| ▲ | cosmos0072 3 hours ago |
| I am from EU, and contrary to age verification laws in general. My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices. Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS |
|
| ▲ | heavyset_go 2 hours ago | parent | next [-] |
| > Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS To be honest, I worry that the framing of this legislation and ZKP generally presents a false dichotomy, where second-option bias[1] prevails because of the draconian first option. There's always another option: don't implement age verification laws at all. App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried. [1] https://rationalwiki.org/wiki/Appeal_to_the_minority#Second-... |
| |
| ▲ | ndriscoll an hour ago | parent | next [-] | | > App and website developers shouldn't be burdened with extra costly liability Why not? Physical businesses have liability if they provide age restricted items to children. As far as I know, strip clubs are liable for who enters. Selling alcohol to a child carries personal criminal liability for store clerks. Assuming society decides to restrict something from children, why should online businesses be exempt? On who should be responsible, parents or businesses, historically the answer has been both. Parents have decision making authority. Businesses must not undermine that by providing service to minors. | | |
| ▲ | Ray20 19 minutes ago | parent | next [-] | | > Why not? This implies the creation of an infrastructure for the total surveillance of citizens, unlike age verification by physical businesses. | | |
| ▲ | ndriscoll 11 minutes ago | parent [-] | | Spell it out: how do ID checks for specific services (where the laws I've read all require no records be retained with generally steep penalties) create an infrastructure for total surveillance? Can't sites just not keep records like they do in person and like the law mandates? Can't in-person businesses keep records and share that with whomever you're worried about? How do you reconcile porn sites as a line in the sand with things like banking or online real estate transactions or applying for an apartment already performing ID checks? The verification infrastructure is already in place. It's mundane. In fact the apartment one is probably more offensive because they'll likely make you do their online thing even if you could just walk in and show ID. |
| |
| ▲ | inetknght 28 minutes ago | parent | prev | next [-] | | > Physical businesses Physical businesses nominally aren't selling their items to people across state or country borders. Of course, we threw that out when we decided people could buy things online. How'd that tax loophole turn out? | | |
| ▲ | ndriscoll 5 minutes ago | parent [-] | | But when they do, federal law requires age verification (at least with e.g. alcohol). It turned out we pretty much closed the tax loophole. I don't remember an online purchase with no sales tax since the mid 00s. |
| |
| ▲ | scythe 6 minutes ago | parent | prev | next [-] | | For one thing, it's fairly uncommon for children to purchase operating systems. As long as there is one major operating system with age verification, parents (or teachers) who want software restrictions on their children can simply provide that one. The existence of operating systems without age verification does not actually create a problem as long as the parents are at least somewhat aware of what is installed at device level on their child's computer, which is an awful lot easier than policing every single webpage the kid visits. | |
| ▲ | MSFT_Edging an hour ago | parent | prev [-] | | > Physical businesses have liability if they provide age restricted items to children. These are often clear cut. They're physical controlled items. Tobacco, alcohol, guns, physical porn, and sometimes things like spray paint. The internet is not. There are people who believe discussions about human sexuality (ie "how do I know if I'm gay?") should be age restricted. There are people who believe any discussion about the human form should be age restricted. What about discussions of other forms of government? Plenty would prefer their children not be able to learn about communism from anywhere other than the Victims of Communism Memorial Foundation. The landscape of age restricting information is infinitely more complex than age restricting physical items. This complexity enables certain actors to censor wide swaths of information due to a provider's fear of liability. This is closer to a law that says "if a store sells an item that is used to damage property whatsoever, they are liable", so now the store owner must fear the full can of soda could be used to break a window. | | |
