What we call "age verification" is actually mass surveillance (pluralistic.net)
415 points by hn_acker 4 hours ago
soperj 2 minutes ago
>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.
Hilarious that the author doesn't think that this isn't already happening.
john_strinlai 4 hours ago
>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.
its been said 1000 times here, but: age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording unless you are somehow hoping to achieve 100% success rate (something we have not done with any other law ever). there are several reasonable proposals that would be 90%+ successful without stepping on anyone's toes.
i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.
Wowfunhappy 3 hours ago
Could you be more specific as to what you're imagining? I don't personally see a way to verify someone's age which doesn't involve either credit card verification, photo id verification, or some sort of facial recognition. If you know enough about someone to verify their age—even to a relatively low degree of accuracy—you probably know enough to pinpoint who they are in general.
Heck—in most cases, we can't even tell the difference between humans and bots anymore! And it's true that we basically accept that some bots will slip through the cracks—but identifying bots also strikes me as significantly easier than identifying children.
Aaargh20318 2 hours ago
The way identity wallets work:
The government issues an eID to your wallet. The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID. The government signs individual attributes combined with the public key with the government private key. The government certificate containing the public key is, well, public.
One of the attributes is ‘over_18’ (In the EU eID scheme countries can add other over_XX attributes if they want, but over_18 is mandatory).
When a website wants to requests attributes, in this case the over_18 attribute, they send a request to the user’s wallet app, including a challenge. The wallet sends back a package including the government-signed attribute, which contains the device public key and the over_18 attribute plus a response to the challenge (proving the credential didn’t get transferred).
The website only sees the ‘over_18’ attribute, which is backed by the government signature. They don’t see any other attributes (the wallet app shows in advance which attributes you are sharing). The government never sees which website wants to know if you’re 18+.
Of course this is all a bit simplified, check OIDC4VCI and OIDC4VP for details.
The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.
Aurornis an hour ago
horsawlarway 2 hours ago
Wowfunhappy an hour ago
MyMemoryfails 22 minutes ago
mcfedr 10 minutes ago
manapause 12 minutes ago
skinfaxi an hour ago
irusensei an hour ago
chollida1 an hour ago
inigyou 2 hours ago
ninalanyon 2 hours ago
pyrale 32 minutes ago
you generate a random number and send it to website you want to visit.
Website you want to visit generates a one-time private/public key for the purpose of this login attempt, hashes your random number, and sends the hash back to you.
You connect to the government auth platform, auth yourself to your government, and ask them to sign the hash you received.
You pass the signed hash as well as the original random number to the website you wanted to access (the original random number is used by the website to store the one-time key they generated for you). They can see it is signed by the government. They can see it is made with the hash they provided.
You get access to whatever content you wanted. The website doesn't know who you are. The government doesn't know where you logged in. Sure, it won't hold up against collusion between website and government, but nothing would.
the principles explained above are slight adaptations of PKCE authentication.
LudwigNagasena 22 minutes ago
john_strinlai 3 hours ago
>Could you be more specific as to what you're imagining?
sure, i'll put my favorite two. though you'll find much more detailed and thought-out versions of these (and others) in the dozens of other giant threads on the same topic.
- buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
- websites issue content tags, browsers consume them, you enter your age into the OS during setup.
donmcronald 3 hours ago
utopiah 3 hours ago
cogman10 3 hours ago
dana-s 2 hours ago
oliwarner 3 hours ago
That's because you're treating AV as a system that must be 100% correct immediately. This isn't banking or an election.
As soon as you loosen off the requirements to "reasonable effort", you can start looking at account age, facial features, social attestation, and include retrospective tools to revisit someone's verification if they get in and start acting like a child. Heuristically messy but far from impossible to demand a stronger form of verification if their original might have been borderline.
The goal is broad coverage, not complete. Screening doesn't have to get 100% to have an effect.
Wowfunhappy an hour ago
zug_zug 3 hours ago
Sure here's one example of decentralizing it -- it's going to be overly simple just as a toy example to show how easy it could be:
Whenever you want to prove your adult you go to "am I an adult.gov" and you use your credit card or whatever to prove you are an adult. At which point you get a 1-time 5-digit code that is UNIVERSAL TO EVERY SINGLE HUMAN and good for 1 hour (everybody who uses the site gets the same code that hour).
Then when you want to look at porn or something, you use this code. Boom simple and done.
There are even much better much more private techniques that use cryptography, and AI is happy to explain these graduate-degree level topics to you at your own pace.
Of course there are situations where people steal things, and use deep-fakes, etc, but those exist in every model.
akmiller 3 hours ago
malwrar 3 hours ago
lotu 2 hours ago
Using existing parental controls parents could set their kids age and that could be used for the age controls. Could the parents let the kids around the age gate? Sure but they could do that even if a government ID and camera was required. This actually might be more effective than a lot of these systems because other adults could not let the kids use their IDs
inigyou 2 hours ago
soperj 24 minutes ago
just do what they did in Leisure suit Larry, ask some skill testing questions that only someone older than 18 would know. Give them a short time to answer so they can't look it up.
netrap 2 hours ago
Perfect is the enemy of the good, right? I mean a page header or some other simple means to identify "adult" vs not is good for most cases? Just thinking about it.. obviously it can be bypassed but is there a good enough?
armchairhacker 3 hours ago
Make unrestricted devices like alcohol: you need ID to buy (but the box containing the device you’re sold is indistinguishable from any other, so the device may have a UUID but it can’t be traced to your ID); kids caught with unrestricted devices in school have them confiscated; maybe fine parents, but I think discouragement and banning in schools is enough. Kids can have restricted devices, distinguished from unrestricted by appearance in a way that’s hard to fake.
Wowfunhappy 3 hours ago
blahaj 2 hours ago
Cryptographically blinded age verification with a government signed digital ID
michael1999 3 hours ago
Info-minimized oidc handshakes with certified identity providers could verify age-category of a user with no other information shared.
