Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
if "it" is the middle finger, for sure. "terrifying" is a great choice of word for it.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
In the end, all the little people are just collateral damage or occasionally they get some collateral benefits from wherever the munitions land.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
Just because you're a pessimist doesn't mean you have to be coy. :)
What do you mean? They still need people purchasing software and hardware.
You can argue effectiveness, but if enough people say no, then a boycott is extremely effective. The issue is always on awareness and making people take hard actions.
They don’t need you to purchase hardware or software any more. We’re moving to centralized economic planning, where resources for datacenter buildouts are reserved for people with sufficient political loyalty (and come from tax dollars), and the only products are surveillance and collective punishment.
If you don’t want that to happen, then you’ll need to help build an alternative.
Yes, I agree.
>They don’t need you to purchase hardware or software any more.
Need? No. But they still want as much money as possible. That's why a boycott/strike will still be effective. They don't need money anymore but will still bend over backwards for it.
>If you don’t want that to happen, then you’ll need to help build an alternative.
I want to help. Not sure what I can do to help, though. Seems like simply calling my reps is talking to the wind.
And you seem to have been fooled into thinking all victims are powerless.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
Rocket is obvious and spectacular. Those are for amateurs.
A journalist got beaten up to the brink of death and will never walk again by 'unknown perpetrators'? Well, it's a dangerous country, and he had it coming, maybe some concerned citizens went a bit too far, but our dear leader cannot watch over everybody.
Scaling: do you think other journalists will not take notice?
And he will still be alive to reminder them how they may end up.
If you want to see how far imagination can go here, look up Artyom Kamardin and think how would you behave after hearing his story .
And turns out power-tripping men offered raw power over other humans on threat of violence is something they like.
And ICE? Remember J6 and Three Percenter's and all those right wing militias? They ended up in ICE. Same reasons.
Meanwhile, regular cops have been doing the same awful things that they've always been doing, literally at the command of Democratic mayors who are pompously declaring that they won't enforce immigration law in speeches. They'll send cops to throw your shit into the street when your rent suddenly doubles, and won't report an illegal immigrant felon (whose history we know nothing about) to ICE.
Organized white supremacists are nobodies with no power, they're all over the military, the cops, prison guards, and ICE. Meanwhile, Parchman Farm in Mississippi doesn't even report the people who are dying there, and has plastic all over the floors because the roofs are open to the elements. That's just legal American black people who this country actually owes something to, though. That was trendy like five years ago, it's so over now.
Now you obviously shouldn't set social justice aside, and given the choice, I absolutely prefer the capitalist hellscape where my friends and I are not being rounded up and killed, but that's a REMARKABLY low standard I've had to settle on as a voter.
The Democrats and Republicans both are different approaches for the same billionaire class.
They're not "opposite sides of the same coin". Instead, they're more akin to 2 sock puppets. One wears red, and the other blue.
Like the Trump tariffs? They were initially Biden's tariffs that Trump increased and extended. Different clothes, same game.
But I'd be willing to try a good run with democratic socialism, or hell, communism. What we have is the cushy gold-parachute socialism for the elite, and unabashed hardcore capitalism for the poorest. And that fucking sucks. Burn it down.
That was from a quick search, no doubt there's more. Now it gets down to trust issues on reporting.
"Disabled spending" already happened to the people in the ICC that acted contrary to Trump's diktats[0], without the need for a digital panopticon, both the banks and the government know who you are.
[0] https://www.irishtimes.com/world/us/2025/12/12/its-surreal-u...
Never stopped people overengineering :P
> Nobody stops the government from sending goons to your door right now for a snarky comment.
This is just dumb. They literally don't know who wrote it, and have to assign somebody to track you down. The fact that they're putting infrastructure on your computer and on the network to make this one click away for them matters.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Also keep in mind keystroke dynamics can probably do that too and has been a topic of study in one form or another since the nineteenth century vis-a-vis telegraph operators.
Cpt America in the Winter Soldier
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Watch as apps refuse to work when you deny them permission. Also the OS (and “privileged apps”) don’t ask for permission, they have full unfettered access to everything already.
If you can't trust the OS, you have bigger issues than it knowing whether you're 18 or not. At the very least it has a camera pointed at you at all moments you're using it, and can eavesdrop in all your conversations.
If your OS prevented encryption, because one of the anti-encryption laws got passed, would you still trust its privacy and security?
lol.
> Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
Slippery slope, but an interesting argument. While SteamOS is a thing, Steam isn't my OS.
> Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Really? You think that things built decades ago can't be further built-upon in the now or the future?
You mean non slippery slope?
>Really? You think that things built decades ago can't be further built-upon in the now or the future?
If there's no deadlines for predilections, how can we score them? Should we still be worried about some yet undiscovered way that cell phones are causing cancer, despite decades of apparently no harmful side effects?
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
I do think there is a stronger case against the next under-18 Aaron Swartz, who will get hit with 200 felonies for setting his age wrong (one felony per app/service) after pissing off someone important.
If I get arrested for lying about my age, when I'm of age, then they could probably get me on a whim already anyway. No point in trying to fall in line.
Arguably they would be more materially advantaged if they were forced to KYC/validate ages, not the platform; because sure, there's a cost to doing it, but presumably having hard data on who your customer actually is, with age and address and everything, is worth a lot more than the verification cost. And being able to say "We're legally required to gather this" gives a lot of PR cover (even though it'd be followed with "but we're giddy to do so and we will abuse this data and you every way we possibly can. No one at Meta believes you are human. We hate you as much as you hate us, but we're stuck in this together, endlessly loathing the supernatural force that keeps us working together.")
But, On the flip side: I also don't doubt that Meta is doing this, because the purpose of a system is what it does, and the leadership at Meta has done nothing in the past four years to demonstrate that they're capable of cogent thought and execution. We want to believe there's some evil plan, and maybe there is, but in all likelihood one day we'll learn that they're just... unintelligent.
These laws, that attempt to move "age verification" into the OS, 100% absolve Meta (and all the Meta owned "properties") from any legal liability so long as all of Meta's app's follow the law's required "ask the OS for the age signal of the user".
Any "bad stuff" which then gets shown to "underage users" then becomes "not Meta's fault, they followed the legally proscribed way to check the age of the user, and the OS said this user was 'old enough'" and Apple/Google then get to shoulder the liability (and pay out for the class action lawsuits) for failing to provide a proper age signal.
That's the "material advantage" gained by Meta by pushing these laws.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
The auth server would lie in Colorado. The FS server, in New Mexico. The CPU server, in Nevada. The terminal (the client), in Alaska. Shut down and repeat at random. Watch the lobbies collapsing down tring to sue that monster.
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a "grassroots" child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta's apps face zero new mandates.
We should also update all FOSS license terms to explicitly exclude Meta or any affilites from using any software licensed under them.
Heck, Linus Torvalds should just add an amendment to the next release of the Linux Kernel that makes it illegal to use in any jurisdiction that requires age verification laws.
This would obviously cause such a massive disruption (especially in California) that the age laws would have to be rolled back immediately.
This seems like a no-brainer to me but I am admittedly ignorant on this situation. I'm sure there's a good reason why this isn't happening if anyone cares to explain.
