Could you be more specific as to what you're imagining? I don't personally see a way to verify someone's age which doesn't involve either credit card verification, photo id verification, or some sort of facial recognition. If you know enough about someone to verify their age—even to a relatively low degree of accuracy—you probably know enough to pinpoint who they are in general.
Heck—in most cases, we can't even tell the difference between humans and bots anymore! And it's true that we basically accept that some bots will slip through the cracks—but identifying bots also strikes me as significantly easier than identifying children.
The government issues an eID to your wallet. The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID. The government signs individual attributes combined with the public key with the government private key. The government certificate containing the public key is, well, public.
One of the attributes is ‘over_18’ (In the EU eID scheme countries can add other over_XX attributes if they want, but over_18 is mandatory).
When a website wants to requests attributes, in this case the over_18 attribute, they send a request to the user’s wallet app, including a challenge. The wallet sends back a package including the government-signed attribute, which contains the device public key and the over_18 attribute plus a response to the challenge (proving the credential didn’t get transferred).
The website only sees the ‘over_18’ attribute, which is backed by the government signature. They don’t see any other attributes (the wallet app shows in advance which attributes you are sharing). The government never sees which website wants to know if you’re 18+.
Of course this is all a bit simplified, check OIDC4VCI and OIDC4VP for details.
The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.
> The website only sees the ‘over_18’ attribute, which is backed by the government signature
Not true. The device's public key is also sent, which functions as a stable device identifier.
We've spent years trying to get away from stable tracking IDs and fingerprinting. Returning to a system where devices are sending a stable ID to a website to prove ownership is a step backward.
There are proposed mitigations like issuing multiple sets of credentials or rotating them, but we're not going to get an infinite number of keypairs for every website or session in the secure enclave in practice.
Another reason why these proposals aren't getting much uptake is that they aren't addressing what the lawmakers are pursuing: They don't want anonymous authorization tied to the device. They want IDs tied to accounts and a way to discourage people from sharing IDs. In the anonymous systems it only takes one person a few minutes to put an over-18 identity into a device and there's no way to determine if someone is abusing the system by stealing IDs or if someone's 18 year old brother is setting up all of their younger brothers' phones for $5 each.
The situation gets stickier when you acknowledge that it's not possible to limit all of these websites to only mobile phone devices with secure enclaves that are not jailbroken. Once you open a door to desktop devices and other OSes accessing these sites, you open the door to replaying and proxying attacks, where someone will produce those `over_18` attestations on-demand for you, possibly for a minimal price. This brings us back to the public stable identifier to discourage fraud, which means governments won't be happy to issue as many keypairs as we want, which means we're back to semi-stable fingerprints.
> Not true. The device's public key is also sent, which functions as a stable device identifier.
This is covered by allowing for single-use credentials. IIRC the EU personal IDs will use this. Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs. Each credential is only used for one request and then deleted. The wallet will automatically request new credentials in batches when they run out. The old key-pairs are deleted along with the credential so you don’t run out of space in the secure enclave.
> Another reason why these proposals aren't getting much uptake
I’m not sure what you mean by not much uptake, EU countries are required to issue and accept them for official business by the end of 2026
> This is covered by allowing for single-use credentials.
They said There are proposed mitigations like issuing multiple sets of credentials or rotating them, but we're not going to get an infinite number of keypairs for every website or session in the secure enclave in practice.
> Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs.
The comments you replied to omitted mass surveillance. But the article and 1st comment included it. The government would know what wallet requested each single use identifier.
> The government would know what wallet requested each single use identifier
Which only means that the government knows how many tokens each citizen consumes on average. They don't know where each identifier was used nor the exact timestamp unless each website communicates this to the government, and such a backchannel does not exist in the spec.
> This is covered by allowing for single-use credentials. IIRC the EU personal IDs will use this. Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs. Each credential is only used for one request and then deleted.
But this then means that the issuers and the verifiers can trivially collude to deanonymize holders/users.
> The wallet will automatically request new credentials in batches when they run out.
Is that an ongoing cost that I’ll pay for via taxes? It doesn’t matter how anonymized all the schemes are. The government needs to give permission by signing attributes. It will be abused to gate everything we can do.
I wouldn’t be surprised if everything is gated behind attestation fairly quickly. Then our “secure” devices will attest against us if we do anything that isn’t a government approved activity.
Hopefully they never manage to hijack our network protocols. Imagine something like SNI, but it’s an attestation that traffic originated from a secure device that’ll participate in the scheme you described. Then your ISP can drop non-compliant traffic and you can only engage in government approved activity.
Whatever the system is taxes will pay for it and the inherent cost will not be very high, but it'll be contracted to a greedy money-wasting government contracting firm like Oracle, as always happens.
There are schemes where you don't need key pairs for each user (assuming the government has some way of authenticating users). Private State Tokens use blinded tokens for this.
It doesn't prevent tokens from being stolen or sold, but the token issuer only accepts each token once and can limit the rate that tokens are issued and control how fast they expire, giving decent control over how practical using stolen or sold tokens are.
> In practice this means no rooted/jailbroken phones.
Personally - this is less acceptable to me than just having the site collect my image/id.
I'd support just putting the id in a dedicated device (ex - gov issues smart key) or just accepting that sometimes people will share id info (just like... physical ids).
It doesn't even close all the doors to transferring ids - since I can still just hand someone a phone (just like... physical ids).
Yeah, but being able to share Id with someone who happens to look eerily like you is different from just handing people your ID and they are able to use it like it was implied. That’s not how IDs are used.
My experience has been that absolutely no one cares, as long as they could be construed to be "somewhat similar".
Ex - People change hair color, lose a boat load of weight, wear eye-color changing contacts, drastically change hair styles (facial and normal) etc...
No one bats an eye at an ID that "only sorta vaguely resembles you" outside of a very limited subset of places (the only one I can actually think of is Customs while traveling).
---
So my take is that as long as the gender appears similar and the ethnicity seems "close enough"... the store is still going to sell you alcohol, the bar is going to let you in, and the movie theater is going to sell you tickets.
If you are referring to EUID (not fully sure as you said EU eID, i dont know if you are referring the estonia of eID like system)
I have to mention that EUID is not private, since there's "provider" element which informs website if you are 18 or not. The flow is:
1) You scan QR code
2) Your EUDI wallet does verification, informs provider to tell you are 18+
3) Provider informs website you are 18+
The EUID draft doesnt mention tech like ohttp for anonymizing requests. So there's risk of provider keeping track of who you are. So while everybody claims its fully anonymous which is just false. Government could ask website/service for the token or account information then use timestamp or token then combining with "provider" logs, your identity will be exposed.
