130 comments

[ 3.8 ms ] story [ 170 ms ] thread
This sounds like it would create a some new challenges for search engines, but the article itself offers a number of ways to address those.

Given that, and the massive amount of money in search, I think the headline falls somewhere between clickbait and a flat-out lie.

How much money is in DuckDuckGo, Mojeek, Gigablast, YaCy, or other minority search engines? If indexing material requires serious resources, the only viable search engines will be the huge ones.
No doubt Google will come up with a way for search engines to authenticate to the sites they are spidering, which will be just "Open" enough that all their competitors can implement it for free (but not have any control over the evolution of the technology).

Sites would just have to decide which search engines they want to allow to spider them, which will probably be a hardcoded list in a webserver config file somewhere, with the associated public keys.

If we're lucky, webserver package maintainers will try to keep these lists up to date, and Google may even contribute some funds for the development effort, doing just enough to stop this system from triggering an anti-trust investigation.

Government can offer rather simple infrastructure to enable digitally signing crawler requests and any legal entity should be able to acquire and renew signatures at very low cost. Total implementation costs for search engines won’t be high in such case.
The article is a draft concerning UK Internet policies for which suggestions are solicited.

I'd seen it posted to Mastodon earlier.

Critiques are very much on point.

Why am I not surprised it's the UK...

If only Orwell were alive today, I wonder what he'd think.

This is probably going to go nowhere. It fell over last time: https://www.bbc.co.uk/news/technology-50073102

It's not even an important front in the culture war.

All of these things fail half a dozen times before they succeed.
Which is why there has to be a punishment for anybody stupid enough to propose or vote for the bill. Throw them out on their ass and they'll get the message.
> there has to be a punishment for anybody stupid enough to propose or vote for the bill

It's called treason. For example:

> Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.

Nice sentiment, but it's a UK bill. Helping the government spy on people might not be treason in the UK.
I was using that more as a example than a citation, but I suppose that wasn't very clear; edited.
Proposing bad but popular legislation isn't treason, and you can't use the legal system to ensure good politics.

The US shows the limits of that approach - many important civil rights are the results of "judicial activism" in the face of legislators, and the legislators remain really upset by that.

Also the UK constitution really does not work that way. Formal censorship was only abandoned in the 1960s and "official secrets" are still illegal to publish.

I'd love to do that but I think the guards would throw me in jail.
Correct.

The key idea for this project was it's carrot and stick, all UK providers get adult ID they can use to hook billing (a carrot), and then we block all access to any non-UK providers who don't get in line (the stick), thus protecting the schmucks who fell into line rather than leaving. They hope this is enough to pressure global companies into doing the same and once it's the status quo they assume it stays that way through inertia.

The white paper says OK, some Britons will use Tor and there's no a lot we can do about that, but most Britons won't know how or won't bother. We can block everything else by beefing up DNS blocks that big UK ISPs already implement, the remaining ISPs can be forced to do the same or we'll lock them up, it'll cause a few protests and so on but we can weather that with our overwhelming public support.

All that's before TLS 1.3 and before DoH let alone ECH, oblivious DoH, and onwards into the foreseeable future. So today the result is that the "stick" part of the plan doesn't work and it will work less every day, their citizens can trivially choose not to accept the limitation and will do so in huge numbers. Without the stick, the carrot doesn't look very juicy after all, the non-UK market doesn't want your censored ID-requiring site, there's a better one without those problems. And of course today that government looks a lot more tired and unpopular than when this was originally floated.

The price for this quixotic moral crusade continues to soar, the eventual purpose of it remains unclear, eventually maybe Boris' replacement will announce (to applause) that the government has abandoned it, after spending all this time and money to no purpose.

> In other words, forcing users to prove who they are, or at least how old they are, before they can access the restricted content

First we protect children. Then we protect specific groups. Then they redefine who should be protected of what.

In the end a few protect all the others from knowing things they shouldn't know. And knowledge is power, as always.

Really if you want to protect children don't make a goddamned dystopia for them to grow up in.

We all know about the evil manipulators who favor that lie but frankly those stupid enough to believe bear moral agency as well.

Think of the children! …They could grow some critical thinking abilities otherwise…
I would like to point out that a child not having access to the internet is not necessarily a 'goddamned dystopia', it's just how the world has been from the time of the first ape that stood up, to the Eternal September of ~1993.
I agree, but keep in mind that children grow up in a society, and make friends in school. You are influencing their relationships by restricting their internet access.
Sure, but the article is talking about government action. If every child in the UK grows up with age restricted internet then no ones relationships will be disadvantaged.

