Robert Banz
mhoyeAge verification is a deliberate attack on system sovereignty, both for individuals and countries. There’s no “age verifcation”, there is only “identity verification that includes age”, and the system doing that verification is not just a privacy-invasive user tracking system but a remotely controlled off switch for anyone of any age.
There is nothing special about “age” as a differentiator. It’s just a data point, a condition and a branch. And if a system exists that can start from some condition of your identity and decide that you don’t get to use a computer today - meaning, talk to your friends or employer or read the news or get medical information or, you know, _participate in society_, then that system can use _any_ data to make that decision. Age, gender, race, credit rating, anything about you and anyone like you.
If this system exists at all, then everyone subject to it is one state-coerced software update from away from their computer working for them only at the whim of that state. Age, gender, race, disability, debt, credit rating, citizenship, neighborhood, search history, political affiliation, all of that plus the state itself is one breach away from no computer working - or only the _right people's_ computers working, you understand - at all.
Age verification is the footgun of public democracy.
At the implementation level data is just data, and in a democratic society, human privacy and state sovereignty are the same thing. You wouldn't think so, until you take a hard look into how to implement them, but they are the same thing. And both of them are national security issues.
Nobody will be made safer, by age verification. But everyone will be put at risk by the systems that have to exist to implement it.
Oyu F'ka@mhoye So well said! Thank you for putting into words exactly what I think but struggle to express.
People *have* to understand the trap they are stepping into, under the guise of protecting children - no one considers the long term risks of giving up their biometrics....they don't realise the amount of data points already accumulated about them in 'the cloud'.
Add in biometrics, and every compliant individual can instantly be targetted.
Don't do it!!!!
Irenes (many)@mhoye very much agreed
graydon@mhoye I'm no fan of pointless age discrimination nor locking down all the fun stuff on the internet, but what you're saying here is .. hyperbole. And is actively muddying the subject by mixing a good-and-minimal solution with a worse-and-invasive fallback.
Websites already decide when to gate access. Usually they only do when there's a subscription relationship. Sometimes they do for other reasons like geoblocking, or traffic throttling, or having a national ID card or tax ID number or health card or whatever, or simply private member sites without public access. All totally normal and neither a threat to democracy nor anything likely to change. Every site decides who and when to serve or deny.
Some sites have content harmful to minors. We can debate this but most parents feel pretty strongly about this and at the moment we live in a world where parents both have a legal duty of care for minors, and vote. So they want to express their duty of care through legislation about this.
The sites with harmful stuff being forced to block minors could use the age they already estimate for their users. Those estimates are not bad. But they're noisy -- 13-vs-18 is probably within the noise -- and more importantly users are incentivized to lie and inject noise and generally make that signal bad. So the sites being forced to do this type gating are in a bind.
Conveniently though, the parents who have a duty of care for minors _also_ happen to usually own and administer the phones (it's always phones, linux is completely beside the point) that minors use, so they can set a bit of out-of-band admin-only metadata on the account of the device that says "minor". The device can attest that in ways 99% of minors won't be able to circumvent, and it sharpens the signal and the block works better.
This is much, much better than the alternative of "demanding everyone use a 3rd party identity verification service that winds up with a mass of everyone's passport photos and also a list of all the websites they visit".
It also doesn't relate to any of the other axes of identity-gating you're discussing. No duty-of-care relationships, no noisy signal with an important law mandating a sharp answer, no other-person-owns-your-machine. It's a special case that there's little reason to believe will generalize much.
IOW there very much _is_ "something special about age as a differentiator": in the legal rights and responsibilities around parenting _and_ in the parental device-control that lets the problem get solved relatively non-invasively.
𝓼𝓮𝓻𝓪𝓹𝓪𝓽𝓱【ツ】☮(📍🇨🇦)i 100% agree with @mhoye and i think the only way out are open hardware phones and laptops and everything that get rid of the criminals governing us and forcing their tighter and tigjter capitalist surveillance onto us in ways that most ppl dont even realise how bad it is and it only ever gets worse, never better - so we literally have to build our own alternative for mature and responsible adults who can decide consent based and with each other how they want to live.
maybe you have too much faith in governments or too much privilege to imagine you could ever be targeted (and maybe you wouldnt be).
But we see trump.innthe US and europes right is on the rise too. In germany AfD is now the strongest political party according to polls.
its one thing to have a specific service asking users for age verification and ppl have the choice to use it or not. Its another to have the government add that to the OS in general and kaybe even to hardware..
