Damage children*. Let’s be honest, it’s quite clear that hiding nudity, sexual education or porn from children is generally damaging in the long term as that tends to come with development of mental disorders and weird fetishes like voyeur or sexually abusing women on trains
This has nothing to do with protecting children
It will help the pedophile class and Israeli backed oligarchs mass surveil us more effectively
https://video.twimg.com/amplify_video/2044718576485953536/vid/avc1/996x2160/hyLmEHaGr6DltAA6.mp4
Apparently it’s already exposing sensitive user data and can be bypassed.
Wrong. This is to violate everyone’s rights and target children. This is fucking abhorrent and needs to be stopped.
If they are so dead set on protecting children, I suggest starting with:
Gaza Strip and the West Bank (Palestine) Ukraine Sudan Myanmar Democratic Republic of the Congo (DRC) Syria Yemen Ethiopia Afghanistan Haiti Niger Mali Burkina Faso
Zuks wallet will do just fine in the mean time
Can we stop pretend they give a single fuck about kids?
Edit: poor choice of words. Thats the only thing they give kids.
What a relief that would be. “We are compromising your personal rights with protecting children as a cover, children safety has nothing to do with it, in fact we don’t give a single fuck about anything but revenue. It sounds better to save children than revenue”
Fucking cunts won’t stop. Next, it’s gonna be chat control 3.0 again.
Who do we need to send to the guillotine?
The victors of WW2.
Liberals. It’s systemic like it has always been. As cathartic as it is to remember the French Revolution, it’s not like it worked and ended stratification and imperialism. Liberalism will always seek as much control as possible, and the internet has proven to be a huge fucking problem exactly because it is so impossible to control.
Lies
OK lib.
Found the cave man
Exactly. Centrism, and the very idea that there is “moderation” to be sought between progressive ideals and back-assward conservatism, is a fucking plague. We all suffer because people don’t want to seem “extreme” and I’m fucking tired of it. We have to commit to being progressive and admit that all centrism has ever done is seek validation for and to normalize right-wing viewpoints long enough that we stop paying attention.
Only siths deal in absolutes.
Ok?
I’m also not talking about absolutes, unless you’re participating in relativistic politics that only care about ideologies in reference to other ideologies and is a practice used by people too stupid to form their own opinions about platforms they’ve actually looked into.
It was a quote from the star wars prequels
We all know that, it just doesn’t really fit here.
The pedophile class is tightening the noose
I get my porn from illegal download sites that aren’t interested in age-verification.
Like all Prohibition Policies, this is only going to push people toward more illegal outlets, which demonstrate more morality than the legal ones.
Or, as is the case with a lot of sex work, push people into more dangerous situations.
Parents should protect children online.
I largely agree with you.
But please can you tell me how you believe this differs from age-gating the purchase of cigarettes, lottery tickets, age restricted cinema tickets, alcohol, firearms and so many other things we already have age-gating on?
Edit: I’d love any one of the downvoters to comment and actually explain what I’ve said that’s so atrocious? We DO age gate many things in society and many, I dare say most, would not want cigarettes to be available to a 13 year old. So what is it about online that makes it so different? If we CAN make age checks online anonymous (and indeed the EU standard downright requires it) why don’t we want this online?
But please can you tell me how you believe this differs from age-gating the purchase of cigarettes, lottery tickets, age restricted cinema tickets, alcohol, firearms and so many other things we already have age-gating on?
Did you just seriously compare smoking/drinking at 13 to seeing titties online (which is basically mandatory for growing up humans unless you want to develop mental disorders commonly seen in religious people, conservatives, rural Japan, etc. who didn’t have proper childhood)? Seriously?
No definitely not. Smoking at 13 is obviously worse than watching a picture of a naked person. FWIW I grew up in the Nordics which very much has a culture of nakedness (children and old and young all shower in a shared space, all naked, for example). I don’t have a concern at all about nakedness and I agree finding a bag of damp porno mags in a shed is part and parcel of growing up in your teens. No concerns from me.
Having said that, I hope you also will agree that “a couple of titties” is not what most pornography online, today, actually displays. The vast amount of pornography degrades women, and a lot of it glosses over the very real power imbalances and subsequent abuses of a lot of vulnerable people. I haven’t got a single concern with what consenting adults choose to do together - if you’d like to dress in a plastic outfit and be spanked red, go for it! And seeing naked people in communal spaces (beaches, dressing rooms) is super helpful for your development and understanding of what “normal” is (beautiful, flabby, wrinkled, brown, pink, curly and all the wonderful sizes and shapes we all are). Count me in on nakedness!!
But I do have a concern with the adult industry as a whole and I seriously doubt that a 12 year old having unfettered access to what porn today actually portrays is helpful for that person’s development.
All that said, age gating and access to pornography is clearly not the same discussion.
Age gating is a discussion that fundamentally asks “ok, if we age gate products in the real world, like alcohol and tobacco and pornography, why don’t we also age gate it online?”.
