mhoyeAge verification is a deliberate attack on system sovereignty, both for individuals and countries. There’s no “age verifcation”, there is only “identity verification that includes age”, and the system doing that verification is not just a privacy-invasive user tracking system but a remotely controlled off switch for anyone of any age.
There is nothing special about “age” as a differentiator. It’s just a data point, a condition and a branch. And if a system exists that can start from some condition of your identity and decide that you don’t get to use a computer today - meaning, talk to your friends or employer or read the news or get medical information or, you know, _participate in society_, then that system can use _any_ data to make that decision. Age, gender, race, credit rating, anything about you and anyone like you.
If this system exists at all, then everyone subject to it is one state-coerced software update from away from their computer working for them only at the whim of that state. Age, gender, race, disability, debt, credit rating, citizenship, neighborhood, search history, political affiliation, all of that plus the state itself is one breach away from no computer working - or only the _right people's_ computers working, you understand - at all.
Age verification is the footgun of public democracy.
At the implementation level data is just data, and in a democratic society, human privacy and state sovereignty are the same thing. You wouldn't think so, until you take a hard look into how to implement them, but they are the same thing. And both of them are national security issues.
Nobody will be made safer, by age verification. But everyone will be put at risk by the systems that have to exist to implement it.
Oyu F'ka@mhoye So well said! Thank you for putting into words exactly what I think but struggle to express.
People *have* to understand the trap they are stepping into, under the guise of protecting children - no one considers the long term risks of giving up their biometrics....they don't realise the amount of data points already accumulated about them in 'the cloud'.
Add in biometrics, and every compliant individual can instantly be targetted.
Don't do it!!!!
Irenes (many)@mhoye very much agreed
graydon@mhoye I'm no fan of pointless age discrimination nor locking down all the fun stuff on the internet, but what you're saying here is .. hyperbole. And is actively muddying the subject by mixing a good-and-minimal solution with a worse-and-invasive fallback.
Websites already decide when to gate access. Usually they only do when there's a subscription relationship. Sometimes they do for other reasons like geoblocking, or traffic throttling, or having a national ID card or tax ID number or health card or whatever, or simply private member sites without public access. All totally normal and neither a threat to democracy nor anything likely to change. Every site decides who and when to serve or deny.
Some sites have content harmful to minors. We can debate this but most parents feel pretty strongly about this and at the moment we live in a world where parents both have a legal duty of care for minors, and vote. So they want to express their duty of care through legislation about this.
The sites with harmful stuff being forced to block minors could use the age they already estimate for their users. Those estimates are not bad. But they're noisy -- 13-vs-18 is probably within the noise -- and more importantly users are incentivized to lie and inject noise and generally make that signal bad. So the sites being forced to do this type gating are in a bind.
Conveniently though, the parents who have a duty of care for minors _also_ happen to usually own and administer the phones (it's always phones, linux is completely beside the point) that minors use, so they can set a bit of out-of-band admin-only metadata on the account of the device that says "minor". The device can attest that in ways 99% of minors won't be able to circumvent, and it sharpens the signal and the block works better.
This is much, much better than the alternative of "demanding everyone use a 3rd party identity verification service that winds up with a mass of everyone's passport photos and also a list of all the websites they visit".
It also doesn't relate to any of the other axes of identity-gating you're discussing. No duty-of-care relationships, no noisy signal with an important law mandating a sharp answer, no other-person-owns-your-machine. It's a special case that there's little reason to believe will generalize much.
IOW there very much _is_ "something special about age as a differentiator": in the legal rights and responsibilities around parenting _and_ in the parental device-control that lets the problem get solved relatively non-invasively.
