This is the exact policing we don't want government to do regardless of the age. In my opinion it's the responsibility of the parents to decide how to raise their children and teach them how to live and adapt in the age of social media and maintain a balance.
In the same sense one could argue that social media like Facebook or WhatsApp should be banned among older population because that's one of the major ways mis/fake information being spread among elderly people and now with AI videos they actually believe those fake stories to be 100% true as well. I think that's more risk to modern day democracy and well being of the society in general.
It seems like after trying all this time, "Age Assurance/verification" is what is going to stick to end anonymity and an open internet. Under the never-ending banner of "think of the children!"
Listen, I get it. The things that "kids these days" are up to is always seen as unholy and dangerous by everyone once they turn 30: https://en.wikipedia.org/wiki/Moral_panic
I'm actually pro the idea of regulating your child's use of technology at the parent level. But giving the tools to government to shut off access to communication for certain groups of people because parenting is hard is such a dangerous precedent to set.
Once the mechanisms and tools to do this are in place, you're one piece of regulation away from removing the idea of privacy altogether and policing all forms of communication. You're forever building the infrastructure to enable 1984, making it super easy to turn on, and hoping the people in power never once abuse it.
All over Europe right now there's some insane things being proposed by domestic politicians. In Denmark, the same people pushing for chat control have proposed a total and complete ban on VPNs.
The impulse to safety is an understandable one in the context of children. But we aren't going to form a successful, independent, and flourishing next generation by hiding them from a huge part of modern life until some arbitrary age, and suddenly unlocking access to it in adulthood.
Casual calls for banning children from social media are becoming common, even here on HN. The people demanding these bans always assume that the bans will cleanly apply only to sites they don’t use or don’t like, as if only Facebook and TikTok will be impacted.
This proposed amendment shows exactly why this entire concept is problematic. The definition of social media site is this:
> by regulations made my statutory instrument require all regulated user-to-user services to use highly-effective age assurance measures to prevent children under the age of 16 from becoming or being users.
Now imagine all of the user-to-user services you use on the internet: Hacker News, Discord, Signal, any messaging app, the comment section on your favorite news websites. Even Wikipedia is a user-to-user website.
The second point that people calling for heavy regulation neglect is that the only way to keep under-16s out of these websites is to enforce age verification on everyone who visits the website. So HN would require ID verification, and Discord, and your messaging apps. I always see ideas about creating age verification services that don’t disclose ID information, but a key part of age verification is confirming (as reasonably possible) that the person presenting the ID with the age on it is the same person who is trying to use the service. The same reason a 16 year old can’t walk into a liquor store with their mom’s ID is going to be applied to these age checks, requiring that the sites make an effort to associate an ID with the user. Otherwise, kids are smart and will borrow their parents or older friends’ IDs or even use online black market services if there are no negative consequences for sharing IDs that perform anonymous age checks. Associating IDs with user accounts is a key part of age check legislation.
If every website needed verification, why not simply move the verification to the device or ISP level? This seems like an authoritative move to track users across websites, and another good reason to keep using a VPN.
Certainly a terrifying amount of responsibility and upkeep for each individual website. If the UK wishes to establish this and not want it to lead to an insane amount of privacy leaks, it should consider developing a technology that makes it work in a privacy-respecting way, like the European Age Verification Solution [0]'s Zero-Knowledge Proofs.
The UK in particular seems to be headed into a terrible direction with regard to free speech, being a nanny-state, and surveilling its citizens. I wonder if these sorts of measures (broadly) are supported by their voters or if the voters really have no choice.
I'm a parent of four, and the family controls on Android, paired with sensible oversight of laptop use at home, are perfectly sufficient. We've enabled WhatsApp, but check it every so often for the younger ones; they have a timeout, can use Wikipedia, and have a time limit on their use of AI. They can't use the stupid services like Tiktok.
There is a very simple and powerful alternative; add a flag to the http header standard, which is enforced device-wide or web-browser wide for any parent controlled device.
