> For some higher risk use cases, the age check may involve a liveness test where the user must ... record a short video saying phrases requested by the provider.
How long before some profit-maximizing vice president suggests that the requested phrases should be advertising slogans, with these ad slots sold to the highest bidder? We're this close to literally building the "Drink verification can to continue" dystopia that we were warned of:
If y'all remember those "solve media" captchas there were a few years back, forcing people to watch an ad then type a slogan? Yeah this would def happen.
> How long before some profit-maximizing vice president suggests that the requested phrases should be advertising slogans, with these ad slots sold to the highest bidder?
Years ago I encountered a company that sought to do this with a CAPTCHA service; having people type out an advertising phrase to prove their humanity. I thought that was pretty gross, but making people actually say it is even worse. Making people habitually say "I love coca-cola" to access their online accounts seems likely to erode people's sense of self.
>Simpli5d technologies makes Captcha an integral part of their products. They provide an engaging Captcha for brands wherein the user engages with the brand by filling the brand message or engaging with the brand across its publisher reach to ensure two way real human engagement with the brand.
> Further, this is not just restricted to Captcha and Simpli5d also provides similar solutions on Video pre-roll to ensure there is two way engagement with the brand in the pre-roll as well and not just restricted to blind video views. In general in a video pre-roll campaign the brand is not sure if the video has in reality attracted the eyeballs of the consumer. All these solutions are also available on mobile.
> Making people habitually say "I love coca-cola" to access their online accounts seems likely to erode people's sense of self.
I noticed a related effect after getting a Google Home. After a while, my first instinct if I wanted something, was to call out “Hey, Google!” into an empty room. I was literally reprogrammed, in the most disgusting sense possible, to have a brand embedded into my brain as an integral part of a frequent habit.
I don’t want the future to look like this. It’s far too close to the “verification can” meme for my liking.
> For some higher risk use cases, the age check may involve a liveness test where the user must ... record a short video saying phrases requested by the provider.
I guess that'll be just in time for OpenAI or Stability Diffusion to have an app for that.
Somewhere inside a government department inspecting log-in videos "My goodness, have you seen how many websites Tom Cruise logs into each day!"
Well, no, I won't. If that's the rules, and sites implement them, then I won't visit websites based in California. If there are enough people who won't on principle, or won't because they're fed up with the hassle, then it will be a competitive advantage to not be based in California.
You say that, but what if Apple helpfully adds this feature to iPhones, like they added support for digital driver's licenses, Covid passes, and (almost) client side scanning for illegal material?
For iPhone users who use Face ID, it could cache the result, and send it to sites (signed by a per-device certificate, issued by Apple's CA) in the background, so that most users wouldn't even know this law existed.
That might explain the "on-device" claims. Does Apple have partnerships with age-verification companies, or would it become an age-verification company? Is there a connection between Passkeys (FIDO) and age-verification?
These are the right questions to ask. I suspect that if one were to follow the money behind who is pushing for this law, those questions could be answered.
Since Apple recently added the ability to store state-level identity documents in Apple Wallet (IF a state/country is on board), it's not a big leap to combine this with Face ID.
If Apple can perform a digital attestation of a derived attribute, e.g. "older than 18", rather that disclosing name, DoB, address to the visited website, it would likely be well received.
But at that point, we're a hair's breadth away from state-corporate fusion.
> If Apple can perform a digital attestation of a derived attribute, e.g. "older than 18", rather that disclosing name, DoB, address to the visited website […]
I don’t know about websites, but one of Apple’s examples is almost exactly that – “older than 21” – for purchasing alcohol (in the US, yes, yes) without giving over all of the rest of the information on your ID.
Before y'all downvote as speculation: apple is literally working with cloudflare and a bunch of other companies on using attestation to replace captchas. Seems like it could roll easily into that.
No, I don't think it could cache the result. That would defeat the whole purpose. People sometimes use other peoples' devices. The web site needs to know who's visiting this site, not who visited the last one. So it's going to have to scan the user's face each time.
It's 2022. The world is on fire. I'm getting older and less patient.
If a state or other entity passes an internet bill I think is unconstitutional or otherwise infringes upon my rights as both a web user and web developer, I'm simply going to ignore the "law" and continue on, business as usual. Sue me. The curtain is falling. I can't be assed to care. California is beyond arrogant if they think they can pull this off.
