Top
Best
New

Posted by Ygg2 1 day ago

Goodbye, and Thanks for All the Bikesheds(queue.acm.org)
220 points | 211 commentspage 4
schaefer 1 day ago|
From TFA:

> In this last Bikeshed in acmqueue, I will ponder the far future of free and open source software (FOSS), hoping to upset so many readers that...

> During the past couple of decades, rampant neoliberalism and “globalism” allowed...

And I’m out. I guess congratulations to the author. Mission accomplished.

But I’m disappointed that the article took a turn towards partisan politics.

failuser 1 day ago||
I don’t even know which party he champions. There is no pro-privacy party in America. That quote can come from either side of the establishment. Both increased surveillance.
busterarm 1 day ago||
None of the ones you're thinking of. PHK is Danish. Danish politics and society at large leans pretty left. Even what you might call the rightwing party there consider themselves as bourgeois-liberal, or "not-socialist". The farthest they'd generally position themselves is center-right.

Except for shit like Stram Kurs, which nobody really supports or tolerates.

ToucanLoucan 1 day ago||
You should've kept reading:

> During the past couple of decades, rampant neoliberalism and “globalism” allowed the U.S. tech industry to capture almost the entire European IT market, including all “social media.” This has recently proved to be a ghastly mistake, and now the EU, along with its member states and companies, are scrambling to claw back their digital sovereignty.

This is not a partisan political statement, it's a factual one. It is simply a statement of fact that neoliberal world markets have permitted hyperscalers to cross national boundaries and provide the same services at scale to governments worldwide, and like, without even going into any U.S. politics at the moment, isn't that... really weird? Like many EU governments had essentially put their ability to function as states in the hands of a foreign actor. That's WILD.

PeterStuer 1 day ago||
"We could have designed our protocols to be minimally compatible with “a nation of laws,” but the tech bros insisted that compromise was treason, and, as a result, we will lose more privacy than necessary"

Unfortunately, no, you can't have a prophilactic that just makes you a little bit pregnant. We used to know this.

stfnon 1 day ago||
goodbye
j45 1 day ago||
Was it ever decided on what color the bike shed should be painted?
hassan18911 1 day ago||
yeah man its cool
arbirk 1 day ago||
Just use fedora
failuser 1 day ago||
This is a very strange read. If that was posted on a random blog, I would have dismissed it. I didn’t know that that cell (anti tech bro, anti big tech, pro age verification laws) in the alignment chart is populated by actual people. And by intelligent people even.

Also the fact they call it “age verification” when they clearly build an identity verification and we just accept their language is crazy.

inigyou 1 day ago||
I am anti big tech, that's why I support the California digital age assurance act, it pre-empts things like persona by saying that a simple checkbox is age verification.
red_admiral 1 day ago||
I have a feeling it splits by gender. I know a couple of professional programmers in that corner of the alignment chart, but they're not "bros".
evilduck 1 day ago||
This whole thing can be reduced to "think of the children", see the literal example around paragraph ~30. I'm not sure I've ever seen anyone try so hard to equate being pro-privacy with being pro-crime.
onraglanroad 1 day ago||
I tried to give this a fair chance but it's really an incoherent rant.

There is nothing of substance here. You don't like AI, I get. But it still exists and pretending that no-one finds it useful is utterly foolish.

Edit: I overuse the word utterly. Nice to identify one of my tells.

dgellow 1 day ago|
He acknowledged the LLM tools are useful, and ponder on the economic viability. I don’t see something that seems to say he doesn’t like AI? he seems to be mostly a critic of AI boosters
Scaled 1 day ago|
Didn't know ACM was anti-privacy. Glad I haven't paid dues in who knows how long if they're spending them to platform these noxious opinions.
some-are-better 1 day ago||
Wow, re-read the fine article. He was NOT stating that he wants the outcome you think. He is afraid it is going to happen because the younger generation has no clue or ability to maintain FOSS.
orf 1 day ago|||
Wow, you missed the entire point of the article.
chaps 1 day ago||
Honestly? It's weirdly written and incredibly hard to understand what their point is. I can't tell if they hate or love privacy.
orf 1 day ago||
> Please make my predictions come out wrong.
chaps 1 day ago||
[flagged]
layer8 1 day ago|||
The author is predicting a decrease in privacy, but would prefer these predictions to be wrong.
chaps 1 day ago||
Gotcha, thank you.