| ▲ | ndriscoll an hour ago | parent [-] | | That's not a problem of age verification. That's a problem of what qualifies for liability and what is protected speech, and the same questions do exist in physical space (e.g. Barnes and Noble carrying books with adult themes/language). So again, assuming we have decided to restrict something (and there are clear lines online too like commercial porn sites, or sites that sell alcohol (which already comes with an ID check!)), why isn't liability for online providers the obvious conclusion? |
|
| |
| ▲ | mindslight 16 minutes ago | parent | prev | next [-] | | ZKP methods are just as draconian as they rely on locking down end user devices with remote attestation, which is why they're being pushed by Google ("Safety" net, WEI, etc). The real answer to the problem is for websites to publish tags that are legally binding assertions of age appropriateness, and then browsers can be configured to use those tags to only show appropriate content to their intended user. This also gives parents the ability to additionally decide specific websites are not suitable for their children, rather than trusting websites themselves to make that decision within the context of their regulatory capture. For example imagine a Facebook4Kidz website that vets posts as being age appropriate, but does nothing to alleviate the dopamine drip mechanics. There has been a market failure here, so it wouldn't be unreasonable for legislation to dictate that large websites must implement these tags (over a certain number of users), and that popular mobile operating systems / browsers implement the parental controls functionality. But there would be no need to cover all websites and operating systems - untagged websites fail as unavailable in the kid-appropriate browsers, and parents would only give devices with parental controls enabled to their kids. | |
| ▲ | andrepd 22 minutes ago | parent | prev | next [-] | | The concern is ubiquitous all-pervasive surveillance, control, and manipulation of algorithmical social media and its objective consequences for child development and well-being. Not "kids reading a bad word". Disagree all you want, but don't twist the premise. Surely you can find a rationalwiki article for your fallacy too. | | |
| ▲ | ori_b 13 minutes ago | parent [-] | | If you want to avoid all pervasive surveillance, it might be wise to not mandate all pervasive surveillance in the OS by law. In fact, I suspect adults, and not just children, would also appreciate it if the pervasive surveillance was simply banned, instead of trying to age gate it. Why should bad actors be allowed to prey on adults? |
| |
| ▲ | verisimi 2 hours ago | parent | prev | next [-] | | > There's always another option: don't implement age verification laws at all. Where do you go to vote for this option? | |
| ▲ | Bender an hour ago | parent | prev [-] | | App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried. App and website operators should add one static header. [1] That's it, nothing more. Site operators could do this in their sleep. User-agents must look for said header [1] and activate parental controls if they were enabled on the device by a parent. That's it, nothing more. No signalling to a website, no leaking data, no tracking, no identifying. A junior developer could do this in their sleep. None of this will happen of course as bribery (lobbying) is involved. [1] - https://news.ycombinator.com/item?id=46152074 |
|
|
| ▲ | module1973 14 minutes ago | parent | prev | next [-] |
| that is correct the parents are meant to pass on morals and parent the child. If the parents fall through, there is the community such as church, neighbors, schools etc. The absolute last resort is government or law enforcement intervention, and this should be considered an extreme situation. But as John Adams noted, "Our Constitution was made only for a moral and religious people" -- in other words, all these laws start to rip at the seams when the fabric of society, the people who make up the society no longer have morals. But I appreciate this article in general, we need to fight against mass surveilance at all costs. |
|
| ▲ | himata4113 3 hours ago | parent | prev | next [-] |
| Yes! This is the way, give parents the ABILITY to advertise the users age to browsers, apps and everything in between. Only target cooperations, do not target open source projects. Fine websites for not using this API (ex: porn sites). Assume an adult if not present. |
| |
| ▲ | fn-mote 2 hours ago | parent | next [-] | | > Fine websites for not using this API (ex: porn sites). Recent posters here are clear that porn sites are setting every available signal that they are serving adult-only content. According to them, you are targeting the wrong audience. Facebook/Instagram studying how to get young users addicted should be of greater concern. I have my doubts about the effectiveness of age-based blocking there, though. | | |
