatever stupid reason. so we are stuck trying to figure something else out. do i wish we could just use the existing basic parental controls instead of whatever the hell we are going to end up with? obviously!
the easiest "something else" is to piggy-back on existing age-restriction regulations (i.e. smokes, alcohol, gambling) because they have broad (obviously not ubiquitous, but broad) support. we have decades of experience with them.
and, to that end, you create a little token and you show your id to the store clerk to buy it. the "protect the children" people are satisfied (its the same process everything else age-restricted!), and i dont need to send my id to a peter thiel company. it preserves privacy, it re-uses existing laws, it re-uses existing infrastructure, etc.
Consider that such arguments (just like the arguments of Prohibitionists that resulted in the rise to power of Organized Crime) are made in a varied combination of ignorance and bad faith, and that we should loudly reject them in the strongest possible terms.
To be clear, I'm asserting that the claim that preexisting parental controls are insufficient is an argument made in ignorance and bad faith, not your assertion that the argument is being made.
me and you can yell into the void all we want. and i will continue to do so!
but, age verification is already here. so while i continue to yell about how stupid it is, i am also going to propose options that i feel like are less bad than what is being actively rolled out right now.
As I mentioned, what you propose is exactly as useful and protective as what we have now. What we have now has been roundly rejected by the authoritarians pushing this expansion of power and influence. Your time and energy are better spent resisting the expansion, rather than suggesting alternatives that those authoritarians will never accept (and tacitly accepting their premise in the process).
i disagree, for reasons i have already said and for other reasons i havent yet.
but it is clear that we wont end up agreeing, so no need for us to keep going.
So.
What about a 17 year old? 16? Many folks who go to college are younger than people seem to realize... and teenagers of all ages often like to party.or make them good for 1 month, but sold in 12-packs.
...if these tokens are as protective as you claim they are, why would it be important for them to expire?
Would you also advocate for the token issued by authoritarians' preferred "send a video of yourself [0] and/or your government-issued photo ID [1] to some random third-party for-profit company" check to frequently expire? If not, what's up with the discrepancy?
[0] Or of someone physically near you who is of-age
[1] See [0]
age verification is already being rolled out. so we can either suck it up and try advocate for less shitty versions, or we can bicker amongst ourselves while id/video-based age verification continues to be implemented everywhere.
>...if these tokens are as protective as you claim they are, why would it be important for them to expire?
read above for the conversation that occurred.
>Would you also advocate for the token issued by authoritarians' preferred "send a video of yourself [0] and/or your government-issued photo ID [1] to some random third-party for-profit company" check to frequently expire? If not, what's up with the discrepancy?
a) no, obviously not, because i dont advocate for video or id-based age verification.
b) i know that you know this, and are just pretending to be ignorant for some weird ass reason: various age verification implementations have different risks and benefits.
for some implementations, users are forced to give up significant amounts of privacy in favor of increased accuracy. other implementations give up less privacy, at the risk of reduced accuracy. look at discords implementation for a recent example (it was easier to spoof the client-side verification than the server-side id-based one. more privacy, less accuracy). this type of balancing act is not new. we do the same balancing act with alcohol, smoking, gambling, healthcare, security, development, etc.
so, when looking at potential mitigations for less-accurate methods, while maintaining the same level of privacy, a sensible option is to make the UUIDs time-bound which will limit the time an illicit token is valid. this makes much less sense for id/video-based verification, because they have higher accuracy than my version (paid for by giving up your privacy).
---------
something you said earlier: "Your time and energy are better spent resisting the expansion,".
so, go do that. find the people that are really pushing for age verification, and argue with them. instead of replying to me, use that time to call your state representative or something. im not your opponent here. if it were up to me, we wouldnt have age verification in the first place. you already know that my stance is anti-age verification!
my proposal is not perfect. i dont like age verification. you can have the karma from this argument, its cool, you can "win". what more do you want me to say?
So was "REAL ID", and that took ~fifteen years to bring all the holdouts to heel. It wasn't till the start of the COVID disaster that FedGov could make compliance a condition of receiving enough essential Federal funds to force the remaining objectors to comply.
Compliance with bad plans is not automatically mandatory.
> what more do you want me to say?
It'd be great if you'd stop accepting the premise of authoritarians and reject the publicly-stated premise that motivates these systems. While it may not be clear to folks at the moment, they are no less bad than the systems that help -say- Texas law enforcement track down Texan women and doctors who are in violation of the Texas abortion ban.
I don't give a shit if you say that you do stop accepting the publicly-stated premise. [0] I just hope that one day in the not too distant future you do.
[0] I would -in fact- not believe you if you said you did in reply to this comment.
To put a really fine point on this: every entity that rolls over and compiles with these "age verification" plans has put up less of a fight than 4chan.
When 4chan is one of the heroes, you know that something rotten is going on.
As it is we're seeing companies capture IDs and face scans and it's incredibly invasive relative to the need - "prove your birth year is in range". Getting hung up on unlinkable sessions is missing the forest for the trees.
At this point I think the challenge has less to do with the crypto primitives and more to do with building infrastructure that hides 100% of the complexity of identity validation from users. My state already has a gov't ID that can be added to an apple wallet. Extending that to support proofs about identity without requiring users to unmask huge amounts of personal information would be valuable in its own right.
Your crypto nerd dream is vulnerable to the fact that someone under 18 can just ask someone over 18 to make an account for them. All age verification is broken in this way.
There is a similar problem for people using apps like Ubereats to work illegally by buying an account from someone else. However much verification you put in, you don't know who is pressing the buttons on the screen unless you make the process very invasive.
An 18-year-old creating an account for a 12-year-old is a legal issue, not a service provider issue. How does a gas station keep a 21-year-old from buying beer for a bunch of high school students? Generally they don't, because that's the cops' job. But if they have knowledge that the 21-yo is buying booze for children, they deny custom to the 21-yo. This is simple.
They don't? Teenagers can easily get their hands on alcohol... you just need to know the right person at school who has a cool older brother. If their older brother is really cool they can get weed too!
The police absolutely do not have the time to investigate the crime of making a discord account for someone.
They don't care whether you are 14 or not. They want your biometrics and identification. "Think of the children" is just a pretense.
Aside from the privacy concerns, all this age verification tech seems incredibly complicated and expensive.
A service provider of adult content now cannot serve a child, regardless of the involvement or lack thereof of a parent.
And either way, none of that requires de-anonymizing literally everyone on the internet. I'd be more than happy to see governments provide cryptographically secure digital ID and so that sites can self-select to start requiring this digital ID to make moderation easier.
I have conspiracy theories about the conspiracy theories about digital ID. The people who benefit the most from fake people posting are spambots, sockpuppets, disinfo peddlers, and astroturfers.
And either way, I firmly believe that a site should be free allow you to log in without a digital ID... I just would like to be able to know who doesn't have one so I can know who's a real human being and who is an appendage.
I ran into this when building a kids' education app a few years ago. We explored a bunch of options, from asking for the last four digits of their parents' SSN (which felt icky, even though it's just a partial number) to knowledge-based authentication (like security questions, but for parents).
Ultimately, we went with a COPPA-compliant verification service, but it added friction to the signup process.
It's a trade-off between security and user experience, and there's no perfect solution, unfortunately.
Oh, remember those good old times when alcohol was kids' stuff.......
It's basically the same type of enforcement on sites, as they need to verify and filter content for children, or just block them. Most of the internet users are adults, why not make internet for adults by default.
Nobody's ever gonna show an id to get banned from a website.
The thing is that if you are a kid, your device would be bought and signed by your parent, you have no way of refusing to show ID cause device does it automatically. Of course there is a problem that children could use parent's phone but that's also a way to circumvent current age verification propositions.
The idea is just to sign device once for a kid and let them use it without constant worry.
This puts more onus on parents and guardians to ensure their child's devices are set up correctly. The system wouldn't be perfect and people using something like Gentoo would be able to work around it, but I think it helps address the concerns. A framework would need to be created for content providers to enforce their own rating system but I don't think it's an impossible task. It obviously wouldn't cover someone not rating content operating out of Romania, but should be part of the accepted risk on an open internet.
Personally I do agree with the "do nothing" stance, but I don't think it's going to hold up among the wider public. The die is cast and far too many average people are supporting moves like this. So the first defense should be to steer that conversation in a better way instead of stonewalling.
I agree with this, and I find it frustrating how many people refuse to see this. It seems a lot of people would rather be "right" than compromise and keep the world closer to their stated values.
This rebuttal to privacy preserving approaches isn't compelling. Websites can split the difference and use privacy preserving techniques when available, and fall back to other methods when the user doesn't have an ID. I'd go further and say websites should be required to prioritize privacy preserving techniques where available.
There is a separate issue of improving access to government ID. I think that is important for reasons outside of age verification. Increasingly voting, banking, etc... already relies on having an ID.
Governments (and a few companies) really want this.
The site guidelines ask users to send those to us at hn@ycombinator.com rather than post about it in the threads, but we always look into such cases when people send them.
It almost invariably turns out to simply be that the community is divided on a topic, and this is usually demonstrable even from the public data (such as comment histories). However, we're not welded to that position—if the data change, we can too.
I do think that HN does a better job than most at containing this (thanks for your hard work).
I don't think that there is any definitive way to prevent or detect this anymore. The number of personnel dedicated to online manipulation has grown too much, and the technology has advanced too far.
These are now discussions that states and oligarchs have interests in, not Juicero or smart skillet astroturfing. And this remains a forum that people use to indicate elite support for their arguments.
All is not lost, though: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
The citations from a hit on one money query informs the content to create for the next. It gives you information about what a model finds “citable.” You repackage that.
A more organic discussion would maybe include W3C Verifiable Credentials, the various ISO standards, official implementations and their tradeoffs, etc. But that would link to authoritative sources that would already be cited.