If we decided not to age gate pornography - at least “soft pornography”(hard to define, but let’s pretend that we could), I’d be all up for not also age gating this online.
But if we, as a democratic society, decide that some things should be age gated, I’m all for also attempting - indeed ensuring - that these are age gated online.
Of course there a enormous risks of age gating online - I get that showing an ID to a shop keeper is a transaction that’s very hard to log and therefore track at large - that has to be adequately handled. Here, I believe the US proposal is atrocious and an enormous violation of privacy. But, genuinely, when you read the EU implementation, I do not have the same privacy concerns. Don’t forget the EU proposal is authored by the same bodies that forced GDPR onto the world (with ALL the good that this brought for ensuring our PII was protected). The EU isn’t perfect, but largely the EU is of, by and for the people, still, and our collective democracy, with all the faults that it has, is trying to balance all these concerns appropriately. I think the current implementation achieves the right balance and I am frustrated that many who are against the EU proposal haven’t actually read it, then equate it with the US proposal, which is fundamentally different, and equate the democratic EU with the plutocratic US. Like always in the US, almost everything degrades into “how can this make the rich richer”. That is, luckily, not yet the case in the EU.
While there are categories of porn that are degrading to women (this is really subjective by the way as many women don’t see it that way), there are just as many categories for vice versa, whether’s that’s free use, BDSM, dom-play, etc., so it’s hard for me to see this as a women-specific thing.
Alright, let me ask you this - when/where do you think women had/have less respect from men - during the era of porn, or when/where porn is not easily accessible? This of course also applies to countries who are more actively censoring porn in modern age.
Personally, I can’t really explain it, but I prefer categories where women dominate over men. When it comes to sex, I like to be ordered around.
Are you the type of person who would think woman sitting on a man’s face is degrading towards the man, or do you claim it’s only degrading when these intimate things are done towards women?
I grew up playing Postal 2, shoving cats onto my shotgun, pissing on Indians (I’m sorry) and basically terrorizing everyone. Yet, I turned out complete opposite of that.
I think we are veering off topic. I agree that pornography can degrade all genders, not just women, and that much of what appears degrading to an observer is actually just someone’s kink (and power to them).
That said, this is a slightly different discussion to age gating.
Is it? The discussion is about whether kids online should be able to access that material and whether it’s protecting, or damaging.
How many of your rights are you willing to give up so little Timmy doesn’t search titties on Google.
I don’t have to give up any rights for age gating to work anonymously and properly. Neither do you.
Explain basically every privacy, cyber security and child safety organization saying this is a bad idea, then.
I’d love to engage in this. Before we do that, please can we be clear if we are talking about the EU system, or the USA-proposed OS-based system? Given they are not the same, the reactions to these two systems have also not been the same.
Both. There’s a difference between showing some clerk your ID compared to uploading it to the internet. It’s not a question of if it being hacked. It will be. Denial of this is dangerous. If you don’t see this as important, you’re desensitized by the sheer number of yearly cyber attacks.
And that’s only the start. Children will only be marginalized. Protected groups will be increasingly threatened. Take your pick on whatever organization you want to look at, and they’ll say this doesn’t help anyone, except maybe foreign adversaries and hacking groups. What happens when the next government comes along and decides to make a more US kind of implementation? The point is, that we should not make this the precedent. Ever. Kick it while it’s down.
Ok, but for what it’s worth, I’m only trying to defend the EU proposal. This discussion was about the EU proposal, from the very first OP. The US proposal, such as I understand it (I haven’t looked into it that much, since I don’t live there), seems a huge privacy risk that plays into the hands of corporations. No thanks.
In the EU system, you start with a verifiable online identity system. These differ from country to country but all perform the same task: They allow you to prove who you are.
So you go to an online portal and you log in, as you. This system issues you a set of tokens, which does not hold your PII. They solely say “This person is over 18”. If you want a token to say “this person is over 13”, you need a different token. A token is a number that has been signed by the issuing authority in a way that can only be done by the issuing authority. You store these tokens, encrypted, in your age verification app.
Now IF the issuing authority stored “I issued token X to person Y” we would have a huge problem. They don’t. All they do is store “this token was issued”. If they chose to store that a specific token was issued to a specific person, they could track what sites you used the tokens at. So you have to trust your state here, just like you have to trust them not to access your phone records, or your credit card transactions or which mobile mast your phone logs on to.
You proceed to a site that requires an age gate. You are presented with QR code, which you scan with your age verification app (the one that stores the age verification tokens). This QR code contains a URL that holds the verification attempt ID (created by the gater) and your app now connects to this URL (be advised this URL is not the URL of the gater, but of a third party gating service) and sends one of your verification tokens. The third party verification service checks this with the issuing authority and confirms it is a valid token, then retires it if it is. The third party service now calls to the gater and says “this verification attempt has indeed proven their age”.
