You can be in favor of privacy while simultaneously thinking porn, gambling, and advertisers shouldn't be targeting children. The age verification bills I've read have steep penalties for retaining information, so that seems fine since that's literally more protection than you get in person.

It's really more just concluding that those corporations should be liable for their behavior. It also has nothing to do with "the Internet" which is largely unaffected. Except of course ideas for forcing OS behavior coming out of California which are obviously bad.

I actually think things could be a lot simpler if we just made the laws like alcohol: it's illegal (with criminal liability) for a non-parent adult to provide <restricted thing> to a child. Simple enough. Seems to work fine as-is for Internet alcohol purchases. Businesses dealing in restricted industries can figure out how to avoid that liability. That's entirely compatible with making it illegal for businesses to stalk everyone, which we should also do!

▲

choo-t 6 hours ago | parent | next [-]

> The age verification bills I've read have steep penalties for retaining information, so that seems fine since that's literally more protection than you get in person.

The best way (and only way) to prevent retaining information is to not share them in the first place.

> You can be in favor of privacy while simultaneously thinking porn, gambling, and advertisers shouldn't be targeting children.

There are other method to achieve this without mandatory identification. You can force these content to be served with an HTTP header providing their legal minimum age of consultation or type of content, and blocking them browser side. Governments could maintain filter lists for different age bracket and release them to everyone, allowing easy compliance on the device parental control settings.

▲

fc417fc802 11 hours ago | parent | prev [-]

If you implemented that simple solution the expected outcome is businesses collecting ID at the door. But unlike the age verification bills there'd be no prohibition of or penalty for misuse of the collected information. It's a strictly worse outcome.

You can make intentional targeting illegal without criminalizing the accidental. And mandating self categorization of content by service providers would enable standardized filtering that was broadly effective.

The above won't get kids off of social media and it won't serve the purposes of the surveillance state but it will meet the stated goals of those pushing these measures.

Keeping children off of social media is a much trickier problem. I think we'd be better served by banning certain sorts of algorithmic feeds.

▲

ndriscoll 11 hours ago | parent [-]

Okay, so make it illegal for them to record any information which is what the actual laws do (or better, explicitly criminalize all the other current stalking). The point is you don't need to be prescriptive about how to prevent children from accessing the sites. Just make it so you can face massive fines and be arrested if you don't. They can figure out how to comply with the law, and they can be effective or be shut down.

They're not actually owed a solution for how to make their business model work. They can just be told that what they're doing is unacceptable, and they can figure out what they'd like to do next. If you're worried they might react with some other unacceptable thing, we can clarify that that's not okay either.

▲

fc417fc802 10 hours ago | parent [-]

I agree that open ended requirements are better than the imposition of prescriptive solutions. But I don't want online ID verification and that's where your proposal logically leads so I am equally opposed to it.

> They're not actually owed a solution for how to make their business model work. They can just be told that what they're doing is unacceptable,

You listed a few different things previously. Which one are we talking about here?

I think the rest of us are owed a solution where we can still do what we want without having our privacy violated. Regulations need to take the end user into account.

I already proposed what I think would be a workable solution to achieve the stated goals without unduly eroding the status quo. Do you have any response to it?

▲

ndriscoll 10 hours ago | parent [-]

Self categorization has been the status quo since the 90s and has proven to be insufficient. More generally, assuming people agree that something is a social problem/should be restricted, I don't think "have a third party come up with a solution that people can buy to filter us" makes sense. The liability belongs on the people dealing in the restricted item.

We don't give kids special debit cards that detect and block purchases of cigarettes and alcohol and say "make sure your kids don't get cash". We make it a crime to sell those things to a child.

Why is online ID verification a problem for e.g. porn and gambling but it's fine for alcohol? Why should it be fully anonymous? Should we also allow anonymous porn and cigarette vending machines in person? Why is online special?

This whole idea of anonymous access can't even work in a world where you actually pay for things online, which makes the whole proposition even more dubious. If you're an adult and spending money online, you already told them who you are (modulo darknet markets with crypto). Or you could buy a porn gift card in person with an ID flash like other restricted physical items if you're uncomfortable with online payments. And treat the gift card as restricted as well: giving it to a minor is a crime. So then what's the problem exactly? Ad supported porn specifically somehow is important enough to be special?

More to the point: as far as I know, if you perform a sex act in plain view inside of a private establishment that's open to the general public with no restrictions, then that's public indecency/lewd conduct, a criminal act, even if the owner consents. If children are present it can become a felony and you're going on the sex offender list along with jail time. Why is an unrestricted public website different?

