Posted by Ygg2 1 day ago
> In this last Bikeshed in acmqueue, I will ponder the far future of free and open source software (FOSS), hoping to upset so many readers that...
> During the past couple of decades, rampant neoliberalism and “globalism” allowed...
And I’m out. I guess congratulations to the author. Mission accomplished.
But I’m disappointed that the article took a turn towards partisan politics.
Except for shit like Stram Kurs, which nobody really supports or tolerates.
> During the past couple of decades, rampant neoliberalism and “globalism” allowed the U.S. tech industry to capture almost the entire European IT market, including all “social media.” This has recently proved to be a ghastly mistake, and now the EU, along with its member states and companies, are scrambling to claw back their digital sovereignty.
This is not a partisan political statement, it's a factual one. It is simply a statement of fact that neoliberal world markets have permitted hyperscalers to cross national boundaries and provide the same services at scale to governments worldwide, and like, without even going into any U.S. politics at the moment, isn't that... really weird? Like many EU governments had essentially put their ability to function as states in the hands of a foreign actor. That's WILD.
Unfortunately, no, you can't have a prophilactic that just makes you a little bit pregnant. We used to know this.
Also the fact they call it “age verification” when they clearly build an identity verification and we just accept their language is crazy.
There is nothing of substance here. You don't like AI, I get. But it still exists and pretending that no-one finds it useful is utterly foolish.
Edit: I overuse the word utterly. Nice to identify one of my tells.
(just to be clear, my post was just to point out that the article is very difficult to make heads or tails of. it's easy to misinterpret a lot of the points many different ways! kind of like they're being overly implicit with the expectation that everyone'll know what they mean. it's something I do too and my way of cutting through it is to cut my writing in half and focus on clarity over mystique)
Privacy is being abused by criminals to victimize people at scale. Just because privacy is a moral good doesn't mean you are morally off the hook for enabling criminals.
Governments are so aware of this they're passing sweeping laws against it. This is your new reality -- you can't just bury your head in the sand. The whole point was saying that there could have been a middle ground that protected more of your rights than where you're at now if it weren't for the absolutism.
Turns out that being an absolutist isn't helpful.
Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
You know who didn't refuse to get involved? Larry Ellison, Peter Thiel, Mark Zuckerberg. They made suggestions to governments about how to solve this problem, and the best proposed solution was adopted and made the law.
Then legally require it to be effective and easy-to-use-if-you-take-a-few-minutes-to-read-the-instructions.
See also [0].
There's apparently information that you didn't read contained in the footnote of the comment you replied to.
Based on this layman's reading of the law, [0] California did literally the opposite. They require major OS vendors to require users to enter their birthdate or indicate in some other way their current age, and then require programs and websites to act on that age information. This is entirely different from requiring major OS vendors to allow a "guardian account" to set fairly-fine-grained restrictions on one or more -er- "ward accounts", and then requiring programs and websites to refuse let the "ward account" do the things that those restrictions say that it isn't permitted to do.
"Restrict by age" neither accounts for precocious under-eighteens, nor does it account for vulnerable elderly or otherwise brain/developmentally-damaged adults who need protected. And because "restrict by age" cares very much about your age, and because it's not going to work nearly as well as promised by those pushing it, it will inevitably require scans of both a photo ID and one's face and/or other biometrics.
A "you don't need to know anything about this account other than that these are the things it's not supposed to be able to do" system gives zero shits about the identity of a person, so there's no plausible path for it to gate access behind submission of any identifying documents to any third party.
[0] <https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...>
[L]egally require[d] ... to be effective and easy-to-use-if-you-take-a-few-minutes-to-read-the-instructions.
Additionally, I expect that -due to kids lying about their ages- within five or ten years, the regs will have "graduated" from self-attestation to ID and biometrics collection. It's likely that other states will require that sort of collection much sooner, causing every US-based company to do that regardless of the existence of less-invasive regs.Like, seriously... if "the kids can lie about their age and there are no consequences for lying" is the bar you want to set, just do the 1990's thing where sites and programs have a "Warning! This might not be suitable for kids!" page/screen that has a checkbox that the kids can check or button that they can press that lets them lie that they're over-seventeen and grants them access.
