Cryptographically there are techniques that let you prove you're one of the several hundred million adults in the US that don't reveal anything about which adult you are. It's much less complicated than bitcoin.
I'm bringing this up because it's the perfect litmus test to show whether you really care about age verification, or if you want personal trackability for all internet behavior.
I'd be okay with this for certain situations (e.g. a forum that doesn't want to foreign agitators to pretend they are US voters), but the whole porn thing is a ridiculous farce because there are still going to always be millions of non-us porn sites that don't enforce US laws.
Not really. There are ways to prove ownership of one of several hundred million tokens. If you give out this many tokens, the odds that some will be stolen or sold must be fairly close to 1.
Agreed. But obtaining such a token/proof would still be an additional barrier kids would have to actively bypass, so while I don't think that's the best implementation I don't think it's correct to say there's no value there.
My bigger concern would be who gets to issue these tokens. If it's limited to a particular government, then that doesn't work very well on a global internet. And making the internet not global (blocking adults from accessing foreign websites that don't adhere to your scheme) is kinda authoritarian IMO.
If we're going to do age verification and blocking of adult sites, it needs to be local to the user's device (and thus under the control of parents, not governments).
E.g. Instead of mandating sites verify users, we mandate internet-capable devices sold to kids have certain content restrictions, the same way we mandate you can't sell alcohol to kids. To make this more effective than existing content filtering, implement some kind of legally-enforced content-labeling standards websites have to follow to be whitelisted on these devices. This way the rights, freedoms, and privacy of adults using adult devices is unaffected.
The real problem is just managing identities for millions of people. Some of those people will voluntarily use their credentials for someone under 18. Some will sell their identities. There is no technical solution to that.
Chat GPT would be happy to explain "Rate-limited anonymous credentials" to you. Just because you can't think of something doesn't mean brilliant mathematicians can't.
It would be much more valuable if you explained rate-limited anonymous credentials or provided an article (even wikipedia). ChatGPT is non-deterministic and telling someone to use it feels a bit cold for this website.
Can you send a link or explain how this can be done?
As a not super tech savvy parent I find it impossible to keep my son off screens. He always finds a workaround. So I'm a fan of age verification especially after reading The Anxious Generation, despite all the hate it gets from hacker news.
Age verification actually gets almost no hate. Society-wide surveillance gets a lot; age verification just happens to be the "think of the children" excuse to shoe-horn in the society-wide surveillance. As OP described, if the age verification is implemented as a "zero-knowledge proof" then we have age verification without society-wide surveillance and nobody is complaining.
Not OP and I don't claim a cryptographically secure solution. However https://news.ycombinator.com/item?id=46223051 is as good as the controls around other age-restricted products IRL: alcohol, tobacco, and adult magazines. And it preserves anonymity.
He’s talking about zero knowledge proofs - it’s a neat use of graph coloring where you send an encrypted proof that a graph can be colored with three colors and no neighbors with the same color. The verifier makes a challenge to prove two nodes don’t have the same color, and the prover provides a key to decrypted just those two nodes. This process is repeated a number of times (with new colored graphs) until the verifier approaches certainty that the prover will always be able to show all nodes have neighbors with different colors.
This coloring problem is NP complete and somehow the thing the prover is proving is encoded in the graph structure. At the end of the day, the only thing the verifier is sure of is that the prover can make the three colored graph, 1 bit that corresponds to the thing the verifier wants to know (eg - does the prover have a token that can show they are over 18).
For simple yes/no questions ("Is over 18?", "Is US resident?") then you should look back to David Chaum's blind signatures and the work that came out of that back in the 90s. The math is super-simple to understand and there are a ton of even easier metaphors with envelopes and carbon paper that you can use to explain to your grandmother. Once you get someone to grok blind signatures it is easy to lead them to zero-knowledge proofs.
This is far from the best way to do it, but this is a much easier to understand example of how it could be done without having to read about math:
There's a type of token called a JWT that's really common nowadays, which is composed of 3 parts: Metadata describing encryption for the third part, the actual base64-encoded data, and the encrypted signature. The second part would include "is over 18" and "expiration date" to limit reuse/abuse, and is trivially decoded by anyone to confirm there's no personal information in there.