EUID has another problem which is letting all countries implement system, which is wasteful duplication effort so this probably will be outsourced and to same company to reduce duplication efforts. Then it'll be centralized and they happen be collecting telemetry data for "experience improvements" as everysite out there do.
I haven't even mentioned biggest problems like requiring attestation Apple/Google. While spec doesn't require it, but the likehood country's app requiring it will be very high.
> The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.
Yeah, and no Linux PCs, no custom builds of web browsers (which would effectively become open source in theory only)—basically the end of any kind of open platform. I would much rather just scan my ID!
The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID.
IMO, there are two other issues that need to be solved. The major one is that there should be some way to do attestation of devices that are not Google-certified Android or iOS. If this does not happen, the smartphone duopoly is permanently entrenched and not a fair/free market anymore. There is no way to use a smartphone without basically losing your privacy to Google/Apple and given the increasing importance of online services it's becoming increasingly impossible to live without a smartphone.
It was very disheartening that the EU reference implementation was rolled out with only Play Integrity and Apple's counterpart. IMO, this should have been solved before the reference implementation was rolled out to member countries, because many of them won't bother to go beyond that [1]. It is also completely counterproductive when it comes to EU tech sovereignty. There is a group of pioneers that are growing the sovereign ecosystems and then you cut them off.
The second, perhaps lesser, problem is that the security story is not super strong, because most Android phones do not even have a secure enclave (outside Pixel and Samsung flagships/A5x, there are very few). Instead they rely on TrustZone etc. which are regularly targeted by side-channel attacks, etc. Ironically, GrapheneOS is cut off from most of these systems (because Google Play Integrity), while it actually requires a secure enclave and is more secure than... well I guess every other smartphone.
[1] There is some hope, e.g. the developers of the Dutch identity wallet acknowledge the issue and are open to supporting alternative systems.
> The major one is that there should be some way to do attestation of devices that are not Google-certified Android or iOS.
IMO, just don't do the proof of possession. If I have the token that says I am an adult, I can use it to be considered an adult online. If someone requests millions of tokens and sells them, then punish that someone. It's not very hard to find them: they have to sell those tokens somewhere.
Also don't try to solve the VPN issue: I highly doubt most kids will use VPNs to access social media, and accessing porn isn't that hard if you are capable of running a VPN.
Again, I can consider age verification as some kind of "inconvenience for under age people". But the age verification that works 100% of the time is a problem, as you say it will lock people out with remote attestation and that is not acceptable.
I'll stop you right here. I don't want to be forced to use a government issued ID — one the administration can revoke at a whim, one that will certainly be backdoored by intelligence agencies including the ones they haven't told you yet — just so I can talk to my friends online.
It's insanity that we are asking the state to regulate personal identity — and trust them with it - in 2026 on hacker news.
> Which part of that is avoiding the distopian control?
Your ID is already controlled by your government, and we don't call that dystopian control. With privacy-preserving age verification online, the government doesn't learn what you do with the cryptographic token that proves that you are old enough, and the website doesn't learn who you are. So it's exactly the same situation as today, except that now there is age verification.
> how does this work on an open source operating system?
First, it can be open source and have DRM and attestation. Android is open source, for instance.
This said, I hate the idea of remote attestation. And for age verification, I strongly believe that it is not needed. We don't need to make it work everywhere all the time, it just needs to help. I can imagine a privacy-preserving age verification system that helps with some problems (e.g. make social media or porn less accessible to kids) without bringing dystopian control and without making it super hard for adults to access social media and porn.
But I absolutely hate the idea of remote attestation.
> Your ID is already controlled by your government, and we don't call that dystopian control.
The expression "papers, please", a classic exemplar of dystopian control, is referring to what?
> First, it can be open source and have DRM and attestation. Android is open source, for instance.
When people say "open source" in this context they mean that the user or third parties can make changes to the system, not that the source code is thrown over the wall from time to time. The situation with Android is exactly the thing that we don't want.
Do they? My experience is that often they don't know what "open source" means in the context of software or that they don't know that the system they were criticising is actually open source.
Does it, though? There are many, many, many AOSP-based systems. DJI remote controllers run AOSP, and of course there is LineageOS and GrapheneOS.
I can read the sources of AOSP, I can modify it, build it and install it on my device.
I can read the sources of AOSP to find bugs or security issues.
I can read the sources of AOSP to understand how it works and get inspiration for my own projects.
What does it compromise to you?
Maybe you're unhappy about the fact that it is not open development, but that's a completely different question and many, many open source projects are like that. I have offered PRs to multiple projects that never bothered reviewing them because they did not care, and that is exactly how open source works.
There are so many reasons to complain about Google, the fact that Android is open source is not one of them.
The California age "attestation" system is a really good idea. It just delegates to the device owner, assuming anyone who can buy a device is the parent or is close enough to being an adult it doesn't matter. And then it makes using any other signal illegal unless you're a bank.
> Your ID is already controlled by your government
In the US, there are no national IDs, each state is responsible for their own. Transitioning to a national ID is not even legal currently, it would require a constitutional amendment... and I think most people do not want that for multiple reasons.
I am not sure how that is relevant, rather than nitpicking.
In the EU, there is no concept of EU ID, each country is responsible for their own.
Still, there is a governing entity that is responsible for your ID and controls it. Unless a US state is not a "governing entity"? Though the head of a US state is called a "governor", right?
I think the relevance is that there can be no requirement by the US federal government for states to support any particular technology, which makes age verification continue to be a state-specific unregulated free-for-all.
Even the REAL ID Act only mandated requirements for a license when used to enter government owned or regulated property, and states can still choose not to abide by it.
Yes but that is irrelevant to the discussion here. It doesn't matter if the federal government runs the age verification or if each government does it. The point remains: that "governing entity" already knows your identity, so by running an age verification service they do not learn your identity.
> there is no single government id in the UK at the moment, they currently do not control my identity
Wait, so you live in a country where there is no government that can provide an ID? How does it work when you travel abroad? Do you have multiple legal identities, with different names and nationalities, that cannot be individually tracked back to one government?
> you specifically talked about an OS without user changeable software, thats the definition of open source
No? Open source is about your ability to reuse the code. You can modify and install Android (or let's say AOSP) on most Android devices (look at the list of devices supported by LineageOS for instance).
The one thing you cannot do is modify it and get your changes signed by Google.
