I'm not sure "social media" is the best example. You've never had complete freedom of speech on there.
It's been true for decades in the USA that if they want to arrest you, they will. The age verification doesn't make this situation better, but at this point it's almost just a formality.
My privacy is already decimated. For 2 decades we’ve already known about the NSA slurping up everything[1] on top of the Snowden leaks.
Then you have the mega corps like Facebook who can figure out every detail about you even from merely _not_ using their system because of the hole you leave in your social network that does use them.
The only privacy left is from anonymous troll farms claiming to be an American while talking about how the Texas oblast is valuable for its warm water ports.
I am fine for privacy on consumption of content, but you should be forced to identify yourself for posting so the common man at least has a chance to evaluate your statements instead of being misled, all while, as stated above, our governments and corporations don’t have that limitation.
I’m glad this is finally becoming the cause célèbre du jour. This feels like THE FIGHT or at least one of the TOP 3 THE FIGHTS and it hasn’t had even a fraction of the public’s attention until now.
It won't be an issue until mainstream media makes it one. Since the media is owned by right wing billionaires, that media will reflect the biases and interests of those billionaires - many of which own internet platforms that would benefit from knowing the exact identity of every single user.
So if they know, then why all the fuss and the the need to enforce ID on the Internet? Just for the heck's sake?
Ah, that's for legitimization. In other words, "by producing your digital ID, you herein fully acknowledge the fact that you're a slave to the system in which all we knew about you illegaly, is now known legally"?
There are at least some technological solutions here, such as anonymous credentials. [1] Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users.
Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats.
I don't think they are serious about privacy and even if they were I don't even want to distinguish between "children" and "adults" on the internet. Things seem to have worked fine up to this point, there doesn't appear to be a public demand for age verification, rather some murky corporations/NGOs/agencies pushing for this. I think it's pretty clear there is some other intention besides protecting children that is the goal here.
No. The point of these initiatives IS TO GET ID, not to protect children.
Anonymous credentials don’t allow the state to retaliate in the dark of night against protected expression that they don’t like. Anonymous credentials do not allow for that, so they are irrelevant.
Yep, there are a variety of ways this can work well, but the overwhelming 'vibe' here at HN is a) that the tech is too complex and b) that governments actually want to end privacy anyway for their own nefarious reasons.
I find 'a' amusing as we'll often see in the same conversation that users appeal to parents to take responsibility and lock down their kids' access to things, as if that's trivial for non-tech folk and foolproof. It's also silly because the user interface to such a system doesn't need to show all that complexity.
And 'b' is often supported by some out of context quote that at first glance looks incriminating but doesn't actually mean much.
The saddest thing is that the article you link addresses most of the objections people have brought up in the thread, but few have read it.
> There are at least some technological solutions here, such as anonymous credentials.
Identity verification is busy being rolled out across the entire developed world right now, and I have yet to see or hear about even one single mention of anonymous credentials in the discussion of any of the laws.
I think the main takeaway is that the concept of such verifications is fundamentally incompatible with privacy. Today we have a simple "are you an adult" check but who is to say we wouldn't want further levels of segmentation (legal age to drive, age to allow health insurance etc)?
And this just one signal. Nobody likes the EU cookie/consent prompts but what they've shown us is that most websites are perfectly happy to fingerprint you the moment you step on their pages, and then share/broker your activity with hundreds and thousands of "legitimate interest" partners of theirs.
So the real-world equivalent of this situation is that you walk on the street and whenever you need to wait for a traffic light, board a bus or the tube, go into a shop, etc... you have a security person who needs to faceID(or fingerprint) you and make you wait until they find a match of your profile... and then they ask you to present your ID (which you have to carry at all times) but hey, it's private because you need to enter your PIN for them to read the chip.
Governments are serious about knowing who’s doing what online, and all this age verification is just an excuse. It will also raise the barrier to entry for newcomers in the market, so it’s convenient for platform owners as well.