The gater then lets you proceed.
Throughout this attempt the only place that can be hacked to reveal your PII would be the issuing authority - no other services knows anything about you. What a hacker would have to do is insert code that captures the issuing of tokens and somehow grabs your PII at tha time. But what’s important to understand is that the issuing service also doesn’t know who you are, because they don’t store all your PII when they issue your tokens - they just have the required information about you from the identity service you used to log in (chiefly your age). So even if a hacker got in here, they couldn’t grab who you were, merely when you were born).
Many security experts have analysed this flow and supported it. I myself cannot see what a hacker could really do here. So, in this case, specifically for the EU system, which this post was about, I am willing to accept that the advantages of not having minors access tobacco, alcohol or age gated media far outweighs the privacy risks.
You don’t need to show ID to enter the store just because they sell cigarettes at the front counter. The staff person checking the OD at the front counter isn’t memorizing the information on the ID and using it to track every other purchase you make in the store, or to piece together what you’re doing once you leave the store.
Locking individual content behind age verification (and it entirely depends on how they are handling the age verification), is different than a blanket identification check to use the platform at all. Age verification is used to prevent children from buying cigarettes from a store while under aged, but it’s up to parents to prevent them from getting cigarettes other ways.
But let’s separate the technical/privacy discussion of age gating from the discussion about age gating social media platforms.
If I go to a Scottish distillery website and buys chocolate, they are not going to age gate me. If I buy whisky they will. That’s not age gating at the door, that’s age gating for a specific product that we, our democratic society, have decided, through democratic means, should not be available to minors.
Regulating social media age gating is a different discussion altogether. The discussion is about whether we want to be able to anonymously check (again, the EU standard requires anonymity) someone’s age online.
Stop moving the goal posts. Also, no one has convincingly shown they can do that anonymously, but lots have shown they CAN’T. You can’t divorce the privacy implications because they are intrinsically linked right now and there is no evidence supporting the ability to unlink them.
Which goal posts have I moved?
The architecture for Zero Knowledge Proofs is not novel and well understood.
You prove your identity to the issuer of tokens. They issue you a set of signed tokens that only they could have signed. You issue one of these tokens and a nullifier to a location that needs to verify your age. The verifying location checks the signature and lets you in. They return the nullifier to the token issuer.
The issuer can OF COURSE verify that you’ve used your tokens if they store the tokens they issue. You do have to trust your government for this system to work. But you already trust your government not to mass-surveil you through your ISP, mobile phone provider and credit card spend. This doesn’t increase your defend surface.
I don’t believe this is an honest question. They aren’t age-gating, they’re checking IDs of everyone so they know exactly who is saying everything online, and can easily persecute opposing viewpoints. The excuse is kids, they don’t give a shit about kids.
Where have you read that this is about checking everyone’s ID?
They are specifically building an anonymous system for verifying age required to buy to products and access media that we already check ID for (not anonymously, but distributed) in physical stores.
Most countries don’t have age gates for accessing social media and, under the EU system proposed for the EU, if they did, this system is exactly providing a method of verifying a user’s age without knowing who the user is. So it’s literally the opposite of what you claim it to be.
Lmao. Anonymous system my ass. You trust the government to do that? And pray tell how the government is going to implement id verification on os? It’s such a stupid idea. How are you even going to enforce that? And even if it gets implemented, what’s stopping a kid from using an adult’s device to bypass it?
The EU age verification system, of which I’m talking and of which the OP was about, is not baked into the OS. That might be the case in the US. I’m lucky I don’t live there. And this discussion here is about the EU system, not the US one.
Your ISP has a record over every single website you’ve visited and your payment provider knows 99% of all purchases you’ve made and your phone knows where you’ve been at all times. Your threshold for having to trust that laws prevent wanton use of all this information doesn’t shift with anonymous age gating.
Frankly the concerns you display in the post reveal to me that you’ve not spent a great detail looking into what’s actually being proposed.
Why doesn’t EU investigate criminals and pedos with questionable search queries and website history? The corpos have the data of every individual. It was never about protecting the children in the first place. Otherwise they’d be solving the root of the problem instead of using such half measures.
You dont have your id printed on every cigarette. The government doesnt dilute the alcohol with unique radiomarkers to track your piss (yet). Firearms tracking is nowhere near this comprehensive or invasive anywhere in the world. Not even on military ranges. Cinema tickets? Really?
Qnd as pointed elsewhere: you font need to show ID if youre just buyong pink monster vegan jerky condoms and new usb cable for your fav sex toy.
But have you read the EU standard? Anonymity is a requirement. There is no tracking. The age check does not refer back to you. Indeed, it cannot.
You can of course believe that the legal requirements aren’t adhered to and that the state is actually lying, but if you believe that the state already has a million ways to track you, including 99.9999% of us who carry our phones around with us and pay with credit cards in physical stores.