You'd get this token from your government site and copy/paste it into the site needing verification. The government site would provide a standard public key that can be used with the third part of the JWT to confirm it hasn't been tampered with (verification is built-in to JWT libraries). There would only be one public key that rarely changes, allowing the site to cache it, preventing the government site from correlating users based on timestamps - they never see the JWT from the other site (verification is done locally), and the other site would only need to pull the public key once for however many thousands of people use it.
...that said technical issues aside, I kinda feel like this would be the most acceptable version simply because it doesn't require the average user to trust the math - they could go to a JWT-decoding website and look at it themselves.
How would you prevent the token from being used by a different person than it was issued to? This is the online equivalent of getting your older cousin to buy you alcohol from the store using their own valid ID
I don’t get the analogy. I keep my house keys out of the hands of people I don’t want in. In this case, the age verification is being circumvented by someone simply asking another person to perform it on their behalf.
I guess the practical answer is that it’s impossible because there’s always the option to have an adult perform the verification and then hand over the device to the minor
Yes, the analogy is the burglar getting into the house by asking you to open your door for them. Adults are permitted to decide such a thing, because they know the risks and are expected to be able to reason about that. When an adult has decided, then there is no problem, as far as age verification is concerned. We have regulations when adults are in fact not able to decide such a thing "correctly".
We already have penalties for adults mistreating children by exposing them to dangerous things, but this is orthogonal to age verification.
Mostly because online process can scale a lot further and faster. An older cousin can only walk into a store to buy so much alcohol but a stolen token can be reused a million times in a second.
I mean one sided criticism that doesn't account for the damage done to kids by having no online limits, and assuming everyone in the world is as tech savvy as they are.
In my opinion, access to internet should always be behind a device controlled by an adult. And it should be this adult's responsibility to set appropriate restrictions for minors.
Yea, I think anyone who grew up at the start of the internet in homes realises just how different it is now, and that teaching your kids about how to be safe online etc is an important part of parenting. But we are at the point where we have some parents who always had access to what it is now, and don't see it as a bad place.
"Stranger Danger" is no longer don't get into a van with someone who promises you sweets kinda thing.
Agreed. My kids are young right now, but I'm wondering if we can just have a shared family room computer like in the 90s. (school-based laptops might thwart this, but maybe by the time they're school-aged people will realize that constantly putting kids in front a screen is a bad thing to do?)
Yep, I bought a separate all-in-one computer that is in the living room, in full view of everyone else, so we can keep an eye on what is going on when they are using it.
We also have pi-hole running that blocks a lot of things, and can turn on and off certain domains (so they can play roblox etc for a short while, then its blocked again) and their devices are pretty locked down
All four of my daughters prohibit my 7 grandchildren from going anywhere near roblox. My grandchildren are currently ages 2-11 but my daughters are so outraged by what happens there that they say their children will never be allowed on roblox until they move out of the house. Apparently it is extremely predatory, lots of bullying, and highly sexualized - and while children are the site's target audience, the site provides no effective oversight.
You can be pretty effective with not much - school laptops can be router-blocked to the needful, the main familyroom computer can be visible to all but also have rudimentary DNS blocking, etc.
The key is to be open about it and “more” than reasonable; allow things when requested that aren’t harmful.
If we’re too perfect at protecting them from the world they’ll have no tools to deal with the world, which they will have to do eventually.
Even if they don’t share a computer you can still set up their own computers in a shared space. We don’t put tvs in bedrooms either just to keep those rooms for reading/sleeping. Added bonus of keeping computers in common spaces is that your kids won’t disappear into their rooms one day and never come back out.
You can have a shared family room computer! It works really well. No screens in the bedroom is a great idea. iPhones with strict Screen Time settings are awesome when the kids get old enough to use a phone for communication but not old enough to handle a phone with games and the full Internet
My 16 yr old just had his phone update and apply his old screen time settings from 4 or 5 years ago. Sorry kiddo, don’t remember the screen time password.
Now why they came back, and weren’t working before? The restrictions were so full of holes that they didn’t really work as anything other than a speedbump.