Remote attestation is about preventing you from leveraging open source software, but the software is still open source.
they provide passports for travel, driving licences for driving, national insurance number for taxes, but its not a single id that everyone is required to have
there is no point in it being open source if i cannot modify and run it
> they provide passports for travel, driving licences for driving, national insurance number for taxes, but its not a single id that everyone is required to have
I am not sure what point you are trying to make. The government controls your passport, your driving licence, your national insurance number for taxes, but because those are 3 different IDs, it doesn't count as "your government controls your ID"?
Feels like you're just nitpicking for the sake of it.
> there is no point in it being open source if i cannot modify and run it
Well I for sure hate the idea of remote attestation, I agree with you on that. I was just pointing out that saying "it's not possible to have remote attestation on an open source system" is wrong: it's possible, that's a big part of why "they" like remote attestation: because they have control even if you can tamper with your system.
I don't want an eID established on the net. It isn't sensible design. It would only work for the legal offerings and those just can send a header and devices need to block any communication if device is in kidmode. Easy, efficient, better engineering.
Illegal offerings won't do either of course. That can only be achieved by whitelisting a kid-net. Resource intensive, but only choice if you want unsupervised kid safety on the net. Because the net isn't kid safe and it cannot be by design. So you would need to create a subnet with actively moderated content.
Any other proposed mechanism has severe flaws. The only other choice is active parenting, which is unrealistic. An internet ID solves nothing, but creates more problems.
With active parenting I meant parents thoroughly checking the sites their kids have access to. Nothing parents can shoulder these days in my opinion since it is a very technical and fast moving problem. Some parents could do it, but the vast majority probably wouldn't.
Most approachable is the device having some kid mode. In this mode online platforms need to send a respective header to authorise the content as kid friendly.
If that is missing, access isn't possible. In this case parents just need to check that the devices of their kids are configured properly.
Compared to current age verification laws, I agree that a self-declared header would be better both technically and socially. Parenting is daunting for the vast majority (including myself), and that solution would make it easier for parents to supervise their children, but I strongly disagree it's unrealistic to generally do so today.
Congratulations, you just outlawed open computing thus still getting us into the coming dystopia. This is not an acceptable solution especially to a problem that doesn't really need to be solved by age verification.
No, none of the commodity pcs or laptops come close to what Apple iPhone or Google Pixel hardware offers. Some have some sort of the secure enclave but it's not as safe.
This would run into the same deal as VINs in the real world being tied to licenses, or serial numbers to guns. But the car equivalent of VMs/open hardware/custom firmware (imagine a $7 pi zero flashed with lineageOS “overage phone”) then becomes equivalent to a gun without a serial number, and suddenly open source/hardware people are felons and there is insane amount of control on hardware and software like it’s 1982.
This assumes that the government would be able to verify independently a phone serial number so that people’s IDs aren’t leaked. If not, then you’re back to the same thing as before since “drivers licenses” are stored by sites and shared around with advertisers
Nope they don't. That's the whole point of privacy-preserving age verification.
Technically it is possible. The complaint that people have is that they don't trust that any government will get it right. But it is technically possible with known cryptography.
Ah ok. I understand now. The website isn't making an additional request to the government to verify that the credentials you gave are real. The authenticity is built into the signature.
Yes exactly. With the caveat that an untraceable token can be passed to someone else. So then there are the shady remote attestation schemes that try to make sure that only your smartphone can use that token that was generated for you, and this is very very bad in my opinion.
But if you accept the caveat (like we do for cigarettes, where an adult can buy cigarettes and then give them to a kid), you don't need to remote attestation part.
No, it isn't technically possible. With true anonymity you can also re-sell tokens making them meaningless. If you prevent token sharing then you cannot have real anonymity. You can't have your cake and eat it too.
And if you have to trust the government to get it right then you have already lost because they are definitely motivated to NOT get it right because they WANT to track you.
It will go fine, because everything you want to do will require it. Even if you don't strictly have to, you will be effectively ostracized. Transit, entertainment, productivity tools. Haven't you noticed that things that have previously been easy to do are much harder now, even before this has rolled out? Like providing a government ID to visit a museum, for example. Or getting an email address. Using claude.
I feel the idea of public key encryption could be done without a phone but the device locking makes it harder to transfer the token off device. Like the parent comment said, I think 90% is all we can aim for. Nothing is going to be perfect.
>Could you be more specific as to what you're imagining?
sure, i'll put my favorite two. though you'll find much more detailed and thought-out versions of these (and others) in the dozens of other giant threads on the same topic.
- buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
- websites issue content tags, browsers consume them, you enter your age into the OS during setup.
> buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
This could be a good system if it's set up right. There's still some risk of being tracked if it isn't though. IDs could be linked to the cards at the time of purchase if retailers scan the drivers license, then scan the card creating a record that card #XXXXX was purchased using driver's license # XXXXX
Even if retailers aren't scanning the drivers licenses and collecting data that way, the cards and codes on those cards can be tracked and traceable to a retailer. That's how things like calling cards have been tracked. Say for example someone uses the code on a card to access a website, the police can match the code that was used to the serial number of the card, look up which retailer that card was sold at, and can then access security camera footage at that retailer to identify who bought the card from that location. This would also let them passively generate lists of IP addresses/device IDs matched to websites and specific retail locations over time.
> buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time
Why should I pay continuously to prove I'm an adult? And those cards will be getting sold to kids faster than you can blink. I bet a lot of parents would buy them for their kids.
>What makes you think this will be close to 90%? Unless these cards are expensive I don't see that happening.
its obviously just an illustrative guess. but if the penalty of possessing the card is similar to underage possession of alcohol/tobacco, and larger penalties if a store/person is found providing a card to someone underage, i see no reason why it wouldnt have a similar success rate as alcohol/tobacco.
If they have access to the "dark web" they can already do anything that requires age verification there. In the same way you expect that the rule to "not sell UUIDs" wouldn't be respected there, I wouldn't expect other age-verification rules to be respected, no matter the verification method.
You need to pay for a drivers license or a passport and so on. So there is an intrinsic cost to prove who you are where you are from and what your birthday is already.
You have to pay for all sorts of small things to participate in normal society. This isn't a serious criticism.
By definition this is not a life critical thing, it's something that is procured in order to access specific services on the internet, which is not free.
>You need to pay for a drivers license or a passport and so on.
I have a government ID and I didn't pay for it. I can use it to travel to nearby countries in lieu of a passport. The assumption that IDs are necessarily non-free (to the issuee) is pretty funny to me.
>it's something that is procured in order to access specific services on the internet, which is not free.
The maintenance of the Internet is already paid for through ISP contracts.
