HN existed 20 years ago...? /s
edit: yes it did, lol
That’s why large tech companies are lobbying in favour of this!
Privacy is being abused by criminals to victimize people at scale. Just because privacy is a moral good doesn't mean you are morally off the hook for enabling criminals.
Governments are so aware of this they're passing sweeping laws against it. This is your new reality -- you can't just bury your head in the sand. The whole point was saying that there could have been a middle ground that protected more of your rights than where you're at now if it weren't for the absolutism.
Turns out that being an absolutist isn't helpful.
It's a mix of what they can do and what they're likely to do. They just have to be able to go back to voters and say they're doing something.
If you think that the fact that they did the wrong thing is an argument for not doing anything, you clearly are blind to politics & history.
And age verification being the wrong solution to the "privacy problem" doesn't remove privacy from lawmakers' crosshairs.
> In this last Bikeshed in acmqueue, I will ponder the far future of free and open source software (FOSS), hoping to upset so many readers that...
> During the past couple of decades, rampant neoliberalism and “globalism” allowed...
And I’m out. I guess congratulations to the author. Mission accomplished.
But I’m disappointed that the article took a turn towards partisan politics.
Except for shit like Stram Kurs, which nobody really supports or tolerates.
> During the past couple of decades, rampant neoliberalism and “globalism” allowed the U.S. tech industry to capture almost the entire European IT market, including all “social media.” This has recently proved to be a ghastly mistake, and now the EU, along with its member states and companies, are scrambling to claw back their digital sovereignty.
This is not a partisan political statement, it's a factual one. It is simply a statement of fact that neoliberal world markets have permitted hyperscalers to cross national boundaries and provide the same services at scale to governments worldwide, and like, without even going into any U.S. politics at the moment, isn't that... really weird? Like many EU governments had essentially put their ability to function as states in the hands of a foreign actor. That's WILD.
The people pushing for the destruction of privacy and attested software integrity ARE the tech bros. I'm sure there are people here that will vehemently disagree with me, but we see the biggest tech companies pushing for age verification and we see founders and rich folk gleefully giving up their earlier pro-privacy stances in favor of supporting locking down identity. They're building up their moat in real time because not only does it let them kill that pesky FOSS, but also it means they can legally gather even more data from individuals in question.
It also goes hand-in-hand with the increasingly authoritarian bent a lot of those same people have taken and these resources will absolutely be used to crack down on minorities and things they don't like.
I think your head would have to be firmly planted deep underground to somehow not connect the two dots. As another poster here said, they're literally lobbying for these age verification laws because it benefits them.
Also the fact they call it “age verification” when they clearly build an identity verification and we just accept their language is crazy.
There is nothing of substance here. You don't like AI, I get. But it still exists and pretending that no-one finds it useful is utterly foolish.
Edit: I overuse the word utterly. Nice to identify one of my tells.
Regulations for age restriction are understandable. A lot of modern technology is harming kids (and I don't mean dirty videos, social media seems to be much more harmful).
A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
I don't see a point of including all kind of OS or software into this regulation. Just the ones that are preinstalled on consumer devices, and commercially distributed to consumers. Once the age of the user was confirmed, the devices should be able to become as open as we know them now.
(Speaking as a parent of three) why can't we just leave all responsibility to the parents? In our experience in the offline world it seems this applies!
I speak as someone who's taken each of my three children - for two of them, multiple times - to the emergency room to be treated for broken bones incurred in the course of Real Life[tm].
Yes, they play contact sports.
Yes, we use Family Link with pretty restrictive settings.
Despite the series of broken bones, I'm still in favour of kids playing sports and still dubious about the effect of screen time on young minds...
His argument is not that they aren't going to find any bugs, but rather that at some point those bugs will be fixed. At which point we will continue on as usual.
This part is the load bearing claim. Why would you continue on as usual? I'm using LLM's everyday on code reviews and they still catch bugs.
Do yourself a favor and read this, a few times, and take a moment to actually try and see what the author's getting at.
The trouble is, compromise isn't really a tenable option with encryption. Either you make a draconian law that forces all electronic devices to run approved software only, or people will have access to easy encrypted messaging. There's really no middle ground, because where the smallest weakening of encryption affects everyone's privacy, only outlawing encryption completely will get it out of the hands of criminals. The cat's out of the bag.
Author here and in earlier writing seems to make the argument that a little compromise would make the courts less unhappy, but I think that's misattributing motivation. These laws actually are originated by big tech, who think they will be shielded from liability and make more money off of selling your data. https://github.com/upper-up/meta-lobbying-and-other-findings
That would outlaw programming. It's just not feasible at all, anyone with any kind of tech literacy understands that encryption is here to stay. It's also necessary for the web to function at all for the things we use it for, such as banking.
There is no way to prevent people from communicating in secret. Even if they did strictly control digital communication people would just communicate some other way.
Talking isn't doing, just like word generation isn't an outcome.