| ▲ | edgyquant 2 hours ago | parent [-] | | Both are problems, porn sites have also targeted children and any non-enforced age “verification” on these sites is simply plausible deniability that isn’t plausible at all | | |
| ▲ | XorNot 15 minutes ago | parent [-] | | In what way have porn sites targeted children? They have no disposable income to target and the product is literally self age gated in appeal. |
|
| |
| ▲ | fivetomidnight 2 hours ago | parent | prev | next [-] | | No. This is not the way. > give parents the ABILITY to advertise the users age to browsers, apps and everything in between. Accounts and Applications to services that provide countent are set to a country-specific age rating restrictions (PG, 12+, 18+, whatever). That's it. None of the things you mentioned have any point to concern themself with the age or age-bracket of the user in front of the device. This can and will be abused. This is very obvious. Think about it. | | |
| ▲ | himata4113 an hour ago | parent [-] | | That is what I meant by age(-rating), you are correct. However, drop country specifics - too complicated. Age brackets are enough: child, preteen, teen, adult. At around 16-17 these should be dropped anyway since at that point people are smart enough to get around these measures anyway and usually have non-parent controlled devices. |
| |
| ▲ | idiotsecant 2 hours ago | parent | prev | next [-] | | This is a great solution to the stated problem. The issue is that nobody is actually trying to solve the stated problem. This is a terrible solution to the real 'problem' which is the lack of surveillance power and information control. | | |
| ▲ | simion314 2 hours ago | parent | next [-] | | >This is a great solution to the stated problem. The issue is that nobody is actually trying to solve the stated problem. This is a terrible solution to the real 'problem' which is the lack of surveillance power and information control. So on the Sony consoles I created an account for my child and guess what they have implemented some stuff to block children from adult content on some stuff. So if Big Tech would actually want to prevent laws to be created could make it easy for a parent to setup the account for a child (most children this days have mobile stuff and consoles so they could start with those), we just need the browsers to read the age flag from the OS and put it in a header, then the websites owners can respect that flag. I know that someone would say that some clever teen would crack their locked down windows/linux to change the flag but this is a super rare case, we should start with the 99% cases, mobile phones and consoles are already locked down so an OS API that tells the browser if this is an child account and a browser header would solve the issue, most porn websites or similar adult sites would have no reason not to respect this header , it would make their job easier then say Steam having to always popup a birth date thing when a game is mature. | | |
| ▲ | necovek an hour ago | parent | next [-] | | When one clever teen figures it out, they will share it with 80% of their friend group, making that number 80% and not 1%. Let's go back to parenting: yes, world is a scary place if you get into it unprepared. | | |
| ▲ | gzread an hour ago | parent [-] | | When one teen figures out how to get alcohol without ID, 80% of them will. |
| |
| ▲ | himata4113 2 hours ago | parent | prev [-] | | That's why I suggested kernel enforced security (simple syscall) that applications could implement and are incredibly hard to spoof / create tools and workarounds for, but I got downvoted to hell. Permission restricted registry entry (already exists) and a syscall that reads it (already exists) for windows and a file that requires sudo to edit (already exists) and a syscall to read it (already exists). Works on every distro automatically as well including android phones since they run the linux kernel anyway. Apple can figure it out and they already have appleid. | | |
| ▲ | simion314 an hour ago | parent [-] | | For linux we have the users and groups concept, the distro can add an adult group and when you give your child a linux a device and create the account you would just chose adulr or minor , or enter a birthdate. No freedom lost for the geeks that install Ubuntu or Arch for themselves and we do not need some extra hardware for the rare cases where a child has access to soem computer and he also can wipe it and install Linux on it. Distro makes can make the live usb default user to be set as not adult. Good enough solutions are easy but I do not understand why Big Tech (Google and Apple) did not work on a standard for this. (maybe both Apple and Google profits would suffer if they did) | | |