...this is surveillqnce capitalism and authoritarian measures creeping in.
instead we need more open hardware, more responsible and mature citizens being able to discuss and decide consent based how they want to live with each other instead of treating the population like a bunch of immature toddlers and the government aa their legal guardian. its super ridiculous.
@serapath @mhoye the age bit -- settable by the owner of the device! -- is the smallest thing any government could be asking anyone to add to their OS. it's _extremely_ privacy-friendly compared to numerous alternatives. anyone who owns a computer can just directly set it to adult mode. it's literally only something that even _works_ as a system of control when you already have someone else owning your computer (a parent). all I'm asking is that people just like .. stop and think about the details for a minute? it's the exact opposite of what you're riled up about.
@serapath @mhoye it doesn't involve registering yourself with any authority. it's not performing surveillance. it's not going to change the life of a mature, consenting-adults population in any way. it's not treating adults as a toddler. it literally only works if you're giving a phone to a toddler (or someone young enough they don't own the phone).
I have no idea what you are talking about.
When you get a phone, you might need to use a credit card check or a government ID scan or maybe just facial age estimation or maybe mobile network data querying the carrier to set that bit, so you cant get around it and then others query it and once this is in place, more data might be mandated to be checked in the future.
Its absolutely ridiculous.
Its authoritarian and another small step towards totalitarianism
@serapath @mhoye What I'm talking about is what's actually being enacted in law -- the OS-level age check in California that is just a field the owner sets when setting up an account. What you're talking about is some imaginary dystopia nobody's actually enacting in law. That's the point I'm making.
No its not.
Any service who wants to verify identity could literally ask a user to verify themselves using some sort of government service.
In fact, many european countries allow this option since forever and everyone has a digital passport to do it.
A user can straight out refuse any service that needs that kind of age verification.
Something OS based is there regardless of whether you use it or not.
and if the "age bit" can be circumvented or isnt effective - they improve
@serapath @mhoye "Something OS based is there whether you use it or not." Yes sure it yields a (as of the california law) 4-state variable bucketing you into sub-13, 13-16, 16-18, or 18+ that's of no consequence to anyone other than a parent _and can be set by the owner_.
It's not a question of "circumvention". It's a question of ownership. The device owner can set it. I you're 40 you can -- if you feel weird -- set your account to say you're 16 or 12 and wow cool you'll get denied pornography and social media. Every adult will just set it to 18+ because there's no advantage to setting it to the minor modes. Everyone who owns a device will set it to 18+.
But that's ok, it's not "circumventable" for kids, because _parents own their kids' devices_ and do device-setup for them. So it all works. There's no actual problem, just hyperbolic panic about "what if it were something different".
yeah, no - you dont need to buy the latest iphone. You can get cheap phones for less than 100 bucks and they are fully capable or even get old premkum phones used via ebay.
minors arent stupid. Teenagers will just save a few bucks and get themselves a phone they control, so the next software updates will then only allow to set that bit after qieryimg the carrier or prompting some other credit card or passport ID check.
Essentially making it mandatory.
Total surveillance never gets rolled out all at once - its introduced step by step and very slowly and in every step its a minor increase of something with a very reasonable argument, but over time it gets worse and worse.
Censorship is already brutal in most western countries and governments only get more extreme over time. What trump does in the USA you will sooner or later see in Europe too.
I am really baffled how you can suppprt this 🤷♀️
@serapath @mhoye I don't see this as in any way related to "total surveillance". Anyone who wants to surveil you has far more tools at their disposal already. And the government has been literally ingesting and storing the entirety of the internet for decades; that's a vastly larger and almost completely orthogonal fight.
This is a fight over platforms showing kids stuff that makes them have serious mental problems, where parents have -- for better or worse -- the upper hand in legislation due to the enormous harms from modern algorithmic platforms, and I see roughly 3 possible outcomes:
1. Section 230 gets rolled back and major platforms turn off user generated content altogether, all minor platforms get caught in the crossfire and have to shut down entirely, and the internet becomes an unrecognizable disney-scape.
2. Some kind of age verification done by platforms themselves using deeply invasive and privacy-destroying things like scanning faces and uploading ID to 3rd parties. This is in Utah and Texas presently and is somewhat of a disaster.
