59 comments

[ 3.2 ms ] story [ 75.7 ms ] thread
Any time law-makers claim that a law is meant to protect children you can guarantee that the safety of children had almost nothing to do with it. This is all a push to normalize digital ID (to protect the children!); once normalized it will become mandatory.
When they made smoke alarms mandatory in schools, it was only for selling smoke alarms! /s
This gives me Leisure Suit Larry flashbacks
Not to mention people lose accounts because someone reported them as underage, and now they don't want to fully dox themselves over this. Who can blame them considering discord's own support ticket system was hacked which included people who had to validate their age.
I wonder what the psychological effect of having little or no privacy would do to people. Are we all going to be paranoid schizophrenics? How would a world of paranoid schizophrenics work? How insane are world events going to be from that point on?
China is an example of this. Somewhere that, according to the UN's data, executed "undesirable" people with such gusto that it incidentally decreased the organ donor waitlist time so low that it couldn't be explained by any other factor.

"Perfect" security is only attainable with zero dissent, zero individuality, zero privacy, and zero freedom.

I'd be OK with an "I am a child" header mandated by law to be respected by service providers (eg. "adult sites" must not permit a client setting the header to proceed). On the client side, mandate that consumer devices that might reasonably be expected to be used by children (every smartphone, tablet, smart TV, etc) have parental controls that set the header. Leave it to parents to set the controls. Perhaps even hold parents culpable for not doing so, as a minimum supervision requirement, just as one may hold parents culpable for neglecting their children in other ways.

Forcing providers to divine the age of the user, or requiring an adult's identity to verify that they are not a child, is backwards, for all the reasons pointed out. But that's not the only way to "protect the children". Relying on a very minimal level of parental supervision of device use should be fine; we already expect far more than that in non-technology areas.

My only gripe here is the idea of "perhaps hold the parents culpable." I'm not opposed to the idea, but what sucks is we are ultimately all paying the cost of it going wrong. The idea that we can shunt that away to a few irresponsible people is just demonstrably not the case.

Worse, it leads to situations where society seems to want to flat out be kid free in many ways. With families reportedly afraid to let their kids walk to and from school unsupervised.

I don't know an answer, mind. So this is where I have a gripe with no real answer. :(

A server header exists to say something is adult and could be used for user-generated content as well. [1] It just needs legislation and an afternoon from interns at assorted companies. It's not perfect, nothing is but could easily trigger existing parental controls and parental controls that could be added back into user agents. No third parties required. I think I've beat this horse into dust [2] so I should just hire kvetchers to politely remind congress at this point.

[1] - https://news.ycombinator.com/item?id=46152074

[2] - https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

It would be possible to make a website which proxies other sites, but strips this header, right (maybe with some added ads)?

If so I would expect such sites to appear, and the only way to secure a child device is to have a whitelist of webpages (to avoid the proxies), putting us back close to where we are today.

I think sadly, this is a lost battle in public opinion. And the gambling of digital assets on Roblox and other casino-like website is also starting to get public attention, and will turn public opinion further.

The CNIL gave up 3 years ago, and gave guidelines, you can read about it here [0]. At the time it read like "How well, we tried, we said it is incompatible with privacy and the GDPR multiple times, we insist one more time that giving tools to parents is the only privacy-safe solution despite obvious problems, but since your fucking law will pass, so the best we can do is to draw guidelines, and present solutions and how to implement them correctly".

I think the EFF should do the same. That's just how it is. Define solutions you'll agree with. Fight the fight on chat control and other stuff where the public opinion can be changed, this is too late, and honestly, if it's done well,it might be fine.

If the first implementation is correct, we will have to fight to maintain the statu quo, which in a conservative society, is the easiest, especially when no other solution have been tested. If it's not, we will have to fight to make it correct, then fight to maintain it, and both are harder. the EFF should reluctantly agree and draft the technical solution themselves.

[0] https://www.cnil.fr/en/online-age-verification-balancing-pri...

"SAN FRANCISCO-With ill-advised and dangerous age verification laws proliferating across the United States and around the world, creating surveillance and censorship regimes that will be used to harm both youth and adults, the Electronic Frontier Foundation has launched a new resource hub that will sort through the mess and help"

The surveillance and censorship system is built, administered and maintained by Silicon Valley companies who have adopted this as their "business model". "Monetising" surveillance of other peoples' noncommercial internet use

These Silicon Valley companies have been surveilling internet subscribers for over a decade, relentlessly connecting online identity to offline identity, hell bent on knowing who is accessing what webpage on what website, where they live, what they are interested in, and so on, building detailed advertising profiles (including the age of the ad target) tied to IP addresses, then selling the subscribers out to advertisers and collecting obscene profits (and killing media organisations that hire journalists in the process)

Now these companies are being forced to share some of the data they collect and store

Gosh, who would have forseen such an outcome

These laws are targeting the Silicon Valley companies, not internet subscribers

But the companies want to spin it as an attack on subscribers

The truth is the companies have been attacking subscriber privacy and attempting to gatekeep internet publication^1 for over a decade, in the name of advertising and obscene profits

1. Discourage subscribers from publishing websites and encourage them to create pages on the company's website instead. Centralise internet publication, collect data, perform surveillance and serve advertisements

I am disappointed to find no mentions of zero knowledge proofs or any other indications that we wont have to trust anyone with this task.

We have the technology to do age verification without revealing any more information to the site and without the verification authority finding out what sites we are browsing. However, most people are ignorant of it.

If we don't push for the use of privacy preserving technology we wont get it and we will get more tracking. You cannot defeat age verification on the internet, age verification is already a feature of our culture. The only way out is to ensure that privacy preserving technologies are mandated.

