In the United States, you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using, yet somehow, the same social responsibility seems thrown out the window for parents and the web.
Yes, children are clever - I was one once. If you want to actually protect children and not create the surveillance state nightmare scenario we all know is going to happen (using protecting children as the guise, which is ironic, because often these systems are completely ineffective at doing so anyway) - then give parents strong monitoring and restriction tools and empower them to protect their children. They are in a much better and informed position to do so than a creepy surveillance nanny state.
That is, after all, the primary responsibility of a parent to begin with.
There is almost literally documented examples of Facebook executives twirling their mustaches wondering how they can get kids more addicted. This isn't a few bands with swear words, and in fact, I think that the damage these social media companies are doing is in fact, reducing the independence teens and kids that have that were the fears parents originally had.
I dunno, are you uncertain about your case at all or just like. I just like, can't help but start with fuck these companies. All other arguments are downstream of that. Better the nanny state than Nanny Zuck.
The solution would then be to break them up or do things like require adversarial interoperability, rather than ineffective non-sequiturs like requiring them to ID everyone.
The perverse incentive comes from a single company sitting on a network effect. You have to use Facebook because other people use Facebook, so if the algorithm shows you trash and rage bait you can't unilaterally decide to leave without abandoning everyone still there, and the Facebook company gets to show ads to everyone who uses it and therefore wants to maximize everyone's time wasted on Facebook, so the algorithm shows you trash and rage bait.
Now suppose they're not allowed to restrict third party user agents. You get a messaging app and it can send messages to people on Facebook, Twitter, SMS, etc. all in the same interface. It can download the things in "your feed" and then put it in a different order, or filter things out, and again show content from multiple services in the same interface, including RSS. And then that user agent can do things like filter out adult content, if you want it to.
We need to fix the actual problem, which is that the hosting service shouldn't be in control of the user interface to the service.
Is that really a non-sequitur though? Cigarettes are harmful and addictive so their sale is age gated. So too for alcohol. Gambling? Also yes. So wouldn't age gating social media be entirely consistent in that case?
Not that I'm necessarily in favor of it. I agree that various other regulations, particularly interoperability, would likely address at least some of the underlying concerns. But then I think it might not be such a bad idea to have all of the above rather than one or the other.
Then close their business. Age verification just makes their crimes even more annoying.
Wild times when we're seeing highest voted Hacker News commenters call for the nanny state.
If you're thinking these regulations will be limited to singular companies or platforms you don't use, there is no reason to believe that's true.
There was already outrage on Hacker News when Discord voluntarily introduced limited ID checks for certain features. The invitations to bring on the nanny state reverse course very quickly when people realize those regulations might impact the sites they use, too.
A lot of the comments I'm seeing assume that only Facebook or other platforms will be impacted, but there's now way that would be the case.
How about taking all these websites that require PII onto their own members-only domain?
This actually should have been in place and well fleshed-out before Google & Microsoft started pushing their "account" nonsense.
I'm not sure how those two positions connect.
Execs bad, so laws requiring giving those execs everyone's IDs, instead of laws against twirled mustaches?
For me this is a crux, at least in principle. Once online media is so centralized... the from argument freedom is diminished.
There are differences between national government power and international oligopoly but... even that is starting to get complicated.
That said... This still leaves the problem in practice. We get decrees that age-restriction is mandatory. There will be bad compliance implementations. Privacy implications.
Meanwhile a while... how much will we actually gain when it comes to child protection.
You can come up will all sorts of examples proving "Facebook bad" but that doesn't mean these things are fixed when/if regulation actually comes into play.
Gambling isn’t introducing substance into user system it is making use of existing brain chemicals.
Social media companies engineered every piece of addictive mechanisms from gambling to alter brain chemistry or reactions of users.
The problem with comparing social media use to tobacco is that they are completely different. It's like saying weed is just like heroin because they both make you feel good. It's reductive and not productive.
The completely anti-social media stance ignores the good parts of social media. People can connect from across the planet and found others who shares the same views or experiences. People who are marginalized can find community where none may exist in their local area. So we should approach this more carefully and grounded.
Who would be responsible if a child developed alcohol addiction? A nicotine problem? Any other addiction?
Exactly. The same people that should be responsible for giving them unfettered access to an internet that is no longer safe. Even adults have to be wary of getting hooked on scrolling, and while I agree that the onus is on the companies, it has been demonstrated over and over again that they will not be held to account for their behavior.
So the only logical choice left that actually preserves freedom is for parents to get off their ass and keep their child safe. Parent's that don't use filtering and monitoring software with their children should be charged with neglect. They are for sending a kid into the cold without a coat, or letting them go hungry, why is it different sending them onto the internet?
And to your last point: You are dead wrong. No government anywhere in the world has demonstrated that they have the resources, expertise, or technical knowledge to solve this problem. The most famously successful attempt is the Chinese Great Firewall, which is breached routinely by folks. As soon as a government controls what speech you are allowed to consume, the next logical step for them is to restrict what speech you can say, because waging war on what people access will always fail. I mean, Facebook alone already contains tons of content that's against its terms of service, and they have more money than God, so either they actually want that content there, or they are too understaffed to deal with the volume, and the volume problem only ever increases.