I mean, if you really want to make the government subsidize an ID verification scheme or mandate that certain real-world locations provide age verification as a social service for everyone, that's fine.
It's orthogonal to the discussion, though, which is about whether we should do it or not, because the costs here aren't significant and don't change the terms of the debate.
I'm personally in favor of just banning children off the Internet, but I don't agree it's orthogonal to the discussion. What I replied to was the implication that someone should pay a recurring cost to prove they're an adult for the same reason that they pay to own a computer or to connect to the Internet. Don't disown the dumb thing you said.
I'm not disowning it at all. I think paying a recurring cost to prove you're an adult for purposes of accessing the internet is completely fine, trivial, and unimportant.
You have to pay a cost to go out in public, since there are nudity laws. You have to pay a cost to use an airport or a train station. You have to pay a fee to prove that you own a car. And so on.
It just doesn't matter. It's not important. It's consistent with how we organize our society in general, which makes focusing on it in this one particular instance more understandable as an attempt to distract from the substantive merits of these arguments about age verification.
>I think paying a recurring cost to prove you're an adult for purposes of accessing the internet is completely fine, trivial, and unimportant.
Okay, but the person you replied to doesn't, and instead of providing an actual answer to their question, you posed a false equivalence between proving your age and buying a computer.
>You have to pay a cost to go out in public, since there are nudity laws. You have to pay a cost to use an airport or a train station. You have to pay a fee to prove that you own a car. And so on.
You are purposefully muddying the waters by being lax with your use of language. The "cost" you "pay" by wearing appropriate attire in public is fundamentally different from the actual cost you actually pay when you engage in commerce; one is a trade of freedoms and the other is a trade of goods and/or services. If your argument is that the freedom you have to trade in exchange for the freedom to access the Internet, is that of not having to show an ID, that's one thing. If you also have to add a recurring monetary cost then that's another.
If you don't have an answer to the question of why someone should have to pay again to use the Internet beyond "*shrug* just 'cause, dude. Who cares?", then maybe you shouldn't have said anything.
> If you don't have an answer to the question of why someone should have to pay again to use the Internet
Of course I have an answer. To do something about the unlimited firehose of porn, violence, divisive, and addictive content that has been pointed at children for the past generation or so.
There's literally nothing confusing about the "why" in this discussion.
The fact that bad people use the "what about the children" argument regularly for bad reasons doesn't mean that all such arguments are bogus.
In fact, it's an indication of exactly the opposite, it's so regularly used because there is a broad consensus that we need to protect children from harm which is why it's often effective as an arguing tool.
The relevant frame for this discussion is will it actually work, and what are the tradeoffs. A trivially small amount of money for a simple age verification scheme isn't a particularly meaningful tradeoff against a genuine social problem. The bigger, more genuine issues are around privacy and censorship and I do in fact concede those are real.
>To do something about the unlimited firehose of porn, violence, divisive, and addictive content that has been pointed at children for the past generation or so.
See, you've answered a different question. The question you answered is, "why should children be protected from the Internet?" I'll give you for free that children should be protected from the Internet, for the reasons you've said, and now you get to convince me that I, who don't have or plan to have children, should spend my money to protect other people's children from the Internet.
> I, who don't have or plan to have children, should spend my money to protect other people's children from the Internet.
For the same reason your taxes pay for schools even when you don't have kids.
Because we live in a society.
If you struggle to understand why that matters without reference to more direct personal stakes for yourself, just know that without a society, the children will grow up to rape you, kill you, and possibly consume you for your protein content.
>For the same reason your taxes pay for schools even when you don't have kids.
But I have benefited from public education. Me paying for someone else's education in return is fair.
>Because we live in a society.
"Because we live in a society" is a phrase flexible enough that it can be used to justify anything, including outright theft: "we live in a society; us taking your stuff is the price you have been chosen to pay for your continued belonging". Want to try a little harder?
You have convinced me that there are in fact no differences between things, and that protecting children from adult content is indistinguishable from stealing from people, and therefore I was foolish to advocate for it.
No. My question was not why am I forced to pay, my question was why should I pay. Obviously if I have to pay, I will (that's a logical necessity, because if I could avoid it then it was untrue that I had to, to begin with). Why should I pay? That is to say, by what mechanism am I saddled with the moral responsibility that justifies me having to spend my money to protect someone else's children? Given your line of argumentation, I'm going to guess that you don't have an answer to this question; your answer is that I should GFMS and just pay. Prove me wrong.
This is orbiting the issue of personal responsibility and social burdens.
I get the impression that you recognize that there are certain costs that are distributed on members of a society, because it is the least problematic way to address some collective action issue.
You could migrate to the libertarian ideal, if that is what suits you. if this counts as GFMS, I sadly don’t mean in it those terms.
I dont know you well enough to know what specific harms would matter to your wellbeing.
It could range from what the state of the next voting cohort will be.
It could range from having a social environment of better adjusted adults creating art, science or just relationships that will impact you as you age.
It’s more capacity for families, mental resilience and less dead weight loss of kids getting trapped into emotional tar pits.
It’s a signal that as a society we don’t want to see our kids addicted, and that if we impose such costs on ourselves, we will impose heavier costs on the perpetrators. There is a reckoning with social media and addictive design that is to be had; this is a step on that path.
It makes it easier for parents who are struggling, and reduces harm to kids and teens.
It may give us a way to deal with the absolute scourge of non consensual intimate imagery.
I’ve personally had to flag and remove stuff of that nature, and even in a country like america, that kind of content is life ending.
In a religiously conservative country, that can lead to much, much worse.
However this is a smorgasbord of ills that society as a whole is struggling to deal with.
You are a standing member of that society.
I don’t know you well enough to make a case that makes sense.
I will add, You also don’t look to be a passive member of society, so you are doubly screwed.
You get the bonus burden of having to think about how to solve the problem in the best manner possible.
>It could range from [...] as a whole is struggling to deal with.
I thought you said you read the thread. You've fallen into the same mistake CPLX has made. You're answering why children should be protected. I've already granted that premise, there's no need to argue for it. My question was why people who don't have children should bear the burden of that protection instead of their parents.
If a more concrete question would help, why should all adults pay to be able to prove that they're adults (just to be able to retain a freedom they already had, I should add), instead of being given that ability for free by the government, and the government collecting the costs of the program from parents?
So I don’t have kids, and I have worked in trust and safety.
As stated, society is finding a sub optimal solution for a person in a narrow read of my situation.
I (and you) are impacted by the second order effects of the decision to do something or to do nothing.
Our freedoms do not exist in a vacuum, or as platonic ideals. They must be enacted through some actions or rulings.