(just to be clear, my post was just to point out that the article is very difficult to make heads or tails of. it's easy to misinterpret a lot of the points many different ways! kind of like they're being overly implicit with the expectation that everyone'll know what they mean. it's something I do too and my way of cutting through it is to cut my writing in half and focus on clarity over mystique)

dgellow 1 day ago||
That reads like any old school blog post where the author is sharing their thoughts on a few topics. I don’t see what is confusing about it
chaps 1 day ago||
Sigh. Just because you don't understand why something is confusing to someone doesn't mean it isn't confusing. That's literally the point I'm trying to make. I'm glad it wasn't confusing to you.
busterarm 1 day ago||
It's not anti-privacy to point out the obvious that privacy-advocacy is sometimes at odds with governments and the will of voters at large.

Privacy is being abused by criminals to victimize people at scale. Just because privacy is a moral good doesn't mean you are morally off the hook for enabling criminals.

Governments are so aware of this they're passing sweeping laws against it. This is your new reality -- you can't just bury your head in the sand. The whole point was saying that there could have been a middle ground that protected more of your rights than where you're at now if it weren't for the absolutism.

Turns out that being an absolutist isn't helpful.

Scaled 1 day ago|||
Age verification is not the will of the voters. It is the will of large political donors (specifically tech companies and religious censorship groups). It is certainly not the will of adult citizens who use adult websites, who have overwhelming shown in their usage patterns they will abandon any website that tries to do age verification.

Parental controls remains the right way to do age gating. It works today and has no privacy impacts.

mapontosevenths 1 day ago|||
Just for those who aren't aware, most of the recent push for these laws has been bankrolled by Meta. They wish to avoid legal responsibility for their attacks on democracy and human health by convincing governments that people don't need any right to anonymous speech, and thusly free speech, as much as Meta needs to not have to pay moderators.
inigyou 1 day ago||||
Nobody wants age verification (except Zuck), but most people want children kept away from social media, and nobody's suggested a better option. Why haven't we suggested a better option? Well it's because we called the whole thing authoritarianism and refused to get involved.

You know who didn't refuse to get involved? Larry Ellison, Peter Thiel, Mark Zuckerberg. They made suggestions to governments about how to solve this problem, and the best proposed solution was adopted and made the law.

SoftTalker 1 day ago||||
Parental control does not work today, it's too fragmented and too difficult.
ETH_start 21 hours ago|||
So instead of instituting restrictions that will probably cost society hundreds of billions if not trillions of dollars in lost economic efficiency, publicly fund development of better parental control software, and publicly fund its adoption to make it the market standard.
simoncion 1 day ago|||
> Parental control does not work today, it's too fragmented and too difficult.

Then legally require it to be effective and easy-to-use-if-you-take-a-few-minutes-to-read-the-instructions.

See also [0].

[0] <https://news.ycombinator.com/item?id=48911863>

inigyou 1 day ago||
This is literally what California did with the Digital Age Assurance Act, AB1043.
simoncion 23 hours ago||
> This is literally what California did with the Digital Age Assurance Act, AB1043.

There's apparently information that you didn't read contained in the footnote of the comment you replied to.

Based on this layman's reading of the law, [0] California did literally the opposite. They require major OS vendors to require users to enter their birthdate or indicate in some other way their current age, and then require programs and websites to act on that age information. This is entirely different from requiring major OS vendors to allow a "guardian account" to set fairly-fine-grained restrictions on one or more -er- "ward accounts", and then requiring programs and websites to refuse let the "ward account" do the things that those restrictions say that it isn't permitted to do.

"Restrict by age" neither accounts for precocious under-eighteens, nor does it account for vulnerable elderly or otherwise brain/developmentally-damaged adults who need protected. And because "restrict by age" cares very much about your age, and because it's not going to work nearly as well as promised by those pushing it, it will inevitably require scans of both a photo ID and one's face and/or other biometrics.

A "you don't need to know anything about this account other than that these are the things it's not supposed to be able to do" system gives zero shits about the identity of a person, so there's no plausible path for it to gate access behind submission of any identifying documents to any third party.

[0] <https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...>

inigyou 23 hours ago||
It requires you to enter a birth date which is not required to be your birth date. In case of a conflict between the age verification birth date and any other birth date, only the age verification birth date may be used for age appropriateness checks.
simoncion 23 hours ago||
Okay? That is not parental controls that are

  [L]egally require[d] ... to be effective and easy-to-use-if-you-take-a-few-minutes-to-read-the-instructions.
Additionally, I expect that -due to kids lying about their ages- within five or ten years, the regs will have "graduated" from self-attestation to ID and biometrics collection. It's likely that other states will require that sort of collection much sooner, causing every US-based company to do that regardless of the existence of less-invasive regs.