So in my view, you are the one against freedom by advocating for the government to control the speech adults can access for the sake of "protecting the children" when the actual people that are socially, morally, and legally culpable for that protection are derelict in their duties.
The government literally actively prevents people selling all these things to children, rather than permit a free for all and then expect parents to take responsibility for steering their kids away from them.
Maybe it's about time that the proven predatory companies be restricted to something like their own adults-only internet cafes where age can be checked at the door.
They had their chance with the open internet and they blew it.
I mean, historically speaking, we blamed the tobacco companies.
Also, if they were genuinely responsible, why can a child's parents be held accountable for them developing an addiction? The company was responsible, not the parent... do you see how ignorant that sounds?
Meta is the bozo in a panel van with no windows. All The legit porn sites put up Big Blinking Neon Signs.
This is a huge self own. I can't believe I'm reading this on a website called "hacker news".
How about we reject all institutional nannies?
It is much easier to implement user-controlled on-device settings than any sort of over-the-Internet verification scheme. Parents purchase their children's devices and can adjust those settings before giving it to their kids. This is the crux of the problem, and all other arguments are downstream of this.
why-not-both.jpg
Maximizing corporate freedom leads inevitably to corporate capture of government.
Opposing either government concentration of power alone or corporate concentration of power alone is doomed to failure. Only by opposing both is there any hope of achieving either.
Applying that principle to age-verification, which I think is inevitable: Prefer privacy-preserving decoupled age-verification services, where the service validates minimum age and presents a cryptographic token to the entity requiring age validation. Ideally, discourage entities from collecting hard identification by holding them accountable for data breaches; or since that's politically infeasible, model the service on PCI with fines for poor security.
The motivation for this regime is to prevent distribution services from holding identification data, reducing the information held by any single entity.
This is the wrong implementation.
You require sites hosting adult content to send a header indicating what kind of content it is. Then the device can do what it wants with that information. A parent can then configure their child's device not to display it, without needing anybody to have an ID or expecting every government and lowest bidder to be able to implement the associated security correctly.
It doesn't matter what kind of cryptography you invent. They either won't use it to begin with or will shamelessly and with no accountability violate the invariants taken as hard requirements in your theoretical proof. If you have to show your ID to the lowest bidder, you're pwned, so use the system that doesn't have that.
The state can imprison you. Zuck can't.
No one. You’ll see a few politicians and more individuals stuck to their principles, but anyone with major clout sees the writing on the wall and is simply working to entrench their power.
> Better the nanny state than Nanny Zuck.
Indeed, what lolberts fail to understand usually is not a choice between government vs “freedom” it’s a choice between the current government and whoever will fill up the power vacuum left by the government.
Their position was to compare it to alcohol, guns, and tobacco, not bands using naughty words. Alcohol and tobacco definitely enter mustache swirling territory, getting children addicted and funding misinformation on the harms of their product.
That’s because “freedom” is complicated and doesn’t precisely map to the interests of any of the major actors. Its largely a war between parties seeking control for different elites for different purposes.
If you genuinely believe that this is about those moustache twirling executives, then I have a bridge to sell you.
Have you ever wondered why and how these systems are being implemented? Have you ever gone why Discord / Twitch / what have you and why now? Have you ever thought that this might be happening because of Nepal and the fears of another Arab spring?
https://www.aljazeera.com/news/2025/9/15/more-egalitarian-ho...
I think too many people on this platform don't understand what this is about. This is about power. It's not about what's good for you or the children. Or for the constituents. It's about power. Real power. Karp-ian "scare enemies and on occasion kill them" power.
There are many ways in which such a system could be implemented. They could have asked people to use a credit card. Adult entertainment services have been using this as a way to do tacit age verification for a very long time now. Or, they could have made a new zero-knowledge proof system. Or, ideally, they could have told the authorities to get bent. †
Tech is hardly the first industry to face significant (justifiable or unjustifiable) government backlash. I am hesitant to use them as examples as they're a net harm, whereas this is about preventing a societal net harm, but the fossil fuel and tobacco industries fought their governments for decades and straight up changed the political system to suit them. ††
FAANG are richer than they ever were. Even Discord can raise more and deploy more capital than most of the tobacco industry at the time. It's also a righteous cause. A cause most people can get behind (see: privacy as a selling point for Apple and the backlash to Ring). But they're not fighting this. They're leaning into it.
Let's take a look at what Discord asked people for a second, the face scan,
If you choose Facial Age Estimation, you’ll be prompted to record a short video selfie of your face. The Facial Age Estimation technology runs entirely on your device in real time when you are performing the verification. That means that facial scans never leave your device, and Discord and vendors never receive it. We only get your age group.
