Get the top HN stories in your inbox every day.
Bender
The one and only method I will participate in is server operators setting a RTA header [1] for URL's that may contain adult or user-generated or user-contributed content and the clients having the option to detect that header and trigger parental controls if they are enabled by the device owner. That should suffice to protect most small children. Teens will always get around anything anyone implements as they are already doing. RTA headers are not perfect, nothing is nor ever will be but there is absolutely no tracking or leaking data involved. Governments could easily hire contractors to scan sites for the lack of that header and fine sites not participating into oblivion.
I a small server operator and a client of the internet will not participate in any other methods period, full-stop. Make simple logical and rational laws around RTA headers and I will participate. Many sites already voluntarily add this header. It is trivial to implement. Many questions and a lengthy discussion occurred here [1]. I doubt my little private and semi-private sites would be noticed but one day it may come to that at which point it's back into semi-private Tinc open source VPN meshes for my friends and I.
rpdillon
This is exactly the way it should be done. Device with parental controls enabled disables content client-side when the header is detected. As far as I can tell, it's a global optimum, all trade-offs considered.
SoftTalker
Well why haven't all the big tech companies done it then?
They have only themselves to blame. They had years to fix the problem of inappropriate content being delivered to kids and their response was sticking their fingers in their ears and saying "blah blah blah parenting blah blah blah"
And it really should be the opposite. Assume content is not kid-safe by default, and allow sites to declare if they have some other rating.
jonplackett
The reason is that this whole push for age verification is nothing to do with actually stopping kids seeing the content. If it was then this kind of solution would be being legislated for. It’s just about making everyone identifiable.
fc417fc802
Because it isn't in their financial interest. They've either done nothing or actively lobbied for these ID laws. You can plausibly explain it in a number of ways, including regulatory capture, deanonimization, spam reduction, etc.
cootsnuck
Because you can't have a tech company offering third party identity verification solutions if you just go with something like an RTA header.
estimator7292
The tech companies are the ones lobbing for age verification.
The entire point of this scheme is mass surveillance and shifting responsibility away from big tech companies. It has nothing at all to do with "protecting" kids. Preventing kids from accessing adult material is not even remotely a goal, it is a pretext. Just like every other "think of the children" argument.
themafia
> sticking their fingers
I actually think it was giant wads of cash.
traderj0e
Or could have a header saying this is not adult-only content, and a parentally-controlled device will block things that don't participate.
Bender
That's a good idea. There could be two headers, the existing RTA header that adult sites use today [1] and another static header that explicitly states there shall be no adult content.
[1] - https://www.shodan.io/search?query=RTA-5042-1996-1400-1577-R... [THESE ARE ADULT SITES, NSFW]
bluGill
What is adult content? I know parents who have no problem with their kids seeing porn. I know parents who give their kids a beer. I know parents who take their kids to violent movies. I used to know parents who will give their kids cigarettes. Most parents I know will disagree with their kids doing one of the above. I know songs that were played on the radio in 1960 that would not be allowed today, even though today we allow some swearing on the radio.
fc417fc802
Yes, the RTA header was primarily a solution specific to porn sites. The broader problem is that parental controls don't have reliable standardized signals to filter on which has led to the current nonfunctional mess.
So ideally you want a standardized header that can be used to self classify content into any number of arbitrary and potentially overlapping categories. The presence of that header should then be legally mandated with specific categories required to be marked as either present or absent.
So for example HN might be "user generated T, social media T, porn F" or similar with operators being free to include arbitrary additional categories (but we know from experience that most of them won't).
While this would be required by law, I imagine browser vendors might also drop support to load sites that don't send the header in order to coerce global compliance.
Induane
I always love seeing pros and cons of whitelist vs blacklist sorts of strategies in different scenarios.
traderj0e
Yeah, and this is a good one. Blacklist is less likely to be ignored by parents. Both have risks of corps doing CYA strats, but less so with the blacklist. Whitelist has the advantage of being more feasible without an actual law, and also better matching how parenting works. Generally kids are given whitelists irl.
undefined
LooseMarmoset
An outstanding idea. Those lobbying for age verification hate it though, because they want to be the arbiters of age, and all that juicy PII that they can analyze and resell.
intrasight
What PII? They get a boolean "old enough"
xp84
If technically competent people specify and build this system, sure. But it’ll be specified by complete idiot politicians, influenced by Google and Meta, who 100% DO want to know your government name, DOB, etc., so we’ll end up flashing our IDs at the camera, turning around to be scanned, etc. The platform owners will tell us they “deeply care about our privacy.”
LooseMarmoset
Think about how they validate how old you are. Meta and Google, who are lobbying in support of this legislation,will force you to sign up with your real ID, and be the arbiter for questions like “are you old enough for this website”. For every request that you make through some third-party website that needs to know your age, Meta and Google will know where you tried to login, and for which content. They will then resell this data to the highest bidder. Additionally, through all their ad networks and tracking, they will follow your session and have verified ID to match your entire browsing history. This is the end of anonymity and privacy on the Internet.
EmbarrassedHelp
Age verification companies literally require your personal information to function. They don't want you to be able to send them a simple boolean over Tor in exchange for whatever trackable token you need to access something.
antonvs
Are you a collaborator, or just stupid?
phendrenad2
I'm not so sure. I think the push is from the government actually. But companies are not exactly opposed to it. Quite the contrary. Big corporations see compliance as a moat. Tobacco companies supported stricter regulations on tobacco advertisements, because they had the deep pockets required to follow the changing laws. Mr. Altman is all-in on AI regulation, because it will mire down competitors while OpnAI has already "slipped past the wire" and done all their training pre-crackdown. When given a choice between regulating their industry (platforms and operating systems) vs regulating someone else's (porn sites and the like) they'll always helpfully "volunteer" to be the first to be regulated. It's just good business.
elliotec
"The government" is the same as those lobbying the government. The people in the government get paid to push it, so they push it, and get paid more when it goes through, by the people who want that PII to analyze.
kyledrake
Interesting, I've never heard of this. I see an example that involves an HTTP response header "Rating: RTA-5042-1996-1400-1577-RTA". But does this actually still get used by parental controls? I didn't run into a lot of documentation about this, including on the very badly designed RTA web site https://www.rtalabel.org/
For anyone curious about the value, the numbering on the value is just a fixed number everybody decided to use for some reason that isn't clear to me.