I guess the new thing here is you don’t need popularity on HN so much as info on what models cite. You make contributions motivated by “money queries” you track.
This is an area of huge commercial interest, eg “what leggings should I buy? Lululemon isn’t as good as it used to be,” so it’ll probably be packaged and sold over time by providers and sourced organically through user interactions.
The cynic in me fears they don't want a privacy-preserving solution, which blinds them to 'who'. Because that would satisfy parents worried about their kids and many privacy conscious folks.
Rather, they want a blank check to blackmail or imprison only their opponents.
"Citizens will be on their best behavior, because we’re constantly recording and reporting everything that is going on" - Larry Ellison
(I seem to recall from the context of the quote, he isn't saying this is the future he wants, but it's a future he's not particularly opposed to)
But the real threat is "accidental" database leaks from private websites. Let's say you live in a state where abortion isn't legal, and you sign up for a web forum where people discuss getting out-of-state abortions. As soon as that website is required to collect real names (which it will be), it becomes unusable, because nobody can risk getting doxxed.
When I challenged him on his rhetoric, my comment INSTANTLY disappeared. I thought maybe it was a fluke, so I tried again, and the next comment insta-disappeared also.
Soon thereafter I was locked out of the account and asked to provide a "selfie" to confirm my identity. (I declined.)
This is true of basically any issue discussed on the internet. Saying it must be astroturfing is reductive
Is that really evidence of astroturfing? If we're in the middle of an ongoing political debate, it doesn't seem that far fetched for me that people reach similar conclusions. What you're hearing then isn't "astro-turfing" but one coalition, of potentially many.
I often hear people terrified that the government will have a say on what they view online, while being just fine with google doing the same. You can agree or disagree with my assesment, but the point is that hearing that point a bunch doesn't mean it's google astroturfing. It just means there's an ideology out there that thinks it's different (and more opressive seemingly) when governments do it. It means all those people have a similar opinion, probably from reading the same blogs.
But I don't think we need 99.99% confidence -- isn't even acknowledged that 30% of twitter is bots or something? I think it's safe to conclude there's astroturfing on any significant political issue.
Also as far as documented cases, there were documented cases of astroturfing around fracking [1], or pesticides [2]
1. https://journals.sagepub.com/doi/10.1177/2057047320969435 2. https://www.corywatson.com/blog/monsanto-downplay-roundup-ri...
This was before the heyday of influencer culture, so I can only imagine how sophisticated things are nowadays. It’s not always bots.
I recommend the book Trust Me, I’m Lying for a deep but somewhat dated look at the online influence industry.
How do you suppose it is that millions of people, separated by vast geographic distances, somehow all reach similar conclusions all at once?
Related: How do you suppose it is that out of 350-700+ million people (depending on whose numbers you believe), there's always only two "choices" and both of them suck?
In the same way that patriarchy rose amongst them all.
In the same way that a shared currency was deemed necessary.
Escpecially in matters of governance, there is something to be said about how humans like to organise themselves. No country has truly escaped capitalism so far.
> In the same way that they came up with the idea of divine being(s) in the image of man that rule nature.
Thanks to the diligent efforts of the Priesthood, of course, who never cease in their 'education' of humanity as to the 'truth.'
Before the world came under centralized control of the Priesthood, there were many tribes of 'Nephelim'--or no-faith-God-people. (ne-phe-el-im.)
(Nope, it has nothing to do with aliens. Guess who is telling that lie also?)
> In the same way that patriarchy rose amongst them all.
Not among my ancestors the Cherokee. They were a matriarchy. They were wiped out (genocided) by foreigners who were controlled by a paternal Priesthood.
In our own history, we were once ruled by such a priesthood. They were called the Nicotani, or Ani-Kutani. They grew insolent and arrogant and eventually crossed the line when one of them raped a man's wife. They were subsequently exterminated, to the last man.
> In the same way that a shared currency was deemed necessary.
By whom? Who made that decision for you? Is it you who is deciding to get rid of cash and make everything digital too, so that you can be even more easily tracked, controlled, monitored...enslaved?
> Escpecially in matters of governance, there is something to be said about how humans like to organise themselves.
That's just the thing. It's not you organizing yourself.
Again, I did not come up with currency and it does not matter if I personally believed in it. Enough people did and now we have capitalism. The people organised themselves, and if it is not what they wanted, history has a recording of many many revolutions and uprisings.
Groups of people who wake up at the same time of the day often have a tendency to be from a similar place, hold similar values and consume similar media.
Just because a bunch of people came to the same conclusion and have had their opinions coalesce around some common ideas, doesn't mean it's astroturfing. There's a noticeable difference between the opinions of HN USA and HN EU as the timezones shift.
"Real" user verification is a wet dream to googlr, meta, etc. Its both a ad inflation and a competive roadblock.
The benefits are real: teens are being preyed upon and socially maligned. State actors and businesses alike are responsible.
The technology is not there nor are governments coordinating appropiate digital concerns. Unsurprising because no one trusts gov, but then implicitly trust business?
Yeah, so obviously, its implementation that will just move around harms.
Things that didn't seem likely to have broad support previously, now are seen as acceptable. In the 90's no one could envision rounding up immigrants. No one could envision uploading an ID card to use ICQ. No one could envision the concept of DE-naturalization or getting rid of birthright citizenship.
Today, in the US for instance, there are entire new generations of people alive. And many, many people who were alive in the 90's are gone. Well these new people very much can envision these things. And they seem to have stocked the Supreme Court to make all these kinds of things a reality.
All because the rest of us keep dismissing all of this as just harmless extreme positions that no one in society really supports. We have to start fighting things like this with more than, "It's not real."
Things that have broad support now may have that support primarily because of longstanding influence campaigns.
Both the widespread growth in smoking, and its later drop in popularity, are often credited to determined influence campaigns. You are not immune to propaganda!
Both Clinton and Obama deported way more people than Trump.
And Clinton only deported 2 million across his entire 8 years in office. With a laser focus on convicted criminals as part of a war on drugs. (Now the efficacy of the old "War on Drugs" can be argued, but the numbers can't. We have the records.)
I think you're conflating the number of "returns", defined in the 90's as people who were not allowed to enter at the border; and "deportations", defined in the 90's as people who were in the US, and then we put on a plane back out of the US. IE - "Returns" were people who showed up at the border, sea port, airport or border checkpoint; asked to get in, and we said no. Basically, the nice people.
What you mean is that Clinton simply didn't let anyone into the country. This is true. (Again, we have the records. Clinton refused entry to the US more than any president in US history.) He didn't, however, round up immigrants living in the US on this scale and deport them like we're seeing today. People would never have allowed for that.
To put numbers on it, Trump is on year 5, and has already processed more formal removal orders than Clinton did by year 8. Not only that, voluntary removals were near non-existent under Clinton in the 90's. Today, for just this year alone, they sit at around 1.5 million.
How do you know what is "shared talking points" vs "humans learning arguments from others" and simply echoing those? Unless you work at one of the social media platforms, isn't it short of impossible to know what exactly you're looking at?
Interesting. Are you saying all the concerns raised by the proponents of ID verification are invalid and meritless? For example,
1. Foreign influence campaigns
2. Domestic influence campaigns
3. Filtering age-appropriate content
I’m sure there are many other points with various degree of validity.
In the US, #1 and #2 are invalid and meritless. Wholly and without reservation. One of the huge reasons for the First Amendment is to ensure that people are able to counter lies uttered in the public sphere with truth.
#3 is handled by parental controls that have existed in mainstream OSs for quite some time now. [0][1][2] However, those preexisting parental controls don't justify additional expansion of the power and influence of authoritarians, so here we are.
[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>
[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>
[2] <https://support.google.com/android/answer/16766047?hl=en-rw>
How does digital ID prevents you from speaking out? For example, 2nd amendment requires a lot of hoops in some jurisdictions, which were deemed constitutional, and not violating 2nd amendment. Same with the 1st amendment. You can argue that with digital IDs there will be less privacy and anonymity than before, but it’s a different story.
Moreover, influence campaigns are not about truth or lies, but about making the public loose face on the institutions. A good example of it today is Russia, where the public does not believe that democratic elections are possible at all, in principle.
> #3 is handled by parental controls that have existed in mainstream OSs for quite some time now.
It is not handled perfectly at all, and easily bypassed. To pretend that information access on the internet can be regulated through parental controls is ridiculous.
What? In the US, arguments #1 and #2 are entirely invalid and meritless. As I mentioned:
One of the huge reasons for the First Amendment is to ensure that people are able to counter lies uttered in the public sphere with truth.
> A good example of it today is Russia, where...
We're talking about the US. Many other governments (and governed people) do not agree that freedom of speech is important or even desirable.
> It is not handled perfectly at all, and easily bypassed.
For quite some time now it has been handled at least as well as these new schemes that authoritarians (and those that profit from their actions) are strong-arming companies into preemptively complying with.
> Moreover, influence campaigns are not about truth or lies, but about making the public loose face on the institutions.
If the institution that's being actually damaged by losing face [0] is (or is intimately associated with) one that has spent the last many decades normalizing the replacement of cogent political discussion with Twitter-grade zingers and ragebait, and is now finding it difficult to engage in cogent discussion then, well, they've made the bed they're now forced to lie in. The way out of that bed is sustained, good faith, cogent discussion, rather than building dossiers and the automated infrastructure for information restriction.
But, in truth, most of the folks pushing these systems aren't interested in cogent discussion and are arguing for them in some combination of ignorance and bad faith.
[0] As is often the case in matters like this, I expect the claimed damage is far, far greater than the actual damage.
How do you address lies with truth if the distribution of lies and truth is uncontrollable?
> We're talking about the US. Many other governments (and governed people) do not agree that freedom of speech is important or even desirable.
The example of Russia has nothing to do with freedom of speech. Read again.
Moreover, as I stated earlier, we already have documentation requirements for 2nd amendment, so why not for the 1st? Asking for ID to post on the internet does not preclude you from exercising your rights.