There was an article that went viral for spoofing this, https://age-verifier.kibty.town/ // https://news.ycombinator.com/item?id=46982421 . In the article, the author found by examining the API response the system was sending,
k-id, the age verification provider discord uses doesn't store or send your face to the server. instead, it sends a bunch of metadata about your face and general process details.
We're anthropomorphising machines. A machine doesn't need pictures; "a bunch of metadata" will do just fine.
We are assuming that the surveillance state will require humans sitting in a shadow-y room going over pictures and videos. It won't. You can just use a bunch of vectors and a large multi-modal model instead. Servers are cheap and never need to eat or sleep.
Certain firms are already doing this for the US Gov, https://x.com/vxunderground/status/2024188446214963351 / https://xcancel.com/vxunderground/status/2024188446214963351
We can assume de facto that Discord is also doing profiling along vectors (presumably behavioral and demographic features) which that author described as,
after some trial and error, we narrowed the checked part to the prediction arrays, which are outputs, primaryOutputs and raws.
turns out, both outputs and primaryOutputs are generated from raws. basically, the raw numbers are mapped to age outputs, and then the outliers get removed with z-score (once for primaryOutputs and twice for outputs).
In general, Discord seems to have fairly reliable data about the other applications the user is running. Discord also has data about your voice and now your face.
Is some or all of this data being turned into features that are being fed to this third-party k-ID? https://www.k-id.com/
https://www.forbes.com/sites/mattgardner1/2024/06/25/k-id-cl...
https://www.techinasia.com/a16z-lightspeed-bet-singapore-par...
k-ID is (at first glance) extracting fairly similar data from Snapchat, Twitch etc. With ID documents added into the mix, this certainly seems like a very interesting global profiling dataset backstopped with government documentation as ground truth.
I'm sure that's totally unrelated. :)
-
† like they already have for algorithmic social media and profiling, https://www.newyorker.com/magazine/2024/10/14/silicon-valley...
Somehow there's tens to hundreds of millions available for crypto causes and algorithmic social media crusades, but there's none for the "existential threat" of age verification.
†† Once again, this is old hat. See also: Turbotax, https://www.propublica.org/article/inside-turbotax-20-year-f...
Vilify them all you want, but same has been done with nicotine products, alcohol products, etc. and to GPs point, we SM as a toy for our children to play with. We chose to change the rules (laws, regulations, etc) because capitalists can never be simply trusted to do what's best for anything except their bottom line. That's a fundamental law no different than inertia or gravity in a capitalistic society. That's why regulators exist. Until you regulate it, they will wear their villain badge and rake in the billions. It's easy to be disliked when the topic of your disdain is what makes you filthy rich (in other words, they don't care what you or I think of what they're doing).
lol
The problem is that it's bloody hard to actually do this. I'm in a war with my 7yo about youtube; the terms of engagement are, I can block it however I want from the network side, and if he can get around it, he can watch.
Well, after many successful months of DNS block, he discovered proxies. After blocking enough of those to dissuade him, he discovered Firefox DNS-over-HTTPS, making it basically impossible to block him without blocking every Cloudflare IP or something. Would love to be wrong about that, but it seems like even just blocking a site is basically impossible without putting nanny-ware right on his machine; and that's only a bootable Linux USB stick away from being removed unless I lock down the BIOS and all that, and at that point it's not his computer and the rules of engagement have been voided.
For now I'm just using "policy" to stop him, but IMO the tools that parents have are weak unless you just want your kid to be an iPad user and never learn how a computer works at all.
> the terms of engagement are, I can block it however I want from the network side, and if he can get around it, he can watch.
You're treating this as a technical problem, not a parental rules problem. Your own rules say he's allowed to watch!
You have to set the expectations and enforce it as a parent.
Is it impractical to keep an eye on what he's doing on his computer, i.e. physically checking in on him from time to time?
How about holding him responsible for his own behavior, to develop respect for the rules you impose? Is it just hopeless, and if so how come? Is it impossible for him to understand why you don't want him watching certain content or why he should care about being worthy of your trust?
I'm not judging here, I'm genuinely curious.
There is no digital equivalent of "flash an ID card and be done with it" in the surveillance state era of the internet. Using a CC is the closest we have and even then you're giving data away.
Additionally, the laws I've read mandate that no data be retained, so you have stronger legal protections than typical credit card use, or even giving your ID to a store clerk for age restricted purchases (many stores will scan it without asking, and in some states scanning is required).
The difference though is that parents are generally the ones to give their kids their phones and devices. These devices could send headers to websites saying "I'm a kid" -- but this system doesn't exist, and parents apparently don't use existing parental controls properly or at all.
And there would be ways to work around it. If people find that privacy-preserving age verification is not good enough because "some kids will work around it", then nothing is good enough, period. Some will always work around anything.
It's not as easy as you may believe to prevent that type of access.
Its unfortunate that the application of this rule is being performed at the software level via ad-hoc age verification as opposed to the device level (e.g. smartphones themselves). However that might require the rigimirole of the state forcibly confiscating smartphones from minors or worrying nepalise outcomes.