I would deeply prefer to do it this way, but my goodness the RTA org needs a serious brush up of their web site and information on how to use this.
Bender
But does this actually still get used by parental controls?
Some parental control applications will look for it but it is not yet legislated to be mandatory on a majority of user-agents.
All I am suggesting is we legislate the header to be added to URL's that may contain material not appropriate for small children and mandate the majority of user-agents the ones that are default installed on tablets and operating systems look for said header to trigger optional parental controls. Child accounts created by parents on the device should not be able to install alternate user-agents or bypass the controls (at least not easily). Parents should be guided through this on device setup.
Indeed their site is old and rarely touched. The ideas and concepts have not changed. It really could just be a static text site formatted in ways that law makers are used to or someone could modernize it.
big85
Back in the late 90s or so, there was a proposal to have sites voluntarily set an age header, so parents/employers/etc could use to block the site if they wish. People said it would never work, because adult sites had a financial incentive not to opt in to reduce their own traffic.
masfuerte
The porn companies already set the RTA header. It was designed by an organisation funded by the porn companies.
https://en.wikipedia.org/wiki/Association_of_Sites_Advocatin...
motbus3
It seems there is a GitHub repo somewhere mapping Meta money to lobbyists inside other companies Which is at least interesting
thesuitonym
What, in the same way movie studios wouldn't comply with the Hayes Code, or comic book publishers wouldn't comply with the CCA, or games publishers wouldn't comply with the ESRB? The financial incentive is to police yourself, because government policing is much, much worse.
nine_k
There's a great relevant quip: "If you think that the cost of compliance is high, try noncompliance".
breezybottom
Sure but the government doesn't police corporations in the US anymore. The Hayes code was before neoliberalism.
iamnothere
You’d think that one could simply block sites that don’t have the age header set on child computers. This may block kids from hobbyist sites that don’t bother to set their headers as kid-friendly, but commercial sites would surely set their headers properly. Over time sending proper rating headers would become more normalized if they were in common use.
This still isn’t perfect, as it creates an incentive for legislators to criminalize improper age header settings and legislate what is considered kid-appropriate. But it’s still better than this age verification crap.
ryandrake
An age header is not the answer. Why should a site have to decide what content is appropriate for a 18 year old and what content is not? Who is qualified to make that decision for every 17 year old in the world? Do they know my 17 year old? Do they know the rules in our home? What if I'm OK with my kid seeing sex-education stuff, but some lawyer at Wikipedia just decides to tag sex ed articles as 18+? Now I have a shitty choice: Open up the floodgates of "18+" to my kid, do it temporarily while the kid browses the sex ed sites, or not let the kid browse them.
Letting a company or government decide what's appropriate for what exact specific age is fraught with problems.
Scaled
Yes, that's how parental filters already work. They use a combination of rta tags and external data to block pages. Even works with Google safe search, firewall devices, etc. The rta ecosystem is already built out and viable.
Bender
What I am suggesting could address most of that. If they do not participate they get fined. The government loves to fine companies. This assumes they put enough "teeth" into a law that prevents companies from accepting fines as the cost of doing business. This would also require legislation that could block sites that operate from countries that do not cooperate with US laws. Mandatory subscriptions to BGP AS path filters, CDN block-lists which already exist, etc... People could still bypass such restrictions with a VPN but that would not apply to most small children. Sanctions and embargoes are always an option.
Barbing
>fined
Exactly. If you’re hurting kids to make more money selling porn videos, straight to jail.
I’m glad there are solutions that won’t ruin the Internet. Now the uphill battle to convince our legislators (see: encryption & fundamentally technically ignorant calls for backdoors).
I’m here to die on this hill!
btilly
People were wrong.
We pay money online mostly through credit cards. Credit card transactions can be reversed. If children spend money on porn, those payments are likely to be reversed. This is really bad for the ability of the porn sites to continue receiving credit card payments, and continue making money.
An age header is a trivial step that can reduce the odds of the adult site receiving payments that later get reversed. Win, win.
But if someone is willing and able to pay, then the adult industry wants the choice of whether to access content to be up to them. If government tries to regulate them, they'll engage in malicious compliance - do the minimum to not be sued, in a way that they can still reach customers.
For example Utah tried to institute age verification. The porn industry blocked all IP addresses from Utah. Business boomed for VPN companies in Utah. Everyone, including porn companies, knows that a lot of that is for porn. But if you show up with a Nevada IP address, the porn's position is, "You're in Nevada. Utah law doesn't apply." Even if the credit card has a Utah zip code.
If you live in Utah, and you're able to purchase a VPN, the porn companies want your money.
scythe
>But if someone is willing and able to pay
If someone is willing and able to pay, they have a source of money. If they aren't allowed to buy something, that control should be applied at the level where they get the money. If the child is using an adult's credit card, responsibility lies with the adult. If children need to have their own credit cards, the obvious point of control is the credit card itself.
But also, most porn is ad-supported, pirated or free. Directly paid content is a small fraction. So all of this is moot for porn.
numpad0
There was a random comment here on HN few days back that adult contents have lower chargeback rates than everything else.
So ig stop spreading hallucinatory misinformations?
Lammy
> Back in the late 90s or so, there was a proposal
This one: https://www.w3.org/PICS/
Bender
PICS was very complicated and attenpted to cover all possible "categories" of adult content. It was confusing, incomplete and only a handful of sites voluntarily labelled their sites with it. RTA is one simple static header that any site operator could add in seconds unless they get more complicated with it by dynamically adding it to individual videos say, on Youtube which means in that case the server application would need to send that header for any video tagged as adult.
I added PICS to my forums but it was missing many categories of adult content. I ended up just selecting everything as I could not predict what people may upload which made for a very long header.
areeh
Yeah this seems like the best tradeoff. You avoid the central control infrastructure and you provide information to clients. It's also a great match with free computing devices, which can then utilize the new information, empowering users (eg parents -> parental control on device, or individuals who want to skip some kinds of content).
There are issues today with this approach such as lacking granular information for sites that have many kinds of context, but if you stop investing in the central control infra and invest in this instead that could be remedied.
thayne
I agree with the general idea, but I would like this header to be more fine grained than just a binary "adult" or not. For example, so that you can distinguish between content that is age appropriate for teenagers and older from content that is suitable for all ages.
tardedmeme
It should indicate which exact HTML elements are classified, so that a social media feed can selectively tag posts on the home feed.
jayd16
A MIME type for every genre.
marcosdumay
The header should be the other way around. It should inform your site will not contain adult material. The local government should scan sites participating.
