It would make sense to have the enduser verification ondevice with a simple reply to any online property : Passed age verification/or not.
Otherwise the centralization and eventual leak of this data is a can of worms in waiting.
Given that solution is unlikely to be legislated into action I would suggest people are just going to share adult content on Usenet, Tor, P2P, within G/PG rated video games by plonking down a virtual theater and streaming from a throw-away VM and fully automating syncing with LFTP+mirror+SFTP, sharing USB NVME drives, mobile ephemeral websites over WiFi and other methods when people get tired of this Top/Bottom relationship lobbyists want us to participate in. As a plus side, driving people underground means zero tracking, rules, taxes, obligations, leaking email addresses, etc...
Big tech did not want to cooperate to do this for some weird reason so now we get a much more complicated solution.
Yes I know that if your kid uses a live USB stick he could watch porn on his laptop but IMO is much easier for such a smart kid to find a website that does not respect the browser headers and torrent adult content.
It really should be just once that you need to show your id and then you should be able to generate as many proofs as you need whenever you need on any computer device, but they have an obsession on making very sure that it cannot be circumvented, as if it was insanely important.
Currently, it does not implement ZKP, and further requires proprietary Google Play Integrity use, making it an absolute toxic cesspool.
How European can it be?
This looks like a private consortium of usual suspects Tales and T-Systems squandering taxpayers money, not an official thing.
1) It is vulnerable to modifications and hacks on the local device that get it to send back a "yes" result without actually verifying anything
OR
2) It requires the device to use some kind of closed, proprietary system that allows the service to guarantee that #1 cannot happen
Now, in general, the tech world is pretty happy to accept #2, but many of the people around here would object to it on very reasonable grounds.
Oh look, we’re back where we started. The only winning move is to not play.
At the end of the day the tool should be there enforcement down to the relevant local authorities or not.
After all, are most services going to require the ID to be present for every session? Or are they going to require a one-time authentication for the account?
The key is to be open about it and “more” than reasonable; allow things when requested that aren’t harmful.
If we’re too perfect at protecting them from the world they’ll have no tools to deal with the world, which they will have to do eventually.
Now why they came back, and weren’t working before? The restrictions were so full of holes that they didn’t really work as anything other than a speedbump.
It looks like normal user device enrollment with device management is optional, hence why I think business probably makes sense.
https://support.apple.com/en-sg/guide/apple-business-manager...
The you can force all traffic through a proxy.
https://support.apple.com/en-sg/guide/deployment/dep7ba46fcd...
And since you have root certs on the devices, you can decrypt traffic and uniquely identify devices and block internet from your central management, at any time, regardless if the phone is on your wifi vs a friend's vs mobile data.
I think it should work.
We also have pi-hole running that blocks a lot of things, and can turn on and off certain domains (so they can play roblox etc for a short while, then its blocked again) and their devices are pretty locked down
All four of my daughters prohibit my 7 grandchildren from going anywhere near roblox. My grandchildren are currently ages 2-11 but my daughters are so outraged by what happens there that they say their children will never be allowed on roblox until they move out of the house. Apparently it is extremely predatory, lots of bullying, and highly sexualized - and while children are the site's target audience, the site provides no effective oversight.
While I think children need to be protected online, this won't but neither will trying to get parents to parent better
I know that was snarky, but that already exists in Germany, since the introduction of the civil law book two centuries ago. Children are legally required to do chores. Actually this is quite important, as otherwise it would be an adult requiring minors to do unpaid work, which is illegal.
That's the implication of making a law.
It doesn't matter that you could do those things before the internet the normal and often only or only practical flow involves the net.
Counter offer we keep letting people manage their own kids' shit and they can control access to the degree they deem appropriate
But the problem is that people are NOT managing their own kids' shit, and now we have to have things put in place to try and counter that - and end up overreaching.
I'm more than happy to educate mine on how to be safe online, and to come and talk to us about stuff, other aren't, or are not aware they need to.
Perhaps buying internet means you have to sign a waiver saying that if anything happens because of the internet then that is on the parent(s)...
Instead how about we simply continue to make reasonable laws regarding behaviour and holding individual people and companies responsible when they violate the law.
Whilst we are at it we can keep content filtering for pre teens and imposed by parents and accept that teens are going to figure out how to get to the real internet at some point.