The only thing that would be influenced is cross national relationships, and sitting in a separate country probably affects that way more than having equal access to the same webpages.

Sure, but children now will have to deal with the internet when they become adults. "Protecting" them from it just means they're less likely to be prepared for it when they do become adults.
We absolutely need a media walled garden for children. There's no good reason to give them unfettered access to the internet right out of the chute. They can grow out of it at their own pace.

The moralizing coming from all angles is weird, since everyone involved would probably consider themselves a problem-solver.

That should be done by the parent, not the child. There are more than enough tools for a parent to police what their child sees online.

The problem is that parents aren’t trusted to do their job by some and some want the government to step in and do as much parenting as possible. That’s not how parenting works though. The government doesn’t own your children and shouldn’t get to decide how they’re raised.

I hear your argument but would you apply the same to alcohol and cigarettes? Let parents make sure their kids get none of it until they’re of age? I think it cannot work that way and it’s OK for society as a whole to help with the parenting.
Just don't give your children internet access till they are old enough that they can be responsible enough to use it correctly? Why this is not an option?

I got a PC that was all mine and an ADSL internet connection at 16 years old, before of that I used the family computer, but not really used the internet a lot since back in the day it was quite expensive, and when I did I was monitored by my parents. I got a smartphone that was capable of accessing the internet everywhere at 18, before of that only a phone that did phone calls and SMS. And still grow up fine and managed to get a good career in IT.

There is no reason whatsoever for a child younger than 14 to use the internet on its own, without the surveillance of his parents. And there is even no reason for him to have a smartphone. If as a parents you are concerned about giving him a phone for emergencies, just give him a 10$ feature phone that can only do phone calls and SMS. It's as simple as that.

Nowadays kids are always in front of a computer or a phone, they no longer go out to play, instead they spend their time on Tiktok or other stupid social media. We must change that, not the internet.

> Just don't give your children internet access till they are old enough that they can be responsible enough to use it correctly? Why this is not an option?

It can be very hard to enforce unless you are a stay-at-home helicopter parent who homeschools.

Peer pressure (not just on the child, but also the parents) and the need to fit in will result in your child demanding their own device by like eight at the latest, and mounting pressure to do so. (Apps are part of the curriculum in some places now!) And failing that they'll just buy and hide their own device by like 14. Though as you imply, if they aren't capable of self-regulating by about 14 you've probably already lost.

Everything from game consoles to the television to the fridge may be Internet-connected. Prepaid plans with data are as little as a single day's lunch allowance in some parts of the world. All their friends have electronic devices with internet access. Along with access at school. And probably some circumvented access at home... it's quite hard to actually keep kids offline.

> Just don't give your children internet access till they are old enough that they can be responsible enough to use it correctly? Why this is not an option?

Every media device in the house is connected to the internet. Every media device in kids' friends houses is connected to the internet. Everything at school is connected and now they need laptops with actual webcams at home.

They're immersed in it daily, and most of the use is unmonitored.

There are plenty of content restriction tools available, and individual parents know what's appropriate for their children better than a one-size-fits-all approach enforced by the government.
Age is going to be another credential, based on signatures that browser will be allowed to present. Spiders will have their signatures, which cannot be copied, eg think how SSL client certs work. Now, are sites going to require age credentials? sounds like a GDPR v2 cookies story.
no idea why ppl are downvoting, maybe don’t understand? disagree? Anyway some big companies are already working on tech that enables this implementation, so it’s not sn impossible scenario.
Some argue linking real identities to online accounts will reduce, well, all negative activity.

Facebook, Weibo and other smaller platforms around the world prove that's not going to happen.

(Too) Many people are still going to be trash even with their actual identity out in the open.

So just leave the Internet be, for the love of everything.

> Some argue linking real identities to online accounts will reduce, well, all negative activity.

I don't think anybody is arguing that it will reduce all negative activity, just some.

Is the plan to make real identities publically viewable?

Seems like it's either a data breach waiting to happen or makes it much easier for the worst to dox and target people.

The whole premise of “doxing” being a problem is that people have a right to say things on the internet that would get them in trouble in real life.

I think the pro-real-names position would argue that it is net negative for society for people to have this ability, we should only be saying aloud what we are willing to put our reputations behind.

I don’t agree with this position, but afaik that’s the position.

I know you said you don't agree but you left that position up without a rebuttal so here goes. What if someone managed to dump of the personal information of everyone in an online support group for LGBT folks and published it. That's doxxing too and this would do nothing to mitigate it.
This isn't the 60s. Most LGBT in western democracies are out.