> The way out of that bed is sustained, good faith, cogent discussion, rather than building dossiers and the automated infrastructure for information restriction.
How can you make a good faith argument if the whole space is polluted by bots, trolls, and various influence groups? Perhaps your argument is in good faith, and factually correct, but for one of you there may be 10,000 bots. So, what value is in your voice?
> But, in truth, most of the folks pushing these systems aren't interested in cogent discussion and are arguing for them in some combination of ignorance and bad faith.
This quite a reach. I personally believe that people who have zero chance to get a real life backlash in their community will engage in bad faith arguments, etc.
In exactly the same way urban dwellers made cogent, good faith arguments back in the late 1800s when one could never hope to keep up with the pace of printed material available for sale, and there were far, far more people speaking in the area than one could have a conversation with in a day, let alone half a year.
Falsehood flies, and the truth comes limping after it.
> How do you address lies with truth if the distribution of lies and truth is uncontrollable?
The same way you have for the last two-hundred and fifty years.
> The example of Russia has nothing to do with freedom of speech.
I'm aware. That's why I dragged the conversation back on topic.
> This quite a reach. [sic]
When put into its surrounding context, it is a plain statement of fact and reasonable assessment of the situation.
[0] and the essay that contains that sentiment
For some reason you still complained about astroturfing.
> I expect there have been variations on that sentiment
Yes. Before one human can create a thousand other fake humans indistinguishable from real ones.
Which you acknowledge yourself without realizing it.
Also, why do you ignore my question about 2nd amendment?
> I'm aware. That's why I dragged the conversation back on topic.
It was on topic, you simply chose to ignore the point you did not like.
> When put into its surrounding context, it is a plain statement of fact and reasonable assessment of the situation.
Sure bud, it is
No? I haven't written the word "astroturfing" in this forum in at least the past 90 days. You haven't bothered to keep track of who you're talking to. Given the quality of your argumentation, this is unsurprising.
Sure:)
I’m sorry you feel this way.
Instead it would be more appropriate to let sites pass headers, such as "we have adult content", thst you could filter on the network or client side. It's still voluntary, of course. Anyone will just visit sites that don't have the checks if necessary.
- Governments benefit from easier monitoring and enforcement.
- The advertising industry prefers verified identities for better targeting.
- Social media companies gain more reliable data and engagement.
- Online shopping companies can reduce fraud and increase tracking.
- Many SaaS companies would also welcome stronger identity verification.
In short, anonymity is not very profitable, and governments often favor identification because it increases oversight and control.
Of course, this leads to political debate. Some point out that voting often does not require ID, while accessing online services does. The usual argument is that voting is a constitutional right. However, one could argue that access to the internet has become a fundamental part of modern life as well. It may not be explicitly written into the Constitution, but in practice it functions as an essential right in today’s society.
Realizing that much of the internet is totally toxic to children now and should have a means of keeping them out is distinct from agreeing to upload ID to everything.
A better implementation would be to have a device/login level parental control setting that passed age restriction signals via browsers and App Stores. This is both a simpler design and privacy friendly.
At least here in US: Google/Apple device controls allow app to request whether user meets age requirements. Not the actual age, just that the age is within the acceptable range. If so, let through, if not, can't proceed through door.
I know I am oversimplifying.
But I like this approach vs. uploading an ID to TikTok. Lesser of many evils?
parents need to start parenting by taking responsibility on what their kids are doing, and government should start governing with regulations on ad tech, addictive social media platforms, instead of using easily hackable platforms for de anonymization, which in turn enable mass identity theft.
No, I think both ideas are bad.
That being said, this is a 1 bit information, adult in current legislation yes/no.
I consider it a huge success of the Internet architects that we were able to create a protocol and online culture resilient for over 3 decades to this legacy meatspace nonsense.
> That being said, this is a 1 bit information, adult in current legislation yes/no.
If that's all it would take to satisfy legislatures forever, and the implementation was left up to the browser (`return 1`) I'd be all for it. Unfortunately the political interests here want way more than that.
"use a token from the device so the ID never leaves, this is way better right!"
This is the true objective. They actually want DEVICE based ID.
I want LESS things that are tied to me financially and legally to be stolen when(not if) these services and my device are compromised.
Its not unreasonable to assume that he would seek to automate his bullshit.
See here for some examples:
https://www.techdirt.com/2022/08/26/who-would-benefit-from-c...
https://www.michaelgeist.ca/2025/10/senate-bill-would-grant-...
So we should probably get ahead of this debate and push for good ways to do part-of-identity-checks. Because I don't see any good way to avoid them.
We could potentially do ID checks that only show exactly what the receiver needs to know and nothing else.
A stronger statement: we know how to build zero-knowledge proofs over government-issued identification, cf. https://zkpassport.id/
The services that use these proofs then need to implement that only one device can be logged in with a given identity at a time, plus some basic rate limiting on logins, and the problem is solved.
The challenge here though is to prove to the user, especially without forcing the user to go into technical details, that it is indeed private and isn't giving away details.
The user needs to be able to sandbox an app like that and have full control of its communications.
From what I’ve seen, most of the pro-ID commenters are coming from positions where they assume ID checks will only apply to other people, not them. They want services they don’t use like TikTok and Facebook to become strict, but they have their own definitions of social media that exclude platforms they use like Discord and Hacker News. When the ID checks arrive and impact them they’re outraged.
Regulation for thee, not for me.
HN has largely shifted away from tech literacy and towards business literacy in recent years.
Needless to say that an internet where every user's real identity is easily verifiable at all times is very beneficial for most businesses, so it's natural to see that stance here.
I think a lot of the younger generation supports it, actually. They didn't really grow up with a culture of internet anonymity and some degree of privacy.
Privacy with respect to the government was one of the final pillars, but when everything placed on the internet is absorbed by the alphabets of government agencies, and the current admin does searches of it as their leisure they understand nothing is anonymous anymore.
It's funny that this is what the younger generation is going to think Millennials and older are completely stupid for still supporting. The current structure only benefits corporations and bots.
I dont think they want to figure it out. They think the internet should be stagnant unchanging and eternal as it currently exists because it makes the most money. If you disagree you're either a normie, bot, or need to parent harder or something. There is nothing you can do don't dare try to change it.
HN comments sentiment seems to shift over the age of the thread and time of day.
My suspicion is that the initial comments are from people in the immediate social circle of the poster. They share IRC or Slack or Discord or some other community which is likely to be engaged and have already formed strong opinions. Then if the story gains traction and reaches the front page a more diverse and thoughtful group weighs in. Finally the story moves to EU or US and gets a whole new fresh take.
I’m not surprised that people who support something are the ones most tuned in to the discussion because for anyone opposed they also have their own unrelated thing they care about. So the supporters will be first since they’re the originators.
It's never fucking safety, or protecting children, or preventing fraud, or preventing terrorism, or preventing drugs or money laundering or gang activities. It's always, 100% of the time, inevitably, without exception, a tool used by petty bureaucrats and power hungry politicians to exert power and control over the citizens they are supposed to represent.
They might use it on a couple of token examples for propaganda purposes, but if you look throughout the world where laws like this are implemented, authoritarian countries and western "democracies" alike, these laws are used to control locals. It's almost refreshingly straightforward and honest when a country just does the authoritarian things, instead of doing all the weaselly mental gymnastics to justify their power grabs.
People who support this are ignorant or ideologically aligned with authoritarianism. There's no middle ground; anonymity and privacy are liberty and freedom. If you can't have the former you won't have the latter.
So people are kind of primed for "makes sense to keep kids from these attention driven platforms"
But I think the average person isn't understanding the implications of the facial/id scanning.
These are not the same people from 30 years ago. The new generation has come to love big brother. All it took to sell their soul was karma points.
Actually, yes, it seems to have shifted quite a bit. As far as I can tell, it seems correlated with the amount of mis/disinformation on the web, and acceptance of more fringe views, that seems to make one group more vocal about wanting to ensure only "real people" share what they think on the internet, and a sub-section of that group wanting to enforce this "real name" policy too.
It in itself used to be fringe, but really been catching on in mainstream circles, where people tend to ask themselves "But I don't have anything to hide, and I already use my real name, why cannot everyone do so too?"
The short version is that voters want government to bring tech to heel.
From what I see, people are tired of tech, social media, and enshittified apps. AI hype, talk of the singularity, and fears about job loss have pushed things well past grim.
Recent social media bans indicate how far voter tolerance for control and regulation has shifted.
This is problematic because government is also looking for reasons to do so. Partly because big tech is simply dominant, and partly because governments are trending toward authoritarianism.
The solution would have been research that helped create targeted and effective policy. Unfortunately, tech (especially social media) is naturally hostile to research that may paint its work as unhealthy or harmful.
Tech firms are burned by exposés, user apathy, and a desire to keep getting paid.
The lack of open research and access to data blocks the creation of knowledge and empirical evidence, which are the cornerstones of nuanced, narrowly tailored policy.
The only things left on the table are blunt instruments, such as age verification.
Do you think strip clubs and bars should stop IDing people at the door? I don't. Why should porn sites be any different?
The principle of online ID checks is completely sound; the implementation is not.
This would be impractical in meatspace, but works perfectly fine on the internet.
The data stays with them[1].
I think you grossly underplay the current practices.
[1] there's no hard, irrefutable proof companies like Persona (intimately connected with known law abusers, ie US government) keep their promises or obey the law.
[edit] I did a little reading and it sounds like the company does not query the government with your ID. You get the cryptographic ID from the government, and present it to a company who is able to verify its validity directly. My source is mostly this: https://www.eff.org/deeplinks/2025/04/age-verification-europ...
That sort information can permanently destroy peoples lives.
The average tech literate person keep seeing their data breached over and over again. Not because THEY did anything wrong, but because these Corpos can't help themselves. No matter how well the tech literate person secures their privacy it has become clear that some Corpo will eventually release everything in an "accident" that causes their efforts to become meaningless.