3. OS vendors embed a small, fairly benign, device-owner-controlled 1-or-2-bit signal of age-bucketing in a device attestation channel. Platforms respect it and inhibit various algorithmic functions / mask off a portion of user-generated content, the internet gets a bit less free-and-open, maybe smaller websites also do self-censorship based on the signal's presence (marking themselves 18+), but enough of the platforms' harms are mitigated that parents ease off the throttle.
None of these 3 futures is great for kids in abusive homes, or queer kids looking for community, or dozens of other cases I care deeply about.
But I also don't feel like I can really tell parents not to care about their kids getting eating disorders or becoming nazis or committing suicide or whatever. Even if I did make that argument, they outnumber and outmass me politically.
So that's the actual world I expect to occupy. And of those 3 futures, I think the 3rd is the overwhelmingly superior option.
I am a parent and I really dislike this.
The only solution i can agree to is platforms sending/tagging content they broadcast with appropriate age tags and browsers and maybe operating systems can be configured to locally display that information or filter it out based on what users configure, but no information like that should ever be sent out to providers and there should be no way for providers to get access to it.
@serapath @mhoye well .. ok, in the hypothetical world someone passes that law and somehow makes it work at a global scale I might get a little more worked up over it .. except it's still only a 4-state age-bucket that is of no relevance to anyone over 18, and is far less of a burden than any of 100 other factors that allow or deny me access to a given website. like there are paywalls all over the internet. are you not equally upset about that? it seems not.
and in the meantime, I don't think the imaginary future you're projecting is all that likely to happen. you'd need enough 13-year-olds-who-bought-a-burner-phone-to-circumvent-their-parents-phone-ownership to get parents worked up over it, to the same extent they got worked up enough to pass the current law. I don't see that happening any time soon.
I think it's much _more_ likely that age verification gets so much misguided pushback from people like you that it fails, then the parents change tactic and get section 230 struck from the books, and all platforms self-censor everything and we wind up with disney-net full of 100% least-offensiveness stuff, for risk of liability.
but .. anyway I'm not trying to have the debate about "do parents have a right to control their kids", I think probably parents over-control kids but I'm not a parent so what do I know? my point is they have a set of concerns, they're enacting them in laws now, and the OS-level owner-sets-a-bit system is the _least bad_ way we know of addressing their concerns. and I expect it will mostly address their concerns. or at least enough to take the wind out of their sails politically.
@mhoye (it's also not in any way about "your computer not working for you". the minor's computer works, they just send an extra bit to a website saying they're a minor. the website can ignore that! the only websites likely to care are those legally required to respond to that bit with a service denial. it's possible you're upset at the very idea of "websites have legal obligations" but then everyone who's arguing for "no age bit" usually says the way to solve this is for websites to instead be legally obliged to do _much more extensive_ content moderation, and have direct content liability and all sorts of stuff that would have vastly more chilling effects. so like I'm not even sure what the counter-proposal here is. should publishers or platforms have any responsibilities?)
The Animal and the Machine@mhoye @Gargron
And if we have to do this by government law, we should verify to a single gov database that confirms we are who we are to other systems.
All of us giving our identity info to all the systems is stupid squared.
For my next insurer I want the Gov to confirm who I am, not hand over a pile of personal stuff. If the Government can’t do this safely, that’s my proof it shouldn’t be done.
Edit: non-government 3rd party should also be available but the law should state the user gets to chose which, and doesn’t have to use a shitty one forced by a retailer.
itgrrl 
Advanced Persistent Teapot@http_error_418 @mhoye @Gargron
No. A slight retraction. I made an edit to say also 3rd party but user gets to chose.
What is important is the user isn’t forced to verify with a scammer who offers a free verification service to the retailer.
The government supply a service but also allow other recognised 3rd parties, so you should get to chose which. Not Google. Not Microsoft. Not Amazon. You.
Mitch Rose@taatm @http_error_418 @mhoye @Gargron
I'm not in favor of this on privacy and freedom concerns, but if the U.S. is to do it, it already has a system by which a large majority (not all) can be verified. it's called Social Security, and most children born in the U.S. are enrolled immediately IIRC
Offbeatmammal@taatm @mhoye @Gargron I had initially thought have the OS do the verification, and only respond "true" or "false" to a transparent condition (eg user gets to see the app is asking for age>=18) but putting the onus onto Govt entities is even better (single point of failure, and we know how they love to shirk blame, but tie it into personal consequences for the politicians in power at the time of a breach and maybe it would work)
Ted Mielczarek@Offbeatmammal @taatm @mhoye @Gargron I, personally, do not want any government or corporation to hold that kind of power over what I can do with my own computing devices.