It can’t be anonymous if you need a google or apple account to use. I’m not concerned about what the government tracks (well, not in this context at least), I’m concerned about who and what they’re working with to do the tracking. If the app verifies me as an adult but I couldn’t use the app without google butting in, google now has yet another data point in a secret ad profile that the government should be putting a stop to, not helping them build up. It’d be like announcing a plan to stop illegal drug usage by partnering with the cartel.
If they wanted a government-sponsored age verification sort of thing, it should’ve been an app whose only job was to type in a code you got from going in person to some government body and verifying in person. Town office, DMV, somewhere like that.
More fundamentally, though, “protecting the children” shouldn’t go anywhere near anything that can be used for identity theft. Showing my ID to the cashier at the cigarette shop is significantly safer than showing it to any business on the internet, because sharing a high-quality picture of something is giving them a copy. The cashier gets to see it, but it never leaves my sight and isn’t recorded in any way except probably some dodgy security camera where you can’t read it anyway.
Ok, so it’s about Google and Apple accounts.
When you say “Google butting in” can you be more specific about what it is you believe Google tracks in an app they haven’t made themselves but only ingested in their store? Is it your belief that Google tracks all app interactions even in apps without firebase or Google Ads SDK?
Honestly, I don’t know exactly what google can or can’t track if the app developer doesn’t specifically enable them. I don’t have specific evidence that they’ll even be able to tell if the user was verified or not
What I do know is they have repeatedly shown that they’re happy to hide or lie about what and how they track people, and more broadly about their business as a whole.
Again I cite the drug analogy. Google is in the business of tracking people and harvesting data for ads. It’s like inviting the cartel to the DARE program and expecting everything to go swimmingly.
If they want their age verification app to actually be anonymous, they shouldn’t force people to use a tracking service to use it. The app specifically won’t be functional on degoogled android phones and won’t be offered on desktop computers. Maybe Google can’t spy on anything going on in the app, but even so, they could correlate “used verification app, roblox usage went up” or “used verification app, continued to use Tinder, concluded adult, ignoring ‘do not track’ preference as it doesn’t violate laws about tracking minors”.
It’s true that a minority of users have taken the steps where this inferred information would be particularly helpful to google, but not having the option to opt out is going to get harder and harder, and this service doesn’t provide enough good to give the information cartel that is Google any more information, even inferred, in my opinion.
So you’re not sure what Google can and can’t track and you have no evidence, and the specification for the system is available online, which you seemingly haven’t read, but you’re just generally “worried” without citing specific evidence.
@sunbeam60 @Squizzy forr me the issue is mass survilance… Gate keeping cigarretes dont record the number of times a kid or a adult tried to but cigarretes
When you go to purchase those things in person, you present your ID, but then it is given back. They do not keep your ID. They do not get to make a copy of it’s information for them to store and sell and track you with. It is presented at that particular moment, and then control of it is returned to you.
That is not the case with these digital ID requirements. With these digital ID requirements, they absolutely make and keep a copy. They absolutely use the information from that copy to track you and sell your data on to others. They use it to build a profile on you about your behaviours and purchases etc which will absolutely be used to tighten the noose of control. And we’ve already seen, over and over and over again that pretty much every time they claim they aren’t doing those things, they absolutely still are. Even if they weren’t, they’ve also repeatedly demonstrated a complete and utter inability to secure that data from third parties accessing it too.
It is completely different and enormously more invasive than presenting your ID in person.
Most of what you’ve said is blatantly not true. Google (let’s use them instead of Apple here) can of course track your app use if the app uses Firebase or the Adds SDK - which clearly a verification should never do.
But Google doesn’t have the ability to see what you do inside of an app that aren’t voluntarily sending telemetry to Google. If you have proof that they do, please present it.
Those are physical things you purchase in real life.
A cinema screening is not a physical good. Yet we still age gate it.
How do you attend the cinema?
If this is not the most crooked EU Comission ever, it’s a pretty close second.
I don’t use apps from official software installation sources. I will boycott any site or service that asks me for unnecessary information.
Until you can’t because they will deploy this absolutely everywhere to “protect the children” from whatever real or imaginary threat.
It will be banking that is used as the wedge for this. You’ll have to use an approved device / OS / App to get access to the banking system. To protect the children.
I use the bank web site, with a hardware TAN generator. If no bank offers that option you can use a dedicated device that is used just for that. My bank’s app works on Graphene OS though.
I can use a phone to do business with my bank, dumb phone -> call number -> do banking, then again, I can also send up to $3k with no fee
We can always self-host. We’re using such a resource right now. Of course they can start blocking and persecuting, like they’re doing in Russia right now. At which point you should start learning about fpv drones as a hobby, particularly the fiber-optic kind.
still 99% of ppl especially youngsters use this bullshit social media and will fall for this spy company
The motives are irrelevant. This will destroy the internet as we know it and disempower citizens. I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset, finally demanding to be able to know and track what we do online, everywhere we do it. This is about protecting their ability to rule, not children from harm.