|
| |
| ▲ | gzread 2 hours ago | parent | prev [-] | | Three states now implement this solution that you just called a great solution, and most of HN still hates it. Are they seeing something that you're not? https://news.ycombinator.com/item?id=47357294 |
| |
| ▲ | mijoharas 2 hours ago | parent | prev [-] | | This is what I think. I saw someone else on HN suggested provide an `X-User-Age` header to these sites, and provide parents with a password protected page to set that in the browser/OS. Responsibility should be on the website to not provide the content if the header is sent with an inappropriate age, and for the parent to set it up on the device, or to not provide a child a device without child-safe restrictions. It seems very obviously simple to me, and I don't see why any of these other systems have gained steam everywhere all of a sudden (apart from a desire to enhance tracking). | | |
| ▲ | qup an hour ago | parent [-] | | Seems simple until you try to figure out what's allowed for what age, which surely will differ by country at a minimum. |
|
|
|
| ▲ | teekert 2 hours ago | parent | prev | next [-] |
| "mechanism to enforce that is parental control on devices." Meh, I use it, but it's super annoying and I think that with my Daughter I'll take a different approach (but it will be some years before that is relevant). On Android: The kid can easily go on Snapchat (after approval of install of course, and then you can just see their "friends") before Pokemon Go (just a pain to get working, it keeps presenting some borked version which led to a lot of confusion at first). I just lied about his age in a bunch of places at some point. Snapchat is horrible and sick from our experiences in the first week. On Windows: It's a curated set of websites (and no FireFox) or access to everything. It's not even workable for just school. Granting kids access to our own minercraft servers: My god, I felt dirty about what the other parents had to go through to enable that. |
|
| ▲ | Pxtl 32 minutes ago | parent | prev | next [-] |
| > My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices. Imho there is a place for regulation in that, actually. Devices that parents are managing as child devices could include an OS API and browser HTTP header for "hey is this a child?" These devices are functionally adminned by the parent so the owner of the device is still in control, just not the user. Just like the cookie thing - these things should all be HTTP headers. "This site is requesting your something, do you want to send it? Y/N [X] remember my choice." Do that for GPS, browser fingerprint, off-domain tracking cookies (not the stupid cookie banner), adulthood information, etc. It would be perfectly reasonable for the EU to legislate that. "OS and browsers are required to offer an API to expose age verification status of the client, and the device is required to let an administrative user set it, and provide instructions to parents on how to lock down a device such that their child user's device will be marked as a child without the ability for the child to change it". Either way, though, I'm far more worried about children being radicalized online by political extremists than I am about them occasionally seeing a penis. And a lot of radicalizing content is not considered "adult". |
|
| ▲ | tasuki 3 hours ago | parent | prev | next [-] |
| > My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online As a parent, sure, that is my stance as well. What... what other stances are there even? How would they work? |
| |
| ▲ | pjc50 2 hours ago | parent | next [-] | | The steelman argument is that parents are not necessarily up to date on the technology, and cannot reasonably be expected to supervise teenagers 24/7 up to the age of 18. Compare movie ratings or alcohol laws, for example: there's a non-parental obligation on third parties not to provide alcohol to children or let them in to R18 showings. But the implementation matters, and almost all of these bills internationally are being done in bad faith by coordinated big-money groups against technologically illiterate and reactionary populist governments. (if we really want to get into an argument, there's what the UK calls "Gillick competence": the ability of children to seek medical treatment without the knowledge and against the will of their parents) | | |
| ▲ | graemep an hour ago | parent | next [-] | | In the UK parents can give children alcohol below the age of 18. parents get to make the final decision at home so I do not think its really comparable. I would personally favour allowing parents to buy drinks for children below the current limits (18 without a meal, 16 for wine, beer and cider with a meal). The alternative to this is empowering parents by regulating SIM cards (child safe cards already exist) and allowing parents to control internet connectivity either through the ISP or at the router - far better than regulating general purpose devices. The devices come with sensible defaults that parents can change. | |