Urzl@tedmielczarek @Offbeatmammal @taatm @mhoye @Gargron But I do want them accountable when they force it on me anyway.
lord pthenq1"La verificación de edad constituye un ataque deliberado a la soberanía del sistema, tanto para los individuos como para los países. No existe tal cosa como la «verificación de edad»; lo único que existe es una «verificación de identidad que incluye la edad», y el sistema encargado de realizar dicha verificación no es meramente un sistema de rastreo de usuarios invasivo para la privacidad, sino un interruptor de apagado controlado a distancia, aplicable a cualquier persona de cualquier edad."
Wolfgang MAEHR@mhoye I’m wondering if it would be possible create a protocol similar to passkeys, where the device verifies my identity but only exposes my DOB to a service?
tsadilas
Zimmie@njyo @mhoye That sort of thing already exists. A few years ago, Apple added an API to request whether the user is older or younger than X (I think the example they used was 18, but it could potentially be done for 13 or whatever). The application requesting this just gets the yes or no signal without any ID information.
Companies largely don’t want that, though. They want your information so they can bundle it up and sell it on.
And even implemented perfectly, this is still putting Apple/Google/Microsoft/etc. and the government between you and your computer.
LisPi@njyo @mhoye Such a thing doesn't provide sufficient (total) guarantees of anonymity and fails in the face of collusion by different parties involved in the toolchain.
It's effectively impossible to build right. The cryptosystems elaborated all fail to the simple fact that colluding fascists are an effective side-channel.
It's effectively impossible to build right. The cryptosystems elaborated all fail to the simple fact that colluding fascists are an effective side-channel.
Rob Landley@mhoye I call it "age discrimination" because it is.
The nominal point is to age discriminate. (The actual point is to prevent anti-ice protests from organizing anonymously on signal next time.)
There's no "verification" in Gavin Newsom's bill, it's attestation like the "are you 18 y/n" clickthroughs sites have had since fosta/sesta under the first trump administration. The point is to mandate something you can then tie to palantir/clear/persona and your platform's TPM/SMM.
Trans Rescue@mhoye
I'm reminded why old order Amish don't use electricity. It's not that they're inherently anti-tech. Its that electricity ties you to someone else - they have the remote off switch on your lights.
I'm reminded why old order Amish don't use electricity. It's not that they're inherently anti-tech. Its that electricity ties you to someone else - they have the remote off switch on your lights.
Europe 2.0@mhoye social media desperately needs identity and age verification though. Government controlled (I trust my government to do this the right way)
Eggs now in different baskets.@sr_antwerp @mhoye No it doesn't.
It first needs to be regulated much more tightly.
Get rid of algorithms and addictive design. Get rid of fingerprinting of devices and untrammeled tracking of users.
As regards governments being trustworthy, governments ALWAYS need to be held to account.
By the opposition, by the judiciary, by the administrators in the civil services, by academics who are experts in their own fields and, last but not least by the people themselves.
William B Peckham@mhoye Let us say you are a parent and you think that having operating systems report the age of the user is a good idea. The browser connects to a social media site and it asks and the browser pulls the operating system and gets the age group and reports it to the social media site. Now the site only presents age-appropriate material, right? Except if there are predators on that site watching that flag: And what they have now is a clear and updated indicator for what accounts represent vulnerable young people who have not the knowledge to defend themselves. A victim list, if you will. /S isn't that a wonderful idea? S/..
@wbpeckham @mhoye Or, while the website seems genuine and safe the owners of the site are harvesting data focusing on the users flagged as children.
Then using this data themselves as they see fit or selling it on to data brokers.
I am sure that it would be useful to such people to be able to profile child users and follow them around as they grow up.
It might only take one website to age verify them and then using device fingerprinting the child's age can be spread to other actors.
DavidM_yeg<< There’s no “age verifcation”, there is only “identity verification that includes age” >>
Exactly.
Kinene⭐🐻@mhoye So, where in all of this silliness, are the adults, who in theory, are taking responsibility for the accountability of their children?
Age verification is easy to defeat... false IDs, anyone? Verification will lead to a new, improved, false ID industry. And who will monitor the databases for accuracy? Will ICE pay you a visit to demand your „Papieren“?
Sau Wolf Möllendorf@[email protected] you think you were in a fairy tale? The government has been trying to control cattle all along, but with the advent of the Internet, there just weren't that many levers to control