After a while it's only human for fatigue to build up. You can't stop your information from getting out there. And once it's out there it's out there forever.
Meanwhile every Corpo out there in tech is deliberately creating ways to track you and extract your personal information. Taking steps to secure your information ironically just makes you stand out more and narrows the pool you're in to make it easier to find you and your information. And again you're always just one "bug" from having it all be for nothing.
I still take some steps to secure my privacy, I'm not out there shouting my social security information or real name. But that's habit. I no longer believe that privacy exists.
To the extent we ever had it in the past was simply the insurmountable restrictions on tracking and pooling the information into some kind of organization and easy lookup. Now that it is easier and easier to build profiles on mass numbers of people and to organize those and rank them the illusion is gone. Privacy is dead. Murdered.
And people are tired of pretending otherwise.
Yes.
Or more honestly, there was always an undercurrent of paternalistic thought and tech regulation from the Columbine Massacre days [0] to today.
Also for those of us who are younger (below 35) we grew up in an era where anonymized cyberbullying was normalized [1] and amongst whom support for regulating social media and the internet is stronger [2].
The reality is, younger Americans on both sides of the aisle now support a more expansive government, but for their party.
There is a second order impact of course, but most Americans (younger and older) don't realize that, and frankly, using the same kind of rhetoric from the Assange/Wikileaks, SOPA, and the GPG days just doesn't resonate and is out of touch.
Gen X Techno-libertarianism isn't counterculture anymore, it's the status quo. And the modern "tech-literate" uses GitHub, LinkedIn, Venmo, Discord, TikTok, Netflix, and other services that are already attached to their identity.
[0] - https://www.nytimes.com/1999/05/02/weekinreview/the-nation-a...
[1] - https://www.nytimes.com/2013/09/14/us/suicide-of-girl-after-...
[2] - https://www.washingtonpost.com/politics/2022/06/09/why-young...
Cui bono?
I still haven't read any truly compelling argument, why this type of surveillance is actually effective and proportionate.
Tons of data also showing higher suicide rates, depression rates, eating disorders etc. so it's not as if there is no good side to this.
Here is the data:
https://www.cdc.gov/mmwr/volumes/66/wr/mm6630a6.htm
and the more recent data:
https://afsp.org/suicide-statistics/
I was a child of the 90's, where the numbers were higher, where we had peak PMRC.
> depression rates
Have these changed? Or have we changed the criteria for what qualifies as "depression"? We keep changing how we collect data, and then dont renormalized when that collection skews the stats. This is another case of it, honestly.
> eating disorders
Any sort of accurate data collection here is a recent development:
https://pmc.ncbi.nlm.nih.gov/articles/PMC7575017/
> never ending cat and mouse game with my kids (especially my son)
Having lived this with my own, I get it. Kids are gonna be kids, and they are going to break the rules and push limits. When I think back to the things I did as a kid at their age, they are candidly doing MUCH better than I, or my peer group was. Drug use, Drinking, ( https://usafacts.org/articles/is-teen-drug-and-alcohol-use-d... ) teen pregnancy are all down ( https://www.congress.gov/crs-product/R45184 )
This conflicts with my concerns about government crackdowns and the importance of anonymity when discussing topics that cover people who have a monopoly on violence and a tendency to use it.
So it's not entirely a black/white discussion to me.
The underlying internet should remain anonymous. People should remain able to communicate anonymously with consenting parties, send private DMs and create private group chats, and create their own service with their own form of identity verification.
* All big services are unlikely to require ID without laws, because any that does not will get refugees, or if all big services collaborate, a new service will get all refugees.
I mean, this is _literally the only thing needed_ for the Trump admin to tie real names to people criticizing $whatever. Does anyone want that? Replace "Trump" with "Biden", "AOC", "Newsom", etc. if they're the ones you disagree with.
I've seen people post appalling shit on fuckin LinkedIn under their own names.
Strong moderation keeps Internet spaces from devolving into cesspools. People themselves have no shame.
Real name moderator is a fallacy.
When you’re older and have children—especially preteens and teenagers—you want those barriers up, because you’ve seen just how fucked up some children can get after overexposure to unhealthy materials and people who want to exploit or harm them.
It’s a matter of perspective and experience. As adults age, their natural curiosity evolves into a desire to protect their children from harm.
You mean that you shirk your responsibility to teach your child how to protect themself on the Internet, and instead trust the faceless corp to limit their access at the cost of everyone's privacy? How does this make sense...
Heck, you can't even obtain housing -- which is an essential service -- without having to provide identity in most cases.
What remains to be seen is if the outcome of teenagers becoming social pariahs is really worse than the alternatives.
I presume you prefer hard requirement of IDs.
I'm saying this will make kids go to i2p, tor, to the obscure fora in countries not giving a f* about western laws.
As a parent to the teens and teens, THIS makes me concerned. The best vpns are very hard to detect (I know, I try it myself).
Some will, but most won't. Similarly, most kids who are dissuaded from buying alcohol because they don't have ID are not going to break the law to get it, or switch to hard drugs as an alternative.
You can't let perfect be the enemy of better.
I agree with your last paragraph but the current development (for example the intentionally imprecise OSA in the UK) is NOT aimed at "protecting children" (whenever I hear someone say "think of the children" Id prefer they stopped thinking of mine all the time, creeps).
Here's the long article unpicking it in details: https://consoc.org.uk/the-online-safety-act-privacy-threats-...
> Under the cover of protecting children – a catchphrase repeated as the reason for the urgency of the legislation – the government has already conferred on itself future powers to access end-to-end encrypted messages (as soon as the technology becomes available), as well as powers to restrict what can and cannot be said on social media platforms as regards “false communication”. The categorisation debate reveals a kind of mission creep toward the spread of information, and the government’s inability to control it – rather than the actual harm information may cause.
Notice: the stated lie is "we protect the children!" but the intention of the act is to access everything everywhere.
Predictably the MPs are ramping up the pressure calling for more https://committees.parliament.uk/work/8641/social-media-misi...
And more: https://www.ibtimes.co.uk/uk-government-vpn-restrictions-onl...
And more: https://support.apple.com/en-gb/122234
And more: https://www.gov.uk/government/news/keeping-children-safe-onl...
And more! https://www.bbc.co.uk/news/articles/cp82447l84ko
AND THEN: https://cybernews.com/news/and-then-mullvads-anti-surveillan...
Do you really, honestly, hand on heart believe that it's just about "protecting the kids"?
Freedom of speech is not, and has never been absolute. For example, it's unlawful to lie about the content of food and drug products. Fraud is unlawful. We also hold people liable for defamation.
You're right that technology would allow governments to cast a broad net over communication and open the door to certain kinds of abuse. It's a completely legitimate concern.
This is where legal and constitutional protections can come into play. The ability to collect communications should be coupled with safeguards to prevent people from being prosecuted for lawful speech. To have one without the other would be a tragedy. And, yes, sometimes despots need to be dealt with through violent means (politics by other means, see Clausewitz).
And you don't mind that freedoms of all of us would be restricted as a result?
And then, we keep blaming boomers for those restrictions.
As for "freedoms," you're not free to vote or drink alcohol below a certain age. And before the internet, minors couldn't purchase pornography, either. Some people perceive this change as a return to normal, not an egregious destruction of freedom.
I am not talking about pornography or alcohol at all.
I hope you are aware that requiring an ID to surf the internet leads to total censoring and self-censoring of the complete internet. There goes your privacy, anonymity, and right to free speech.
If your country's regime really wanted to address pornography or alcohol, I'm pretty sure they would be able to shut it down without requiring everyone's identity. The issue is, they are just using these topics to manipulate people, and you are failing to that trap.
Who's proposing this? I don't want to argue over a straw man.
They are talking about it in the context of "high risk" services and social media, but not the Internet as such.
I think the solution we really need is age verification for table saws. Of course, it goes without saying that the saw should also monitor the user's cuts to make sure they're connected with the right national suppliers who can supply material to meet their needs, and to ensure that you aren't using the saw to cut any inappropriate materials from unregistered sources.
The door is over there. Take the baby out with the bathwater as you leave. -->
Obvious flaws are OK. I absolutely hate the Nirvana fallacy that you people think is acceptable here, while hundreds of millions of kids suffer from serious developmental issues, as reported left and right by all kinds of organizations and governments themselves.
Age verification is a good thing. Giving children unrestricted access to hardcore pornography is bad for them. Whatever arguments you want to make, fundamentally this is true.
Anonymous age verification is fundamentally impossible. It is especially a bad idea for adult content, as a person's perfectly legal sexual beliefs and fantasies can permanently destroy their lives if that information got out. Parental controls are the only ethical, secure, and privacy protecting way forward here.
There is no right, or even a debate about whether there should be a right, to consume digital streams of other people engaging in sexual acts in total anonymity without proving age. In fact being able to do this at all is something that didn't exist until about 25 years ago, before that you had to drive down to a video store and rent a DVD or tape. At that video store you would have to show an ID to get an account, and there would be a permanent record at the store of what you have rented.
I get that people want to watch people engage in acts that they themselves find embarrassing and shameful. I don't agree that this is healthy, but if it's legal then I have no standing to complain much. However, it's not legal to provide videos of hardcore sex to children, which you are insisting is necessary to allow adults to consume videos of hardcore sex acts in perfect anonymity, which wasn't even a thing that was possible until very recently. Your argument is just stupid and absurd on its face.
European proponents of "anti-big-tech action" make it pretty explicit - broad discretionary power should be given to executive branch, because otherwise "international corporations" will use "loopholes" (and these "loopholes" are, in practice, explicitly written laws used as intended).
Now the issue of which properties can "ask to verify your age" and "apple now knows what you're looking at" is still an unsolved problem, but maybe that solution can be delivered by something like a one time offline token etc.