But, yeah, there are exceptions and corner cases to everything. I believe the fundamental idea is that "real" life didn't used to be like that, nor is it today. You just don't see the stuff you see online happening at the corner store. And the difference is that it's people you might see again, or can call the police on, or just recognise as fellow humans.

The problem of anonymity sometimes being required also isn't entirely new. There have long been guarantees (or attempts at such) of anonymity for situations where the need for it was generally acknowledged. In one such case, the organisation even adopted it as their name: Alcoholics Anonymous.

Trans people are not necessarily out, and are particularly subject to harrasment at the moment when outed as a particularly noisy and dangerous anti-trans campaign is going on on the UK internet.

The people doing the harrasment do so under their own names.

Also like to add that many "corner cases" would see less engagement -

people would avoid getting mental help, support groups, religion questions, sexual health, etc if they worried it would be easy to be exposed.

Doxing is far greater than being canceled for a reddit comment. An open source dev recently got doxed and had 4channers banging on their house windows at night. Swatting and similar activity is also an extreme problem.
> An open source dev recently got doxed and had 4channers banging on their house windows at night.

As far as I know, this hasn't been confirmed by anyone other than the dev themself yet. The personal information is also not in the archive, so someone (4chan staff or archive staff) did their job. We'll have to wait and see for the truth of that case, if it ever comes to light.

I agree that great claims sometimes need great proof - and I am skeptical of that particular story.

However I also agree with gp(?) swatting and similar is a problem.

I've experienced these things from internet things - resulted in knocks on the door, 'certified letters' - and pics of my house posted online with people on said blog asking others to drive by and honk.. I'm talking three separate incidents by two or three different people for different reasons - all from internet.

luckily for us it was more nerve racking that people were trying these things and nothing aside from the knocks became an issue - well one of them cost me a business relationship now that I think about it.

There is a strong desire in some to avoid fame. Anonymity solves that. Names risk fame.
I dislike the way the 'net has gone such that this kind of measure is probably inevitable—I prefer one that's anonymous-by-default where revealing your real identity is strongly discouraged by norms and it's hard to gain anything "real" by revealing it, anyway, so there's little incentive to—but on the anti-anonymity side, I'd agree it's pretty damn weird that we treat shouting crazy or abusive shit (or anything, really) into a world-reach megaphone with so little gravity, or expect anonymity when doing so.
> The whole premise of “doxing” being a problem is that people have a right to say things on the internet that would get them in trouble in real life.

Mmm. In some cases terribly dangerous things to their health, like being gay in a country that forbids it. Or criticising a government that forbids it. Or saying something that only becomes illegal or publicly reprehensible after the fact.

I'd argue it's addressing the wrong criticism then. People should feel fine critiquing what a celebrity is wearing on social media: that's not toxic behavior, but having your real name inextricably linked to your account would definitely make you think twice.

The real issue here is the dedicated toxic users: sites like 4chan and Kiwifarm for example. Those groups are typically responsible for the real damage we see on the internet, and there's likely no way for us to ever flush them out. It's a cat-and-mouse game that cannot be won, only indefinitely postponed (which is a victory in their books).

What damage? They sit on 4chan and whatever they say stays there.
that may be true for some there - but I can attest that indeed there are groups there that have every intent and a history of proof of real world damages.

from ddos attacks to the 4chan party van - these things can escalate quickly beyond control and have real world consequences. I've seen it actually happen more than once.

For me, the problem with anonymous identities online is that laws (at least in the US) surrounding defamation and other ways to regulate human interaction seem based on a real identity. Without that, I'm not sure how those and similar laws can be enforced on the internet.

One could argue that they shouldn't be and that's maybe a separate conversation, but for example, right now, if someone defames me in person, I can sue them and if they defame me on the internet under anonymity, and I don't think I can (yes they can be anonymous in person but I think it's much more difficult).

> One could argue that they shouldn't be and that's maybe a separate conversation

Yes, it's probably a separate conversation, but I don't think we should give these bad laws more teeth.

Strong agreement here.

The principle driver of antisocial behaviour online seems to be impunity, immunity, and/or disinhibition. Anonymity and/or pseudonymity are related, but nowhere near identical.

As Yonatan Zunger, chief architect of Google+ (and now an ex-Googler) pointed out, compulsory identification amplifies rather than removes power relationships. This is his principle (and IMO devastating) response to David Brin's Transparent Society argument. Minorities and the disempowered obliged to identify themselves lose even more power in the bargain.