Anyway, yes, that would just solve the problem and not destroy anything. What is the reason why nobody is talking about it.
ketamine
An anecdote: I am 40 years old and I have an Onlyfans account. I enjoy some hippie chick that makes pottery and takes pics of herself without clothes on.
I went on vacation to Tennessee and tried to log in and it said I needed to verify with their identity verification provider. Of course I refused.
Now I am home in a different state and still cannot log in. I contacted support and because I was detected in TN once irrespective of my name and address and credit card info in their system they refuse to let me back in.
Support said they canceled my subscriptions for me because you can't even access that part of your account.
It's ridiculous this is where things have landed. And it's not even stopping porn in the slightest it's just making it harder for honest people to pay for what they like. And so the government can track us more easily. Wish I could do something other than vote with my wallet.
snek_case
> it's just making it harder for honest people to pay for what they like.
I have a female friend who creates that kind of content. Her take is that this is very much intentional. There is a general crackdown on porn in the US. They're not just trying to make it difficult for the clients, but also difficult for people to make this kind of content, distribute it and get paid for it.
Of course none of this makes sense. There are VPNs and there is bittorrent. All of this is just making this kind of stuff more underground. In China porn is fully illegal, but people still share bootleg porn on thumb drives.
chirsz
In China, people generally share porn through closed social network groups.
conradfr
Given what we know about China's internet, is there any real privacy in those groups if authorities wanted to crack down on them?
undefined
dlcarrier
New man-in-the-middle attack: proxy the request through an IP address tagged as a prohibited location, and you can permanently deny access without ever needing to modify or even decided SSL/TLS.
itake
I have the same issue with sales tax.
I moved to asia about 1.5 years ago. But b/c my credit card's billing address is still in the state of WA, Apple and other subscriptions think they should still charge me a sales tax. To remove the sales tax, I have to cancel the subscription and re-create it (losing my grandfather'd rates).
It's insane.
cooper_ganglia
THe government shouldn't be raising anyone's children, that's what parents are for. If you're a bad parent, your kids will get access to bad things and could become an adult failure.
The future of your family and your legacy is up to you, not the government. We don't need age verification to restrict the social darwinism of raising children.
DontBreakAlex
I wish I could upvote this comment harder. I started having unsupervised internet access (with the family computer in the living room) when I was 8. I'm a functional and successful adult because I trusted my parents. When my mother forbade me from registering on online forums I complied. When I read "fellation" in some minecraft chat (albeit somewhat later) I asked my mom what it was and understood that "sex" was something for the grown-ups and that I shouldn't worry about it. All because I would never even conceive that my parents wouldn't do what's best for me, and was unconditionally loved (even though I didn't know about this concept).
I would rather have parenting licenses than online age verification
piperswe
I'm a functional and successful adult despite doing plenty online behind my parents' back as a kid. I don't think that part of our upbringings had as much of an effect on us as you suspect.
DontBreakAlex
And I also suspect you did not grow up with kids whose parents clearly would like them to go away and stop bothering them. I also did lots of dumb stuff in my parents' back. The nuance here is that when you know that your parents love you, you'll tell them once you do something that's actually harmful/a big mistake, because you trust they'll help you instead of punishing you. I've seen people make "questionable" life choices, in my opinion, because they've learned, consciously or not, to not seek help from others and always hide/blame on others every problem them encounter.
abustamam
Yeah I'm not sure why the govt or any other 3rd party needs to get involved. If I don't want my kids to look at porno online I will educate them on porn. If I don't trust my kids to listen to me then I will install an open source monitoring software and educate them on trust.
Letting the govt dictate what is age restricted is an easy way for the govt to control speech and narrative. For example, children's books that feature LGBT characters are being reclassified as adult [1], thus requiring additional verification. If I do/don't want my kids to read LGBT books, it's my decision. The govt should not dictate that. What else will the govt reclassify? Anything involving people of color?
techblueberry
“If I don't want my kids to look at porno online I will educate them on porn“
I can’t tell if this is a joke, is this a joke?
denkmoon
Western society, for better or worse, is set up such that parents need to resume work as soon as possible. Saying the government has no responsibility in child rearing ignores the economic reality of parents.
cooper_ganglia
"Because I have a job, it is now impossible for me to raise my children. I have to outsource this to a council of legislators because I'm simply too busy!"
Bad argument, bad outcomes. These are exactly the "bad parents" I was referring to in my original comment. The government HAS no responsibility in raising your child, but they would LOVE to change that. It's absolutely imperative for the human race that that does not happen.
denkmoon
Besides the bad reinterpretation of my point, how to solve the problem? It is simply insufficient to say "yeah both parents work full time with the sword of damocles hanging over their head but too bad so sad". Without changing the economic situation there is no changing the child rearing situation. One caused the other. It's all well and good to say this is imperative for the species but I see no solution offered. The economic situation must change and the government is responsible for this.
bdangubic
By western you mean America? Cause this is true only in America.
denkmoon
Absolutely true in Australia. The parents I know are either rich enough to outsource it or basically fighting for their life managing work and childrearing.
And to add salt to the wound, it's the people on the positive side of the economic bell curve that have strong familial support networks where grandparents and uncles and aunts can contribute to childrearing, while those on the other side of the curve can't always rely on having those support networks. A generalisation of course, but a relevant one.
gib444
It's also true in the UK. High housing costs, high living costs and low wages means two parents need to work as much as possible.
Fervicus
This points get brought up in every thread about this topic, and although I agree with it completely, I feel it's the wrong point to make. They don't want to raise our children. Caring about the children is just pretense. The goal is surveillance. So this is a moot point, really.
furyofantares
I keep thinking we can't fight age verification by just saying "no" to it, and have to offer an alterative.
Maybe we need to turn it on its head, point out that if we want legislation to help out with this, we could choose legislation that gives power to parents. Age verification laws put the power directly into the law itself, they're a blanket solution that gives all the power to legislators and that prevents parents from making decisions about what's appropriate for their kids and what isn't.
If the market isn't delivering the level of parental controls people want, then sure, maybe legislation is needed. But it should be legislation that improves parental such that parents can make decisions about what's appropriate for their children.
abustamam
Yeah I agree. Let me decide what's appropriate for my kids. Like for video games or movies... A game rated M for foul language and nothing else might be OK for my adolescent kid. A game rated M for excessive nudity and sex probably not.
themafia
> and have to offer an alterative.
