There are valid complaints to the idea being challenged, but it absolutely can be done technically and through legislation enforcing technical controls. Sophisticated users will use VPNs if they want to evade geoblocks, your average person won't (and any business that attempts to help them will be met with a legal hammer), and digital IDs are both reasonable and feasible to deploy at nation scale. Should it be used to govern access to adult content? A legislation issue!
Sane technology legislation requires competent representatives. This is what folks voted for. Parenting responsibility in the aggregate, very broadly speaking, is not what it used to be. This is not to say that parents today are worse, but that standards and resources are different (two adults having to work full time, quality time per week between parent and child, ubiquitous access to social, screens, and internet, etc).
We talk about legislative solutions as if they exist in a bubble. Like there’s some idealized body of completely rational actors who will deliberately evaluate all the features of an issue and make a decision that will benefit everyone in aggregate. This is not how legislatures work. They are filled with imperfect humans who rarely have technical training. They should not be making decisions in a bubble.
In theory you could implement age based access controls, but as the article points out, these are full of tradeoffs, and none of them are good. You will either get vendor lock in, violations of constitutional rights, a wider dispersal of Personally identifiable information, or a poorly thought through government implemented solution whose only feedback is additional legislation.
Parental desires to prevent children from seeing inappropriate content is not strictly opposed to individual free speech rights, the need for dynamism and open competition in the marketplace, or a need for privacy and information security. To say these issues need to be balanced would be a false dichotomy. Perhaps the solution is for society to respect parents by giving them the resources they need, through paid parental leave and employment protections.
Except the mDL specifically accounted for this and allows anonymous age verification records and it’s a standard so there’s no real lock in (there’s some on the provider side in terms of the IT systems to do the signing but that’s self inflicted in many ways). And the lock in described in that section that alludes to the mDL seems mostly like FUD - there’s no requirement you use a Google/Apple wallet. Indeed most of the pilot programs are starting with apps released by the motor licensing agency itself. Now there may be more “lock in” enforced to close loopholes for the really technically minded, but honestly this feels like a fine middle ground starting point.
In the current US I don't think it's reasonable to believe that we can trust that something like digital IDs would not be abused. That does not necessarily mean that there are not other locations or times where that trust might be warranted.
Specifically, it's likely that police and/or national security would use them in ways that would result in false arrests and/or chilling online behavior. It is also becoming increasingly likely that Christian Nationalists would use them to censor speech that they don't like and/or to persecute people that they disagree with.
Parents and caretakers have the ability to restrict children’s content on any device a child has access to. The burden should be on them to ensure their child is not consuming porn. It shouldn’t be everyone else’s problem that people are unwilling to parent their children.
You can't expect parents to hover over their children 24/7. Apply the argument you're making to any other instance of corrupting minors. If you have sex with a 14 year old, you're not going to be able to say, "Well the kid's parents should have been watching him..." to the judge. The same applies to showing porn to one.
This is a straw man. Saying that the burden is on parents to ensure a child's safety doesn't mean a child molester is free from blame. You've taken his point and pushed it to the extreme.
The commenter above is putting the burden on the parents in order to claim that a person who shows porn to children is free of blame. How is that a different argument?
> You can't expect parents to hover over their children 24/7
That's not what's being asked. There already exists software, and optional functionality on OSs/routers/browsers, that allows parents to restrict what sites can be viewed. This software covers more sites (and offer greater customization) than proposals involving sites verifying ID would, since:
* The software can trivially add sites to its blacklist regardless of whether they're outside of jurisdictions that would require ID verification
* Sites are more likely to identify themselves as pornographic than to implement ID verification, since it's a significantly smaller burden
* Small/obscure sites that could fall under the radar with non-compliance on ID verification can still be blocked by the software with statistical/ML methods
* For young children a whitelist of known-safe sites can be used
Neither approach is perfect. With ID verification, a child could use a free VPN to bypass it, or be shown a friend's older brother's ID. With filter software, a child could borrow an unfiltered device and find an unfiltered Internet connection to use it on. The question is: would ID verification be better to such an extent that it justifies the privacy invasion and increased risk of fraud, blackmail, etc.? To me, it seems substantially worse than existing solutions.
That's not the world we live in today. Stores local to me will sell a (terrible but internet capable) phone for $35 to anyone. So you are proposing moving the age verification to the device purchasing stage?
If that is the worry, then bad influences won’t be stopped by some shitty internet-wide age verification. Teens can bully each other with their cameras, or words. If their peers are the problem, no amount of government playing internet cop will help.
I don't think that age verification is a good idea. But I don't think the counter-argument that "parents can just monitor their kids' devices" really holds water - there's still plenty of ways around it.
Complete strawman on a complete strawman situation that isn’t even real. What $35 phone out there has the network bandwidth for porn that isn’t tied to identity in a way that a parent couldn’t easily spot and prevent?
If the kid is smart enough to get a "throwaway" device to circumvent parent supervision what makes you believe he won't be able to circumvent gouvernement internet oversight? Even China and North Korea can't prevent their citizens from doing so.
Prisoners acquire cellphones illegally. It doesn't mean we don't bother enforcing the rule because they can bypass it. We confiscate phones as discovered to disrupt those efforts. We love disruption around here, right?
The point of this is to introduce friction. The goal is not 100% effectiveness and it's a strawman to suggest it is.
Banning cell phones from prisons doesn't affect law abiding citizen. Forcing ID check is a privacy scandal in the making for what I'm my opinion is the government taking decisions on behalf of parents.
Just make a gouvernement sanctionned DNS with basic instruction how to set it up or let ISP set it up for you.
Good old awareness and education.
Yes parents should restrict their kids devices and keep an eye smart device usage generally IMHO. However, doing so well is not easy. There’s so many work arounds unless you severely limit device functionality.
For example, at least a few years back it was basically impossible to enforce DNS based filtering on iOS devices much less other more invasive setups.
There is a very basic iphone setting that restricts adult content from a huge list of sites plus any other sites you want to add to it. This tech has been around for decades.
I am slightly confused by this comment in the context of the thread.
Because you choose to give your children freedom to operate their device however they see fit, you are in support of legislation that restricts what they can use their device to access on the internet?
Parents can achieve this without resorting to an atmosphere of paranoia and control. If parents foster transparency, trust, and open communication with their children, where no secrets are kept and children are not afraid to discuss difficult subjects with parents, then a lot of problems are already solved, or nipped in the bud.
Minor children really shouldn't have an expectation of privacy while they're out on the big, bad Internet. The best advice is for families to have computers in common areas only, where children's screens can be noticed and observed by parents at all times. That's not so much about a lack of trust in your own children, but beware the rest of the Internet.
By all means, teens can be granted increasing privileges and privacy as they grow up and begin to have their own lives. IF you as a parent have fostered their trust and you've inculcated "street smarts", then at a certain point you let go and trust them as well. Amazing how that all works.