If you dont want to serve or moderate your site for children and be exposed to fines, you block any request with the relevant flag.
You just need a law to enforce what can be served when using the relevant flag, and some talks with Google, Apple Microsoft and w3 to implement it.
you can even segment it my category; no-login, no-posting, no-18-plus, no-violence, no-politics, under-16, region-EU, region-UK.
This leaves control to parents to do what they deem appropriate for their age, and doesn't turn into a authoritative surveillance state.... wait thats the point isn't it...
This is my humble opinion, but such a coordinated action from the governments around the world at this particular time has a certain smell. It smells like they're worried about losing governmental narrative control. It could be about foreign powers, but tech nowadays allows regular people to contest power from the government so they become a target as well. AI, the internet, anonymity/cryptography, a probable war with china and/or russia, all exacerbate this worry.
In short, governments want to retain control and prepare for the future, and to retain control they need to control the flow of information and they need to have a monopoly on information. To achieve this they need an intelligence strategy that puts common people at the center (spying on them) and put restrictions in place. But they can't say this outloud because in the current era it's problematic, so the children become a good excuse.
This is particularly clear in governments that don't care about political correctness or are not competent enough to disguise their intentions. Such an example is the Argentine government, which these years passed laws to survey online activity and to put it's intelligence agency to spy on "anyone that puts sovereign narrative and cohesion at risk".
Dark conspiracy... Or collective acknowledgement of the harm of being constantly online has done to a generation of young people. How it amplifies abuse, entrenches deeply negative tribes.
It's not stupid —at a national future-of-society level— to want to do something about this. I agree, it's possible to overreach and just get it wrong, but doing nothing is worse.
Nothing could be better for this generation. They would be forced to the real unregulated internet, where nothing is boring and everything is magic and chaos
Whenever anyone invokes ‘won’t somebody think of the children’ it’s almost always an attack on freedom somehow. In this case freedom of speech and anonymity.
If you need kids to verify their age, well they’re going to have to verify the adults too aren’t they.
Which is what they really want.
It isn’t the state’s job to police children - parents should do this. They should just mandate very good easy to use parental controls on devices and spend some money teaching parents how to use them.
“All regulated user to user services” could arguably include email, text messaging, and voice calls. Is the goal to make the Internet “adults-only” or just to track everyone and everything? Who gets to decide what is “regulated“? Which grifters get to run the “official” age verification services?
As a British Citizen I've just decided I don't care what the law is and I will just circumvent any of these laws. The current government have basically told everyone that OSA, Mandatory Digital ID etc. is going to happen whether the electorate like it or not.
I suggest people put their energy to not trying to convince anyone and instead put their energy into protecting themselves and learning how circumvent these measures. People who understand the issues of these ID checks don't need convincing and those that don't you are unlikely to change their mind.
Sooner or later it will become apparent that these laws are unenforceable (via VPNs, Tor or similar tech) and eventually they will be repealed or more likely no enforced like most piracy laws are now. The UK (as well as many of other countries) already lost the war against banning torrent sites (as they are effectively a hydra) and I don't think it get enforced anymore because I can to the big torrent with out issues.
Counterproposal for actually useful, effective Internet regulation that would actually do something about the negative effects of "social media":
1. Ban paid advertising, of all kinds, everywhere, without exception. It's an incentive to optimize for engagement, and it's the root of basically all evil on the Internet. People are just gonna have to pay for things. I do not give a fuck if it destroys Google or whoever.
2. Ban collecting any information not intrinsically necessary to deliver a specific Internet service that the user has actually asked for. That includes the user's name. Require zero-knowledge attribute-based authentication of anything that specifically needs to be proven. Require accepting cryptographically anonymous payments. Even if specific information is necessary, you are just going to have to shut down until you have the infrastructure to collect it without getting anything else. The ability to get this information is another incentive to optimize for engagement.