What empowers abuse is the ability to inflict harm without perception of risk, whether that perception is accurate or not. Disinhibition reduces perception whilst overall risk remains high. (The concept is captured in the word "assassin", deriving from the Arabic, hashīshīn, referencing hashhish --- assassins had reduced inhibitions through pharmaceutical influence.) Legal immunity, the cover of a crowd, operating extrajurisdictionally, cover of a state or other significant actor, or simple mass delusions can all provide the reality or appearance of impunity.

Mandating identity itself creates new avenues for abuse, including the revoking of official credentials, bureaucratic incompetence, bribery, and the potential of a "permanent archive" of all accesses (already substantially present through numerous mechanisms) which can be mined at arbitrary future dates, but as-yet unknown entities with as-yet unknown motives.

I'll note that I'm one of numerous reasonably-well-know pseudonymous HN members.

This is well stated. In case you read this reply, have you looked into decentralized identifiers (DIDs)? Any thoughts?
I'm (maybe) composing my own set of suggestions to Neil. A substantial bit of that is TL;DR: credible assertions of characteristics (or rights or responsibilities) might offer some solution-shaped objects.

But in many cases, there's no reasonable way to accomodate identity / credential / characteristic assertion into data flows (e.g., commandline tools, proxies).

> buttbuttin

Fixed that for you. There might be young readers here who haven't verified their ages.

Do you have a handy link to Zunger's criticism of Transparent Society? Sorry, my search-fu is weak this morning. Based on the quality of Zunger's other writings, I'm open to what he has to say.
Fortunately, the Wayback Machine seems to have captured that:

https://web.archive.org/web/20180903205908/https://plus.goog...

At the heart of his argument:

In practice, the forced revelation of information makes individual privilege and power more important. When everyone has to play with their cards on the table, so to speak, then people who feel like they can be themselves without consequence do so freely -- these generally being people with support groups of like-minded people, and who are neither economically nor physically vulnerable. People who are more vulnerable to consequences use concealment as a method of protection: it makes it possible to speak freely about controversial subjects, or even about any subjects, without fear of harassment.

(A classic experiment which you can easily replicate is to change your profile photo to that of a young woman for a few weeks. Change nothing else, even your name, and see what happens to your interaction pattern. I've seen quite a few people run this test and the results are, shall we say, quite visible)

GamerGate is one example after another of why transparency has asymmetric effects. The worst-case consequence for members of the mobs is fairly minimal: they won't face social ostracism by their friends (who after all, support them), they are highly unlikely to be placed in any physical danger (the police will protect them), and their jobs are not likely to be affected either -- and if they are, they can find others. Conversely, the threats against women in the field were physical and real, and (as you'll see if you ever experience the real ability of local and federal law enforcement to deal with harassment and threat cases, for manifold reasons) there is reason to believe that they do not have access to adequate police protection.

(I'd mentioned the G+ link a few times in earlier HN comments. HN's Algolia search is one of the secret strengths of HN, and is a chief reason I comment here as extensively as I do: I can often find earlier mentions of some point and reference or expand, occasionally correct, those.)

(Zunger and I apparently each believe firmly in paragraph-long parenthetical digressions.)

Original submitted to the queue: https://news.ycombinator.com/item?id=27858439

> people are still going to be trash even with their actual identity out in the open

This is what shocked the hell out of me as older Gen X and Boomers got into Facebook.

I remember one instance I saw where there was quite a lot of nastiness regarding a series of fights that broke out on a cruise ship off of Australia. Someone involved in it posted a video that his father then shared on Facebook. Then some dude starts posting all these vile racist comments (apparently anti-Lebanese racism is a big problem there) under it. REAL NAME. Basically calling a whole ethnic group criminals on the page of someone whose own son was quite possibly in danger.

I got... curious. I clicked on Racist Dude's profile. Sure enough everything was set to public. He had pictures of his kids. Their names too. Then I got more curious. Less than 5 minutes on Google and I knew what extracurricular activities they were involved in and when they were likely to be there. I felt a little sick at how easy it was to -- can you even call it doxxing when it all hanging out like that?? Anyway, I kept my mouth shut, logged out, tuned out, dropped out.

I still wonder what Racist Dude's best case scenario was there. Even if his vile opinions were 100% true... congratulations on insulting a large family of criminals while exposing everything about yourself?? It boggles the mind. Don't ever try to steelman the ravings of a psychopath.