I have a longer spiel on how social media and news media are currently not functioning as a fair and efficient market for information. For now I will just assert this as true.
The broken state of the market, means that I and you live in a world where it is more likely that the worse political decisions get made, polarization and autocracy are more likely not less, and complex coordination challenges do not get solved.
Building ways to ensure a market which does not devolve into a “might makes right”, or “abuse is good” scenario, is to build guard rails and limiters.
This is the current limiter which is being proposed.
In essence, it’s not like we live in a world where things are perfectly fine, even for us.
Do note - I don’t know you well enough to know what things you value, but it is clear you value some things more than just what is optimal for you. So there is a set of values you have, some of which are going to be injured by these solutions, and others served.
One wrinkle in your argument - If the costs could be taken from parents, that would be great, however one group of bad actors in these situations is adults. So as a class, there is some case that could conceivably be made for adults to bear that cost.
>One wrinkle in your argument - If the costs could be taken from parents, that would be great, however one group of bad actors in these situations is adults. So as a class, there is some case that could conceivably be made for adults to bear that cost.
"Bad actors"? I see three separate subsets of people, different unions of which would yield possible interpretations of "bad actors":
* Adults targeting children with the intent to commit illegal acts. E.g. groomers.
* Adults targeting children with the intent to commit legal but harmful acts. E.g. adults marketing lootboxes to children.
* Adults engaging exclusively with other adults in legal interactions that would be harmful (and possibly illegal) if a child were to be involved. E.g. adults trading pornography and banning minors on sight.
(Let me emphasize that these are mere examples, not necessarily representative of their set.)
I don't think it's in dispute that all three sets currently exist on the Internet. I would not say that the third one is a bad actor, though. Yet it by itself would be argument enough to either remove children from the Internet or to cordon them off to their own exclusive corner. So if the third set was the only one that was non-null we would have a situation where there are no bad actors, yet all adults are still bearing the cost of this system.
Now let's suppose that only the first set is non-null. If there's a bunch of criminals targeting children, that seems like a police matter. Why are law-abiding citizens getting roped in? En masse, at that.
For the second set, legislate until it becomes the first set.
The last paragraph of my longer comment was definitely not what I expected to displace our energies towards. Just a potential wrinkle in the thesis.
The larger point you are asking to be established is how you as a class of members in shared society should have costs added to them which.
I attempted to make the case for you; in general you are already paying costs. The maladies from the current state of social media and the Internet mean that you are impacted already, even if you don’t have kids.
The scale of the “pollution” so to speak, from other parties, is not addressable by independent action.
> buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time
Exactly, prepaid phone cards with point of sales activation (to eliminate large scale theft incentive) is nothing new. Once activated, the validity of the token can be like 6 months or one year, and at-most-once-per-domain schema can be managed by the issuing authority if they want.
Instead of a 100 phone minutes, 300 phone minutes card you just buy "I'm over 16", "I'm over 18" cards. It's simple UX.
I'm just left wondering, how would that be different than buying a phone? Most kids also don't have money to spend on devices, that's all coming from adults, how would the UUID work any different? In my view it seems we'll just reach the current state as with phones.
Well, they could trade identifying ones too or even stollen ID cards if you want to go this way.
They could also trade porn-filled thumb drive or old-school glossy paper magazine. There no way to prevent kid's exposure to stuff at a 100% success rate.
Indeed but you are the one who claimed it was not a hard problem.
I don't think any one of us pushing back here on those claims do so for the heck of NOT finding a "solution", rather genuinely asking because so far it seems nobody did find such a solution without compromises that is in the end not worth it due to the flaw in said solution.
The point isn't to be critical of your process, only of the claim that it's a trivial problem.
> - websites issue content tags, browsers consume them, you enter your age into the OS during setup.
Why would that be acceptable though? What if a user does not trust the operating system? Even Linux may not be safe in the future, what with age sniffing coming by Red Hat integrating it into system already. And Red Hat plans more - xorg is abandoned on purpose, for instance.
> buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
It can be implemented in a privacy-preserving way online: your government gives you tokens that prove that you are above age and that they provably cannot track. That's the exact equivalent.
I believe that the other measures (remote attestation and such, the ones we hate) come when we try to make absolutely sure that you don't give/sell that UUID to someone else. But IMO we should just forget about doing that. Just like an adult can, today, buy cigarettes and porn and give them to a kid.
Any token given that way contains some amount of encrypted payload.
That secret payload may contain uniquely tracking numbers.
Even the encrypted payload itself, if treated as an opaque string, can be used for tracking if they decide to log it when they deliver it to you, and when the website where you use the token passes it back to the government auth service.
You need to replicate the UX of a stack of pile of cards at the grocery store, that's not really possible in digital space.
It's exactly like end-to-end encryption: normal people cannot verify that it works, but they can use an open source implementation that is audited by independent cryptographers.
Not sure what you mean by "easily". It's totally possible in practice.
And honestly, all these should ultimately just be done client side in the browser. After the browser has verified "User is x or user is over 21" there's no reason to then send that information to the website.
Let websites issue a "window.isUserOver(16)" call once and then move forward based on the response to that query.
No, no. Don’t give websites a way to check the user’s age.
Age restrictions are different across countries and cultures. Parents disagree on age ratings given by boards all the time.
Have apps and websites declare the objectionable content they have, and let the device decide if it will show it or not according to parental controls.
If you’re a parent that pays attention to age ratings, you know exactly what I’m talking about. The age is meaningless. It’s the type of content next to the rating that’s important.
Your only option as a parent now to let your 14 year old play a violent game rated M that you specifically allowed is to give them a fully unrestricted device. They can now use that device to access gore, porn and gambling as well. How does this make any sense?
Right, recycling a comment on the benefits of "website reports, the device parents bought blocks":
_____________
1. Most of the dollar costs of making it all happen will be paid by the people who actually need/use the feature.
2. No toxic Orwellian panopticon.
3. Key enforcement falls into a realm non-technical parents can actually observe and act upon: What device is little Timmy holding?
4. Every site in the world will not need a monthly update to handle Elbonia's rite of manhood on the 17th lunar year to make it permitted to see bare ankles. Instead, parents of that region/religion can download their own damn plugin.
> Have apps and websites declare the objectionable content they have, and let the device decide if it will show it or not according to parental controls.
That would have been nice. The RSAC (Recreational Software Advisory Council) had a slightly more granular rating system that rated violence, sex, and language on a scale from 0 to 4 which unfortunately it lost out to the ESRB/IARC age-based classifications, and the internet appears to be going towards age-based classifications as well. Personally I like Common Sense Media's ratings which extend the standard violence, sex, and language flags by adding scales for "Products & Purchases" and "Drinking, Drugs, & Smoking".
