| ▲ | mjevans 14 hours ago |
| I'm fine with this, as long as they DO NOT require any form of ID or 'age' verification. Instead this should be attacked from the profit side, by banning any form of advertising which might target children. If there's no profit to be made in servicing said demographic and a law requesting at least end user 'agreement' that they are an adult, this should be sufficient. |
|
| ▲ | Telemakhos 12 hours ago | parent | next [-] |
| > If there's no profit to be made in servicing said demographic and a law requesting at least end user 'agreement' that they are an adult, this should be sufficient. Is it still advertising if an "influencer" takes money on the down low to sip a Pepsi not too obviously in the middle of a video? Is it still advertising if an attractive and young person provides news that happens to be colored in a way that supports the narratives of a particular political faction? Is it still advertising if you can't prove that a foreign power encouraged a popular yoga enthusiast or makeup artist to post some whispered ideas that weaken citizens' faith in your institutions? Does that foreign power ever care about profit? Advertising and propaganda love to explore the grey spaces around definitions, so your bans will end up being a whack-a-mole game. Cutting off kids with an ID check is much easier. Implementing age verification the Apple way would even protect privacy by simply registering whether Apple can attest that the user is over or under the age limit, without handing the ID over to third parties. |
| |
| ▲ | prussia 11 hours ago | parent [-] | | There's no profit for the platform. As of now, both the "influencer" and platform are aligned in that they want children to consume more slop. If the platform doesn't have any incentive anymore, maybe most of those "influencers" will fall away, if the algorithm starts deprioritising content geared toward children. As you say, policing the "influencers" is difficult, but at least it is quite easy and simple to target the platform. Better than nothing. |
|
|
| ▲ | throwup238 14 hours ago | parent | prev | next [-] |
| Who decides whether an ad is targeting children or not? I’m not playing devil’s advocate, I’m curious what the SOTA is for ad moderation. I’m sure it’s relatively easy to tell a kid’s toy ad from adult ones like alcohol, but how do you differentiate toy ads targeting parents vs toy ads targeting kids? |
| |
| ▲ | joe_mamba 14 hours ago | parent | next [-] | | >Who decides whether an ad is targeting children or not? Much simpler than that, you just ban all targeted ads full stop end of story. The ad-funded internet existed in the 90s before ad targeting was a thing. You went on a car forum, you'd get ads about car parts. You went on a PC forum, you'd get ads about PC parts. Pretty simple stuff that didn't need to know your age, gender, political affiliation, ovulation status, etc so it's not like the web will go bust without ad targeting. Targeted ads are exploitative and manipulative, and a crime against humanity, or at least on society. | | |
| ▲ | majormajor 14 hours ago | parent | next [-] | | None of that attacks the motivation of FB to look the other way to kids clicking the "I'm an adult" button and pocketing money from advertisers buying un-targeted ads for snacks, clothes, makeup, computers/gaming, and a million other things that are equally as aimed at kids as they are at anyone else. (Remember how many kids bought car magazines before they even had drivers' licenses? Advertising has never been "oh, ads for things adults will buy will be completely boring to children.") | |
| ▲ | bobthepanda 13 hours ago | parent | prev | next [-] | | Ads and media are generally exploitative and manipulative, even if not targeted specifically at anybody. 3 years after the nation of Fiji received its first television broadcasts in 1995, dieting and disordered eating went from unheard of to double digit percentages among teenage girls. https://www.nytimes.com/1999/05/20/world/study-finds-tv-alte... > Before 1995, Dr. Becker said, there was little talk of dieting in Fiji. ''The idea of calories was very foreign to them.'' But in the 1998 survey, 69 percent said that at some time they had been on a diet. In fact, preliminary data suggest more teen-age girls in Fiji diet than their American counterparts. | | |
| ▲ | joe_mamba 13 hours ago | parent | next [-] | | It's not as binary as in all forms of advertising are equally evil. As much as manipulative as traditional media advertising was/is, targeted advertising is easily orders of magnitude worse, and a good place for regulation to start if we wish to improve anything. | |
| ▲ | Aerbil313 13 hours ago | parent | prev | next [-] | | People will comment all day on the ethics and legality of advertising yet they never seem to stop and think how ads even work. Ads work primarily through increasing the subconscious familiarity over a competitor product’s subconscious familiarity. The vast majority of ads are meant to influence you through completely unconscious processes. The “get to know a product you didn’t know about before” part likely doesn’t even account for %1 of advertising. If the reverse was true, you would never see a single ad of Coca-Cola since everybody on the planet knows about it already. It boggles my mind to no end that today’s society collectively accepts literally being manipulated against their free will. See the post https://hackernoon.com/nobody-is-immune-to-ads-7142a4245c2c | |
| ▲ | peyton 13 hours ago | parent | prev [-] | | I mean as of 2011 over half the native women are obese [1]. I don’t know what to make of it other than that’s a lot. Dr. Anne Becker may be really into preserving traditional Fijian culture or whatever but it sounds like some of the local girls don’t want to anymore. [1]: https://pubmed.ncbi.nlm.nih.gov/26201444/ | | |