It's called "software." It already just exists. It's sold for the purposes of locking devices down so they're safer for children to use.
> point out that if we want legislation to help out with this
Make this software tax deductible. The end.
HerbManic
As much as this is true, no disagreement, there is the issue that we are all fighting against systems that have billion of dollars of studies and A/B testing designed to completely subvert said parenting abilities.
It was difficult enough back 20 years ago when you have TV advertising that just shot gun out the messaging in the hope of landing a target, now it is algorithmically targeted. Even if you can keep this stuff under control in the home, outside of the home these influences can still bleed in from others.
But having the government use mandatory age restrictions, that is a wild over correction. They shouldn't be parenting kids in the same way corporations shouldn't be doing it either.
Alas we are walking into the wild contradictions of libertarian thinking and authoritarianism. Liberal companies have no checks and balances, authoritarian governments take peoples freedoms in the name of "safety".
The deeper questing is to all of these technologies that have have imbalanced positive and negative outcomes. If you cannot balance it, you either have the worst outcomes happen or you end up with an authoritarian reflex to control the technology and those that use it. Rarely do we take the middle path, that being government control of the businesses.
That is seen as touching the political third rail, but that instinct is now by design.
You can see the thinking that goes, the best solution was to never invent it to begin with, but that is just wishful stuff that doesn't really contribute.
I have no solutions and barely any responses other than, this is some predicament we find ourselves in.
illiac786
I do agree fundamentally, but you are making a lot of assumptions about the parents here. Many do not have parents able to do this. Do they not deserve some protection against such content?
Blaming the parents for their failures is not going to help the kids.
That being said the current approach really has nothing to do with protecting kids and everything with tracking us.
mghackerlady
Also, different kids mature at different rates. I wouldn't give a shit about my kid watching, say, an R rated movie if I understand they'll be able to handle it and understand it's fiction. If I had a 14 or 15 year old and they had a healthy understanding of sex and the dangers of porn, I wouldn't give a shit if they managed to see some poorly drawn tits online. Why? Because if you didn't intentionally seek out lewd content as a teenager you're either very very religious or a liar
samplifier
Duke Nukem 3D had bouncy pixels that made it "tickle down there". Also: monochrome women "eating bananas".
tekknik
California and a slew of other states deemed it necessary to step in and take over for parents with transgender kids didn’t they? even threatening to take a child from their parents should they refuse gender dysphoria treatments.
it seems to me the left already opened this can of worms.
ronsor
There's an angle everyone misses.
Mandatory age surveillance everywhere is only going to result in massive, normalized ID fraud. You thought fake and stolen IDs were a problem before? You haven't seen anything yet.
And half of it will be from adults trying to avoid privacy invasion.
dylan604
Not so sure about that. Handing an ID to a bouncer at a bar or similar is not logging anything. Mainly it's some big man that you can see gears turning to see if the date is correct and a cursory glance to see if the photo matches. Sophisticated places might have a scanner that does what ever validation it does, but again, it's just another cursory check of the photo. Most of these people really don't care.
A tech company doing scans for validation could actually connect to a state database to verify the ID is legit and is not already being used for a different account. It would then be saved. I don't think real world vs tech world usage of fake IDs are the same at all.
unselect5917
>Not so sure about that. Handing an ID to a bouncer at a bar or similar is not logging anything. Mainly it's some big man that you can see gears turning to see if the date is correct and a cursory glance to see if the photo matches. Sophisticated places might have a scanner that does what ever validation it does, but again, it's just another cursory check of the photo. Most of these people really don't care.
Not necessarily true. There's a local stripclub that scans and saves the scan to fight chargebacks and the like. It is definitely logging stuff. They've told me that they were going through the logs once and the bartender ended up googling my fullname. We're cool and I didn't care, but this what you said is not a blanket true statement. I trust a physical business that I can visit far more than some ID verification company that is going to get hacked at some point.
tekknik
why would you trust a physical location who typically wouldn’t have a robust architecture or any opsec but not trust an online first business that likely has opsec and monitoring?
stavros
I've seen this before in London too in some venues. They have full-on computers that scan your passport and take your photo, for the express purpose of storing this info.
schnitzelstoat
The tech companies care even less than the bouncers do.
They just want a plausible defence should it ever end up in court.
undefined
dylan604
tech companies care even less? how do you arrive to that conclusion? tech companies log/store EVERYTHING. this would be an absolute boon for them to be able unequivocally assign to you all of the data they track about you. suddenly, anonymous analytics become identified data and not just deanonymized data.
dpark
How does a tech company calling into a government database to verify your identity maintain your anonymity?
atmavatar
It does the opposite: allowing the government to track your online activity as a side-effect of site owners' validating your ID every time you visit.
That's the point, and it's a big part of why opposing online age verification is a hill to die on.
chimeracoder
> Not so sure about that. Handing an ID to a bouncer at a bar or similar is not logging anything.
> Sophisticated places might have a scanner that does what ever validation it does, but again, it's just another cursory check of the photo.
Many/most bars do scan IDs now. Ostensibly it's to verify that it's real, but they do use those systems to keep a log of everyone who enters.
basisword
They also use them to flag people who've been previously banned and the systems work across venues. The idea that verification in the real world is cursory is not accurate.
aqme28
Well then it’s a good thing my fake id is from a state or foreign government without a checkable database
pdntspa
> Handing an ID to a bouncer at a bar or similar is not logging anything.
Some of the bars in the party areas of my college town have a digital scanner they hold the ID up against, and they even had a screen showing a scrolling Wall of Shame of fake IDs. And they had this like 20 years ago. So I would not necessarily agree with you here
mianos
Like prohibition and the overtaxing of cigarettes in Australia, ID fraud will just become criminalised and the government will lose all control. There are pros and cons to this.
techblueberry
I think we should go a step further and log every activity a person takes the blockchains. There will be no ID theft because your DNA will be used to cryptographically authenticate your user.
cootsnuck
Sam, we're not going to use your weird eye scanning orb.
raxxorraxor
It would be a good market, I would like to pay for an ID in my or compatible countries. As far as the systems work that I have seen, this is more or less a permanent pass.
But the real problem is that governments again try to censor online content, nothing else.