Like, seriously... if "the kids can lie about their age and there are no consequences for lying" is the bar you want to set, just do the 1990's thing where sites and programs have a "Warning! This might not be suitable for kids!" page/screen that has a checkbox that the kids can check or button that they can press that lets them lie that they're over-seventeen and grants them access.

inkysigma 11 hours ago|||
I'm not the biggest fan of the current age verification schemes, but I don't think the idea kids can lie about their age differs in the threat model posed under either system. Presumably, under the law, parents would be the ones to create a child account with a non-editable-by-the-child-account age fields which would then be used as a legal source of reference. If you assume the child can create an account without such features or can edit the age themselves, then I don't see why the equivalent threat model in the parental control system would be giving the child control over the parental control toggles rendering it meaningless by simply disabling it.

That being said, age based restrictions isn't a fine grained control over the system as perhaps one would like but that also would be inherently more complicated to think about from a legislative perspective (e.g. how fine grained and how to categorize possible dangers) and user control perspective when it looks like a lot of parents are looking for a blunt generic button that basically goes "this is agreeable with general practices". This seems more or less how real systems are gated.

The other issue is that both present privacy challenges but this just a little more so from a fingerprinting perspective. Presumably you need quite a few bits to completely specify the filter whereas age is only a ~1.58 bit field in the CA model. Not really sure how much this matters when there are so many other signals for fingerprinting and we should probably make fingerprinting from it illegal but just some thought.

> Instead, what we get proposed is a system that cares very much about how old you are, and not one bit about the things that one's guardian understands one needs to be protected from.

Regarding your linked comment, I think it's a bit strange to say that if legislators really did care about child safety they would mandate fine grained controls instead. I'm not sure what additional fine grained factors you may be thinking of precisely, but we already use age as a gate in real life for many things we consider dangerous so it's quite natural for legislators to transpose those. Our laws already very much care about how old you are.

simoncion 3 hours ago||
> I'm not sure what additional fine grained factors you may be thinking of precisely...

Read [0] and consider the array of specific things that a guardian may wish to protect their ward from. Make sure to make your list cover children of all ages as well as adults with a wide array of cognitive impairment.

> That being said, age based restrictions isn't a fine grained control over the system as perhaps one would like but that also would be inherently more complicated to think about from a legislative perspective...

So? Legislative or regulatory restrictions on human behavior must be as restrictive as required to achieve the stated goal, and not significantly more. The courts are especially concerned about this when it comes to restrictions on speech. If a set of legislators need to sit with something for a quarter or two to understand it well enough to properly regulate it, then that's what they're getting paid to do.

> ...when it looks like a lot of parents are looking for a blunt generic button...

You can have preset lists of categories to block in a system that doesn't care at all what your age is. Surely you know that.

> Presumably, under the law, parents would be the ones to create a child account with a non-editable-by-the-child-account age fields...

The California law has no such requirement. Go read it, it will only take like ten minutes. [1] My summary of it as "the kids can lie about their age and there are no consequences for lying" is not even a little bit unfair.

> Our laws already very much care about how old you are.

The identity-verification systems we're talking about didn't exist twelve months ago. These are new systems being designed in a world in which it's trivial to have a centralized database that contains dossiers of all of everyone's customers everywhere. [2] Nearly all other regs that restrict based only on age were written in a world where that was either impossible, or extremely expensive and time-consuming.

Even if that weren't true, all one needs to do to see how these regs will be actually interpreted by most businesses is to look at all of the companies that are preemptively requiring upload of live video, pictures of one's face, pictures of one's government-issued ID, and/or deep analysis of one's activities with their systems. No US state requires any of that, but it all got slammed in when legislators started talking about doing age-based restriction of Internet services.

Had legislators clearly said "We're going to be designing and enacting laws that require designated guardians to be able to prevent their wards from engaging in guardian-selected categories of activities. We want every guardian to be able to protect their wards, regardless of the age of those wards.", you'd see companies building and deploying very different systems.