| ▲ | bobthepanda 12 hours ago | parent [-] | | The introduction of body shaming media vs. actually improving obesity rates is pretty poorly correlated. Introducing anorexia, bulimia, and now bigorexia to a population is probably neutral or net negative. If it wasn’t, you would have expected those rates to decline after the introduction of media informing people. | | |
|
| |
| ▲ | qgin 14 hours ago | parent | prev [-] | | Honestly this is better than covering half of every website with a cookie banner that very few people understand. |
| |
| ▲ | behringer 13 hours ago | parent | prev | next [-] | | We should ban all ads. | |
| ▲ | ajsnigrutin 8 hours ago | parent | prev [-] | | Since platforms know the users age, any ad shown to them should be considered as such. So basically, no ads on underage accounts at all should be the norm. |
|
|
| ▲ | kuerbel 13 hours ago | parent | prev | next [-] |
| Instead of banning social media for teenagers, regulate it in ways that actively reduce addictive design. For example: after 15 minutes of short-form content, show an unskippable timer every third video, displaying today’s, this week’s, and total watch time. The same principle should apply to endless scrolling, make usage visible and interruptible. Base it on actual screen time. This would protect teenagers and benefit adults. |
|
| ▲ | alkonaut 13 hours ago | parent | prev | next [-] |
| Any kind of zero knowledge verification should be ok. But with minors it often goes a long way to just make the law. It’s a good instruction to parents who should be able to control this. Laws on bike helmets for minors are followed nearly 100% not because they are enforced by authorities but because the law gives parents guidance. |
| |
| ▲ | Mindwipe 13 hours ago | parent | next [-] | | There is no such thing in practice. Anything with zero knowledge is never going to be considered robust enough by a government. Zero knowledge protocols really have no functional revocation mechanism. | | |
| ▲ | tzs 11 hours ago | parent | next [-] | | The EU has been working on a zero knowledge system as part of the EU Digital Identity Wallet project for a few years now. It is currently undergoing large scale field tests in several countries with expected release late this year. All member states are required to provide at least one free secure interoperable implementation to their citizens, and regulated industries such as banks and telecoms, are required to accept it. If a member state passes a law requiring age verification on social media it must include the EU Digital Identity Wallet as one of the verification methods the site must support. What was that about no government would consider zero knowledge to be robust enough? | | |
| ▲ | nate_meurer 9 hours ago | parent | next [-] | | Which of these governments do you trust? The same governments, mind you, that are working diligently to end anonymity on the Internet. | |
| ▲ | Fervicus 3 hours ago | parent | prev [-] | | Same EU that wants to ban encryption? |
| |
| ▲ | JoshTriplett 12 hours ago | parent | prev | next [-] | | (Without accepting the premise that it should be acceptable to have to provide any kind of proof...) > Zero knowledge protocols really have no functional revocation mechanism. None would be needed, you (sadly) only age in one direction, so valid proof would never become invalid proof. | | |
| ▲ | mrob 11 hours ago | parent [-] | | >valid proof would never become invalid proof Somebody can give their proof of age to another person. | | |
| ▲ | JoshTriplett 11 hours ago | parent [-] | | And? Presentation of someone else's valid credentials is not fixable by any privacy-preserving mechanism. You can set an expiration date in order to rotate them, and they can be fast-rotating. In any case, it's a moot point: the correct amount of required identification is zero. |
|
| |
| ▲ | pydry 13 hours ago | parent | prev [-] | | expiry |
| |
| ▲ | peyton 13 hours ago | parent | prev [-] | | Bike helmets are for safety but reading the article the ban is more for some kind of societal change. I don’t know if it’s really comparable. | | |
| ▲ | alkonaut 11 hours ago | parent [-] | | I think parent's _want_ to keep kids in helmets and away from social media. But the pressure is some times high when Joe can ride without helmet, or can use TikTok. A law really helped the bike helmet thing at least. That they are fundamentally different I think doesn't matter since the peer pressure thing and what parents want is the same. |
|
|
|
| ▲ | yoz-y 13 hours ago | parent | prev | next [-] |
| There is still a financial incentive to loop in teenagers that would stay on a platform and spend money there later. |
|
| ▲ | throwawayk7h 5 hours ago | parent | prev | next [-] |
| Why not device-side headers? Kids' devices should always include a header saying "I'm a kid, don't show me adult content. |
|
| ▲ | quotemstr 11 hours ago | parent | prev | next [-] |
| You can tell these proposals are made in bad faith because we can do age verification in an anonymous way using zero-knowledge proofs but regulators demand linkable IDs instead. It's not about protecting the kids. It's about managing the public's information diet. The latter is not a legitimate function of any state. |
| |
| ▲ | ozgung 8 hours ago | parent [-] | | The goal is to ban anonymous internet for everyone. You won't be able to post anything without verifying your id. All these similar efforts in different countries seem coordinated and synchronous, suddenly after 35 years since the advent of the web. |
|
|
| ▲ | dyauspitr 13 hours ago | parent | prev | next [-] |