I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset
LLMs are here to enrich the rich, not to “empower the individual”. They require ridiculously expensive computing power, which makes them impractical or even impossible to self-host (with data centers buying up the market, the required hardware becomes unaffordable to the individual). Now you’re at the mercy of renting out the compute from the oligarchs and their companies, and you’re also relying on their censored and biased models (see Grok and his “Mecha-Hitler” antics if you want a taste of the future). Please don’t expect that to empower you, or anyone else. It can’t, and even if it could, it wouldn’t be available to you.
Unless we democratise LLMs, they’ll just become yet another tool of enslavement in the clutches of the Epstein class.
It could greatly boost the use of decentralized apps. Which will ultimately give people more power than they have right now. So in the long run, it might have some positive side effects.
Cracking down on decetralized apps will be the next logical step
How would they do such a thing? Require every open port on every internet connected device to be registered? Disallow https and implement full scale layer 7 scanning?
No, they will expand the mandates for providers to filter traffic. Everything ultimately goes through a handful of big ISP companies, so they will just make them comply with the filtration. It will not work great, even simple DPI is resource intensive, but when an ISP is ultimately at fault, they will have to find a way. And ultimately it doesn’t have to work all the time forever, it just need to degrade services enough so most people find it inconvenient to use. As a tool of control, it needs to prevent unwanted communication to be easy, this will ensure only the nerds will do it, and nobody cares about handful of nerds.
They don’t have to invent anything, that’s exactly how it works already in every country that controls their population and the internet in their country. It took Russia 8 years to transition from completely free unobstructed internet to everything being unavailable and everyone being used to it. Europe is way more capable technically, it will take most of the countries less.It is possible but doesn’t sound all that realistic to me. A truly decentralized app cannot be blocked by dns or endpoints. Thus a country would have to DPI the entire internet which is very resource intensive. And even then the data will be encrypted so you would have to resort to fingerprinting and finding patterns. From an age verification app to automatic data blocking based on deep packet inspection with fingerprinting of the entire internet - that seems quite a leap. Personally I don’t think decentralized apps are next in line to be blocked.
You’d be surprised how easy it is to ban specific protocols or apps, if you put your mind to it. DPI is dead easy this days. Again, Russian example is right there, the only thing that managed to resist the block so far was Telegram, because they’re doing some very advanced block avoidance. Russia is poor, and losing brains very quickly, a country with better equipment and people will not have this problem.
Yeah, it’s resource intensive, but that’s ISP’s job, and they have equipment and motivation already. Small ISPs if they still exist will die, but that’s just added bonus. And you don’t even need the complete blockage, you need to make it annoying enough to use so it’s not very popular, so most of the communication will happen on platforms that are under control. You can’t fight all the nerds, and you don’t need to.
It’s not a leap, it’s the only next logical step. A government doesn’t start carding everyone on the internet because they’re bored. They do it because they don’t want uncontrolled communication for some reason or another. “For the children”, of course, why else. That’s why everyone needs to have an ID app on their phone, and all the websites should be tied to it. It’s for the children.
The internet as we know it is a playground for billionaires to get richer. Good riddance.
And the new internet that is on the horizon will be the definitive establishment of these same billionaires as feudal lords.
Unlike most other age verification system, this doesn’t reveal any other personal information but your age. No credit card number, no personal id.
So I’m curious how you get to your conclusion?
In order to make sure that the age a person provided is real, the system will gather all that information anyway. I don’t know what you mean by “reveal”, but it will gather it. And that’s the main building block of the problem.
That system is basically the government. They already know.
No, that’s an app on your phone. That accumulates a ton of data in a way that didn’t exist before. The government knows I exist. Now it knows every website I’m visiting, and my identity on those sites. Now the new politician in my country decides to be a little bit more corrupt, and asks the app maintainer “hey, can you gather IDs and home addresses of all the people who criticized genocide online last couple of years, I would like to execute them publicly”, and they can do it with basically one sql equerry. The only defense against that will be “but that’s illegal, there are laws against that!”, which is shit defense nowadays.
Yes, all of that happens. That is a valid worry. Which is why they tried to avoid it.
Did you see how much they did to avoid this? Do you see a flaw in their solution?
Yes, the flaw in their solution is that they require the government ID to access the internet now. That’s the flaw.
I’m sorry, but have you read the technical documentation? The design is intentional created this way to avoid tracking.
You are issued a set of ZKP tokens that you hand back to websites. They cannot correlate these tokens back to you, nor can the operator of the system.
Now they could lie, of course, and violate the design (but being open source that’s a little harder), but if the government wanted to secretly track you, much more precise tools exist for this already.