I think that it's worth keeping in mind that that isn't always possible. For example, with foster children it is not unlikely that experience with previous parents have already given a child baggage that will make that strategy much less successful.
You're right, I mean, why should a parent even bother establishing candor, trust, and communication with their children when it is just soooo harrrrd, give up already!
You're playing at whatever the self-help equivalent of psychobabble is and are clearly not a parent, foster or otherwise. Most kids are self-centered, duplicitous sacks of bullshit. The social aspect of relationships is easily gamed and they know it.
You don't know your child until you've seen their browser history (before they've had a chance to clear it). Take a peek sometime.
I let my kids think I trust them, but I trust them about as much as the GRU. They think I actually believe that they don't have Discord installed, but I already know what they changed the icon and app label to. They think I believe they're not uploading videos to YouTube, but they are. They have no qualms about lying to me-- and I have a good relationship with these two.
> Most kids are self-centered, duplicitous sacks of bullshit.
Most children aren't. You're definitely telling on yourself more than commenting on how children behave. Trust is a shared activity. If you treat children like you'd treat the GRU that's exactly how they'll behave.
> and I have a good relationship with these two.
If you have a good relationship, why are they lying to you? Is it because they don't trust you? Is that because you don't trust them? I wonder who started it. I'm pretty sure you'll blame them again, so I'll pre-answer for that. "they proved it already by making [some mistake]" ...yeah, kids will make mistakes, but when you forgive them, and believe in them, and prove that they can trust you, they will. By treating them like the GRU all you do is prove they can't trust you. You're supposed to be the adult, right? You have to go first, children are only able to copy what they see.
I think you are missing the point. Certainly a parent has a moral obligation to work to build candor, trust, and communication. However, depending on the circumstances that effort may not be fully successful; which is why it might be useful to also have additional systems in place such as regulation on what media providers can provide to children.
In other words, my objection is not to your assertion that parents should work to develop trusting and respectful relationships with their children. Nor do I disagree that such relationships would go a long ways towards addressing media consumption. My disagreement is with the idea that it is always possible to be completely successful.
> It shouldn't be everyone else's problem that people are unwilling to parent their children.
There would be legal consequences if a child were to walk into a store and purchased age restricted products. It is because others are not allowed to interfere with the parenting of children. (Some, albeit not all, age restricted products allow for parental discretion rather than being an outright prohibition.) There are also other ways of looking at this, such as protecting vulnerable populations from exploitation. (Such as the sale of addictive substances like alcohol and tobacco to minors.)
I would consider framing the issue as offloading parental responsibilities onto society as disingenuous at best.
When I was a child, there did not exist legally age restricted products in Germany. I do not know a single child who was harmed by the lack of regulation.
No. That’s not a reasonable expectation. You can’t bombard children with insane content all the time and expect parents to continuously hover and prevent them from looking at it. There is not enough time in a day and makes parents the bad guys in a million different households.
I think that there is probably a middle ground. Certainly there is a significant responsibility for parents to monitor their children's media consumption and teach them healthy practices. However, it is also not reasonable to expect that they will be able to do so all of the time or that they may not need assistance to do so.
Parental controls on devices suck, and are wildly ineffective.
I'm not in any way saying the solution is requiring uploading id or similar verification, but thinking parents can actually effectively control what their kids access is just plain wrong. Always has been.
AV is already widely utilized by thousands of internet companies and represents a significant market.
The issue is the companies being targeted have simply chosen to not enact any AV or gating measures because it would impact their existing business. Additionally, the targeted companies have solutions available but are leveraging legal and lobbying efforts vs. changing their business.
Source: I work for a company that distributes a widely used AV product.
The vast majority (90%+)of all AV is not photo ID. It’s phone number or name/address (in the US), depending on the industry. This info is usually collected.
For adult industry, the issue is gating web traffic. But as I explained to a regulator mentioned in the article, as long as there are shady companies who won’t comply and can’t be fined, it’s a moot point.
Phone numbers? That seems like a bunch of security theater. (Edit: presumably that's why the states that have passed porn AV laws require IDs, not phone numbers.)
> For adult industry, the issue is gating web traffic.
Clealry that is not the only issue as adult sites have chosen to stop operating rather than comply in jurisdictions that require AV.
The adult sites will simply move offshore where the country trying to stop the flow of information doesn't have jurisdictions. It's whack-a-mole. The only solution is that parents control their kids, install nanny software, and teach them what is age appropriate. I chose to skip all that but supposedly I'm supposed to just accept that they are taking more of my freedom away and expect me to turn my ID over to random internet companies and trust that they'll "do the right thing"
You’re thinking about AV as it’s been rolled out in the past few years in places. But the mDL / mobile passports don’t require that - it’s a signed record that a certain government agency signs. It can be something like signing what kind of vehicles you can operate but also can be just an anonymous age verification check. The standards body for this was explicitly thinking about privacy-preserving mechanisms to do AV (I know because I attended some meetings and observed the discussions they were having).
In practice, how do these system expect the kids (much more technically savvy than their parents, and with a motive) not to get their hands on their parents'? (As you know, kids often get access to credit cards without parents knowledge.)
Biometrics identification required to release the record (eg the Secure Enclave in iOS could sign it)
You can believe that a standard committee of very smart people (technical and regulatory) was thinking about all these problems so saying “what about X” isn’t helpful when X is an obvious concern.
A sufficiently advanced attacker could probably figure something out (especially with these 3p apps which are bound to have security flaws), but it will be out of reach for most people (these apps will hopefully be discontinued once the OS wallets integration is complete - they should only be used for pilot programs and if they’re not they will be stopped once they become a known vector of identity theft).
The harder problem is attestation for >13 services since kids that age may not have digital devices and government ID but that’s a government policy problem to figure out.
> You can believe that a standard committee of very smart people (technical and regulatory) was thinking about all these problems so saying “what about X” isn’t helpful when X is an obvious concern.
Really? Doesn't HN show on a monthly basis that no, exactly nothing directly follows from that premise? Typically the committee has completely different incentives and directions from, well, half the planet's wants?
At that stage though, mine was just a question. I was curious.
> they will be stopped once they become a known vector of identity theft
Okay. I'll agree to disagree. See US Social Security Numbers, cell phone numbers, credit card system...
And? The point of the article is that it's incompatible with privacy on the internet, or rather the spirit of what the internet is - widely accessible, not pseudo-AIM.
If every person can be identified uniquely and mapped to a real person, and this is what age verification will come down to, then each of us can be fed with different kind of bullshit, our thoughts can be even more easily manipulated systematically. That is the price to pay.
People like you having the certainty your freedom to casually engage in these types of topics that may be critical of powerful entities won't result in a form of specific targeting that gives a legally accepted pathway to finding out your private information. Or something.