And since you have root certs on the devices, you can decrypt traffic and uniquely identify devices and block internet from your central management, at any time, regardless if the phone is on your wifi vs a friend's vs mobile data.
With my family, I shut down and threw away my last PC; too many security head aches. I bought the cheapest large screen iPad(s) and promptly locked them down. One of my best decisions.
I think that's the idea behind the family room PC -- you have parental observation rather that attempting to rely on (necessarily-imperfect) security software.
For several years now, I have lived my life under the presumption that whatever I say on the telephone, email, or text has been downloaded and preserved somewhere.
Whilst I do kinda agree, I was just replying to the parent about what the punishment would probably be :)
But the problem is that people are NOT managing their own kids' shit, and now we have to have things put in place to try and counter that - and end up overreaching.
I'm more than happy to educate mine on how to be safe online, and to come and talk to us about stuff, other aren't, or are not aware they need to.
Perhaps buying internet means you have to sign a waiver saying that if anything happens because of the internet then that is on the parent(s)...
Consider a parent that uses mac address filtering to block access. Easy to implement on routers.
What happens when the parent goes to bed and the kid hard resets the router? Or the parent goes to bed and the kid spoofs the mac of the parent's device?
It's a good outcome! Let the cat and mouse games begin, and the youth will be more tech literate than ever. But I think punishing the parents is a bit much.
It'll probably eventually be like how modern folks treat play dates when they ask the counterparty if there are guns in their house and whether they're locked, etc. but with the internet: Do you have a central device management system with proper safeguards, logging, and ml running for anomaly detection on your network? Do you dpi? How do you prevent your kids from evil maiding you? Is your personal computer locked in a cage, and do you check all your paraphernalia for keyloggers, etc. before booting?
Such a waiver would be equally insane given the fraud and malfeasance that goes on every day it would be like signing a waiver saying whatever happens in the world is your fault for a drivers licence.
Instead how about we simply continue to make reasonable laws regarding behaviour and holding individual people and companies responsible when they violate the law.
Whilst we are at it we can keep content filtering for pre teens and imposed by parents and accept that teens are going to figure out how to get to the real internet at some point.
I'm really glad you're not in charge of making laws. The one thing you can do as a parent is override most age restrictions. You can give your child alcohol, you can take them to R rated movies, you can let them watch NC-17 movies at home, you can buy them M video games, you can just straight up buy them porn. But then parents have a legal requirement to restrict their child's internet access to whatever the government happens to approve of—utter nonsense.
I mean there's a pretty simple comparison here - it's illegal to not send your children to school. Why do we send children to school? So they are educated and developed into functional young adult members of society. You could make the argument that access for kids to the Internet, which has all of the world's information and connectivity, should be regulated in a similar fashion.
As a parent, I was shocked how little that's actually true, at least in some US states. Home-schooling can mean sending a copy of your curriculum to your school district and you're good to go.
But when your kid needs Internet access to do their homework, and you forget to turn off the WiFi to their device after they're done... then they sneak that Chromebook to their room and watch videos all night, you lose.
When you have a extra phone that was sitting on your desk that you were preparing to resell and your kid sneaks that to their room to watch a few hundred YouTube shorts before you catch him, you lose.
When you have parental controls set up on your wifi network, but it's trivial to shut the wifi off and use the cellular network instead, you lose.
When your friends all have personal cell phones but you don't, you lose.
Parents have their hands full enough. Make it easier for parents, don't poke at them with a pointy stick.
> But when your kid needs Internet access to do their homework, and you forget to turn off the WiFi to their device after they're done... then they sneak that Chromebook to their room and watch videos all night, you lose.
You are at fault.
> When you have a extra phone that was sitting on your desk that you were preparing to resell and your kid sneaks that to their room to watch a few hundred YouTube shorts before you catch him, you lose.
You are at fault.
> When you have parental controls set up on your wifi network, but it's trivial to shut the wifi off and use the cellular network instead, you lose.
This can be controlled via Parental Controls on iOS via Screen Time. If you chose not to, you are at fault.
> When your friends all have personal cell phones but you don't, you lose.
Not sure what you want anyone to do about this. I recognize that life isnt fair.
> Parents have their hands full enough. Make it easier for parents, don't poke at them with a pointy stick.
