It's been true for decades in the USA that if they want to arrest you, they will. The age verification doesn't make this situation better, but at this point it's almost just a formality.
Extra-territorial issue are huge here. What is the limit of the boundary on a given nations constitution and law? How much does the economy of the user, the hosting company, the owning company, the receiving parties matter?
Social Media has advertising and publishers. It has people who can effect editorial control over what is seen and by who and to who it is "said" -And that imposes obligations on them, and on people lodging content. Differentially depending on their economy, the reach of law, registration of legally incorporated entities.
All of this is being implemented somewhat haphazardly internationally, enforced differently, subject to legal and financial and social pressures differently depending on the times and the context.
If you want to ask questions about America, about Americans, using American companies, speaking to Americans, believe me you don't neccessarily have a simpler task here. It may well be clearer to some of you, but to me, its just as fraught.
It's just not clear to me "free speech" is the bastion rule which applies here. The EFF may think so, I don't think they have actually demonstrated it all the way to the end.
Then you have the mega corps like Facebook who can figure out every detail about you even from merely _not_ using their system because of the hole you leave in your social network that does use them.
The only privacy left is from anonymous troll farms claiming to be an American while talking about how the Texas oblast is valuable for its warm water ports.
I am fine for privacy on consumption of content, but you should be forced to identify yourself for posting so the common man at least has a chance to evaluate your statements instead of being misled, all while, as stated above, our governments and corporations don’t have that limitation.
Also anonymity can actually improve social media polarization (see Chris Bail’s research)
Also again, the corporations and governments(for certain levels of government like the members of the Five Eyes) can pierce this veil of anonymity, the people who have a lot to lose already are risking it by speaking.
Edit: this also isn’t a newly diagnosed phenomena, I remember seeing this satirical description of the behavior as a kid back when Web 2.0 and social media was starting to change the internet[1]
[1] https://www.penny-arcade.com/comic/2004/03/19/green-blackboa...
It really isn't, though. Don't mistake the internet for reality. The majority of people in the US and Europe support laws like these, and most of the rest don't care.
Even on Hacker News the consensus is mostly in favor of anything from age restriction to making all social media illegal.
That doesn't sound right. Put up a poll. I'd put money on 90%+ choosing some flavor privacy/anonymity on the internet.
Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats.
[1]: https://blog.cryptographyengineering.com/2026/03/02/anonymou...
If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?
I grew up in a neighborhood full of drug dealers. Street sellers, not the classy Walter White kind.
Ironically being on a computer all day kept me out of trouble.
But with these laws in place I guess you might as well start doing stupid ish in real life.
Too bad?
Solution: Maximize the distance between yourself and the people
If I misbehave here, dang can just ban me. There's no reason HN needs to know my real name. The only reason to mandate blanket age and identity verification is to control online speech.
I may sound crazy for saying so, but I think the answer is more government run infrastructure for enabling identity-based operations, like payments and authentication, with rules about standards, open source, contractor selection, and audit that make operation transparent. It can work if technical operations are legislated instead of "left for the engineers to figure out."
Then at least the evolution of systems can become real political issues that map to election cycles.
The greatest argument against this I can imagine is that we cannot trust government with this, at which point I just have to laugh given all the other more serious real world things we do trust government with.
Tech companies should ignore it and just publicly name whoever attempts to prosecute them and see how the population responds. I think people today are orders of magnitude more informed about their privacy and the consequences of digital ID laws. A few countries are on the edge of revolt at the moment anyway, and this would be a good way to get young people into the streets.
20 years ago, people would have had no defense against it or understanding of what was being imposed on them. Today, normal people use Signal and encrypted messengers, faraday bags, and leave their phones at home. Where we were nerdy security guys back then, non-technologist women and girls use spy tradecraft level electronic opsec for their own safety and security from middle school. People are much more sophisticated about their privacy now. They're ready to take this on.
The laws coming into force are on people who are not in favour of them, and I'm so optimistic that I will not interrupt the enemies of privacy and human dignity while they are making a mistake.
