| ▲ | samename 3 days ago |
| What about future governments in Australia? This is ripe for abuse and scope creep. It also ties a uniform ID to an account, simplifying tracking and surveillance by corporations and governments. Plus, this is asking everyone in the country to give up their biometrics (face scanning is one implementation) or link your government issued ID to your social media account (look at the UK to see how this turned out - people are being arrested for simple tweets against the government). Sacrificing the freedom to be anonymous online to "protect the kids" |
|
| ▲ | 9dev 3 days ago | parent | next [-] |
| > It also ties a uniform ID to an account, simplifying tracking and surveillance by corporations and governments. That is by no means the only solution. A lot of work is happening in the area of cryptographically verified assertions; for example, a government API could provide the simple assertion "at least 16 years of age" without the social media platform ever seeing your ID, and the government never able to tie you to the service requiring the assertion. |
| |
| ▲ | heavyset_go 3 days ago | parent | next [-] | | Companies and governments see age verification as an opportunity to hoard data for facial recognition and other ML/AI training sets. It will always be cheaper to go with a vendor that forces you to scan your face and ID, because they will either be packaging that data for targeted advertising, selling the data to brokers, or making bank off of using it as population-wide training datasets. Governments will want the data and cost savings, as well. Both corporations and governments will want to use the platforms to tie online activity to real human beings. Arguments like these end up like arguments for PGP in email: yes, in a perfect world we'd be using it, and platforms would make it easy, but the incentives aren't aligned for that perfect world to exist. | | |
| ▲ | 9dev 2 days ago | parent [-] | | Don't project the contemporary US administration on other countries, please. Not everyone lives in a cynical regime. |
| |
| ▲ | selcuka 3 days ago | parent | prev | next [-] | | > a government API could provide the simple assertion Yes, it could, but we don't have that, do we? They launched the ban without implementing a zero-knowledge proof scheme as you described. In a very short amount of time the providers will have associated millions of people's accounts to their biometric information and/or their government issued IDs. | |
| ▲ | hekkle 3 days ago | parent | prev | next [-] | | While this is a good thought.... Do you really trust the Government to implement a cryptographically verified assertion correctly, and not track which website is making the request, for which individual at what time, and then cross reference that with newly created accounts? | | |
| ▲ | 9dev 2 days ago | parent [-] | | I trust the EU for one, yes, because it doesn't really have the capability or agencies to create massive databases on citizens. Aside from that, there's really a lot of research going on around zero knowledge proofs and verified credentials and such; involved researchers have very obviously already thought about most of the knee-jerk concerns voiced in this thread. | | |
| ▲ | exoverito 2 days ago | parent [-] | | Seems foolish to trust them. The EU is fundamentally undemocratic with the unelected Commission proposing laws and decision making hidden within councils. It has been steadily centralizing and concentrating power, creating a dense web of regulations that have been strangling member states' stagnant economies. Right to free speech is notoriously bad in Europe. The EU is trying to increase military power, and ultimately a centralized European army. |
|
| |
| ▲ | lukan 3 days ago | parent | prev [-] | | Does that work already? If so, how? If the API asks for a users minimum age at a certain time, how can the government not know which data set it has to check? | | |
| ▲ | danpat 3 days ago | parent | next [-] | | It can be achieved with a zero-knowledge proof - there are many schemes, but in essence, they all allow you to prove something (e.g. your birthdate, validated by a government agency), without revealing who you are. You can prove to a third party "the government authenticated that I was born on 1970-01-01" without exposing who "I" is. Some worthwhile reading on the topic if you're interested: https://en.wikipedia.org/wiki/Zero-knowledge_proof#Zero-Know... https://en.wikipedia.org/wiki/Blind_signature It should even possible to construct a protocol where you can prove that you're over 18 without revealing your birthdate. Zero-Knowledge Range Proofs: https://eprint.iacr.org/2024/430 "Zero-knowledge range proofs (ZKRPs) allow a prover to convince a verifier that a secret value lies in a given interval." | | |
| ▲ | selcuka 3 days ago | parent | next [-] | | ZKP is better, but still not foolproof. Depending on the implementation, the government may now know that you have an account, or at least attempted to open an account on that service. You will have a hard time denying it in the future if the government asks to see your posts (as the US is currently doing at their borders). | | |
| ▲ | bawolff 3 days ago | parent [-] | | > ZKP is better, but still not private. The government now knows that you have an account, or at least attempted to open an account on that service Umm, no. That is not how a scheme like this would work. | | |
| ▲ | selcuka 3 days ago | parent [-] | | > That is not how a scheme like this would work. When implemented correctly, yes. I've edited my wording slightly to indicate that. I just don't have faith in most countries, including Australia, to implement it with protecting the privacy of their residents in mind. | | |