- At point of purchase for a consumer device that can view Internet content, the salesperson (or web store) is required to ask if the device is for an underage child, in which case either the device is placed in "child safe" mode, or printed instructions are directly provided giving instructions to do such. The child protection settings should be linked to the parent's e-mail address (so they can be lifted when the child is of age, or the device is given to someone else, etc).
- Consumer devices must support filtering for underage users (they already do, although perhaps this could be made more standardized and easier to use).
- Adult sites are required to list themselves as such so they can be filtered (they already do this quite voluntarily).
Of course, this assumes that legislators are making these rules in good faith (I strongly suspect they are not, and thus they are actually unconstitutional attempts to restrict free speech).
These sorts of features shouldn’t be mandatory, if parents want to lock down their kids’ devices they can go find and buy the ones that support that sort of thing. Or install aftermarket software. This is already the way it works.
Also underage people could go to the store and lie about their age, so if we want this plan to be effective we’d need to ID everybody buying electronics, which would be annoying.
It also isn’t clear what it means for a device to be “for somebody,” if somebody buys a desktop and a kid lives in their house, it is at least possible that the kid will get access to it.
My point wasn't that this should be done, just that it's a more viable option if moral busybody legislators actually want to legally restrict children's access to adult content instead of finding creative ways of harassing Pornhub.
Obviously porn blocking should just be something parents should concern themselves with, and parents alone. Software and device vendors already provide all the necessary tools.
I think it isn’t a very viable option. I understand the logic of saying to them “here’s a more effective solution, which you would have suggested if you were operating in good faith,” but I think that your solution wouldn’t work, which causes the whole argument to unravel.
iPhones are pretty locked down, and stand a good chance of allowing parents to totally block adult content. Android and general-purpose computers less so, naturally.
But VPNs have already come up as the way around these new age-verification laws, and that didn't stop them. Kids can always find ways around this stuff (when I was in high school eons ago, just about everyone was underage drinking, and a lot of my friends had porno mags too).
Fortunately, most democratic countries will be constitutionally prevented from enacting full-blown police states to stop kids from doing naughty things. Hopefully.
- Fortunately, most democratic countries will be constitutionally prevented from enacting full-blown police states to stop kids from doing naughty things. Hopefully.
Constitution/law just transfer responsibility to other entity. Whithout responsibility, there is no freedom. State never bringing morale or ethics to society. I would rather focus on why kids doing naughty things, where they learn it, what are consequences of their actions, etc.
Right. And this is just in phones, which are already a pretty locked down ecosystem.
In general, there would be more implementation problems the farther we look away from there: what about things like laptops, particularly laptops with Linux, or raspberries pi, or heck, an Analogue Pocket… there’s a whole range of computing devices; locking down all this stuff would be a huge pain-in-the-butt process. Rather than have some legislatively confusing mess where every device manager has to wonder if they are responsible for implementing some giant DRM scheme, we’re better off just letting the market handle it.
I think you agree with each other. How about: smartphones arrive with a parent lock(*) using a manufacturer code. Flashing an ID or interacting with a (possibly standards-compliant) body reveals the unlock code.
(*) Yes, jailbreaking gets around that, but now you’ve circumvented a content-control system, which is a bigger legal problem under DMCA than any legal Internet content.
They were making a rhetorical point along the lines of “if the politicians actually were engaging in good faith on this stuff, they’d propose this other more effective plan.” I agree with the sentiment that the politicians aren’t engaging in good faith here. We are basically on the same side.
However I disagree that the plan would really be able to accomplish what legislators claim they are trying to accomplish, so I don’t think this line of argument works as a rhetorical device.
I’m not sure that “Whether Software and device vendors already provide all the necessary tools” is really the sticking point… sorry, I’d write more, but actually I’m not sure how that is supposed to link into the argument so I’m not sure where to go with it.
> in which case either the device is placed in "child safe" mode, or printed instructions are directly provided giving instructions to do such
It's not hard to imagine a jailbreak showing up shortly to defeat it. Even Apple can't prevent jail breaking for their devices. I think it's unreasonable to expect other consumer devices manufacturers to win a game of cats and mouses like that.
Requiring legislations on this is even worse. It will serve as a regulatory capture for big corps that can afford to invest on security.
This means disabling any means of downloading custom software for the under 18, right? Forget coding if you are under 18, because all of that would be so simple to bypass unless you completely lock it all.
Games and everything need to be vetted when you are 17? Since if you allow them any kid could also download a custom browser as well to get past that, and if there is a way, this info will be shared amongst kids.
Google Play and the App Store already have account-based restrictions and fairly annoying rules about apps that can access unrestricted content. When I was a kid and smartphones weren't a thing, I knew kids whose parents had installed similar restrictions on their PCs and Macs.
Not if the parent controls a screenshot analyzer trained to detect objectionable figures, patterns, and phrases. This would work above the browser and IDE.
Just as with the “you must be at least 18 to view this site, only click ok if you’re at least 18” popups, I’m pretty sure a smart 17 year old could figure out that notpornhub.com silently drops the special filter tag but is otherwise identical to pornhub.com
And a VPN bypasses these age-verification restrictions some states are adding. And kids find ways of buying alcohol too (when I was in high school eons ago, just about everyone was underage drinking, and a lot of my friends had porno mags too).
Fortunately, most democratic countries will be constitutionally prevented from enacting full-blown police states to stop kids from doing naughty things. Hopefully.
Most of the my friends when I was a high school kid in the 80s had access to porn, alcohol, weed and were having sex under 18. All not allowed by their/my parents, but no ended up even remotely bad or damaged. It’s just growing up.
Maybe it wouldn't be, but if you're going to declare that "something is simple" and provide a solution that's based on rules, you need to include the penalty for breaking those rules.
Kids can purchase unrestricted amount of sugar drinks and ruin their health for the rest of their lives. I insist government implements age verification for soda purchases. All sodas must be accessible to 21+ years only.
A state in Mexico did this [1] [2] [3] with positive results (junk food). It's a good idea. If you can get it passed in the US, you have my PAC dollars/dark money and vote.
Sometimes "think of the children" really is think of the children.
> One-third of Mexicans aged 6 to 19 are overweight or obese, according to UNICEF. They may not be disproportionately affected by COVID-19 now, but they can suffer myriad health issues, especially in adulthood. [2]
(for comparison, 20% of children in the US are obese [4])
... though it probably shouldn't use the same age cutoff as beer. 18 or even 15 would be better.
The downside is that - even with mild enforcement - fast food would get even more expensive for people who buy the cheap items which are currently subsidized by drinks.
From history, we mainly know that nation scale communism doesn't work when it is run by a totalitarian government and/or is undermined by the embargos or the CIA. We don't have much data on democratic communism that is reasonably free from outside interference.