[0] <https://news.ycombinator.com/item?id=48911863>

[1] <https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...>

[2] Am I saying that there exists a centralized database of all of everyone's customers everywhere? Absolutely not.

toomuchtodo 1 day ago|||
Please provide citations regarding public support for age verification. Surveys show majority support, for dating sites, social media, adult content, and sports betting.

https://www.pewresearch.org/short-reads/2026/07/01/majority-...

https://x.com/PTBwrites/status/2031529878021923118

https://yougov.com/en-us/daily-results/20250502-1e408-1

https://yougov.com/en-us/daily-results/20250502-1e408-2

> Parental controls remains the right way to do age gating. It works today and has no privacy impacts.

This opinion is not grounded in data and facts. If this was true, we would not be here. But we’re here because parental controls are insufficient, the vast majority of parents are just hanging in there getting their kids to adulthood.

More than 3 million college students are raising kids. Most won’t graduate - https://news.ycombinator.com/item?id=48709130 - June 2026

The real single-parent capital of America - https://news.ycombinator.com/item?id=42867716 - January 2025 ("The places with the most single parents tend to be, to put it bluntly, struggling. The strongest predictors of single parenthood are high poverty rates and high shares of the population receiving government assistance." [There are ~13.6M single parents in the U.S. raising over 21M children. This means single parents head roughly one in three households and approximately 34% of all U.S. children live in a single-parent family.])

Parents Under Pressure: The U.S. Surgeon General's Advisory on the Mental Health & Well-Being of Parents - https://www.hhs.gov/sites/default/files/parents-under-pressu... - 2024

> When stress is severe or prolonged, it can have a deleterious effect; 41% of parents say that most days they are so stressed they cannot function and 48% say that most days their stress is completely overwhelming compared to other adults (20% and 26%, respectively).

> Nearly 70% of parents say parenting is now more difficult than it was 20 years ago, with children’s use of technology and social media as the top two cited reasons.

> Recent data from 2021-2022 indicate that among parents, 23.9% (or 20.3 million) had any mental illness and 5.7% (or 4.8 million) of parents had a serious mental illness.

> Lastly, many other caregivers assume primary caregiving responsibility when parents cannot, thus acting as a critical safety net for children. In recent years, there has been a notable increase in such individuals taking on caregiving responsibilities for children, with approximately 2.4 million children being raised by grandparents, other relatives, or family friends, without their biological parent(s) in the household.

U.S. has world’s highest rate of children living in single-parent households - https://news.ycombinator.com/item?id=37628812 - September 2023 (108 comments)

(fertility rates continue to collapse though, so hopefully this problem continues to decline over time, only time will tell; 40% of annual pregnancies in the US and internationally are unintended, per the Guttmacher Institute and the UN, respectively)

Charted: How American Households Have Changed Over Time (1960-2023) - https://www.visualcapitalist.com/how-american-households-hav... ("A record 58.4% of American households now consist of married or single adults without children. Only 25.3% of American households contain children.")

failuser 1 day ago||||
The laws they pass do nothing to stop the criminals. Do you think an “age verification” law can stop any criminals?
busterarm 1 day ago||
The laws not stopping the criminals isn't the point. People are calling on their governments to do something and thus governments are going to do what they are going to do.

It's a mix of what they can do and what they're likely to do. They just have to be able to go back to voters and say they're doing something.

If you think that the fact that they did the wrong thing is an argument for not doing anything, you clearly are blind to politics & history.

And age verification being the wrong solution to the "privacy problem" doesn't remove privacy from lawmakers' crosshairs.

WarmWash 1 day ago|||
People are calling on governments or Meta is calling on governments to preemptively deflect punishment onto everyone else for their own misdeeds?
failuser 1 day ago||
Exactly. Voice of the people if very faint, sound of lobby banknotes makes lawmakers listen.
failuser 1 day ago||||
Governments can make effective laws, you know. There are tools that can solve this. Parental controls, separation of peer-to-peer communications from algorithmic feeds. The lawmakers are old, tech-illiterate people. You can tell them that a private Minecraft server is illegal and they will believe it.
inigyou 1 day ago||
It's a shame that non-evil tech-literate people refused to talk to lawmakers about any of this.
casey2 20 hours ago|||
People are also calling on parents, governments and tech companies to respect children's privacy. [1]

None of these groups will because they profit too much from disrespecting their privacy. The average child would be far safer if they used the Dark Web. I'm not sure why the "richest country on earth" is engaging in zero-sum behavior, but those are the kinds of contradictions such behavior creates.