But again, this is a very hard problem to solve and I would personally like to not have companies verify age etc.
Not exactly a good moment for this caste of politicians to pretend they care about children's well-being, though.
The problem of identifying a value for each person is very difficult. But government's role stops there. Until the teenager's screen more factors stay in the middle (parents, peers, criminals). I am curious how it turns out eventually. As a parent, I have already banned SM for my children, so not "affected" by the new policy.
We could start to ban many of the mechanisms social media companies have deployed over the last 10 years. Infinite scrolling, algorithmic feeds of "creator" content, AI generated ragebait from bot accounts, etc. I'd love to see social media reverted back to when it was just holiday photos from your friends.
You're not 18 yet?
No Problem we just give you two certs with different valid from/to ranges that overlap and don't give away your birthday.
Problem solved.
Because it has no attributes (not even a unique serial number that could be used to track it) the whole scheme is now defeated.
Practically that means all of them will be imprisoned for life, of course.
Do we need laws to make this happen? What methods can be used to aid adoption? Do site operators really want to know the humanness and ages or are those just masks on adding more surveillance?
Instead of requiring IDs, we should let parents manage what their children do online.
Some can be 50 and still be clueless who to trust and what to do.
Every kind of discrimination merely shifts the burden.
And thinking of the children as an excuse for draconian law is itself child abuse. It's using children as a shield to take cover.
EDIT: I'd like to add that if age verification becomes a thing, we should also have an online drug test, insurance verification, financial wellbeing tests, mental health checks and a badge of dishonor for anyone who fails to comply.
Liquor stores, bars, strip clubs, adult bookstores, or similar businesses don't let kids in. Movie theatres don't let a 10 year old in to an R-rated movie. The tech industry ignored their social responsibility to keep kids away from adult and age-inappropriate content. Now, they are facing legal requirements to do so. Tough for them, but they could have been more proactive.
That being said nothing about these laws is about protecting children; their primary purpose is to crack down on the next Just Stop Oil or Palestine Action so for that reason should be opposed.
Could you explain to me how a digital id standard involving a mechanism for zero knowledge proof of identity is supposed to help the government crack down on activists (skipping the fact you are using UK examples for a EU spec)?
Take into account the reality we live in where every communication platform already requires you to provide your phone number and you can't get a phone number without providing an ID the European Union please, not some disconnected threat model.
Uh. I could check in the back of my parents' closet (hidden under some fabric) for at least a decade's worth of dirty magazines. It's true that that's less than a lifetime's worth of pictures and articles, but I'd say that that's effectively equivalent.
> That can't be healthy.
The only thing that's unhealthy is not being able to talk frankly and honestly about sex and sexuality with your peers, parents, and other important adults in your life. Well, that and never being told that sex leads to pregnancy, or how to recognize common STDs... but you're likely to get that "for free" if you're able to talk frankly and honestly about sex and sexuality.
It cannot be a friction-less experience. Allowing children to see gore and extreme porn at a young age is not healthy. And then we have all the "trading" platforms (gambling).
Even though my brothers were able to get many hard drugs when I was young, around 1977, there was a lot of friction. Finding a dealer, trusting them, etc. Some bars would not card us but even then there was risk and sometimes they got caught. In NY we could buy cigarettes, no friction, and the one drug I took when I was young, addicted to them at 16, finally quitting for good at 20. I could have used some friction there.
So how do we create friction? Maybe hold the parents liable? They are doing this with guns right now, big trial is just finishing and it looks like a father who gave his kid an ak47 at 13 is about to go to jail.
I would like to see a state ID program when the ID is just verified by the State ID system. This way nothing needs to be sent to any private party. Sites like Discord could just get a OK signal from the state system. They could use facial recognition on the phone that would match it with the ID.
Something needs to be done however. I disagree that the internet needs to be open to all at any age. You do not need an ID to walk into a library, but you need one to get into a strip club. I do not see why that should not be the same on the internet.
It's like bankid or myid works in Scandinavian countries.
When you need to identify yourself you are challenged by a 3rd party trusted service.
Making this a age verification should be very easy.
I could generate my own key, have the government blind sign it upon verifying my identity, and then use my key to prove I'm an adult citizen, without anyone (even the signing government) know which key is mine.
Any veryfying entity just need to know the government public key and check it signed my key.
If the identity check was blind it wouldn't actually be an identity check. It would be "this person has access to an adult identity".
If there is truly no logging or centralization, there is no limit on how many times a single ID could be used.
So all it takes is one of those adult blind signatures to be leaked online and all the kids use it to verify their accounts. It's a blind process, so there's no way to see if it's happening.
Even if there was a block list, you would get older siblings doing it for all of their younger siblings' friends because there is no consequence. Or kids stealing their parents' signature and using it for all of their friends.
A signed key is still unique.
- You can still check that user 1 and user 2 don't use the same key.
- You can still issue a challenge to the user every 10 days to make sure he has indeed access to his key and not just borrowed it.
- You can still enforce TPM use of said keys, so that they cannot be extracted or distributed online, but require a physical ID card.
- You can still do whatever revocation system you want for the cases when a key is stolen or lost.
Really the "blind" nature of the signature changes nothing to what you would normally do with a PKI.
If the site you send your information to gets a uniquely identifying piece of information, that's not blind to your identity.
> - You can still check that user 1 and user 2 don't use the same key.
The systems described elsewhere in the thread give people a set of signatures that can't be traced back to their source.
Because one could argue that the government could keep track of the keys they give away.
That is where blind signing is interesting. The government can sign _your_ key without knowing it.
Private actors are already offering verification as a paid service. They are accumulating vast troves of private date to offer the service.
politicians are interested in it because they're begging for some way to censor the internet, which would actually be even worse for parenting because now it prevents children from ever learning to be responsible with these highly addictive platforms
Big tech don't have wait for an outright government ban when they can just say that we are a teen-only site by default and everyone have to verify if they are over 18 or not. This age verification will affect everyone no matter what.
This is not true, as others have pointed out. Kind of sad to see no mention of privacy-preserving technology already in use in an IEEE article.
"The only way to prove that someone is old enough to use a site is to collect personal data about who they are. And the only way to prove that you checked is to keep the data indefinitely."
If you start by legislating that you can't collect personal data or ID, then you are forced to do your age verification through other means. And legislate the government can't see what websites a user is visiting if you can to stop overreach. End result is a workable solution, zero knowledge proof or similar where government (the source of your ID documents) signs a token brokered by a proxy.
But when you start arguments from the position of 'no way to do this without violating privacy', the end result will be to violate privacy, because it seems an awful lot of people are demanding age verification and will sacrifice if they believe it is necessary.
to a lot of people it never sat well that people could just go online and say whatever they want, and communicate with each other unsupervised at large scale, and be effectively untargetable while doing so - that model of the internet was only allowed because it happened under the radar and those uncomfortable with it have been fighting it since they got the memo
Once you are verified, you just flip a bit "verified" in the database and delete all identification data.
No reason to store the data indefinitely
and if you have internet access without paying, that means someone else is legally responsible for your access
"problem solved" ?
I'm not for these draconian age verification nonsense, but this isn't a valid argument.
This is the way it works with e.g. alcohol and cigarettes, most places. Famously kids can just get a beer from a random fridge and chug it, but someone 16/18/21+ will be responsible and everyone seems mostly fine with this.
I regularly talk to other parents at the school gates who have no idea that permissions on mobiles even exist, let alone that they can choose what they let each app have access to.
The general public people just dont care.
(fwiw I regularly talk to parents who are quite aware of various parental controls and use them effectively, combined with talking to their kids and just general good parenting practices)
So we must make a system which protects the naive, instead of educating everybody properly.
Is it bypassable by a sufficiently determined child? Yes, but so it is the current age verification nonsense.
No, that's not the case.
just like you already are responsible for what happens on your free public network (torrenting, hacking, CSAM, etc.) in most jurisdictions
(for what its worth, i think age verification is dumb. but it looks like we're getting it one way or the other)
Second, if all it takes to get into underage spaces is not being verified, predators *will* notice and exploit this hole.
Even the absence of information is information.
> The Roblox games site, which recently launched a new age-estimate system, is already suffering from users selling child-aged accounts to adult predators seeking entry to age-restricted areas, Wired reports.
I rest my case.
> Second, if all it takes to get into underage spaces is not being verified, predators *will* notice and exploit this hole.
Which once people realize that, it all becomes really silly. The only way it would really work is by verifying that people are children, so only children can be in the gated location. But then you need to do mass surveillance on children and I think even the average person realizes this just makes that a great place for predators and the damage caused by a leak is far greater to children. Not to mention the impractical nature of it as children are less likely to able to verify themselves and honestly, you expect kids to jump through extra hoops?
Anyone that believes these systems will keep predators away from children haven't thought about even the most basic aspects of how these systems work. They cannot do what they promise
That's the whole point, right? A pretense to remove any remaining anonymity from communications?
Governments are endlessly infested with the worst people. They look back at historical attempts at totalitarianism and think to themselves, "Let's facilitate something like that, but worse".
I think most people are aligned here, and that an internet without identification is inevitable whether we like it or not.
Identification fixes nothing here, you log with your account, plug in the AI.
The problems with social media have nothing to do with ID and everything to do with godawful incentives, the argument seems to be that it's a large price to pay but that it's worth it. Worth it for what? The end result is absolutely terrible either way
Why? Like, what makes you think that?
While I am not against internet ID, there is a case to be made for social media for the harms they are causing.
Why would social media companies fight against this? They, much like the public actually like the engagement. That is the whole problem.
Look at X, where you can now see where people are posting from, do people honestly engage with the feature? No, they don't bother to check if they agree with the content and they use it as an excuse to dismiss in bad faith if they don't like the content.
This is not a control problem, social media networks are not at a loss of options in how to engage with this, they don't want to, the point can be made that states might want to fix this and are unable to, but if that was actually the case there's half a dozen better ways to do that, among them, banning the services.