My country doesn't even run children's homes without many incidents and nobody cares for that. But it tries to track citizens through things like corona apps. It cannot propose any trusted entity that could verify and ID information about me.
scotty79
ID system should be based on commercial bank. If you need to prove your identity or whatever about yourself just tell them to ask your bank and bank will ask you which information about yourself you are willing to share with whoever requested to confirm something about you.
When ID is tied to your bank account you guard it like you guard your bank account. Because it is the same thing. This will drastically lower the incentives to "share" your identity with anyone.
What's more this system is already operational in many countries.
frmersdog
>Banks
I wonder how many months until this suggestion becomes slightly embarrassing. I barely want my banks to know what I buy and to be responsible for my money. I really don't want them knowing everywhere I go online. Especially when "my" bank goes under and all of my data gets sold off to whoever takes it over.
TFNA
> I barely want my banks to know what I buy and to be responsible for my money. I really don't want them knowing everywhere I go online.
Bank ID systems, at least the ones I’m familiar with, don't work like that. Your bank confirms your identity to the authentication provider, and the authentication provider sends you on to the site you are logging into. The bank does not see the site you are visiting.
tardedmeme
And what about debanked people? Are they now also deporned - and deyoutubed? Many of those people are debanked because they were politically risky, for example whistleblowers - are we now saying whistleblowers can't upload whistleblowing?
Hikikomori
Plenty European countries have eID without these issues.
laserbeam
You use eID when explicitly interacting with a govt entity or bank or otherwise similar institution because you have to and want to prove who you are. Yes, I do want to prove who I am when I file taxes, vote or want to start a business...
You don't use it when just browsing randomly on the internet. You don't use it to buy games on steam. Your computer isn't forced to store it because a law arbitrarily says so.
barbazoo
Why not, seems to be made exactly for this purpose if you look at the "‘Age over 18’: true" flag. What's bad about that solution?
> The technical solution for an EU age verification app is privacy-preserving, open source and user-friendly.
> First, the user downloads the app onto their phone and sets it up by certifying their age. This can be done with a biometric passport/ID card, a national eID (e.g. national ID Card or other electronic identification mean), a pre-installed third-party app (e.g. a banking app), or in person (e.g. at the post office). Only the information confirming that the user is over the age will be saved in the app. No name, no birthday, or any other data is saved.
> After completing this step, the communication between the app and the provider certifying the user’s age (e.g. eID, third-party app) ends. No further data is exchanged.
> The app is then ready to be used online. When an online platform asks to verify the user’s age, the user can use the app to communicate they are over a certain age (e.g. ‘Age over 18’: true) to the platform.
https://digital-strategy.ec.europa.eu/en/faqs/eu-age-verific...
SiempreViernes
I usually buy games on steam using a process that does involve my bank, do they actually take bitcoin or cash posted in an envelope?
kelvinjps10
if it's done by the government, what prevents the goverment to not allowing opposition members to access social media? I think social media and porn are harmful for children but still
Hikikomori
I don't disagree with random browsing. I do use it to buy games on steam as any online purchase on my card uses it. And my computer doesn't store it, my phone does.
goda90
Age verification can be achieved without destroying anonymity and privacy online using anonymous credential systems, but it has to be designed that way from the ground up, and no one pushing age verification is interested in preserving privacy.
Aurornis
This comes up in every thread, but the purpose of the laws is not to verify that someone can access an anonymous token. If we had a true anonymous token system then everyone would just share tokens around.
The real world analog would be if you could buy beer at the store with anyone's ID because they didn't make any effort to reasonably check that the ID was yours or discourage people from sharing or copying IDs.
The systems enforce identity checking because that's the only way age verification can be done without having some reason to discourage or detect credential sharing.
The retort that follows is always "Well it's not perfect. Nothing is perfect." The trap is convincing ourselves that a severely imperfect system would be accepted. What would really happen is that it would be the trojan horse to get everyone on board with age verification, then the laws would be changed to make them more strict.
miloignis
Matthew Green talks about this in his blog on the subject: https://blog.cryptographyengineering.com/2026/03/02/anonymou...
The two methods that seem feasible are making it hard to copy (putting it in the secure element in your phone, for example, which I don't love) or doing tokens that can only be used a limited number of times per day, like in : https://eprint.iacr.org/2006/454
angry_octet
If it's a rolling cert with rate limits I think that solves the problem, particularly if access to the client cert allows the client to make a financial transaction, e.g. of $100. So you wouldn't share the client cert with randoms because they would just take your $100 and you'd be blocked.
Finally, a way to use blockchain for good.
nitwit005
Continuous age verification isn't possible, so you'll have to store some sort of proof of age somewhere, and that proof will always be sharable.
Let's say Facebook has verified my age somehow. I could share my Facebook login credentials, or the token that their authorization server sends back in response. You can create some hurdles to doing that, like requiring a second factor, but I can just share that too.
You might as well go down the route of accepting that possibility. These systems are never going to hold up in the face of a determined enough teenager.
dwaite
That really depends. A zero knowledge system would show to the verifier that the person is authorized for access _right now_, but thats just the answer to a particular challenge. Outside of the verifier who knows they came up with a random challenge without bias or influence, the response would mean nothing.
I think a lot of age verification systems are the solution to the real core of legislation - to make companies liable for underage viewing of content. To put such legislation in place without providing a feasible way to accomplish age verification would be argued as discriminatory.
In that sense, a zero knowledge system which doesn't give a company non-repudiation so that they can defend themselves in court may very well be insufficient. And that will require tracking identity long-term, although it could be done with a third-party auditor under break-the-glass situations with proper transparency.
undefined
goda90
Make it a duplication resistant hardware token that you can get for free then. The stakes just aren't high enough to worry about these kinds of edge cases.
dpark
Yeah, right. So the government is going to spend billions on “porn tokens”. That’s going to get through the legislature.
I’m sure there wouldn’t be a brisk illicit trade in these tokens either. Certainly no one would be incentivized to sell these tokens to teenagers for easy profit.
akersten
The stakes just aren't high enough for us to implement any of this crap for the Internet in the first place. Let alone an entire government-administered hardware supply chain.
dpark
No it really can’t. Age verification requires identification.
Even if you could anonymously verify age to issue a “confirmed adult” credential, the whole chain of trust breaks down if one bad actor shares their anonymous credential and suddenly everyone is verifiably an adult.