Don't punish the rest of the web for crappy parenting and crappy incentives by companies/govts.
On the flip side, I do think we should also hold companies more accountable for this. We collectively prevented companies from advertising tobacco to minors through regulation with a pretty massive success rate. These companies know how harmful social media can be on youth, and there is little to no effective regulation around how children learn about these platforms and get enticed into them.
The clearest example is LGBTQ kids who want to talk to other LGBTQ kids, or enjoy LGBTQ content, without fundamentalist or just homophobic/transphobic parents finding out. Children of fundamentalist or cult members who want an escape from the cult are another common category.
You're saying the status quo and I think its fair to state you wouldn't intentionally design the status quo. Unless we have some wizard wheeze where we can easily arrest and detain or otherwise effectively punish parents without further reducing the quality of life for their children.
A child with an iPhone, Xbox, and a Windows Laptop won't be able to install discord unless the parent explicitly lets them, or opts out of all the parental controls those platforms have to offer.
The tech is here already, this is not about keeping children safe.
I'm against these age-verification laws, but to say it's impossible to comply with open-source software isn't really true.
Do you have an A+++++ oven with three panes of glass? It's [relatively] safe to touch and instead of monitoring if a child is somewhere near the oven you have to monitor if the child does not actively open the oven. That's much easier.
Drugs, alcohol, cigarettes, pornography were all illegal for me to access as a kid but I wouldn’t have had any trouble getting any of it.
At 16 it was easier, but at 8 it wasn’t hard.
PS This post is partly satire, I will leave it to you as to which part is serious.
... and honest:
- they will honestly tell you that they'd be very happy to see you dead when you impose restrictions upon them (people who are older will of course possibly get into legal trouble for such a statement)
- they will tell they they wish you'd never have given birth to them (or aborted them)
- they will tell you that since they never wanted to be born, they owe you nothing
- ...
And this entire thing is about bad parenting. Its always easier to just give the kid a tablet and go back to whatever you were doing. Its always better to actually interact with the kid. That trade-off of time is important because if you mess up when they are young, you spend a lot more time handling issues later on. That time you gained by giving them a tablet will get payed back someday, usually with interest. That's what is happening here.
It worked really well up until she got a school managed chromebook for homework with no access controls.
We've had pediatricians shame us for feeding our kids what they're willing to eat and not magically forcing "a more varied diet" down their throats at every meal, despite them being perfectly healthy by every objective metric. There are laws making it technically illegal for us to leave our kids unsupervised at home for any period of time in any condition, even a few minutes if one of us is running slightly late from work/appointments.
Your not-quite-2-year-old is too tall for a rear-facing car-seat? You're a bad parent, possibly a criminal and putting them at risk by flipping the seat to face forward, a responsible parent spends hundreds of dollars they don't have on several different seats to maybe find one that fits better or have their kid ride uncomfortably and arguably unsafely with their legs hyper-extended up the seatback.
Miss a flu shot because you were busy? Careful you don't come off as an antivaxxer.
And all of this and more on top of changing diapers, doctors' appointments, daycare, preschool, school, family activities and full time jobs?
Yeah, when my kids are old enough to engage with social media I will teach them how to use it responsibly, warn them about the dangers, make myself available to them if they have any problems, enforce putting the phones down at dinner and and keep a loose eye on their usage. Fortunately/unfortunately for them they have a technically sophisticated father who knows how to log web activity on the family router without their knowledge. So if anything goes sideways I'll have some hard information to look at. Most families don't have that level of technical skill.
Thank you for that.
Parents are legally and socially expected to keep their kids away from tobacco and alcohol. You're breaking legal and social convention if you allow your kids to access dangerous drugs.
Capitalist social media is exactly as dangerous as alcohol and tobacco. Somebody should be held responsible for that, and the legal and social framework we already have for dealing with people who want to get kids addicted to shit works fairly well.
They work hand in hand with governments around the world, that's why they get the tax breaks. In return they hand over details about your opinions, social networks and whereabouts, not to mention facial recognition data via Facebook. They aren't remotely capitalist in any real sense since they have a bad business model.
Most actual studies done on this topic find very little evidence this is true.
It's a run-of-the-mill moral panic. People breathlessly repeating memes about whatever "kids these days" are up to and how horrible it is, as adults have done for thousands of years.
I expect some emotional attacks in response for questioning the big panic of the day, but before you do so please explore:
[1] Effects of reducing social media use are small and inconsistent: https://www.sciencedirect.com/science/article/pii/S266656032...
[2] Belief in "Social media addiction" is wholly explained by media framing and not an actual addiction: https://www.nature.com/articles/s41598-025-27053-2
[3] No causal link between time spent on social media and mental health harm: https://www.theguardian.com/media/2026/jan/14/social-media-t...
[4] The Flawed Evidence Behind Jonathan Haidt's Panic Farming: https://reason.com/2023/03/29/the-statistically-flawed-evide...