What happens when the parent goes to bed and the kid hard resets the router? Or the parent goes to bed and the kid spoofs the mac of the parent's device?
It's a good outcome! Let the cat and mouse games begin, and the youth will be more tech literate than ever. But I think punishing the parents is a bit much.
It'll probably eventually be like how modern folks treat play dates when they ask the counterparty if there are guns in their house and whether they're locked, etc. but with the internet: Do you have a central device management system with proper safeguards, logging, and ml running for anomaly detection on your network? Do you dpi? How do you prevent your kids from evil maiding you? Is your personal computer locked in a cage, and do you check all your paraphernalia for keyloggers, etc. before booting?
There are also a ton of tricks and workarounds it's super frustrating.
No? They are surely somewhere in the top 3 influences that can actually have a meaningful difference here.
Yes, I have set up technical guardrails.
But when your kid needs Internet access to do their homework, and you forget to turn off the WiFi to their device after they're done... then they sneak that Chromebook to their room and watch videos all night, you lose.
When you have a extra phone that was sitting on your desk that you were preparing to resell and your kid sneaks that to their room to watch a few hundred YouTube shorts before you catch him, you lose.
When you have parental controls set up on your wifi network, but it's trivial to shut the wifi off and use the cellular network instead, you lose.
When your friends all have personal cell phones but you don't, you lose.
Parents have their hands full enough. Make it easier for parents, don't poke at them with a pointy stick.
You are at fault.
> When you have a extra phone that was sitting on your desk that you were preparing to resell and your kid sneaks that to their room to watch a few hundred YouTube shorts before you catch him, you lose.
You are at fault.
> When you have parental controls set up on your wifi network, but it's trivial to shut the wifi off and use the cellular network instead, you lose.
This can be controlled via Parental Controls on iOS via Screen Time. If you chose not to, you are at fault.
> When your friends all have personal cell phones but you don't, you lose.
Not sure what you want anyone to do about this. I recognize that life isnt fair.
> Parents have their hands full enough. Make it easier for parents, don't poke at them with a pointy stick.
No one is arguing against this. They are arguing how to implement this.
And yes, you are arguing against "making it easier for parents" - my original post literally advocated for legislating tech companies to make controls available, effective, and easy to use. If you truly believe what you're saying, then you'd agree with me. Instead you're nitpicking my ability to parent my kids. Exactly the behavior that isn't working, so please continue - I'm sure it'll work now.
You willingly invited that conversation. I obliged.
> If you truly believe what you're saying, then you'd agree with me.
Get over yourself. You have not made an attempt to ask for a solution from me to find common ground. You keep trying to remove yourself from the responsibilities of parenting in the modern world as shown in the examples you put forth and your initial post asking that parents not shoulder the blame for what is happening under their nose. Surely they have some level of culpability.
I believe that it would be good for Parental Controls on devices to have a toggle to say that the phone is being used by someone in under 13, or someone 14-18 (whatever bands you want). When enabled, this flag should be available to locally installed apps and remote connections. Laws can be passed that tell remote connections how they must act when receiving this flag. This keeps me, an free adult, from being subjected to more corpo/govt tracking.
Ad hominem attacks - great way to find common ground. I actually did try to find common ground, which is that we need to legislate. My argument is that the real entities that need legislation are the ones who can most afford to do so - in both time, resources, and ownership of the platforms that we are all beholden to. I will not advocate for even more punitive restrictions on parents (who already are subject to enough societal punitive pressures as it is - TBH your post is a great example. Instead of empathy, you reply with scorn and derision - as if I'm not good enough to parent my kids).
> I believe that it would be good for Parental Controls on devices to have a toggle to say that the phone is being used by someone in under 13, or someone 14-18 (whatever bands you want).
So you're admitting that parental controls are ineffective?
> Laws can be passed that tell remote connections how they must act when receiving this flag.
And those laws are enforced through what mechanism? What country enforces this law? Do ISPs now have to only accept connections from "legal" remote servers that have attested that they respect that flag? That sounds like an even more restrictive situation for you, as a free adult, than the current system.