| ▲ | _heimdall 2 hours ago | parent | prev [-] | | That steelman still stands on a core assumption that its both the state's responsibility and right to step in and parent on everyone's behalf. Maybe a majority of people today agree with that, but I know I don't and I never hear that assumption debated directly. | | |
| ▲ | gzread an hour ago | parent | next [-] | | The point of having a state at all is to create a framework where people are set up to succeed. | | |
| ▲ | _heimdall 30 minutes ago | parent | next [-] | | Where exactly are you getting that goal of a state from? Maybe that's one of the goals today, historically I don't think it was anywhere on the list. | |
| ▲ | heavyset_go an hour ago | parent | prev [-] | | Everyone shouldn't have to lose their privacy just because you're too lazy to use parental controls or give your kids devices that are made for children. | | |
| ▲ | gzread an hour ago | parent [-] | | Entering your child's age when you create their user account is a loss of privacy? | | |
| ▲ | PeterisP 38 minutes ago | parent [-] | | The current bills (e.g. NY one at https://www.nysenate.gov/legislation/bills/2025/S8102/amendm... ) require age assurance that goes beyond mere assertions, so when creating your (adult) user account it would be required to give away your privacy to prove your age - if you can't implement a way for anonymous/pseudonymous people to verify that they indeed are adults (and not kids claiming to be so), these bills prohibit you to manufacture internet-connected systems that can be used by anonymous/pseudonymous users. |
|
|
| |
| ▲ | edgyquant 2 hours ago | parent | prev [-] | | Then frankly you haven’t seen many debates around age verification as it’s the main thing discussed every time it’s brought up | | |
| ▲ | _heimdall 28 minutes ago | parent [-] | | You are correct, I didn't pay close attention to any EU debates that may have happened, I haven't lived there in years. In the US I haven't seen much debate at all, regardless of the bill really we don't seem to have leaders openly and honestly debate anything. |
|
|
| |
| ▲ | edgyquant 2 hours ago | parent | prev | next [-] | | The other stance is that most parents are not capable of winning a battle against tech giants for the mind of their children, just as parents were not capable of winning this fight with tobacco and alcohol companies. | | |
| ▲ | duskdozer 18 minutes ago | parent | next [-] | | If this had anything to do with reigning in tech giants, it would be done for adults as well, without restricting anyone's rights (well, aside from the people-corporations' of course). The issues are the manipulative algorithmic datafeeds, advertising, and datamining. Age verification does nothing for any of this and only provides the tech giants and governments the means to secure even more control over people. | |
| ▲ | heavyset_go 2 hours ago | parent | prev [-] | | The tech giants want this. They drafted the bill. They paid tens of millions of dollars to promote it. Think about that for a minute. | | |
| ▲ | hackinthebochs an hour ago | parent [-] | | They want it because it absolves them of responsibility for what their app does to kids. They can then just point to the existence of an already working mechanism for parents to intervene. The alternative would be for each app to implement stringent age verification or redesign itself to avoid addictive patterns. Neither option is good for their earnings. |
|
| |
| ▲ | Markoff 3 hours ago | parent | prev [-] | | ignore parent, outsource parenting to gov verification authority TBH many parents done exactly that by giving phones/tablet already to kids in strollers | | |
| ▲ | graemep an hour ago | parent [-] | | The latter is true, but we cannot regulate the vast majority of parents on the basis of the worst. |
|
|
|
| ▲ | soulofmischief 30 minutes ago | parent | prev | next [-] |
| I'll go further. As a human being, I am responsible for myself. I grew up in an extremely abusive, impoverished, cult-like religious home where anything not approved by White Jesus was disallowed. I owe everything about who I am today to learning how to circumvent firewalls and other forms of restriction. I would almost certainly be dead if I hadn't learned to socialize and program on the web despite it being strictly forbidden at home. Most of my interests, politics and personality were forged at 2am, as quiet as possible, browsing the web on live discs. I now support myself through those interests. We're so quick to forget that kids are people, too. And today, they often know how to safely navigate the internet better than their aging caretakers who have allowed editorial "news" and social media to warp their minds. Even for people who think they're really doing a good thing by supporting these kinds of insane laws that are designed to restrict our 1A rights: the road to hell is paved with good intentions. |