On the other hand, we know that communism works on the small scale due to the success of various traditional communities and non-profits.
Depending on the specific system being discussed, there's also significant evidence that "more moderate" systems related to communism (e.g. various forms of socialism) work. Part of the problem that I've had in trying to interact with libertarian ideas is that they tend to be purist. In particular, when confronted with criticisms they tend to claim that under a complete libertarian system they wouldn't occur. However, that precludes the ability to consider whether an incomplete libertarian system might have merit.
Usually the sweet spot is somewhere in the middle of both, which is what the United States is (though some may argue we've begun to slide towards the extremes)
Where does it stop next? Government telling us that we can't have our small piece of chocolate until we eat all our veggies and Mediterranean menu diet guide?
If were to live in a world where we, through tax-payer funded medical care, one can privatize (caloric) gains and socialize (medical care cost) losses…
Unironically this should be a mechanism.
While I recognize no system is perfect, we would still socialize those born into misfortunes, I see no reason not to mandate intensive regulations. It is immoral to require society to pay for shit decision making.
That’s a pretty good idea. I’m all for age restrictions on even more things. I think you shouldn't be able to use social media or have a smart phone until you’re 18.
Something like that parody of printed manual check copy protection on the original Larry game might actually work? Years later I had a huge "oh, so that's the answer!" moment when I finally discovered the meaning of the words agent orange.
Jokes aside, what would be the failure mode if some metadata about audience minimum age was given legal blessing? Regular browsers would simply ignore it, browsers with enabled parental controls would reject the page or site. Vendors of parental controls could focus their efforts on suppressing those sites that lie and the numerous proxy services that would inevitably pop up (but that's a problem they already have I assume). What am I missing?
> if some metadata about audience minimum age was given legal blessing?
There's no legal blessing for this, but there's already an industry standard (in the vein of the ESRB ratings): https://www.rtalabel.org/index.html?content=howto Most porn sites have already voluntarily applied this label.
> What am I missing?
My best explanation is that moral panic always plays well to voters.
I disagree with the idea of censorship generally, but it would be extremely funny if this was implemented and we could all just start tagging all our (totally mundane) content as adult-only. Imagine, a whole parallel internet free of busybodies and their children.
The Children's Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their kids. [https://www.ftc.gov/business-guidance/privacy-security/child...]. It requires explicit consent from the parents by entering a credit card as a form of ID or a video chat where the web platform confirms the adult is the parent or guardian
Throw some <meta> tags in and browsers can parse: then have a password-protected "filter controls" area in settings (and perhaps a GPO for corporate environments).
In theory that is right, but if non-technical lawmakers are being told by vendors how complex and expensive products ease that and allow monitoring it's convincing for many.
Sounds like fascism to me. More like what N. Korea does, you'd think that S. Korea would be averse to adding more fascism to their lives rather than less.
Which indeed every underage kid in the 80s/90s had access to. Later on smut dvd rips were traded in our school. Internet is vastly harder to regulate than that, forget about it.
It's up to parents to lock down their kids from tech they shouldn't be accessing, the rest of us shouldn't be harassed and inconvenienced for that. I hate to beat a dead horse, but it comes down to personal responsibility, "what are your kids doing right now?"
This is another article that tries to turn what is a subjective political grievance into a technical discussion. Age verification by id in fairly privacy preserving ways is technically trivial. I've lived in South Korea where this is standard and digital identification is used for everything.
My German national id has an eid feature that you can use, for example when buying booze online to verify your age. There's a dedicated public company set up for this, so the vendor only gets a yes/no. That's much, much better than typing your personal information into some random website from a privacy standpoint. It's better to have verification behind a dedicated API abiding by some standards than the "type everying into the webform and pray" status quo.
And as a sidenote on the cultural issue itself. I have no problem with porn or drinking etc, but when I go into a store for anything adult related someone at the door asks me for my id. Idk why people make a fuzz about having some basic due dilligence in digital marketplaces. Cinemas need to make sure people who attend adult movies are of age, bar owners need to make sure underaged kids don't order drinks. This is a completely reasonable level of responsiblity on business owners.
I mean, yes as provided by law. I live in a civilization, not in a jungle. Same reason I trust that I can eat the piece of meat I buy in the supermarket and it isn't full of salmonella, there's laws making sure it's processed correctly. I trust the law every time I walk across the street intersection.
A lot of countries (like NL, ES, PT, BE,…) have state owned APIs which have a central login (with 2FA) could easily just return yep or nay when asked; is this person over 18. Without violating privacy by the porn site and not anymore violating at least than the gov site already does or doesn’t in your opinion. The site wouldn’t have to know anything about who you are; it would work like 3dsecure.
I am not for it but it wouldn’t be hard to do in countries like that; I guess the US doesn’t have / want this? Like a state owned social security login site?
Yeah, like said, i'm not for it, but it beats, as far as i'm concerned, uploading your id + some camera to every 3rdparty that 'needs verification'. I don't mistrust my gov (as much as I do porn site owners, marketers etc), if I did, I would (and will if it ever gets there) move.
The API doesn’t need to include the site. The identity site just needs to verify age and return token that can be passed to site.
Lots of identity protocols like OAuth have the provider do the redirect so they know the site. Which makes sense cause they want to validate the site. But it works to have the app do the redirect. They end up passing the token to the sire.
Yeah but unfortunately it is very compatible with social conservatives and certain extreme christians who want to make it as hard as possible for adults to access porn as well, ideally banning it.
Thats not possible to do, so they go and attack it with fake outrage (and it are all fake, children are not actually interested in sex nor do they spontainously combust if they see naked adults).
Same with exedus cry, which is not about "saving adult performers" but about making it harder and harder to run a porn site.
The article does get into this, and I think the truth is between the article and your analysis:
I personally think that the libertarian argument is good: the government should focus on things other than this.
Which means devices could enact opt-in controls. Periodically scanning screenshots for nudity? That’s a feature… for an app. You’ve got all the right filtering apps? You’re a compliant semi-trustworthy teenager/Christian/Muslim/Exodus Cry member/citizen of the state religion. Parental controls keep the apps activated. A computer with 1995 Netscape continues to work with arbitrary Internet content. git and Docker don’t pause for AV when a comment contains the string “XXX”.
What you’re talking about are the movements behind the blockers. We can imagine an app which targets “sin” rather than nudity. Detecting corrosive text stories, especially homoeroticism. That this is merely very approximate detecting false positives is a feature, not a bug. One can’t be too careful with the intentions of outsiders. That the app itself collects more PII than the zero-knowledge proofs explained here is not interesting to its market; they already give superlative trust to those app makers. Perfectly acceptable to be carefree with the intentions of insiders.