That’s the stupid part, it doesn’t matter what it will look like at the beginning. It might be the best written documentation now, they can even implement the app correctly. The thing is, the jump from “people can use the internet” to “in order to access the internet you need to provide your government ID to your smartphone” is a big jump, one that can cost a politician career. The jump from “you need to use version 1.4.412 of the govenment id checker” to “you need to use version 2.0 of the Government Id Checker Plus” is minuscule. That’s where you introduce a persistent database of the tokens, somewhere on page 5 of the changelog. And only nerds care about that and nobody listens to them.
It’s so fucking easy, Russia did this exact gambit in 2017, Kazakhstan couple of years before.Ok, so it’s the slippery slope fallacy.
But that slippery slope, which it sounds like you believe us to be on, also applies to phone location tracking, credit cards payments, mobile phone train tickets, smart homes, smart cars, home CCTV etc etc.
Do you leave your phone at home, always pay with cash, don’t use any apps? Most people do these things on the basis that the government doesn’t wantonly have access to what we’ve bought online. Why is age gating so different?
At last a piece of code free of any flaw, any exploit, invulnerable to any known or unknown attack method!
Of course things can break and something might be able to refer back to you, until it gets fixed.
But if your argument is that “the standard is fine, but something might not quite work”, then the same argument applies to your phone’s location tracking, your debit/credit payments etc. The vast majority of us happily use systems on the basis that they are secure, until they’re not, and then things get fixed.
Your argument has to apply evenly.
Extrapolating from US decisions, like I would have done
From my understanding this age verification app seems to be based on the age verification blueprint they have been working on for a while now, which is supposed to be part of the European “digital wallet”
https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
From my understanding it works as follows:
- There will be a central “authority”, with which you can identify
- This authority will provide you with tokens indicating you are 18+ (or whatever age verfication you may need)
- These tokens are stored locally, and contain no identifying information other than a simple “is this guy 18+?”
- You can use these tokens to verify age with a website that requires age verification
This solution does seemingly address my two greatest concern with online age verficiation:
- You cannot trust the website, so they only get the information they need. They don’t get any identifiable information
- You cannot trust the authority, so they don’t get to know for which websites and for what reason you request 18+ tokens
Assuming that this blueprint is followed, it seems like a decent approach at online age verification.
I get why this sounds better than websites directly collecting IDs, but I think it still understates the problem. Even if the site only sees “18+”, the system still begins with strong identity proofing somewhere upstream. So this is not really anonymous access, it is identity-based access with a privacy layer on top.
The bigger issue is centralization. You still need trusted issuers, approved apps, approved standards, and authorities deciding who can participate. That means users are being asked to trust a centralized framework not to expand, not to abuse its power, and not to fail. History gives us no reason to be relaxed about that.
I am also skeptical of the privacy promises. These systems are always presented in their ideal form, but real-world implementations involve metadata, logging, renewal, compliance rules, vendors, and future policy changes. “The website does not know who you are” is only one small part of the privacy question.
So even in the best-case version, this is still dangerous because it normalizes the idea that access to lawful online content should depend on credentials issued inside a centrally governed identity ecosystem. Today it is age verification. Tomorrow it is broader permissioned access to the internet. That is why I do not see this as a decent compromise, but as infrastructure for future control.
Also once they get their foot in the door, they can remove the privacy next time they want to unmask someone online saying “I support Palestine action”
-“You want to crack down on dissent? We got a token for that.”
Apple or something.
I do see your concerns as valid. But at least in my country, we already have all of that.
I have an app I use to id myself to all sorts of stuff. Almost all of us has that. All the changes you mention are not changes, we have already had that for years. The new thing is that you don’t give your id to the website.
Just like during the pandemic, we had an app to prove our vaccination status, without revealing id. Before that we had to prove id, and then they looked up vaccination status.
Sweden or Estonia?
Probably Denmark, given the username. Denmark is also the only one of the Scandinavian countries to have the authentication provided by a national agency, while Sweden and Norway have it provided by the banks.
As far as I understand, there’s no need for “verified apps”. The third party just verifies your token with the emitter.
The skepticism is very understandable. It is important to scrutinise solutions like this to make sure that they indeed do as they say they do, and to make sure the government doesn’t overreach with their authority.
That said, it should also be possible for laws to be enforced, and there are laws on the books that are supposed to prevent children from accessing things that we as a society have agreed they have no business accessing (alcohol, tabacco, porn, and increasingly commonly social media)
Currently there is no good method to actually enforce those laws on the internet, so there needs to be a solution for that.
I think this form of age verification may be a decent compromise between privacy and the need to enforce these existing laws.Edit: Typo. I wrote “they” instead of “that”
there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing
The problem is that different societies have different lists of things that they deem children shouldn’t access (or in some cases, citizens in general). For instance, conservative-leaning U.S. states are increasingly labeling any and all LGBTQ content as being unsuitable for children, furthering their indoctrination against a persecuted minority group.
