There is a much easier solution that already exists - parental controls on children's devices. I honestly don't understand why is it not solving the problem?

Yes, parents are responsible to set this up. But parents are also responsible to lock their alcohol, drugs or guns, condoms, etc., and many other things.

Perhaps parental controls are not good enough? That's where the regulation could genuinely help - require child-certified devices to implement minimum set of parental controls, and make them easy to use.

The article talks about the possibilities of malicious cloning of these tokens by third parties, but fails to identify the much more common use case, and one that makes this scheme useless for age verification.

It's one thing to be concerned about someone stealing my credential, but another to prevent the transfer of these credentials, especially if they are limited use credentials.

The entire point of age verification systems is to prevent minors from accessing certain resources. I think we all know that this is basically impossible; but what these various governments and social media companies want to do is to make it high friction to do so.

The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work.

Keep dreaming of a technological solution -- there is none that does not lead to the world that FIRE is warning about, except to accept that we can only make a solution "good enough" and leave it at that, without expanding into full on identity verification. The solution here is likely to just try to provide better abilities for parents to monitor and limit their children's use of the internet. Let individual parents decide on the level of harm that they are willing to accept, and accept that there will be ways to work around this even if parents are vigilant, but just try to reduce it on the margins.

I wouldn't trust governments, today or in the future, to keep such a system private and I don't see a foolproof way of building some kind of audit mechanism into it to make sure the data is always truely private.

I've also always been curious how a truely anonymous identity verification could possibly work. At best for age verification, I could be given some kind of token that would still have to verify my age and be verifiable with a central authority to ensure my token is valid. The central authority could always keeper records of my token, revoke it whenever they please, and every entity that can verify the age associated with, or embedded into, the token knows at least some of my PII.

As you say, it's doubtful governments want it to be private. So we should expect them to not use these kind of elegant solutions, and the public is generally not sophisticated enough to distinguish between the options already.

>Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users.

If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?

The problem is that you still have to trust something you don't control and can't verify that the technological solutions are correctly implemented and applied.

Zero Knowledge Proofs are worthless for this.

Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.

There is no in-between for ZKP validating someone's age.

This seems to come up in every discussion, in practice it’s irrelevant both because it’s too complicated for normal people to understand, and because the point of all this nonsense really is identification so anything that defeats that will be a non starter.

Unfortunately I don’t think it has the public’s attention, it’s still very niche. Nowhere near enough to change anything yet.

>I’m glad this is finally becoming the cause célèbre du jour.

It really isn't, though. Don't mistake the internet for reality. The majority of people in the US and Europe support laws like these, and most of the rest don't care.

Even on Hacker News the consensus is mostly in favor of anything from age restriction to making all social media illegal.

They want it to equal identity verification! When virtually every top tech executive who wants a favor is at the inauguration and you have companies doing 180 degrees on support for something they previously furiously opposed, someone is getting something they wanted. It seems naive to think otherwise. Furthermore, the current administration in the U.S. fired or ignored the competent people to which you’re referring, and those people oppose a centralized repository of various metadata because it creates a central point of failure, otherwise known as a target, that is generally a bad idea for both our nation and our citizens. Of course there are agencies in the federal government that possess this information already, but they possess it for their purposes only. This is good because it means that it’s both more difficult to abuse internally in addition to being more cumbersome to collect externally.

why would any site on the internet need to give a damn about is_citizen? That's just gross to me at the mere suggestion. If it's a government service site, then they already know that information. If you're trying to use something like social media, then it couldn't possibly matter less.

This still criminalizes sharing "adult" information with people who are not on the government's approved list (the things states do to crush dissent are not safe for children.)

I agree, I think kids should have limited access to the internet. I pretty much did and it worked out for me but I have seen so many reports about it causing harm in schools and personal life. (Specifically I think LLMs should not be used in education also, but different point) However, I think the main problem people have with this "think of the children" narrative is that it will force EVERYONE to give up their credentials to access the internet, not just kids. And the general consensus is that we as adults do not want to and should not have to prove our identity to access the internet.

I mean its only a hope and a skip away from having to validate ones age to turn on the router.