| I disagree, we should have age verification but maybe it can be done in a mostly anonymous way like a central arbiter of identity from the government or something. |
| |
| ▲ | Aurornis 11 hours ago | parent | next [-] | | > like a central arbiter of identity from the government or something This comes up in every ID thread on Hacker News, usually with suggestion that we do it via zero-knowledge cryptographic primitives However, all of those proposals miss the point. These ID verification laws aren't simply designed to confirm that someone has access to an >= 18yo ID. They are identity verification to try to confirm that the person presenting the ID is the same person who is using the site. This concept is obvious with in-person ID checks: You can't go to the liquor store and show them any random ID, they have to check that it's your ID. For some reason when we talk about internet ID verification that part is forgotten and we get these proposals to use cryptographic primitives to anonymously check something without linking the person to the ID. It doesn't work, and doesn't satisfy the way these laws are usually written. I'm also surprised that people of this website even think it might work in the first place. Did everyone forget what it's like to be a kid trying to out-maneuver rules to access something? How long do you think it would take before the first enterprising kid figures out that if they can get access to their mom or older brother's ID, they can charge their friends $5 to use it for this totally anonymous one-time cryptographic ID check for their social media accounts? | | |
| ▲ | dyauspitr 11 hours ago | parent [-] | | These ID verification laws aren't simply designed to confirm that someone has access to an >= 18yo ID. They are identity verification to try to confirm that the person presenting the ID is the same person who is using the site. This makes no sense. This is exactly like asking someone older to buy you beer. Will there be rule breakers? Sure but they will be in the overwhelming minority. | | |
| ▲ | Aurornis 8 hours ago | parent | next [-] | | > This makes no sense. This is exactly like asking someone older to buy you beer. No, the analogy would be a kid walking into the liquor store to order beer with their mom’s ID and the system allowing you to do it because the store operator isn’t allowed to look at their face or the name on the ID. > Will there be rule breakers? Sure but they will be in the overwhelming minority. Some of you have forgotten what it’s like to be a kid around technology. Every time the topic of web filtering comes up there is a chorus of people declaring it useless because as a kid they easily found ways around it, as kids do. Now extend that analogy to these wishful thinking cryptographic ID checks, where you only need to circumvent the ID check literally once ever in your childhood and your account is approved for good. It’s like if you could buy beer with your mom’s ID once and the liquor store owner couldn’t look at the ID or your face and then once you did it a single time you could access all the beer you wanted. | |
| ▲ | pibaker 10 hours ago | parent | prev [-] | | In other words, total death of anonymity on the internet. Don't you love having your government name tied to every single word you say online, forever, potentially publicly accessible if someone configured mongodb wrong? | | |
| ▲ | dyauspitr 10 hours ago | parent [-] | | Different token every time. If something leaks then only the private tokens are leaked. You then have to break every site you visited to link them to you individually. |
|
|
| |
| ▲ | salawat 13 hours ago | parent | prev [-] | | That's exactly the opposite of anonymous. You cannot have anonymity & age verification that actually guarantees anything. It's a contradiction. Either the chain exists, or it doesn't. | | |
| ▲ | alkonaut 12 hours ago | parent [-] | | Are you saying it would be impossible to have a service where the site (social media, say) would issue some sort of random token and ask me to sign it using a centralized ID service. Then I log in to the centralized id service and use it to sign the random token and bring it back to the service. The centralized service see who I am, but not what I'm proving my age for. The social media or other site see that I have signed their token so would have the appropriate age, but not who I am. What's impossible about this? | | |
| ▲ | tzs 11 hours ago | parent [-] | | The problem with that is if someone gets a hold of the logs from both the centralized service and the social media site they can compare timestamps and may be able to match them up. Most people will be doing the whole process (site gives token, person gets token signed, person returns token) as quickly as possible which limits the candidates for a match. Worse, if the central service is compromised and wants to make it easier for log matching to identify people they could purposefully introduce delays which would make it easier to distinguish people. Most people will use the same IP address through the verification process which would really make it easy. | | |
| ▲ | alkonaut 10 hours ago | parent | next [-] | | Yes, timestamp comparison will be possible. I don't think there is a reasonable way around it? And authentication on to someone else is also unavoidable with reasonable privacy. I think a system with both of those drawbacks is still preferable to most other options. | | |