𝓼𝓮𝓻𝓪𝓹𝓪𝓽𝓱【ツ】☮(📍🇨🇦)i 100% agree with @mhoye and i think the only way out are open hardware phones and laptops and everything that get rid of the criminals governing us and forcing their tighter and tigjter capitalist surveillance onto us in ways that most ppl dont even realise how bad it is and it only ever gets worse, never better - so we literally have to build our own alternative for mature and responsible adults who can decide consent based and with each other how they want to live.
maybe you have too much faith in governments or too much privilege to imagine you could ever be targeted (and maybe you wouldnt be).
But we see trump.innthe US and europes right is on the rise too. In germany AfD is now the strongest political party according to polls.
its one thing to have a specific service asking users for age verification and ppl have the choice to use it or not. Its another to have the government add that to the OS in general and kaybe even to hardware..
...this is surveillqnce capitalism and authoritarian measures creeping in.
instead we need more open hardware, more responsible and mature citizens being able to discuss and decide consent based how they want to live with each other instead of treating the population like a bunch of immature toddlers and the government aa their legal guardian. its super ridiculous.
@serapath @mhoye the age bit -- settable by the owner of the device! -- is the smallest thing any government could be asking anyone to add to their OS. it's _extremely_ privacy-friendly compared to numerous alternatives. anyone who owns a computer can just directly set it to adult mode. it's literally only something that even _works_ as a system of control when you already have someone else owning your computer (a parent). all I'm asking is that people just like .. stop and think about the details for a minute? it's the exact opposite of what you're riled up about.
@serapath @mhoye it doesn't involve registering yourself with any authority. it's not performing surveillance. it's not going to change the life of a mature, consenting-adults population in any way. it's not treating adults as a toddler. it literally only works if you're giving a phone to a toddler (or someone young enough they don't own the phone).
I have no idea what you are talking about.
When you get a phone, you might need to use a credit card check or a government ID scan or maybe just facial age estimation or maybe mobile network data querying the carrier to set that bit, so you cant get around it and then others query it and once this is in place, more data might be mandated to be checked in the future.
Its absolutely ridiculous.
Its authoritarian and another small step towards totalitarianism
@serapath @mhoye What I'm talking about is what's actually being enacted in law -- the OS-level age check in California that is just a field the owner sets when setting up an account. What you're talking about is some imaginary dystopia nobody's actually enacting in law. That's the point I'm making.
No its not.
Any service who wants to verify identity could literally ask a user to verify themselves using some sort of government service.
In fact, many european countries allow this option since forever and everyone has a digital passport to do it.
A user can straight out refuse any service that needs that kind of age verification.
Something OS based is there regardless of whether you use it or not.
and if the "age bit" can be circumvented or isnt effective - they improve
@serapath @mhoye "Something OS based is there whether you use it or not." Yes sure it yields a (as of the california law) 4-state variable bucketing you into sub-13, 13-16, 16-18, or 18+ that's of no consequence to anyone other than a parent _and can be set by the owner_.
It's not a question of "circumvention". It's a question of ownership. The device owner can set it. I you're 40 you can -- if you feel weird -- set your account to say you're 16 or 12 and wow cool you'll get denied pornography and social media. Every adult will just set it to 18+ because there's no advantage to setting it to the minor modes. Everyone who owns a device will set it to 18+.
But that's ok, it's not "circumventable" for kids, because _parents own their kids' devices_ and do device-setup for them. So it all works. There's no actual problem, just hyperbolic panic about "what if it were something different".
yeah, no - you dont need to buy the latest iphone. You can get cheap phones for less than 100 bucks and they are fully capable or even get old premkum phones used via ebay.
minors arent stupid. Teenagers will just save a few bucks and get themselves a phone they control, so the next software updates will then only allow to set that bit after qieryimg the carrier or prompting some other credit card or passport ID check.
Essentially making it mandatory.
Total surveillance never gets rolled out all at once - its introduced step by step and very slowly and in every step its a minor increase of something with a very reasonable argument, but over time it gets worse and worse.
Censorship is already brutal in most western countries and governments only get more extreme over time. What trump does in the USA you will sooner or later see in Europe too.
