Child-locked devices exist and it’s up to parents not to give their kids an unlocked device. The industry could help by making child-locked devices easier to set up and by making sure they don’t...
Child-locked devices exist and it’s up to parents not to give their kids an unlocked device. The industry could help by making child-locked devices easier to set up and by making sure they don’t sell unlocked devices to kids. If you do that, no age-verification of people is necessary except at checkout when buying a device.
It should also be trivial to set your website to adult-only. Set a config option and it gets added to a list that’s consulted by child-locked devices. (And it shouldn’t be the same setting that causes Google to think it's a porn website.)
This is the only acceptable solution to the "problem". The government can ask for voluntary compliance right down to the operating system level. Microsoft, Apple, and Google will be happy to set...
This is the only acceptable solution to the "problem".
The government can ask for voluntary compliance right down to the operating system level. Microsoft, Apple, and Google will be happy to set this up. A simple child-mode flag that is set on the device by parents during initial setup (or anytime after). This would limit and child-mode flag what could be installed via app-stores/gaming stores and also cause the same flag to be set in the web browser (the only browsers that could be installed on a child-flagged device from the app-store would be ones that comply with the child flag). I'm even OK with white-listing what kids are able to look at on the internet via web browsers, probably a lot easier than trying to block things, there are always workarounds for blocks, white-lists are much harder to defeat.
No ones privacy is violated, no one has to provide ID that will be stolen and exploited. Parents remain in control of their parenting responsibilities, we can remain anonymous and the kids can be "protected". The rest of us can continue on as normal, it would be up to the parent to choose a device that supports parental controls and turn the setting on themselves. Linux distro's can choose to comply or not, if not then as a parent you should not provide your child's device with that flavour of Linux. Compliance will not be an issue among any kind of regular device, iOS/Android/Windows/MacOS will comply, big tech are the ones asking for this.
This current international push to de-anonymize the internet is the final nail in the coffin for privacy and freedom in our time. I believe it is that serious. People are literally being arrested for posting things on the internet in the UK, that is completely unacceptable. People must be allowed to speak their mind even if you don't agree with what they are saying, and remaining anonymous while doing so is of the utmost importance.
Agree with the whole thing but food for thought here Theres kids out there with no parents. I mean like they in theory have a mom or dad or grandparents or foster family or some legal guardian but...
Agree with the whole thing but food for thought here
Theres kids out there with no parents. I mean like they in theory have a mom or dad or grandparents or foster family or some legal guardian but in practice they’re on their own.
I think we have a lot of systems set up for kids that ignore this reality and thats why so many of these kids end up chronically homeless, so, creating another system depending on present legal guardians for every child isn’t a 100% solution. Good enough for most, maybe, if thats what you care about.
Fun fact: The largest demographic of perpetual homeless is orphan kids who aged out of the system and never learned how to live. Really makes you think about why the drug/alcohol problems are so...
Fun fact: The largest demographic of perpetual homeless is orphan kids who aged out of the system and never learned how to live.
Really makes you think about why the drug/alcohol problems are so feeply engrained.
From what I hear (but I haven't looked deeply into the statistics), the most common source of homeless come from orphans who aged out of their orphanage. Not having a familial support network is...
I think we have a lot of systems set up for kids that ignore this reality and thats why so many of these kids end up chronically homeless
From what I hear (but I haven't looked deeply into the statistics), the most common source of homeless come from orphans who aged out of their orphanage. Not having a familial support network is that damning on a life.
Yep, agreed. I don't think there are any 100% techno-fixes that don't have draconian side effects. A solution that changes what's "normal" for most kids (for things like social media access)...
Yep, agreed. I don't think there are any 100% techno-fixes that don't have draconian side effects. A solution that changes what's "normal" for most kids (for things like social media access) should go a long way. We don't have any 100% solutions for tobacco or alcohol use either.
Requiring sending a document to social media/a third party, which is used to identify, and act on the behalf of an individual, just to check a birthday seems overkill to say the least. On the...
We cannot accept a world where every adult is expected to hand over ID as the price of going online.
Requiring sending a document to social media/a third party, which is used to identify, and act on the behalf of an individual, just to check a birthday seems overkill to say the least.