That's not exactly accurate. The two key parts of the attractive nuisance law are a failure to secure something combined with the victim being too young to understand the risks.
So if you put a trampoline in your front yard, that's an easy attractive nuisance case.
If you put a pool in your back yard with a fence and a locked gate, it would be much harder to argue that it was an attractive nuisance.
If a 17 year old kid comes along and breaks into your back yard by hopping a 6-foot tall fence, you'd also have a hard time knowing they didn't understand that their activities came with some risk. Most cases are about very young children, though there are exceptions
This is exactly what one of our neighbors did when I was growing up.
All the kids loved it.
There just weren't very many lawsuits back then like there are now after the number of attorneys proliferated so much.
To be as safe as they could, the parents put the trampoline in a pit where the bouncing surface was at ground level.
If you drove by, you wouldn't even be able to see it, or have any idea that it was there.
Unless there was somebody bouncing at the time.
You should have seen the look on peoples' faces when they drove down our street and saw that for the first time :)
The Internet is basically the final frontier where this harmful law doesn't reach, though the Karens are really trying to expand their power there.
The legal doctrine is also not specific to the US, of course.
All parental moderation mechanisms can and should be implemented as opt-in on-device settings. What governments need to do is pressure companies to implement those on-device settings. And what we can do as open-source developers is beat them to the punch. Each parent will decide whether or not to use them. Some people will, some won't. It's not Bob's responsibility to parent Charlie's children. Bob and Charlie must parent their own children.
To the people arguing that parents are too dumb to control their children's tech usage because they themselves are tech-illiterate: millennia ago, we invented this new thing called fire. Most people were also "too dumb" to keep their children away from the shiny flames. People didn't know what it was or how dangerous it could be. So the tribe leader (who, by the way, gropes your children) proposed a solution: centralize control of all the fire. Only the tribe leader gets to use it to cook. Everyone else just needs to listen to him. Remember, it's all for you and your children's safety.
Of all the things, a "save-the-children prolegomena to the Prometheus myth" certainly wasn't on my bingo card today. So thank you for that, but I'm not aware of any reports of fire-keeping in the way you've described. Societies and religions do have sacred traditions related to fire (like Zoroastrians) but that doesn't come with restrictions on practical use AFAIK.
We've literally watched things unfold in real time out in the open in the last year I don't know how much more obvious it could be that child-protections are the bad-faith excuse the powers that be are using here. Combined with their control of broadcasting/social media, it's the very thing they're pushing narratives in lockstep over. All this to effectively tie online identities to real people. Quick and easy digital profiles/analytics on anyone, full reads on chat history assessments of idealogies/political affiliations/online activities at scale, that's all this ever was and I _know_ hackernews is smart enough to see that writing on the wall. Ofc porn sites were targeted first with legislation like this, pornography has always been a low-hanging fruit to run a smear campaign on political/idealogical dissidents. It wasn't enough, they want all platform activity in the datasets.
I can't help but feel like the longer we debate the merits of good parenting, the faster we're just going to speedrun losing the plot entirely. I think it goes without saying that no shit good parenting should be at play, but this is hardly even about that and I don't know why people take the time of day. It's become reddit-caliber discussion and everyone's just chasing the high of talking about how _they_ would parent in any given scenario, and such discussion does literally nothing to assess/respond to the realities in front of us. In case I'm not being clear, talking about how correct-parenting should be used in lieu of online verification laws is going to do literally nothing to stop this type of legislation from continually taking over. It's not like these discussions and ideas are going to get distilled into the dissent on the congressional floors that vote on these laws. It is in it's own way a slice of culture war that has permeated into the nerd-sphere.
You think the idea of parents, not governments, being responsible for parenting doesn't translate well to voters? In the country founded on the idea of freedom from overreaching governance and personal responsibility?
what i'm saying is these discussions around parenting have had zero impacts on preventing the passage/implementation of such legislation/policies to date despite many smart people in here understanding what's actually at stake. and it's very likely that these parenting discussions will again go on to have absolutely zero impact on preventing the continued impelmentation of id verification on platforms. these policies/legislations aren't simply being implemented because people have failed to fully thought-exercise out good/bad parenting styles enough yet in the marketplace of ideas, it's becoming a reality because we aren't collectively raising awareness of the downstream ways this legislation will be harnessed for shitty outcomes. we aren't talking about it for what it is, but instead talking about it in the way they want us to talk about it. these parenting discussion points have been beaten to death and nothing new or novel is being shared, and rather than looking straight at the wolves right here in the room with us (data brokerage & who benefits from this type of data brokerage & figuring out how to stop it) people just look at each other and get butthurt about idealogical parenting differences. it's literally a slice of the now-ever-so-common 2d culture war we're all acutely aware exists, right here on hackernews, and we're all actively participating.
May the best legal person win!
I would start with banning cellphones.
