RE: https://infosec.exchange/@david_chisnall/116160637051672728
The age verification thing seems to be a hot topic world-wide right now … which is kind of strange since it has been more or less on the table for decades.
Anyway, notoriously hard to discuss … with loads of horribly naïve takes, but also incompatibilities even among the reasonably smart ones.
All depends on how evil you assume “them” to be. If you assume “them” to actually /want/ to identify every single Internet user and to not stop before they get that, then you, of course, have to oppose even proposals that actually /are/ completely voluntary and open without any obligation for websites to require identifications. You have to oppose /every/ step because of slippery slope.
But it's far from certain that that's really the case. It is just as plausible that “they” (or at least a lot of “them”) /actually/ want protections for children and youth.
And then such parentally controlled, voluntary age verification technologies without any requirement for government IDs /do/ seem to be not /that/ bad of an idea.
Yep, parents should parent. D'uh. Yep, smart teenagers above a certain skill level can easily circumvent most age verification systems, /especially/ if the verification is just the device pinky swearing about the age of the user. D'uh.
Both not the point.
Even if you want to responsibly parent your child, you don't want to sit on its lap 24/7 and survey every single thing it does on the Internet. Because that's not responsible parenting and because it's effing exhausting if possible at all.
So, you /do/ want some assurance that web sites and services respect if your child's device tells them that it is younger than X. Forcing them by law/regulation to offer such a protocol doesn't seem completely outlandish.
Yes, once your child is old and skilled enough to circumvent, you have to talk to it. You have to parent then.
But up until that point, it helps massively if not only platforms are forced to provide safe environments for children and adolescents, but also there is some agreed protocol how parents can tell their kids' devices to tell the platforms that they are actually dealing with a kid here.
As long as that protocol doesn't come with strange digital identity requirements, I don't see the huge problem with it.
My problems with the German proposals for youth social media bans are:
They /do/ build on the illusion of reliably determining the age of users with “official” IDs. They /do/ want us to show a digital ID at every website entrance. And /that/ is a step in the completely wrong direction, /that/ really sets us up for the slippery slope to surveillance.
They simplistically want to ban /all/ social media for /all/ children/youth below a certain age. They do /not/ want to force platforms to provide a safe environment (not only for underage, but for all people), but instead they just want to allow platforms to stay as shitty as they are, but outright ban users under 14/16. That's not the way.
@juergen Does it, though?
If I am guaranteed that only the birthday, the age or even only the Boolean answer to “older than X” is transmitted then it follows immediately that it is completely risk-free to offer to do the age verification for others, for friends, for family, for strangers on the Internet for a small fee.
If you want to track abuse, you have to store identifiers.
You want to force users to get the Online-ID functionality and later the EUID just to be able to use the Internet. And you want to force every website to do the quite costly and non-trivial Online-ID integration (remains to be seen if the EUID will be easier with open standards or if it will also be a bureaucratic nightmare). And that all for very little gain.
That's all unacceptable!
@juergen If you scroll up, I want them to be able to adhere to their rules. By a voluntary setting in the operating system and/or browser where I as the administrator can set my browser to “adult” and my non-existent kids' browsers to “age XYZ” and the websites have to react to that.
As for example also sketched in https://epicenter.works/content/altersverifikation-neu-gedacht-ein-moeglicher-loesungsansatz and already regulated in https://www.kjm-online.de/fileadmin/user_upload/Rechtsgrundlagen/Gesetze_Staatsvertraege/JMStV/Jugendmedienschutzstaatsvertrag_JMStV.pdf §12 ff.
There is no need for all that digital ID crap that only serves as a gateway for normalising that we have to show IDs to use the Internet.
@juergen You are the ignorant one here.
I told you many times that I won't accept to be forced to use the government ID just to use the Internet. That I won't accept to have to implement age and potentially ID control interfaces just because a website might count as “social media” and the simpletons think that's evil.
Benjamin Braatz
Jürgen 𐐘