If it's not (fully) your code, you aren't free to set the licence conditions; Linus can't do that without getting approval from 100% (not 99% or so) of authors who contributed code.
What one can do is add an informative disclaimer saying "To the best of our knowledge, installing or running this thing in California is prohibited - we permit to do whatever you want with it, but how you'll comply with that law is your business".
It also helps when you take an offender to court. If I contribute to a project but don't assign copyright, then they cannot take offenders to court if my code was copied illegally. The burden is on me to do so.
Of course, all code released prior to the change still remains on the original license.
A "Linux distro" is not the Linux kernel. It's possible for some distros to add such license terms to their distribution media, but others like Debian and Debian-based ones adhere to the GPL so no go.
"Every OS provider must then: provide an interface at account setup collecting a birth date or age, and expose a real-time API that broadcasts the user's age bracket (under 13, 13 to 15, 16 to 17, 18+) to any application running on the system."
Debian, Ubuntu, etc., they'll all fall right in line because the clear and immediate losses will outweigh any PR issue.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
5. No Discrimination Against Persons or Groups
The license must not discriminate against any person or group of persons.If this was somehow introduced without anyone noticing and deployed, imagine the damage it would cause.
If we're fantasizing here, I like to imagine two major OS makers trying to comply these laws, fail miserably, and let FOSS OSes and kernels more recognition in the desktop market.
Ideally, getting these servers to auto turn off the day this goes into effect ("In compliance with this new law, Linux is now temporarily unusable. Please <call to action>.") would be glorious for getting the bill staved off, or killed.
It would hurt some productivity, but that is a risk these lawmakers taking donations are probably willing to make.
I know. That's exactly the point.
In such situations where one party (Meta) has enough money to lobby and is playing dirty, it's a massively asymmetric situation. In such cases, if you really want to make sure you're heard (which I'm not sure distributers want or care about tbh), you've got to play the game too.
Malicious compliance, if you will.
PS: For a "practical" variant, simply a warning might be sufficient - given how many hospitals/critical infra uses linux. For eg "There is a chance this server will fail to work on x date due to this y law. Not as glamorous/all-guns-blazing, but probably much more sensible and practical.
PPS: For an even more "safer" variant, one could go "Post x, please note that using linux/this server is a violation of law y. Please turn off the server yourself manually. Failure to comply with these instructions and violating the law will be borne entirely by the (no informed) sysadmin/manglement.
What exactly do you think Linux is? I would say that Linux would be forked in like 2 seconds, a bunch of different companies would start offering "attested Linux," and all you'd have to do was change your repos and update.
I would say that, but what would really happen is that we'd find out that Canonical, Red Hat, and a bunch of other distributions had been talking to the government for a year behind closed doors and they're already ready to roll out attested Linux. Debian would argue about it for six months, and then do the same thing. Hell, systemd will require age attestation as a dependency. Devuan and any other stubborn distribution would face 9000 federal lawsuits, while having domain names blocked, and the Chinese hardware necessary to run them seized at the ports with the receivers locked up on terrorism charges.
I have no idea where the confidence of the IT tech comes from. You (we) are something between a mechanic and a highly-skilled janitor.
Update the terms to indicate that you can do what you want, but this OS is probably not compliant with states run by evil dipshits.
EDIT: why is it deleted now?
In the real world, professional media organizations regularly expose corruption. More often than not? No idea. But to pretend they only engage in cover-ups is cynical fatalism.
https://web.archive.org/web/20260313125244/https://old.reddi...
The patches on top of this are really bad. For instance, we are seeing "AI" biometric video detectors with a margin-of-error of 5-7 years (meaning the validation studies say when the AI says you're 23-25 you can be considered 18+), totally inadequate to do the job this new legislation demands.
Anthropic donated $20 million to Public First Action, a PAC that promotes Republican Senator Marsha Blackburn and her sponsored Kids Online Safety Act (KOSA), a bill that will force everyone to scan their faces and IDs to use the internet under the guise of saving the children.
The legislative angle taken by companies like Anthropic is that they will provide the censorship gatekeeping infrastructure to scan all user-generated content that gets posted online for "appropriateness", guaranteeing AI providers a constant firehose of novel content they can train on and get paid for the free training. AI companies will also get paid to train on videos of everyone's faces and IDs.
As for why Blackburn supports KOSA:
Asked what conservatives’ top priorities should be right now, Senator Blackburn answered, “protecting minor children from the transgender [sic] in this culture and that influence.” She then talked about how KOSA could address this problem, and named social media platforms as places “where children are being indoctrinated.”
If Anthropic, the PACs it supports and Blackburn get their way with KOSA, the end result will be that anything posted on the internet will be able to be traced back to you.
Not saying I think it's a good idea to provide the year of birth to all sites, but (session ID, year of birth) is the only information they would need. The problem is proving who's behind the keyboard at the time of asking, which would require challenge-response, and is why I think this should be an online platform, not a hardware PKI gadget with keys inevitably tied to individuals.
No, enforcing privacy is not hard, all it takes is imposing penalties _much greater than_ those financial incentives.
The linked post talks about the effectiveness of AIPAC but fails to mention how much is spent by say, Palestinian interest groups. Perhaps there's a good reason for this: do Palestinian groups have any money to spend on US elections? Try fundraising in Gaza right now.
Likewise, business interest groups have a lot more money to spend on elections than, say, environmental groups. The latter have to beg for small donations from individuals just to stay afloat. Thus, it's relatively easy for business groups to outspend environmental groups. To win an auction, you just have to be the highest bidder.
They may on paper, but of course a lot of money goes to dividing us up come election time. What you are suggesting is no shortcut - it would rather be almost like inventing an alternative political party.
I think there might be a way to make it work, however you would have to be very aware and plan for a way to not reinvent the same losing dynamics. It might not be possible.
Gulf states have little to nothing in common with Palestinians. Citizens of most gulf states are born into relative wealth merely by the fact their countries are rich in petrodollars. They build lavish cities and have standards of living (for their citizens) that increasingly put the West to shame. They are "diversifying" from oil by building massive AI datacenters and essentially catering to Westerners who want to live unencumbered by Western pretensions of civic duty, avoid taxes in their home countries, etc. They make deals with the Israelis and have for over a decade now, even if under the table. They buy American weapons, their elites have frequently been educated at the most exclusive British or American universities. They like expensive Italian cars. Money is money.
Meanwhile Palestinians are born poor, in a failed state with no autonomy. Some UAE crypto influencer is yolo gambling away more money than most Palestinian kids will see in their lifetimes. They live under an occupation and have basically no rights in that regard. They are poor. Just google image a picture of Gaza vs the UAE. It just doesn't even compare. Maybe on some level they are both Arabs. But the same rule applies. Money is money.
The gulf state governments gave up on trying to care about them many many decades ago. They realized it was cheaper (and more prosperous) to go along to get along with the United States and Israel. If they hadn't, their capitals might look like Tehran right now. Over the years it became easy to blame other people for the problem - Iran, even the Palestinians themselves. They have long since washed their hands of caring.
Don't conflate the Gulf States with Palestinians, or associate them with anyone on the losing side of anything when it comes to money and power. They are as corrupt and bought-in to this system of wealth/might makes right as anyone.
