Lauren WeinsteinMar 26, 2024

It's important to understand that "age verification" schemes being passed by states, ostensibly to "protect the children", won't do that and will bring about incredible abuses.

In order to age verify children, obviously EVERYBODY of any age must be verified, for every account, under every name or pseudonym, ultimately on every site no matter how public or private the topic, and before downloading any apps.

Children will find ways to work around this. They'll use the accounts of adults, which will be openly traded. But because these age verification systems must by definition be based on government IDs, the verification process creates a linkage between your account names and your actual identity, subjecting you to all manner of leaked personal information, government abuses (think MAGA in charge), and worse. Firms will claim their systems either don't keep this data or can't be abused. History strongly suggests otherwise, and when courts step in, those firms will have to do what the courts say, often in secret, when it comes to collecting data.

Age verification is in actuality a massive Chinese-style Internet identity tracking project -- nothing less -- and there are many politicians in the U.S. who look with envy at how China controls their Internet and keeps their Internet users under police state controls.

Show threadHoward CohenMar 26, 2024
@lauren That is exactly what I was thinking. How can you possibly have an age limiting system without a real identity to tie verification to?
Show threadLauren WeinsteinMar 26, 2024
@hoco You can't, of course. And everybody must be identified of all ages, or else you can't identify children as children. And only government IDs will be considered authoritative. These are key points so many people are missing. They assume this all applies only to children. But that's a logical impossibility. It's universal, and ripe for abuse of both children and adults. A tracking nightmare, that government has wished for since the earliest days.
Show threadtdietterichMar 26, 2024
@lauren @hoco I think we need cryptographic digital ids. These will probably need to be government-issued (although perhaps government could license third parties?). Each person could have a collection of digital ids, each of which reveals different information. The base id would just certify that you are a human being. It would replace CAPCHAs. Another could certify citizenship. Another could certify minimum age. Finally, some could certify your full identity. Other use cases?
Show threadLauren WeinsteinMar 26, 2024
@tdietterich @hoco Such systems already exist in some countries, with some spectacular abuses and personal data exposures on large scales as a result. Such complex systems bring with them an array of new failure points and illegal exploitation channels. You really don't want to go there. I've been running the PRIVACY Forum on the Net continuously for over 30 years. Trust me on this one.
Show threadtdietterichMar 26, 2024
@lauren @hoco Given the proliferation of deep fakes, we need some way to certify authenticity. What do you propose instead?
Show threadtdietterich
@lauren @hoco I'm trying to learn more about this area. What is a good starting point for learning about the failure modes?
Mar 26, 2024 at 2:47amWeb
Show threadHoward CohenMar 26, 2024
@tdietterich @lauren On the one side, anonymity is all that stands between a fascist government and those who criticize it and expose its bad actions. So, that is pretty important. If we lose anonymity then it will be easy to pick out and punish anyone who bucks the system. On the other side it is really a point of reality, that either you are identified, or you are not. If you are identified then things like your age are knowable. If you are not, any age attribute can be forged.