I agree that open ended requirements are better than the imposition of prescriptive solutions. But I don't want online ID verification and that's where your proposal logically leads so I am equally opposed to it.

> They're not actually owed a solution for how to make their business model work. They can just be told that what they're doing is unacceptable,

You listed a few different things previously. Which one are we talking about here?

I think the rest of us are owed a solution where we can still do what we want without having our privacy violated. Regulations need to take the end user into account.

I already proposed what I think would be a workable solution to achieve the stated goals without unduly eroding the status quo. Do you have any response to it?

▲

ndriscoll 10 hours ago | parent [-]

Self categorization has been the status quo since the 90s and has proven to be insufficient. More generally, assuming people agree that something is a social problem/should be restricted, I don't think "have a third party come up with a solution that people can buy to filter us" makes sense. The liability belongs on the people dealing in the restricted item.

We don't give kids special debit cards that detect and block purchases of cigarettes and alcohol and say "make sure your kids don't get cash". We make it a crime to sell those things to a child.

Why is online ID verification a problem for e.g. porn and gambling but it's fine for alcohol? Why should it be fully anonymous? Should we also allow anonymous porn and cigarette vending machines in person? Why is online special?

This whole idea of anonymous access can't even work in a world where you actually pay for things online, which makes the whole proposition even more dubious. If you're an adult and spending money online, you already told them who you are (modulo darknet markets with crypto). Or you could buy a porn gift card in person with an ID flash like other restricted physical items if you're uncomfortable with online payments. And treat the gift card as restricted as well: giving it to a minor is a crime. So then what's the problem exactly? Ad supported porn specifically somehow is important enough to be special?

More to the point: as far as I know, if you perform a sex act in plain view inside of a private establishment that's open to the general public with no restrictions, then that's public indecency/lewd conduct, a criminal act, even if the owner consents. If children are present it can become a felony and you're going on the sex offender list along with jail time. Why is an unrestricted public website different?

Why are you "owed" this privacy online when someone running an open to all, fully anonymous, unchecked porn theatre in person would be arrested? How about the privacy you are owed is that your business stays between you and whomever you interact with, and even they can be asked/required not to keep or share notes about you? But they can still be expected to know you are an adult before they sell you adult services.

▲

fc417fc802 9 hours ago | parent [-]

TBH I think this is all either fundamentally flawed or incredibly weak except for your final paragraph. That one actually poses a somewhat interesting question - why the seeming disparity between online and offline porn regulations in the US? Still, it fails to address (or even acknowledge) the differences in the impact of requiring ID between those scenarios.

Also I think you have this entire thing exactly backwards. It's not on the rest of us to convince the other camp that ID shouldn't be required. Rather it's on the other camp to put forward a convincing case that ID should be required - that there is no realistic alternative and that the tradeoffs are worth the cost. Otherwise the current status quo wins out.

> Self categorization has been the status quo since the 90s and has been proven to be insufficient.

What are you on about? Legally mandated self categorization has never been tried and would presumably work if there were penalties for violations. You don't even need 100% compliance, you just need high enough compliance that the default becomes to filter out any site that fails to do so.

Voluntary self categorization isn't particularly useful because almost no operators bother to do it. So you're left with no (workable) option other than whitelist filtering.

> have a third party come up with a solution that people can buy to filter us

I never suggested anything of the sort.

> The liability belongs on the people dealing in the restricted item.

The items are not currently restricted and I don't agree with you that they should be. However I would agree to changing things to make all providers liable for accurately self categorizing the content they serve up by means of a standardized header format or some other protocol.

> Why is online ID verification a problem for e.g. porn and gambling but it's fine for alcohol?

Presumably because you have to take receipt of the shipment so the vendor is already going to collect your PII.

Why is legally requiring that a gambling website send a header categorizing itself as such unworkable yet somehow it's all going to work out just fine if we require them to do the much more complicated thing of securely handling and accurately verifying identification documents? That seems like an obvious contradiction to me.

> Why should it be fully anonymous? Should we also allow anonymous porn and cigarette vending machines in person?

Don't we effectively do exactly that? There's no requirement for ID retention on sale of alcohol or cigarettes and until recently the norm was for the clerk to briefly eyeball your license. They also didn't used to bother checking ID if you looked old enough. (That's changed at the major retailers around here lately but that's a different matter.)

Anyway I never claimed the brick and mortar way of doing things was ideal so arguing as though I've agreed to that seems rather disingenuous.

> If you're an adult and spending money online, you already told them who you are

But I did not give them a copy of my ID or any otherwise unnecessary PII and do not want to be required to do so. Also there are plenty of ways to pay for things online without readily revealing your identity to the couterparty. I expect you are well aware of that fact.

> Why is an unrestricted public website different?

For practical reasons I'd imagine. Analogies are great and all but at the end of the day a global electronic communication network has rather different properties than a physical brick and mortar location that you walk into.

Regardless, the reputable services all seem to agree with you (as do I) and thus go out of their way to send headers marking them as adult only. It's roughly equivalent to a shop hanging a "no under 18 allowed" on the door but then not bothering to ID anyone. If parents can't be bothered to configure even the most basic of controls on their children's devices why should the rest of society be made to suffer for that?

	▲	ndriscoll 8 minutes ago \| parent [-]
		Sending a header is unworkable because nothing obeys it, there are embedded browsers all over, and even if you mandated that every app/browser do so, kids can get a new computer/phone for $20 with no restrictions. There's no requirement for ID retention online either. In fact, unlike in person, it is banned. And a framework where you just say "you are liable for what you provide to children" actually allows for a site employee to briefly eyeball your ID or just look at you and decide you look old enough (though that doesn't really work with realtime video generation). Record retention is a different question from checking. I think I and the actual relevant laws have been pretty clear that we should disallow that. No, we do not have anonymous cigarette vending machines (at least anywhere I've been in the US). They are always behind a counter with an ID check. Except for crypto, I don't think I am familiar with any way to pay for something online without revealing my identity. I'm pretty sure 100% of online purchases I've made over the last 20 years have required name/address and usually phone number as part of payment details. Even with crypto, as far as I know common wisdom on darknet markets is (or was?) to use your real name/address as that's the least suspicious. I don't actually know a single place where you don't give that info to your counterparty. I can't imagine it's common. What parental controls? As far as I know, Safari is the only modern browser that checks RTA headers (if it still does). There are no options for Chrome or more importantly Firefox, which is the only browser that's fit for purpose with malware blocking (especially for children). Similarly Android has no controls. I don't see what part of being online makes it less practical to check ID. It seems more practical to me. It's just cheaper not to, and online businesses are big on avoiding labor. That's not some fundamental right of theirs.