| ▲ | stymaar 5 hours ago |
| “Age verification” isn't a problem in itself, the problem is how it's done. They could issue a physical id card with a cryptographic chip and do the age verification in a zero-knowledge fashion and it would be perfectly fine. The problem is the lack of thinking about the solution and just handwaving “age verification” as a political posture, which is why we end up with half-baked systems. |
|
| ▲ | ball_of_lint 4 hours ago | parent | next [-] |
| I strongly disagree. You're framing this as some desirable thing that could be good except that a bad implementation erodes privacy. That's wrong at every step. These bills originate from big tech such as Meta that literally profit from collecting as much personal info from you as possible. https://old.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a... But even beyond their tainted origins, you can't implement your way out of something badly formed in the first place. You handwave "zero knowledge" but that doesn't do for your privacy what you're hoping it will. That id card will still have a serial number and CCTV of you purchasing it and you will de facto end up trusting some government binary blob to implement this cryptography correctly without backdoors. Snowden was a decade ago. This will have a backdoor. This will be used for surveillance, tomorrow even if by some miracle not today. And finally, this makes the internet worse. There will be a section of people who are, for one reason or another, not able to pass this bar. Much of the goodness of the internet comes from being able to interact with anyone on it. |
|
| ▲ | vaylian 3 hours ago | parent | prev | next [-] |
| People fall through the cracks of the system. You suddenly can't use a digital service any more, because it requires you to use a specific technology that you can't obtain, even though you are old enough. You might be a refugee, you might be someone with special characters in their name or you might be someone from a country that simply doesn't provide recognized digital certifications. Or you might want to run a rooted operating system on your phone or computer. |
|
| ▲ | MaKey 4 hours ago | parent | prev | next [-] |
| This assumes good faith, which doesn't match reality. It's about control, not protecting children. Also age verification is still a problem in itself. Given your idea of a physical card, kids will find a way to use the card of their parents. Even if the card couldn't be misused by others - you give platforms the knowledge of whom is a minor, which means they can be targeted better. |
| |
| ▲ | jonathanstrange 3 hours ago | parent | next [-] | | Kids will simply find a way to circumvent it without any extra steps. To make age verification useful for protecting kids, you'd need to lock down every software on every operating system and put it under tight government control. We're talking about things like every programming language with a networking library, wget, curl, every web browser that was ever developed, etc. All kinds of tools and software would need to be locked down or criminalized. Otherwise, some smart kid is guaranteed to get around the restriction and give that method to others, and if it's at school on a USB stick. | | |
| ▲ | stymaar 2 hours ago | parent [-] | | > Kids will simply find a way to circumvent it without any extra steps. This is just an argument against any regulation whatsoever. Yes, some people will find ways to do illegal stuff, but that doesn't mean forbidding stuff is useless. For instance gangs members always find a way to get access to weapons even in countries where firearms is regulated, but there are still pretty much zero mass slaughter in schools in these countries. > To make age verification useful for protecting kids, you'd need to lock down every software on every operating system and put it under tight government control. No! This should never be implemented at the software or OS level in the first place. You should be handed a chip card that you can use for that purpose, like how the bank rent you a credit card. Any other implementation is a bad one, and should be fought. But by fighting the very idea of age verification instead, an idea that pretty much nobody else in the society has issues with when it comes to voting rights, driving rights, or alcohol consumption, you are just favoring these poor implementations by moving the debate on a ground you can't win. > Otherwise, some smart kid is guaranteed to get around the restriction and give that method to others, You should really read that “The optimal amount of fraud is non zero” blog post I linked above. | | |
| ▲ | jonathanstrange an hour ago | parent [-] | | First of all, the sane chip card design will not take place. That's virtually guaranteed. As a closely related example, banks all over the world have moved away from this design to merely trust the (nonexistent) security of mobile phones. Why? Costs and convenience. Second, if you hand over a chip card, you still need to lock down and tightly control every executable on every machine. How else would you guarantee that kids cannot access content the government deems unsuitable for them? Third, I still haven't seen a coherent argument why parents shouldn't be in charge of what content their children are allowed to consume. I'm not at all against governments providing free parental control software, for example, or voluntary industry standards similar to the movie ratings. Finally, "protecting the children" is obviously a pretense. The sole purpose of the push for this is for governments to get the foot in the door of operating systems they currently can't control well. It's the starting point for a surveillance infrastructure: age verification -> digital ID verification -> tracking who said what and handing the data over to intelligence and law enforcement. | | |
| ▲ | stymaar 41 minutes ago | parent [-] | | > First of all, the sane chip card design will not take place. That's virtually guaranteed. As a closely related example, banks all over the world have moved away from this design to merely trust the (nonexistent) security of mobile phones. Why? Costs and convenience. Businesses are always going to favor the cheapest options, but that's why regulation exist. > Second, if you hand over a chip card, you still need to lock down and tightly control every executable on every machine. How else would you guarantee that kids cannot access content the government deems unsuitable for them? You don't need to guarantee that. It's like saying you can't have an alcohol consumption ban on teenagers without spying on them all the time. It's technically true but it doesn't matter: having teenagers consume way less booze due to the rules than they would without it, and that's fine for most people, societies don't need to enforce an absolute 100% ban of things for bans to deliver the expected outcome. > Third, I still haven't seen a coherent argument why parents shouldn't be in charge of what content their children are allowed to consume. It's much less about what their children are allowed to consume, but what are businesses allowed to sell to their children. It's exactly like alcohol restrictions: the government don't raid houses to check if parents are letting child drink whine and beer at home, but it aggressively enforces that bars don't sell booze to teenagers. > Finally, "protecting the children" is obviously a pretense. Not from the electors. Most people are favorable to these things, and that's why these laws are voted. Obviously intelligence agencies are always trying to get access to more data whenever they can, but that's not the reason why these laws are voted, and the representatives routinely could vote for a version of that which doesn't serve any intelligence purpose. |
|
|
| |
| ▲ | stymaar 4 hours ago | parent | prev [-] | | > This assumes good faith, which doesn't match reality. It's about control, not protecting children. “Never attribute to malice that which is adequately explained by stupidity.” > Given your idea of a physical card, kids will find a way to use the card of their parents. Sure there are kids who have access to their parents credit card with the PIN, but how frequent is that? In every system, fraud will exist, but that doesn't mean the system is worthless. “The optimal amount of fraud is non-zero”:
https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra... | | |
| ▲ | ball_of_lint 4 hours ago | parent | next [-] | | I linked it in my direct reply, but - we don't need to guess at why these bills are being introduced or who by. We have evidence. It's malice.