At least, this is what I have come up with because this blog is mostly incoherent blabbering.
Which model is this author talking about? Which pocket-sized devices? Where can I get them? No one is using Gemma 4 to find cybersecurity issues.
Edit: there are a lot of sentences that I can't distinguish from sarcasm in this article. I guess I read it too seriously.
A large model like Kimi 3 should be something like, 1-2TB? That’s a pocket size hard drive
He's been a strong privacy and FOSS advocate for decades and has more credibility on both of these topics than nearly anyone on this board.
He also has an account and comments frequently. phkamp. I suggest reading some of his comments before making judgment.
So many kneejerk and nuance-less opinions. Absolutely hilarious that people are thinking the guy who wrote MD5crypt and BSD Jails is anti-privacy.
Also eye opening watching how many people are getting frothing-at-the-mouth mad seeing somebody with that pedigree coming to different conclusions than they do.
depends on the age but.. they've probably discovered all kinds of shit already or heard about it from others
> So, it is not obvious to me who will be training new iterations of these models once the current bubble explodes, in particular if the returns are diminishing the way I have experienced.
It looks like he has no clue on how market equilibriums work. He really seems to think LLM's will just like.. stop existing.
So in their world, people would suddenly realise that AI is actually not that economic and we can't have Opus 4.8 quality models just with updated knowledge cutoff perpetually. So in his future, things won't just stall, they will literally go back.
He's really putting his emotional weight on this particular kind of future.
Either that or he's making nebulous emotional claims - its his blog so he can do it.
* https://svnweb.freebsd.org/base/head/lib/libcrypt/crypt.c?re...
* https://github.com/freebsd/freebsd-src/commit/3b2b7f71deba2a...
TIL: Phil Zimmermann was a "tech bro" and had a time machine.
Unfortunately, no, you can't have a prophilactic that just makes you a little bit pregnant. We used to know this.
Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
Then legally require it to be effective and easy-to-use-if-you-take-a-few-minutes-to-read-the-instructions.
See also [0].
https://www.pewresearch.org/short-reads/2026/07/01/majority-...
https://x.com/PTBwrites/status/2031529878021923118
https://yougov.com/en-us/daily-results/20250502-1e408-1
https://yougov.com/en-us/daily-results/20250502-1e408-2
> Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
This opinion is not grounded in data and facts. If this was true, we would not be here. But we’re here because parental controls are insufficient, the vast majority of parents are just hanging in there getting their kids to adulthood.
More than 3 million college students are raising kids. Most won’t graduate - https://news.ycombinator.com/item?id=48709130 - June 2026
The real single-parent capital of America - https://news.ycombinator.com/item?id=42867716 - January 2025 ("The places with the most single parents tend to be, to put it bluntly, struggling. The strongest predictors of single parenthood are high poverty rates and high shares of the population receiving government assistance.")
Parents Under Pressure: The U.S. Surgeon General's Advisory on the Mental Health & Well-Being of Parents - https://www.hhs.gov/sites/default/files/parents-under-pressu... - 2024
> When stress is severe or prolonged, it can have a deleterious effect; 41% of parents say that most days they are so stressed they cannot function and 48% say that most days their stress is completely overwhelming compared to other adults (20% and 26%, respectively).
> Nearly 70% of parents say parenting is now more difficult than it was 20 years ago, with children’s use of technology and social media as the top two cited reasons.
> Recent data from 2021-2022 indicate that among parents, 23.9% (or 20.3 million) had any mental illness and 5.7% (or 4.8 million) of parents had a serious mental illness.
> Lastly, many other caregivers assume primary caregiving responsibility when parents cannot, thus acting as a critical safety net for children. In recent years, there has been a notable increase in such individuals taking on caregiving responsibilities for children, with approximately 2.4 million children being raised by grandparents, other relatives, or family friends, without their biological parent(s) in the household.
U.S. has world’s highest rate of children living in single-parent households - https://news.ycombinator.com/item?id=37628812 - September 2023 (108 comments)
(fertility rates continue to collapse though, so hopefully this problem continues to decline over time, only time will tell; 40% of annual pregnancies in the US and internationally are unintended, per the Guttmacher Institute and the UN, respectively)
Charted: How American Households Have Changed Over Time (1960-2023) - https://www.visualcapitalist.com/how-american-households-hav... ("A record 58.4% of American households now consist of married or single adults without children. Only 25.3% of American households contain children.")
His theory is bunk, there is absolutely no middle ground to be had with the people who want a backdoor. There are no small backdoors.
I don't think it's that encryption was harmful, it's that it wasn't enough, and in a sense I agree with TFA & the Sun Tzu bit: it needed to be complemented by legislation that added decent privacy protections, and it largely wasn't. That was a mistake, I suppose, but the current political situation, esp. in the USA, disfavors privacy regulation getting done, ever. The Democrats are … maybe spiritually for it? … but not terrible effectual at getting it done; Obama's response to Snowden was "meh" at best, and Congresspeople, in particular Feinstein especially, let the DNI walk all over her. The GOP has no interest at all in regulating corporations, at all, ever, so with the House/Senate/POTUS all (R) at the moment, it's going to be until at least Nov before it is possible to even think that these might get addressed, and even that's … generous, and I won't be holding my breath for it to occur.