The idea that the entirety of the population ought to throw privacy away so people can still browse Instagram is repugnant to me.
With an approved ID, it will be trivial to enforce 1 ID 1 account on 1 platform. This is not possible now.
To my knowledge, no country has tried it before up until recently. The issue of government distrust is valid, but that shifts the problem to one of government accountability, not accessibility. Demand the rule of law to be upheld, hold those in power accountable and be vigilant of their trespasses, do not abdicate what little power you hold. That is what is required for civil society to function properly.
It's amazing how there is a much larger crowd, of completely real people, who approve of the government, than those nasty dissenters. We know they're real people because we trust the government vouching for its own IDs.
And because of the real ID policy, the government can also ask the social media company for the ID used by opposed posters, and find out where they live and "visit" them, maybe "warn" them.
Hooray for democracy!
Take the current US administration. If they were to point the finger at a user for something the government didn't like, I doubt many people will agree, and more likely people will be opposed to the government than the user. The most important thing is to prevent government from abusing violence on the people for speaking up, which is somewhat lacking in the US.
More effort should be done to hold governments accountable, not finding ways to skirt around it.
Governments shouldn't work like Google's technical support, where they are in 100% control and you have zero recourse if they don't like you, or even if they just fuck up. Governments should be accountable to their people, there need to be systems (like courts) to rein in the government's unlawful actions. It goes without saying that government shouldn't build fully centralised systems of authority, and certainly shouldn't be implicitly trusted by third parties - because when they do that, things go badly for the citizens of that government. Or citizens of other countries (see e.g. the USA fucking with ICC staff)
...and yet here we are, discussing systems that would lock people out of all sorts of things if they won't or can't get a trusted proof they're in a central database we trust the custodians of 100% - those custodians never make mistakes or abuse their position, right? Why the rush to adopt the more fragile system?
What I worry about is more and more "nudge theory" or dark patterns coming in; you may be entitled to something, or have rights, and the government doesn't like people having that, or paying for people to have it. They won't say "no, people can't have these rights and entitlements" and take the hit at the ballot box (though sometime they do and that is strictly worse), but they will deliberately put in roadblocks and gotchas (digital or otherwise) that oh-so-unfortunately sometimes don't work, or are cumbersome and thus discourage people from exercising their rights.
2) Your point is valid. I too want to know whether I am engaging with a bot or a person. This is impossible now and it will be impossible once ID check becomes ubiquitous.
3) I will be happy to see (or not) a blue checkmark by the profile name. Just like in Twitter. That's enough.
Like everything else in society, there are tradeoffs here, I'm much more concerned with the damage done to children's developing brains than I am to violations of data privacy, so I'm okay with age verification, however draconian it may be.
Our middle child (aged 12) has an Android phone, but it has Family Link on it.
Nominally he gets 60 mins of phone time per day, but he rarely even comes close to that, according to Family Link he used it for a total of 17 minutes yesterday. One comes to the conclusion that with no social media apps, the phone just isn't that attractive.
He seems to spend most of his spare time reading or playing sports...
Just one of the many joys of parenting :)
If it's a concern, parents can prevent or limit their children's use. If all this were being done to prevent consistent successful terrorist attacks in the US with tens of thousands of annual casualties, I'd say okay maybe there is an unavoidable trade-off that must be made here, but this is so absurd.
Thus far, privacy and anonymity have been used to get children addicted to garbage, distribute CSAM, create elaborate schemes of financial fraud (cryptocurrency), and develop drug distribution networks.
It's completely reasonable to limit privacy in order to combat these social evils.
Look at the facebook real name policy.
But beyond that we can look at places similar things have been rolled out.
Facebook has a real name policy and is overflowing with fraudsters and ai slop
Although I can't figure out how to sign up for a second telegram account with their phone number restriction that hasn't stopped multiple scammers hitting me up every day on the service.
On YouTube, their demographics has ladies in their 30s watching nursery rhyme videos by the millions because mothers give their children their phone.
On social media, scammers tend to take over the accounts of dead people because the deceased don't update their passwords after a data breach. Your ID card policy, however strict, isn't going to stop the most common attack vector
So I don't know what you're trying to solve with id checks: parents hand their logged in devices to their children, scammers raid the accounts of the verified dead, existing systems clearly aren't working and strictly enforcing ineffective security theater isn't going to change this
I'm all for empathizing with the concerns but doing something that doesn't work isn't a solution
To be honest, I find many holes the ID method myself and it stems from the free and abundant nature of the internet where anything goes everywhere. If I could take an analogy, it's like we have allowed casinos to be built all around the neighborhood and now have no political will to stop children from entering, though I do concede that it's much easier to stop a child from entering a casino than access to internet. Perhaps China was on to something with the great firewall, though I doubt the efficacy of that method as well.
But back to the use of ID, is there not an argument to be made that doing something is better than nothing? Personally, I would like the banning of algorithmic content and that online peers should only be found through intent and not recommended by the platform, but I digress.
No we do not.
>I don’t want to live in a world where the average person unknowingly interacts with bots more than other individuals and where black market actors can sway public opinion with armies of bots.
That is not the argument for identification on many places on the internet. It's not even the argument that the gov reps pushing it typically make. And why would it be. The companies that go along with all this don't want to get rid of all bots and public opinion campaigns. They make money off of many of those.
Plus what you're asking would require international id verification for everyone, which would first mostly make those IDs a lot cheaper. But there's a second negative effect. The organizations issuing those IDs, governments, are the ones making the bot armies. Just try to discuss anything about Russia, or how bad some specific decision of the Chinese CCP is. Or, if you're so inclined: think about how having this in the US would mean Trump would be authorizing bot armies.
This exists within China, by the way, and I guarantee you: it did not result in honest online discussion about goods, services or politics. Anonymity is required.
At any point they can tell a real human what they can and can't say, and if they go against their masters, their "real human" status is revoked, because you trust the platform and not the person.
If we want to go full conspiritard, we could accuse those of wanting to control speech to be the financial backers of those flooding social media with AI slop: https://www.youtube.com/watch?v=-gGLvg0n-uY -- this fictional video thematically marries Metal Gear Solid 2's plot with current events: "perfect AI speech, audio and video synthesis will drown out reality [...] That is when we will present our solution: mandatory digital identity verification for all humans at all times"
The various government actions trying to force "robust" age verification on the internet are being woefully naive in trusting other internet companies and letting them skirt existing laws on data protection.
That's not even mentioning other factions whose real goal is in shutting down legal speech that doesn't meet their Christian agenda: https://theintercept.com/2024/08/16/project-2025-russ-vought...
You are being a useful idiot, sorry. Your weakness is what politicians exploit when they say "think of the children", you fail to see the amoral power-grabs hiding beneath their professed sentiment.
I don't want you encouraging people to demand my identity because you trust "authorities" taking yours
Why don't we have PKI built in to our birth certificates and drivers licenses? Why hasn't a group of engineers and experts formed a consortium to try and solve this problem in the least draconian and most privacy friendly way possible?
To be clear, tackling the issue of child access to the internet is a valuable goal. Unfortunately, "well what if there was a magic amulet that held the truth of the user's age and we could talk to it" is not a worthwhile path to explore. Just off the top of my head:
1. In an age of data leaks, identity theft, and phishing, we are training users to constantly present their ID, and critically for things as low stakes as facebook. It would be one thing if we were training people to show their ID JUST for filing taxes online or something (still not great, but at least conveys the sensitivity of the information they are releasing), but no, we are saying that the "correct future" is handing this information out for Farmville (and we can expect its requirement to expand over time of course). It doesn't matter if it happens at the OS level or the web page level -- they are identical as far as phishing is concerned. You spoof the UI that the OS would bring up to scan your face or ID or whatever, and everyone is trained to just grant the information, just like we're all used to just hitting "OK" and don't bother reading dialogs anymore.
2. This is a mess for the ~1 billion people on earth that don't have a government ID. This is a huge setback to populations we should be trying to get online. Now all of a sudden your usage of the internet is dependent on your country having an advanced enough system of government ID? Seems like a great way for tech companies to gain leverage over smaller third world companies by controlling their access to the internet to implementing support for their government documents. Also seems like a great way to lock open source out of serious operating system development if it now requires relationships with all the countries in the world. If you think this is "just" a problem of getting IDs into everyone's hands, remember that it a common practice to take foreign worker's passports and IDs away from them in order to hold them effectively hostage. The internet was previously a powerful outlet for working around this, and would now instead assist this practice.
3. Short of implementing HDCP-style hardware attestation (which more or less locks in the current players indefinitely), this will be trivially circumvented by the parties you're attempting to help, much like DRM was.
Again, the issues that these systems are attempting to address are valid, I am not saying otherwise. These issues are also hard. The temptation to just have an oracle gate-checker is tempting, I know. But we've seen time and again that this just (at best) creates a lot of work and doesn't actually solve the problem. Look no further than cookie banners -- nothing has changed from a data collection perspective, it's just created a "cookie banner expert" industry and possibly made users more indifferent to data collection as a knee-jerk reaction to the UX decay banners have created on the internet as a whole. Let's not 10 years from now laugh about how any sufficiently motivated teenager can scan their parent's phone while they're asleep, or pay some deadbeat 18 year-old to use their ID, and bypass any verification system, while simulateneously furthering the stranglehold large corporations have over the internet.
1) Person signs up with discord with fake name and fake email.
2) Discord asks (state system) for an age validation.
3) In pop up window, state validates the persons age with ID matching with face recognition.
3) State system sends token to discord with yes or no with zero data retention in the state records.
4) Discord takes action on the account.
What is so hard about this?