It's not called doxxing if you actually had their real life information to start with. You need to be linking an anonymous identity with another that is not. In this case you linked his identity to his address. That's not doxxing, that's just finding out his information. People misuse the term however to be "any secret thing I found out about someone on the internet".
See that’s the the thing… racists, sexists, and others of their ilk are proud to be themselves. They have political motive. They want society to be reorganized according to their ideals, and they don’t see anything wrong with themselves or any reason to hide.

Even people who smoke joints are more surreptitious than racists.

I've seen similar - in neighbor group, posting they wanted X place to burn to the ground and wouldn't mind if they people went with it.

real name, public profile - showed she was a 10 year firefighter in previous town.

I mean - how dumb on top of overly crass can someone be in a public forum? Mind blown that day - and it's not the only case I'm sure there are many every day on the interweb.

if anything, facebook showed that the internet gets a lot worse when people are using real identities
> Some argue linking real identities to online accounts will reduce, well, all negative activity.

> Facebook, Weibo and other smaller platforms around the world prove that's not going to happen.

I don't think it's worth taking the entities' arguments seriously when linking real identities also just happens to make them a lot of money. It's clearly just a smokescreen for their true monetary intentions.

This UK effort is for identifying consumers, not publishers. Right?

As for authenticating publishers, I think HTTPS is a terrific idea. If some don't want to sign their content, fine. I'll adjust my esteem for them accordingly.

More of governments who have no idea how technology works trying to solve technology problems.
Believe me they got a pretty good idea, they know knowledge is power and they want to limit the access to it.
I see government in different levels in this discussion though. FBI/NSA/etc are very technically capable when they need to be. Congress however, are very not technically capable. For example take comments asking to change the orbits of earth/moon to help climate change, the internet is a bunch of tubes, and other unintelligent sounding comments does not lend to a sign of technical understanding. The scary thing is that these are the morons saying what is/isn't legal, and the tech savvy arms are using that to their complete advantage to get away with everything.
I'd argue that kids need the tools and techniques to understand how to deal with dodgy online content, rather than locking it away. Prohibition tends to drive things underground; I'd rather have (and am having - I have 2 teenage kids!) realistic and honest conversations about porn and other content. I don't lock my router to stop adult site access, instead we're having a conversation about it.

I'm under no illusions, btw. I know they'll access it. I know I did as a teen (albeit magazines rather than the web) but I think a dialogue is sorely missing about damage, the impact on women, body image, etc etc. The more this is pushed into a black/white old enough / not old enough over-simplified scenario, the less we can have nuanced conversations about it all.

I suspect this whole move is purely an optics piece. That doesn't make it any less dangerous, in fact it maybe makes it more dangerous, but it explains the incompetence and lack of thought behind it.

Thing is it is not that difficult to lock down most porn sites if you are in control of the router and can force the use of a specific DNS.

If you have your childrens iPhones as part of a family setup you can also block their access that way.

However I salute you for your choice, which is the harder and better way. If more parents did as you, we would not have the issues we have today.

Porn is nice enough but watch, but because there is essentially no discussion about how to have sex (outside of school, which at best is put tab a in slot b, here is how not to become pregnant, this is what STDs are.) the only input too many teens get is porn.

I've wondered what is the best strategy is over the years.

1. Heavily restrict the porn/bad sites.

or

2. Let them see the bowels of the internet, and hope they will go in the opposite direction.

(comment deleted)
3. Talk to them about the bowels of the Internet in a way that makes them not like it. Talk about what they should do when they encounter a thing/situation that is too much for them (close the tab, talk to you about it). They should feel that they already know what is out there without actually having to go through it themselves.

Reminds me about how my parents explained drugs to me. They told me a lot about different substances, why it is bad, why people get addicted them, what it does to them. E.g. my father had a friend who was a alcoholic till he died and he told us the story of how fun it all started and how everything went south for him. Similar things for other drugs, cigarettes, etc. Not for the sake of shocking us, but to rationally and emphatically explain the dangers (and fascinations) involved with the thing.

With all 4 kids this turend out to be a pretty solid strategy

Idk.....Some things cannot be unseen and humans are curious. Porn is one thing, but seeing gruesome deaths is completely different experience. There are things I wish I have never seen before, and I did not want to see many of them.

Today, I know in many places people are being killed in awful ways because of their religion or lack of it, sex, what they identify as, or because they live in a unstable place.

Plus, you can tell a child the stove may be hot a million times, yet they will touch it and burn themselves. Children and younger adults often feel they know better and something wont happen to them.