[1] https://www.pewresearch.org/short-reads/2023/10/18/key-findi...

Dylan16807 1 day ago||||
> Privacy is being abused by criminals to victimize people at scale.

Almost all victimization is being done without end to end encryption. This is not a problem caused by privacy.

inigyou 1 day ago|||
Yep. For example on Instagram DMs, which is why Instagram abolished E2EE, and we all went into an uproar.

Also on Discord and Roblox, they are apparently the biggest platforms for this, but they're not E2EE anyway, they're just hiding it because their executives like what's happening.

ShinyLeftPad 23 hours ago|||
And I guess you have statistics about how much victimization happens over e2e?:)
deathanatos 1 day ago||||
Gotta disagree. The encryption part needed to happen: without it, there's just too much opportunity for governments to intercept unencrypted traffic and abscond with it. We saw that occur with Snowden, and with programs like MUSCULAR in particular.

I don't think it's that encryption was harmful, it's that it wasn't enough, and in a sense I agree with TFA & the Sun Tzu bit: it needed to be complemented by legislation that added decent privacy protections, and it largely wasn't. That was a mistake, I suppose, but the current political situation, esp. in the USA, disfavors privacy regulation getting done, ever. The Democrats are … maybe spiritually for it? … but not terrible effectual at getting it done; Obama's response to Snowden was "meh" at best, and Congresspeople, in particular Feinstein especially, let the DNI walk all over her. The GOP has no interest at all in regulating corporations, at all, ever, so with the House/Senate/POTUS all (R) at the moment, it's going to be until at least Nov before it is possible to even think that these might get addressed, and even that's … generous, and I won't be holding my breath for it to occur.

Stuff like what we saw in another thread today — with LG wantonly installing spyware — and things like Flock would have happened in addition to network intercepts; they are not happening instead of. Corporations and the government will do whatever the People permit them to get away with.

close04 1 day ago||||
The guy’s logic is “if only we had allowed a small backdoor from the start they wouldn’t be forced to install a large backdoor now”. Other technologies that were open to the law were endlessly abused for surveillance.

His theory is bunk, there is absolutely no middle ground to be had with the people who want a backdoor. There are no small backdoors.

inigyou 1 day ago||
What do you consider a backdoor though? Saying that devices must have parental controls isn't a backdoor. Saying that devices must scan your ID is a backdoor to break anonymity, but is he saying that?

If we had parental controls that actually worked it would forestall any talk about ID scanning because parents could just enable parental controls.

close04 1 day ago||
Even the article talks about this. The backdoor is when there’s no E2EE - he speaks of the “absolute right to privacy” which the proposed age verification solution wouldn’t breach in any way, so it’s actually the loss of encryption. It’s when a legal and technical framework are put in place to do age verification which can be switched to identity verification in a blink of an eye. It’s when cryptographically attested software is the only way to use the internet which even the author, as a suporter of the upsides, knows what it implies on the downside.
ETH_start 21 hours ago|||
He's very clearly arguing against absolute privacy on the Internet and is saying that the people who advocated for it, which he besmirches as "tech bros", are responsible for the governments going too far now, instead of a happy compromise having been set out at the beginning, which by the way totally mischaracterizes the history of the Internet, where the governments were trying to impose total surveillance from the very beginning.
busterarm 16 hours ago||
He’s not exactly wrong either. The founders/executives of a tech startup I worked for spun off a completely unrelated E2EE chat app as a separate startup and didn’t market it to anyone.

It’s only used by them and their buddies and basically only for OTR conversations related to their publicly traded company that would have put them in prison. Totally the “let’s defraud these investors and do industrial espionage” type shit. I also know about a good half dozen other VC-funded E2EE chat apps that are also exactly this.

They do it just to get something they control in app stores that’s also a separate entity. Then they don’t have to answer uncomfortable questions about why such and such is on their phone.

This is some of what regulators are seeing and finding a problem with.

ETH_start 13 hours ago||
We can agree to disagree on this. Even on this example you gave, I'm not entirely sure it's harmful to society. Having worked in the corporate world, there are just so many regulations that — from what I've seen — there is pervasive non-compliance and the covering up of the non-compliance. I suspect that if every single corporate regulation was effectively enforced, a significant fraction of economic activity would grind to a halt.
busterarm 6 hours ago||
People often say the same thing about environmental regulation too...

I hope you realize what a poor argument (to lawmakers) that is, especially if your goal is to advocate for privacy.