| ▲ | pimterry a day ago |
| > Every single Australian's ID will have to be verified (in order to confirm their age).
>
> Depending on the degree of cooperation (/coercion) the Australian government has with social media companies, the Aus Govt will be able to access citizen social media data with relative ease. So no more pseudo anonymous accounts (or, at least, they'll be made more difficult, especially for non-technical folk). This isn't a given. It is quite possible to build a reasonably anonymous system to verify age at signup. As a simplified model: the government creates a website where with your government id/login, they will give you an age-verification-valid-for-5-minutes token - basically just "holder is 16+" signed with their signature & the current time. Websites request a new valid token at signup. End result is that government only knows you're _maybe_ doing _something_ 16+, and the website doesn't know who you are, just that you're old enough (this is clearly improveable, it's just a basic example). Whether anything like this will be implemented is a hard question of course. The current alternatives I've seen seem to be a fully privatised version of this, where a private company has a video call where you hold up your ID - that eliminates the government, but seems like a whole bunch of privacy concerns in itself too (not to mention being wildly inefficient & probably not very reliable). |
|
| ▲ | Aurornis a day ago | parent | next [-] |
| This comes up on every single HN thread about the topic, but I don’t understand how people aren’t seeing the obvious abuse angle: Create a market for anonymous age verification tokens. People pay $5 to someone to create an age authorization for them. 17 year old kid (who is old enough under this law) spends all day creating anonymous age auth tokens to sell to people who want them. Entire system subverted with profit motive. The next phase of the argument is to argue for rate limiting or extra logging, but the more you force that the more you degrade privacy or introduce unreasonable restrictions. “Sorry, I can’t sign up for the wiki today because I already used my quota of 2 government age checks today”. Still leaves plenty of room for 17 year old kids to earn $10 a day farming out their age checks. The entire argument that anonymous crypto primitive will solve this problem is tiresome. |
| |
| ▲ | pimterry a day ago | parent | next [-] | | The same applies to effectively all possible solutions for age verification, no? Even if you have a perfect mechanism, 17 years old can create real age-verified accounts and then sell the username and password afterwards. Selling age-verification tokens directly would likely be harder than just swapping those login details, since it's very easy to make the tokens time-limited (in practice normal use would probably be some kind of oauth-style redirect flow, so they'd really only have to be valid for a few seconds). This same argument applies to adults buying alcohol for teenagers too. The determined teenager with money can definitely find a way to get alcohol, but it doesn't mean the age restrictions on purchases are pointless. Imo it's a bit pointless to worry about high-speed black markets trading in signed tokens when the current most common alternative is a popup with an "I promise I am over 18" button. If society agrees some things should be difficult to access if you're underage, then we can definitely do better than that as a solution. | | |
| ▲ | raxxorraxor 13 hours ago | parent [-] | | I can buy booze without an ID or token. You have to match that. And yes, I look perfectly youthful... |
| |
| ▲ | illiac786 15 hours ago | parent | prev | next [-] | | Germany has a system in their ID cards that allows anonymous age verification. No one uses it but it’s a technical marvel in my opinion. The site asks for specific read permissions and the user can decide if he wants to grant them. One of these permissions is age verification. You put the phone on the ID card and there is a cryptographic proof that the user connecting to the site is in possession of an ID of a person above 16 (which he of course could have stolen). So it is technically totally feasible to have good data privacy AND age verification. | | |
| ▲ | raxxorraxor 13 hours ago | parent | next [-] | | It isn't a technical marvel, it is technical bureaucracy. There is a reason people don't want to use it. Also once implemented and widely adopted, the state would obviously increase demands on usage. This isn't rocket science. I understand the cryptographic principle. That isn't the problem here. | | |
| ▲ | illiac786 13 hours ago | parent [-] | | yeah, “technical” is not the right adjective, rather the marvel (to me) is the fact that a government managed to deploy a privacy friendly electronic ID system based on sound cryptographic principles. it’s a marvel because, well, as you put it, there’s all this bureaucracy and when I first discovered it was implemented and every single new electronic ID has this capability since a couple of years, my jaw dropped. But fully agree the process and the backend itself are not very usable at the moment. Maybe my expectations around government digitization are too loo though. |
| |
| ▲ | biztos 9 hours ago | parent | prev [-] | | It's hardly an age verification if it just requires the bearer to have an adult's ID card. You borrow your friend's card, or you "borrow" your parent's card, or you pay someone who sees this market opportunity. I think it's ridiculous how the lawgivers are telling the companies to just nerd harder, but they're definitely going to have to nerd harder than that. | | |
| ▲ | illiac786 5 hours ago | parent [-] | | I think it’s better than transmitting everything including the biometric picture and requiring the camera to be on. How would you implement age verification? |
|
| |