> privacy advocates need to be much more specific

I'm starting to think we need to lean on conspiracy theories in order to get broader population on train with this - and I'm saying this in utmost regret. That's a borrowing game from a right wing/extremist playbook.

Start with this: requiring IDs online is a first step in micro-chipping the population. ...or how about this: marxists/atifa/nazis/zionists/whoever-group-people-think-is-in-power want to erode your privacy online so it can be used against you. Some nefarious group what to know your every move!

I simply saying truth/evidence/rational based approach to this will not get people attention. People just don't care.

Which is precisely why powers will try to make all these illegal

How is hitting the library an act of rebellious defiance? Getting a library card requires an ID and proof of address. The library then tracks which books you've signed out. Unless you're reading the books inside the library without signing them out.

Do you know any librarians? Public libraries have always been a bit punk rock.

"just"?

And yet as the article mentioned, the "problem" is a lie... an excuse to justify the surveillance state.

Parents taking responsibility for their kids.

I grew up in a neighborhood full of drug dealers. Street sellers, not the classy Walter White kind.

Ironically being on a computer all day kept me out of trouble.

But with these laws in place I guess you might as well start doing stupid ish in real life.

It’s not just kids. Adults are having their brains fried on AI generated political videos online right now. The state of the internet is an absolute disaster.

Thought experiment: How do you get a phone or electricity in the most impoverished, backwards parts of the USA?

You aren't required to identify yourself to get a phone. You can get a prepaid phone with no ID.

You are required to identify yourself for an electricity account because it is essentially extending you credit. You use the electricity first, and then they bill you for it later. They also only identify the person who is receiving the bill. You could have a house with a dozen people in it but the electric company only knows the name of the person responsible for the bill.

You are free to identify yourself on the internet right now. People who are intelligent and/or believe in freedom and free speech are opposed to this authoritarian power grab.

You need to identify yourself to the phone and electricity utilities so they know where to send your monthly bill. My ISP knows my name because I pay them for connectivity. I am okay with this.

If I misbehave here, dang can just ban me. There's no reason HN needs to know my real name. The only reason to mandate blanket age and identity verification is to control online speech.

Freedom of speech is contextually misunderstood. It's about political speech and the commons. Social Media is overwhelmingly private space, subject to contract terms and conditions. It may be a de-facto commons to some people but I do not believe this axiomatically, or legally makes it so, for the purposes of law and constitution. Law and constitutional bounds on speech online hit the international nature of the media very quickly.

Extra-territorial issue are huge here. What is the limit of the boundary on a given nations constitution and law? How much does the economy of the user, the hosting company, the owning company, the receiving parties matter?

Social Media has advertising and publishers. It has people who can effect editorial control over what is seen and by who and to who it is "said" -And that imposes obligations on them, and on people lodging content. Differentially depending on their economy, the reach of law, registration of legally incorporated entities.

All of this is being implemented somewhat haphazardly internationally, enforced differently, subject to legal and financial and social pressures differently depending on the times and the context.

If you want to ask questions about America, about Americans, using American companies, speaking to Americans, believe me you don't neccessarily have a simpler task here. It may well be clearer to some of you, but to me, its just as fraught.

It's just not clear to me "free speech" is the bastion rule which applies here. The EFF may think so, I don't think they have actually demonstrated it all the way to the end.

> ...you should be forced to identify yourself for posting...

The Supreme Court has repeatedly held that the right to anonymous speech is inherent in the first amendment [1] [2]. See also The Federalist Papers or Common Sense, without which the US might not exist at all.

[1] https://www.law.cornell.edu/supremecourt/text/362/60

[2] https://www.law.cornell.edu/supct/html/93-986.ZO.html

I disagree because the people who have the most important things to say have the most to lose by saying it.

Also anonymity can actually improve social media polarization (see Chris Bail’s research)

> My privacy is already decimated. For 2 decades we’ve already known about the NSA slurping up everything[1] on top of the Snowden leaks.

If you were correct, there would be no need for them to push these new laws. The fact is, you will have less privacy after these identification requirements are fully enforced.