| ▲ | bawolff 2 days ago | parent [-] | | > When implemented correctly, yes. I disagree. I can't think of an implementation mistake that would allow just the government to see what services you sign up for. You could of course screw it up so everybody could see. If the government put a keylogger on your device then they could see. However broadly speaking this is not something that can be screwed up in such a way that just the government would be able to see. The protocol wouldn't even involve any communication with the government. |
|
|
| |
| ▲ | bawolff 3 days ago | parent | prev [-] | | > It should even possible to construct a protocol where you can prove that you're over 18 without revealing your birthdate. Not just theoretically posdible, people have done it: https://zkpassport.id/ | | |
| ▲ | lukan a day ago | parent [-] | | Sounds interesting, but: "This is experimental software. While it has undergone external review, it has not yet received a formal security audit. Please use with caution and at your own risk in production environments." |
|
| |
| ▲ | SiempreViernes 3 days ago | parent | prev [-] | | The anonymity is that the government doesn't know who is asking for the verification, not that the the government doesn't know whose majority it should attest. |
|
|
|
| ▲ | fwip 3 days ago | parent | prev | next [-] |
| > simple tweets against the government Which tweets do you have in mind? Because it not does not describe any of the high-profile tweet-related arrests I have heard of. |
|
| ▲ | chris_wot 3 days ago | parent | prev | next [-] |
| You can't link your government ID to your social media account. The legislation doesn't allow social media companies to gather this data. It's specifically not allowed. In other words: this legislation is useless, and entirely stupid, and kids will bypass it trivially. Teenagers are exceptionally good at bypassing that which they find stupid, or gets in their way of what they consider to be fun, or a right. |
| |
| ▲ | Gigachad 3 days ago | parent [-] | | It doesn’t have to be impossible to bypass. It just has to create friction so less and less kids end up on social media over time. | | |
|
|
| ▲ | hilbert42 3 days ago | parent | prev | next [-] |
| "...simplifying tracking and surveillance by corporations and governments." Decades ago when the Australia Card—an ID system for Australians—was first proposed there was an almighty outcry from the citizenry and the project was seemingly shelved. What's happened since is that our Governments quietly ramped up their computer systems and collected the data anyway, this Law will only enhance that collection further. Moreover, recently Government introduced what at the moment are voluntary digital IDs which it sold under the guise that having a single ID will make it easier to deal with government services, etc. Unfortunately, most will unquestioningly swallow the official line and miss the fine minutiae. I've never heard any politician or Government official come out and say "We'll never introduce an Australia Card because we're free people" or such and I'd bet that I never will. Fact is, we Australians already have had an 'Australia Card' for years, it's just that we don't carry it around in our wallets as we do with our credit cards. Our democracy would be vastly improved if those whose governance we're under would actually tell us the truth. Edit: Despite my comment about this new law, I agree kids need protection—so we're damned either way. I see no easy solution. |
|
| ▲ | bigfudge 2 days ago | parent | prev | next [-] |
| I don't know the details of the implementation, but this sounds like an argument for strong data protection laws (and so no data retention) rather than inaction. Also, I'm really struggling to think of examples where people have been arrested for "tweets against the government". The Linehan case? Most of the ones I can think of are like that — so basically culture war bullshit and overzealous policing of incitement laws. |
|
| ▲ | twelvedogs 2 days ago | parent | prev | next [-] |
| In actuality websites just have to do something, not use an id. Most of them currently just want you to upload a story then use ai to guess your age, it's as accurate as you might suspect if you're very sceptical |
|
| ▲ | Gigachad 3 days ago | parent | prev | next [-] |
| They don’t need age verification for that. If you ever connect to social media even once without a VPN and a number of other protections, they can link an account back to you. |
|
| ▲ | phatfish 3 days ago | parent | prev [-] |
| Sorry, you are crazy if you trust American tech companies (that you have zero control over) rather than your own government which in theory you have a lot of control over, but it does depend on your flavour of democracy. Until these controls on American tech companies Trump (via all the tech CEOs fawning over him) had more control over Australian society than your own government. The rest of the world needs similar restrictions on American tech and social media unless we all want to have American bonkers (and increasingly authoritarian) politics fully exported to us. |
| |
| ▲ | hilbert42 3 days ago | parent [-] | | "The rest of the world needs similar restrictions on American tech and social media..." Yes, it does but don't kid yourself, all of Big Tech will cooperate with governments for mutual benefit. Big Tech collects data that governments would otherwise have difficulty collecting, if Big Tech is refrained from collecting data because of regulation and privacy laws then both lose out. We should never expect governments to maintain our privacy or protect us from Big Tech leaching our data. In short, we're fighting different enemies on two fronts and that's a difficult and invidious position to be in. |
|