If they have phones with a sim and data they can just turn off the wifi and bypass the local network blocks.
>If you have your childrens iPhones as part of a family setup you can also block their access that way.

Apples allows you to disable their access to install apps, browse the web (with or without restrictions) or use any other installed app. You can turn your childs iPhone into essentially an ipod with facetime (that can only contact you) if you want.

If you give them an unlucked laptop, you are right of course. So don't do that, if you want to go that route.

In the UK many mobile networks block sites by default unless you go through age verification.
That is super handy. We don't have that down here in Australia. We do have some country wide blocks but it is only those mandated by the government.
Won’t block Firefox which uses encrypted DoH dns.
Firefox has an official way to disable that. https://support.mozilla.org/en-US/kb/configuring-networks-di...

All Pi-hole instances use it by default. https://github.com/pi-hole/pi-hole/releases/tag/v4.4

That doesn't work if the user manually enables DoH:

> Note: The canary domain only applies to users who have DoH enabled as the default option. It does not apply for users who have made the choice to turn on DoH by themselves.

https://support.mozilla.org/en-US/kb/canary-domain-use-appli...

I have no idea what DoH is but if the kid is smart enough to defeat the counter measures they deserve to watch the porn.
Even though the net has drastically amplified the issue, both 20 and 40 years ago it was tricky for a boy to make it to manhood, at least in the West, without seeing some nude magazines and perhaps more than a few hardcore films. Your advice was sometimes the advice given then, and I think it was right then and now. But while telecommunications has enabled 4K porn videos, it doesn't seem to have enabled us to talk with each other about it seriously, in proportion.
> I'd argue that kids need the tools and techniques to understand how to deal with dodgy online content, rather than locking it away.

We can't even get grown Adults to do that.

(comment deleted)
you are not wrong - but that is changing.

small data point - so the overall affect could be negligible - however,

6 years ago a youngster I was watching came home with digital literacy handouts and had teachings about internet hygene, non-trustworthy data sources, and more.

since then, more than once a year we use news stories to discuss false info, digital stalking, methods used to dox via photos, sextortion scams and more.

we've spent time talking about checking multiple sources for information, especially health or sex info - and especially for any 'viral challenges'.

So it won't be long before this next gen is adults that have been taught to look for these things, and I'm sure many have witnessed at least part of the shit show the parents have been going through yelling at their screens and each other about fake news and similar.

Not sure that the apps are making it easier to check sources, but at least the teaching of the option is a thing much more so than I think most of 'the adults' of today had a chance to learn anyhow.

There are more than boobs, etc. on the internet these days.

Today we have criminals, government, criminals in government, and numerous corporations desperate to build surveillance profiles on us at every opportunity. These are passed to third-party aftermarkets to the highest bidder. Once obtained, no one is concerned about securing that data.

Personally I think the boobs are less harmful than scammers in the crypto and investment space who will with providing elevated expectations lead people to large losses.
But isn't it ultimately the better choice to equip our youth to recognize and deal with dangerous, malicious, scammy, blackmaily or otherwise evil aspects of the internet instead of inevitably failing at trying to keep these things away from them (or vice versa)? In addition to being much more achievable this also trains future generations in fundamental principles of IT security, which is arguably something any nation will desperately need during the next decades.

So instead of attempting to shut the dangerous things away you teach them how to recognize them, why they want to avoid them, why sometimes other kids or even adults fall for it and how they deal with it. Our parents took that approach with us in regards to smoking, drugs and alcohol and it worked out quite well. Or let's say: It worked out a thousand times better as with other kids who just got punished for even looking strange at a pack of cigarettes.

A nice side effect of this is that your kids will be more likely to talk about what stuff they encounter and how it affects them, if you don't try to push them away from the stuff they should not use (punishment), but instead try to pull them into a worldview where that stuff isnt something that interests them in the first place (beyond natural curiosity).

Yes, but it depends on their age. Everyone tends to forget services typically have age limits of 13, for example.
Also, one rarely gets to choose whether to deal with surveillance or not. Mitigations and education are therefore often useless and exhausting even if they work. You either submit or forgo an increasingly large aspect of society.

For example, the DMV and payroll companies are selling our private details as we speak. Resistance would result in homelessness.

Some of that crap can change you if exposed at too young an age. I feel like keeping it out of reach for as long as possible is a good thing.
And I think this is the responsibilty of the parents not of the government. What might be the responsibility of the government would be to equip parents with the skillset and knowledge to keep thwir kids safe.

Also the dangers of the web should be apoken about in school. Digital literacy and all that.