If everyone was banned from facebook we would have organised them via text messages or email. That's the main point of social media age restrictions, individually banning kids is too punishing on those kids so parents and teachers don't try. Doing it across the whole population is much better.
So even if their own child has no phone at all, they have access to the internet through other children's unlimited mobile access.
Is it more important to prevent your son from being weaponized and turned into a little ball of hate and anger, and your daughter from spending her teen years depressed and encouraged to develop eating disorders, or to make sure they can binge the same influencers as their "friends"?
With that being said, i think explaining _in detail_ why you’re laying down certain rules can go a LONG way toward building some trust and productive dialogue with your child. Maybe you’ll find out they are more mature than you give them credit, can loosen up a bit. Or maybe a reasonable compromise can be found. Or maybe they’ll be bitter for a few months, but they’ll at least understand “why”.
because their parents didn’t read the research or don’t care about the opportunity cost because it can’t be that big of a deal or it would not be allowed or legal right? at least not until their kid gets into a jam or shows behavioral issues, but even then they don’t evaluate, they often just fall prey to the next monthly subscription to cancel out the effects of the first: medication
So many questions. Are you campaigning against billboards in your city? Do you avoid taking your kids to any business that has digital signage? I assume you completely abstain from all types of movies and TV? What about radio or books?
What are you, personally, doing on HN?
Fascinating.
We'll try anything, it seems, other than hold internet companies accountable for the society destroying shit they publish.
And it's not jusy children who's lives they are destroying.
But I didn't have emotionally mature parents, and I'm sure so many children growing up now don't either. They're going to read arguments like these and say they're already doing enough. Maybe they truly believe they are, even if they're mistaken. Or maybe they won't read arguments like these at all. Parenting methods are diverse but smartphones are ubiquitous.
So yes, I agree that parents need to be held accountable, but I'm torn on if the legal avenue is feasible compared to the cultural one. Children also need more social support if they can't rely on their parents like in my case, or tech is going to eat them alive. Social solutions/public works are kind of boring compared to technology solutions, but society has been around longer than smartphones.
You can argue that many parents are less than ideal parents, but that is not sufficient to justify having the state step in. You also have to show that the state is less bad.
Decades of data on the foster system strongly suggests otherwise. The state, by any objective measure, is terrible at raising children.
I was told over and over by in hindsight unqualified persons that emotional abuse wasn't real abuse, so after a few years I was disinclined to seek help.
If I had had even one person that supported me unconditionally instead of none at all, even if that person wasn't a parent, I'm fairly certain I would have turned out differently. That was just a matter of luck, and I came out empty-handed. I never felt comfortable talking about what I was exposed to online with anyone, and that only hurt me further, but I was a child and couldn't see another option.
In fact being held to a standard that adults hold themselves to is frequently seen as a rite of passage. I'm a big girl now and I put on my big girl pants to prove it.
The mistake in this reasoning is assuming that they are actually interested in protecting the children.
The world is becoming increasingly more uncertain geopolitically. We have incipient (and actual) wars coming, and near term potential for societal disruption from technological unemployment. Meanwhile social media has all but completely undermined broadcast media as a means of social control.
This isn't about protecting children. It's about preventing a repeated of the Arab Spring in western countries later this decade.
"Think of the children" is the oldest trick in the book, and should always be met with skepticism.
The character.ai one is gut wrenching.
As a human, I'd love to see the rest of you fools quit that. If HN ever starts to algorithm me I'll be gone too.
> you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using
In the example here, there are 3 things where age verification is required AND parents have responsibility.
It’s not just one or the other.
The same responsibilities are not “thrown out”, they are never acknowledged in the first place.
The positives and negatives of Internet usage are more extreme than broadcast media but less than alcohol/guns. The majority of people lack the skills to properly censor Internet without hovering over the child's shoulder full-time as you would with a gun. Best you can do is keep their PC near you, but it's not enough.
We agree that a creepy surveillance nanny state is not the solution, but training parents to do the censorship seems unattainable. As we do for guns/alcohol/cigarettes, mass education about the dangers is a good baseline.
EDIT: And some might disagree about never having access to alcohol!
If people want to push, they should just push to make these set up options more ubiquitous, obvious and standardized. And perhaps fund some advertising for these features.
There needs to be a strict (as in MDM level) parental control system.
Furthermore there needs to be a "School Mode" which allows the devices to be used educationally but not as a distraction. This would work far better than a ban.
When I was a kid, when I reached a certain age, 13 I think, there was nothing my parents good could do to stop me from learning from my own mistakes. I think using blanket laws and tech to curb internet behavior is just going to backfire.
[0]: https://news.clemson.edu/the-safer-you-feel-the-less-safely-...
Even with this, the problem requires more than pushing a button. Time, thought, and adjustment are needed. Like home maintenance, its necessary but not everyone can do it without help.
Getting AI assistance is good advice.
It's obviously not a 1/1 comparison here, because providing ID to access the internet is not analogous to providing ID to purchase a pack of Cowboy Killers but we can extrapolate to a certain extent.