Parents get a device that sanitizes as much as they want. Religious communities get to bless smartphones as finally advancing their fight against sin. The opt-in apps stay out of the way of well-adjusted busy people.
I’m ok with that scenario but I predict it requires a committed user base, patience with false detections, sustained funding, noticeable battery impact, and empowers some speciality app makers to be morality custodians. I’m less ok with one government getting all that right across a global communications network, even for the worst content.
But lawmakers who want control don’t like those apps. They want (1) the effects to be broadly distributed, (2) that the gatekeepers be hyperactive invite-only groups on social media, (3) that those volunteer ratings boards promote certain tastes over others. Song of Solomon must never be blocked. A reference to a torrent that contains a gay furry story? AV the entire domain, read the story into the Congressional Record, AV the Congressional Record.
Obviously hyperbole, but my point is that these are the contours of what a minority want with power. This comment section is full of people who want one government to make parenting choices for all, but as quoted in the article about the lawmaker from Utah, the censors are shockingly bad at predicting the future. We have to scrutinize their implementations when all proposed solutions depend on a powerful government intervening past the HTTP header level whenever someone finds inadequate supervision within any particular open forum.
It is possible to cryptographically attest to attributes like age without revealing identity.
I worked on a privacy preserving system that did this among other things. Third parties who received an attestation of some property could verify it.
To be fully private, a bit more is required. Crucially, each time an attestation is provided it is made unlinkable to previous times it may have been provided. So the third party only knows the attestation they have just received is valid, but not that it is the same unknown person they saw yesterday.
I do not expect that I could ever trust the 3rd party. And any on-device "private solution" seems unlikely to be implemented in a provably secure and safe way.
Besides that, why is any of that complicated stuff even needed? I know my age, and I am able to verify my age without involving any 3rd party, software, AI etc. If someone else wants to lie about their age, I am not convinced that I should need to jump through hoops and give away my own privacy as part of any of the flawed schemes supposedly intended to prevent that, as some governments are trying to push.
It would be possible. But age verification and privacy are not the objective of either side. Age verification as a pretext to place a barrier and stick it to these businesses. Privacy as a principle - not a technical attribute.
The issue I have with age verification and End user agreements is the following.
There is no legal binding to who signed the Eula in normal end user accept. This differs from a paper contract where the signature is person identifiable.
Your cats paw could have clicked on the Eula accept :). Who is liable then the cat?
I think that if Eulas was taken to highest court of law they may not hold through screening.
Beyond all the hystery around this topic, I feel like blocking porn site to minors is a reasonable requirement and it can be done with no privacy concern neither on the site side nor on the government side. It's a straightforward usage of basic crypto tools.
Says:
- the porn site creates a challenge and send it to the browser.
- the browser goes to the governmental service where one uses tax ID or the like to prove age. The service returns a challenge answer encoded with the government private key
- the browser goes back to the porn site with the answer. The porn site uses the public key to decode the governmental response and validate it does correspond to the challenge.
As I see it, theres no PII that the site can get, no history leak on the government side, no excessive centralisation, nothing frighting really.
The point of the article? The idea that I shouldn't have to ask my government for permission to view information/media? The fact that this absolutely will doxx your privacy to the government?
I'm all for, "wont somebody think of the children", but IMO protecting children is a 'solved' problem. When a child runs into the street we blame the parents, we don't install gates down every sidewalk. When a kid is seen riding a bike without a helmet, again, we don't decide that you need to send your government a selfie before the tires unlock.
Sites do have a responsibility to ensure people don't misuse their content. But liquor stores only ask for ID when you try to buy a dangerous substance, they don't make you ask your government for permission.
And that works flawlessly, fake IDs definitely aren't a thing, and I'm sure the same applies to this online ID thing.
Edit: I had 2nd thoughts about this because I don't like to make slippery slope arguments but this one seems worthy of consideration at the very least. Once this exists, all sites dealing with fraud will start to use it. Which Will have a DOS effect on government servers, which means they will try to mitigate it by requiring the requesting site provide a site ID and unique ID for the request. So much for any of the features that people expect might protect some privacy.
> The fact that this absolutely will doxx your privacy to the government?
Done properly this will not reveal your online behavior to the government any more than using your government issued ID card to enter a bar leaks your location to the issuing party.
Now, whether governments should have the right to restrict access to certain types of information and media based on age is a different question
> Done properly this will not reveal your online behavior to the government any more than using your government issued ID card to enter a bar leaks your location to the issuing party.
This is incorrect, and a gross misunderstanding of how either network requests on the internet work, or crypto... likely both.
Are you really saying someone looking at an ID card is the same as my computer sending a request containing my ID to a government entity, and waiting for a response?
Here’s an idea for how it could work while preserving your privacy.
1. User verifies their age with a trusted party (which may or may not be a government body)
2. User requests a token from the trusted party. The token is signed so 3rd parties can verify it. The token also includes the public key of the user so 3rd parties can verify whom it is for
3. The user shares this token with the 3rd party site, who is now able to verify the user’s age. Note, the 3rd party site never has to contact the issuer of the token other than to get their public key.
With this model, the token issuer is not able to connect the user to the 3rd party site directly.
We can, of course, think about possible attacks but this is just a basic illustration of the possibilities.
Just have the user calculate an average difficulty integral. If he/she succeeds they are of legal age or very close to it. Even if they use Wolfram Alpha that still denotes some level of maturity which is consistent with legal age.
160 comments
[ 3.4 ms ] story [ 257 ms ] threadSane technology legislation requires competent representatives. This is what folks voted for. Parenting responsibility in the aggregate, very broadly speaking, is not what it used to be. This is not to say that parents today are worse, but that standards and resources are different (two adults having to work full time, quality time per week between parent and child, ubiquitous access to social, screens, and internet, etc).
In theory you could implement age based access controls, but as the article points out, these are full of tradeoffs, and none of them are good. You will either get vendor lock in, violations of constitutional rights, a wider dispersal of Personally identifiable information, or a poorly thought through government implemented solution whose only feedback is additional legislation.
Parental desires to prevent children from seeing inappropriate content is not strictly opposed to individual free speech rights, the need for dynamism and open competition in the marketplace, or a need for privacy and information security. To say these issues need to be balanced would be a false dichotomy. Perhaps the solution is for society to respect parents by giving them the resources they need, through paid parental leave and employment protections.
Specifically, it's likely that police and/or national security would use them in ways that would result in false arrests and/or chilling online behavior. It is also becoming increasingly likely that Christian Nationalists would use them to censor speech that they don't like and/or to persecute people that they disagree with.