The solution to that attack is naturally to have some kind of system for sites to report obviously-shared credentials. Which means tracking.
goda90
There's already authorities that know your age, so verifying age with them to get the credential isn't the part that needs to be anonymous. The issue is them knowing what you do with your credential, which anonymous credentials solves by making it impossible to track tokens back to the credential holder. As far as sharing, there are some possible mitigations.
dpark
Right. And the possible sharing mitigations generally amount to tracking.
This isn’t even getting to the issue that mandating government-issued credentials is the “foot in the door”. If you mandate the use of government creds for accessing websites, it’s an obvious step to turn around and demand that sites report credential use to “fight credential fraud”.
armchairhacker
But likewise, someone can share (or have stolen) their ID
wesselbindt
The destruction of privacy is the whole point.
Seattle3503
Only for a subset of people. Many would accept solutions that preserve privacy. Divide and conquer. Remove supporters from the anti-privacy group.
2ndorderthought
Yep look who is backing these regulations. It's absolutely for no other purpose than to further enable surveillance capitalism and the surveillance state.
EmbarrassedHelp
> Age verification can be achieved without destroying anonymity and privacy online
Yeah its extremely simple. You provide a simple message asking the user if they are an adult, and they either click "yes" or "no". That method requires exchanging zero personal information with anyone, other than a simple boolean value to the site/service you are using.
Any other system requires letting a third party violate your privacy.
everdrive
This is something that's technologically feasible, but will never happen in practice.
nonethewiser
Yes, but this is not popular among technologists (see the average sentiment towards age verification here). Legislators aren't going to build technology. This will happen if age verification actually becomes a widespread requirement. But until that point the prospective builders will be fighting the entire premise of such systems.
undefined
wmf
Apple and Google have already implemented private age verification.
Forgeties79
And they continue to act like opposition just wants a wild west/don't care about kids, which is the oldest trick in the book. We just don't want "protect the kids" leveraged to tear up our rights.
It's addressing a real problem in a bad way.
jMyles
I mean, it's more than that. I _want_ to protect kids' right to be part of the human connectome. The "protect the kids" (by disallowing them their freedom of thought on the internet) is just naked ageism.
dpark
So do you want 5 year olds driving on the highway and 8 year olds doing shots of tequila or are you ageist?
Or perhaps protecting kids isn’t really ageism at all.
Forgeties79
Fair point
angry_octet
[dead]
cameronbrown
I’m in the UK and we recently got the Online Safety Act. We failed, this legislation is very popular with voters and not getting rolled back. Those that dislike it use a VPN and aren’t interested in fighting. I’d say most of the public here is exhausted with cost of living and internet freedom just isn’t relevant to their voting habits.
I grew up around a lot of the hacker ethos, open internet, Information Wants To Be Free etc… feels like a part of my identity is being striped away by my government.
HerbManic
Push back to legislation must be on going and any time it is defeated, the success is only temporary. The government can just line up and try again shortly afterwards and they only needs to successful once.
You can win the battle but lose the war. By the time the average folk realize the extent of these issues it will be way too late.
I think back to how the technology space was 25 years ago. When the biggest privacy fear was that a Pentium 3 had a processor ID and Windows XP would send your system specs to get a security update. Look at how far we have fallen since then and the pace is only speeding up.
Cider9986
Do you just use a VPN? If not what website have you seen age/identity verification on that you find most ridiculous?
tardedmeme
The hacker ethos and open internet happened when the government was worse. It was illegal to send encryption outside of the US. Hackers used civil disobedience, some risked jail time, some actually went to jail, some are still in jail today or dead, and the world got a bit better as a result of their courage to break laws.
undefined
Nevermark
This is why we need verification technology that protects identity. Implemented as anonymous verification, without distinguishing between adult age, or permissioned by parent.
That solution doesn't negate parental freedom of choice, it facilitates it.
I am baffled at how often the "they don't want it, because of their ulterior surveillance motivations, therefore it isn't a solution" argument is made. "They" don't want it because it is a solution to the nominal problem, that they cannot abuse, and would negate their ability to use it as a cover with a large well-meaning voting constituency.
Two problems, nominal and ulterior, resolved in the right way by one solution.
When a nominally sensible problem is used as a cover for overreach, solving the nominal problem in a healthy way is the best offense. The alternative is an endless war of attrition, and the "hope" that politicians resist the efforts of well-paid lobbyists and tens of millions of well-meaning voting parents forever. That is a ridiculous strategy, doomed to fail, delivering irreversible damage. As is already evident by the abusable laws that are accumulating.
I worry at the lack of political acumen and foot-gun reflexes in the ethically-motivated technical community.
Stop endlessly fighting to lose less. Just play the winning move already. Stop the irreversible damage.
sysreq_
I think part of the issue people are missing is what the late Randy Pausch would call a “head fake”. My specific autism is not privacy, digital security, none of that. So I will be honest about my gaps. But from my little corner what this is about is geopolitics - specifically a potential war with China. If you zoom out to the macro level first understand the reason China setup the Great Firewall. Why countries like Iran cut the internet whenever there are protests. These are, first and foremost, defensive measures against foreign influence. America is subject to these same outside forces. The difference is that our free and open society makes things like "a Great Firewall" simply unpalatable to the American people. And rightly so. But it is also becoming increasingly evident that these malign actors are using our own values against us.
Russia for example aims to sow discord. One classic example is the Black Lives Matter movement. This was not a Russian disinformation campaign - but they did propagate views that exist outside the bell curve of the moderate. They push scenes of cops being under siege for the right and racist policing for the left. They amplify the voices of the most angry, the most extreme and the most radical on both sides of the spectrum to create confusion, distrust and societal division.
China by comparison takes a much more subtle view. They choose to erode what they call "civilizational confidence" by highlighting systemic failures, inconvenient truths, or otherwise undermine institutional credibility. When you read an article and find a moderating factor buried in the last paragraph that is the flavor of Chinese action. The general malaise about American exceptionalism failing and China's inevitable ascent stems from their work. Rather than pure division they aim to emotionally exhaust you into "acquiescence from inevitability".
There is hardly a nation on the earth that is not involved in some way in the American discourse - each pushing and pulling to their own aims and individual agenda. Historically there was a sort of Nash equilibrium with Americans caught somewhere in the center. But as the loudest voices, or rather the most well funded, begin to dominate the discussion via social media and covert funding, we are seeing it become increasingly problematic for American democracy. That is why you are starting to see this consensus over 'verification' and 'identification' begin to coalesce. The government, both left and right of center, has begun to realize the long term ramifications of these actors.