| ▲ | tzs 7 hours ago | parent [-] | | The way most proposals that want to support age verification (or verification of other things from a typical ID such as country) without disallowing anonymous users is to involve secure hardware. Briefly, someone (probably your goverment) issues a digital copy of your ID cryptographically tied to a key in a hardware security module you provide. There is a protocol that can be used to demonstrate to a site that you have such an ID and that you can perform operations on it using that key, and can be used to disclose anything from the ID that you wish to disclose (e.g., what country you are in, or that your birthday on the ID is at least 18 years in the past) without disclosing any other information from the ID. This avoids the timestamp problem because the issuer of the ID is not involved in verifying things from the ID. They have no idea when or how often people are using their IDs. So far people working on these systems are using smart phones as the secure hardware with the keys locked behind biometrics. Google's made on open source library for implementing such systems, the EU has one nearing release after several years of development, and I believe Apple's new ID storage in Wallet supports such a system. The EU has said that they plan to add support for security devices other than smart phones, such as stand alone security keys or smart cards. |
| |
| ▲ | machomaster 9 hours ago | parent | prev | next [-] | | Just let people freely register as many virtual ids as possible (and confirm with the real id). Then use that virtual ids to register in actual services. This allows anonymity, security (no timestamps comparison), freedom of speech and expression (to have independent accounts not linked to the main virtual id). | |
| ▲ | dyauspitr 10 hours ago | parent | prev [-] | | This is no different from VPN providers. Maybe have the central authority keep no logs just like VPN companies. We already have government agencies that do that for instance the agency that handles text to speech phone calls for deaf people. Alternatively use a VPN to sign the token. |
|
|
|
|
|
| ▲ | mytailorisrich 14 hours ago | parent | prev [-] |
| Without age verification this is obviously an unenforceable ban... I think Finland already has schemes for age verification. |
| |
| ▲ | k__ 14 hours ago | parent [-] | | Yeah. Zero knowledge proof and you're good to go. | | |
| ▲ | Aurornis 11 hours ago | parent | next [-] | | That's not how ID checking works, though. A key part of ID verification laws is that you're confirming the ID presented also belongs to the user. They can't just check for "This person currently has an adult ID in their possession" and nothing more, otherwise one kid at school would borrow their older brothers' ID and then use it to register all of their friends' accounts one day. | | |
| ▲ | tzs 11 hours ago | parent | next [-] | | You tie it cryptographically to their phone with keys in the phone's hardware security module. This doesn't stop sharing of ID but it makes it much more inconvenient. | | |
| ▲ | Aurornis 8 hours ago | parent [-] | | And I access the website from my computer how? Why would you invite a technology that by definition makes websites accessible only via phones? These social media age verification laws are inevitably going to hit sites you use, too. | | |
| ▲ | tzs 6 hours ago | parent [-] | | > And I access the website from my computer how? By cross device authentication, such as by scanning a QR code displayed on the computer from your phone. Nearly all these laws or proposed laws only require verification on account creation and maybe an occasional re-verification. They don't require it on every login. > Why would you invite a technology that by definition makes websites accessible only via phones? In most or all of the countries proposing age verification phone use is extremely high. In Finland it is nearly 100% for people over 15 and not retired. It is around 96% for retired people. Social media use is heavily skewed toward people under retirement age, which is were mobile use is highest. Even Facebook which many dismiss as the old folk's social media has about 92% of their users under 65. 98.5% of their users use it from mobile devices (82% use it exclusively from mobile). This all suggests it will only be a very small fraction of people that use social media from desktops and do not have a mobile phone they could use for the initial verification or re-verification. I haven't seen any country proposing to make mobile the only way to do age verification. They all are including methods that work without a phone, although a phone can give much better privacy and security assurances. (I don't know if any country has considered this but another good option would be to allow accounts that have existed longer than some threshold to skip verification. That would probably cover most of those elderly users without a smartphone). |
|
| |
| ▲ | machomaster 9 hours ago | parent | prev [-] | | 1. Make it illegal and punish people.
2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids. | | |
| ▲ | Aurornis 8 hours ago | parent [-] | | > 1. Make it illegal and punish people. Which you will prove how? With no record of which ID was used and with the person who used it being under 18 by necessity, this means there would be no evidence to even punish anyone old enough to be punished. > 2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids. If the ID is only checked in a zero-knowledge way to register accounts, you don’t even need multiple IDs. You just need access to one, which can be used a million times. All of the schemes to check if it’s being used multiple times start exposing more info or requiring a central party to manage. We start sliding down the slope of having the government manage ID checking centrally, which conveniently gives them a way to check which people are accessing which services. |
|
| |
| ▲ | unclad5968 13 hours ago | parent | prev [-] | | How would a zero knowledge proof of my age work? | | |
|
|