Consider "log in with apple" as it is today. Depending on what you share, a relying website might not even get your name or email.
bbminner 3 hours ago
inigyou 3 hours ago
dfxm12 2 hours ago
If you don't think a checkbox saying "I am 13 or older" is adequate, with all the behavioral tracking available to say Meta, they can tell well enough. OpenAI talks about this too: https://openai.com/index/our-approach-to-age-prediction/
Knowing who someone is in general is different from having a photo of their face or government ID confirmation.
lo_zamoyski 2 hours ago
This is a classic case for one time ZKPs. Sure, you can't get around attestation, but the party that needs to verify that you meet age criteria doesn't need to know your age or other private information.
I presume you're concerned by the attesting party's knowledge of both the signature and identify information. Yes, in principle these can be linked, but in practice, it may be difficult or made very difficult, and today, very little of our online activity is really anonymous anyway. It is generally not too difficult to infer identity based on the content someone generates and the bread crumbs they leave behind.
Of course, if the intent is to use age verification as a wedge to monitor everyone, then it will be difficult politically to secure the protections needed to prevent that sort of data fusion.
LudwigNagasena 16 minutes ago
The age verification that doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording is called parental controls and it already exists in most systems. It doesn't require any proof of ID, internet connection, complex distributed systems, and so on. And it has near 100% success rate.
Retr0id 3 hours ago
Where are these mythical sweet-spot solutions? Concretely, half the websites I visit from the UK want me to either scan my face or upload ID documents to access their full featureset. Now that users have been conditioned to accept this, nobody seems very interested in figuring out how to collect less PII - only insulating themselves from liability by having the data processed by a third party.
irusensei an hour ago
They don't exist because the organizations who lobbied governments were YOTI, Persona, K-ID and others who have a vested interest in collecting data and rent seek by latching through regulations like diseased ticks.
cogman10 3 hours ago
The UK has draconian laws.
But some of the easiest middle ground solutions that solve 90% of the problem are things like simple math problems. Get asked "3+7" and that will pretty quickly filter out almost anyone under the age of 6. If you can accept that there are some smart 4 or 5 year olds who can do simple math, congrats you recognize there's a 10%.
Retr0id 3 hours ago
john_strinlai 3 hours ago
>mythical sweet-spot solutions?
there are thousands of comments on these threads every time it comes up. there's tons of what i consider reasonable solutions proposed. there's examples below, too, which don't require face scans.
>Concretely, half the websites I visit from the UK want me to either scan my face or upload ID documents
yeah, i agree that really sucks.
Retr0id 3 hours ago
dijksterhuis 2 hours ago
> half the websites I visit from the UK want me to either scan my face or upload ID documents to access their full featureset.
what kind of websites are you visiting to get age checked on half of the sites you visit? i've only been asked to verify for dating apps and "sexy stuff". and i definitely don't spend 50% of my total browsing time on those sites.
maybe this says more about the kind of content/sites you're accessing if it is really as high as 50%? UK age verification mostly only applies to sites which might end up hosting the content quoted below.
> pornographic images, and content that encourages, promotes, or provides instructions for eating disorders, self-harm, or suicide.
or you're just being hyperbolic? 79% of statistics are made up, after all.
Retr0id 2 hours ago
gambiting 3 hours ago
Government builds a website where you can log in using any government issued ID or using one of the many many many available services that hold your details already(at least in the UK nearly everyone will have a DLVA account, HMRC account, HMPO account, NHS account.....all of these are government services which we can only assume hold our data securely already).
On that website, you can click "give me a verification code", it gives you a code that is single use and only valid 24 hours. You type that into whatever 18+ website you need to, they use a public API provided by the government to just check "yes this is a valid code and the user is 18" - bang, done, verified. The website knows nothing about you at all, except for the fact that you're 18.
In fact, the UK government ALREADY HAS THIS. For the EU settlement scheme, you can give your employeer(or anyone else who needs it) a special magic code that they type in on the government website, and it just says "yet his person has the right to reside in the UK" without spilling any of your personal information at all. The code is single use and valid a limited amount of time. And you can do the same with your driving licence, where anyone can verify you hold a valid licence without actually seeing it or any details on it.
Like, am I being stupid here? It seems like an almost trivial solution to the problem, especially given that it already exists for at least 2 services named above.
And yes, I know people will say "oh but that requires the government having this data on you, and that's bad" or "but then the government will know you've authenticated with pornhub!".
And yes, both of these are true - but on point 1 - like, I'd love some ideal situation where the government can simultaniously give me a passport or a driving licence AND not have any information about me at the same time, but that ain't happening, and on point 2 - yes, but that's still infinitely preferable to the current implementation, and it can be easily solved with legislation saying that the code authentication service doesn't log who requested verification, it just answers with yes/no and that's it.
OkayPhysicist an hour ago
Retr0id 3 hours ago
Jabrov 3 hours ago
pokstad 3 hours ago
Exactly. The same way that selling alcohol doesn’t require a paper trail of every beer I’ve bought.
rationalist 3 hours ago
I don't know about this, stores around me are scanning people's IDs to verify their age.
I guess I could make an ID (not a counterfeit government ID) that uses the same encoding for the birthday.
win311fwg 3 hours ago
Not anymore, at least. In these parts your alcohol purchases did require a paper trail once upon a time.
SecretDreams 3 hours ago
To be fair, I buy my beers on CC. If someone really wanted to know the best IPAs and session able beers they could get, they could audit my CC records and then cross check to the breweries and pubs to see what I was buying. Just depends how much someone wants to learns bout good beer.
normie3000 3 hours ago
Aerroon 2 hours ago
And yet in practice they do.
Well, not every beer but when you shop at Beers-R-Us they know.
63stack 2 hours ago
What's the point in making this distinction? This is HN, 99% of the users here are aware of what zero knowledge proof is and that it's possible to implement it that way.