Both Governments and industry players are, in actuality, interested in and moving in this direction, for some use cases. ex https://docs.withpersona.com/relay
I've noticed that tech people will respond to an encroachment on civil rights with a technological alternative. I think this is a mistake, because the excuse is presented in bad faith, and to present an alternative is to accept their framing. The correct response is something to the effect of "I know what you're trying to do, fuck off."
I can’t think of a better solution to the issue of children being so aggressively harmed by the internet. That doesn’t remove any of the problems associated with this.
Do… you think kids are accidentally finding porn, thinking it’s for them, and partaking? Why would any teen see a “mature” rating on a website and go elsewhere? This is the kind of response I expect a literal alien from another planet to make.
As an aside, why would a mature rating on a bluey themed gambling machine change anything? I may have a unique perspective on this because I worked at blockbuster for a decade but I PROMISE you parents largely do not care. If you want to solve the problem, hoping parents solve it isn’t… actually a solution of any kind.
How is it any different from being required to identify yourself to get a phone or electricity account? Identifying yourself on the internet is long overdue.
It is fine in some cases. But what is at stake here is not identifying yourself in a couple of common sense situations.
It is enabling control infrastructure for governments whom are becoming increasingly undemocratic in a society where the elite gets more and more influence and where the middle class is becoming ruined.
I'm pretty sure this is a "pick your poison" problem. We as a society are damned no matter what we do or do not do. For my part, we need to do something, because things are not fine the way they are, including the half ass Australian solution. We can't keep putting the onus on private enterprise to address social issues.
I may sound crazy for saying so, but I think the answer is more government run infrastructure for enabling identity-based operations, like payments and authentication, with rules about standards, open source, contractor selection, and audit that make operation transparent. It can work if technical operations are legislated instead of "left for the engineers to figure out." Then at least the evolution of systems can become real political issues that map to election cycles.
My stance is probably a polarizing one, but this is precisely why we need to be able to debate the minutae of these systems through our political discourse instead of just "will we; won't we" legislation. This should be debated in democratic process.
We could try investing in positive infrastructure that improves peoples life's in stead of creating the panopticon torment nexus. Things like third spaces where people can spend time is save spaces where they form communities and public transit so that people can get to those places. Incentivize positive behaviors instead of closing off public spaces and pricing more and more people out of being able to do anything with the minuscule amount of free time they have besides going on the internet.
Assuming no revolutionary changes are coming to the USA, I am planning to opt out of the digital world when I retire. Physical media only. No subscriptions. Spend lots of time in the library. Find like-minded people and meet in person. Will only keep the bare minimum for survival, like banking.
I have been slowly moving towards that for a decade or two now. I still do some internet stuff (mostly here) but it is greatly diminished. The rest is just at work.
This was in part caused by the general public’s comfort with federated identity for OAuth. If everyone already has one anyway (the thinking may go), why not mandate it?
Anything to close Pandora's box. "They" liked the eras they could control the communications, and therefore the narrative. Boomers on their last legs, question is, will the future undo the unjustness that was forced upon them? Restore the rungs of the ladders that were removed, so they could have a chance too? Or are they going to stay in the fear narrative, and make this tragedy worse?
The discussion is not about whether it's a good or bad idea, but whether we will yield the power to these people to ratchet in further oppressive laws onto formerly free countries.
Tech companies should ignore it and just publicly name whoever attempts to prosecute them and see how the population responds. I think people today are orders of magnitude more informed about their privacy and the consequences of digital ID laws. A few countries are on the edge of revolt at the moment anyway, and this would be a good way to get young people into the streets.
20 years ago, people would have had no defense against it or understanding of what was being imposed on them. Today, normal people use Signal and encrypted messengers, faraday bags, and leave their phones at home. Where we were nerdy security guys back then, non-technologist women and girls use spy tradecraft level electronic opsec for their own safety and security from middle school. People are much more sophisticated about their privacy now. They're ready to take this on.
The laws coming into force are on people who are not in favour of them, and I'm so optimistic that I will not interrupt the enemies of privacy and human dignity while they are making a mistake.
Renting and work already require ID in the UK. Every landlord and employer is supposed to take a copy of original documents proving the right to rent/work in the UK. Technically you can do that without handing the docs to the government, but there's less potential liability to do so via the Home Office website.