No one is arguing against this. They are arguing how to implement this.
Glad to hear your life is so simple that you can track all this while working full time jobs, cooking healthy meals, driving the kids to the various activities and travel sports (because you could be arrested if you let your kids walk anywhere), making sure they complete their homework on time, monitoring their interactions with friends, tracking new tech trends to find new threats (is my kid interacting with character.io or ChatGPT in an unhealthy way?)... I'm sure I'm missing a few more.
And yes, you are arguing against "making it easier for parents" - my original post literally advocated for legislating tech companies to make controls available, effective, and easy to use. If you truly believe what you're saying, then you'd agree with me. Instead you're nitpicking my ability to parent my kids. Exactly the behavior that isn't working, so please continue - I'm sure it'll work now.
> Instead you're nitpicking my ability to parent my kids.
You willingly invited that conversation. I obliged.
> If you truly believe what you're saying, then you'd agree with me.
Get over yourself. You have not made an attempt to ask for a solution from me to find common ground. You keep trying to remove yourself from the responsibilities of parenting in the modern world as shown in the examples you put forth and your initial post asking that parents not shoulder the blame for what is happening under their nose. Surely they have some level of culpability.
I believe that it would be good for Parental Controls on devices to have a toggle to say that the phone is being used by someone in under 13, or someone 14-18 (whatever bands you want). When enabled, this flag should be available to locally installed apps and remote connections. Laws can be passed that tell remote connections how they must act when receiving this flag. This keeps me, an free adult, from being subjected to more corpo/govt tracking.
Ad hominem attacks - great way to find common ground. I actually did try to find common ground, which is that we need to legislate. My argument is that the real entities that need legislation are the ones who can most afford to do so - in both time, resources, and ownership of the platforms that we are all beholden to. I will not advocate for even more punitive restrictions on parents (who already are subject to enough societal punitive pressures as it is - TBH your post is a great example. Instead of empathy, you reply with scorn and derision - as if I'm not good enough to parent my kids).
> I believe that it would be good for Parental Controls on devices to have a toggle to say that the phone is being used by someone in under 13, or someone 14-18 (whatever bands you want).
So you're admitting that parental controls are ineffective?
> Laws can be passed that tell remote connections how they must act when receiving this flag.
And those laws are enforced through what mechanism? What country enforces this law? Do ISPs now have to only accept connections from "legal" remote servers that have attested that they respect that flag? That sounds like an even more restrictive situation for you, as a free adult, than the current system.
But, I do have good news! What you described already exists! In fact, there are even W3C standards that have been around for 30 years to implement a machine readable content rating system! Just never got around to that whole passing a law thing to force all websites globally to adopt it...
Grow some skin. I used that ad hominem in response to your false dilemma/no true support comment of "If you truly believe what you're saying, then you'd agree with me". This comment ignores the obvious 3rd option that we can share underlying values (parental controls are helpful) while disagreeing on details, tradeoffs and the responsibility that comes with parenting.
> So you're admitting that parental controls are ineffective?
I never stated anything of the sort. I specifically pointed how they could be effective for you in the examples you brought forth. I think they could be made more effective, not that they are ineffective.
> And those laws are enforced through what mechanism?
If this is how you feel, than no solution you put forth is valid either.
At this point, I've stated how current parental controls can solve some of your issues, parental controls can be strengthen, outlined an implementation that does not disrupt the lives of Adults on the internet while also pointing out that parents are not immune from blame and are bare the majority of control over their childs lives. Ive engaged with you in good faith.
You just keeping shitting on everything. All because I stated that parents are not immune from blame. I stand by the ad hominem.
We should then make laws that parents must tell their kids to clean their room. Next we can make laws that parents must tell their children to eat their veggies. What about chore laws? Teeth brushing laws? Stop arguing with your sister laws! More laws!
I know that was snarky, but that already exists in Germany, since the introduction of the civil law book two centuries ago. Children are legally required to do chores. Actually this is quite important, as otherwise it would be an adult requiring minors to do unpaid work, which is illegal.