(inb4 DAE REGULATING FOR-PROFIT CORPORATIONS == NANNY STATE?!?!?!?!?)
Politicians' whole basis for nearly every campaign is "you're helpless, let us fix it for you."
For the vast majority of problems plaguing society, the answer isn't government, it's for people changing their behavior. Same goes for parenting.
But unfortunately, "you're an adult, figure it out" isn't the greatest campaign slogan (if you want to win).
> then give parents strong monitoring and restriction tools
As written, this sounds very glib. I cannot take this comment seriously without a game theory scenario with multiple actors.
the surveillance state is possible, achievable, and a few coordination games away from deployment with backing from a majority who should know better
inertia kills, I dunno
A counterargument to your point that children are clever - I was also one once.
Because parents don’t abuse massive surveillance tools.
Given that most abuse happens in the family and by parents maybe it’s a bad idea to give them so much power
Exactly, nowhere.
If I‘m contra B, it doesn’t mean I pro A
This doesn't put the parents off the hooks, if you or anyone can share any resources that are as easily consumable, viral and applicable as the content that is the issue that can reach parents I would be happy to help it spread.
The reality is kids today are facing the most advanced algorithms and even the most competent parents have a high bar to reach.
The solution is simple.
I want to permit whatever the pixels are on a childs screen. Full stop. That hasn't been solved for a reason. Because developing such a gate would work and not allow algorithms to reach kids directly and indirectly.
The alternative is not ideal, but until there's something better, what it will be and that's well proven for the mental health side of things of raising resilient kids who don't become troubled young adults - no need for social media, or touch screens until 10-13.
There are lots of ways to create with technology, and learning to use words (llms) and keyboards seems to increasingly have merit.
The only real solution is to keep children off of the internet and any internet connected device until they are older. The problem there is that everything is done on-line now and it is practically impossible to avoid it without penalizing your child.
If social media and its astroturfers want to avoid outright age bans, they need to stop actively exploiting children and accept other forms of regulation, and it needs to come with teeth.
Social media operators love the surveillance state idea. That's why they aren't pushing against this.
I even cancelled YT Premium because their "made for kids" system interfered with being able to use my paid adult account. I urge other people to do the same when the solutions offered are insufficient.
We could mandate that companies that market the products actually have to deliver effective solutions.
If you make such a restriction, they'll secretly buy some cheap "unrestricted" device like some Raspberry Pi (just like earlier generations bought their secret "boob magazines").
I love gaming, but I hate all the smutt games. It discredits the medium, essentially what has also happened to anime.
I don't really want to turn on age-based filters (to the point that I've never investigated if they even exist) but at this rate, there's hardly anything worth looking at in the recent feed.
It's just hard to imagine that's anything close to what Nintendo wants users to experience, but I guess they need the money.
Your kid is screwed either way. Unless he moves to India.
It’s not a fair fight. These are multi-billion dollar companies with international reach and decades of investment and research weaponized against us to make us all little addicts.
Additionally, it’s not fair or reasonable to ask parents to screen literally everything their kids do with a screen at all times any more than it was reasonable for your parents to always know what you were watching on TV at all times.
This is bootstraps/caveat emptor by a different name. It’s not “I want someone else to raise my kids.” It’s “the current state of affairs shouldn’t be so hostile that I have to maintain constant digital vigilance over my children.” Hell if you do people then lecture you about how “back in their day they played in the street and into the night” and call you a helicopter parent
The real question is why do we leave it to parents or intrusive surveillance instead of holding companies accountable?
We live in a shared world with shared responsibilities. If you are working on a product, or ever did work on a product, that made the internet worse rather than better, you have a shared responsibility to right that wrong. And parents do have to protect their kids, but they can't do it alone with how systematically children are targeted today by predatory tech companies.
If anything, we should be banning the collection of any age related information to access social media and more mature content. We need companies to respect privacy, rather than legislation even more privacy violations.
Undo the damage or otherwise come up with a way to shield kids from it. I won't let my own kids anywhere near the open web the way it is today. It's poison for young minds and needs to be fixed or gated off. Like alcohol at this point.
I understand where you are coming from but age gating is not the answer for a communication medium.
This is how the "predatory debt" involved has built up, and grown exponentially until now, and the only thing Facebook considers as a solution would be to pay it down using other peoples' resources instead of their own.
No one else has matching leverage and the dollar figure would be many billions if not a full trillion or more, which is about what it's worth, and who else could afford that except Facebook?
So it has to come from the collective subtraction of everyone's complete privacy. Just to amount to something comparable.
Add that up and it shows you how valuable privacy really is and what it's worth in dollar figures.
Yes, do the math, privacy is worth more than Facebok no matter what, it always was and always will be.
You can't have both, so big tech should jettison Meta. Who else could afford it?
A more non-existential solution would be for Meta to fully fund a completely anonymous internet to replace the one that they soiled from the beginning, and let them keep the (anti-)social-media exclusive network separate.