Before I get roasted, GDPR is mostly a good thing, even if its implementation has made browsing the internet worse and more annoying, at least I have legal avenues for deleting my data that didn't exist before. But this is case by case. Supporting GDPR doesn't mean I should support SESTA and ilk.
Surely this would in practice affect all businesses that do business in California, not just those based there (at least those with a legal presence in the US that they care about)?
Not sure why you're getting downvoted - this is the legal standard which many state entities have successfully applied for years, often to the glee of HN users (e.g. US companies getting GDPR fines because they have users in the EU).
This of course would lead to an instant red queen's race with face simulators. Given the quality of output we're seeing from Stable Diffusion, et al., it is not at all clear that the face scanners would have an advantage, or even a head start.
That race arguably started over a decade ago, when age verification cameras on Japanese cigarette vending machines were defeated by "a photo of an older person clipped from a magazine":
> Today AB 2273, the California Age-Appropriate Design Code passed the state senate by a vote of 30-0. The assembly unanimously passed an earlier version of the bill back in May ... there needs to be a concurrence step in the assembly in the next couple days. Then to Governor's desk.
> Protecting children by ensuring they are not exposed to inappropriate content online. This include stricter age-verification processes to access certain websites - like pornography sites - and, in some cases, the need to monitor private chat for child sexual abuse materials
> Securing adults from 'legal but harmful content' by removing such content from their platforms. This rule applies on major social media like Instagram (already in the spotlight for damaging mental health) and TikTok.
Lovely - I guess the US is moving towards the idea that we _want_ the government telling us what we should and shouldn't see instead of creating and/or using tools like block lists to remove what we don't want to see.
Liberties are being removed left and right (pun intended) in the US these days. What's sad: it's the cool and normal thing now. Hooray cancel culture, boo firearms, hooray government spying, hooray untraceable elections running on hackable machines, boo keeping to ourselves on an international level rather than being world police, boo gay people from one side - but hooray children at drag shows on the other...
The really ironic thing is that there were armed guards at a children-permitted drag show, that were wearing plate carriers with LGBT flags on them. I'm all for that, man. Defend what you believe in with your constitutional rights. But what confuses me is the same people they're defending, are generally the same group of people that want to eliminate their right to own so-called "weapons of war" (which were originally engineered for the civilian market, mind you).
I generally agree with your comment, but I think your love of guns slightly detracts from the point you are trying to make.
Sure, in the US, the 2nd Amendment does relate to a right/liberty, but other countries have managed to enjoy greater liberty (in particular, fewer murders per capita) while heavily restricting the use of firearms. That doesn't necessarily mean that the US would be better if the 2nd Amendment were repealed, I'm just saying that "boo firearms" is a perfectly valid (and liberty defending) opinion for some people in the country to hold, unlike "hooray (warrantless) government spying" or "hooray hackable voting machines".
Just consider what it is you are "all for". You want an environment where parents need to surround their children with armed guards in order to protect them from armed militias trying to intimidate them into not exercising their right of assembly. Does that really sound like a country where people are free?
> other countries have managed to enjoy greater liberty (in particular, fewer murders per capita)
Fewer murders aren't an example of greater liberty, they're an example of a desirable outcome that some people decide outweighs the loss of liberty.
To illustrate, you could also achieve fewer murders through warrantless government spying, and I think you'd agree that that proposal would be pretty hard to spin as increased liberty.
> You want an environment where parents need to surround their children with armed guards in order to protect them from armed militias trying to intimidate them into not exercising their right of assembly.
Do they want that? I just heard them say they respect the second amendment, nothing about allowing intimidation or making no tradeoffs to the point of requiring armed guards. This feels like a pretty big strawman to tear down the opinion above, rather than acknowledging that it's fine to prioritize safety over liberty but it's also fine to prioritize liberty over safety, and everyone is okay with different tradeoffs.
Something nobody seems to want to come to terms with: true freedom requires effort on your part. Wishing there will come a day where the final perfect law will be passed, or the perfect leader will come along, and you'll have liberty and freedom at last, is ridiculous.
Freedom comes at a price. It always will. That means recognizing that it can put you in danger sometimes. An authoritarian regime would shut down crime much quicker than a free nation would. Does that make authoritarianism preferable? Hell no. I'd rather defend my property/person/family myself when the time comes. Because as you've probably heard countless times: "When seconds count, the police are only minutes away."
Your judgement is clouded by ideology. Libraries are being shut down for carrying the "wrong" kind of books. Teachers are being run out of the profession. Politicians are being threatened by gun shots near their home.