Why are you "owed" this privacy online when someone running an open to all, fully anonymous, unchecked porn theatre in person would be arrested? How about the privacy you are owed is that your business stays between you and whomever you interact with, and even they can be asked/required not to keep or share notes about you? But they can still be expected to know you are an adult before they sell you adult services.

▲

fc417fc802 8 hours ago | parent [-]

TBH I think this is all either fundamentally flawed or incredibly weak except for your final paragraph. That one actually poses a somewhat interesting question - why the seeming disparity between online and offline porn regulations in the US? Still, it fails to address (or even acknowledge) the differences in the impact of requiring ID between those scenarios.

Also I think you have this entire thing exactly backwards. It's not on the rest of us to convince the other camp that ID shouldn't be required. Rather it's on the other camp to put forward a convincing case that ID should be required - that there is no realistic alternative and that the tradeoffs are worth the cost. Otherwise the current status quo wins out.

> Self categorization has been the status quo since the 90s and has been proven to be insufficient.

What are you on about? Legally mandated self categorization has never been tried and would presumably work if there were penalties for violations. You don't even need 100% compliance, you just need high enough compliance that the default becomes to filter out any site that fails to do so.

Voluntary self categorization isn't particularly useful because almost no operators bother to do it. So you're left with no (workable) option other than whitelist filtering.

> have a third party come up with a solution that people can buy to filter us

I never suggested anything of the sort.

> The liability belongs on the people dealing in the restricted item.

The items are not currently restricted and I don't agree with you that they should be. However I would agree to changing things to make all providers liable for accurately self categorizing the content they serve up by means of a standardized header format or some other protocol.

> Why is online ID verification a problem for e.g. porn and gambling but it's fine for alcohol?

Presumably because you have to take receipt of the shipment so the vendor is already going to collect your PII.

Why is legally requiring that a gambling website send a header categorizing itself as such unworkable yet somehow it's all going to work out just fine if we require them to do the much more complicated thing of securely handling and accurately verifying identification documents? That seems like an obvious contradiction to me.

> Why should it be fully anonymous? Should we also allow anonymous porn and cigarette vending machines in person?

Don't we effectively do exactly that? There's no requirement for ID retention on sale of alcohol or cigarettes and until recently the norm was for the clerk to briefly eyeball your license. They also didn't used to bother checking ID if you looked old enough. (That's changed at the major retailers around here lately but that's a different matter.)

Anyway I never claimed the brick and mortar way of doing things was ideal so arguing as though I've agreed to that seems rather disingenuous.

> If you're an adult and spending money online, you already told them who you are

But I did not give them a copy of my ID or any otherwise unnecessary PII and do not want to be required to do so. Also there are plenty of ways to pay for things online without readily revealing your identity to the couterparty. I expect you are well aware of that fact.

> Why is an unrestricted public website different?

For practical reasons I'd imagine. Analogies are great and all but at the end of the day a global electronic communication network has rather different properties than a physical brick and mortar location that you walk into.

Regardless, the reputable services all seem to agree with you (as do I) and thus go out of their way to send headers marking them as adult only. It's roughly equivalent to a shop hanging a "no under 18 allowed" on the door but then not bothering to ID anyone. If parents can't be bothered to configure even the most basic of controls on their children's devices why should the rest of society be made to suffer for that?

	▲	ndriscoll a minute ago \| parent [-]
		Sending a header is unworkable because nothing obeys it, there are embedded browsers all over, and even if you mandated that every app/browser do so, kids can get a new computer/phone for $20 with no restrictions. There's no requirement for ID retention online either. In fact, unlike in person, it is banned. And a framework where you just say "you are liable for what you provide to children" actually allows for a site employee to briefly eyeball your ID or just look at you and decide you look old enough (though that doesn't really work with realtime video generation). Record retention is a different question from checking. I think I and the actual relevant laws have been pretty clear that we should disallow that. No, we do not have anonymous cigarette vending machines (at least anywhere I've been in the US). They are always behind a counter with an ID check. Except for crypto, I don't think I am familiar with any way to pay for something online without revealing my identity. I'm pretty sure 100% of online purchases I've made over the last 20 years have required name/address and usually phone number along with payment details. Even with crypto, as far as I know common wisdom on darknet markets is (or was?) to use your real name/address as that's the least suspicious. I don't actually know a single place where you don't give that info to your counterparty. I can't imagine it's common. What parental controls? As far as I know, Safari is the only modern browser that checks RTA headers (if it still does). There are no options for Chrome or more importantly Firefox, which is the only browser that's fit for purpose with malware blocking (especially for children). Similarly Android has no controls.