I am really baffled how you can suppprt this 🤷♀️
@serapath @mhoye I don't see this as in any way related to "total surveillance". Anyone who wants to surveil you has far more tools at their disposal already. And the government has been literally ingesting and storing the entirety of the internet for decades; that's a vastly larger and almost completely orthogonal fight.
This is a fight over platforms showing kids stuff that makes them have serious mental problems, where parents have -- for better or worse -- the upper hand in legislation due to the enormous harms from modern algorithmic platforms, and I see roughly 3 possible outcomes:
1. Section 230 gets rolled back and major platforms turn off user generated content altogether, all minor platforms get caught in the crossfire and have to shut down entirely, and the internet becomes an unrecognizable disney-scape.
2. Some kind of age verification done by platforms themselves using deeply invasive and privacy-destroying things like scanning faces and uploading ID to 3rd parties. This is in Utah and Texas presently and is somewhat of a disaster.
3. OS vendors embed a small, fairly benign, device-owner-controlled 1-or-2-bit signal of age-bucketing in a device attestation channel. Platforms respect it and inhibit various algorithmic functions / mask off a portion of user-generated content, the internet gets a bit less free-and-open, maybe smaller websites also do self-censorship based on the signal's presence (marking themselves 18+), but enough of the platforms' harms are mitigated that parents ease off the throttle.
None of these 3 futures is great for kids in abusive homes, or queer kids looking for community, or dozens of other cases I care deeply about.
But I also don't feel like I can really tell parents not to care about their kids getting eating disorders or becoming nazis or committing suicide or whatever. Even if I did make that argument, they outnumber and outmass me politically.
So that's the actual world I expect to occupy. And of those 3 futures, I think the 3rd is the overwhelmingly superior option.
I am a parent and I really dislike this.
The only solution i can agree to is platforms sending/tagging content they broadcast with appropriate age tags and browsers and maybe operating systems can be configured to locally display that information or filter it out based on what users configure, but no information like that should ever be sent out to providers and there should be no way for providers to get access to it.
@serapath @mhoye well .. ok, in the hypothetical world someone passes that law and somehow makes it work at a global scale I might get a little more worked up over it .. except it's still only a 4-state age-bucket that is of no relevance to anyone over 18, and is far less of a burden than any of 100 other factors that allow or deny me access to a given website. like there are paywalls all over the internet. are you not equally upset about that? it seems not.
and in the meantime, I don't think the imaginary future you're projecting is all that likely to happen. you'd need enough 13-year-olds-who-bought-a-burner-phone-to-circumvent-their-parents-phone-ownership to get parents worked up over it, to the same extent they got worked up enough to pass the current law. I don't see that happening any time soon.
I think it's much _more_ likely that age verification gets so much misguided pushback from people like you that it fails, then the parents change tactic and get section 230 struck from the books, and all platforms self-censor everything and we wind up with disney-net full of 100% least-offensiveness stuff, for risk of liability.
but .. anyway I'm not trying to have the debate about "do parents have a right to control their kids", I think probably parents over-control kids but I'm not a parent so what do I know? my point is they have a set of concerns, they're enacting them in laws now, and the OS-level owner-sets-a-bit system is the _least bad_ way we know of addressing their concerns. and I expect it will mostly address their concerns. or at least enough to take the wind out of their sails politically.
@mhoye (it's also not in any way about "your computer not working for you". the minor's computer works, they just send an extra bit to a website saying they're a minor. the website can ignore that! the only websites likely to care are those legally required to respond to that bit with a service denial. it's possible you're upset at the very idea of "websites have legal obligations" but then everyone who's arguing for "no age bit" usually says the way to solve this is for websites to instead be legally obliged to do _much more extensive_ content moderation, and have direct content liability and all sorts of stuff that would have vastly more chilling effects. so like I'm not even sure what the counter-proposal here is. should publishers or platforms have any responsibilities?)