On the other hand, turning the majority of internet activity into governmental transactions — through a nation's verification service, could have large societal implications. As for policy, it seems it's easier to give power, than to take it away.
Checks must be conducted entirely client-side, on the user’s device. [...] The answer to the binary question of whether the user is “of age” must be fully anonymized, divorced from any identifying information, and transmitted entirely under end-to-end encryption.
Much easier said than done, but I hope some form of zero knowledge proof is viable for this application, it's the only way I could imagine a robust privacy preserving solution to work.
It is, and the EU app mentioned in this article is already zero knowledge and open source (though it has flaws that need to be addressed as pointed by the article linked within). I'm not saying I...
I hope some form of zero knowledge proof is viable for this application
It is, and the EU app mentioned in this article is already zero knowledge and open source (though it has flaws that need to be addressed as pointed by the article linked within).
I'm not saying I think we should all be verifying to go online, but if laws are going to be made about it, then they absolutely should all be to implement open source zero knowledge solutions. Not a single third party private company should be tied to a system like this.
They shouldn't, but they absolutely will try. The money is there so there will be pursuers. Personally I'll just keep moving about as I always have. Outside of Youtube, there's no major website I...
Not a single third party private company should be tied to a system like this.
They shouldn't, but they absolutely will try. The money is there so there will be pursuers.
Personally I'll just keep moving about as I always have. Outside of Youtube, there's no major website I care enough about to make an account at the cost of tying my ID to them. If it goes beyond social media, then that's more reason to pirate than actually consume (they already have my CC info, so there really is no excuse to age verify me). I've walked away from many sites over much less kerfluffles, so this wouldn't be any different.
I have probably already posted here abou Czech system that could be used for age verification. It's called MojeID (MyID) and is based on OpenID but actually isn't about anonymity, quite the...
I have probably already posted here abou Czech system that could be used for age verification. It's called MojeID (MyID) and is based on OpenID but actually isn't about anonymity, quite the contrary - it identifies you as who you really are. It is run by CZ.NIC - Czech NIC which is non-profit and it must be for such service to work in user's favor.
You set up MojeID via e-mail. Then you can add more information about you and authenticate each thing you add. The highest level is when you let CZ.NIC authenticate your name and address in national (government) registry. From then you are who you really are and can use.MojeID to authenticate into various services including government stuff (your driver's licence, to prove you have vaccine against covid in covid years, fines and ppints on your drivers licence, land information and such). The thing is you can choose which information is handed by CZ.NIC to the service you are logging in. You can simply see and (un)check what you want to be handed over - be it name, address, phone number or... you guessed it - date of birth.
This could easily work for age verification. The service (say Pornhub) wants you to log in via MojeID and when you log in to MojeID it asks you if you want your date of birth provided to the service you are logging in (Pornhub). Or better yet - Pornhub wants from MojeID just your current age, no need for age of birth. Yes, your age would be linked with your Pornhub account and thus your e-mail in their database. Not entirely optimal, but still much better zhen if you let government or Pornhub handle the situation.
I would thus propose NICs from a few countries, maybe EU, to join effort and make such srrvice worldwide and run it on their behalf. It must be run by trustworthy non-profit.l funded from various funds, not only governments.
CZ.NIC made Turris Omnia router. They also made TV campaign to wanr about internet dangers like phishing and to enlighten people about internet (like 15 years ago). They made many more things. They are very trustworthy for me. Just wanted to add some background about them.
The Nederlands has something similar called DigiD. I agree the way you recommend if something must be implemented, then this is the least worst option. Honestly if any entity is going to resist...
The Nederlands has something similar called DigiD. I agree the way you recommend if something must be implemented, then this is the least worst option. Honestly if any entity is going to resist the bribery lobbying of the effort, it will be the EU or countries within it which make it so.
Zero knowledge would be the least worst option. There's all kinds logged against your identity with this one, seems to me. At least from the description given above. I agree it's better than...
Zero knowledge would be the least worst option. There's all kinds logged against your identity with this one, seems to me. At least from the description given above. I agree it's better than eleventyhundred sites all wanting facial scans and government photo id uploaded to $deity knows where. But zero knowledge systems have to be the way.
At least that /would/ be true, if the intentions were, as stated, for age proofs. But whilst that is always the stated intention, with a side helping of "for the children", the implementations clearly betray the real meaning behind all this legislation, and it sure as grain ain't for keeping kids safe online.