That being said, age based restrictions isn't a fine grained control over the system as perhaps one would like but that also would be inherently more complicated to think about from a legislative perspective (e.g. how fine grained and how to categorize possible dangers) and user control perspective when it looks like a lot of parents are looking for a blunt generic button that basically goes "this is agreeable with general practices". This seems more or less how real systems are gated.
The other issue is that both present privacy challenges but this just a little more so from a fingerprinting perspective. Presumably you need quite a few bits to completely specify the filter whereas age is only a ~1.58 bit field in the CA model. Not really sure how much this matters when there are so many other signals for fingerprinting and we should probably make fingerprinting from it illegal but just some thought.
> Instead, what we get proposed is a system that cares very much about how old you are, and not one bit about the things that one's guardian understands one needs to be protected from.
Regarding your linked comment, I think it's a bit strange to say that if legislators really did care about child safety they would mandate fine grained controls instead. I'm not sure what additional fine grained factors you may be thinking of precisely, but we already use age as a gate in real life for many things we consider dangerous so it's quite natural for legislators to transpose those. Our laws already very much care about how old you are.
Read [0] and consider the array of specific things that a guardian may wish to protect their ward from. Make sure to make your list cover children of all ages as well as adults with a wide array of cognitive impairment.
> That being said, age based restrictions isn't a fine grained control over the system as perhaps one would like but that also would be inherently more complicated to think about from a legislative perspective...
So? Legislative or regulatory restrictions on human behavior must be as restrictive as required to achieve the stated goal, and not significantly more. The courts are especially concerned about this when it comes to restrictions on speech. If a set of legislators need to sit with something for a quarter or two to understand it well enough to properly regulate it, then that's what they're getting paid to do.
> ...when it looks like a lot of parents are looking for a blunt generic button...
You can have preset lists of categories to block in a system that doesn't care at all what your age is. Surely you know that.
> Presumably, under the law, parents would be the ones to create a child account with a non-editable-by-the-child-account age fields...
The California law has no such requirement. Go read it, it will only take like ten minutes. [1] My summary of it as "the kids can lie about their age and there are no consequences for lying" is not even a little bit unfair.
> Our laws already very much care about how old you are.
The identity-verification systems we're talking about didn't exist twelve months ago. These are new systems being designed in a world in which it's trivial to have a centralized database that contains dossiers of all of everyone's customers everywhere. [2] Nearly all other regs that restrict based only on age were written in a world where that was either impossible, or extremely expensive and time-consuming.
Even if that weren't true, all one needs to do to see how these regs will be actually interpreted by most businesses is to look at all of the companies that are preemptively requiring upload of live video, pictures of one's face, pictures of one's government-issued ID, and/or deep analysis of one's activities with their systems. No US state requires any of that, but it all got slammed in when legislators started talking about doing age-based restriction of Internet services.
Had legislators clearly said "We're going to be designing and enacting laws that require designated guardians to be able to prevent their wards from engaging in guardian-selected categories of activities. We want every guardian to be able to protect their wards, regardless of the age of those wards.", you'd see companies building and deploying very different systems.
[0] <https://news.ycombinator.com/item?id=48911863>
[1] <https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...>
[2] Am I saying that there exists a centralized database of all of everyone's customers everywhere? Absolutely not.
https://www.pewresearch.org/short-reads/2026/07/01/majority-...
https://x.com/PTBwrites/status/2031529878021923118
https://yougov.com/en-us/daily-results/20250502-1e408-1
https://yougov.com/en-us/daily-results/20250502-1e408-2
> Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
This opinion is not grounded in data and facts. If this was true, we would not be here. But we’re here because parental controls are insufficient, the vast majority of parents are just hanging in there getting their kids to adulthood.
More than 3 million college students are raising kids. Most won’t graduate - https://news.ycombinator.com/item?id=48709130 - June 2026
The real single-parent capital of America - https://news.ycombinator.com/item?id=42867716 - January 2025 ("The places with the most single parents tend to be, to put it bluntly, struggling. The strongest predictors of single parenthood are high poverty rates and high shares of the population receiving government assistance." [There are ~13.6M single parents in the U.S. raising over 21M children. This means single parents head roughly one in three households and approximately 34% of all U.S. children live in a single-parent family.])