https://old.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a... | |
| ▲ | applfanboysbgon 4 hours ago | parent | prev [-] | | > “Never attribute to malice that which is adequately explained by stupidity.” This is not an argument, it's just a stupid quip. And I would sooner suggest that you "never attribute to stupidity that which is adequately explained by malice". Humans are overwhelmingly selfish and more than willing to harm others to serve themselves. | | |
| ▲ | Telaneo 3 hours ago | parent [-] | | Given the amount of malice in the world, that's not even an unreasonable statement. Even more so if you agree that being in a position of power while not having the expertise needed to fulfil it is itself malicious. The traditional quip works well on small-scale stuff, but if there's loads of money or power to be gained, malice and greed tends to be fairly prevalent. |
|
|
|
|
| ▲ | nly 3 hours ago | parent | prev | next [-] |
| But to be effective you need to prove that the person presenting the ID is the person the ID belongs to. In person that falls to a human being, and it's an easy and intuitive task that takes seconds. On the internet this involves some kind of video recording being sent to some agency somewhere being paid a fee, who may later be asked to prove the efficacy of their service. This agency needs a digital copy of the photo from your ID for matching purposes. They'll be tempted to store this for auditing purposes... they'll also be tempted to store correlation IDs etc if the architecture allows. The issue is trust. You just can't trust these first and third parties not to collaborate for commercial gain or at government demand or request. And ultimately you're still exchanging verification at registration for a shareable credentials: I could use my ID to sign up to pornhub premium and then sell the username and password to a 16 year old if I wished, just like those buying alcohol can go and give it to the underage. A black market for digital credentials is even easier to establish than material goods |
| |
| ▲ | stymaar 2 hours ago | parent [-] | | > On the internet this involves some kind of video recording being sent to some agency somewhere being paid a fee, who may later be asked to prove the efficacy of their service. This agency needs a digital copy of the photo from your ID for matching purposes. That's why I'm talking about an “Id card” using Zero-knowledge proofs in a cryptographic chip, not using a paper ID with your picture on top… | | |
| ▲ | nly 2 hours ago | parent [-] | | Doesn't matter! You still need to send a digital image from the id, signed by an authority, saying "this person is 18" You then still need a trusted ID service or algorithm to capture an image of the user _at the time of use_ to compare that to. Just having access to your digital ID credentials proves nothing The zero knowledge proof only helps prevent tracking between the ID service and the website you're logging into. This is valuable but requires standardisation and client side support, which doesn't exist. All the time the client side is implemented by JavaScript served from the server side you're just trusting these parties to behave and not snoop | | |
|
|
|
| ▲ | egorfine 3 hours ago | parent | prev | next [-] |
| It is a problem in itself. First they want to know your age (they're pretending: of course they want to know your identity, but let's leave that for a moment). What's next? Your US legal status as determined by your ethnicity? Scan your face to prove you're white? Yeah, that sounds absolutely ridiculous but so did the age verification with KYC just a few years ago. |
| |
| ▲ | Rebuff5007 2 hours ago | parent [-] | | Why are those things naturally "whats next"? We allow bars and car companies to verify age before conducting business. Does that in itself lead to racial discrimination? I think not. | | |
| ▲ | usrnm 2 hours ago | parent [-] | | The issue is the scale and centralization of information. Let's imagine that every bar has to not only check the id of every customer but do it automatically: every time you enter a bar anywhere in the country you must have your id scanned by a government-issued system. Are you still ok with it? | | |
| ▲ | stymaar 2 hours ago | parent [-] | | That's why we need privacy preserving designs. But saying “we must abandon the idea of age verification in bar” is never going to work in any democratic setting. Voters genuinely want to protect the children, without second thoughts. | | |
| ▲ | jonathanstrange an hour ago | parent [-] | | Why do parental software / settings and filters not work? Aren't there even approaches based on whitelisting? |
|
|
|
|
|
| ▲ | anax32 3 hours ago | parent | prev | next [-] |
| And it is focussed on social networks, which require an email address, which usually implies a device. But instead of inserting controls around email addresses (as with paid services) or devices (as with contraband), the requirement is pushed to the application layer. It really makes no sense from a technical POV. |
|
| ▲ | mdp2021 5 hours ago | parent | prev | next [-] |
| > and it would be perfectly fine Unless a tiny chance exists that some system in the middle is not secure. Then you have the problem of those who orient their acceptance to the "oh well" shrug, and then systemic faults get downplayed by default. (Edit: I re-read and notice 'half-baked systems': seemingly, we agree.) > as a political posture Which is the core problem of masses accepting pseudo-heartly and not-brainy unacceptable figures. And again, systemic faults incarnated as administrations get downplayed by default. |
|
| ▲ | g42gregory 4 hours ago | parent | prev [-] |
| "Age verification" is designed to attribute your identity to your online presence. As such, it's done just right. |