| |
| ▲ | duskdozer 15 minutes ago | parent [-] | | This is obviously where it's going to go, at least in the US. Things that are non-religious, non-Christian especially, pro-LGBT, and similar will be disproportionately pulled under "adult content" to ensure that children are not able to be exposed to unapproved ideas during formative years. | | |
| ▲ | soulofmischief 4 minutes ago | parent [-] | | Exactly. Having lived through it already, I know what it did to me and I would never wish that upon another child. The internet saved me from being a religious, colonial, racist piece of shit like the rest of my family. |
|
|
|
| ▲ | croes 3 hours ago | parent | prev | next [-] |
| You could make the same case for parental control as evil. "You‘re reading about evolution! Not in my house" |
| |
| ▲ | cosmos0072 3 hours ago | parent [-] | | Parents already have a lot of control on children' education. Examples: most children believe in the same religion as their parents, and can visit friends and places only if/when allowed by their parents. This is simply extending the same level of control to the internet. Government-mandated restrictions are completely another level. | | |
| ▲ | edgyquant 2 hours ago | parent | next [-] | | I have personally worked with parents trying to prevent their children from using social media and it’s nearly impossible. Kids are almost always more tech savvy than their parents and unlike smoking it’s nearly impossible to tell a child is doing so without watching them 100% of the time. | |
| ▲ | croes 2 hours ago | parent | prev [-] | | Who controls your age if you try to buy alcohol. Who controls your age if you want to see an R-rated movie? This is simply extending the same level of control to the internet. More control for parents is a completely different level. | | |
| ▲ | heavyset_go 2 hours ago | parent | next [-] | | There are no laws preventing children from seeing R-rated movies with or without their parents, theaters implement that policy by choice. | | |
| ▲ | croes 2 hours ago | parent [-] | | Welcome to the world where many countries aren’t the US | | |
| ▲ | heavyset_go 2 hours ago | parent [-] | | The OP is about legislation and companies in the US | | |
| ▲ | croes an hour ago | parent [-] | | And parent is from the EU and talks about age control in general. Does the US have a zero-knowledge proof system that is mentioned in the discussion? |
|
|
| |
| ▲ | applfanboysbgon 2 hours ago | parent | prev [-] | | Disingenuous, but I'm sure you know that and were being intentionally so. The government is not using alcohol age laws as a justification to place a camera in your bedroom to make sure you aren't sneaking booze, but it is using internet age laws as a justification to surveil your entire life in a world which is becoming increasingly digital-mandatory to participate in government services or the economy. Nobody had a problem with internet age laws when "are you over 13? yes/no" was legally sufficient. | | |
| ▲ | gzread an hour ago | parent | next [-] | | Is California doing this? | |
| ▲ | croes 2 hours ago | parent | prev [-] | | You‘re missing the point > Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS Parent prefers more control by parents over zero-knowledge proof | | |
| ▲ | applfanboysbgon 2 hours ago | parent [-] | | If that was your point, I don't think your previous comment did a very good job of making it at all. I do think parental controls can be and are abused for evil, but they're still better than the alternative. Zero-knowledge proof is not an alternative, and to suggest that it is is misunderstanding the situation. These laws are proposed and funded by people who want complete surveillance of the population. Zero-knowledge proof is, therefore, explicitly contrary to the goal and will never be implemented under any circumstances. Suggesting that it can be muddies the issue and tricks people into supporting legislation that exists only to be used against them. In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario. |
|
|
|
|
|
|
| ▲ | lynx97 2 hours ago | parent | prev [-] |
| Same here, EU citizen who thinks parents should do some parenting, after all. However, try to confront "modern" parents with your position. Many of them will fight you immediately, because they think the state is supposed to do their work... Its a very concerning development. |