That's not what's being asked. There already exists software, and optional functionality on OSs/routers/browsers, that allows parents to restrict what sites can be viewed. This software covers more sites (and offer greater customization) than proposals involving sites verifying ID would, since:
* The software can trivially add sites to its blacklist regardless of whether they're outside of jurisdictions that would require ID verification
* Sites are more likely to identify themselves as pornographic than to implement ID verification, since it's a significantly smaller burden
* Small/obscure sites that could fall under the radar with non-compliance on ID verification can still be blocked by the software with statistical/ML methods
* For young children a whitelist of known-safe sites can be used
Neither approach is perfect. With ID verification, a child could use a free VPN to bypass it, or be shown a friend's older brother's ID. With filter software, a child could borrow an unfiltered device and find an unfiltered Internet connection to use it on. The question is: would ID verification be better to such an extent that it justifies the privacy invasion and increased risk of fraud, blackmail, etc.? To me, it seems substantially worse than existing solutions.
That's not the world we live in today. Stores local to me will sell a (terrible but internet capable) phone for $35 to anyone. So you are proposing moving the age verification to the device purchasing stage?
Here's a couple. You can buy these and use them with the free wifi at McDonalds or with a $30 prepaid plan.
I'm not saying I support these age verification schemes but saying parents can easily control access to the internet is dead wrong.
https://www.walmart.com/ip/Metro-by-T-Mobile-TCL-ION-X-32GB-...
https://www.walmart.com/ip/Simple-Mobile-Nokia-C110-32GB-Gre...
These deals are extremely common in the US: https://slickdeals.net/newsearch.php?q=tracfone&searcharea=d...
The point of this is to introduce friction. The goal is not 100% effectiveness and it's a strawman to suggest it is.
Once you get to a state where the kid is unsupervised, is determined to break the rules, and has money to help them do it, they're going to succeed.
For example, at least a few years back it was basically impossible to enforce DNS based filtering on iOS devices much less other more invasive setups.
Because you choose to give your children freedom to operate their device however they see fit, you are in support of legislation that restricts what they can use their device to access on the internet?
Do we arrest the parent or the child when the child posts a picture of their genitals on insta-snap?
Even whitelist-based parental controls aren't great given what's accessible on major sites that accept user-generated content.
There absolutely is a real problem here - too-early exposure to sex is one of the biggest drivers of sex offenders.
This argument is essentially that it's acceptable for websites to show porn to children if their parents don't care or are fine with it.
It's a horrible, dangerous thing regardless of if parents are involved are not, and therefore should not solely be the responsibility of the parents.
Minor children really shouldn't have an expectation of privacy while they're out on the big, bad Internet. The best advice is for families to have computers in common areas only, where children's screens can be noticed and observed by parents at all times. That's not so much about a lack of trust in your own children, but beware the rest of the Internet.
By all means, teens can be granted increasing privileges and privacy as they grow up and begin to have their own lives. IF you as a parent have fostered their trust and you've inculcated "street smarts", then at a certain point you let go and trust them as well. Amazing how that all works.
You don't know your child until you've seen their browser history (before they've had a chance to clear it). Take a peek sometime.
I let my kids think I trust them, but I trust them about as much as the GRU. They think I actually believe that they don't have Discord installed, but I already know what they changed the icon and app label to. They think I believe they're not uploading videos to YouTube, but they are. They have no qualms about lying to me-- and I have a good relationship with these two.
Most children aren't. You're definitely telling on yourself more than commenting on how children behave. Trust is a shared activity. If you treat children like you'd treat the GRU that's exactly how they'll behave.
> and I have a good relationship with these two.
If you have a good relationship, why are they lying to you? Is it because they don't trust you? Is that because you don't trust them? I wonder who started it. I'm pretty sure you'll blame them again, so I'll pre-answer for that. "they proved it already by making [some mistake]" ...yeah, kids will make mistakes, but when you forgive them, and believe in them, and prove that they can trust you, they will. By treating them like the GRU all you do is prove they can't trust you. You're supposed to be the adult, right? You have to go first, children are only able to copy what they see.
Trust must be gained.
> You don't know your child until you've seen their browser history
Are you sure ? This is like this MTV commercial when the child is watching porn when the parents enter the room, only to switch to MTV afterwards.
In other words, my objection is not to your assertion that parents should work to develop trusting and respectful relationships with their children. Nor do I disagree that such relationships would go a long ways towards addressing media consumption. My disagreement is with the idea that it is always possible to be completely successful.
There would be legal consequences if a child were to walk into a store and purchased age restricted products. It is because others are not allowed to interfere with the parenting of children. (Some, albeit not all, age restricted products allow for parental discretion rather than being an outright prohibition.) There are also other ways of looking at this, such as protecting vulnerable populations from exploitation. (Such as the sale of addictive substances like alcohol and tobacco to minors.)
I would consider framing the issue as offloading parental responsibilities onto society as disingenuous at best.
The world has become a crazy and disgusting shit.
Why not ? Ads, wherever pervert, are ok. As long as they don't watch porn... /s
I'm not in any way saying the solution is requiring uploading id or similar verification, but thinking parents can actually effectively control what their kids access is just plain wrong. Always has been.
Well, Microsoft Family Safety was very effective to not allow Firefox to run, although Edge ran fine. /s
The issue is the companies being targeted have simply chosen to not enact any AV or gating measures because it would impact their existing business. Additionally, the targeted companies have solutions available but are leveraging legal and lobbying efforts vs. changing their business.
Source: I work for a company that distributes a widely used AV product.
For adult industry, the issue is gating web traffic. But as I explained to a regulator mentioned in the article, as long as there are shady companies who won’t comply and can’t be fined, it’s a moot point.
> For adult industry, the issue is gating web traffic.
Clealry that is not the only issue as adult sites have chosen to stop operating rather than comply in jurisdictions that require AV.
You can believe that a standard committee of very smart people (technical and regulatory) was thinking about all these problems so saying “what about X” isn’t helpful when X is an obvious concern.
A sufficiently advanced attacker could probably figure something out (especially with these 3p apps which are bound to have security flaws), but it will be out of reach for most people (these apps will hopefully be discontinued once the OS wallets integration is complete - they should only be used for pilot programs and if they’re not they will be stopped once they become a known vector of identity theft).
The harder problem is attestation for >13 services since kids that age may not have digital devices and government ID but that’s a government policy problem to figure out.
Really? Doesn't HN show on a monthly basis that no, exactly nothing directly follows from that premise? Typically the committee has completely different incentives and directions from, well, half the planet's wants?
At that stage though, mine was just a question. I was curious.
> they will be stopped once they become a known vector of identity theft
Okay. I'll agree to disagree. See US Social Security Numbers, cell phone numbers, credit card system...
- At point of purchase for a consumer device that can view Internet content, the salesperson (or web store) is required to ask if the device is for an underage child, in which case either the device is placed in "child safe" mode, or printed instructions are directly provided giving instructions to do such. The child protection settings should be linked to the parent's e-mail address (so they can be lifted when the child is of age, or the device is given to someone else, etc).