Parents are in the wrong for preventing their children from accessing content depicting LGBTQ perspectives, and age verification tools in such markets are likely to be designed with the express intent of blocking access to LGBTQ content for minors by default.
Likely? They’ve admitted it. That’s the whole point.
I think the disagreement comes from treating “we have laws” as automatically meaning “we must enforce them everywhere at any cost.” The method matters. This approach flips the burden of proof by treating everyone as a minor unless they prove otherwise. That is a pretty extreme shift from how things normally work in the real world.
We also shouldn’t pretend this actually solves the problem. Kids got access to adult magazines before, and they will get access now through a parent’s phone, shared devices, or older friends. If that’s the target, this kind of system is mostly symbolic while adding friction and control for everyone else.
And more importantly, it normalizes something much bigger. Once you accept that accessing legal content requires proving attributes through some approved system, it becomes very easy to expand that logic. Today it’s age. Tomorrow it can be anything else.
So I don’t see this as a balanced compromise. It’s a disproportionate response to an enforcement gap, with long-term consequences that go way beyond the original problem.
I don’t think laws should be enforced at any cost, but if we can reasonably enforce laws I think there is a duty to do so.
Then there is also a different question of whether we agree with the laws on the books, but that is a different matter imo. Personally I don’t think we should limit access to pornography as strictly as the laws says we should, and I don’t think the ills of social media are solved with a simple age limit.
But that is a separate discussion from the implementation of a (in my eyes) reasonable approach to age verification
I don’t think it’s entirely a separate issue, because how a law is enforced is part of evaluating whether it makes sense in practice.
If a law can only be enforced by treating everyone as a minor until proven otherwise, that’s a strong signal that the law, or at least its scope, may be flawed.
Why are all 4 of those in one category, who.decided that all if a sudden?
The big problem is the trustworthiness of that central authority to maintain the confidentiality of your information, and to not use it for other purposes.
Which they of course will not.
The central authority is basically my government. They already know.
They already know how often you do all the things you have to be over a certain age to do?
This won’t tell them that.
A response I gave elsewhere in this thread.
This authority will provide you with tokens indicating you are 18+ (or whatever age verfication you may need) These tokens are stored locally, and contain no identifying information other than a simple “is this guy 18+?”
So they’re reusable? One token can be used for multiple age checks, right?
If not, then think about what that means.
- The token gets sent back to the authority for revocation.
- The token is authorised by the central authority as still valid.
- The token is uniquely identifiable
- The central authority knows who it issued each token for
- The central authority knows who has asked it the verify age.
Sure, the company you’re purchasing from may have no new information, but the central authority now has everything it needs to know:
- How often you buy tobacco, alcohol or medications
- What discussion boards you are a member of
- Have you purchased anything age restricted from any store (e.g. propane from a DIY store)
I don’t know how the system works, but that is definitely not how it’s supposed to work. I would not like to use a system like that.
This is the intelligent non-invasive way to implement this. Basically using a similar cryptographic signing scheme as SSL certificates. We’ve known how to do this for decades.
Hi. This system doesn’t have the cryptographic properties that you think it does. The authority could keep a map between tokens and real IDs. They just say they don’t.
This authority will provide you with tokens indicating you are 18+ (or whatever age verfication you may need) These tokens are stored locally, and contain no identifying information other than a simple “is this guy 18+?”
So they’re reusable? One token can be used for multiple age checks, right?
If not, then think about what that means.
- The token gets sent back to the authority for revocation.
- The token is authorised by the central authority as still valid.
- The token is uniquely identifiable
- The central authority knows who it issued each token for
- The central authority knows who has asked it the verify age.
Sure, the company you’re purchasing from may have no new information, but the central authority now has everything it needs to know:
- How often you buy tobacco, alcohol or medications
- What discussion boards you are a member of
- Have you purchased anything age restricted from any store (e.g. propane from a DIY store)
Not sure that’s necessarily true. I don’t see why it couldn’t work like this:
- request personal token from authority. it works similar to a certificate chain, your token is derived from a central certificate
- you store your token locally
- you visit an age-restricted website. you send your token (or a challenge encrypted with that token) back to the website
- the website verifies your token with the certificate from the authority, (like how literal Certificate Authorities work) . the CA doesn’t know when or why your token was used.
(fwiw I am sure governments will try their best to make this process less private)
Your step 4 will make the token reusable, or at least reusable within a time frame. If a token can only be used once there has to be some information flow back to a central approval authority.
See the problem is the central authority.
I don’t see a central authority (i.e. your government) issuing tokens, as much different from the government issuing you a ID card by which you can verify your age to buy alcohol in the supermarket.
As long as that central authority doesn’t get to know what I use the tokens for, it seems like an acceptable solution to me.
The difference is in the potential for creep.
The proposed implementation would actually be less invasive than a national ID card (assuming the implementation information provided is complete and accurate), but also usable in less scenarios.
AFAICT there is no provision for actually verifying the person using the app is the person who’s identity is verified in the app.