The general consensus and what the article is alluding to is that it will be probably implemented in a way that allows individual tracking and identification.
john_strinlai 2 hours ago
>What's the point in making this distinction?
we're on a discussion board, so i started a discussion. that was the point.
kemotep 2 hours ago
intended 2 hours ago
I don’t know? Maybe its the little give and take that helps build a solution that is mature and limits the kind of harms kid are facing, without sacrificing privacy?
It’s also the very cool, nuanced and technical tooling that people here tend to enjoy figuring out, and building.
It side steps the thought terminating tar pits of “privacy at all costs” or “save the children”.
1vuio0pswjnm7 20 minutes ago
The so-called "social media" companies' core "business model" requires acquiring ad targets. This includes data collection and surveillance. These companies in the past have bragged to advertisers and the public about how much they know about these targets. Statements like, "We know more about you than your friends and family."
Now, is this really true. Probably not. It's exaggeration. It's hype
But these companies have learned that 100% correct is not necessary to make money. For example, if they are correct 80% of the time, then maybe that's good enough
A law that achieves an 80% reduction in youth ad targets might also be "good enough"
The toes getting stepped on belong to the companies
The troubled kids who will access these companies' websites come hell or high water, the 20%, are unlikely to complain
Complaints come from the companies and those who rely on these companies to make money. Like the author of this blog post, they keep calling a handful of Big Tech websites/app endpoints "the internet"
Their toes are going to get crushed
Bjartr an hour ago
So let's see some of the champions of these systems acknowledge this downside and make the case that they should be built in a way that avoids it and not back down on that when it becomes inconvenient.
vitally3643 an hour ago
Why would they ever do that? The spying is the point.
hacker_88 3 hours ago
They can track you with cookies , now they have age and identity signals .
pc86 41 minutes ago
> there are several reasonable proposals that would be 90%+ successful without stepping on anyone's toes.
I have a feeling my definition of having my toes stepped on differs dramatically from yours.
> i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.
Well there's plenty of idiots in power and I'm sure they have no idea. But there absolutely are evil ones who simply want more power and don't care what happens after they have it.
If this were actually about protecting children, maybe you could get something passed that wasn't just ground work for a panopticon hellscape. But it's not about children at all - the people truly worried about that are just useful idiots - it's about power, and so you can't pass anything without having the surveillance infrastructure forced in.
Aerroon 2 hours ago
Yeah, and once you have the non-intrusive system in place you can just switch it out for the tracking one without the user knowing.
Or there's probably some kind of correlation trail possible that will track you even with the anonymous systems.
sneak 3 hours ago
This isn’t about kids at all. The ID requirement is the WHOLE POINT.
That it is technically possible to do age verification in a privacy-preserving way is thus entirely irrelevant.
They want all online activity tied to ID so they can violently, illegally retaliate in the dark of night against protected expression online that they don’t like.
That’s all this is. Privacy-preserving techniques are irrelevant because they do not accomplish this goal.
inigyou 3 hours ago
There is also, separately from that, a need to protect kids from growing up into the people in Idiocracy.
sylos an hour ago
sneak 3 hours ago
blaze33 an hour ago
> age verification doesn't have to be a nightmare dystopia
But I feel there's not a lot of trust that whatever implementation we could end up with wouldn't be such a dystopia. The real world equivalent would be checkpoints at every intersection verifying the driver's age, the cashier who carded the 20 yo with a beer now does it for everyone, makes a copy of your ID and stores it in a big folder shared with their 427 "business partners".
Imo we should scrap the whole idea of age verification. Kids get a kidPhone with kidOS, whitelist of age-appropriate resources & capabilities. You wouldn't let an 8 yo drive on the highway, yet they can have a supercar to drive unsupervised on the information highway, no biggie. Internet is full of adults doing all sort of stuff while kids need supervision and education: design safe spaces for children, not checkpoints at every corner.
sharperguy 3 hours ago
Doesn't _have_ to be except not enough voters can tell the difference which is exactly the goal.
shevy-java 3 hours ago
> age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking
Personally I don't care how much age sniffing is mandatory in that I think it is inacceptable on any level. Do you try to insinuate that a little bit of tracking is ok? Because I can not buy into that premise. To me the whole assumption is wrong from the get go.
john_strinlai 2 hours ago
>Do you try to insinuate that a little bit of tracking is ok?
no, and you can read through other comments here and on the many threads of the same topic for proposals which have no tracking.
jazz9k an hour ago
It was never about the children. They are rolling this out, so online comments can be tracked to names and addresses.
It's to suppress free speech and arrest people that post anything against the government's narrative.
Many people have already been arrested in the UK for this. This is the next logical step.
akmiller 3 hours ago
Doesn't 90% successful mean you are stepping on 10% toes???
john_strinlai 3 hours ago
>Doesn't 90% successful mean you are stepping on 10% toes???
no, it means that <10% of kids under 16 or whatever age will still make it onto instagram
akmiller 3 hours ago
dfxm12 2 hours ago
i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.
Correct. The goal here isn't "to save kids". That's just one of the Horsemen of the Infocalypse [0] used to market taking away our freedom.
0 - https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
mindslight 3 hours ago
Would you mind elaborating on the specific methods you're referencing? To me, the entire problem is framing the issue as "age verification" in the first place - this implies the web company is responsible for knowing and controlling who uses their service. Whether this is a full-on demand for drivers' license / face scan / verification can, or whether there can be a technical process that obscures some details doesn't change this underlying dynamic!
The other problem you're up against is in the low-friction online environment, 90% easily turns into a much lower percentage. Which will actually manifest itself as the initial methods that achieved "90%" being declared insufficient in favor of stronger methods of identity verification.
I say this as a parent staring down having to deal with the dumpster fire that is the modern web in the next short year or two - the only sane way to address this problem is through client-side parental control software that works based on website/app tags supplied by the server / app creator / etc. There is indeed a market failure here, so the sensible regulation is to make websites over a certain size publish labels about the suitability of their content for age brackets, whether a site is social media, contains user generated content, has algorithmic feeds, and so on - affirmative assertions about the content that carry legal weight and liability for them not being true. Device manufacturers over a certain size would need to include parental control software that can be enabled during the setup process.