Zero Knowledge would be the least worse option in theory. I don't believe a government or corporation would spend the necessary resources or have the desire to implement a zero knowledge system....
Zero Knowledge would be the least worse option in theory. I don't believe a government or corporation would spend the necessary resources or have the desire to implement a zero knowledge system. As a person who personally advocates for zero trust systems in IT infrastructure (and personally implemented it over the years for several businesses), it should be the way, but often times the voice of reason / adult in the room advocating for IT infrastructure is often told things such as "not good enough", "we need it sooner and don't have time for zero trust", or "we took your recommendation into consideration and decided to go another way."
I agree if this was all for legitimate age proofs, it would be a different conversation. Unfortunately, I see this as a CIO / subject matter expert getting told to sit down and be quiet so the CEO or similar can bring in the profits.
Alas, my wording of the least worst option is meant for the pessimistic view personally held on how this may go. Unfortunately this movement seems to be malicious from the very start under the guise of "think of the children" despite age verification being a non-issue until now since the invention of the internet.
Sounds like the system could have simple boolean fields like "is over 16", "is over 18", "is over 21", etc. That way, you don't have to give the third-party service years of age, or exact DOB.
Sounds like the system could have simple boolean fields like "is over 16", "is over 18", "is over 21", etc. That way, you don't have to give the third-party service years of age, or exact DOB.
Well, you are not going to Pornbub if you know it will kick you out, are you? And when you are over the needed age, the boolean only says "yes" thus not passing along any other information. Or you...
Well, you are not going to Pornbub if you know it will kick you out, are you? And when you are over the needed age, the boolean only says "yes" thus not passing along any other information.
Or you can not use this system and scan your id card with all the information...
If there has to be some kind of age verification, it should be just that - age verification. There is no need to pass along any other information than yes/no.
That model works fine for buying booze because you, y'know, are buying booze. You're acquiring a physical object. Having to go somewhere, in person, just to verify your access to a service would...
That model works fine for buying booze because you, y'know, are buying booze. You're acquiring a physical object. Having to go somewhere, in person, just to verify your access to a service would be a huge source of friction, enough that people wouldn't want to do it.
Plus, why should stores bother? There's no money in this. You just get non-customers into your store that don't buy anything and are probably pissed off that this is necessary at all.
I hate the age verification scheme too, but this would arguably be the worst way of doing it. And let's not leave it merely implied - very quickly this would be outsourced to startups that offer an appliance or a verification machine at the gas station so that no workers need to be involved, and those will absolutely store your ID after scanning. I could be wrong here, but I'm not. It's already happened. My local (German!) grocery store has started rolling out little phone-looking attachments to self-checkout kiosks that verify your age for 18+ items, with a truly horrifying privacy policy, that of course... no one reads.
I was surprised too, but more about the automated aspect than the self-checkout. I guess there are attendants around, albeit one per six check stands instead of two per one.
I was surprised too, but more about the automated aspect than the self-checkout. I guess there are attendants around, albeit one per six check stands instead of two per one.
To be fair, I've almost never been carded at all in Germany. The one time I was carded by a self-checkout, it was for an energy drink, and the clerk watching the self-checkouts bypassed it without...
To be fair, I've almost never been carded at all in Germany. The one time I was carded by a self-checkout, it was for an energy drink, and the clerk watching the self-checkouts bypassed it without asking for my ID (presumably because I look old enough 😢). I haven't seen the attachments delphi describes tho.
Child-locked devices exist and it’s up to parents not to give their kids an unlocked device. The industry could help by making child-locked devices easier to set up and by making sure they don’t sell unlocked devices to kids. If you do that, no age-verification of people is necessary except at checkout when buying a device.
It should also be trivial to set your website to adult-only. Set a config option and it gets added to a list that’s consulted by child-locked devices. (And it shouldn’t be the same setting that causes Google to think it's a porn website.)
This is the only acceptable solution to the "problem".
