Posted by dreadsword 5 days ago
A lot of people mentioning off-license/booze/tobacco like that was a success story. It isn’t. Outside main/high streets, kids manage to buy stuff just fine. Success requires enforcement, constant vigilance and heavy penalties. Not applicable to Meta at al.
Social media is a drug. Just like crack, making it illegal won’t make it go away. Only education can change this. Unfortunately, we now have multiple generations hooked on it, so I’m not sure this is even possible anymore.
I blocked all social media on my daughter’s phone until she turned 17. I am/was a massive control freak. Guess what happened after that?
I still have control over her apps. I still won’t let install snapchat and every other crap app she asks for. She understands it is for her own good, but none of that matters when “all her friends use it.”
The first iPhone went on sale when she was born. Obama was elected when she was a baby. The world sucks right now.
Rant over.
If you don’t have kids, maybe don’t speak pejoratively about the difficulties in raising children nowadays.
If you do, try to be a bit more empathetic.
At that age I had a half-time job and bought my own shit, except rent. A 17 year old should be doing that if they want their own non-locked-down phone. If they aren't, they should be thankful for whatever they are getting beyond bare necessities.
I believe it is counter-productive, because "not having age verification" is a lost battle. Unlike E2EE (where it is impossible to give access "only to the good guys"), it is possible to implement age verification in a privacy-preserving manner. And look at the ChatControl fight: even though it is not possible, we are still struggling to convince politicians of it. Good luck with age verification where it is actually possible to do something.
It should be a public service: just like the government issues IDs already, it should run the privacy-preserving system that allows citizens to prove their age. We should fight for that, otherwise we will get non-privacy-preserving systems managed by private companies (which is already starting).
https://en.wikipedia.org/wiki/Dog_whistle_(politics)#
Now go in the street and ask random people: "if there was a safe way to protect your children from accessing XYZ on the internet, do you think it would be a good thing?".
Clearly one very real problem for parents right now is that if all the other kids do it, then it's hard to prevent your kid from doing it ("everybody is on TikTok, they make fun of me because I have no clue what's happening there"). If you can prevent most of them from accessing the service, then suddenly it becomes normal for kids not to use it.
There are a lot of issues with the UK approach. Privacy is a big one. But requiring this on every service is both a tax on the service and requires constantly authorizing stuff. That opens up the possibility for scams, data misuse, etc.
And no, saying we said to only use the data for verification clearly doesn't work. It didn't work for discord, or Persona, or Tea or AU10TIX or any others. Verification now means sharing that data with credit agencies and third party databases. Verification means keeping some data to resolve customer support disputes. There's data leakage for training and creating derived data products like biometric embeddings for future use.
Third party verification is a security nightmare.
I don't know why device based approvals abd controls aren't considered at all. Or really any privacy preserving technique.
And all this for ~54% efficacy?
There most definitely is privacy-protecting age verification. You go to a government office, you show your ID, they give you a piece of paper that officially says "over 18 years old". Now you have a piece of paper that says you're over 18 but doesn't say who you are, and the government won't know where you use it.
On the Internet, the idea is the same, but with cryptography.
Fakeable? Sure. Fakeable by an average 13-16 year old on a parental locked device? No.
It is possible, it just had to be implemented properly. We could complain about politicians not understanding that, of course. But if you spend 5 minutes reading complaints about age verification, you will see that nobody cares about understanding... if the people doesn't care, why would the politicians?
A simple solution to "generate infinite token and hands them out via a rest request" could be one of:
* Rate-limit the token generation. Nobody needs thousands per day, right?
* Make it illegal to distribute tokens. The server sees if you request an abnormal amount of tokens, and... it knows who you are. Not too hard to investigate.
* Make "honeypots" that scare the children when they try to access/buy the token.
I don't think it makes the concept completely useless.
And even if it's illegal to hand them out, it's not hard to set up a tor site to do it. I would be first in line to counter the state with such an implementation of this is the path we tread.
That is, one side knows who you are, but not what you do; the other side knows what you do, not who you are.
> And even if it's illegal to hand them out, it's not hard to set up a tor site to do it.
If a kid can use Tor to get a token, they most certainly can download with torrent or use a VPN to bypass the verification. But again, it doesn't have to be perfect, it just has to be effective for enough kids.
> I would be first in line to counter the state with such an implementation of this is the path we tread.
In a functioning democracy, people should vote instead of vandalising stuff. In a non-functional democracy, I guess don't complain if someone burns your car "to counter the state" some day if you think like this.
My point is that we should fight for privacy-preserving solutions. And the first step is to get informed about whether or not it is possible to verify the age in a privacy-preserving manner. Not to prepare for vandalism.