The biggest shocker to me has been just how "cheap" a lot of people are to buy off. Mandelson is complaining about air miles FFS. So much of this is a few thousand here, some fancy tickets there, a jet ride elsewhere, etc. In my mind it was always much, much bigger sums that people were selling their countries & souls out for, sadly, it turns out a lot of people, even in really high positions, are shockingly cheap.
[1] https://en.wikipedia.org/wiki/Relationship_of_Peter_Mandelso...
That's a wildly low sum of money for a 5 minute personal call, let alone even a modest intervention.
"You implemented a law that enables vibe-coding pedophiles to deploy apps that find all the children. Please resign."
I’d write my senator but they won’t do shit. Is there anything that can seriously be done?
Do you know how democracy works? There are these people called representatives. They are hired by you. They pass laws. They only get to continue having a job if people like you vote for them. When you tell them "I don't like the law you are passing", they are hearing "the people who hire me are angry with me". The more people that are angry at what they're doing, the more their job is at risk.
They do what the lobbyists say because somebody else is doing the work, and they get paid (by the lobbyist). But they won't have a job to get paid for if the voters don't vote for them again. So your entire defense against tyranny and bad laws is you speaking out. If you never talk to your reps (or vote), you're telling them you don't care what kind of government it is, and they really will do whatever they want.
You have to tell them how you feel, along with all the rest of us. That's the only power we have.
In addition to that, tell everyone you know. Your friends, family, coworkers, the dude running the local gas station. Explain to them why government-mandated surveillance of everything they do on a computer is a bad idea. Ask them to talk to their reps.
Ideas? Time to spin up a local LLM for some editing advice.
Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you're over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor's cloud. The EU's Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don't act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.
The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.
https://en.wikipedia.org/wiki/Qualified_website_authenticati...
QWAC certs are only for "high value" sites: banks, government services, etc. They can only be issued by "Qualified Trust Service Providers" (e.g. digisign, D-TRUST, etc -- not governments), and cost many hundreds of euros. Your blog and mastodon instance and 98% of businesses just aren't affected.
People operating in "high risk" sectors that need access to payment infra (porn, drugs, etc) are, as always, going to have a hard time. That's a worthy conversation, but nothing about QWAC or eIDAS is about "the government not issuing certs to people they don't like".
Secure Boot is just a technology for those that need it, until Microsoft decides it's mandatory for everyone.
What you have in the EU is this: https://noyb.eu/en/project/dpa/dpc-ireland
> Now that the mask has fully fallen, we have to take every step possible to root out American influence.
You have literal rogue states in your union that neutralize the entirety of it, as the above shows. It's a joke. The EU is a joke. A single country is enough to mean US tech can do whatever it wants, similarly a single other country is enough to mean Russia can largely do what it wants.
The others are of course in on it too. Which is why for all the empty EU talk on US big tech you've never heard them talk about the Irish DPA and what they all enable. Strange right? Would think that this would be a priority. But it shows that even if the rest weren't in on it, just one country would be enough. And it could even be a tiny place like Luxembourg.
Laws and regulations aren't worth the paper they're written on if they're not enforced. The current ones aren't enforced at all, why would any new ones be? Did you know that there was a long period where hosting European citizens' PII on US-controlled servers (like Amazon instances in Europe) was illegal, after the "Privacy Shield" was deemed unlawful? No one cared. Did you know that this is currently the case again, because the thing that replaced it has once again had its basis ripped out from under it by Trump? Once again, no one cares, and indeed EU governments and corporations are _still_ making migrations _to_ US clouds.
Not that it matters, within a few years RN will be running France and AfD will be running Germany and you don't have to pretend any more as the "mask will have fallen" just as much.
No offline devices. Commercial vendors get your biometric data (and the equivalent of your driver's license / SSN). Every application on the OS can query your data.
If you think it stops with one bill, after they get all the infrastructure for this in place? You're fooling yourself. The whole point of this is to identify you, on every web page you visit, every app you open, on every device you own. Once bills are passed, it's very hard to get them revoked or nullified.
This is the most aggregious, authoritarian, Big Brother government surveillance system ever devised, and it's already law. I am fucking terrified.
(Yes, the EU has a less horrifying version of this. But Google, Apple, and Microsoft still control most of the devices in the world, and they are US companies.)
Because it's hopeless? It's been proven time and time again there's nothing the average person can do to fight this sort of thing.
It's just better to sit back and watch as everything gets ruined.
You literally live in a Democracy. There's 5.8 billion people on this planet who wish they had the kind of power you have. If you give up your rights without a fight, you don't deserve them.
Instead of just creating a course that explains how to child-proof a device, we have to surveil everyone.
It's to save the kids.
We care about the kids. We don't bomb them.
https://www.robpanico.com/articles/display/presence-derived-...
(posting link because it would be too much for a comment)
And a serious question: with deepest respect to the author for their extraordinarily impressive time and effort in this investigation... Why was this not already flagged by political reporters or investigative journalists? I'm not American so maybe I don't understand the media structure over there but it feels like SOMEONE should have been all over this way before it's gotten to the point described in this post.
one scary observation is that each year, less and less people care. at least, this is true among my students. plenty of them believe the 'protect the children' line and are more than willing to do whatever the government/big tech suggests. or they just shrug ("what difference would i make?").
for context, i teach at a college level, in tech. a few of my classes are from the cybersec program, one of the programs that should understand and care about the implications of bills like these, and even the majority of them do not care about this stuff anymore. they grew up with instagram and facebook and cameras everywhere. they grew up knowing that any little fuck up they have is recorded and posted online. they know that by the time they go to college, all of their data has already been leaked a few times. they never really had an expectation of privacy in the first place, so it just isnt a big deal.
as someone who interacts with this next generation of "hackers" on a daily basis... the concept of cypherpunk is gone. i got into this field because of my beliefs. they are going into this field because they want a chance at buying a house some day, and know that big tech has big bucks.
i am tired. and i recognize that this is exactly what they (lobbyists, meta, etc.) want! but i am tired and discouraged. more and more i find myself having to actively fight the urge to give up. i am not ready to give up just yet... but, i am sorry to say that as someone closer to retirement than i am comfortable admitting, i only have so much energy left.
But sometimes very few people can make a difference.
Its like they want to keep being seen as the bad guys.
And responses to some common criticisms of the idea: https://news.ycombinator.com/item?id=46459959
I also forgot to mention in my original post that the token issuer is not a monopoly. Any company that wants to participate can do so, just like there are many brands of tobacco and alcohol. Require websites to accept at least 5 providers to ensure competition.
To be clear though if it's being used as wedge for privacy violation then it should not exist at all. And from reading TFA preventing that may need a similarly coordinated counter-effort.
On a spectrum of options, no verification is the least privacy intrusive. Baking it in at the OS level or forcing passport uploads are the most intrusive. My proposal is in the middle.
A determined actor could maybe follow you to the store when you purchase your verification code, take a quick picture with a powerful camera (or bribe the store to do it sneakily) and unmask you online. But there's no way to do it at scale. And if you buy the code from a reseller (ask a panhandler to buy one for you, perhaps) then it's even more robust.