From a semantic web standpoint it would have been useful if the web had codified these sorts of content flags so content producers could apply them to apps, websites, page sections, images, or even individual HTML tags. Then a device administrator could tell the operating system or browser to restrict certain content, either based on age-appropriate presets or based on custom levels for each type of content.
Don't even bother having the website ask the browser anything at all. Just have the website TELL the browser the content is intended for adults via HTTP header and let the browser decide to display it or not depending on parental controls.
This would require browser attestation, wouldn't it? Otherwise kids are just going to download a custom build of Chromium where `window.isUserOver(16)` is always `True`.
No, it only "requires" browser attestation if we taken it as a given that the onus is on tech companies for verifying who they are talking to - ie identity verification that most of these schemes boil down to regardless of how cute they're dressed up.
To effectively keep adult content away from kids, it merely requires secure boot and closed app stores, which are already widespread. And they are only required on the devices actually given to kids, rather than every single computing device.
But this proposal has another problem: it's easy for a website to run isUserOver(n) in a loop to derive the exact age. And on a persistent account, it can be queried every day to derive an exact birthday! Which comes back to my main point that the only technical schemes we should be considering are ones where information strictly flows one way - the website/app supplies information to the browser/OS, which then [may] implement parental control policy. anything else fundamentally boils down to a mandate for identity verification.
> To effectively keep adult content away from kids, it merely requires secure boot and closed app stores
This is unacceptable. If I own a computer, I expect to be able to build and run any program, either written by myself or others, without asking anyone for permission.
Maybe I needed to say "it merely requires the existence ...". Because I then do go on to say:
> And they are only required on the devices actually given to kids
My whole point is that this limits the blast radius, compared to any solution involving "age" (read: identity) verification which has a blast radius of every computing device!
> To effectively keep adult content away from kids, it merely requires secure boot and closed app stores, which are already widespread. And they are only required on the devices actually given to kids, rather than every single computing device.
...I guess I don't really see the difference.
Closed app stores are widespread on some platforms but certainly not others, and I for one would really like them to not spread any further.
For starters here, the difference is that only devices that parents give to kids need to have secure boot and controlled software sources. The point is that every other device remains completely unaffected.
But in general there is a huge difference between the freedom-destroying properties of secure boot with closed app stores, and the next step of remote attestation. Remote attestation lets the server insist that you only run software fully of their choosing rather than your choosing, as a condition of interacting with them. This completely destroys the idea of protocols that mediate between two parties with diverging interests, and computationally disenfranchises users. Imagine the next generation of the Cloudflare nagwall that doesn't let you past unless you buy a new computer, and that new computer must be running MSWin/OSX and MSIE/Chrome.
(also note that my use of "secure boot" here includes systems like on Pixels where you can straightforwardly unlock the bootloader (erasing the data on the device), install whatever you want, and then relock. I still find these systems philosophically objectionable, as there is still a privileged key baked in and retained by the manufacturer - similar security properties could be provided without the backdoor. But pragmatically they've been working okay)
No, thank you. As a parent, I want to give a device to my child that they can hack, just like I had.
Why are we treating kids like adversarial threats? If my kid gets around parental controls, I’ll revoke their phone privileges. No need for invasive security.
Yes, as a parent you should be able to say this! You should also be able to say other things like I want my kid to have full access to wikipedia. Or I do not want my kid to have access to Faceboot, including a special Faceboot4Kidz version that their corporate attorneys have declared is completely suitable for minors.
My whole point arguing for client side controls is that it allows parents to express these types of fine-grained preferences, without merely putting the onus on tech companies to make these decisions in a top-down fashion serving their own self interest!
As for secure boot specifically, my point is that it is already here on basically every phone. One of the most security-forward phone OSs (Graphene) even requires it. I've got philosophical problems with manufacturers baking privileged backdoor keys into hardware, but it's already prevalent. If you think I'm arguing in favor of restrictions, then please go educate yourself on the security properties of remote attestation to see what I'm actually arguing in favor of heading off!
If you want to argue for client side controls, I’m on your side. I’ve expressed this opinion elsewhere in this thread.
I’m well educastes on what remote attestation means, and I know it’s the status quo. But it is not required by law. And I’d very much like for it to continue being optional indefinitely, and not bundled with a different “save the children” law.
More specifically, I don’t want to have to prove to the OEM that I’m an adult to unlock my bootloader or disable SecureBoot. Or, more realistically, I don’t want OEMs deciding it’s cheaper to stop offering that choice because they don’t want to risk unlocking the bootloader on a child’s device.
> If you want to argue for client side controls, I’m on your side
Yes, then we're coming from the same place here.
> I’m well educastes on what remote attestation means, and I know it’s the status quo
I wouldn't describe remote attestation as the status quo. I generally use the web from my libre desktop, and apart from all the constant nagwalls (Cloudflare et al), I can access sites just fine. Perhaps on many mobile apps it's become some kind of status quo ("Play Integrity" I think it's called?), but even mobile browsers don't do attestation (WEI, or whatever they've renamed it to these days), IIUC.
> But it is not required by law
This is a red herring. None of these laws are proposing to require remote attestation, but rather anything that puts the onus on big tech to "verify age" (aka verify identity) will eventually lead to it being de facto required, with no direct law required.
> More specifically, I don’t want to have to prove to the OEM that I’m an adult to unlock my bootloader or disable SecureBoot. Or, more realistically, I don’t want OEMs deciding it’s cheaper to stop offering that choice because they don’t want to risk unlocking the bootloader on a child’s device.
I'm right with you about the knife-edge we're currently teetering on, where what is a pragmatic system that "merely" has gotchas could get more restrictive at any time. But Google already requires you prove you're the device owner to unlock a bootloader, and far too many manufacturers already don't let you unlock. But if done right, then none of this really matters for the parental controls use case - rather when unlocking the bootloader erases the whole device, that is the flag that lets a parent know.
The same system that blocks kids from downloading the Pornhub app would also block them from downloading the "Chrome but without parental controls" app.
Right now, they don't know. They're going to learn very quickly when they want to use some website and they can't.
We agree it doesn't need to be 100% perfect. But it needs to be at least, like, 60% perfect, right? And unless you make it at least a bit hard to bypass, it will stop virtually no one.
That is a real problem but for an unreal situation. Nobody is advocating that we combine (A) a child-safe browser with (B) a completely unlocked device in every other way.