3. Ban sharing even the actually necessary information, except as necessary to cooperate to provide some service that, again, the user has actually asked for. Considerable work involved in defining what "sharing" means, but something a hell of a lot tighter than the GDPR. And notice that I didn't say "sharing without opt-in". Unless you actually need it to provide a service to the user, you can't do sharing even with permission.
4. Just in case there are some incentives left, ban selection/recommendation algorithms that optimize for engagement or for anything that smells like engagement. You can have an exception for a user getting their own recommendation system from a third party that shares no control with the actual providers or carriers of the content.
5. Ban terms of service that prohibit scraping or third-party clients for centralized services. Consider requiring that everything over a certain size have a stable API that can do anything the regular UI can. This makes it harder to force people to keep using manipulative stuff.
6. Ban carrier NAT. Require IPv6 to be turned on wherever IPv4 is turned on, with every retail subscriber given least thousands of stable addresses. Ban "no servers" contracts. Ban "safety filtering" by ISPs unless customers can disable it trivially. Ban traffic prioritization by ISPs. This may allow the Internet to (slowly and uncertainly) heal back toward being a truly decentralized system.
7. Actually enforce your laws against fraud, unfair business practices, etc.
... or you can just fuck around and make kids' lives miserable, I guess. They don't vote.
21 comments
[ 2.9 ms ] story [ 51.5 ms ] threadIn the same sense one could argue that social media like Facebook or WhatsApp should be banned among older population because that's one of the major ways mis/fake information being spread among elderly people and now with AI videos they actually believe those fake stories to be 100% true as well. I think that's more risk to modern day democracy and well being of the society in general.
His personal blog is also pretty good - https://neilzone.co.uk/
I'm actually pro the idea of regulating your child's use of technology at the parent level. But giving the tools to government to shut off access to communication for certain groups of people because parenting is hard is such a dangerous precedent to set.
Once the mechanisms and tools to do this are in place, you're one piece of regulation away from removing the idea of privacy altogether and policing all forms of communication. You're forever building the infrastructure to enable 1984, making it super easy to turn on, and hoping the people in power never once abuse it.
All over Europe right now there's some insane things being proposed by domestic politicians. In Denmark, the same people pushing for chat control have proposed a total and complete ban on VPNs.
The impulse to safety is an understandable one in the context of children. But we aren't going to form a successful, independent, and flourishing next generation by hiding them from a huge part of modern life until some arbitrary age, and suddenly unlocking access to it in adulthood.
This proposed amendment shows exactly why this entire concept is problematic. The definition of social media site is this:
> by regulations made my statutory instrument require all regulated user-to-user services to use highly-effective age assurance measures to prevent children under the age of 16 from becoming or being users.
Now imagine all of the user-to-user services you use on the internet: Hacker News, Discord, Signal, any messaging app, the comment section on your favorite news websites. Even Wikipedia is a user-to-user website.
The second point that people calling for heavy regulation neglect is that the only way to keep under-16s out of these websites is to enforce age verification on everyone who visits the website. So HN would require ID verification, and Discord, and your messaging apps. I always see ideas about creating age verification services that don’t disclose ID information, but a key part of age verification is confirming (as reasonably possible) that the person presenting the ID with the age on it is the same person who is trying to use the service. The same reason a 16 year old can’t walk into a liquor store with their mom’s ID is going to be applied to these age checks, requiring that the sites make an effort to associate an ID with the user. Otherwise, kids are smart and will borrow their parents or older friends’ IDs or even use online black market services if there are no negative consequences for sharing IDs that perform anonymous age checks. Associating IDs with user accounts is a key part of age check legislation.
Certainly a terrifying amount of responsibility and upkeep for each individual website. If the UK wishes to establish this and not want it to lead to an insane amount of privacy leaks, it should consider developing a technology that makes it work in a privacy-respecting way, like the European Age Verification Solution [0]'s Zero-Knowledge Proofs.