1. Age gating + VPN ban under the guise of protecting children from social media
2. Few years pass, Identity Passport gets ushered in under guise of convenience of not having to repeat those pesky age verification checks.
3. Utilities start to require ID Passport. Including signing up with an ISP.
4. Renting starts to require ID Passport.
5. Work requires ID Passport.
6. Well done, you built the torment nexus!
I think for this argument to carry weight with voters, privacy advocates need to be much more specific about what "coming back to haunt you" looks like. They do a little bit of it later on[1], but I think most people do a rough cost benefit in their head and decide that the small benefit outweighs the small risk (to them).
[1] "And that creates a lot of risks for data breaches, overly broad data collection and retention, censorial legal demands for collected data, corporate and governmental malfeasance, pressure to self-censor, and perhaps blatant First Amendment violations. Every new layer and every new mandate brings more potential for risk. As we’ve unfortunately seen many times over the years, people including high-level government officials will maliciously seek to root out the identities of their critics, so the more layers of anonymity we can preserve in online speech, the better."
The Supreme Court has repeatedly held that the right to anonymous speech is inherent in the first amendment [1] [2]. See also The Federalist Papers or Common Sense, without which the US might not exist at all.
Free speech absolutism that ends up in creating an environment where real speech is drowned out by lies is not valuable to me. It’s like the paradox of tolerance.
If you were correct, there would be no need for them to push these new laws. The fact is, you will have less privacy after these identification requirements are full enforced.
I can only say what I've observed from numerous threads - people's advocacy for privacy on the internet here does not extend so social media.
But OK this could be fun let's put my keyboard where my mouth is: https://news.ycombinator.com/item?id=48680434
Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.
There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.
Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.
Majority of people understand their SIN or SSN number or whatever, they understand they have a drivers license number. This could be built in such a way that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested
Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.
There is no in-between for ZKP validating someone's age.
the truth is that the two extremes you listed can be titrated.
if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another.
there are some other trade offs that can be made.
I've also always been curious how a truely anonymous identity verification could possibly work. At best for age verification, I could be given some kind of token that would still have to verify my age and be verifiable with a central authority to ensure my token is valid. The central authority could always keeper records of my token, revoke it whenever they please, and every entity that can verify the age associated with, or embedded into, the token knows at least some of my PII.
It's one thing to be concerned about someone stealing my credential, but another to prevent the transfer of these credentials, especially if they are limited use credentials.
The entire point of age verification systems is to prevent minors from accessing certain resources. I think we all know that this is basically impossible; but what these various governments and social media companies want to do is to make it high friction to do so.
The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work.
Keep dreaming of a technological solution -- there is none that does not lead to the world that FIRE is warning about, except to accept that we can only make a solution "good enough" and leave it at that, without expanding into full on identity verification. The solution here is likely to just try to provide better abilities for parents to monitor and limit their children's use of the internet. Let individual parents decide on the level of harm that they are willing to accept, and accept that there will be ways to work around this even if parents are vigilant, but just try to reduce it on the margins.
gchamonlive•58m ago
OnionBlender•46m ago
nathan_compton•38m ago
Ifkaluva•36m ago
ghaff•31m ago
gchamonlive•23m ago
EvanAnderson•36m ago
I don't know what their retention time is on circulation records, but beyond aggregate statistics for culling materials that aren't circulating I bet it isn't too long. Now I want to go check.
My library also only keeps 24 hours of video surveillance because they didn't want to be able to fulfill requests from the cops for footage of patrons. I really liked that.
Edit: In the patron portal it permits me to disable "borrowing history" and says it permanently deletes my records. I do contract IT work for them so next time I'm engaged I'll ask about the details. They're moving to Koha later this year (free / open-source ILS) so I could go look at the code to see what it does (which is nice).
HoldOnAMinute•19m ago
Write your own books.
Make your own music.
__MatrixMan__•41m ago
TheRoque•38m ago