Ostensibly, the "cancel culture" that people are concerned about (nearly entirely focused on the already wealthy and powerful, who oddly are not silenced when dominating the airwaves about their supposed cancelling) is nothing compared to the real danger that threatens real average folks in our own communities.
I think you'd find that many of the people you perceive to be on the opposite side of you are concerned with the same issues that you are, and no, they do not think it's cool and normal.
The bill does not require face scans nor anything similar. The author of this article wrote another piece claiming that AB 2773 would boost companies that provide age verification products, and someone from a trade group representing age verification providers showed up in the comments to defend their products and used face scans as an example of a method that protects your identity (why they thought that was a good example is a mystery). This is the relevant text in the bill:
>Estimate the age of child users with a reasonable level of certainty appropriate to the risks that arise from the data management practices of the business or apply the privacy and data protections afforded to children to all consumers
How do the legislation authors expect complying companies to "estimate the age" of internet visitors? Would driver's licenses and other state IDs be considered acceptable? Would website publishers be required to store those records?
If so, does this practically mean that websites would contract with third party age-estimation services which do store state-identity records? What's the track record of such vendors with data protection? Can the state provide age verification services directly, since they are already trusted with the data?
From what I can see in the bill, storing personal information collected to determine age is specifically not allowed. The specifics of how to implement the actions specified are left up to a "California Children’s Data Protection Working Group" that would prepare a report on best practices. So probably it depends on whether the age verification providers get to influence that committee to the exclusion of the rest of the industry.
Presumably those age verification providers are lobbying for this bill. And maybe a state agency will issue a regulation that facial recognition will be required?
The facial recognition thing seems unlikely to me, nobody likes it except tech companies that want a magic AI to solve their compliance problems. If you care about privacy then biometrics is a no-go, if not then actual ID verification is more accurate. The point is that facial recognition is not the actual requirement, anyone trying to tell you it’s the requirement is probably trying to sell you a facial recognition system (and the author of the article fell for it).
> The point is that facial recognition is not the actual requirement
The requirement is doing something horribly invasive to determine age. We all know it doesn't have to be facial recognition (though this is probably cheapest and least invasive, even though it's still gross).
It's also worth noting that while the bill prohibits entities with significant child audiences from retaining the information, it doesn't appear to extend that limitation to service providers providing age verification services.
The requirement is to do something to estimate the age of users, nowhere does it say that would always need to be more invasive than asking the user if they're over 18. If we do all know that it doesn't have to be facial recognition that's great, but the title of the post suggested that the law requires you to "scan your face on every website" and I was taking issue with that.
> The requirement is to do something to estimate the age of users, nowhere does it say that would always need to be more invasive than asking the user if they're over 18.
No, it doesn't say that it would always need to be more invasive than that.
I doubt a prompt asking the age would generally be seen as "Estimate the age of child users with a reasonable level of certainty..."
Having to deal with invasive means of validating your age is a reasonably anticipatable consequence of this law. And it shouldn't be a big surprise that the data ends up misused, even if the law makes a token (very weak) effort to prohibit that.
> Estimate the age of child users with a reasonable level of certainty appropriate to the risks that arise from the data management practices of the business or apply the privacy and data protections afforded to children to all consumers
I'm hearing that as "wave a magic wand that costs way too much per shake and hope the magic is strong enough that you don't get sued in one of three different ways."
It gets even more abiguous:
> Configure all default privacy settings provided to children by the online service, product, or feature to settings that offer a high level of privacy, unless the business can demonstrate a compelling reason that a different setting is in the best interests of children.
How are we defining "high level of privacy?" The text seems to imply just the "highest setting you have available."
And all of this hinging on if a child is "likely" to access the service in any way.
What happens if you've got a young-looking face? Are you going to get blocked out until you upload your driver's licence or something?
Similarly, what about people on the cusp? It's pretty hard to tell a 19-year-old from a 17-year-old, so won't there be a large population of people it simply won't work on?
If we look at other 'as implemented' age verification policies, say cigarettes or alcohol if you present as less than 35 or so access will be denied[0] absent ID.
[0]In an entirely spurious and random manner at the relative whim of each establishment.
Since CCPA and this law are both California state legislation, wouldn't the newer law win if no conflict resolution is stated in either law? The conflict with the GDPR will be interesting indeed.