When I buy/configure a device which prevents Little Timmy from viewing smut, that device is also going to have a parental code for installing new apps. If that part is left open, then Little Timmy wouldn't have to even bother getting a different browser, he could just install direct porn apps.
> But it needs to be at least, like, 60% perfect, right?
That can easily be reached by ensuring that child-mode covers default browsers and also the ability to install a new browser. If Little Timmy is turning on debugging over USB to sideload, then a fundamentally different parenting strategy is required.
Installing a new browser is already a bit hard for most people. I think you are a little skewed in your thinking being online on HN.
You also aren't thinking about age. Certainly 16 and 18 year old probably can get a new browser installed. But a 14 year old? 12 year old? 10 year old? That barrier is a lot higher the younger a kid is.
I just finished my second year as a fifth grade teacher, so I have a lot of experience with ten year olds. I am confident a majority of my students would be able to install an alternative web browser if they needed to, and a majority of the remainder would ask a friend to do it.
To give you an example of the workarounds kids will find: Youtube was blocked on school laptops, so the kids all started embedding Youtube videos inside of Google Sheets in order to watch stuff. This isn't, like, something a few savvy kids did, it was a widespread and common practice.
Lol. I started building computers, installing operating systems and tinkering with Linux between ages 10-12. I also started watching porn not long after that, and guess what, I still became a more or less normal adult. There is absolutely no need to "protect the children."
This is how California is legislating it—requiring the OS to let an admin set the user's age, then let browsers and through them, websites, to query that setting.
> - buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
Until it is because the store keeps records of who they sold which cards to.
A lot of these age verifications things have to do with "protecting children". If that's the end goal we don't really need to verify anyone's age. Apple/Google, any smart phone maker, should be forced to add proper parental controls.
Parents should be able to control what apps can be used, what websites can be viewed, who the phone is able to contact.
That doesn't require knowing my age, or anyone else's.
Also, as an iOS developer, it's not my job to parent your child. The age ratings are clear on the app store, if you give your child unrestricted access to a phone that's on you, not me. If the OS doesn't have proper controls that's on Apple/Android, again, not my fault and not something I should be forced to police.
Thanks to Texas, I can see roughly how old your kid is. I'm not supposed to keep that information though. ;) I'm sure everyone who makes app will comply with that and not use that information for any other purposes and you can bet Texas has the means to audit every app on the app store to make sure that they're complying. lol
That's because you're treating AV as a system that must be 100% correct immediately. This isn't banking or an election.
As soon as you loosen off the requirements to "reasonable effort", you can start looking at account age, facial features, social attestation, and include retrospective tools to revisit someone's verification if they get in and start acting like a child. Heuristically messy but far from impossible to demand a stronger form of verification if their original might have been borderline.
The goal is broad coverage, not complete. Screening doesn't have to get 100% to have an effect.
I understand it doesn't need to be 100% correct. But I think what you're describing is either (A) going to be very privacy invasive, (B) going to create problems for lots of adults, or (C) going to be precisely as effective as a checkbox saying "I agree I am over 18 years old".
It's "social media". The whole thing is profiling for advertisers. The idea that there's privacy is laughable.
There is a network effect as a child's peers stop using social media though. Make it inconvenient enough for enough for kids and they'll read a book, take up slam poetry or whatever it was kids did before our attention became currency.
you generate a random number and send it to website you want to visit.
Website you want to visit generates a one-time private/public key for the purpose of this login attempt, hashes your random number, and sends the hash back to you.
You connect to the government auth platform, auth yourself to your government, and ask them to sign the hash you received.
You pass the signed hash as well as the original random number to the website you wanted to access (the original random number is used by the website to store the one-time key they generated for you). They can see it is signed by the government. They can see it is made with the hash they provided.
You get access to whatever content you wanted. The website doesn't know who you are. The government doesn't know where you logged in. Sure, it won't hold up against collusion between website and government, but nothing would.
the principles explained above are slight adaptations of PKCE authentication.
Not necessarily. Some sites have no interest in communicating your data to the government, unlike their 23019 affiliate ad programs.
If your government is paying private third parties to collect data on you (hello USA), the issue is much wider, and nothing would protect you from such a government. Even without age verification, if the government is interested in spying on you, and the sites are willing to sell, they would gladly trade your IP and connection log.
So now I have to get permission from the government to browse the web? And they can revoke that permission at any time? And we need a great firewall to block citizens from communicating with foreign websites that don't comply with this scheme?
This idea is worse than facial scanning, by a lot.
(Better idea is OS level parental controls combined with government-mandated content tags to let the OS know what content is child-safe.)
The correct way to do this continues to be for sites to tag the content with some kind of rating and let the client device decide whether to show it based on how the user's account is configured.
This requires no ID of any kind because the child's parent or teacher knows their age, and kids buying a device on their own is no more or less of a problem than kids getting some high school senior or homeless adult to lend them their ID.
Sure here's one example of decentralizing it -- it's going to be overly simple just as a toy example to show how easy it could be:
Whenever you want to prove your adult you go to "am I an adult.gov" and you use your credit card or whatever to prove you are an adult. At which point you get a 1-time 5-digit code that is UNIVERSAL TO EVERY SINGLE HUMAN and good for 1 hour (everybody who uses the site gets the same code that hour).
Then when you want to look at porn or something, you use this code. Boom simple and done.
There are even much better much more private techniques that use cryptography, and AI is happy to explain these graduate-degree level topics to you at your own pace.
Of course there are situations where people steal things, and use deep-fakes, etc, but those exist in every model.
Headline news: children infiltrate the universal adult one time password scheme for porn, parents panic! Turns out the 18 year olds started selling access to their younger friends, who resold it to their younger friends.
It does not reach headline news because everyone just accepts that the "filter" is imperfect.
But, for some reason, little twelve year old Jimmy obtaining access to porn evokes some kind of far more visceral reaction in Jimmy's parents (or if not Jimmy's parents, some "busybody" who wants to "protect all the children") than Jimmy managing to get himself a pack of Salem's or a Pabst Blue Ribbon tallboy.
right, that's exactly what i was getting at with my original comment. none of the laws we have are 100% effective. so i find it weird that this specific topic always devolves into "well some kid will be able to get access, so your proposal sucks".
> little twelve year old Jimmy obtaining access to porn evokes some kind of far more visceral reaction in Jimmy's parents
Because right now there's next to no barrier to access compared to Jimmy getting himself a beer. If you keep saying "Your proposal sucks because it isn't perfect and we should do nothing" then you're essentially surrendering to the people who really want facial scans.