> You’re not happy about it, but you hand over a photo of your passport and hope it doesn’t come back to haunt you.
I think for this argument to carry weight with voters, privacy advocates need to be much more specific about what "coming back to haunt you" looks like. They do a little bit of it later on[1], but I think most people do a rough cost benefit in their head and decide that the small benefit outweighs the small risk (to them).
[1] "And that creates a lot of risks for data breaches, overly broad data collection and retention, censorial legal demands for collected data, corporate and governmental malfeasance, pressure to self-censor, and perhaps blatant First Amendment violations. Every new layer and every new mandate brings more potential for risk. As we’ve unfortunately seen many times over the years, people including high-level government officials will maliciously seek to root out the identities of their critics, so the more layers of anonymity we can preserve in online speech, the better."
I think public perception is have already had numerous leaks (Equifax, yahoo, etc) without any real negative effects, so these warnings come off as alarmist.
It's a hard argument to win because a) its impossible to concretely attribute scams to a data leak and b) most people think they would be immune to scammers. Meanwhile, it's easy to point to the problems this would fix.
The biggest angle for me is censorship. You associate your online identity with your legal identity, there is no longer any recourse if you are banned from a platform. You could easily be arrested if your posts are determined to be 'offensive' in some manner considered to be in breach of the law, or simply have no ability to rejoin a platform under a new identity, or have identities across multiple platforms banned in parallel.
I've found that many people are actually in favor of these when they believe that it will only be enforced against people they disagree with. I'm hoping that people will be more likely to listen when they realize that their enemies may in future be able to get into power and change the definition of what is 'offensive', 'misinformation' or 'disinformation' to their own personal opinions.
This seems more like a technical problem that we could actually solve well if we wanted to and had competent people advising the governments. You go to DMV and they generate a keypair and an entry in a DB. App looks up your age with your public key + signed private key authorization from you. Apps can ask for specific checks like is_over_21, is_citizen or whatever without any more data. Something like that, details are probably off ;) The whole infrastructure could be open source. Age verification doesn't need to equal identity verification by a 3rd party company that will leak your IDs.
There's still a whole DB matching IDs to keys waiting to be leaked. The US government can't even keep it's own personnel records safe and you think this won't get stolen and used to target people?
None of this is necessary. First, the only devices that actually need to be gated are cell phones.
The user agent should simply send the user’s age of the parental lock is set up and the websites required to respect this.
Parental controls and the OS should be robust enough to not let kids bypass it (e.g.: by installing a browser that skips the header, or blocking proxy websites)
Done.
Cellphones only because those are the devices kids can have on them all the time and can easily use in private unsupervised.
No, it won’t. The internet is just getting smaller from my perspective because there’s no way I’m handing over my identification and allowing every connection made to a server to be tracked back to me.
It’s simply not on the cards, and I live a frugal enough life in a high paying industry that I can retire in a few years. If I was willing to bank on inheritance then I could retire now.
I feel for the people that are forced to engage though. But too many of them simply don’t care about privacy, which is why we’re here.
I appreciate the wealth of technical solutions that don't violate privacy, but isn't this overlooking an important point: that children don't need to be connected to the Internet at all times from such an early age? Many internet and cell phone providers seem to take it for granted that children must be online, which is already a net loss for their privacy as they mature.
This isn’t about children, mate. It’s about controlling the population’s access to content.
The children are fine. Many countries no longer allow smartphones at school, which lowers the peer-pressure factor to be online.
Parents are doing their best to steer kids. But these pesky adults, goshdarnit, they access whatever content they want without approval from The State, potentially reading dissident materials, borrowing 1984 from libraries… politicians don’t like that.
There will be your internet-connected computer which will be assumed to be compromised, & which little, if anything of use will be kept on, & then there will be the airgapped system you do work on, which will probably be the last trusted version of a Linux distro you have multiple copies stashed away of. It will be a very old-fashioned experience, & moving/sharing data will become a dicey business.