It's good to highlight that CRPA changed CCPA, but there's a reason CCPA is still the widely used term. According to your first and second links, CRPA heavily amended CCPA and gave it the protection that voter initiatives have under California law, but it didn't repeal and replace CCPA with a different law, and it's still recognizably an evolution of CCPA.
If we're being truly precise, CCPA and CRPA are just (acronyms for the) names for the laws which amended the California Civil Code, and the resulting sections of the Civil Code as amended don't officially have either name.
For a while I had a phone with a broken camera. Got a new job. Company requires scanning a QR code to authenticate. "I can't - my phone's camera is broken." IT has no idea what to do. After two days of being locked out of services needed to do my job they finally manage to add an exemption for 24 hours to my account. The exemption somehow stands to this day.
If the latter, zbar should do the trick to decode it.
If it requires iOS or Android, that'd be a cue to inform them how you currently don't own a device with either and ask how to make it work on your Pinephone running Mobian. More people need to be comfortable with being uncomfortable for this to start changing.
Assuming employees will have personal Android/iOS devices and require registering and using them for work functions is something which needs to be mentioned in an employment contract to have any standing.
For how long will making a private website be viable? Like it seems you will need army of lawyers soon. Hobbyists can't and won't keep on top of all of these rules.
That is one of the goals. Many white-collar classes (lawyers, politicians, etc.) are unhappy with their share of the profits and level of influence over this high-value and high-status sector.
I wonder whether it would be possible to avoid all this bullsh*t by using Geo-Location to deny access to anyone trying to access a website from a location in California? I am not the least bit dependent on income from my private website, and I couldn't care less if Californians let their politicians block access to my website.
I only clicked the title because I was mildly intrigued as to why "China" is shortened to "CA". Now I'm solidly amused... and a bit more grateful for GDPR.
What is the ideal tool for managing children’s access to the internet?
I always wondered whether local logging is an option. Everything little Johnny does in his iPhone gets recorded and sent to dad’s MacBook Pro for processing every night. A local process looks for anomalous content while also producing a report of all sites visited and apps used. Taking a screenshot every 5s is going to be ~1GB per day but maybe Johnny doesn’t get to use his phone until yesterday’s log has been processed?
Perversely, to configure such a system you would have to actively prove you were doing so for a minor. You wouldn’t want to enable adults monitoring other adults.
If I worked at Apple this is something I would actively want to build, if it wasn’t there already. Anything to undercut these thin-end-of-the-wedge big brother bills and take the wind out of the “think of the children!” content authoritarians.
Right, but this is what I’m asking. How do I, as a parent, use technology to better supervise my child when I can’t possibly monitor their screen constantly in person?
Tech can help us find a middle ground between in my day we let them run free in the yard and now my child am become zombie screen addict, destroyer of childhoods.
There is no such tool that is a replacement for parenting. There’s nothing you can do but keep a watchful eye on what your children consume and discuss the dangers of the Internet with them proactively.
> Everything little Johnny does in his iPhone gets recorded and sent to dad’s MacBook Pro for processing every night. A local process looks for anomalous content while also producing a report of all sites visited and apps used. Taking a screenshot every 5s is going to be ~1GB per day but maybe Johnny doesn’t get to use his phone until yesterday’s log has been processed?
I am no longer a minor but thinking back to the time that I was I would consider this to be a pretty big intrusion into my privacy. YMMV with your children.
Long-term, I expect identity-tracking legislation ("big brother bills") are unavoidable.
It's cheaper to generate fake content than real content. Arguably it's already cheaper to generate fake content than to read real content. At which point, the information battle gets very asymmetric. It becomes very cheap for an authoritarian regime to flood an open regime's electorate with fake content, but the authoritarian regime doesn't face the same problem.
The solution to keeping your children away from harm, is the same as it ever was: communication, understanding, trust and respect.
Kids are resilient. You wouldn't know that if you sit them in the corner with a digital device to babysit. But you will definitely be a better parent if you engage with your kids in their online life, and spend the time to communicate with them about whats going on out there.
Also, keep the Internet out of focus until they get close to the double-digits. Books and real family activities are best.
The super silly thing about this is that if you actually make everyone (in the whole world!) identify content for over 18s, you could just have a browser setting that a parent could set.
It layers on to that non existent technology to perfectly identify age from video and with the bonus of a huge dataset matching faces to internet browsing.