If parental controls are enabled and a website has not published tags (too small, foreign jurisdiction, misconfiguration, etc), then it simply fails closed and refuses to display the site. This keeps decisions about content suitability in the hands of parents where it belongs, rather than putting it in the hands of corporate attorneys who will often make decisions directly contrary to what parents want! Remember this whole topic is being pushed by big tech to absolve themselves of liability for pushing harmful products!
john_strinlai 3 hours ago
>Would you mind elaborating on the specific methods you're referencing?
well, i mean, you put a decently reasonable one in your own comment: "client-side parental control software that works based on website/app tags supplied by the server / app creator / etc."
another sibling comment mentions alcohol sales. government could issue a scratch card with UUID that's valid for some time, sold at anywhere alcohol/tobacco is already sold. most people are already comfortable with flashing an id at the beer store.
read any other the other dozen similar threads with hundreds of comments, and there are a handful of other neat ideas usually voted pretty high up.
Aerroon 2 hours ago
mindslight 2 hours ago
kazinator 3 hours ago
In tech, 10% unsuccessful today is 100% unsuccessful next week, when everyone learns how to join that 10% who got around it.
The shit is horrible if 100% successful, and yet not worth doing if it isn't.
XorNot 3 hours ago
I am convinced that no one will make any progress on this issue so long as they refuse to understand that their aren't a group of shadowy figures pushing for this but rather a sizeable chunk of the general population, buoyed on by various moral outrage interest groups including a great many HNers who have been happily stoking the narrative that social media is the cause of every negative statistical ill.
Who wants this? God damn everyone. And in so much as Facebook might do something with the data, what they really want is a legal moat of sufficient depth to drown possible competitors.
bluebarbet 2 hours ago
In fairness (i.e. looking at the data with an open mind), social media does seem to be the cause of (or at least strongly correlated with) a bunch of ills.
akmiller 2 hours ago
ordu 3 hours ago
> age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording unless you are somehow hoping to achieve 100% success rate
I believe you are missing the point. "To protect kids" is just a cover, the nightmare dystopia is the real goal. So age verification have to be a nightmare dystopia or it would be useless for those, who push for it.
john_strinlai 3 hours ago
>I believe you are missing the point. "To protect kids" is just a cover, the nightmare dystopia is the real goal.
did i miss the point? because my last sentence literally says this.
ordu 3 hours ago
amanaplanacanal 3 hours ago
Well, some who push it anyway. There is another group whose motive is to get rid of all porn.
krupan 15 minutes ago
Parents largely control what their kids have access to, whether it requires a device, a data plan, home Wi-Fi, whatever. Where parents don't/can't control their kids' access, no amount of regulation and technology will fix it.
This applies not just to social media, but drugs, alcohol, porn, etc. Yes, laws and IDs add friction and that's good, but if a kid really wants those things they are going to find a way.
Social media already had built in friction without needing new regulations and ID requirements. To access social media you need a relatively expensive (for kids) device and some way to connect that device to the Internet, which is also not free.
The biggest problem I see is that unlike alcohol, drugs, and porn, there are seemingly benign reasons for kids to use social media. Sports teams, dance classes, youth groups, etc. all want to keep in touch and allow group communication. Too often the adults in charge turn to Instagram or whatever social media app for the group communication. Now, unfortunately, your kid needs an IG account.
al_borland 10 minutes ago
Even as an adult who doesn't use social media, I find the use of Facebook as a company home page, or using it as a forum for group communication, to be problematic. Especially as Meta makes it more and more difficult to see content without an account.
1vuio0pswjnm7 2 minutes ago
Actual title, original title: Spying on kids to protect kids from spying is very, very stupid
Santosh83 3 hours ago
You can't spy on kids without spying on everyone, and in any case they're interested in the everyone part. Ultimately they want 24x7, realtime facial & biometric monitoring of everyone using any "approved" device, and be sure that only approved devices will be able to join networks and do stuff upon them, so for those brave nerds thinking they can survive on GhostBSD from their basement, yes you can, but as Gandalf said, you can only fence yourself in, but not fence the world out. Sooner or later they'll come for everyone.
seethishat 3 hours ago
My main concern is transparency. How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?
If we are all subject to the same monitoring and there are no exceptions, that would be fair. However, if some people are exempt from monitoring because of their connections, relations, etc. then that would be unfair.
And if some people are allowed to harass and stalk others based on some attribute (race, religion, nationality, etc.) because they are in a monitoring position (while others are not) then that would be unfair as well.
We need full transparency.
al_borland 5 minutes ago
> How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?
It's not even just about the current people in charge or with access. Who's next? The "trust us" approach doesn't work when trust has already been broken with the people, or in a scenario where the data will change hands to an unknown future administration.
The best way to win my trust is to not even want the data in the first place.
inetknght 3 hours ago
Transparency doesn't matter without consequences. Many of the currently ruling governments have demonstrated that already.
js8 3 hours ago
You're wrong, it still matters. It's the first step, and it's an important step in maintaining fairness.
bluebarbet 3 hours ago
classified 2 hours ago
rootusrootus an hour ago
> We need full transparency.
A couple years ago I would have tended to agree with you, transparency would be a good first step. But then I have recently seen demonstrated that transparency just proves that you do not need to hide corruption as long as a powerful bloc of voters actually agrees with your corrupt position. I think what we really are going to need is consequences defined ahead of time, along with an enforcement mechanism not easily corrupted itself. This is hard. But it is a topic we will hopefully be spending quality time working out over the next few years anyway.
wqaatwt 3 hours ago
> exempting themselves from monitoring
Wasn’t that in the Chat Control proposal? i.e. politicians and other important individuals are exempt
shevy-java 3 hours ago
Of course. The lobbyists don't want to be called bribed people, so they only want to monitor the peons. Slavery 2.0.
buellerbueller 2 hours ago
vaylian 3 hours ago
> If we are all subject to the same monitoring and there are no exceptions, that would be fair.