The government can ask for voluntary compliance right down to the operating system level. Microsoft, Apple, and Google will be happy to set this up. A simple child-mode flag that is set on the device by parents during initial setup (or anytime after). This would limit and child-mode flag what could be installed via app-stores/gaming stores and also cause the same flag to be set in the web browser (the only browsers that could be installed on a child-flagged device from the app-store would be ones that comply with the child flag). I'm even OK with white-listing what kids are able to look at on the internet via web browsers, probably a lot easier than trying to block things, there are always workarounds for blocks, white-lists are much harder to defeat.
No ones privacy is violated, no one has to provide ID that will be stolen and exploited. Parents remain in control of their parenting responsibilities, we can remain anonymous and the kids can be "protected". The rest of us can continue on as normal, it would be up to the parent to choose a device that supports parental controls and turn the setting on themselves. Linux distro's can choose to comply or not, if not then as a parent you should not provide your child's device with that flavour of Linux. Compliance will not be an issue among any kind of regular device, iOS/Android/Windows/MacOS will comply, big tech are the ones asking for this.
This current international push to de-anonymize the internet is the final nail in the coffin for privacy and freedom in our time. I believe it is that serious. People are literally being arrested for posting things on the internet in the UK, that is completely unacceptable. People must be allowed to speak their mind even if you don't agree with what they are saying, and remaining anonymous while doing so is of the utmost importance.
Agree with the whole thing but food for thought here
Theres kids out there with no parents. I mean like they in theory have a mom or dad or grandparents or foster family or some legal guardian but in practice they’re on their own.
I think we have a lot of systems set up for kids that ignore this reality and thats why so many of these kids end up chronically homeless, so, creating another system depending on present legal guardians for every child isn’t a 100% solution. Good enough for most, maybe, if thats what you care about.
Government can't raise children, and an age verification system certainly can't.
Fun fact: The largest demographic of perpetual homeless is orphan kids who aged out of the system and never learned how to live.
Really makes you think about why the drug/alcohol problems are so feeply engrained.
From what I hear (but I haven't looked deeply into the statistics), the most common source of homeless come from orphans who aged out of their orphanage. Not having a familial support network is that damning on a life.
Yep, agreed. I don't think there are any 100% techno-fixes that don't have draconian side effects. A solution that changes what's "normal" for most kids (for things like social media access) should go a long way. We don't have any 100% solutions for tobacco or alcohol use either.
Requiring sending a document to social media/a third party, which is used to identify, and act on the behalf of an individual, just to check a birthday seems overkill to say the least.
On the other hand, turning the majority of internet activity into governmental transactions — through a nation's verification service, could have large societal implications. As for policy, it seems it's easier to give power, than to take it away.
Much easier said than done, but I hope some form of zero knowledge proof is viable for this application, it's the only way I could imagine a robust privacy preserving solution to work.
It is, and the EU app mentioned in this article is already zero knowledge and open source (though it has flaws that need to be addressed as pointed by the article linked within).
I'm not saying I think we should all be verifying to go online, but if laws are going to be made about it, then they absolutely should all be to implement open source zero knowledge solutions. Not a single third party private company should be tied to a system like this.
They shouldn't, but they absolutely will try. The money is there so there will be pursuers.
Personally I'll just keep moving about as I always have. Outside of Youtube, there's no major website I care enough about to make an account at the cost of tying my ID to them. If it goes beyond social media, then that's more reason to pirate than actually consume (they already have my CC info, so there really is no excuse to age verify me). I've walked away from many sites over much less kerfluffles, so this wouldn't be any different.
I have probably already posted here abou Czech system that could be used for age verification. It's called MojeID (MyID) and is based on OpenID but actually isn't about anonymity, quite the contrary - it identifies you as who you really are. It is run by CZ.NIC - Czech NIC which is non-profit and it must be for such service to work in user's favor.
You set up MojeID via e-mail. Then you can add more information about you and authenticate each thing you add. The highest level is when you let CZ.NIC authenticate your name and address in national (government) registry. From then you are who you really are and can use.MojeID to authenticate into various services including government stuff (your driver's licence, to prove you have vaccine against covid in covid years, fines and ppints on your drivers licence, land information and such). The thing is you can choose which information is handed by CZ.NIC to the service you are logging in. You can simply see and (un)check what you want to be handed over - be it name, address, phone number or... you guessed it - date of birth.