But, I do have good news! What you described already exists! In fact, there are even W3C standards that have been around for 30 years to implement a machine readable content rating system! Just never got around to that whole passing a law thing to force all websites globally to adopt it...
https://en.wikipedia.org/wiki/Platform_for_Internet_Content_... and more recently https://www.w3.org/2007/powder/. You can read the ACM paper on this, aptly titled "Internet Access Controls Without Censorship" here: https://www.w3.org/PICS/iacwcv2.htm.
And the most popular web browser of the early 2000s even has this functionality built in - to filter out remote connections that advertise content unsuitable for minors! https://www.isumsoft.com/internet/enable-content-advisor-in-...
Grow some skin. I used that ad hominem in response to your false dilemma/no true support comment of "If you truly believe what you're saying, then you'd agree with me". This comment ignores the obvious 3rd option that we can share underlying values (parental controls are helpful) while disagreeing on details, tradeoffs and the responsibility that comes with parenting.
> So you're admitting that parental controls are ineffective?
I never stated anything of the sort. I specifically pointed how they could be effective for you in the examples you brought forth. I think they could be made more effective, not that they are ineffective.
> And those laws are enforced through what mechanism?
If this is how you feel, than no solution you put forth is valid either.
At this point, I've stated how current parental controls can solve some of your issues, parental controls can be strengthen, outlined an implementation that does not disrupt the lives of Adults on the internet while also pointing out that parents are not immune from blame and are bare the majority of control over their childs lives. Ive engaged with you in good faith.
You just keeping shitting on everything. All because I stated that parents are not immune from blame. I stand by the ad hominem.
You can't.
"Stranger Danger" is no longer don't get into a van with someone who promises you sweets kinda thing.
So we talk about it and try to get them to manage it themselves. They're not unwilling, but the addiction of continuous scrolling is really hard to break. It's not even that the content is terrible, it's more just the mindless zombies -- like sitting all day on the couch watching TV. And they don't even have an IG or TT account (and won't be getting one for a long time) -- this is YouTube (which now has endless scrolling like TT) which I don't want to block altogether because there's other helpful resources on there.
I've always been an early adopter, and was on BBS and IRC and all that back in the day, love the fact that the Internet is a place you can easily set up your own blog and all that, but recently I've honestly come to f*ing hate the internet in general and social media in particular.
Now you have ubiquitous WiFi and cellular connectivity across dozens of devices in a typical household. Even refrigerators have built in web browsers now. Parental controls are a joke, treated as an afterthought at best - nonexistent at worst. Oh, and the school system provides your kids with a Chromebook with Internet access starting in elementary school.
It's victim blaming at its finest IMO. Yeah, we can all point fingers at the parents who sit their kids down with an iPad. But there's many of us who struggle to limit screen time, working against the profit motive of trillions of dollars of corporations. It's a losing battle.
Edit: crazy. Instead of providing an answer to my question of "how do you do this in practice" I get downvoted. Goes to show that there are no real solutions, just a bunch of morality police and victim blaming. Yes, parents are the victims here. The tools are inadequate and trillions of dollars of incentives are lined up against them.
My daughter is still a baby, so the problem is still a few years away. But I don't know how to best handle it.
In some ways, I see social media as more poisonous to the brain than alcohol or tobacco. So, forbidding - or heavily limiting - internet access sounds like a plan.
On the other hand, part of me being a parent is teaching her how to navigate the world. And part of that, wether I like or not, is using the internet. Having contact with the communication tools that exist.
The world is full of sons of bitches. If I don't teach her how to deal with that, I would be raising an idiot.
Still, a problem for the future me to ponder over.
Did a pretty good job of not tempting me to try it very much.
Opposition to ID checks because you believe the internet should be open and free is reasonable but this article twists itself into knots throwing everything at the wall. And it is reasonable to believe it is a free speech issue. But we can’t say, at the same time, that the same arguments don’t apply outside of the internet.
(Convenience stores scan ID, bars scan ID, hotels take copies of passports…)
I like the (disputed) comment elsewhere on this page, requiring parents to parent. They aren’t my kids.
These are new things, not old things. The idea that stores and bars should be able to record for all eternity the identities of the people who have purchased things from them is just as much of a horror. They can sell that information to anyone.
> hotels take copies of passports…
This is not really a new thing, although it is a fairly new thing (i.e. within the last 40 years, since cheap enough photocopiers.) But it comes from laws about keeping track of who is staying in temporary accommodation, 100 years ago you would have had to sign the register.