Not everyone is an exhibitionist. Some people thrive when they are very public about their life. Some prefer a much more private life.
js8 2 hours ago
"Fair" doesn't always mean according to everyone's preferences. I might want to have a full cake but getting a slice is fair.
repparw an hour ago
at_compile_time 2 hours ago
>How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?
Ah, so except for THE ENTIRE FUCKING PROBLEM, this is fine.
>And if some people are allowed to harass and stalk others based on some attribute (race, religion, nationality, etc.) because they are in a monitoring position (while others are not) then that would be unfair as well.
Yes, we wouldn't want racial profiling in our Orwellian hellscape. That would truly put it over the edge.
cryptoegorophy 3 hours ago
They are 100% abusing until proven otherwise. Naive to think otherwise.
patrickmay 2 hours ago
> If we are all subject to the same monitoring and there are no exceptions, that would be fair.
It might be fair, by some definition, but it would still be wrong. The government shouldn't be monitoring us to the extent required to implement age verification on the 'net.
foo-bar-baz529 2 hours ago
I don’t think saving them from spying is the main concern. Instead it’s the direct negative effects of the usage upon the kids that’s the concern. Not that age verification isn’t problematic
krupan 12 minutes ago
The possibly too subtle point of this article is that the spying is what makes the negative effects so powerful. Social media spies on what you are viewing and then sends you more of that, and send the info to other people so they can send you more of that too
rootusrootus 27 minutes ago
Then ban underage smartphones altogether, that would probably make the single biggest improvement in child safety and mental health. Trying to police content is an utter waste of time.
ipaddr an hour ago
This idea sounds like the death of social media. Remove anyone under 18 ensures they won't signup after. Forcing id verification means 70-80% of adult accounts will be dead. Network effects disappear. Those who remain will be businesses pushing something, hackers/spammers and some die hard group.
B56b 19 minutes ago
yay?
hylaride 42 minutes ago
Have you been on instagram lately? We're already there.
speak_plainly 3 hours ago
In Canada the approach is going to be that social media and AI companies will need to figure out a system where those under 16 can’t access content. The government will be able to grant exemptions if the company can satisfy regulators that they have built and maintained adequate, alternative structural safeguards to protect children on their platform.
Further to that, companies are required to do this in a strict data minimization approach, results need to be anonymized and destroyed immediately after the check is complete.
The internet has grown into a bit of a letdown to some degree, especially social media. If I have to upload an ID or insert a grey hair into a scanner, that website or app will be dead to me and I will move on to something else or nothing at all.
rootusrootus 25 minutes ago
> The internet has grown into a bit of a letdown to some degree, especially social media.
You have a flair for understatement.
> If I have to upload an ID or insert a grey hair into a scanner, that website or app will be dead to me and I will move on to something else or nothing at all.
Same. I joke that when I retire I'm throwing out every computer in my house. Turns out the gov't may effectively do that for me, because I will not be handing out my ID to web sites. That is a hard line for me.
anmalkov 3 hours ago
This reminds me of being refused entry to a nightclub in the US because I’d forgotten my passport, even though I had a European ID card and I’m over 40. Offline, age checks already often become rigid “approved identity document” checks. Online, that problem seems even worse, because the check can become a persistent identity layer across the web.
tom910 2 hours ago
The main problem is providing infrastructure for a government that can over use it in future if move to ultra right/left/authoritarian spectrum
Just for example Russia build infrastructure for blocks website for child safety, but it started to used much further
rootusrootus 23 minutes ago
> The main problem is providing infrastructure for a government that can over use it in future if move to ultra right/left/authoritarian spectrum
The US is an instructive example in real time. Roughly everyone worries about what happens when their opponent gains control of the government and then promptly forgets how much they worried when their side has it.
bluegatty 26 minutes ago
The slippery slope argument is hugely valid, but having kids not have access to alcohol, porn and guns is very normal. We don't even discuss it in the 'physical world' because it's absolutely normative.
Even in 'Europe' kids aren't going into the liquor store stocking up obviously - there are always age and responsibility-related conventions.
The 'online' nature of this piques our anti-authoritarian triggers and tends to err our judgment a bit.
There are valid reasons to do this, and there is 'a right way' - maybe we should have some hope and promote that.
I'm not hugely optimistic that they'll get it right, but we should aspire for to build the world we want. There's enough momentum that it's plausible.
techteach00 an hour ago
We're cooked. The young kids I teach are unfortunately completely accustomed to go guardian spying on them at school. The admin constantly reinforce the need to dissect the internet, treat Chromebooks as media consumption devices, not computers. I hear it will be even worse here next year. Not sure how.
These people are obsessed with risk mitigation that it's not even worth having tech class anymore. No risk. 100% control all the time.
rootusrootus an hour ago
Could we step back a little and maybe revisit the premise that we need the gov't to be protecting children to begin with? That's what parents are supposed to be doing.
CPLX an hour ago
No let's not.
Let's actually create and maintain a society.
There are still places in the world where you and your family can literally fend for yourself against nature and rival gangs and so on if you're just super attached to the concept though, it's not like this option has been foreclosed.
rootusrootus 22 minutes ago
This discussion is about the Internet. I.e. that we already have police and regulate in-person things like selling alcohol to minors, etc, is not a great argument in support of policing information.
CPLX 15 minutes ago
rlt an hour ago
In general I'm opposed to this kind of regulation, but as a thought exercise, we do have the primitives needed to do age (or any other attribute) verification in a privacy-preserving and decentralized way.