So how do you solve that inherent tension between our intrinsic right to free-speech and those who would abuse it to cause us actual harm? An independent, 3rd party verifier with limited scope makes sense - but would that solve the greater geopolitical implications? In truth I've long expected social media like Reddit, Facebook, et al. to formulate a body of their own like the MPAA. But likewise I don't think there is a clear answer here. Do you trust the Tech Oligarchs with this power over the Government itself? This is core to the problem. How do you 'censor' the internet without really 'censoring' Americans? I think this is part of what the last administration was trying to do with the failed "Disinformation Governance Board". And that failure is what has led us to where we are now.
The original twitter thread is right to say this isn't a left-versus-right issue. This is undeniably a censorship mechanism designed to exclude a set of voices from the internet as we know it today. As with the patriot act, they choose to wrap the bitter pill in a bacon-flavored rhetoric of safety and protecting the youth from perverts and degenerates. But what has failed to be acknowledged is the intrinsic cost of having an open society in a world where that openness has become an attack surface. Make no mistake: the goal is censorship. But the solution space to what you call 'the nominal problem' is less trivial than I think you believe.
zeafoamrun
Agree with all of this. It's fascinating how social media is this soup of the most virulent propaganda imaginable for every possible interest. It's a FFA between all these different powers and you are just trying to keep up with friends and watch cat videos. That they are targeting the current largest empire makes a lot of sense.
I think at an individual level the best thing to do is to opt out of this stuff and not use these corporate systems with algorithmic feeds. Only those will have the intrusive age verification anyway.
undefined
deaux
> Russia for example aims to sow discord. One classic example is the Black Lives Matter movement. This was not a Russian disinformation campaign - but they did propagate views that exist outside the bell curve of the moderate. They push scenes of cops being under siege for the right and racist policing for the left. They amplify the voices of the most angry, the most extreme and the most radical on both sides of the spectrum to create confusion, distrust and societal division.
> China by comparison takes a much more subtle view. They choose to erode what they call "civilizational confidence" by highlighting systemic failures, inconvenient truths, or otherwise undermine institutional credibility. When you read an article and find a moderating factor buried in the last paragraph that is the flavor of Chinese action. The general malaise about American exceptionalism failing and China's inevitable ascent stems from their work. Rather than pure division they aim to emotionally exhaust you into "acquiescence from inevitability".
The only reason these approaches work is because there is generally a lot of truth in the things they push and a complete lack of transparency on that reality from powerful Americans, both government and oligarchy. If it wasn't "a lot of truth with some bullshit mixed in" but "only bullshit", it wouldn't work. If the state of the US hadn't made the bullshit realistic and plausible, it wouldn't work.
Those are the issues to fix. You name the PATRIOT Act, yet another thing that has caused much more harm than benefit.
> China by comparison takes a much more subtle view. They choose to erode what they call "civilizational confidence" by highlighting systemic failures, inconvenient truths, or otherwise undermine institutional credibility. When you read an article and find a moderating factor buried in the last paragraph that is the flavor of Chinese action. The general malaise about American exceptionalism failing and China's inevitable ascent stems from their work. Rather than pure division they aim to emotionally exhaust you into "acquiescence from inevitability".
They mostly bring light to the worst things that happen in the US, which would otherwise go underreported because the people suffering them have no power and the media is already entirely controlled by Bezos et al.
It's laughable to defend this on the basis of foreign influence. The bad actor influencers are inside the house. They're called Jeff Bezos, Rupert Murdoch, and so on. And the information they spread isn't any more truthful or beneficial than that spread by the likes of China.
Rupert Murdoch has done more for misinformation, polarization and extremism over the last 2 decades than China and Russia combined. He's foreign, by the way.
wxw
How are folks recommended to get involved? Contact your local Congress member? I feel this thread has a lot of passion but is missing concrete, actionable steps.
Barbing
Heroes @ EFF have our guide (USA residents):
ethagnawl
Of course Chuck Schumer won't let me contact him using this helpful tool.
Perhaps we NYers should organize a rally outside his office in Manhattan like we did for PIPA/SOPA?
Barbing
Dumb- BUT immediate links to sites of the right legislators!
Adam B. Schiff
Sorry, this legislator cannot be contacted with our tool. To message them, visit their website instead.
Alex Padilla
Sorry, this legislator cannot be contacted with our tool. To message them, visit their website instead.Finnucane
Use every means necessary. If that can be organized, do it.
trueno
man the EFF owns
chainingsolid
I've contacted my congressmen and I would also advocate for telling/explaining this to non technical people you know. They either won't have heard of this or won't know whats bad about it.
Barbing
Any tips for writing the letter, maybe even a starting point?
traderj0e
Let them pry ID from our cold dead hands. If a site requires ID, it doesn't get my business.
Example, Discord wanted my ID to enable certain features, I declined, I now can't use those features, fine by me. If they started asking for ID anyway, I'd say no and see what happens, even if that means they lock me out entirely. There's no universe where they get my ID.
undefined
retired
Age verification on Australian social media has loopholes. Underage influencers use an agency to manage their social media for them. So anyone with enough followers or money can continue using social media under the age of 16.
If you are going to implement age controls, you should implement a ban on underage influencers as well.
Barbing
How could one protect the, call it one in 1 million… the speech of the (young) Greta Thunbergs, for example?
I bet there is a 15 year-old much smarter than me making political videos and I wouldn’t necessarily want them to be forced to stop. What if they’re on my “team”! ;) (I kid)
Recalling how we had lots of political debates in high school: if some of those kids made videos and got really popular, and the law made them stop, they would have been incentivized to vote $responsibleParty out.
(Socials bad for kids though maybe they could selfhost their monologues instead)
undefined
mystraline
I believe every government disenfranchises young people because they are young.
Its not about intelligence. Else a whole lot of over-age-of-majority wouldn't pass either.
Theres also no old-age cutoff, when their mental faculties significantly decline.
Yeah, the voting majority keeps 'under age' from voting. But at least in the USA, we have children as young as 11 being tried as adults but with none of the benefits.
zelphirkalt
Maybe it should be about intelligence. All kinds of people destroy ecosystem after ecosystem, simply by acting in stupid ways and thereby creating tons of bad incentives for businesses, who will stop at nothing to maximize their profits, zero ethics. The whole system is rigged up to trend towards supporting stupid behavior and attracting more of that, simply because there are so many people doing stupid things. Engagement and attention economy, no matter how stupid or rotten.