Your system seems to address none of the issues I listed. For example, I argue that one difficulty is in the fact that these systems would be highly phishable -- a property that is present in your described "easy" solution. Your system trains users to become accustomed to being pestered by pop up windows that ask to see their ID and use their camera. Congrats, I can now trivially make a pop up a window that looks like this UI and use it to steal your info, as the user will just respond on auto-drive, as we have repeatedly shown both in user studies and in our own lived experiences. I also explained how a system like this would assist in the practice of trapping migrant workers by confiscating their government credentials [1]. This is a huge problem today in Asia, and one of the few outlets captive workers can use to escape this control is the internet -- a "loophole" your system would dutifully close for these corporations.
I am happy to have a discussion about this -- it's how we come up with new solutions! But that requires reading and responding to the concerns I brought up, not assuming that my issue is that I can't imagine implementing a glorified OAuth login flow.
1. There's tons of articles about this, here is one of the first ones that comes up on Google: https://www.amnesty.org/en/latest/news/2025/05/saudi-arabia-...
Well this is true of all of the internet, yes?
https://bankingjournal.aba.com/2025/08/report-financial-inst...
https://www.cyberdefensemagazine.com/the-rise-in-phishing-sc...
Your example about migrant workers is not an internet problem, it is a government problem. And a capitalism problem. I mean migrant workers? Why do these workers need to migrate? Usually because the U.S. has probably decimated their country.
But never mind, I agree that this is an unsolvable problem, not from lack of capability, but because we are ruled by sociopaths and most humans have been hacked by their addiction pathways. And I do not care about Saudi Arabia or Asia because I do not live there. And I do not care if they block all of the internet. We do not need it for anything, even less so for organizing.
Maybe we should just leave the internet, which is only a capitalist and government collusion to make people spend money. All the internet did was concentrate power to a few oligarchs. For everything good that the internet has provided I can show you ten things that are not only bad, but 1000 times worse, like monkey torture video sharing.
If I had kids today they would not even use the internet until they were out of my care. I only have six accounts on the internet. Including HN. I do not view porn, gamble, have any social media, and in fact I am trying to became un-homeless so I can go back to a flip phone.
IMHO, the answer is not a fee internet, the answer is leaving the internet. But it seems you made and make a nice living at all of this so I see what a sacrifice that would be for you. You are probably part of the reason I am homeless today, with the separation for wealth and all that. I see that you dnated to a bunch of neoliberal types and that fits. Seems you had over $17,000 to give to politicians. That is more than I survive on for a year. I mean, you do not need to do any work at all today. You could retire right now.
Sorry for the unrelated rant, but needed to get that off my chest for myself. Just tired of wealthy people trying to perfect a horrible system and technology that keeps making them money. You pretend like you care about the poor, like the migrant worker, but that is just laughable. If you did you would be against capitalism. You would give up all you own and follow Christ or Buddha or whatever. I mean you got $20 million and what did you do? You started making addictive games. And then you donate to these neoliberals who are no different than the neoconservatives.
Love, a old homeless guy who left Cisco in 1999 because he saw where all of this was going and who is currently sitting in a hotel he cannot afford because the 2002 minivan he lives in just lost its water pump.
> I mean you got $20 million and what did you do? You started making addictive games.
I refrained from responding to the rest since it seems that there is a deeper issue, but I could not help setting the record straight here. I think everyone who has ever played Bonsai Slice will firmly attest to it being the opposite of addicting. My parents never let me own a game console so I never really wrapped my head around games, and made exactly the kind of game someone like that would come up with: a deep tech exploration, to hopefully make progress on two problems that were plaguing me at the time: 1) how little mobile UI had seemed to progress (instead getting stuck in one-tap local maxima), and 2) building an app that is generally considered to be the worst candidate for a pure immutable language... in a pure immutable language in order to serve as a forcing function to surface new ideas in the space. I've always believed that if you wanted to make a general purpose programming language, you should probably try to have as much varied experience as possible, or otherwise you'll end up with a domain-specific language that is misused for every other domain (this is how I would describe most programming languages. In fact, I'd say most programming languages are written for the niche use case of writing a compiler, since they are written by compiler writers. Ironic that that is the last thing most get used for.). As such, I made a decision to start actually writing a wide variety of apps.
A little legislative change and you can kiss your zero-proof goodbye if any infrastructure is established. This is about making intelligent decisions in your life. Your suggestion is far from innovative.
We will see real innovation in mechanisms to sideline age verification.
From every political angle, the messaging seems to be "we want you to give birth to many kids, but we don't trust you raising them"
Yeah, sure. Whatever you say, Jack.
Governments recycle "Think of the children" mantra and they are again after terrorists and bad guys.
We should focus on teaching parents how to educate their children properly, and teach children how to safely browse the internet and how to avoid common scams and pitfalls.
I played Roblox when I was a teenager and all the time my aunt told me to be careful of who I talked to online, as they could be a pedo. Even though there wasn't a constant monitoring from my parents or family, her words were repeated many times that I actually thought 5 times before sharing any kind of personal information online, back then.
The pain in trying to set up fortnite and minecraft online as parents is unsummounted, involving creating half a dozen accounts with different companies just to get some form of control. Far easier to just give them an adult account.
The process to create a child account should be seamless and no harder than creating an adult account.
nope, they are going after dissenters, not bad guys. It's how it always ends up.
The advantage, I think, of age verification by private companies over cellphone bans in public schools is that cellphone bans appear as a line-item on the government balance sheet, whereas the costs of age verification are diffuse and difficult to calculate. It's actually quite common for governments to prefer imposing costs in ways that make it easier for the legislators to throw up their hands and whistle innocently about why everything just got more expensive and difficult.
And the argument over age verification for merely viewing websites, which is technically difficult and invasive, muddles the waters over the question of age verification for social media profiles, where underage users are more likely to get caught and banned by simple observation. The latter system has already existed for decades -- I remember kids getting banned for admitting they were under 13 on videogame forums in the '00s all the time. It seems like technology has caused people to believe that the law has to be perfectly enforceable in order to be any good, but that isn't historically how the law has worked -- it is possible for most crimes to go unsolved and yet most criminals get caught. If we are going to preserve individual privacy and due process, we need to be willing to design imperfect systems.
France banned phones in elementary and noddles schools in 2018. It's not the only European country to have done so.
Well isn't this premise false from the get go? Many countries (not the US sure, but others) have digitised ID. Services can request info from the ID provider; in this case social media websites would simply request a bool isOver16, literally one bit of information, to grant access. No other information needs to be leaked, and no need for idiotic setups like sending photos of your passport to god knows what website (or god knows what external vendor that website uses for ID verification).
Seems silly to worry about this when social media itself is predicated on collecting gigabytes of data about you daily.
Again, this is not about half assed solutions that force you to send photos of your passport to websites. That's a terrible idea for the reasons discussed in the article. But it's obviously false that this is the only way.
I also suspect that social media has damaging effects on kids, and they probably shouldn't have access to it, but not like this. I'd probably be quicker to support something like saying that individuals <18 aren't allowed to buy or possess a phone or tablet that has access to an app store or web browser, and only offers voice- and text-based communications channels. Ok, so now it all happens on a laptop? What's "a tablet?" Is a Chromebook a tablet? It's fucking impossible.
Announcement: https://blog.google/innovation-and-ai/technology/safety-secu...
Library: https://github.com/google/longfellow-zk
Paper: https://eprint.iacr.org/2024/2010
Afterwards, folks from ISRG produced an independent implementation https://github.com/abetterinternet/zk-cred-longfellow with our blessing and occasional help. I don't know if the authors would call it "production ready" yet, but it is at least code complete, fast enough, and interoperable with ours.
Two things tech companies want to protect:
The perception of anonymity
Who gets to collect that information
I agree that a smaller loop of people should have that data but the loop is growing every day.
So if it ruins the perception anonymity for young naieve users so be it.
I'm not saying it's impossible to be somewhat anon, I'm just saying untrained users should understand the environment they're interacting with before they get hooked on useless products.
Age verification is not more difficult than a payment system.
I mean, if I can pay on a website without the website to know my credit card number, I should be able to prove my age without the website to know anything about me either.
France has a ID verification system for all its service. You’d think they should be able to provide a hook that lets people prove they’re over the age limit to any third party without the third party knowing. It seems fairly basic.
There is a solution to this.
There are privacy issues on the internet, but I think this ain’t one.
Of course we hate child abuse.
Of course we hate criminals.
Of course we hate social media addicting our kids.
But they’re just used as emotional framing for the true underlying desire: government surveillance.
(For the record: I am not into conspiracy theories; the EU has seen proposals for - imho technically impossible - “legally-breakable encryption” alone in 2020, 2022, and 2025; now we”ll also see repeated attempts at the “age verification” thing to force all adults to upload their IDs to ‘secure’ web portals)
I will go as far as to assume that no one on HN believes this is done for the children. It's been done to censor people and ID the majority of normies online. And when you think of this, the undermining of everyone's data protection is note an undesired side effect, it's the goal.
For you'll need to be accounted while they do the counting.
A good solution that respects privacy and helps reduce the exposure to harmful content at a young age is not very obvious though (but common sense and parental guidance seems to be the first step)
But, I don't get the approach. It's not like social media starts being a positive in our life at 20. The way these companies do social media is harmful to mental health at every age. This is solving the wrong problem.
The solution is to take away their levers to make the system so addictive. A nice space to keep in touch with your friends. Nothing wrong with that.
Major banks and government institutions can’t even be bothered to implement the NIST password guidelines. If they got their gdpr soc2 fedramp whatever it’s green lights and the rest is insurance.
Yup.
Basically, kids can sign up for an account triggering a notification to parents. The parent either approves or rejects the sign in. Parents can revoke on demand. See kids login usage to various apps/services. Gets parental restrictions in the login flow without making it a PITA.
Just make Google/Apple reveal part of that data (age > x years) to websites and apps.
Boom, done. Privacy guarded. Easy.
This is the internet.
Among those who were very familiar with it, the smartest money never started doing things like that.