This could easily work for age verification. The service (say Pornhub) wants you to log in via MojeID and when you log in to MojeID it asks you if you want your date of birth provided to the service you are logging in (Pornhub). Or better yet - Pornhub wants from MojeID just your current age, no need for age of birth. Yes, your age would be linked with your Pornhub account and thus your e-mail in their database. Not entirely optimal, but still much better zhen if you let government or Pornhub handle the situation.
I would thus propose NICs from a few countries, maybe EU, to join effort and make such srrvice worldwide and run it on their behalf. It must be run by trustworthy non-profit.l funded from various funds, not only governments.
CZ.NIC made Turris Omnia router. They also made TV campaign to wanr about internet dangers like phishing and to enlighten people about internet (like 15 years ago). They made many more things. They are very trustworthy for me. Just wanted to add some background about them.
The Nederlands has something similar called DigiD. I agree the way you recommend if something must be implemented, then this is the least worst option. Honestly if any entity is going to resist the
briberylobbying of the effort, it will be the EU or countries within it which make it so.Zero knowledge would be the least worst option. There's all kinds logged against your identity with this one, seems to me. At least from the description given above. I agree it's better than eleventyhundred sites all wanting facial scans and government photo id uploaded to $deity knows where. But zero knowledge systems have to be the way.
At least that /would/ be true, if the intentions were, as stated, for age proofs. But whilst that is always the stated intention, with a side helping of "for the children", the implementations clearly betray the real meaning behind all this legislation, and it sure as grain ain't for keeping kids safe online.
Zero Knowledge would be the least worse option in theory. I don't believe a government or corporation would spend the necessary resources or have the desire to implement a zero knowledge system. As a person who personally advocates for zero trust systems in IT infrastructure (and personally implemented it over the years for several businesses), it should be the way, but often times the voice of reason / adult in the room advocating for IT infrastructure is often told things such as "not good enough", "we need it sooner and don't have time for zero trust", or "we took your recommendation into consideration and decided to go another way."
I agree if this was all for legitimate age proofs, it would be a different conversation. Unfortunately, I see this as a CIO / subject matter expert getting told to sit down and be quiet so the CEO or similar can bring in the profits.
Alas, my wording of the least worst option is meant for the pessimistic view personally held on how this may go. Unfortunately this movement seems to be malicious from the very start under the guise of "think of the children" despite age verification being a non-issue until now since the invention of the internet.
This is certainly not the least worst option.
This is a pretty terrible option.
Sounds like the system could have simple boolean fields like "is over 16", "is over 18", "is over 21", etc. That way, you don't have to give the third-party service years of age, or exact DOB.
The day that bool switches you'll know the exact DOB. This isn't as clever as it may seem.
It's still helpful to keep DOB unknown for all those already over the number, though, right?
Well, you are not going to Pornbub if you know it will kick you out, are you? And when you are over the needed age, the boolean only says "yes" thus not passing along any other information.
Or you can not use this system and scan your id card with all the information...
If there has to be some kind of age verification, it should be just that - age verification. There is no need to pass along any other information than yes/no.
Exactly!
That model works fine for buying booze because you, y'know, are buying booze. You're acquiring a physical object. Having to go somewhere, in person, just to verify your access to a service would be a huge source of friction, enough that people wouldn't want to do it.
Plus, why should stores bother? There's no money in this. You just get non-customers into your store that don't buy anything and are probably pissed off that this is necessary at all.
I hate the age verification scheme too, but this would arguably be the worst way of doing it. And let's not leave it merely implied - very quickly this would be outsourced to startups that offer an appliance or a verification machine at the gas station so that no workers need to be involved, and those will absolutely store your ID after scanning. I could be wrong here, but I'm not. It's already happened. My local (German!) grocery store has started rolling out little phone-looking attachments to self-checkout kiosks that verify your age for 18+ items, with a truly horrifying privacy policy, that of course... no one reads.
It’s surprising that Germany allows that at all. In California, you can’t buy alcohol using self-checkout.
I was surprised too, but more about the automated aspect than the self-checkout. I guess there are attendants around, albeit one per six check stands instead of two per one.
To be fair, I've almost never been carded at all in Germany. The one time I was carded by a self-checkout, it was for an energy drink, and the clerk watching the self-checkouts bypassed it without asking for my ID (presumably because I look old enough 😢). I haven't seen the attachments delphi describes tho.