| ▲ | interactivecode a day ago | parent | prev [-] | | this is the same argument as "why have government id cards, someone could just use a fake beard and use their older classmates id". Any system allows for some gaps, similar to how creditcard transactions make transactions safer but on either side of that transaction there some "insurance" and some leeway if someone really wanted to. | | |
| ▲ | dghlsakjg a day ago | parent | next [-] | | The difference is that I can’t mint infinite ID cards, and it is much harder to get a skeptical person to accept a photo ID of the wrong person. | | |
| ▲ | pas a day ago | parent [-] | | in person? sure, that's harder, but we're talking about online services, right? many times verification is simply uploading a photo, GenAI can make a nice fake ID. are these id verification sites linked to government databases? for usual KYC it's enough to save the photo and do the minimal sanity check, no need to phone home an ask Big Brother. |
| |
| ▲ | raxxorraxor 13 hours ago | parent | prev [-] | | > why have government id cards... ...for the internet is a perfectly sane question. There are good reason we don't have those as well and these reason vastly outclass ineffective user protections. |
|
|
|
| ▲ | blackoil a day ago | parent | prev | next [-] |
| Why not lock device/accounts as minor and put onus on school and parents to ensure devices are appropriately tagged? At least for pre-teens I strongly think it shall work. |
| |
| ▲ | thrw42A8N a day ago | parent | next [-] | | I'd never accept this disgrace. | | |
| ▲ | pas a day ago | parent [-] | | Sorry, what's the implication here, what is the disgrace? Why parental controls are bad? (Or what was implied was a /s tag? :)) | | |
| ▲ | thrw42A8N a day ago | parent [-] | | Government controlled access to internet is a disgrace in any form. I can control my child without the government. | | |
| ▲ | Cthulhu_ 14 hours ago | parent [-] | | > I can control my child Lies every parents tell themselves. Either they will watch porn at age 11 at school or at a friend, or you isolate them from society and they resent you forever. You can't control every aspect of your child's real life or online activities, that's naive and I don't believe you actually have children, let alone teenagers. | | |
| ▲ | thrw42A8N 35 minutes ago | parent | next [-] | | Indeed, but I don't find that amount of control reasonable. I can do enough control to be completely fine. | |
| ▲ | kbelder 5 hours ago | parent | prev | next [-] | | You shouldn't want to control every aspect of a child's life. You control what you can and should control, and the kid is aware of that, and you let them decide the rest. They will do things you don't want them to do, and that's fine. That's part of growing up. What you don't want is to say "I can't control every part of my kid's life, so I need to government to come in and control the remainder." | |
| ▲ | MonkeyClub 9 hours ago | parent | prev [-] | | Whether GP can control their kids or not it's besides the point, which I think lies with: > Government controlled access to internet is a disgrace in any form. And in fact it's not a "disgrace", it's outright dangerous, a ready half-step to totalitarian control. Regardless whether one trusts their current government or not, it is a threat to democracy and freedom that can be activated by any later regime. |
|
|
|
| |
| ▲ | watwut a day ago | parent | prev [-] | | Because it will take about 1 month till there is some service the parents will want the kids to use that wont be available on such device (a kids show, a kids game, a page necessary for homework). So, they will have strong motivation to not label them as such. | | |
| ▲ | bccdee a day ago | parent [-] | | At that point, what if parents just let their kids borrow their driver's licenses to use social media? There's no technical solution to bad parenting. The only reasonable solution that doesn't infringe on privacy is to give parents the tools to limit their children's internet use, and presume, outside those bounds, that people are adults. | | |
| ▲ | pas a day ago | parent [-] | | of course there's no perfectly privacy preserving solution for this, but ... zero-knowledge proofs have come a pretty long way. if I understand correctly it's possible to give 16+ people tokens and then they can make the signups (transactions with these tokens) and then check that the transaction is valid (that it came from some valid token without knowing which token), while also making sure that folks can't just fake spend someone's tokens -- this is how the new Monero version is going to work after all. https://www.getmonero.org/2024/04/27/fcmps.html Of course as others mentioned trading identities (tokens) is trivial. (As I expect not-yet-16 olds will start stealing identities/logins of older people.) | | |
| ▲ | bccdee a day ago | parent [-] | | Yeah, as you mentioned, token-sharing breaks this. I think any solution ultimately has to put the onus on the parents. And if the parents aren't responsible enough to pay attention to what their kid is doing online, then it's probably for the best that the kid have access to an online peer group over social media |
|
|
|
|
|
| ▲ | formerly_proven a day ago | parent | prev | next [-] |
| This is one of the main motivating examples for attribute-based credentials, which provably only reveal the selected attribute to verifiers. |
|
| ▲ | raxxorraxor 13 hours ago | parent | prev | next [-] |
| Too complicated and no benefit. Theoretically these double blind systems could be secure, practically I would never trust any of their systems and will opt out of signing up. Also this fail to account for obviously visible political motivation and further development. Nope, bad idea. |
|
| ▲ | grahamj a day ago | parent | prev [-] |
| You’re right that it’s possible, absolutely. The problem is the government would first have to want to do that. If they’re planning to hoover up social media usage data then they probably won’t. |
| |
| ▲ | pas a day ago | parent [-] | | So what's the most likely outcome here? Savvy 15 year olds "buying" accounts of older people? IRC and email making a comeback? |
|