You could imagine a hierarchy of organizations (governments, financial institutions, schools, etc) that a website trusts to verify some attribute (minimum age, citizenship, etc). Those organizations can attest that some identifier like an email address has been verified to belong to a real individual with that attribute, and that organization belongs to the hierarchy the website trusts, without revealing anything else about the user, the exact verifying organization, or the requesting website.
mzajc an hour ago
If the website sees (and possibly stores) the e-mail address, and the government or another party knows who it belongs to, the scheme is anything but privacy-preserving.
actionfromafar 3 hours ago
Could we instead disallow algorithmic skinner-box addiction machines for everyone?
inigyou 3 hours ago
How can you tell what one is? Reddit in 2010? Facebook in 2005? IRC in 1999?
amanaplanacanal 2 hours ago
If the users chooses what they are shown and the order they are shown in, then it's fine. If the platform chooses, then it's not, because they will always choose what creates the most engagement.
inigyou 2 hours ago
infinitezest an hour ago
Is heroin the same as beer? Who even knows.
micromacrofoot 2 hours ago
That's the problem, recommendation algorithms on networks beyond a certain scale should be publicly auditable.
If they're not, I should be able to opt-out of them.
actionfromafar 3 hours ago
I think I would be fine with a positive enumeration. Some ideas for serving content:
- purely random
- sponsored but without user tracking (like old school TV ads)
- sponsored for user selected geographical area feed
- sponsored for user current location geographical area feed
- follow "friends" or influencers
- purely timeline
- discussion boards
- timeline (IRC like)
- threaded
- user votes (not magic platform votes)
- follow keywordsinigyou 3 hours ago
anmalkov 3 hours ago
Exactly. Fix the addiction machine, not just who gets checked at the door.
gampleman 3 hours ago
I think this is really the only serious alternative.
jonathanstrange 3 hours ago
How about taking some personal responsibility for your life?
This shouldn't even be a consideration concerning adults.
macintux 3 hours ago
It's clear by now that the societal impact is significant. I can banish all the social networks from my life and they'll still be corrupting the political process, promoting divisive content, etc.
rootusrootus 19 minutes ago
> This shouldn't even be a consideration concerning adults.
Ban the boxes for kids
jonathanstrange 7 minutes ago
actionfromafar 3 hours ago
I assume you are also for heroin vending machines at every school corner if you watch a 30 second ad slot. You don't have to use them, you know.
jonathanstrange an hour ago
jMyles 2 hours ago
Aunche 2 hours ago
The new laws in the US don't require any real verification. Parents who care will just select a flag on device/OS setup that gets passed to websites. They can also just lie if they really want to. In the EU, they are trying to verify age with zero knowledge proofs.
It would be nice if the author actually spelled out the specific weaknesses of those approaches or even just referenced those laws instead of fear-mongering about "spying on kids", but I suppose that would be to much to ask of someone who made a career out of vibes based rage. Ironic that Doctorow is so eager to capitalize on the enshittification of journalism.
Aerroon 2 hours ago
The specific weakness of these systems is that the governments cannot be trusted with this. They have demonstrated this - Snowden leaks for the US and several EU states, and the general monitoring clause in the Data Retention Directive for the EU as a whole.
Even if these governments come up with a zero knowledge system, it's only one click away from being replaced with a full-knowledge system, because the user is already used to it. These governments have already tried spying on everyone (and they almost certainly still do).
simultsop 3 hours ago
This is a very strong argument simply put
Sankozi 2 hours ago
This is a manipulation tactic not an argument. Almost nobody wants to prevent spying on kids. Main goal is to prevent harmful content like porn, gore and gambling.
oceansky 2 hours ago
Those digital surveillance rules passed in Brazil under the Digital Statute for Children and Adolescents law.
Protection of kids is definitely the most common arguments for them.
IshKebab an hour ago
Sorry but this isn't a strong argument at all. Nobody who thinks age verification laws are a good idea will be remotely persuaded by any of this.
therealdrag0 2 hours ago
Am I the only one who looked at NSFW websites at 10 years old and played games with voice chat with players of all ages too, and I turned out to be well adjusted productive member of society? People need to chill.
llbbdd 9 minutes ago
Same here. Every time a thread like this comes up it brings out that a surprising number of paranoid helicopter parents browse HN, which is a contradiction in perspective that I can't really emphasize with.
narnarpapadaddy an hour ago
Same, I care little about NSFW. We used to all live in caves together where kids saw adults having sex, in conflict, and cleaning game.
But I also grew with a different internet than we have now. There’s a level of targeted manipulation that’s novel. I’m not sure the cat goes back in the bag no matter what we do.
salawat an hour ago
Seconded. The amount of time and characters spent here trying to coax someone into trying to help these damn layers materialize just tells me the point isn't the kids. It's trying to preserve business model in spite of negative externalities.
atoav 2 hours ago
I grew up during the 90s/2000s and I used the internet, first social media platforms, messengers, etc. – a lot. My parents had no idea of computers, how to use them, how to use the internet, what is out there etc. Yet I am convinced that the way my parents dealt with it is still the gold standard.
Their parenting equipped me well to deal with weird, dangerous or otherwise harmful things I encountered. They were the kind of parents who would let us play in the woods till 9 in the evening, no questions asked if there were scratched knees or dirty cloths. If there was something they thought might be problematic, they talked to us in a way that left the ultimate decision how to deal with a situation with us, displaying a high level of trust into our ability to make good decisions ourselves (and sometimes letting us make bad ones just to talk about it after the fact).
Turns out if you want your kid to be able to deal with unexpected situations you need them to deal with situations, period. And the opposite of that is what I even back then saw with many of my friends parents: trying to shield their kid from every encountering (and mastering!) even the tiniest of dangers themselves, alone. You think you tell your kid about the dangers of the world, so they know, but the actual lesson you teach is that only their parent knows what is and isn't dangerous and that they themselves can't be trusted to judge it. That is a bad lesson.