There's a giant difference between stopping kids having full reign on what is now essentially the whole world of information - and instant access to strangers, than there is making sure they eat healthy, help out, and don't have bad teeth .... but I'm sure you know that :)
The only difference is in parents who raise and protect their kids without needing a law...and people who want government to be mom and do it for them and are willing to make everyone else suffer for it :)
we trained our kids to avoid bad words we taught them to be ashamed of bad pictures, we put porn mags in a hidden location, we put sextoys in hidden location, we locked the pay channels on the cable box, but this internet thing came along and all of that is on there, we didnt lock the computer, or put it somewhere hidden, or the router, or the modem, we didnt lock the box for the service dropline, or for the starlink terminal, we decided to complain until pushing the entire service for everyone into the lock up, not only the kids.
This is something I am conflicted about as a parent.
My daughter is still a baby, so the problem is still a few years away. But I don't know how to best handle it.
In some ways, I see social media as more poisonous to the brain than alcohol or tobacco. So, forbidding - or heavily limiting - internet access sounds like a plan.
On the other hand, part of me being a parent is teaching her how to navigate the world. And part of that, wether I like or not, is using the internet. Having contact with the communication tools that exist.
The world is full of sons of bitches. If I don't teach her how to deal with that, I would be raising an idiot.
Still, a problem for the future me to ponder over.
My parents did exactly that, but not in a large quantity. Gave me a sip of a really crappy beer when I was young and basically told me it all tasted like that.
Did a pretty good job of not tempting me to try it very much.
In theory that sounds right; but as a parent with two young teens I can tell you that in practice this is really really hard -- your teens can get around whatever restrictions you might set, bringing you down to either 1) taking away their phone altogether, 2) turning off the internet altogether (while at home), 3) trying some parental control app (none of which work that well or are inconvenient to use in practice). The only thing I've successfully managed to set up is a blocker on the router that shuts off access to their devices at night (so they go to sleep at a reasonable hour). During the day is just way too complicated.
So we talk about it and try to get them to manage it themselves. They're not unwilling, but the addiction of continuous scrolling is really hard to break. It's not even that the content is terrible, it's more just the mindless zombies -- like sitting all day on the couch watching TV. And they don't even have an IG or TT account (and won't be getting one for a long time) -- this is YouTube (which now has endless scrolling like TT) which I don't want to block altogether because there's other helpful resources on there.
I've always been an early adopter, and was on BBS and IRC and all that back in the day, love the fact that the Internet is a place you can easily set up your own blog and all that, but recently I've honestly come to f*ing hate the internet in general and social media in particular.
I think the parent should decide what the level of control is and what is appropriate for their child. I don't think we need to set up laws for everyone in the world.
How does that work in practice? I've tried to do this at home. It doesn't work at all. It's not the 90s any more- there isn't one PC sitting on a desk with a modem attached to a phone line that you need to wait for 30 seconds to dial up and establish a connection before you're online...
Now you have ubiquitous WiFi and cellular connectivity across dozens of devices in a typical household. Even refrigerators have built in web browsers now. Parental controls are a joke, treated as an afterthought at best - nonexistent at worst. Oh, and the school system provides your kids with a Chromebook with Internet access starting in elementary school.
It's victim blaming at its finest IMO. Yeah, we can all point fingers at the parents who sit their kids down with an iPad. But there's many of us who struggle to limit screen time, working against the profit motive of trillions of dollars of corporations. It's a losing battle.
Edit: crazy. Instead of providing an answer to my question of "how do you do this in practice" I get downvoted. Goes to show that there are no real solutions, just a bunch of morality police and victim blaming. Yes, parents are the victims here. The tools are inadequate and trillions of dollars of incentives are lined up against them.
No, I think what they want is not to have the rest of us have to jump through hoops (and sacrifice privacy) to achieve the same thing. Some of us don't have kids (or live in a household with any), so passing a law that potentially limits our internet access to solve a "problem" that already is dubious is ridiculous.
Fair enough! I misunderstood your previous comment as implying that measures like this were needed due to the unlikelihood of parents enforcing this. (There's probably a joke somewhere in here about "parent" comments as well, but I'm not clever enough to figure it out at the moment).
Here [1] is the zero knowledge solution. It has existed for ages but not adopted likely due to not providing a name, SSN, location and credit card. No third parties, no dependency on CDN's, no sharing or leaking ... anything.