An airgapped system to be used just outside of the FOV of the government thin client's camera, with a hair glued to the power button to detect covert physical intrusions in the owner's absence.
In which book did I encounter a similar setup? Let me recall..
149 comments
[ 2.8 ms ] story [ 40.1 ms ] thread- Brother Mouzone / Ed Burns & David Simon, The Wire (2003) S2E10 "Storm Warnings"
The scene is apparently on YT, though ... you'll have to sign in to confirm your age to view it best I can tell:
<https://www.youtube.com/watch?v=pCioIwagYxM>
(If this link works, you'll get the full unbowdlerised quote. For those unfamiliar with the series, the speaker is Black.)
It's been true for decades in the USA that if they want to arrest you, they will. The age verification doesn't make this situation better, but at this point it's almost just a formality.
Then you have the mega corps like Facebook who can figure out every detail about you even from merely _not_ using their system because of the hole you leave in your social network that does use them.
The only privacy left is from anonymous troll farms claiming to be an American while talking about how the Texas oblast is valuable for its warm water ports.
I am fine for privacy on consumption of content, but you should be forced to identify yourself for posting so the common man at least has a chance to evaluate your statements instead of being misled, all while, as stated above, our governments and corporations don’t have that limitation.
[1] https://en.wikipedia.org/wiki/Room_641A
So if they know, then why all the fuss and the the need to enforce ID on the Internet? Just for the heck's sake?
Ah, that's for legitimization. In other words, "by producing your digital ID, you herein fully acknowledge the fact that you're a slave to the system in which all we knew about you illegaly, is now known legally"?
Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats.
[1]: https://blog.cryptographyengineering.com/2026/03/02/anonymou...
Technological solutions for what problem?
Anonymous credentials don’t allow the state to retaliate in the dark of night against protected expression that they don’t like. Anonymous credentials do not allow for that, so they are irrelevant.
I find 'a' amusing as we'll often see in the same conversation that users appeal to parents to take responsibility and lock down their kids' access to things, as if that's trivial for non-tech folk and foolproof. It's also silly because the user interface to such a system doesn't need to show all that complexity.
And 'b' is often supported by some out of context quote that at first glance looks incriminating but doesn't actually mean much.
The saddest thing is that the article you link addresses most of the objections people have brought up in the thread, but few have read it.
Identity verification is busy being rolled out across the entire developed world right now, and I have yet to see or hear about even one single mention of anonymous credentials in the discussion of any of the laws.
I think the main takeaway is that the concept of such verifications is fundamentally incompatible with privacy. Today we have a simple "are you an adult" check but who is to say we wouldn't want further levels of segmentation (legal age to drive, age to allow health insurance etc)?
And this just one signal. Nobody likes the EU cookie/consent prompts but what they've shown us is that most websites are perfectly happy to fingerprint you the moment you step on their pages, and then share/broker your activity with hundreds and thousands of "legitimate interest" partners of theirs.
So the real-world equivalent of this situation is that you walk on the street and whenever you need to wait for a traffic light, board a bus or the tube, go into a shop, etc... you have a security person who needs to faceID(or fingerprint) you and make you wait until they find a match of your profile... and then they ask you to present your ID (which you have to carry at all times) but hey, it's private because you need to enter your PIN for them to read the chip.
https://ageverification.dev/Technical%20Specification/archit...
A simple G/PG/PG-13/R header for websites would solve 97% of actual issues anyone could care to present. (violence, porn, etc)
Forcing people to identify themselves will not solve skinner boxes, gambling-for-children, focus-degrading slop, etc.
Bluey-themed slot machines are still harmful.
As an aside, why would a mature rating on a bluey themed gambling machine change anything? I may have a unique perspective on this because I worked at blockbuster for a decade but I PROMISE you parents largely do not care. If you want to solve the problem, hoping parents solve it isn’t… actually a solution of any kind.
It is enabling control infrastructure for governments whom are becoming increasingly undemocratic in a society where the elite gets more and more influence and where the middle class is becoming ruined.