- Consumer devices must support filtering for underage users (they already do, although perhaps this could be made more standardized and easier to use).
- Adult sites are required to list themselves as such so they can be filtered (they already do this quite voluntarily).
Of course, this assumes that legislators are making these rules in good faith (I strongly suspect they are not, and thus they are actually unconstitutional attempts to restrict free speech).
There's actually a meta tag that most adult sites set to do this already. It's also used by Google to identify a website as adult for SafeSearch reasons. The process seems simple enough, https://www.rtalabel.org/index.html?content=howto (meta tag) and https://www.rtalabel.org/index.html?content=howtofaq#apache (http header)
It is strange web browsers don't take advantage of it, though. This combined with some kind of AI model would work in most cases I bet.
Also underage people could go to the store and lie about their age, so if we want this plan to be effective we’d need to ID everybody buying electronics, which would be annoying.
It also isn’t clear what it means for a device to be “for somebody,” if somebody buys a desktop and a kid lives in their house, it is at least possible that the kid will get access to it.
Obviously porn blocking should just be something parents should concern themselves with, and parents alone. Software and device vendors already provide all the necessary tools.
But VPNs have already come up as the way around these new age-verification laws, and that didn't stop them. Kids can always find ways around this stuff (when I was in high school eons ago, just about everyone was underage drinking, and a lot of my friends had porno mags too).
Fortunately, most democratic countries will be constitutionally prevented from enacting full-blown police states to stop kids from doing naughty things. Hopefully.
Constitution/law just transfer responsibility to other entity. Whithout responsibility, there is no freedom. State never bringing morale or ethics to society. I would rather focus on why kids doing naughty things, where they learn it, what are consequences of their actions, etc.
In general, there would be more implementation problems the farther we look away from there: what about things like laptops, particularly laptops with Linux, or raspberries pi, or heck, an Analogue Pocket… there’s a whole range of computing devices; locking down all this stuff would be a huge pain-in-the-butt process. Rather than have some legislatively confusing mess where every device manager has to wonder if they are responsible for implementing some giant DRM scheme, we’re better off just letting the market handle it.
(*) Yes, jailbreaking gets around that, but now you’ve circumvented a content-control system, which is a bigger legal problem under DMCA than any legal Internet content.
However I disagree that the plan would really be able to accomplish what legislators claim they are trying to accomplish, so I don’t think this line of argument works as a rhetorical device.
I’m not sure that “Whether Software and device vendors already provide all the necessary tools” is really the sticking point… sorry, I’d write more, but actually I’m not sure how that is supposed to link into the argument so I’m not sure where to go with it.
It's not hard to imagine a jailbreak showing up shortly to defeat it. Even Apple can't prevent jail breaking for their devices. I think it's unreasonable to expect other consumer devices manufacturers to win a game of cats and mouses like that.
Requiring legislations on this is even worse. It will serve as a regulatory capture for big corps that can afford to invest on security.
Games and everything need to be vetted when you are 17? Since if you allow them any kid could also download a custom browser as well to get past that, and if there is a way, this info will be shared amongst kids.
Just as with the “you must be at least 18 to view this site, only click ok if you’re at least 18” popups, I’m pretty sure a smart 17 year old could figure out that notpornhub.com silently drops the special filter tag but is otherwise identical to pornhub.com
Fortunately, most democratic countries will be constitutionally prevented from enacting full-blown police states to stop kids from doing naughty things. Hopefully.
Is there a penalty if they don't?
Is there a penalty if an adult lies? Is there a penalty if an underage person pretends to be an adult?
Sometimes "think of the children" really is think of the children.
> One-third of Mexicans aged 6 to 19 are overweight or obese, according to UNICEF. They may not be disproportionately affected by COVID-19 now, but they can suffer myriad health issues, especially in adulthood. [2]
(for comparison, 20% of children in the US are obese [4])
[1] https://www.npr.org/2020/09/14/912029399/we-had-to-take-acti...
[2] https://twitter.com/CongresoOaxaca_/status/12910804963032227...
[3] https://twitter.com/Magaly_LopezOax/status/12910848195611729...
[4] https://www.cdc.gov/obesity/childhood/index.html
... though it probably shouldn't use the same age cutoff as beer. 18 or even 15 would be better.
The downside is that - even with mild enforcement - fast food would get even more expensive for people who buy the cheap items which are currently subsidized by drinks.
Very tired of the libertarian arguments when they obviously don't work.
On the other hand, we know that communism works on the small scale due to the success of various traditional communities and non-profits.
Depending on the specific system being discussed, there's also significant evidence that "more moderate" systems related to communism (e.g. various forms of socialism) work. Part of the problem that I've had in trying to interact with libertarian ideas is that they tend to be purist. In particular, when confronted with criticisms they tend to claim that under a complete libertarian system they wouldn't occur. However, that precludes the ability to consider whether an incomplete libertarian system might have merit.
Libertarianism <---> Authoritarianism
Capitalism <---> Communism
Usually the sweet spot is somewhere in the middle of both, which is what the United States is (though some may argue we've begun to slide towards the extremes)
The government ensures that realistic healthy options are available but doesn't force people to select them.
The government applies a minimal tax to the most obviously unhealthy options but doesn't otherwise restrict anything.
The government applies regulations before 18 years old but not afterwards.
Unironically this should be a mechanism.
While I recognize no system is perfect, we would still socialize those born into misfortunes, I see no reason not to mandate intensive regulations. It is immoral to require society to pay for shit decision making.
It was sarcasm. Pointing extreme of previous sentence.
Jokes aside, what would be the failure mode if some metadata about audience minimum age was given legal blessing? Regular browsers would simply ignore it, browsers with enabled parental controls would reject the page or site. Vendors of parental controls could focus their efforts on suppressing those sites that lie and the numerous proxy services that would inevitably pop up (but that's a problem they already have I assume). What am I missing?
There's no legal blessing for this, but there's already an industry standard (in the vein of the ESRB ratings): https://www.rtalabel.org/index.html?content=howto Most porn sites have already voluntarily applied this label.
> What am I missing?
My best explanation is that moral panic always plays well to voters.
You are missing, that many people in that space don't want to solve that specific problem
* Some companies and their lobbies want to sell their products for filtering or whatever
* Some people want to get rid of all sinful porn
* Some want to block a lot more content for more people and need infrastructure
* Some want to have further control
Etc. "protecting the children" is often a good way to denounce opponents
It really shouldn't be needed: web pages are all about tags with data and metadata. It shouldn't be hard to add metadata about content type.
I never quite understood why labeling initiatives never gained traction:
* https://en.wikipedia.org/wiki/Platform_for_Internet_Content_...
* https://www.w3.org/PICS/
* https://www.w3.org/2007/powder/
Throw some <meta> tags in and browsers can parse: then have a password-protected "filter controls" area in settings (and perhaps a GPO for corporate environments).