Don't get me wrong, we did stupid stuff, like jumping of bridges into rivers and so on. But we were very careful about how we did it, diving beforehand, etc. The real stupid stuff in my youth was all done by other kids that had never learned to judge risks themselves and who in one brazen attempt of rebellion bit off more than they could chew in one go. That landed them in the hospital. My brother and I were the only kids in our friends circle who made it to 18 without having broken a single bone in our bodies, despite being regular skateboarders, snowboarders, climbers, cliff jumpers and all other kinds of borderline insane past-times, some of which don't even have a name.
One aspect: Since my parents had no idea what was on the internet and how to protect against specific dangers lurking within it an educational method that didn't have to rely on them knowing and enumerating every danger in the world proved to be a really smart choice in hindsight. Since the landscapes of social media especially for kids and young teenagers is shifting constantly at a high pace, any parenting ideas would need to keep track of all this as well. I can't even imagine how that would work.
The alternative is to ban everything. But how do they build a healthy immune system if they are never even exposed to the mild dangers first?
rootusrootus 37 minutes ago
I think the best thing most parents could do is ban the Internet from their own life. I grew up in the 80s and I have watched the evolution of parenting since then. The world is measurably safer today than it was then. Stranger danger is vanishingly rare. What the hell happened? Fear happened. Things like 24 hour cable news accelerated it, and the Internet turbocharged it. We cannot untangle the horrors we are exposed to on the Internet with what real life dangers face us, we conflate them to the detriment of our children.
Maybe our children will figure it out as they become parents. I hope so.
GrinningFool 40 minutes ago
When the dangers consist of invisible targeted manipulation of thought processes it's a whole different category of risks that kids (and most adults) are not equipped to handle. The effects are playing out around the world as we speak.
I don't know that universal tracking is the answer. I also don't think unrestricted access to children by manipulative predators (companies in this case) is the right answer. But then, I don't think they should have unrestricted access to adults either.
economistbob 3 hours ago
The bigger threat to kids is all the browsers now bypassing domain filtering by default, even if you specify a DNS server. There was a time when multiple vendors sold protection software, but apparently some unsavory elements wanted all the browsers to build in DNS bypassing to go around it. The best protection for children is blocking the bad stuff at the DNS level.
betorabinovich an hour ago
here's alternative legislation that should be at least as effective without the mass surveillance aspect:
* as your kid's legal guardian you're legally liable for whatever the fuck your kid does, including but not limited to harming themselves: Parents should care for their kids
* platforms will do their best to not be available to minors unless minors are actually their core audience, will inform monthly how they did that, and the bottom 10% of achievers will pay an escalating percentual of their valuation as fine for each instance where they're found lacking: Platforms should care about kids as a category of people
* posession of personally identifiable information about an unrelated minor by any unrelated person/company without a clear and preapproved reason is grounds for a child abuse investigation on every person anywhere in the chain of custody of said data: Children's PII should be such a hassle to manage it's not worth taking
kittikitti 43 minutes ago
I also dislike how confident people are in children's technical skills. It's really not hard at all to block VPN's. It's actually relatively easy to block certain content on your internet devices. I get it, kids are smart, but why do we think everyone is a malicious person who also has the ability to bypass all the restrictions?
Perhaps it's the parents who are too dumb to understand how to configure a network?
1970-01-01 3 hours ago
If it's stupid but it works it ain't stupid.
bell-cot 3 hours ago
Assume that saying "X is stupid" is pejorative shorthand for "I strongly disagree with the other side's criteria judging whether or not X works".
thenewtoolsmith 2 hours ago
i was thinking of having a mobile/tablet with kiosk mode and full restrictions on the content.
2OEH8eoCRo0 2 hours ago
My solution is simple: Fine companies that allow minors. How you implement that is not my problem! Something that is severely lacking in tech is liability!
What's with the "we can't do that" helplessness that pervades this topic?
shevy-java 3 hours ago
> What we call "age verification" is actually mass surveillance
Thank you.
It has never been about "protecting the children" either. That was always a lie - the red herring. Many pointed that out from the get go too.
The much more fascinating thing is how legislation is still being actively changed to sustain that narrative. This is like a pre-scripted event what we are seeing here. I find it quite fascinating. It shows how real lobbyism actually works.
My prediction is that mandatory age sniffing will come, they will continue to claim it is all for children, and the openness of the world wide web will factually be transformed into a two-class apartheid system. The latter has already happened actually - you have walled gardens e. g. discord rather than oldschool phpBB webforums (aka privately controlled access to information), Google already ruined its search engine, AI slop continues to ruin more here. These are all not isolated. This is a deliberate mega-slop attack, combined with payments to key lobbyists. We see a degradation of services here. That they attack VPNs is very logical - after all VPNs allow people to break out of the global ghetto system they are building here. They want to know who is who.
Interestingly I see this attack also related to them trying to abolish the right to repair movement. Now, there is no direct connection here, but right to repair also attempts to put people at the center - you purchased something, you should be able to freely change it to your own liking, without some random private company being able to proxy-deny any change to that. With mandatory age sniffing coming, it also means that people will lose the ability to change software. Recently a university here in Europe started to demand that students must own a smartphone AND must install an app from a private company (via google store) in order to be able to read email sent to them via a webmail account. I also found this fascinating, because now people need to submit to Google, in order to study in a small european country, if they study at that university (which is paid for by taxpayers by the way). These interdependencies will keep on increasing here. Even Linux will fall victim - systemd already added data fields to track your age. More to come in the future despite Poettering's claim that it is all very, very harmless. Until it is not. And then it is too late.
monssooon 2 hours ago
I dreamt about this. In my dream it was very clear. Like ray dalio says we are in the last inning of the current great debt cycle. The end of the NWO or the great reset or what it is named, brings about great losses to the west. We attemt to save our economies with mass immigration. Along side the downfall of our industries and currencies the middle-class falters and the crime and violent facfions in society becomes stronger. Parallel societies become financed by outer geopolitical entities to escalate the wests downfall. In desperation the western governments try to get in control of their populations before real civil war erupts. One attempt to avoid complete chaos is total surveillance... Just; if ray dalio is right this is not a nightmare but our current trajectory. The leaders know and are preparing...