[0] https://ageverification.dev
If you dont want to serve or moderate your site for children and be exposed to fines, you block any request with the relevant flag.
You just need a law to enforce what can be served when using the relevant flag, and some talks with Google, Apple Microsoft and w3 to implement it.
you can even segment it my category; no-login, no-posting, no-18-plus, no-violence, no-politics, under-16, region-EU, region-UK.
This leaves control to parents to do what they deem appropriate for their age, and doesn't turn into a authoritative surveillance state.... wait thats the point isn't it...
nevermid there is no alternative /j
In short, governments want to retain control and prepare for the future, and to retain control they need to control the flow of information and they need to have a monopoly on information. To achieve this they need an intelligence strategy that puts common people at the center (spying on them) and put restrictions in place. But they can't say this outloud because in the current era it's problematic, so the children become a good excuse.
This is particularly clear in governments that don't care about political correctness or are not competent enough to disguise their intentions. Such an example is the Argentine government, which these years passed laws to survey online activity and to put it's intelligence agency to spy on "anyone that puts sovereign narrative and cohesion at risk".
It's not stupid —at a national future-of-society level— to want to do something about this. I agree, it's possible to overreach and just get it wrong, but doing nothing is worse.
If you need kids to verify their age, well they’re going to have to verify the adults too aren’t they.
Which is what they really want.
It isn’t the state’s job to police children - parents should do this. They should just mandate very good easy to use parental controls on devices and spend some money teaching parents how to use them.
I suggest people put their energy to not trying to convince anyone and instead put their energy into protecting themselves and learning how circumvent these measures. People who understand the issues of these ID checks don't need convincing and those that don't you are unlikely to change their mind.
Sooner or later it will become apparent that these laws are unenforceable (via VPNs, Tor or similar tech) and eventually they will be repealed or more likely no enforced like most piracy laws are now. The UK (as well as many of other countries) already lost the war against banning torrent sites (as they are effectively a hydra) and I don't think it get enforced anymore because I can to the big torrent with out issues.
1. Ban paid advertising, of all kinds, everywhere, without exception. It's an incentive to optimize for engagement, and it's the root of basically all evil on the Internet. People are just gonna have to pay for things. I do not give a fuck if it destroys Google or whoever.
2. Ban collecting any information not intrinsically necessary to deliver a specific Internet service that the user has actually asked for. That includes the user's name. Require zero-knowledge attribute-based authentication of anything that specifically needs to be proven. Require accepting cryptographically anonymous payments. Even if specific information is necessary, you are just going to have to shut down until you have the infrastructure to collect it without getting anything else. The ability to get this information is another incentive to optimize for engagement.
3. Ban sharing even the actually necessary information, except as necessary to cooperate to provide some service that, again, the user has actually asked for. Considerable work involved in defining what "sharing" means, but something a hell of a lot tighter than the GDPR. And notice that I didn't say "sharing without opt-in". Unless you actually need it to provide a service to the user, you can't do sharing even with permission.
4. Just in case there are some incentives left, ban selection/recommendation algorithms that optimize for engagement or for anything that smells like engagement. You can have an exception for a user getting their own recommendation system from a third party that shares no control with the actual providers or carriers of the content.
5. Ban terms of service that prohibit scraping or third-party clients for centralized services. Consider requiring that everything over a certain size have a stable API that can do anything the regular UI can. This makes it harder to force people to keep using manipulative stuff.
6. Ban carrier NAT. Require IPv6 to be turned on wherever IPv4 is turned on, with every retail subscriber given least thousands of stable addresses. Ban "no servers" contracts. Ban "safety filtering" by ISPs unless customers can disable it trivially. Ban traffic prioritization by ISPs. This may allow the Internet to (slowly and uncertainly) heal back toward being a truly decentralized system.
7. Actually enforce your laws against fraud, unfair business practices, etc.
... or you can just fuck around and make kids' lives miserable, I guess. They don't vote.
"They're too stupid to have a say"