I may sound crazy for saying so, but I think the answer is more government run infrastructure for enabling identity-based operations, like payments and authentication, with rules about standards, open source, contractor selection, and audit that make operation transparent. It can work if technical operations are legislated instead of "left for the engineers to figure out." Then at least the evolution of systems can become real political issues that map to election cycles.
My stance is probably a polarizing one, but this is precisely why we need to be able to debate the minutae of these systems through our political discourse instead of just "will we; won't we" legislation. This should be debated in democratic process.
It was designed to be half-arsed so Digital ID can come along and save the day. Australia's Digital ID opens up to the private sector on 30 November.
Tech companies should ignore it and just publicly name whoever attempts to prosecute them and see how the population responds. I think people today are orders of magnitude more informed about their privacy and the consequences of digital ID laws. A few countries are on the edge of revolt at the moment anyway, and this would be a good way to get young people into the streets.
20 years ago, people would have had no defense against it or understanding of what was being imposed on them. Today, normal people use Signal and encrypted messengers, faraday bags, and leave their phones at home. Where we were nerdy security guys back then, non-technologist women and girls use spy tradecraft level electronic opsec for their own safety and security from middle school. People are much more sophisticated about their privacy now. They're ready to take this on.
The laws coming into force are on people who are not in favour of them, and I'm so optimistic that I will not interrupt the enemies of privacy and human dignity while they are making a mistake.
The most powerful tech companies are in favor of this.
1. Age gating + VPN ban under the guise of protecting children from social media
2. Few years pass, Identity Passport gets ushered in under guise of convenience of not having to repeat those pesky age verification checks.
3. Utilities start to require ID Passport. Including signing up with an ISP.
4. Renting starts to require ID Passport.
5. Work requires ID Passport.
6. Well done, you built the torment nexus!
I think for this argument to carry weight with voters, privacy advocates need to be much more specific about what "coming back to haunt you" looks like. They do a little bit of it later on[1], but I think most people do a rough cost benefit in their head and decide that the small benefit outweighs the small risk (to them).
[1] "And that creates a lot of risks for data breaches, overly broad data collection and retention, censorial legal demands for collected data, corporate and governmental malfeasance, pressure to self-censor, and perhaps blatant First Amendment violations. Every new layer and every new mandate brings more potential for risk. As we’ve unfortunately seen many times over the years, people including high-level government officials will maliciously seek to root out the identities of their critics, so the more layers of anonymity we can preserve in online speech, the better."
The company that lost thousands of government IDs to hackers now wants face scans from everyone.
https://stateofsurveillance.org/news/discord-age-verificatio...
It's a hard argument to win because a) its impossible to concretely attribute scams to a data leak and b) most people think they would be immune to scammers. Meanwhile, it's easy to point to the problems this would fix.
I've found that many people are actually in favor of these when they believe that it will only be enforced against people they disagree with. I'm hoping that people will be more likely to listen when they realize that their enemies may in future be able to get into power and change the definition of what is 'offensive', 'misinformation' or 'disinformation' to their own personal opinions.
> Australia does order that personal information collected for age verification “must be destroyed once all purposes have been met.”
How is the public supposed to know how the black box of an online service handles their data?
The user agent should simply send the user’s age of the parental lock is set up and the websites required to respect this.
Parental controls and the OS should be robust enough to not let kids bypass it (e.g.: by installing a browser that skips the header, or blocking proxy websites)
Done.
Cellphones only because those are the devices kids can have on them all the time and can easily use in private unsupervised.
It’s simply not on the cards, and I live a frugal enough life in a high paying industry that I can retire in a few years. If I was willing to bank on inheritance then I could retire now.
I feel for the people that are forced to engage though. But too many of them simply don’t care about privacy, which is why we’re here.
The children are fine. Many countries no longer allow smartphones at school, which lowers the peer-pressure factor to be online.
Parents are doing their best to steer kids. But these pesky adults, goshdarnit, they access whatever content they want without approval from The State, potentially reading dissident materials, borrowing 1984 from libraries… politicians don’t like that.
In which book did I encounter a similar setup? Let me recall..