Maybe a better solution than using face recognition would be to make a derivative claim from your identity documents issued by an authority (the state).
https://en.wikipedia.org/wiki/Zero-knowledge_proof
It seems like techdirt articles have been ranking higher on HN lately as the claims in their articles get wilder. It's like watching a million years of evolution in two weeks (except the evolution is 'audience capture' https://gurwinder.substack.com/p/the-perils-of-audience-capt...)
I used to read Techdirt weekly or more often, but they've really gone off the rails over the last several years. Wilder claims, more politically slanted, and more generally angry, unpleasant, and untrustworthy. Might be due to the original owner bringing in others to generate more content, or maybe they just found that loud shrieking gets more engagement.
Would it be enough to not host a server in California, or would the hosting provider also have to not be based in California, or more extreme would the hosting provider have to not do business in California? How many levels removed would a server renter, owner, operator have to be?
As an example, Linode HQ is in Philadelphia, PA and Vultr is in West Palm Beach, FL. Linode have a colo in Fremont, CA and Vultr have a colo in Los Angeles, CA. Would having a colo in California bind them and their customers to this requirement? e.g. If I only use the colocation sites not in California would that suffice, or do I need to migrate to providers that do not have a presence in California?
Just a thought, but what if all citizens over the age of 18 could use TOTP [with a randomly-assigned secret] to verify their age. If they don't have a mobile device, they could purchase one of those "calculator-like" TOTP devices.
Sure, you could give yours to a friend but you could also scan a friend's face with the biometric suggestion or their ID with that suggestion. At least the TOTP suggestion would be quicker to verify, [can be] more privacy-friendly, and can be offloaded onto any devices (you already have one if you're going to need to verify yourself).
90 comments
[ 2.7 ms ] story [ 141 ms ] threadHow long before some profit-maximizing vice president suggests that the requested phrases should be advertising slogans, with these ad slots sold to the highest bidder? We're this close to literally building the "Drink verification can to continue" dystopia that we were warned of:
https://www.reddit.com/r/copypasta/comments/fejdvl/drink_ver...
If y'all remember those "solve media" captchas there were a few years back, forcing people to watch an ad then type a slogan? Yeah this would def happen.
Also jim_kreggis I cant reply to you bc dead but uhh what? Weird asf ngl.
Years ago I encountered a company that sought to do this with a CAPTCHA service; having people type out an advertising phrase to prove their humanity. I thought that was pretty gross, but making people actually say it is even worse. Making people habitually say "I love coca-cola" to access their online accounts seems likely to erode people's sense of self.
Product page from the vendor: https://nlpcaptcha.in/en/nlpcaptcha.html
>Simpli5d technologies makes Captcha an integral part of their products. They provide an engaging Captcha for brands wherein the user engages with the brand by filling the brand message or engaging with the brand across its publisher reach to ensure two way real human engagement with the brand.
> Further, this is not just restricted to Captcha and Simpli5d also provides similar solutions on Video pre-roll to ensure there is two way engagement with the brand in the pre-roll as well and not just restricted to blind video views. In general in a video pre-roll campaign the brand is not sure if the video has in reality attracted the eyeballs of the consumer. All these solutions are also available on mobile.
I noticed a related effect after getting a Google Home. After a while, my first instinct if I wanted something, was to call out “Hey, Google!” into an empty room. I was literally reprogrammed, in the most disgusting sense possible, to have a brand embedded into my brain as an integral part of a frequent habit.
I don’t want the future to look like this. It’s far too close to the “verification can” meme for my liking.
I guess that'll be just in time for OpenAI or Stability Diffusion to have an app for that.
Somewhere inside a government department inspecting log-in videos "My goodness, have you seen how many websites Tom Cruise logs into each day!"
For iPhone users who use Face ID, it could cache the result, and send it to sites (signed by a per-device certificate, issued by Apple's CA) in the background, so that most users wouldn't even know this law existed.
If Apple can perform a digital attestation of a derived attribute, e.g. "older than 18", rather that disclosing name, DoB, address to the visited website, it would likely be well received.
But at that point, we're a hair's breadth away from state-corporate fusion.
I don’t know about websites, but one of Apple’s examples is almost exactly that – “older than 21” – for purchasing alcohol (in the US, yes, yes) without giving over all of the rest of the information on your ID.
Lidar is only on the iPhone Pro rear cameras.
clutches mmWave-less FaceID-less LIDAR-less iPhone SE3
If a state or other entity passes an internet bill I think is unconstitutional or otherwise infringes upon my rights as both a web user and web developer, I'm simply going to ignore the "law" and continue on, business as usual. Sue me. The curtain is falling. I can't be assed to care. California is beyond arrogant if they think they can pull this off.