Why?
Are you serious? Because this comment doesn't make it sound like you're serious.
EULAs and the like allow adults to simply click "I accept". That's apparently the way contracts work these days. Speaking of contracts: children aren't allowed to sign contracts. So those apps that children are using with EULAs? It's absurd to allow adults to simply click "I accept". We need to have "acceptance verification" laws to prevent this kind of abuse.
It's also absurd to allow children to simply enter a church. Churches teach dangerous thoughts. Have you read their books?! Those books have sex, murder, theft! Think of the children! There's many kinds of religions and we need to track the religion bracket of our children. It's absurd to allow a child to simply click "I am Christian." Nowhere else works like this. We need to have "religious verification" laws to prevent this kind of abuse.
What you want isn't conducive to a "high trust" society [0].
[0]: https://en.wikipedia.org/wiki/High-trust_and_low-trust_socie...
In history we had four media revolutions (printing press, radio, television, Internet), each greatly disrupting and reshaping society. This is the fifth (social media and maybe AI).
All these revolutions had the same theme: increased reach of information, increased speed of transmission, increased density (information amount per unit of time), and centralization of information sources. Now we seem to reach the limits of change. No more reach, since our information networks span the entire globe. No more speed, since transmission times are close to how fast we can perceive things. The only things left to change are even more centralization and tighter feedback loops (changing the information based on how the recipient reacts).
Given all that, this media revolution might be the last one, so there is a gold rush among the elites to come out on top.
$70 million is chump change for Meta, yet is far more money than I’ll ever have and does so much to influence state legislation.
I remember from peak net neutrality discussions during trump 1 maybe around 2017-2018 ant saw an article on theverge.com (that cannot find now) and biggest sum to individual politician was around $200k, when median values were much much lower.
Politicians are selling tens of billions of dollars (if not hundreds of billions) worth of revenue to ISPs for couple or dozen million. Literally 1000x return on investment (if successful).
I remember local politician (I am not from US) got caught taking 100k bribe from a company for helping with alleged highway construction procurement. Project was valued ~1B - 10 000x return on investment (if they wouldn't have been caught).
[1] I am sorry, not "corruption", but "lobbying".
she ended up resigning in a scandal caused by her husband accepting a boat (or work on the boat..i don't remember). the scandal was caused by the amount of the bribe. it was too low. the Turkish people could understand some corruption, but to be able to bribe the top leader for $50k. Unacceptable. If it would have been $100 million, it would not have been a scandal.
Rinse and repeat. Unless, politicians band together and say "we need the full ROI of your project, and NONE of us will even talk to you unless we get half the profits, and you can't primary all of us at once"
The very last people you should trust when it comes to "protecting the children."
(Maybe some unspoken element of concern over social media bots, too - as they evolve from spamming copy+pasted comments to being near-indistinguisable from actual human accounts?)
But generally speaking, online age verification is one of those issues where the left-right ideological divide doesn't map neatly. People support and oppose it for various different reasons. Much like the assisted suicide issue.
Corporations literally buy the laws they want and Silicon Valley is the newest lobbying monster. Genuinely terrifying.
Clicking through to the "findings" shows that they didn't even try to feed proper data into Claude when the AI bot was blocked or couldn't access the documents. Some examples:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So Claude then goes on to propose "Potential Role" that postulates connections might exist, but then caveats it by saying that no evidence was found:
> This negative finding is inconclusive due to inability to access Schedule I grant detail data in the actual 990 filings (PDF downloads returned 403 errors, and ProPublica's filing viewer loads data dynamically).
This is what happens when you try to lead an LLM toward a conclusion and it behaves as if your conclusion is true. Hacker News is usually quick to dismiss incomplete and lazy LLM content. I assume this is getting upvotes because it's easy to turn a blind eye to the obvious LLM problems when the output is agreeing with something you believe.
You're not missing anything. It's just an AI generated summary of the original GitHub link https://github.com/upper-up/meta-lobbying-and-other-findings
I found the original article much easier to read anyways
AutoModerator on /r/linux is set up to automatically remove posts after a set amount of reports.
Fuck Reddit
It is like in the novel 1984. But stupid. Probably more like minority report - but also stupid. All aided by Meta bribing lobbyists to do their bidding.
https://news.ycombinator.com/item?id=47361235
https://github.com/upper-up/meta-lobbying-and-other-findings...
At least the author posted a link to the dataset in a comment so it survived:
https://github.com/upper-up/meta-lobbying-and-other-findings
Have at it Meta, you broke it you most certainly bought it!
Digital-ID (Aadhar) was heavily pushed by USAID and other US-deepstate associates; the same with digital-money and the "demonetization". Bill Gates's org actively tests out things on actual humans like guinea pigs, before globalizing the "solutions". These days all of this is kind of redundant since the phone-number + verification has become essentially a necessity to live in the city in any part of world today.
The prev. Govt. had considered doing this "login with your ID or no internet" scheme (to "protect" people no doubt) back in 2012s - there were explicit statements about disallowing people who would not authenticate with Aadhar, but it was shelved (likely because of their unpopularity).
If our current "Dear Leader" were to propose this, I think a significant population would opt-in simply because of a sense of belonging to a hero-worship-cult.
The state is determined to ensure that every human be their slave.
The reason is that europeans have nothing to win from those "winner-take-all" platforms the US has built in the past decades. Europe has built zero of them.
It contributes very little to Europe's GDP or the overall being of the european. And in some cases, it eats Europe's GDP, moving economic activity back to the US. This is different than for Americans which big tech is a net-positive contributor to society in my POV, mainly because how much economic activity $ it generates.
Big techs provide huge paychecks and made a lot of people rich in the US, and most of its GDP growth in the last decade. But it's a double-edged sword.
They will make laws in favor of them in detriment of the average American, while minting more billionaries than Europe could ever dream of.
Europe will take a long time to get the digital revolution the US already did, but it'll mostly come from regulations and government initiatives. And will be net-positive for humans living in Euope, not for owners of corporations.
Which "most of Europe" would that be? Switzerland and handful of northern countries? Because it is definitely not Germany or several "you can't access half of the internet during times when twenty men kicking a ball on a field" southern states.
Psychology has a higher success rate...just tell them that their parents use it....
There are many systems where accuracy is loose and that is its core feature...for example postal addresses worldwide...I can a mistake in the address but the letter or package will still get there...
That's when you know the new world has begun.
I don't see it as coincidence that with all these laws passing, suddenly he announces a secure, "controlled", "locked down" version of systemd. Why, RedHat and Ubuntu can simply drop in this new variant, pay a small fee, and be done with compliance.
I want to open my wallet. It should be the top comment.
If everybody who cared to and lived in the affected districts called they would kill the bill just to clear their phone-lines.
And it snowballs, the more favorable laws someone buys, the more favorable their position, and the more they can buy in the future. The transition from "democratic facade" to "outright oligarchy" will be swift and seamless.
https://github.com/upper-up/meta-lobbying-and-other-findings
Zero-knowledge proofs are the way to go for this type of thing, I find it mind-boggling that the US lets itself be bamboozled into complete lack of privacy.
My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.
Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS
To be honest, I worry that the framing of this legislation and ZKP generally presents a false dichotomy, where second-option bias[1] prevails because of the draconian first option.
There's always another option: don't implement age verification laws at all.
App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried.
[1] https://rationalwiki.org/wiki/Appeal_to_the_minority#Second-...
Why not? Physical businesses have liability if they provide age restricted items to children. As far as I know, strip clubs are liable for who enters. Selling alcohol to a child carries personal criminal liability for store clerks. Assuming society decides to restrict something from children, why should online businesses be exempt?
On who should be responsible, parents or businesses, historically the answer has been both. Parents have decision making authority. Businesses must not undermine that by providing service to minors.
This implies the creation of an infrastructure for the total surveillance of citizens, unlike age verification by physical businesses.
How do you reconcile porn sites as a line in the sand with things like banking or online real estate transactions or applying for an apartment already performing ID checks? The verification infrastructure is already in place. It's mundane. In fact the apartment one is probably more offensive because they'll likely make you do their online thing even if you could just walk in and show ID.
I mean, we're talking about age verification in the OS itself in some of these laws, so tell me how it doesn't.
Quantity is a quality. We're not just seeing it for porn, it's moving to social media in general. Politicians are already talking about it for all sites that allow posts, that would include this site.
So you tell me.
California is also stupid for creating liability for service/app providers that don't even deal in age restricted apps, like calculators or maps. It's playing right into the "this affects the whole Internet/all of computing" narrative when in fact it's really a small set of businesses that are causing issues and should be subject to regulation.
There is also the problem of mission creep. Once the infrastructure is in place, to control access to age-restricted content, other services might become out of reach. In particular, anonymous usage of online forums might no longer be possible.
OS-level ability to verify the age of the person using it absolutely provides infrastructure for the OS to verify all sorts of other things. Citizenship, identity, you name it. When it's at the OS level there's no way to do anything privately on that machine ever again.
Ok, suppose the strip club is the website, and the club's door is the OS.
Would you fine the door's manufacturer for teens getting into the strip club?
How do we fight? It seems like agree or disagree, this isn't going to stop. There's so much money behind it in a time where the have nots can barely survive as is.
These are often clear cut. They're physical controlled items. Tobacco, alcohol, guns, physical porn, and sometimes things like spray paint.
The internet is not. There are people who believe discussions about human sexuality (ie "how do I know if I'm gay?") should be age restricted. There are people who believe any discussion about the human form should be age restricted. What about discussions of other forms of government? Plenty would prefer their children not be able to learn about communism from anywhere other than the Victims of Communism Memorial Foundation.
The landscape of age restricting information is infinitely more complex than age restricting physical items. This complexity enables certain actors to censor wide swaths of information due to a provider's fear of liability.
This is closer to a law that says "if a store sells an item that is used to damage property whatsoever, they are liable", so now the store owner must fear the full can of soda could be used to break a window.
So again, assuming we have decided to restrict something (and there are clear lines online too like commercial porn sites, or sites that sell alcohol (which already comes with an ID check!)), why isn't liability for online providers the obvious conclusion?
The crux is we cannot decide what is protected speech, and even things that are protected speech are still considered adult content.
> why isn't liability for online providers the obvious conclusion?
We tried. The providers with power and money(Meta) are funding these bills. They want to avoid all liability while continuing to design platforms that degrade society.
This may be a little tin-foil hat of me, but I don't think these bills are about porn at all. They're about how the last few years people were able to see all the gory details of the conflict in Gaza.
The US stopped letting a majority of journalists embed with the military. In the last few decades it's been easier for journalists to embed with the Taliban than the US Military.
The US Gov learned from Vietnam that showing people what they're doing cuts the domestic support. I've seen people suggesting it's bad for Bellingcat to report on the US strike of the girls school because it would hurt morale at home.
The end goal is labeling content covering wars/conflicts as "adult content". Removing any teenagers from the material reality of international affairs, while also creating a barrier for adults to see this content. Those who pass the barrier will then be more accurately tracked via these measures.
Anatomical reference material for artists with real nude models?
What about Sexual education materials? Medical textbooks?
Women baring their breasts in NYC where it's legal?
Where is the clear cut line of Pornography? At what point do we say any depiction of a human body is pornographic?
Plenty of people would prefer that children not learn about scientology from pro-scientology cultists too. It's not that they can't know about scientology (they probably should, in fact, because knowledge can have an immunizing effect against cults)...
And it's not that they can't know about communism (they probably should, in fact, because knowledge can have an immunizing effect against cults)...
This is a comment section about large corporations lobbying against our ability to freely use computers and you break out the 80's cold war propaganda edition of understanding a complicated economic system that intertwines with methodology for historical analysis with various levels of implementations from a governmental level.
You're either a mark or trying to find a mark.
Physical businesses nominally aren't selling their items to people across state or country borders.
Of course, we threw that out when we decided people could buy things online. How'd that tax loophole turn out?
It turned out we pretty much closed the tax loophole. I don't remember an online purchase with no sales tax since the mid 00s.
App and website operators should add one static header. [1] That's it, nothing more. Site operators could do this in their sleep.
User-agents must look for said header [1] and activate parental controls if they were enabled on the device by a parent. That's it, nothing more. No signalling to a website, no leaking data, no tracking, no identifying. A junior developer could do this in their sleep.
None of this will happen of course as bribery (lobbying) is involved.
The real answer to the problem is for websites/appstores to publish tags that are legally binding assertions of age appropriateness, and then browsers/systems can be configured to use those tags to only show appropriate content to their intended user.
This also gives parents the ability to additionally decide other types of websites are not suitable for their children, rather than trusting websites themselves to make that decision within the context of their regulatory capture. For example imagine a Facebook4Kidz website that vets posts as being age appropriate, but does nothing to alleviate the dopamine drip mechanics.
There has been a market failure here, so it wouldn't be unreasonable for legislation to dictate that large websites must implement these tags (over a certain number of users), and that popular mobile operating systems / browsers implement the parental controls functionality. But there would be no need to cover all websites and operating systems - untagged websites fail as unavailable in the kid-appropriate browsers, and parents would only give devices with parental controls enabled to their kids.
Agreed, recycling a comment: on reasons for it to be that way:
___________
1. Most of the dollar costs of making it all happen will be paid by the people who actually need/use the feature.
2. No toxic Orwellian panopticon.
3. Key enforcement falls into a realm non-technical parents can actually observe and act upon: What device is little Timmy holding?
4. Every site in the world will not need a monthly update to handle Elbonia's rite of manhood on the 17th lunar year to make it permitted to see bare ankles. Instead, parents of that region/religion can download their own damn plugin.
To expand on your #3, it also gives parents a way to have different policies on different devices for the same child. Perhaps absolutely no social media on their phone (which is always drawing them, and can be used in private when they're supposed to be doing something else), but allowing it on a desktop computer in an observable area (ie accountability).
The way the proposed legislation is made, once companies have cleared the hurdle of what the law requires, parents are then left up to the mercy of whatever the companies deem appropriate for their kids. Which isn't terribly surprising for regulatory capture legislation! But since it's branded with protecting kids and helping parents, we need to be shouting about all the ways it actually undermines those goals.
Where do you go to vote for this option?