Given that solution is unlikely to be legislated into action I would suggest people are just going to share adult content on Usenet, Tor, P2P, within G/PG rated video games by plonking down a virtual theater and streaming from a throw-away VM and fully automating syncing with LFTP+mirror+SFTP, sharing USB NVME drives, mobile ephemeral websites over WiFi and other methods when people get tired of this Top/Bottom relationship lobbyists want us to participate in. As a plus side, driving people underground means zero tracking, rules, taxes, obligations, leaking email addresses, etc...
If I remember right, a problem with this is that you need to get those proofs by submitting your id or similar, you only get a limited amount of proofs at a time, they expire in maybe a few months, and you can only get them using a government specific app that is only for "secure" devices. Instead of being tracked by the site you're being tracked by the government, you now need a Google Android phone in order to browse adult sites on your PC, and depending on your habits you may need to re-show your id potentially multiple times a day unless you opt to being tracked by the sites instead.
It really should be just once that you need to show your id and then you should be able to generate as many proofs as you need whenever you need on any computer device, but they have an obsession on making very sure that it cannot be circumvented, as if it was insanely important.
I think that the improved version of age verification is to ask the yes/no question to a government third party based on a signed payload that your local device offers the service. The government already has your identifying data, they only need to certify on behalf of which person the question is asked.
Which a) has a whole host of other concerns associated with it, and b) still does not solve that problem, because it's not at all hard for a child (especially a teenager!) to sneak their parent's ID, use it to authenticate for a service, then put it back.
After all, are most services going to require the ID to be present for every session? Or are they going to require a one-time authentication for the account?
I mean most mobile devices have already accepted closed ROMs in their baseband and all/most browsers that try to interact with streaming sits require Widevine . As longas its going to hapen one way or another better it be local , and not a gov thing or a monopoly.
At the end of the day the tool should be there enforcement down to the relevant local authorities or not.
Exactly, on my Play Station I setup for my son I enter his real birthday, then Sony knows what can he do in the Store or chat etc. So we could have the big tech Apple, Google, Microsoft, Canonical ensure to make an idiot prof setup screen and the parent is responsible to set the age of the birthday of the child if they give a device to them . Then the store can be filtered and the browser can have a standard way of adding in the headers an age range or something.
Big tech did not want to cooperate to do this for some weird reason so now we get a much more complicated solution.
Yes I know that if your kid uses a live USB stick he could watch porn on his laptop but IMO is much easier for such a smart kid to find a website that does not respect the browser headers and torrent adult content.
I don’t like this article. Irrelevant technical nuance is comingled with a philosophical opposition. The technical issues are all solvable. The free speech argument is foolish too: if limiting who can jerk off to pornography is an issue of free speech, surely so is limiting who can enter a bar and converse with the patrons.
Opposition to ID checks because you believe the internet should be open and free is reasonable but this article twists itself into knots throwing everything at the wall. And it is reasonable to believe it is a free speech issue. But we can’t say, at the same time, that the same arguments don’t apply outside of the internet.
(Convenience stores scan ID, bars scan ID, hotels take copies of passports…)
I am not that fond of stores scanning my ID data either. I’m over 21, there’s no question about it. Per policy, they’ll have my name and address in some log too, and with my photos and gait on camera and probably my license plates. What does all of that do for me? Are you safer because I am being recorded?
I like the (disputed) comment elsewhere on this page, requiring parents to parent. They aren’t my kids.
If you have the money definitely get yourself a passport card. Stores can’t scan them and they only contain a pointer to personal info in some government database.
The free speech argument is that these ID checks aren't just being applied to porn sites; there's a push to make social media websites (probably the largest hubs of free speech in the modern world) do them too. That's a much bigger deal. It'd be like if you had to show your ID to a police officer in order to enter exit your front door.
These are new things, not old things. The idea that stores and bars should be able to record for all eternity the identities of the people who have purchased things from them is just as much of a horror. They can sell that information to anyone.
> hotels take copies of passports…
This is not really a new thing, although it is a fairly new thing (i.e. within the last 40 years, since cheap enough photocopiers.) But it comes from laws about keeping track of who is staying in temporary accommodation, 100 years ago you would have had to sign the register.