ETA: (accidental submit; sorry) I'm in the same boat! Not entering my ID information into any website, much less ones they've got on the list. And so they've successfully boxed us in. At least for me, I intend to raise hell about it aside from just not sharing PIA, but I don't have any delusions of it's effect.
I'm bringing this up because it's the perfect litmus test to show whether you really care about age verification, or if you want personal trackability for all internet behavior.
I'd be okay with this for certain situations (e.g. a forum that doesn't want to foreign agitators to pretend they are US voters), but the whole porn thing is a ridiculous farce because there are still going to always be millions of non-us porn sites that don't enforce US laws.
As a not super tech savvy parent I find it impossible to keep my son off screens. He always finds a workaround. So I'm a fan of age verification especially after reading The Anxious Generation, despite all the hate it gets from hacker news.
This coloring problem is NP complete and somehow the thing the prover is proving is encoded in the graph structure. At the end of the day, the only thing the verifier is sure of is that the prover can make the three colored graph, 1 bit that corresponds to the thing the verifier wants to know (eg - does the prover have a token that can show they are over 18).
You meant logical criticism?
But it sounds like your wish is to keep your kid off screens in general, which I don't think age verification would accomplish.
Age verification actually gets almost no hate. Society-wide surveillance gets a lot; age verification just happens to be the "think of the children" excuse to shoe-horn in the society-wide surveillance. As OP described, if the age verification is implemented as a "zero-knowledge proof" then we have age verification without society-wide surveillance and nobody is complaining.
There's a type of token called a JWT that's really common nowadays, which is composed of 3 parts: Metadata describing encryption for the third part, the actual base64-encoded data, and the encrypted signature. The second part would include "is over 18" and "expiration date" to limit reuse/abuse, and is trivially decoded by anyone to confirm there's no personal information in there.
You'd get this token from your government site and copy/paste it into the site needing verification. The government site would provide a standard public key that can be used with the third part of the JWT to confirm it hasn't been tampered with (verification is built-in to JWT libraries). There would only be one public key that rarely changes, allowing the site to cache it, preventing the government site from correlating users based on timestamps - they never see the JWT from the other site (verification is done locally), and the other site would only need to pull the public key once for however many thousands of people use it.
...that said technical issues aside, I kinda feel like this would be the most acceptable version simply because it doesn't require the average user to trust the math - they could go to a JWT-decoding website and look at it themselves.
I guess the practical answer is that it’s impossible because there’s always the option to have an adult perform the verification and then hand over the device to the minor
We already have penalties for adults mistreating children by exposing them to dangerous things, but this is orthogonal to age verification.
My bigger concern would be who gets to issue these tokens. If it's limited to a particular government, then that doesn't work very well on a global internet. And making the internet not global (blocking adults from accessing foreign websites that don't adhere to your scheme) is kinda authoritarian IMO.
If we're going to do age verification and blocking of adult sites, it needs to be local to the user's device (and thus under the control of parents, not governments).
E.g. Instead of mandating sites verify users, we mandate internet-capable devices sold to kids have certain content restrictions, the same way we mandate you can't sell alcohol to kids. To make this more effective than existing content filtering, implement some kind of legally-enforced content-labeling standards websites have to follow to be whitelisted on these devices. This way the rights, freedoms, and privacy of adults using adult devices is unaffected.
Certificates prove that a website/server (and sometimes the client) are who they say they are.
We force the website to renew their certificate from an issuer every year so that stolen tokens/certificates are less of a problem.
The issuer can protect or hide the identity of the certificate owner, and doesn't get any information about which clients accessed a server.
Are we also at assume that the EFF fail to see the similarity of age-gating porn websites and age-gating entrance to strip clubs?
That doesn't seem likely to me, and I find it way more likely that the EFF is purposefully excluding the best argument against their chosen position.
Scratch out the age in „online age verification“ and you get to real reason
It could be through a header, or something like this: https://developer.chrome.com/blog/digital-credentials-api-or...
However, I have the feeling that none of these solutions will get wide enough buy in and adoption to be a viable solution to website owners.
jagoff•1mo ago
taylodl•1mo ago
Simulacra•1mo ago
minusLik•1mo ago