My proposal is that we increase the effectiveness of child controls on devices, so kids can’t get access to the adult world on them. Parents in other threads however tell me that this won’t work, they’ll just use the internet on their friends devices, and what we need is to completely exclude children from the adult internet by confirming the identity of every single person who wants to use it.
Now I’m trying to convince people that identifying adults won’t work either, because kids will still get around it. All the while, we adults live with the negative externality of no longer having anonymous communication. Woe betide us all should this come to pass, but I guess desperate people are how bad things like this tend to happen.
My point is that the entire check is bypassed easily and instantly, and in the meantime the government gets data that someone _will_ figure out how to make personally identifying for adults, or will argue for changes to make it so. Alcohol age limits are a simple physical check for a vice that everyone accepts those who want it can get at. I’d rather demand that device manufacturers give parents effective controls before we try solving this problem by identifying internet users wholesale.
Hopefully it would be less of a criticism of the system, and more spurring people to ask questions like "Wait, why did you leave a hunting knife on the coffee table?"
Design a scheme that equips parents with better tools to be better parents, rather than one that reduces the scope of parenting responsibilities.
I think the only thing I actually have any concern about is phones and social media use for kids, and I think that has a much easier solution than any sorting of tracking-BS.
Using existing parental controls parents could set their kids age and that could be used for the age controls. Could the parents let the kids around the age gate? Sure but they could do that even if a government ID and camera was required. This actually might be more effective than a lot of these systems because other adults could not let the kids use their IDs
Attestation from other services is a good option. I have Apple, Meta, Google, PayPal, eBay, Microsoft, Twitter/X and Steam accounts that —through age of account, and their own identity checks and purchase histories— could attest that I'm probably an adult. This obviously isn't a feature they offer currently, but could. Most are available as a federated OAuth IdP.
You already entrust far more than an adult flag to these services so I doubt the news you like to touch yourself is going to be met with an emergency board meeting.
But if that were a problem, would it be that hard to separate identity from end service with an intermediate AV condom service? I'd personally prefer to not add another leaky abstraction layer but that's me.
Easy, when you buy the device, during first setup, you set up the date of birth of the user. If the user is underage, the parent/guardian sets a password to unlock the device if needed before the user is 18. That device then sends "is_below_18" flag to whatever service wants it.
This is a classic case for one time ZKPs. Sure, you can't get around attestation, but the party that needs to verify that you meet age criteria doesn't need to know your age or other private information.
I presume you're concerned by the attesting party's knowledge of both the signature and identify information. Yes, in principle these can be linked, but in practice, it may be difficult or made very difficult, and today, very little of our online activity is really anonymous anyway. It is generally not too difficult to infer identity based on the content someone generates and the bread crumbs they leave behind.
Of course, if the intent is to use age verification as a wedge to monitor everyone, then it will be difficult politically to secure the protections needed to prevent that sort of data fusion.
Perfect is the enemy of the good, right? I mean a page header or some other simple means to identify "adult" vs not is good for most cases? Just thinking about it.. obviously it can be bypassed but is there a good enough?
If you don't think a checkbox saying "I am 13 or older" is adequate, with all the behavioral tracking available to say Meta, they can tell well enough. OpenAI talks about this too: https://openai.com/index/our-approach-to-age-prediction/
Knowing who someone is in general is different from having a photo of their face or government ID confirmation.
I think the German Personalausweis has an electronic ID function that does this: age verification without giving out other information like name etc. But the application chooses which information is requested and could/will request more.
Unfortunately few know and use this information although the usage via NFC is not that complicated. Have used it successfully already a few times for banks, but including name information etc.
Yes, that was my thought as well when i was visiting UK and reddit kept asking me to verify my age. It might be even more private and non-trackable than that - if "age.id.gov" central authority effectively "provides a new random user id" (implementation may vary and does not need to have a "literal username") every time you try to use it / log into a website that needs to verify your age - this way websites can not even track you across platforms.
It seems like all the tech stack is there to implement a very simple and privacy-persevering solution.
It does not even smell of state censorship because a website does not have to check your age if it decides to be "non compliant".
Why isn't it implemented like that? Based on the comments it seems more like a "free-for-all implement-your-own-PPI-handling-thon".
This will ofc make life harder for a some groups of people - like people without / limited access to IDs etc. And i do not even argue that the whole thing is necessary.
But there seem to be vastly superior technical means to implement that, aren't there?
Yubikey tokens support attestation. You can sell Yubikey tokens at places inaccessible to minors, like liquor stores, and having a token proves that one is adult. Another way is implementing "parent mode" when OS allows only installing apps from a government-approved whitelist and access sites from a whitelist.
just do what they did in Leisure suit Larry, ask some skill testing questions that only someone older than 18 would know. Give them a short time to answer so they can't look it up.
Make unrestricted devices like alcohol: you need ID to buy (but the box containing the device you’re sold is indistinguishable from any other, so the device may have a UUID but it can’t be traced to your ID); kids caught with unrestricted devices in school have them confiscated; maybe fine parents, but I think discouragement and banning in schools is enough. Kids can have restricted devices, distinguished from unrestricted by appearance in a way that’s hard to fake.
I don't know, treating general-purpose computers like alcohol seems a lot more dystopian to me. Does this extend to PC components? Can I build a machine and put Linux on it?
Maybe for the next few years you'll be able to do that. Analogy: back in the day you could just build your own airplane and fly it around. There were no regulations.
> I don't know, treating general-purpose computers like alcohol seems a lot more dystopian to me
Isn't this the logical end goal of basically every approach to "age verification", though? If you really want to control access to the internet, then you can't let people have a VPN or Tor, and if you don't want people to VPNs or Tor then you need to lock the device down.
Well, the alternative is that Facebook makes you scan a government photo ID before you can use it. Any sense of privacy is gone, but at least general purpose computing isn't outlawed.
But don’t bring it to school and use it in class! A teacher may confiscate this under the existing system. And of course parents can pick up the confiscated device.
I agree that schools don’t provide enough challenge to students, so a student could be using the device to actually learn without an alternative, thus confiscating it would be wrong. But I think that would be rare, because I believe most schools today have Chromebooks which can access more than a lifetime’s worth of online resources in any subject, so the student can save whatever they need a thinkpad for at home. And it should be solved by giving those students Chromebooks, not letting other students use their phones during class (if a school confiscates phones but allow thinkpads I think that would also work well enough).
Heck—in most cases, we can't even tell the difference between humans and bots anymore! And it's true that we basically accept that some bots will slip through the cracks—but identifying bots also strikes me as significantly easier than identifying children.