The core issue here, as often, is that it pits ethical and economic concerns against one another. There has been a systemic choice by web/tech companies to prioritize maximum profit, often at the expense of necessary user support and compliance. Because of that, user support/relations are deficient and there is little accountability for what they're doing, even if, as we often read here, a tech company cancels user accounts, projects, or monetary accounts, without anyone or anywhere to appeal. Age verification presents the same problem. If companies maintained a professional, human-centered user relations function, they could implement a non-intrusive, real-time validation process.
If we were in the real world, with for example a barman needing an ID, that single person could confirm the age without copying or indefinitely keeping the ID card. The digital equivalent would be a decent support representative who could conduct a live brief video interaction to confirm a user's age, without even storing a copy of the ID, and who could even require the parents to be there with the minors signing in. That would address both the need for verification and the data minimization problem.
Yes, that would cost the companies a lot of money, but that would solve both problems at the same time: verifying the user's age and ensuring privacy. And guess what, the same person could also serve as an entry point for other issues that no one can really appeal against now, like the frozen accounts and other horror stories mentioned above. Yes, parental control is necessary, but it is insufficient. Zero-Knowledge Proof thingies could allow a device to validate parts of the process, but the possibilities of circumventing this are so enormous and endless that they look to me as completely insecure (and using a third party validating this adds another layer of trouble).
The most effective way would be to reintroduce a human element in the process, but we have already given up, because we are at the mercy of the web companies due to their free tools. The governments trying to introduce some ethics to those processes are not the problem at all, they should be commended for that. We are the problem because we accept that what should be the web companies' responsibilities is not being fulfilled because we don't want them to make less money as we would lose some freebies. That's on us, not on the laws. So the answer to "Why isn't online age verification just like showing your ID in person?" is : because we collectively accept it is not exactly showing our ID in person.
This tries to make a logical argument against an attack that isn’t that - it’s linked to age and „think of the children“ precisely because it isn’t really disprovable and anyone daring to take a stance against it can be hit with a „oh so you’re against protecting children“.
Scratch out the age in „online age verification“ and you get to real reason
It's not about age verification and it never was, that is a distraction at best and a delusion at worst. This is about tying your real name to all of your online activities, and about getting the current generation of children used to it and accepting of it before they reach voting age.
This. The German government issues electronic IDs which can provide proof of age in a privacy-saving way, but I've never seen that being used in the wild.
I would counter that they already have that. Would go so far to say that the government knows pretty much everything you do online by name. What they can't control, it's access. I think the reason for this is for an eventual license to get on the Internet. The same way you need a license to drive a car, you will need a license tied to your real identity, to use the Internet.
That's kind of the point of all this. They force websites to enact the verification because they have leverage over businesses that they don't have over citizens, and then they expect that the citizens will hate it so much that they don't go to the "bad" sites at all. "Thank you for your cooperation!"
ETA: (accidental submit; sorry) I'm in the same boat! Not entering my ID information into any website, much less ones they've got on the list. And so they've successfully boxed us in. At least for me, I intend to raise hell about it aside from just not sharing PIA, but I don't have any delusions of it's effect.
Just make the isp the gateway. Nobody under 18 needs the internet. If a parent lets their kid onto the internet, prosecute the parent. It’s pretty simple really. People just want to pretend it’s harder than it is because they have some conflict because removing under 18 from the net cuts into profits or makes it harder to parent. Boo hoo.
Are we to assume that the people at the EFF haven't heard of how European nations, like Denmark, are building government infrastructure to verify your age without disclosing sensitive information?
Are we also at assume that the EFF fail to see the similarity of age-gating porn websites and age-gating entrance to strip clubs?
That doesn't seem likely to me, and I find it way more likely that the EFF is purposefully excluding the best argument against their chosen position.
I'm bringing this up because it's the perfect litmus test to show whether you really care about age verification, or if you want personal trackability for all internet behavior.
I'd be okay with this for certain situations (e.g. a forum that doesn't want to foreign agitators to pretend they are US voters), but the whole porn thing is a ridiculous farce because there are still going to always be millions of non-us porn sites that don't enforce US laws.
reply