Before I get roasted, GDPR is mostly a good thing, even if its implementation has made browsing the internet worse and more annoying, at least I have legal avenues for deleting my data that didn't exist before. But this is case by case. Supporting GDPR doesn't mean I should support SESTA and ilk.
https://babylonbee.com/video/i-wish-we-all-could-leave-calif...
https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_...
Dear California legislators, please try to encode the above privacy ideal into law instead of the opposite.
https://hackaday.com/2008/07/02/age-verification-cameras-eas...
> Today AB 2273, the California Age-Appropriate Design Code passed the state senate by a vote of 30-0. The assembly unanimously passed an earlier version of the bill back in May ... there needs to be a concurrence step in the assembly in the next couple days. Then to Governor's desk.
Bill text: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
UK Safety Tech, https://www.gov.uk/government/publications/safer-technology-...
UK Online Safety bill, https://www.techradar.com/features/uk-online-safety-bill
> Protecting children by ensuring they are not exposed to inappropriate content online. This include stricter age-verification processes to access certain websites - like pornography sites - and, in some cases, the need to monitor private chat for child sexual abuse materials
> Securing adults from 'legal but harmful content' by removing such content from their platforms. This rule applies on major social media like Instagram (already in the spotlight for damaging mental health) and TikTok.
The really ironic thing is that there were armed guards at a children-permitted drag show, that were wearing plate carriers with LGBT flags on them. I'm all for that, man. Defend what you believe in with your constitutional rights. But what confuses me is the same people they're defending, are generally the same group of people that want to eliminate their right to own so-called "weapons of war" (which were originally engineered for the civilian market, mind you).
Sure, in the US, the 2nd Amendment does relate to a right/liberty, but other countries have managed to enjoy greater liberty (in particular, fewer murders per capita) while heavily restricting the use of firearms. That doesn't necessarily mean that the US would be better if the 2nd Amendment were repealed, I'm just saying that "boo firearms" is a perfectly valid (and liberty defending) opinion for some people in the country to hold, unlike "hooray (warrantless) government spying" or "hooray hackable voting machines".
Just consider what it is you are "all for". You want an environment where parents need to surround their children with armed guards in order to protect them from armed militias trying to intimidate them into not exercising their right of assembly. Does that really sound like a country where people are free?
Fewer murders aren't an example of greater liberty, they're an example of a desirable outcome that some people decide outweighs the loss of liberty.
To illustrate, you could also achieve fewer murders through warrantless government spying, and I think you'd agree that that proposal would be pretty hard to spin as increased liberty.
> You want an environment where parents need to surround their children with armed guards in order to protect them from armed militias trying to intimidate them into not exercising their right of assembly.
Do they want that? I just heard them say they respect the second amendment, nothing about allowing intimidation or making no tradeoffs to the point of requiring armed guards. This feels like a pretty big strawman to tear down the opinion above, rather than acknowledging that it's fine to prioritize safety over liberty but it's also fine to prioritize liberty over safety, and everyone is okay with different tradeoffs.
To say this another way: put everyone in a steel cage, watch your murder rate plummet.
But!, hey: every life was protected.
Freedom comes at a price. It always will. That means recognizing that it can put you in danger sometimes. An authoritarian regime would shut down crime much quicker than a free nation would. Does that make authoritarianism preferable? Hell no. I'd rather defend my property/person/family myself when the time comes. Because as you've probably heard countless times: "When seconds count, the police are only minutes away."
Ostensibly, the "cancel culture" that people are concerned about (nearly entirely focused on the already wealthy and powerful, who oddly are not silenced when dominating the airwaves about their supposed cancelling) is nothing compared to the real danger that threatens real average folks in our own communities.
I think you'd find that many of the people you perceive to be on the opposite side of you are concerned with the same issues that you are, and no, they do not think it's cool and normal.
>Estimate the age of child users with a reasonable level of certainty appropriate to the risks that arise from the data management practices of the business or apply the privacy and data protections afforded to children to all consumers
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml...
If so, does this practically mean that websites would contract with third party age-estimation services which do store state-identity records? What's the track record of such vendors with data protection? Can the state provide age verification services directly, since they are already trusted with the data?
I don't see any replies disputing your reading of the bill, and I'm not sure you are saying that this is a good bill for these reasons.