Surely you can find a rationalwiki article for your fallacy too.
In fact, I suspect adults, and not just children, would also appreciate it if the pervasive surveillance was simply banned, instead of trying to age gate it. Why should bad actors be allowed to prey on adults?
The 2 billion dollars are the one twisting it.
Also, I heard the same thing about video games, TV shows, D&D, texting and even youth novels. It's yet another moral panic.
From the Guardian[1]:
> Social media time does not increase teenagers’ mental health problems – study
> Research finds no evidence heavier social media use or more gaming increases symptoms of anxiety or depression
> Screen time spent gaming or on social media does not cause mental health problems in teenagers, according to a large-scale study.
> With ministers in the UK considering whether to follow Australia’s example by banning social media use for under-16s, the findings challenge concerns that long periods spent gaming or scrolling TikTok or Instagram are driving an increase in teenagers’ depression, anxiety and other mental health conditions.
> Researchers at the University of Manchester followed 25,000 11- to 14-year-olds over three school years, tracking their self-reported social media habits, gaming frequency and emotional difficulties to find out whether technology use genuinely predicted later mental health difficulties.
From Nature[2]:
> Time spent on social media among the least influential factors in adolescent mental health
From the Atlantic[3] with citations in the article:
> The Panic Over Smartphones Doesn’t Help Teens, It may only make things worse.
> I am a developmental psychologist[4], and for the past 20 years, I have worked to identify how children develop mental illnesses. Since 2008, I have studied 10-to-15-year-olds using their mobile phones, with the goal of testing how a wide range of their daily experiences, including their digital-technology use, influences their mental health. My colleagues and I have repeatedly failed to find[5] compelling support for the claim that digital-technology use is a major contributor to adolescent depression and other mental-health symptoms.
> Many other researchers have found the same[6]. In fact, a recent[6] study and a review of research[7] on social media and depression concluded that social media is one of the least influential factors in predicting adolescents’ mental health. The most influential factors include a family history of mental disorder; early exposure to adversity, such as violence and discrimination; and school- and family-related stressors, among others. At the end of last year, the National Academies of Sciences, Engineering, and Medicine released a report[8] concluding, “Available research that links social media to health shows small effects and weak associations, which may be influenced by a combination of good and bad experiences. Contrary to the current cultural narrative that social media is universally harmful to adolescents, the reality is more complicated.”
[1] https://www.theguardian.com/media/2026/jan/14/social-media-t...
[2] https://www.nature.com/articles/s44220-023-00063-7
[3] https://www.theatlantic.com/technology/archive/2024/05/candi...
[5] https://pubmed.ncbi.nlm.nih.gov/31929951/
[6] https://www.nature.com/articles/s44220-023-00063-7#:~:text=G...
[7] https://pubmed.ncbi.nlm.nih.gov/32734903/
[8] https://nap.nationalacademies.org/resource/27396/Highlights_...
Recent posters here are clear that porn sites are setting every available signal that they are serving adult-only content.
According to them, you are targeting the wrong audience.
Facebook/Instagram studying how to get young users addicted should be of greater concern. I have my doubts about the effectiveness of age-based blocking there, though.
Yeah quite the opposite. Once they have that formalized attestation they will move in like sharks.
> give parents the ABILITY to advertise the users age to browsers, apps and everything in between.
Accounts and Applications to services that provide countent are set to a country-specific age rating restrictions (PG, 12+, 18+, whatever). That's it.
None of the things you mentioned have any point to concern themself with the age or age-bracket of the user in front of the device. This can and will be abused. This is very obvious. Think about it.
So on the Sony consoles I created an account for my child and guess what they have implemented some stuff to block children from adult content on some stuff.
So if Big Tech would actually want to prevent laws to be created could make it easy for a parent to setup the account for a child (most children this days have mobile stuff and consoles so they could start with those), we just need the browsers to read the age flag from the OS and put it in a header, then the websites owners can respect that flag.
I know that someone would say that some clever teen would crack their locked down windows/linux to change the flag but this is a super rare case, we should start with the 99% cases, mobile phones and consoles are already locked down so an OS API that tells the browser if this is an child account and a browser header would solve the issue, most porn websites or similar adult sites would have no reason not to respect this header , it would make their job easier then say Steam having to always popup a birth date thing when a game is mature.
Let's go back to parenting: yes, world is a scary place if you get into it unprepared.
Permission restricted registry entry (already exists) and a syscall that reads it (already exists) for windows and a file that requires sudo to edit (already exists) and a syscall to read it (already exists). Works on every distro automatically as well including android phones since they run the linux kernel anyway. Apple can figure it out and they already have appleid.
Responsibility should be on the website to not provide the content if the header is sent with an inappropriate age, and for the parent to set it up on the device, or to not provide a child a device without child-safe restrictions.
It seems very obviously simple to me, and I don't see why any of these other systems have gained steam everywhere all of a sudden (apart from a desire to enhance tracking).
Morals like owning slaves, right?
A moral system that requires everyone to be white Christian males isn't a moral system, it's a theocracy.
Meh, I use it, but it's super annoying and I think that with my Daughter I'll take a different approach (but it will be some years before that is relevant).
On Android: The kid can easily go on Snapchat (after approval of install of course, and then you can just see their "friends") before Pokemon Go (just a pain to get working, it keeps presenting some borked version which led to a lot of confusion at first). I just lied about his age in a bunch of places at some point. Snapchat is horrible and sick from our experiences in the first week.
On Windows: It's a curated set of websites (and no FireFox) or access to everything. It's not even workable for just school. Granting kids access to our own minercraft servers: My god, I felt dirty about what the other parents had to go through to enable that.
This is a hobby horse of mine to the point that coworkers probably wish I'd just stfu about Minecraft - but holy shit is it crazy how many different things you need to get right to get kids playing together.
I genuinely have no idea how parents without years of "navigating technical bullshit" experience ever manage to make it happen. Juggling Microsoft accounts, Nintendo accounts, menu-diving through one of 37 different account details pages , Xbox accounts, GamePass subscriptions - it's just fucking crazy!
I'm essentially the maintainer of a series of accounts for each kid, these days. Woe unto anyone without a password manager!
Getting an actual kids account to work online with minecraft involves setting the right permissions across 2-4 websites and 1-3 companies. I think it took me around 4 hours of trial and error to get it working.
As a parent, sure, that is my stance as well. What... what other stances are there even? How would they work?
But the implementation matters, and almost all of these bills internationally are being done in bad faith by coordinated big-money groups against technologically illiterate and reactionary populist governments.
(if we really want to get into an argument, there's what the UK calls "Gillick competence": the ability of children to seek medical treatment without the knowledge and against the will of their parents)
I would personally favour allowing parents to buy drinks for children below the current limits (18 without a meal, 16 for wine, beer and cider with a meal).
The alternative to this is empowering parents by regulating SIM cards (child safe cards already exist) and allowing parents to control internet connectivity either through the ISP or at the router - far better than regulating general purpose devices. The devices come with sensible defaults that parents can change.
Maybe a majority of people today agree with that, but I know I don't and I never hear that assumption debated directly.