ToucanLoucan 41 minutes ago
I'm just gonna say here that all of this, whatever solution whatever unaccountable political group decides is the one, can only be built by tech workers. All of these require fingers hitting keys to produce code to function.
If we unified and refused, it wouldn't happen. It couldn't happen. I am begging my fellow developers in this space to remember that you are WORKERS. The owning class will throw you into the meat grinder with every other worker the second it's convenient to their wealth extraction.
Throw down your tools and say no.
If you find yourself tasked with implementing age verification shit you think is profoundly unethical, don't build it.
If you find yourself building products you know to be harmful, refuse.
If you find yourself put against a wall to ship garbage you know doesn't work to check boxes for some fucking CEO, stop.
We are the tip of the spear in the global effort to make the world more surveilled, more dangerous, less free, and more expensive. We have a CHOICE and we have to start making it.
And yes, it may cost you your job. It'll certainly cost you status. Your boss will hate you. But the last year or so has made it abundantly clear that whatever professional "safety" we feel is not warranted. We are just as replaceable as the delivery drivers who get caught pissing in bottles.
rootusrootus 34 minutes ago
> If we unified
That's cute. About half my coworkers are socialists and the other half fire breathing MAGA. The only thing we have united on was that we don't talk politics at work. But I assure you, there is not universal agreement at all that authoritarian technology is bad. Some people, including many developers, absolutely support it.
What you propose requires agreeing on the definition of harmful. And immediately it fails.
abdelhousni 43 minutes ago
Arab spring, Gaza genocide and genZ revolutions lately has the attention of the oligarchy... The war for youth attention and minds
nekusar an hour ago
This whole shitshow thread is a bunch of techies coming up with more inane and erudite ways to implement spying on every web activity, but 'technically better'.
And people here are NOT asking why its even needed at all. This is what those ethics classes are for - not asking HOW to make, but whether we should at all.
And invasive country identity level online personas is NEVER something we should ever go for. This is basically "FLOCK ONLINE". And we see how devastating Flock is, even when pigs only have access.
No ID scans. No eyeball scans. No face scans. Im done with all of it.
josefritzishere 3 hours ago
Security and Privacy are not the same thing.
curiousObject 3 hours ago
‘Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety’ — Benjamin Franklin
This isn’t a simple solution to the problem but it reminds me that it is not a new problem. We should remember that
tuieriojwpoiejf 3 hours ago
Perhaps save kids from peter file gangsters first? If local police protects child molesters, and government supports it... Very difficult to take this child internet protection seriously!!!
gampleman 3 hours ago
What an exceptionally bad faith way to put this whole thing. A five year old watching hours of the most depraved porn available is harmful to that child. Even if you disagree with that statement, you surely must acknowledge that it is an entirely reasonable opinion to hold and one our societies have generally held to this sort of thing for ages.
I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented.
There is also a reasonable debate to be had about the merits of various technical and legal schemes being implemented to achieve these goals.
But this take is neither of those. For one, surveillance isn't the number one harm being prevented (even though, a number of legal codes attempt to make this the case).
As has been pointed out previously, there absolutely can be age verification that is without surveillance. The fact that these solutions aren't always legally mandated and therefore age verification can be used to increase surveillance is a reasonable thing to attempt to amend to the implementations of these laws.
akmiller 3 hours ago
Your example is in bad faith as your example assumes that the only thing blocking a child of 5 from porn is age verification of some type. There are lots of blockers today for 5 year olds to get access to porn.
> I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented
Nobody on the "we need age verification" side wants a debate. They want to run face first in to dumb legislation giving governments and companies even more power to track every movement and know exactly who you are.
dormento 3 hours ago
Disclaimer: I do not agree this take was made in bad faith. I think that raising a kid comes with its own set of expectations around caring and curating experiences of said kid. Therefore, I do think that offloading that responsibility to the state (and by extension, businesses that offer age-gating tech to that state...) is not the right way to do it. And even in the absence of that, my experience taught me it is entirely possible to grow up with unsupervised internet access and turn out an OK adult. The internet is not only "depraved porn". It is also a lifeline for that weird kid who has been bullied and effectively barred from social experiences.
Of course, YMMV.
That said, if such a nanny state is inevitable: zero-knowledge-proof-based age verification would not only be possible, it would further protect these kids from a bad state actor. In that spirit, I agree with your last point. The fact that any other alternatives are even being considered makes it on principle a non-starter to me, because it betrays the actual goals of the political actors involved.
lern_too_spel 2 hours ago
California's proposal is better than the one you're proposing, so Californian legislators goals are actually to solve GP's problem. Articles like this one that don't consider other proposals like California's are idiotic because voters actually want to solve GP's problem, and pretending they don't exist does not convince voters.
glaslong 2 hours ago
Who gave the child access to that?
BigJono 2 hours ago
You can't use the words "reasonable debate" in your post after you've immediately jumped straight to some mythical worst case scenario of a 5 year old being given a device with no supervision and somehow managing to immediately find their way to some sort of super duper snuff porn that will scar them for life.
farfatched 2 hours ago
I agree going to the worst-case is a weak technique, and this is what the OP does:
> "Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.
CPLX 2 hours ago
This comment should not be downvoted. The original article lost me in the first sentence with this:
"The literature on harms to kids from online platforms is complex and nuanced, rife with people citing small, ambiguous studies as iron-clad evidence that kids are being destroyed by the internet"
Sorry, but a firehose of unlimited pornography, violence, racist, misogynist, and divisive content for developing children is bad. You can "well actually..." me all day I don't care at all.
I agree that there's no good solutions here, and I think this is a genuinely complicated and difficult issue for exactly the reasons people often state. But every argument that pretends that it's a one-sided discussion should be dismissed out of hand. There are two sides to this, both thorny.