My German national id has an eid feature that you can use, for example when buying booze online to verify your age. There's a dedicated public company set up for this, so the vendor only gets a yes/no. That's much, much better than typing your personal information into some random website from a privacy standpoint. It's better to have verification behind a dedicated API abiding by some standards than the "type everying into the webform and pray" status quo.
And as a sidenote on the cultural issue itself. I have no problem with porn or drinking etc, but when I go into a store for anything adult related someone at the door asks me for my id. Idk why people make a fuzz about having some basic due dilligence in digital marketplaces. Cinemas need to make sure people who attend adult movies are of age, bar owners need to make sure underaged kids don't order drinks. This is a completely reasonable level of responsiblity on business owners.
I am not for it but it wouldn’t be hard to do in countries like that; I guess the US doesn’t have / want this? Like a state owned social security login site?
Lots of identity protocols like OAuth have the provider do the redirect so they know the site. Which makes sense cause they want to validate the site. But it works to have the app do the redirect. They end up passing the token to the sire.
Thats not possible to do, so they go and attack it with fake outrage (and it are all fake, children are not actually interested in sex nor do they spontainously combust if they see naked adults).
Same with exedus cry, which is not about "saving adult performers" but about making it harder and harder to run a porn site.
I personally think that the libertarian argument is good: the government should focus on things other than this.
Which means devices could enact opt-in controls. Periodically scanning screenshots for nudity? That’s a feature… for an app. You’ve got all the right filtering apps? You’re a compliant semi-trustworthy teenager/Christian/Muslim/Exodus Cry member/citizen of the state religion. Parental controls keep the apps activated. A computer with 1995 Netscape continues to work with arbitrary Internet content. git and Docker don’t pause for AV when a comment contains the string “XXX”.
What you’re talking about are the movements behind the blockers. We can imagine an app which targets “sin” rather than nudity. Detecting corrosive text stories, especially homoeroticism. That this is merely very approximate detecting false positives is a feature, not a bug. One can’t be too careful with the intentions of outsiders. That the app itself collects more PII than the zero-knowledge proofs explained here is not interesting to its market; they already give superlative trust to those app makers. Perfectly acceptable to be carefree with the intentions of insiders.
Parents get a device that sanitizes as much as they want. Religious communities get to bless smartphones as finally advancing their fight against sin. The opt-in apps stay out of the way of well-adjusted busy people.
I’m ok with that scenario but I predict it requires a committed user base, patience with false detections, sustained funding, noticeable battery impact, and empowers some speciality app makers to be morality custodians. I’m less ok with one government getting all that right across a global communications network, even for the worst content.
But lawmakers who want control don’t like those apps. They want (1) the effects to be broadly distributed, (2) that the gatekeepers be hyperactive invite-only groups on social media, (3) that those volunteer ratings boards promote certain tastes over others. Song of Solomon must never be blocked. A reference to a torrent that contains a gay furry story? AV the entire domain, read the story into the Congressional Record, AV the Congressional Record.
Obviously hyperbole, but my point is that these are the contours of what a minority want with power. This comment section is full of people who want one government to make parenting choices for all, but as quoted in the article about the lawmaker from Utah, the censors are shockingly bad at predicting the future. We have to scrutinize their implementations when all proposed solutions depend on a powerful government intervening past the HTTP header level whenever someone finds inadequate supervision within any particular open forum.
I worked on a privacy preserving system that did this among other things. Third parties who received an attestation of some property could verify it.
To be fully private, a bit more is required. Crucially, each time an attestation is provided it is made unlinkable to previous times it may have been provided. So the third party only knows the attestation they have just received is valid, but not that it is the same unknown person they saw yesterday.
Not giving all our information to data driven businesses just to exist.
Besides that, why is any of that complicated stuff even needed? I know my age, and I am able to verify my age without involving any 3rd party, software, AI etc. If someone else wants to lie about their age, I am not convinced that I should need to jump through hoops and give away my own privacy as part of any of the flawed schemes supposedly intended to prevent that, as some governments are trying to push.
There is no legal binding to who signed the Eula in normal end user accept. This differs from a paper contract where the signature is person identifiable.
Your cats paw could have clicked on the Eula accept :). Who is liable then the cat?
I think that if Eulas was taken to highest court of law they may not hold through screening.
Says: - the porn site creates a challenge and send it to the browser. - the browser goes to the governmental service where one uses tax ID or the like to prove age. The service returns a challenge answer encoded with the government private key - the browser goes back to the porn site with the answer. The porn site uses the public key to decode the governmental response and validate it does correspond to the challenge.
As I see it, theres no PII that the site can get, no history leak on the government side, no excessive centralisation, nothing frighting really.
Do I miss something?
The point of the article? The idea that I shouldn't have to ask my government for permission to view information/media? The fact that this absolutely will doxx your privacy to the government?
I'm all for, "wont somebody think of the children", but IMO protecting children is a 'solved' problem. When a child runs into the street we blame the parents, we don't install gates down every sidewalk. When a kid is seen riding a bike without a helmet, again, we don't decide that you need to send your government a selfie before the tires unlock.
Sites do have a responsibility to ensure people don't misuse their content. But liquor stores only ask for ID when you try to buy a dangerous substance, they don't make you ask your government for permission.
And that works flawlessly, fake IDs definitely aren't a thing, and I'm sure the same applies to this online ID thing.
Edit: I had 2nd thoughts about this because I don't like to make slippery slope arguments but this one seems worthy of consideration at the very least. Once this exists, all sites dealing with fraud will start to use it. Which Will have a DOS effect on government servers, which means they will try to mitigate it by requiring the requesting site provide a site ID and unique ID for the request. So much for any of the features that people expect might protect some privacy.
Done properly this will not reveal your online behavior to the government any more than using your government issued ID card to enter a bar leaks your location to the issuing party.
Now, whether governments should have the right to restrict access to certain types of information and media based on age is a different question
This is incorrect, and a gross misunderstanding of how either network requests on the internet work, or crypto... likely both.
Are you really saying someone looking at an ID card is the same as my computer sending a request containing my ID to a government entity, and waiting for a response?
1. User verifies their age with a trusted party (which may or may not be a government body)
2. User requests a token from the trusted party. The token is signed so 3rd parties can verify it. The token also includes the public key of the user so 3rd parties can verify whom it is for
3. The user shares this token with the 3rd party site, who is now able to verify the user’s age. Note, the 3rd party site never has to contact the issuer of the token other than to get their public key.
With this model, the token issuer is not able to connect the user to the 3rd party site directly.
We can, of course, think about possible attacks but this is just a basic illustration of the possibilities.
Why would it ever be?
Either incompetency or Malevolence will make itself manifest.