But how can this be done so that the site and I'd verifier can't collude on a backchannel to unmask you?
> In a non-functional democracy, I guess don't complain if someone burns your car "to counter the state" some day if you think like this.
I don't advocate for destroying private property. Sharing tokens doesn't destroy property or ip/copyright.
Now we're talking :-). Look at Privacy Pass, it's interesting!
If you like RFCs, it's here: https://www.rfc-editor.org/rfc/rfc9576.html
Kagi has a nice explanation here: https://help.kagi.com/kagi/privacy/how-does-privacy-pass-wor...
I don't think that there is a need for a technical solution to that, though. In the Kagi example, probably they trust that their users won't do that, and someone could already resell searches this way (e.g. write some kind of proxy). Similarly, an adult can already help a kid get access to stuff they shouldn't. But the point is to make it harder for kids to do it on their own, for their own sake.
It's not computer security, where your system is "as weak as the weakest part". We don't care if a few kids access social media: the goal would be to make it such that the norm, for kids, is to not have social media.
But I still have reservations that this would be the "foot in the door", because people like me will generate and publish tokens publicly, and then lobbyists will use this as the reason why we can't allow the use of private keys unless the website receiving them can certify they belong to the user presenting them, thus forcing a rework of the implementation.
My concern is that "society" may want to control social media for kids, and if we say "either you don't do it or you leak the IDs", it may end up on "ok then let's leak the IDs" without even considering the better way.
I am just very frustrated because right now, even in a place like here where it's supposed to be around tech-savvy people, the discussion feels like kids repeating what they heard: "it's like ChatControl, it's fundamentally stupid and impossible".
Even highly regulated stuff like alcohol sales won't stop kids from grabbing bread yeast and a frozen juice concentrate to make their own if they really want to and the parents aren't parenting.
What if we...now hear me out....what if we didn't try to shoehorn a stupid and unworkable technological solution into this problem space and just...made parents responsible for their kids?
... and we would like to call our generation 'smart'. While knowing deep inside very well what a failure as a parent many of our generation are. The proof for/against are our kids right in front of our eyes and there is no escaping from this basic truth, thats why its so crushing.
Sorry gotta go, need to check some shitty sites who spy on me and try to push in vain on me some primitive ads.
/s
btw, yes, we must not lose the skill of parenting. no any technology give it back to us.
Likewise, when some megacorps capture the government and monopolize a market, the costs go up on both individuals and all the employers in other markets who are now paying monopoly rents with the money they could have otherwise used to hire more people (bidding up wages) or lower the prices workers pay when they buy their products.
Just asking them to pay more doesn't work when the party you want to pay more isn't the party which is extracting the money, and higher costs are just as much of a problem as lower wages.
Stop handing your kids brand new iPads and complaining, especially if you aren't willing to use parental controls.
> what if we didn't try to shoehorn a stupid and unworkable technological solution into this problem space
If you end it with "and make a good easy to use technical solution instead" then you found my stance.
If you end it with "and just...made parents responsible for their kids?" like GP then no that's not my stance at all.
That assumes a good easy to use technical solution is possible. What if classifying user-generated content as safe for kids is enormously subjective, and the labor required to accurately classify it even given a hypothetical objective standard would cost more than users are willing to pay to have it done?
Meanwhile we don't have any sound technical means of verifying age over the internet. The "use government ID" approaches are among the least effective because you have no good way to tell if the person behind the screen is the person on the ID.
...yes, that was my point. My whole argument was that it wasn't a tradeoff between "unworkable technical solution" and "make parents spend time they don't have".
I get a hard tech-bro vibe who like to blame others to deflect from responsibilty of their technology
"Fallacies programmers believe about people"
(you can sort of do this in countries with national ID schemes if you don't care about foreigners; for example, various people have found this in China where random things are gated behind having a WeChat account which requires a Chinese ID. You can't do this in the US or UK, which are big pushers of the ""age verification"" scheme)
I don't look like the other people whose name I share.
Famously, neither does this guy: https://iammarkzuckerberg.com
Yeeeah .. this is not the sort of thing that GDPR ought to allow, though.
Such law would not cause inconvenience to normal Internet users without children, would provide additional source of income for vigilant people and underpaid school staff, and would result in much higher degree of compliance. Why you guys don't elect people like me.
The normal state does include people with children.
As it becomes increasingly apparent having children is a suckers game where everyone piles on the penalties to you while eagerly awaiting the social security payments of your children (you make ~all the investment, then they take the profits), they will have even fewer.
This isn't about kids. It's about control and the people too stupid to give it to policians.
For some reason everyone has something that turns their brain off and makes them happily turn over freedom to people who hate them.