What’s to stop one person having a verified identity and just sharing it with the people around them once it’s been issued ?
As an example, with an ID card in a bar you need to match the photo, this digital system would be like turning up to a bar with an ID that had no picture or details on , but just said “over 18”, you could then hand this to a friend and they could also use it.
I personally think that if a system is mandatory then an easily circumventable verification system is the best choice , but such an easily circumventable system is exactly the kind of thing governments have used as an excuse to push for further encroachment.
Take the UK for example, the online safety act they have is easily circumvented with a VPN (which many people noted before it was implemented) the government basically stuck their head in the sand and claimed vpn’s weren’t widespread enough to be a problem.
Skip to now and they’ve got representatives looking to force vpn compliance with the online safety act without having the slightest clue about why that wouldn’t and can’t work the way they want.
A more suspicious person might suspect the attack on vpn usage was an expected part of the overall plan.
Even a less suspicious person could still see the direct line from one to the other.
I’m not saying they will, but if i were a betting person, I’d certainly put some money on it.
Too me one of the big issues is being able to trust a government or business to not trace a person’s identity back through the token. There are technical ways to prevent that as far as I’m aware, but there’s such a strong incentive against such protections that it’s really hard to trust unless you’re technologically skilled enough to verify the process yourself.
Personally I have two problems with this :
- Can’t those tokens be used for cross-site tracking ?
But more importantly :
- I don’t care if the implementation is technically perfect. I refuse to verify my age on principle.
but whose the “central authority” that you have to provide your ID to? and what happens when that central authority inevitably gets hacked?
That central authority would, from my understanding, be your government. They already have your information, so if they get hacked you are already screwed ;)
But they could easily keep track of all the tokens they issued to you, and match them with services you use.
This has never been about protecting the kids. This is about mass surveillance.
We should not care about verifying age.
wdym? in general? on the internet?
bc that’s a hard disagree from my side as a blanket statement
Protection from media at the government level should not happen, that’s the slippery slope. Very few policies aside from educate children about topics, has ever actually helped a child. This shit is about data and overlord control. Devices should not have age verification.
Very little good comes from arbitrary control, particularly based on age, and always has been that way even on other topics that are age restricted. Education is a far more effective means, and doesn’t trample everyone.
Thanks for clarifying.
For the record, I think this mechanism is indeed far reaching, simply because the current criterion of “age” is arbitrary in the proposed mechanism.
Not sure if the “just education” part is realistic, though. The whole point is that children cannot make responsible decisions like adults can. We accept that for driving, sex, drugs and weapons.
Agreed they make irresponsible choices sometimes, and we can think that policy can protect them, but we have no control over most of those choices when it comes to seeking behavior. Driving starts at early teens a lot of places anyway, and cars can be stolen, and the cost barrier to entry is super high. There’re other separate regulations about weapons, and kids with weapons are already getting them from an adult or stealing them, barrier to entry is high for purchase. Sex you absolutely cannot control and thinking you can is absurd for germane topic of seeking behavior, barrier to entry is effectively zero. Drugs are illegal or stolen from the start so moot point.
The only way to really curb any of these seeking behaviors is to educate the child and give them some experience with it. Enforcing age barriers doesn’t really work much for these, why would digital age barriers do much for media or anything else? You make responsible people out of children by educating them and giving them responsibility experience to make better choices, and some will always have seeking behavior and age checks don’t really stop them… It just invades the privacy of the rest of us.
We definitely have some control over each of those points:
- We don’t let kids drive, the lowest driving age seems to be 15 and is usually 18: https://en.wikipedia.org/wiki/List_of_minimum_driving_ages. Kids obv would have access to their parents cars.
- Knives, Guns etc cannot be sold to children and I hope you would agree that this is a good thing.
- having sex shouldn’t be controlled but providing or paying for sex work, “adult” events, sex parties etc definitely should be restricted.
- Legal drugs (alcohol, tobacco, weed) should be restricted for children. Illegal drugs are indeed hard to specifically regulate but e. g. selling illegal substances to a minor should carry a higher sentence.
after typing all that out I wonder what we are even debating. those are obvious examples to me where actual restriction is necessary. and to cycle back to the start, why would media be fundamentally exempt from that?
This actually sounds pretty reasonable. Thanks for bringing it up.
On one hand this is an elegant solution that is already in use in Germany for years, if companies want to implement it that is. But I think only Sony’s Playstore uses it. Or so I have heard. No US company wants to use it and I am sure they will lobby to get more data from users than a token if this gets rolled out EU wide. I am skeptical about this.
Finally a sane approach to online age verification
or rather their foot at the door. they just need SOMETHING and once they get started they can just keep making things worse. its never about protecting kids.
There is no such thing
Could even have an OAuth flow that only provides a service unique key that the service can use to call the central authority to confirm the user is 18+ and nothing else, I always thought this would be the second best solution