Yeah, agree. Was in reaction to not wanting to install any filters.
I've had this problem recently with parsing a webpage using some webscraping library, and returning nothing since everyone seems to be running a SPA now. It's infuriating that you pretty much need to run some headless browser to just scrape a damn website now.
Don't spas make scrapers easier cause you can just call the APIs directly?
Yes, if your bot understands that particular website's API. If your bot only scrapes one website, that's great. If your bot needs to scrape 100's of SPAs all with their own homegrown APIs, have fun.
I know that it is a different challenge reverse engineering a spa's APIs but you gotta admit, the existing system of XML / html parsing and websites making slight tweaks to their layout is the real nightmare.
It's been like this for years, google's own bots struggle to interpret a lot of sites without heavy manual intervention by the site developers.
The consequences of requiring government IDs for basic Internet usage are much worse than just making crawling and indexing more difficult. I worry that due to government/'activist' pressure and the difficulty of dealing with spam/bots/identity (think of the captcha/ML rat race we are in), we may end up with an Internet that is not only completely centralized (as ours is becoming), but that also completely disallows anonymous and pseudonymous usage in most cases. I'm definitely not a fan of the direction many government bodies are taking us with respect to this.
> think of the captcha/ML rat race we are in

Google and my employer deal with massive amounts of spam emails and gets it right 99.9999999% of the time.

There’s a reason why Google captcha me on their own properties.

(It’s inexplicable why EBay captchas me AFTER I submit 2FA…)

We know who the bots are, but if you want your visitors to do some free work for my training models, so be it.

The captchas need some work though. If you want me to select all photos with carS, I’m not going to choose the photos with one car only.

> It’s inexplicable why EBay captchas me AFTER I submit 2FA…

Google does this too and it drives me nuts. What's makes it even more of a "fuck you" is they will do it to paying users, (business accounts)... if you refresh the page three times the captcha goes away, they are just trying their luck at using people for free ML training labour.

> The captchas need some work though. If you want me to select all photos with carS, I’m not going to choose the photos with one car only

If you're trying to get through these while spending the least amount of time on them, you want to answer "How would most people presented with this answer the following: _______ ?" as opposed to "What do you think is the most correct answer to the following ________ ?"

I know, it was an academic exercise. I wanted to see if the system would adapt or eventually accept me anyway. It did not.

So I bought the thing from another vendor.

The problem with modern captchas, especially recaptcha, is that they're becoming increasingly annoying and require way too much attention and thinking. You literally have to work to prove you're a human. It's no longer one second you'd spend typing some crooked numbers, it could well be a minute or two clicking through crosswalks and traffic lights and storefronts because you had the nerve to block Google from following you around the internet. (is it even legal to make a website without Google Analytics any more?)

I have to do it every month to pay my electricity bill and I absolutely despise it.

On the other hand, I'm looking forward to the moment when AI/ML becomes good enough that there simply won't be a way to make a captcha that would reliably tell humans and machines apart.

I think the fact that I'm a human leads them to giving me more captcha. One day a self-driving car is going to smash into a car and they're going to present to court that 52% of "humans" in 983475283475 captcha tests couldn't see it either.
> increasingly annoying and require way too much attention and thinking

Possible robot.

> my electricity bill

Probable robot.

> looking forward to the moment when... there simply won't be a way to make a captcha that would reliably tell humans and machines apart

Definite robot.

> Google and my employer deal with massive amounts of spam emails and gets it right 99.9999999% of the time.

Emails are literal treasure troves of data and are easy to pull signals out of for determining spamminess. HTTP GET requests, on the other hand, aren't - and there's no way to associate them with other spam-connected properties (like you can with click-through domains in emails) besides by blocking entire IP ranges for the ASN not moderating their customer base.

I mean it's pretty easy. If you are seeing GET request in your logs for PHPadmin or Drupal URLs and you're not running those on your server, it's pretty clear they are up to no good and you can block that IP address.
That doesn't work well with CGNAT or VPNs/Tor. That's why the latter is captcha'd more often.
Pretty sure my IP+browser pairing hasn't changed in months. They know who I am.
Google spam filtering is much much less accurate than that, and it’s an easier problem.
agree - and was going to point out that blocking 99% is a shit metric if it also blocks 10% of non-spam - that's a super fail in my book - but most people don't know they are blocking legit mails - many don't check until I tell them on the phone that it's likely in the 'other box' - and they complain that google should not have done that and that they did not tell google to do that - meh.
The argument about crawling is not a good one, a simple authentication mechanism, for instance with asymmetric key cryptography can address that problem.