Stuff like what we saw in another thread today — with LG wantonly installing spyware — and things like Flock would have happened in addition to network intercepts; they are not happening instead of. Corporations and the government will do whatever the People permit them to get away with.
Almost all victimization is being done without end to end encryption. This is not a problem caused by privacy.
(just to be clear, my post was just to point out that the article is very difficult to make heads or tails of. it's easy to misinterpret a lot of the points many different ways! kind of like they're being overly implicit with the expectation that everyone'll know what they mean. it's something I do too and my way of cutting through it is to cut my writing in half and focus on clarity over mystique)
It would be illegal under the currently proposed /implemented laws and also open up social media to liability, which wouldn’t be true for other products like Alcohol or fire arms that require minimum age to buy but not give to children
Also give it to your kids too often and the state can step in.
Defense in depth
They can't be tracked, as long as the devices are in randomly sorted identical boxes. Of course someone can buy a device and give it to a kid, but that's already possible with alcohol (and legal if it's their kid).
I bought a beer yesterday and shared it with our 16 year-old, and I shared some wine with him this evening.
How does that not come under "parental responsibility"?
because we don't live in a 15th century peasant village. The average adult reads at a 7th grade level, 20% of adults are considered functionally illiterate, most adults can't navigate digital spaces, privacy and social media themselves or take on trillion dollar companies.
This also hasn't applied in the offline world since idk, Kant and Hegel, every modern state recognizes that children are persons and citizens in development, not private possessions. If your children have broken bones you can't explain or your parenting is considered to threaten the welfare of your child you can be pretty sure you'll have the authorities at your door quickly, and countries like France have given children the right to sue their parents in case they breach their digital privacy. So called 'sharenting' laws exist because it's not guaranteed that parents are even respecting the privacy of their own children.
> A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
If you think that this statement is too broad for this thread, I don't understand why you only have issue with my direct response to it. It seems like your issue is with the parent comment I replied to for not being on-topic enough.
And this wouldn't affect Linux or FOSS: on a child's device their parent installs either a proprietary OS or a FOSS with parental controls, but again, on your device you install whatever you want.
If that's all we want then that's trivial -- just make certain phones that don't have access to social media, or have whatever limitations enforced. And kids only get those phones. I don't think anybody's addicted to desktop social media.
This gets us the privacy and the protection at once.
The stuff I've seen on this doesn't look terribly convincing. It seems to mostly be along the same lines as saying that since some people get bullied or hang out with a bad crowd, socializing in general is harmful.
I'm treading lightly after you said "did you read it" to OP, I do believe we both understand that argument isn't nearly air-tight. (i.e. it implies either humans get so good at code that bug-introduction-rate falls percipitously, or, LLMs are so awesome they write all of our code bug-free. Neither of which jives with the thesis, that LLM code review is a nothingburger long term)
The best steelman we could say is "he meant 50% of all existing bugs in all currently existing code", which is still incompatible with a time-bound on their usefulness, unless we expect the rate of new code to fall percipitously.
The steelman I'm using, is they're speaking both loosely and strongly and intend us to understand these are strong opinions, held loosely, and they care for us enough to share.
> The only real question for me is: Are the LLM-code-review tools economically viable outside the bubble?
Now that's quite a prediction.
> Just on that repeated experience, I suspect we have already seen more than half of the “worst software bugs found with LLM-tools” list.
On the other hand, it’s not clear to me how you think that it already is “in a very big way”.
close04•1h ago
Ah, the famous “maybe if I take a step back they’ll appreciate it and not push harder”. Or maybe it’s “if I give the leopard my face maybe it spares my body”.
I’ll let reality speak for itself: look no further than Stingrays and every bit of legal abuse they enabled, where innocent people are spied on in bulk with flimsy excuses. How well did it work out when the protocol was already maximally compatible with laws?
There’s no “minimally compatible”, you either have the privacy technically guaranteed or you don’t. If it’s technically allowed to breach it, it will soon be done as a matter of routine under the guise of “protecting”, “preventing”, and so on.
So in the end we didn’t lose anything, what we did was we gained a short period in which we could all taste that freedom. If we used your proposal nobody would have had even that to begin with.
This logic would have been easier to forgive if it came from youth and inexperience, from someone who never got to know about the endless abuse of surveillance that was inflicted indiscriminately on everyone.
> I promised myself I would never join their ranks.
A wasted opportunity, missed by at least 1 article :).
ball_of_lint•33m ago
I do recognize their point that it's been made very hard to catch and prosecute cyber criminals. I think there are ways to improve that that don't destroy the privacy of everyone. But if that's the real goal, why isn't it the big pitch line of the Parent's Decide Act?