Lauren WeinsteinMar 26, 2024

It's important to understand that "age verification" schemes being passed by states, ostensibly to "protect the children", won't do that and will bring about incredible abuses.

In order to age verify children, obviously EVERYBODY of any age must be verified, for every account, under every name or pseudonym, ultimately on every site no matter how public or private the topic, and before downloading any apps.

Children will find ways to work around this. They'll use the accounts of adults, which will be openly traded. But because these age verification systems must by definition be based on government IDs, the verification process creates a linkage between your account names and your actual identity, subjecting you to all manner of leaked personal information, government abuses (think MAGA in charge), and worse. Firms will claim their systems either don't keep this data or can't be abused. History strongly suggests otherwise, and when courts step in, those firms will have to do what the courts say, often in secret, when it comes to collecting data.

Age verification is in actuality a massive Chinese-style Internet identity tracking project -- nothing less -- and there are many politicians in the U.S. who look with envy at how China controls their Internet and keeps their Internet users under police state controls.

Show threadHoward CohenMar 26, 2024
@lauren That is exactly what I was thinking. How can you possibly have an age limiting system without a real identity to tie verification to?
Show threadLauren WeinsteinMar 26, 2024
@hoco You can't, of course. And everybody must be identified of all ages, or else you can't identify children as children. And only government IDs will be considered authoritative. These are key points so many people are missing. They assume this all applies only to children. But that's a logical impossibility. It's universal, and ripe for abuse of both children and adults. A tracking nightmare, that government has wished for since the earliest days.
Show threadtdietterichMar 26, 2024
@lauren @hoco I think we need cryptographic digital ids. These will probably need to be government-issued (although perhaps government could license third parties?). Each person could have a collection of digital ids, each of which reveals different information. The base id would just certify that you are a human being. It would replace CAPCHAs. Another could certify citizenship. Another could certify minimum age. Finally, some could certify your full identity. Other use cases?
Show threadLauren WeinsteinMar 26, 2024
@tdietterich @hoco Such systems already exist in some countries, with some spectacular abuses and personal data exposures on large scales as a result. Such complex systems bring with them an array of new failure points and illegal exploitation channels. You really don't want to go there. I've been running the PRIVACY Forum on the Net continuously for over 30 years. Trust me on this one.
Show threadtdietterichMar 26, 2024
@lauren @hoco Given the proliferation of deep fakes, we need some way to certify authenticity. What do you propose instead?
Show threadAlaric Snell-PymMar 26, 2024
@tdietterich @lauren @hoco you don't need to link to government ID to have a useful ID. What mostly counts online is "Do X and Y have the same creator", eg "Is this another post by this blogger I have come to trust". I don't care about their real name. Public key crypto does that just fine without any government involvement. I've written more detail on this at https://www.snell-pym.org.uk/archives/2008/07/05/identity/
Snell-Pym » Identity

Show threadLauren Weinstein
@kitten_tech @tdietterich @hoco The whole point of the ID push in this context is provable adult status (at least ostensibly the reason). To do that, you have to link to a government ID in most countries, which are the only authoritative source of this data.
Mar 26, 2024 at 1:44pmWeb
Show threadAlaric Snell-PymMar 26, 2024
@lauren @tdietterich @hoco yep. And although I can see ways a government might make such a system non - terrible (I dunno, a government service that attests if the holder of a private key is under or over 18, if it's given a recently signed-by-that-key permission slip allowing the requestor to know that information, or something), I am also quite certain no government will be able to resist the excuse to justify a pervasive ID card scheme...