Barbing
You’re right that it shouldn’t be about intelligence! Overall definitely unfair.
—
After posting, I questioned whether political speech is special. Like should fifteen-year-olds who love film be able to make videos about them and get lots of followers… but I couldn’t be thought police. So maybe-
The platform just has to be designed non-addictively.
Is this accurate?: In reality, Facebook was so powerful the regulators could never make them stop at any turn. Now that they finally got sued big time, we finally educated ourselves enough as constituents to raise enough of a stink to trigger straight up bans. (educated ourselves, or politicians legislate based how bad headlines are, or it was so egregious it genuinely ticked them off… …)
HaloZero
I'm curious how much of that will keep occurring though? These underage influencers I assume had a following that existed that they want to manage. But if you can't start one without an agency or an adult running things won't that dampen the amounts of them?
everdrive
>Underage influencers
Anyone who has hone so far as to become an influencer is already a lost cause. No law could save them.
stephen_g
That's the legal loophole that I'm sure a tiny number of people are using. In the real world, reportedly around 3/4 of kids under 16 that were using social media still are by either having changed their age during the window and using a sibling or older friend to do face scans for age recognition, or by creating new accounts and again using an older friend/sibling/relative etc. for the age verification. I heard about the ways children of some of my cousins got around it at Christmas, and their parent's didn't care!
The most embarrassing thing is that our Government thought the idiotic idea was workable in the first place... But of course now they've gone and made things worse, because now kids' profiles pretend to be older, so more inappropriate stuff (like gambling ads for those who put an over-18 birthdate) can get targeted at them - great job, eSafety Commissioner!
ilovecake1984
That’s not really a loophole though. We have child actors in Harry Potter.
retired
Perhaps we should stop that too.
undefined
logicchains
>If you are going to implement age controls, you should implement a ban on underage influencers as well.
That just makes it even worse, why deprive the younger generation of one of the few remaining methods they have to make a decent income? We should be encouraging youth entrepreneurship, not making them spend even longer in classrooms learning things that LLMs will do better than them.
jrajav
This is almost verbatim the same argument that people make in support of allowing child labor in factories.
Children do not need, nor are they entitled to, any kind of "freedom" to work for a living.
retired
People under the age of 16 shouldn't be worried about "making a decent income". They should focus on school.
In the weekends they can stock shelves, deliver pizza, deliver newspapers, wash dishes, babysitting, feed animals or other typical jobs for children in the age range of 12 to 16.
hackinthebochs
>They should focus on school.
Why? Presumably so they can go to college and get a high paying job that may not exist in 10 years? The direction we give kids coming up always seems to lag behind reality by 10 or 20 years. Perhaps we shouldn't stand in the way of the new generation figuring things out for themselves in this brave new world. The old playbooks to a solid middle class life are increasingly outdated.
connoronthejob
Since when did being an influencer become 'one of the few remaining methods' to make a decent income?
bluefirebrand
I don't think it truly is, but I do think that the younger generations think it is.
My nieces and nephews really don't know what they are going to do in their futures because so much is uncertain right now.
If it feels like a longshot to expect normal 9-5 office jobs to be around in 5 years, and it's also a longshot being an influencer, then why not go for the influencer thing?
array_key_first
Less education, more peddling products on Instagram is... certainly an opinion that exists.
RRRA
The irony of posting ethical social reflection on X though...
Quarrelsome
sadly not having a twitter account in order to read the fucking internet was my hill to die on.
didgetmaster
I have long thought that all content (local and remote) should be properly labeled with metadata. Just like the cans of soup in the supermarket, you don't have to open it to find out if it has peanuts, lactose, or MSG in it; you should be able to filter data before accessing it.
You could define a set of 5 or six categories (nudity, sex, drugs, violence, etc.) and have a scale from 1 to 10 for each. Each content producer would rate each category according to defined criteria.
Then each user, or their parent, can set what their own acceptable level is. If you set your violence level at 4 then nothing level 5 or higher will load.
beej71
There are some showstoppers here, though. You have to either:
A) Change the laws in all countries (a non-starter), or B) Restrict access to only countries that obey those laws
And Option B is a non-starter to the freedom crowd.
Not to mention all the other issues with labeling, such as:
A) How to label in an internationally-agreeable way B) How to prevent abusive mislabeling
It's fraught, this path.
RajT88
V-Chip all over again. Now with mandatory browser extensions which hook into the OS' parental controls.
It's no better.
dev_l1x_be
We need a truly distributed point-to-point internet asap. Politicians going to do everything to limit free speech and free ideas in the name of protecting children while they already got all the powers to investigate and stop child abuse.
wtallis
Did you intend to link to Meshtastic as an example of how not to achieve your goals? Because it definitely isn't capable of scaling up to anything like the whole internet, and the project struggles to agree on any goals they want to reliably achieve.
dev_l1x_be
It is something, at least you can chat with your friends freely.
wtallis
There are so many caveats and limitations that bringing it up in this context is downright dishonest. The most you could fairly say is that some of the philosophy driving some of the meshtastic developers is what you want to see applied to the development of an internet-scale network (which in reality would have less technology in common with meshtastic than with the current internet).
HerbManic
Alas it is the great contradiction. Federated technologies are brilliant for peer-to-peer but many struggle to scale because the designed redundancy tends to crush their efficiency.
Really depends on the context. Email works because of its limits. Remove those limits and weaknesses start to appear.
protocolture
>We need a truly distributed point-to-point internet asap.
Yes.
A mesh network isnt point to point. Its a mesh.
gnabgib
So a mesh isn't made up of point to point connections? I'm pretty sure if you have several they start to look like a mesh (and every security site's banner)
protocolture
Sure but I cant communicate with you in a point to point fashion, in a mesh network I am hoping that I have possibly hundreds of disinterested nodes between us. But like, are those nodes coordinating on censorship? Are some of the nodes recording your metadata? Are the nodes incentivized to carry the quantity of traffic you require?
Really the "fix" the ultimate goal has to be direct point to point.
tardedmeme
The real internet is made of point to point connections. Doesn't mean anything.
Get the top HN stories in your inbox every day.
https://xcancel.com/GlennMeder/status/2049088498163216560