The requirement is doing something horribly invasive to determine age. We all know it doesn't have to be facial recognition (though this is probably cheapest and least invasive, even though it's still gross).
It's also worth noting that while the bill prohibits entities with significant child audiences from retaining the information, it doesn't appear to extend that limitation to service providers providing age verification services.
No, it doesn't say that it would always need to be more invasive than that.
I doubt a prompt asking the age would generally be seen as "Estimate the age of child users with a reasonable level of certainty..."
Having to deal with invasive means of validating your age is a reasonably anticipatable consequence of this law. And it shouldn't be a big surprise that the data ends up misused, even if the law makes a token (very weak) effort to prohibit that.
I'm hearing that as "wave a magic wand that costs way too much per shake and hope the magic is strong enough that you don't get sued in one of three different ways."
It gets even more abiguous:
> Configure all default privacy settings provided to children by the online service, product, or feature to settings that offer a high level of privacy, unless the business can demonstrate a compelling reason that a different setting is in the best interests of children.
How are we defining "high level of privacy?" The text seems to imply just the "highest setting you have available."
And all of this hinging on if a child is "likely" to access the service in any way.
Similarly, what about people on the cusp? It's pretty hard to tell a 19-year-old from a 17-year-old, so won't there be a large population of people it simply won't work on?
[0]In an entirely spurious and random manner at the relative whim of each establishment.
- https://www.insideprivacy.com/ccpa/californians-approve-ball...
- https://ballotpedia.org/California_Proposition_24,_Consumer_...
- https://ballotpedia.org/Legislative_alteration
If we're being truly precise, CCPA and CRPA are just (acronyms for the) names for the laws which amended the California Civil Code, and the resulting sections of the Civil Code as amended don't officially have either name.
No, they did not provide a work phone.
If the latter, zbar should do the trick to decode it.
If it requires iOS or Android, that'd be a cue to inform them how you currently don't own a device with either and ask how to make it work on your Pinephone running Mobian. More people need to be comfortable with being uncomfortable for this to start changing.
Assuming employees will have personal Android/iOS devices and require registering and using them for work functions is something which needs to be mentioned in an employment contract to have any standing.
I always wondered whether local logging is an option. Everything little Johnny does in his iPhone gets recorded and sent to dad’s MacBook Pro for processing every night. A local process looks for anomalous content while also producing a report of all sites visited and apps used. Taking a screenshot every 5s is going to be ~1GB per day but maybe Johnny doesn’t get to use his phone until yesterday’s log has been processed?
Perversely, to configure such a system you would have to actively prove you were doing so for a minor. You wouldn’t want to enable adults monitoring other adults.
If I worked at Apple this is something I would actively want to build, if it wasn’t there already. Anything to undercut these thin-end-of-the-wedge big brother bills and take the wind out of the “think of the children!” content authoritarians.
A parent.
Tech can help us find a middle ground between in my day we let them run free in the yard and now my child am become zombie screen addict, destroyer of childhoods.
I am no longer a minor but thinking back to the time that I was I would consider this to be a pretty big intrusion into my privacy. YMMV with your children.
It's cheaper to generate fake content than real content. Arguably it's already cheaper to generate fake content than to read real content. At which point, the information battle gets very asymmetric. It becomes very cheap for an authoritarian regime to flood an open regime's electorate with fake content, but the authoritarian regime doesn't face the same problem.
Kids are resilient. You wouldn't know that if you sit them in the corner with a digital device to babysit. But you will definitely be a better parent if you engage with your kids in their online life, and spend the time to communicate with them about whats going on out there.
Also, keep the Internet out of focus until they get close to the double-digits. Books and real family activities are best.
It layers on to that non existent technology to perfectly identify age from video and with the bonus of a huge dataset matching faces to internet browsing.
As an example, Linode HQ is in Philadelphia, PA and Vultr is in West Palm Beach, FL. Linode have a colo in Fremont, CA and Vultr have a colo in Los Angeles, CA. Would having a colo in California bind them and their customers to this requirement? e.g. If I only use the colocation sites not in California would that suffice, or do I need to migrate to providers that do not have a presence in California?
Sure, you could give yours to a friend but you could also scan a friend's face with the biometric suggestion or their ID with that suggestion. At least the TOTP suggestion would be quicker to verify, [can be] more privacy-friendly, and can be offloaded onto any devices (you already have one if you're going to need to verify yourself).