The idea of the "nanny state" has been debated a lot, and this seems like a very literal example of that. But once some status quo is firmly entrenched, debate about it tends to die down because the majority of people no longer care enough about it.
TBH many parents done exactly that by giving phones/tablet already to kids in strollers
"You‘re reading about evolution! Not in my house"
Examples: most children believe in the same religion as their parents, and can visit friends and places only if/when allowed by their parents.
This is simply extending the same level of control to the internet.
Government-mandated restrictions are completely another level.
Who controls your age if you want to see an R-rated movie?
This is simply extending the same level of control to the internet.
More control for parents is a completely different level.
They rarely enforce it, but if it gets out of hand, the city will start getting on your case about it.
Does the US have a zero-knowledge proof system that is mentioned in the discussion?
> Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS
Parent prefers more control by parents over zero-knowledge proof
I do think parental controls can be and are abused for evil, but they're still better than the alternative. Zero-knowledge proof is not an alternative, and to suggest that it is is misunderstanding the situation. These laws are proposed and funded by people who want complete surveillance of the population. Zero-knowledge proof is, therefore, explicitly contrary to the goal and will never be implemented under any circumstances. Suggesting that it can be muddies the issue and tricks people into supporting legislation that exists only to be used against them.
In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario.
Imho there is a place for regulation in that, actually. Devices that parents are managing as child devices could include an OS API and browser HTTP header for "hey is this a child?" These devices are functionally adminned by the parent so the owner of the device is still in control, just not the user.
Just like the cookie thing - these things should all be HTTP headers.
"This site is requesting your something, do you want to send it?
Y/N [X] remember my choice."
Do that for GPS, browser fingerprint, off-domain tracking cookies (not the stupid cookie banner), adulthood information, etc.
It would be perfectly reasonable for the EU to legislate that. "OS and browsers are required to offer an API to expose age verification status of the client, and the device is required to let an administrative user set it, and provide instructions to parents on how to lock down a device such that their child user's device will be marked as a child without the ability for the child to change it".
Either way, though, I'm far more worried about children being radicalized online by political extremists than I am about them occasionally seeing a penis. And a lot of radicalizing content is not considered "adult".
I owe everything about who I am today to learning how to circumvent firewalls and other forms of restriction. I would almost certainly be dead if I hadn't learned to socialize and program on the web despite it being strictly forbidden at home. Most of my interests, politics and personality were forged at 2am, as quiet as possible, browsing the web on live discs. I now support myself through those interests.
We're so quick to forget that kids are people, too. And today, they often know how to safely navigate the internet better than their aging caretakers who have allowed editorial "news" and social media to warp their minds.
Even for people who think they're really doing a good thing by supporting these kinds of insane laws that are designed to restrict our 1A rights: the road to hell is paved with good intentions.
With no proof it will protect anyone from proven harm.
Why is this such a sticking point in US politics? If the "undocumented" people aren't supposed to be in the country in the first place, why should rest of society cater to them? Even if you're against age verification for other reasons, dragging in the immigration angle is just going to alienate the other half of the population who don't share your view on undocumented people, and is a great way to turn a non-partisan issue into a partisan one. It's kind of like campaigning for medicare for all, and then listing "free abortions and gender affirming surgery" as one of the arguments for it.
"Undocumented" doesn't mean "residing illegally" anyway, it just means "lacking documents", which is a state that many perfectly legitimate US citizens find themselves in. But we should want people who are here illegally and everyone else to be able to use the world wide web and computers regardless of their legal status, just like everyone should be allowed to eat and buy food regardless of their legal status, because that's just basic humanity.
Which is kind of my point. Don't say it's a bad idea because "undocumented people" won't be able to get food, say it's bad because it'll be a pain for everyone.
>"Undocumented" doesn't mean "residing illegally" anyway, it just means "lacking documents", which is a state that many perfectly legitimate US citizens find themselves in. But we should want people who are here illegally and everyone else to be able to use the world wide web and computers regardless of their legal status, just like everyone should be allowed to eat and buy food regardless of their legal status, because that's just basic humanity.
But if you're undocumented, it's already a massive pain to participate in society. You can't get a bank account or any other sort of financial product, can't get a job (Form I-9, or want to do background checks), can't buy real estate (who are you going to register it to?), or even drive (yes, I know some states issue drivers licenses to "undocumented" migrants, but that makes them documented and irrelevant to this discussion). Therefore you're going to have a hard time garnering sympathy from voters. An analogy to this would be all the government forms that require a telephone number or an address. Is it illegal to not have a telephone number or an address? No. Do many people not have a phone number or address? Also yes. Is "let's abolish phone numbers and addresses on government forms" a good issue to run on? No.
Good thing I'm not running for office, and instead am merely having a conversation on the internet. I would vote for someone running on that issue, though!
> But if you're undocumented, it's already a massive pain to participate in society.
So I should be fine with any changes that embiggens that pain? I am not.
I'm not "fine" with it, but when there are trade-offs to be made, I'm definitely going to weigh that side less. Some people browse the web with javascript disabled. It's already a huge pain to browse the web with javascript disabled. With those two factors in mind, if I'm deciding whether to add javascript fallbacks (eg. SSR) on for my next project, I'm going to weigh the interests of the "javascript disabled" people very low. I don't have any animus against them, but at the same time I'm not going out of my way to cater to them either.
Because these undocumented people are still humans. They deserve access to information services. It's as simple as that.
Great, frame it as "poor people without IDs" or whatever, not "undocumented", which in the current political discourse is basically the left's version of the term "illegal immigrant".
>You might be in the country temporarily for business or as a tourist. The constitution applies to all of these people.
The constitutional right to... watch 18+ videos on youtube while in the US?
We _do not want_ the government to have the capability to enforce laws of this nature.
This means "not having documents". It's not a synonym for "illegal immigrant".
That said, government agencies have been doing a terrible job at keeping the private information of citizens safe. But it is nowhere nearly as bad as the US. My best childhood friend died in very questionable circumstances in 2009 in the US in very questionable circumstances. He had a US citizenship and we never really found out what had happened(to the point where we never really got any definitive proof that he had died). But that didn't stop me from trying and I was blown away by the fact that I could log into a US government website, register with a burner mail, pay 2 bucks with an anonymous gift credit/debit card and get a scanned copy of his death certificate in my email. And I didn't even have to provide his passport/id/anything. Just his name.
Point is, the US has been terrible at privacy for as long as I can remember. It is probably worse now with Facebook and Ellison holding TikTok.
The key question is whether AIPAC is taking actions at "the direction or control” of Israel, but the money is pretty clearly not being sourced from Israel.
I don't mean to be the average gloating US citizen, but I'm pretty sure we're the largest threat to the Earth.
The root of the problem is Russia, always has been.
So, I suppose if they could somehow use money and influence to determine election results, they would use it in Russia, no?
So, I think the civilizational threat from Russia is about the same as from North Korea: nearly zero.
Surely you meant this as hyperbole, right? If not, I would love your reasoning as to why its a bigger threat than literally anything and anyone else.
Reasoning: experience.
But they invest large amounts of money to propaganda channels everywhere, have direct military influence in large parts of Africa, are known to poison people in the UK and elsewhere, etc.