Along those same lines, the internet can in fact have scalable information verification (age,height,income,sex...etc) with robust privacy: https://certisfy.com

In other words, cryptographic certificates can solve this problem.

Better solution is to provide OS-level parental controls, so that parents can whitelist websites / apps / social contacts for their children. No age verifications or breaches of privacy needed for safer Internet.
Just seems like a boon to intelligence agencies, as it provides a super convenient way to blackmail people. Intercept or steal ID information somehow, and threaten to release information on their porn watching behavior.

There are already scam emails with this basic concept, such as falsely claiming to have video of you watching porn.

I get those emails. It's too bad the reply-to email address never works. I've tried a couple of times to let them know that it'd be hilarious if they shared my porn watching habits with my friends and family and that to explain that I'd like a copy of any of the videos they supposedly took of me.

I don't present myself as something other than what I am. So, they can't really blackmail me. Life's easier when I don't do anything I'm ashamed of.

Does anyone have a pointer to what bills are being considered where?

It seems like it's Europe and probably the European commission but a bit of web search doesn't turn up anything.

Age verification won't kill searches because, doh, sites will make an exception for spiders. And of course, they will make an exception for big name spiders like Google, for instance by originating domain. Age verification will potentially create raise the entry barrier against competing with big search engines.
the point the author is making is that if you make that exception it may well become trivial for an underage user to pretend to be those spiders therefore bypassing the age protection.

However if a user is smart enough to bypass those checks it's likely that the content they are blocking will not do them any harm (though equally i'm not sure i've seen research that suggests that exposure to adult content online is harmful specifically to those under 18)

I have however seen plenty of research that suggests that social media is harmful to just about everyone, and we're not trying to block that

> it may well become trivial for an underage user to pretend to be those spiders therefore bypassing the age protection.

I don't think so; forging a reverse DNS so your IP address looks like you're a spider connecting from google.com is not trivial. The other aspects of the connection can be easily faked, of course, but that means nothing if the site is validating on IP block or domain.

(There will likely be trivial ways to defeat the age checks, just not by way of the route of successfully pretending to be the Google spider.)

The age verification got me with Google recently. When I registered my google account in 2004, I didn't put my real info and wanted to stay "incognito", because even back then I was reluctant to be giving info to Google. It was just a search engine after all, why does a search engine need more info.. right?

Now after 17 years, they are asking me to age-verify my account. So far I have refused, but I think eventually I'll be forced to cough it up.

I have a feeling that it will probably start with birthday first, and then later expand to adding real name, address, and government issued ID.

The internet is fortunately not part of UK territory. Websites will just block UK IPs, if they do anything at all. People in the UK will use VPNs to access the content they want and the world will go on as normal.
ID / verification is a solution in search of a problem.

The OS level filters and parental controls exist, and have for years. Though a slight logical tweak or a slightly improved system might be more helpful.

The Internet, by default, should be free and considered 'unsafe'.

Sites and services that claim to be Safe for Children should have to actively tag themselves as such. That might involve metadata. It might involve third party organizations like commercial certificate providers signing that claim; or governments, or insurance program registrations, or groups dedicated to whatever moral police panic is in vogue, etc.

Let people Opt In to creating locked down accounts that are nanny state and useless. Don't FORCE it on everyone.

There already is a standard for declaring a website safe for children, and no one uses it.

Also, the concept of what is "safe for children" differs between countries. One major way of oppressing LGBTQI+ people is to outlaw showing anything that promotes LGBTQI+ "lifestyles" to children.

Yes, that standard is what I meant by "OS level features"; no one uses it because they'd rather foist the effort of protecting children to others. Though this is probably more because they dislike free speech and disagree with activities among adults and 'think of the children' is just what gets used to win support.

Your second point is an interesting extension: 'safe for children, in all countries' would lead to a race to the most bland, safe, content: "baaaah" - 1984.

> no one uses it because they'd rather foist the effort of protecting children to others.

There's no right way to "protect children" when some countries define any mention of LGBTQI+ to be unsafe for children. There is no way I, as a random website creator, can figure out the appropriate worldwide label for my content. Am I foisting "the effort of protecting children to others"? I don't think so.

Are bureaucrats really that blind to the concept of “foreign websites” that will continue existing without having to follow any of your rules?

You ask Facebook to ID me, fine, but my-pretty-face.ws will continue existing unchecked and there’s nothing you can do unless you want to start blocking 80% of the internet.

The solution is simple: Move the damn check to the device or network. Block content at schools and lock down your own children’s devices.