Parents Under Pressure: The U.S. Surgeon General's Advisory on the Mental Health & Well-Being of Parents - https://www.hhs.gov/sites/default/files/parents-under-pressu... - 2024
> When stress is severe or prolonged, it can have a deleterious effect; 41% of parents say that most days they are so stressed they cannot function and 48% say that most days their stress is completely overwhelming compared to other adults (20% and 26%, respectively).
> Nearly 70% of parents say parenting is now more difficult than it was 20 years ago, with children’s use of technology and social media as the top two cited reasons.
> Recent data from 2021-2022 indicate that among parents, 23.9% (or 20.3 million) had any mental illness and 5.7% (or 4.8 million) of parents had a serious mental illness.
> Lastly, many other caregivers assume primary caregiving responsibility when parents cannot, thus acting as a critical safety net for children. In recent years, there has been a notable increase in such individuals taking on caregiving responsibilities for children, with approximately 2.4 million children being raised by grandparents, other relatives, or family friends, without their biological parent(s) in the household.
U.S. has world’s highest rate of children living in single-parent households - https://news.ycombinator.com/item?id=37628812 - September 2023 (108 comments)
(fertility rates continue to collapse though, so hopefully this problem continues to decline over time, only time will tell; 40% of annual pregnancies in the US and internationally are unintended, per the Guttmacher Institute and the UN, respectively)
Charted: How American Households Have Changed Over Time (1960-2023) - https://www.visualcapitalist.com/how-american-households-hav... ("A record 58.4% of American households now consist of married or single adults without children. Only 25.3% of American households contain children.")
It's a mix of what they can do and what they're likely to do. They just have to be able to go back to voters and say they're doing something.
If you think that the fact that they did the wrong thing is an argument for not doing anything, you clearly are blind to politics & history.
And age verification being the wrong solution to the "privacy problem" doesn't remove privacy from lawmakers' crosshairs.
None of these groups will because they profit too much from disrespecting their privacy. The average child would be far safer if they used the Dark Web. I'm not sure why the "richest country on earth" is engaging in zero-sum behavior, but those are the kinds of contradictions such behavior creates.
[1] https://www.pewresearch.org/short-reads/2023/10/18/key-findi...
Almost all victimization is being done without end to end encryption. This is not a problem caused by privacy.
Also on Discord and Roblox, they are apparently the biggest platforms for this, but they're not E2EE anyway, they're just hiding it because their executives like what's happening.
I don't think it's that encryption was harmful, it's that it wasn't enough, and in a sense I agree with TFA & the Sun Tzu bit: it needed to be complemented by legislation that added decent privacy protections, and it largely wasn't. That was a mistake, I suppose, but the current political situation, esp. in the USA, disfavors privacy regulation getting done, ever. The Democrats are … maybe spiritually for it? … but not terrible effectual at getting it done; Obama's response to Snowden was "meh" at best, and Congresspeople, in particular Feinstein especially, let the DNI walk all over her. The GOP has no interest at all in regulating corporations, at all, ever, so with the House/Senate/POTUS all (R) at the moment, it's going to be until at least Nov before it is possible to even think that these might get addressed, and even that's … generous, and I won't be holding my breath for it to occur.
Stuff like what we saw in another thread today — with LG wantonly installing spyware — and things like Flock would have happened in addition to network intercepts; they are not happening instead of. Corporations and the government will do whatever the People permit them to get away with.
His theory is bunk, there is absolutely no middle ground to be had with the people who want a backdoor. There are no small backdoors.
If we had parental controls that actually worked it would forestall any talk about ID scanning because parents could just enable parental controls.
It’s only used by them and their buddies and basically only for OTR conversations related to their publicly traded company that would have put them in prison. Totally the “let’s defraud these investors and do industrial espionage” type shit. I also know about a good half dozen other VC-funded E2EE chat apps that are also exactly this.
They do it just to get something they control in app stores that’s also a separate entity. Then they don’t have to answer uncomfortable questions about why such and such is on their phone.
This is some of what regulators are seeing and finding a problem with.
I hope you realize what a poor argument (to lawmakers) that is, especially if your goal is to advocate for privacy.