> its relative strength has only lessened over the decades Russia is not a _physical_ threat outside of its immediate proximity.
But they invest large amounts of money to propaganda channels everywhere, have direct military influence in large parts of Africa, are known to poison people in the UK and elsewhere, etc.
> Is it not?
No, and no part of your comment really seems to argue otherwise? I know about current world events. Your argument was that "experience" is a good enough reason to make a blanket statement about a country and all its people, and you doubled down on it, so it's not even like I'm constructing a strawman here or anything.
It's just wild to me how far this kind of blind hate goes. If "experience" is enough to say that a country is a bigger threat to civilization(!) than, lets say, pandemics, natural disasters, global nuclear war, etc., then there really remains no basis for any kind of healthy discussion. At that point it's just blind hatred.
I'm trying to steer the conversation to stay factual, because I usually appreciate HN for its clear communication style. Sorry for offending you and I'm sorry if I've caused you further suffering. Let's not continue this conversation.
I keep hearing this but I struggle to find any sources, beyond articles like [1] which are... not particularly good sources, even a reddit comment would be a better primary source than that.
I'm not trying to be combative, I just genuinely struggle to find primary sources, probably because I'm using the wrong keywords or something.
I understand the reasoning, but I would love to actually see/read/hear/whatever where Putin "states" this desire explicitly!
[1] https://gppreview.com/2015/02/12/putins-dream-reborn-ussr-un...
Surely I'm missing something here. Putin's 2023 "The Concept of the Foreign Policy of the Russian Federation" also does not state conquering back former USSR states. Where is it? If he states it so clearly that people keep quoting it, surely there must be a source for it? Sorry if I'm a PITA.
To be clear, I'm interested in this because this would be a fantastic argument to bring to discussions, but without having seen a source, I don't think I could.
I think Dugin's book is like that. Sure, Dugin said it, not Putin. But IIRC Putin did some things to make Dugin's book more influential. I forget the specifics - making it required reading in the Russian military academies, maybe?
There have been other statements by Russian politicians who are widely regarded as Putin's mouthpieces. Medvedev, certain key figures in the Russian parliament. I know I've seen that, though I don't recall the specifics.
So Putin maybe didn't say it. And yet, his endorsed mouthpieces (more than one) do say it.
You said "without having seen a source". Well, I didn't give you one. But if you want to look, I have given some places to start.
> making it required reading in the Russian military academies, maybe
Yeah, I think he did.
> So Putin maybe didn't say it.
That's my concern. When people make the statement that he did, when he didn't, they essentially preempt any reasonably discussion and start it off on the entirely wrong foot.
If I want to have a discussion with my neighbor about him not cleaning up his own trash, surely I would not start the discussion with "you LOVE living in trash, don't you", even if I can reasonably deduce that he does. It just turns the entire discussion hostile to make claims that aren't supported, and it weakens all subsequent arguments!
So I don't think it's the entirely wrong foot. It's a shortcut and an imprecision, but the point (that Putin actually thinks this) seems to be valid. (Though one should have less than 100% certainty that it represents his position - but with Putin, that should apply to a direct quote as well.)
You have to remember how political communication works in Russia. They rarely state goals outright, and always juggle several narratives at the same time. To make it hard to pin them down to any position and achieve exactly what is happening here.
[0] https://en.wikisource.org/wiki/On_the_Historical_Unity_of_Ru...
Death certificates become public record after a period of time, depending on the state. In some states it’s 25 years after death, some more, some less.
https://www.usa.gov/death-certificate#:~:text=Can%20anyone%2...
As far as I can tell this is the same as in the EU: Death certificates can be publicly accessed for a fee after a period of time defined by member states.
I found some comments saying death certificates in the UK could be accessed as early as 6 months in some locations.
So I don’t see this as the US being uniquely terrible on privacy. This is how most of the western world does it. You just had experience with the US and assumed EU was different.
> we never really found out what had happened(to the point where we never really got any definitive proof that he had died).
I’m sorry for your loss, but doesn’t this imply that the US did do a good job of protecting his privacy? It wasn’t until the time limit had passed that you were able to find the death certificate.
I don't know about elsewhere but in the UK anyone can apply for any death certificate going back to 1837.
And according to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
When we hear about “zero knowledge” ID checks in real proposals they’re not actually zero knowledge altogether. They have built in limits or authorities to prevent these obvious attacks, like requiring them to interact with government servers and then pinky promising that those government servers won’t log your requests.
In a true zero-knowledge system sharing falsely shared credentials becomes easy because it’s untraceable. If the proof has no knowledge attached, you can’t conclude who used their credentials on a website that generates proof-of-age tokens on demand for visitors.
(Note, this is why they won’t stop at the CA bill.)
Its billions of lobbying for state surveillance under a smokescreen you bypass with basic human interaction.
Not exactly a good moment for this particular caste of politicians/elites to pretend they care about children's well-being!
The benefit of zero-knowledge proofs is that the hide information about the ID and who it belongs to.
That’s also a limitation for how useful they are as an ID check mechanism. At the extreme, it reduces to “this user has access to an ID of someone 18+”. If there is truly a zero-knowledge construction using cryptographic primitives then the obvious next step is for someone to create an ad-supported web site where you click a button and they generate a zero-knowledge token from their ID for you to use. Zero knowledge means it can’t be traced back to them. The entire system is defeated.
This always attracts the rebuttal of “there will always be abuse, so what?” but when abuse becomes 1-click and accessible to every child who can Google, it’s not a little bit of abuse. It’s just security theater.
So the real cryptographic ID implementations make compromises to try to prevent this abuse. You might be limited to 3 tokens at a time and you have to request them from a central government mechanism which can log requests for rate limiting purposes. That’s better but the zero-knowledge part is starting to be weakened and now your interactions with private services require an interaction with a government server.
It’s just not a simple problem that can be solved with cryptographic primitives while also achieving the actual ID goals of these laws.
once you get this you stop asking why the tech details are the way they are.
Other states are even worse, creating another way to have your buddy buddy lobbyist folks fire up a new business opportunity to make money as a verification service.
Judges in other countries (Texas) found out this kind of law was a violation of the Free Speech.
Since when Free Speech do not apply to -16y old?
Made laws are made, then killed by courts later one.
The only authority that can be trusted to do age verification is the government.
You know, those people who give you birth certificates, passports, SSNs, driver's licenses, etc.
The idea that parental supervision here is sufficient has been shown to be wholly inadequate. I'm sorry but that train has sailed. Age verification is coming. It's just a question of who does it and what form it takes.
Take Youtube, for example. I think it should work like this:
1. If you're not of sufficient age, you simply don't see comments. At all;
2. Minors shouldn't see ads. At all;
3. Videos deemed to have age-restricted content should be visible;
4. If you're not logged in, you're treated as an age-restricted user; and
5. Viewing via a VPN means you need age verification regardless of your country of origin.
It's not perfect. It doesn't have to be.
If anything, Meta’s utility would seem to shrink if the OS handles proof of being a real person.
It also gives them more information on users as a bonus. Further, verification with a real ID is also a quite effective barrier against excessive bots.
https://www.eff.org/deeplinks/2025/12/congresss-crusade-age-...
Why does Apple always get a free pass?