The net got too big, the 90% got in because of facebook and google, and automated bots took over from there.

Either we create the fix, or the feds take it over. we need to sever the idea of a global internet. per-country and allied nations only. anonymous cert-chain verified ID stored on device. problem fixed.

back in the day the worst thing you could do in a blog or channel was to self identify as female, as you would get flooded

i am a child header = i am verifying myself as valid target header

has anyone realized that whatever at all the "good" guys do, the "bad" guys will abuse it.

we need canaries [bots with child header], to get a metric on any increase of attempted crimes vs a child.

Like any wrong government initiative, mass surveillance is being justified by "think of the children" and "fighting the bad guys".
I understand this is a technology forum, frequented mostly by liberal adults, who built a lot of their internet nous on totally free internet of 90s and 00s. I am one of them.

Equally, I think insisting that there must be no controls to internet access whatsoever is not right either. There is now plenty of evidence that eg. social media are very harmful to teenagers - and frankly, before I noticed, going on FB got me depressed each time I did it at one point. And as a parent, you realise how little control you have over your children's tech access. Case in point - my kids seem to have access to very poorly locked down iPads at school. I complained, but they frankly don't understand.

We all accept kids can't buy alcohol and cigarettes, even if that encroaches on their freedom. But or course flashing an ID when you're over 18 is not very privacy-invading.

Likewise, I think it is much better to discuss better means of effecting these access controls. As some comments here mention, there are e.g. zero knowledge proofs.

I'm sure I'll be told it's all a sham to collect data and it's not about kids. And maybe. But I care about kids not having access to TikTok and Pornhub. So I'd rather make the laws better than moan about how terrible it is to limit access to porn and dopamine shots.

We must destroy all freedom and forsake all right to free speech and privacy... for the children!
How are you going to verify the age of someone coming in from another country?
I would be happy if we just moved to a way we could more realistically enable audits of information flow in our lives. I don't, necessarily, want to restrict my kids consumptions. It does worry me that I don't know how to teach them to audit all of the information that is being exposed to them. Or worse, collected about them.
* for the US Internet. Internet access, even on cafe shop wifi, in India is trace backable to the ID of the user already.
The end goal of this line of thinking is tracking every molecule in the universe. Exagerated I know, but we're moving in that direction.
That is an extremely poor title. Reading it I'd expect the average person to be like "yea, it's about time" and skip the article.
I first interpreted it to mean the EFF had created their own site to perform age verification. So yes, a very poorly written title indeed.
> we must fight back to protect the internet that we know and love.

This is not compelling. The internet I know and love has been dying for a long time for unrelated reasons. The new internet that is replacing that one is an internet that I very much do not love and would be totally ok to see lots of it get harder to access.

Why they don't use zero knowledge proof? Also question for the USA constitution experts, is this considered a violation of free speech? The article is not clear on this.
Good. Let this version of internet be locked down and censored.

If people care enough, they will build a new internet.

Infuriating that we get all the bad sides of digital ID without the good sides.

It's deanonymizing and intrusive and mandatory for sites to implement without protecting them from sockpuppets and foreign troll farms.

This keeps coming up and we keep having the same debates about what Age Verification isn't.

For the folks in the back row:

Age Verification isn't about Kids or Censorship, It's about Surveillance

Age Verification isn't about Kids or Censorship, It's about Surveillance

Age Verification isn't about Kids or Censorship, It's about Surveillance

Without even reaching for my tinfoil hat, the strategy at work here is clear [0 1 2]. If we have to know that you're not a minor, then we also have to know who you are so we can make any techniques to obfuscate that illegal. By turning this from "keep an eye on your kids" to "prove you're not a kid" they've created the conditions to make privacy itself illegal.

VPNs are next. Then PGP. Then anything else that makes it hard for them to know who you are, what you say, and who you say it to.

Please, please don't fall into the trap and start discussing whether or not this is going to be effective to protect kids. It isn't, and that isn't the point.

0 https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpn...

1 https://www.techradar.com/vpn/vpn-privacy-security/vpn-usage...

2 https://hansard.parliament.uk/Lords/2025-09-15/debates/57714...

(comment deleted)
How do you know this?

I see this argument repeated over and over on HN, with 0 evidence for it. Any "evidence" people cite is usually of the "politicians are evil, so this should be obvious by definition" kind, sometimes of the "they tried x in the past, so surely some unrelated y they're trying to pass in the future is also about x" kind.

I haven't seen a single leak, a single admission from somebody trying to pass a law like this, that surveillance is actually the goal here. There are far too many politicians trying to pass laws like these, in very different countries across the world, for some kind of giant global conspiracy to stay undetected.

Plain ignorance seems far easier to believe.

Just because it's about surveillance doesn't mean it's a bad thing?

The fact that you need a driver's licence to drive a car, or a document to identify yourself to open a bank account is also surveillance. Yet it seems perfectly reasonable?

Dude, parents don't want their kids wading through porn and whatever social media throws at them before they are even teenagers.

Childless digital nomad privacy freaks are a minority, age gates are coming. I don't care that they will never be 100%, if it provides cover for parents to stop their kids consuming trash internet "culture" until they are more mature they are already a great benefit to socitey.

online age verification is disingenuous and a pretext to give governments the hard coded technical option to regulate speech and association.

there's a great game being played out by these users of force against the advocates of desire. everything about the bureaucracies pushing digital ID is unwanted. this isnt about age verification tech, its about illegitimate power for unwanted people who are actuated by forcing their will on others.

we should treat these actions with the open disgust they deserve.