It's not even worth talking about online. There's too much inorganic support for the objectives of nation-states and the corporations that own them.
Legislation has been advanced in Colorado demanding that all OSes verify the user's age. It will fail, but it will be repeated 100 times, in different places, smuggled attached to different legislation, the process and PR strategies refined and experimented with, versions of it passed in Australia, South Korea, maybe the UK and Europe, and eventually passed here. That means that "general purpose" computing will be eventually be lost to locked bootloaders.
https://www.pcmag.com/news/colorado-lawmakers-push-for-age-v...
[edit: I'm an idiot, they already passed it in California https://www.hunton.com/privacy-and-cybersecurity-law-blog/ca...]
And it will be an entirely engineered and conscious process by people who have names. And we will babble about it endlessly online, pretending that we have some control over it, pretending that this is a technical discussion or a moral discussion, on platforms that they control, that they allow us to babble on as an escape valve. Then, one day the switch will flip, and advocacy of open bootloaders, or trading in computers that can install unattested OSes, will be treated as organized crime.
All I can beg you to do is imagine how ashamed you'll be in the future when you're lying about having supported this now, or complaining that you shouldn't have "trusted them to do it the right way." Don't let dumb fairytales about Russians, Chinese, Cambridge Analytics and pedophile pornography epidemics have you fighting for your own domination. Maybe you'll be the piece of straw that slows things down just enough that current Western oligarchies collapse before they can finish. Maybe we'll get lucky.
Polls and ballots show that none of this stuff has majority organic support. But polls can be manipulated, and good polls have to be publicized for people to know they're not alone, and not afraid they're misunderstanding something. If both candidates on the ballot are subverted, the question never ends up on the ballot.
The article itself says nothing that hasn't been said before, and stays firmly under the premise that access to content online by under-18s is suddenly one of the most critical problems of our age, rather than a sad annoyance. What is gained by having this dumb discussion again?
I don't think this legislation would have helped me. I found the material I did outside of social media and Facebook was not yet ubiquitous. I did not have a smartphone at the time, only a PC. I stayed off social media entirely in college. Even with nobody at all in my social sphere, it was still addicting. There are too many sites out there that won't comply and I was too technically savvy to not attempt to bypass any guardrails.
The issue in my case was not one of "watching this material hurt me" in and of itself. It was having nobody to talk to about the issues causing my addiction. My parents were conservative and narcissistic and did not respect my privacy so I never talked about my addiction to them. They already punished me severely for mundane things and I did not want to be willingly subjected to more. To this day they don't realize what happened to me. The unending mental abuse caused me to turn back to pornography over and over. And I carried a level of shame and disgust so I never felt comfortable disclosing my addiction to any school counselors or therapists for decades. The stigma around sexual issues preventing people from talking about them has only grown worse in the ensuing years, unfortunately.
At most this kind of policy will force teenagers off platforms like Discord which might help with being matched with strangers, but there are still other avenues for this. You cannot prevent children from viewing porn online. You cannot lock down the entire Internet. You can only be honest with your children and not blame or reproach them for the issues they have to deal with like mine did.
In my opinion, given that my parents were fundamentally unsafe people to talk to, causing me to think that all people were unsafe, then the issue of pornography exposure became an issue. In my case, I do not believe there was any hope for me that additional legislation or restrictions could provide, outside of waking up to my abuse and my sex addiction as an adult decades later. Simply put, I was put into an impossible situation, I didn't have any way to deal with it as a child, and I was ultimately forsaken. In life, things like those just happen sometimes. All I can say was that those who forsook me were not the platforms, not the politicians, but the people who I needed to trust the most.
I believe many parents who need to think about this issue simply won't. The debate we're having here on this tech-focused site is going to pass by them unnoticed. They're not going to seriously consider these issues and the status quo will continue. They won't talk with their children to see if everything's okay. I don't have many suggestions to offer except "find your best family," even if they aren't blood related.
These so-called "platforms" already collect data about who people are in order to facilitate online advertising and whatever else the "platform" may choose to do with it. There is no way for the user to control where that data may end up or how it may be used. The third party can use the data for any purpose and share it with anyone (or not). Whether they claim they do or don't do something with the data is besides the point, their internal actions cannot be verified and there are no enforceable restrictions in the event a user discovers what they are doing and wants to stop them (at that point it may be too late for the user anyway)
"Tech" journalists and "tech bros" routinely claim these "platforms" know more about people than their own families, friends and colleagues
That's not "privacy"
Let's be honest. No one is achieving or maintaining internet "privacy" by using these "platforms", third party intermediaries (middlemen) with a surveillance "business model", in order to communicate over the internet
On the contrary, internet "privacy" has been diminishing with each passing year that people continue to use them
The so-called "platforms" have led to vast repositories of data about people that are used every day by entities who would otherwise not be legally authorised or technically capable of gathering such surveillance data. Most "platform" users are totally unaware of the possibilities. The prospect of "age verification" may be the wake up call
"Age verification" could potentially make these "platforms" suck to a point that people might stop using them. For example, it might be impossible to implement without setting off users' alarm bells. In effect, it might raise more awareness of how the vast quantity of data about people these unregulated/underregulated third parties collect "under the radar" could be shared with or used by other entities. Collecting ID is above the radar and may force people to think twice
The "platforms" don't care about "privacy" except to control it. Their "business model" relies on defeating "privacy", reshaping the notion into one where privacy from the "platform" does not exist
Internet "privacy" and mass data collection about people via "platforms" are not compatible goals
"... our founders displayed a fondness for hyperbolic vilification of those who disagreed with them. In almost every meeting, they would unleash a one-word imprecation to sum up any and all who stood in the way of their master plans.
"Bastards!" Larry would exclaim when a blogger raised concerns about user privacy."
- Douglas Edwards, Google employee number 59, from 2011 book "I'm feeling lucky"
If a user decides to stop using a third party "platform" intermediary (middleman) that engages in data collection, surveillance and ad services, for example, because they wish to avoid "age verification", then this could be the first step toward meaningful improvements in "internet privacy". People might stop creating "accounts", "signing in" and continuing to be complacent toward the surreptititious collection of data that is subsequently associated with their identity to create "profiles"
PS = pr0n site
AV = age verification site (conforming to age-1 spec and certified)
PS: Send user to AV with generated token
AV: Browser arrives with POST data from PS with generated token
AV: AV specific flow to verify age - may capturing images/token in a database. May be instant or take days
AV: Confirms age, provides link back to original PS
PS: Requests AV/status response payload:
{
"age": 21,
"status": "final"
}
I don't know if this is already the flow, but I suspect AV is sending name, address, etc... All stuff that isn't needed if AV is a certified vendor.
A better solution would be a simple "minor" flag that is only included on the devices of minors. No third party verification required for adults.
Maybe TBL is right and we need a new internet? I don’t have the answer here, but this one is too commercialized and these companies are very hawkish.
Tradeoff acknowledged, and this runs both sides, there's hundreds of risks that these policies are addressing.
To mention a specific one, I was exposed to pornography online at age 9 which is obviously an issue, the incumbent system allowed this to happen and will continue to do so. So to what tradeoffs in policy do detractors of age verification think are so terrible that it's more important than avoiding, for example, allowing kids first sexual experiences to be pornography. Dystopian vibes? Is that equivalent?
Or, what alternative solutions are counter-proposed to avoid these issues without age verification and vpn bans.
Note 2 things before responding:
1)per the original quote, it is not valid to ignore the trade offs with arguments like "child abuse is an excuse to install civilian control by governments"
2) this was not your initiave, another group is the one making huge efforts to intervene and change the status quo, so whatever solution is counterproposed needs to be new, otherwise, as an existing solution, it was therefore ineffective.
If any of those is your argument, you are not part of the conversation, you have failed to act as wardens of the internet, and whatever systems you control will be slowly removed from you by authorities and technical professionals that follow the regulations. Whatever crumbs you are left as an admin, will be relegated to increasingly niche crypto communities where you will be pooled with dissidents and criminals of types you will need to either ignore or pretend are ok. You will create a new Tor, a Gab, a Conservapedia, a HackerForums, and you will be hunted by the obvious and inequivocal right side of the law. Your enemy list will grow bigger and bigger, the State? Money? The law? God? The notion of right and wrong which is like totally subjective anyways?
I was initially exposed to pornography at 8 years old, by finding a disgarded magazine in a hedge. However this was pretty soft.
I was exposed to serious pornography at 10 years by finding a hidden VHS tape in the back of a drawer at a friends house and getting curious. This was hardcore German stuff with explicit violence. This has caused me to have therapy in my lifetime.
This was all in the 80s by the way.
Therefore anything you are mentioning happened long before the internet, and is totally possible in a completely offline world as well. So how do these new digital laws 'protect children' again?
The equivalence with alcohol would be finding an alcohol bottle in your parent's cabinet. It's not the same as buying alcohol while you are 10, and it's in no way an excuse to allow the sale of alcohol to minors.
The point is it can be accidentally stumbled upon in many different situations, so why focus so heavily on a draconian online law which doesnt actually stop children from seeing pornography?
> And the only way to prove that you checked is to keep the data indefinitely.
This is not true and made me immediately stop reading. If a social media app uses a third party vendor to do facial/ID age estimation, the vendor can (and in many cases does) only send an estimated age range back to the caller. Some of the more privacy invasive KYC vendors like Persona persist and optionally pass back entire government IDs, but there are other age verifiers (k-ID, PRIVO, among others) who don't. Regulators are happy with apps using these less invasive ones and making a best effort based on an estimated age, and that doesn't require storing any additional PII. We really need to deconflate age verification from KYC to have productive conversations about this stuff. You can do one thing without doing the other.
I don't think a bulletproof age verification system can be implemented on the server side without serious privacy implications. It would be quite easy to build it on the client side (child mode) but the ones pushing for these systems (usually politicians) don't seem to care about that.