It was going to be like MySpace where most people were expected to remain anonymous like the internet had always been, and only those who actually wanted to be identifiable could reveal as much information as they personally wanted to.
But no, Facebook wanted everybody's personally identifiable information as table stakes, not only those who really wanted to promote themselves or gain personal recognition.
There was no other way to sign up.
I thought people would be too smart for that. But Facebook was "free" to use, and learned a lot from it's first major gamescourge, Zynga.
Naturally I've been waiting for it to stand the test of time, and it does look like it has been a complete failure when it comes to being worthwhile.
Facebook started out with enshittification as a business model but the next major escalation came when people had to have an "account" before they could even browse the site any more.
People who had actually enjoyed it were somewhat pressured to join just so they could continue following those who were promotional. Linkedin did this too and made it no longer worth visiting either. So much for supporting the members who were intended to be promoted.
You can only imagine my shock years ago when I found out Facebook was a billion-dollar company.
Things like this were never even supposed to be worth money.
So anyone can walk into a shop and purchase these things unrestricted? It's not the responsibility of the seller too?
Guns yes, you can buy a schmidt-rubin cartridge rifle or black powder revolver sent straight to your home from an online (even interstate) vendor no ID or background check, perfectly legal.
Alcohol yes, you can order wine straight to your house without ID.
These are all somewhat less known "loopholes" but not really turned out to be a problem despite no meaningful controls on the seller. You probably didn't even know about these loopholes, actually -- that's how little of a problem it's been.
Even if the world was full of responsible parents, there are still people and groups that want to establish a surveillance state. These systems are focused on monitoring and tracking online activity / limiting access to those who are willing to sacrifice their own personal sovereignty for access to services.
There is most definitely a cult that is obsessed with the book of revelation and seeing Biblical prophecy fulfilled, and if that isn't readily obvious to folks at this juncture in time, I'm not sure what it will take. I guess they'll have to roll out the mark of the beast before people will be willing to admit it.
You should need to show ID and prove you're over 18 to enter a church. At least we know they're actually harmful to children.
The government took over most parenting functions, one at a time, until the actual parent does or is capable of doing very little parenting at all. If the government doesn't like the fact that it has become the parent of these children, perhaps it shouldn't have undermined the actual parents these last 80 years. At the very least, it should refrain from usurping ever more of the parental role (not that there is much left to take).
You yourself seem to be insulated from this phenomena, maybe you're unaware that it is occurring. Maybe it wouldn't change your opinions even if you were aware.
>If you want to actually protect children
What if I don't want to protect children (other than my own) at all? Why would you want to be these children's parents (you suggest you or at least others want to "protect" them), which strongly implies that you will act in your capacity as government, but then get all grumpy that other people are wanting to protect children by acting in their capacity of government?
There is a local dive bar down the street. I haven't expressly told my kids that entering and ordering an alcoholic drink is forbidden. In fact, that place has a hamburger stand out front on weekends and I wouldn't discourage my kids from trying it out if they were out exploring. I still expect that the bartender would check their ID before pulling a pint for them.
It takes a village to raise a child. There are no panopticons for sale the next isle over from car seats. We are doing our best with very limited tooling from the client to across the network (of which the tremendously incompetent schools make a mockery with an endless parade of new services and cross dependencies). It will take a whole of society effort to lower risks.
The way to keep kids from eating (yummy) lead-based paint chips was not holding parents accountable to what their kids ate, but banning lead-based paint.
"But it's behavioural!" I hear you cry. "What's stopping children from going out, buying a cheap unlocked smartphone / visiting their public library / hacking the parental control system, and going on the internet anyway?" And that's an excellent objection! But, what's stopping children from playing in traffic?
That’s why most people make sure it doesn’t happen
Did you forget what web site you're on?
People, for the most part, have no respect for the law. They usually haven't even read the law. They have respect for what they consider appropriate or inappropriate behaviour. (Knowingly breaking the law is, in most instances, considered an inappropriate behaviour – except copyright law, which people only care about if there are immediately-visible enforcement mechanisms. Basically everyone is fine with copying things from Google Images into their PowerPoint presentations… but I digress.) Most people would object to murder, even if the law didn't forbid it. This distinction is important.
Is there a law that says "children must not play in traffic"? Probably! Haven't the foggiest idea which it would be, though. That law (if it exists) is not why children don't play in traffic. The law against giving alcohol to children (if it exists) is not why we don't give alcohol to children. We can establish similar social norms for deliberately-addictive, deceptive, dangerous computer systems, such as modern corporate social media.
Drawing out the alcohol analogy further, you can actually buy alcohol on Amazon, subject to an ID check. I'm not sure why no one bats an eye at this, but somehow e.g. porn or other adult-only services are different.
It's long been an established, reasonable stance that it is both the parent's responsibility and decision to allow or deny certain things, and it's also illegal for businesses to completely undermine the parent's ability to act as that gatekeeper for their kids.
I'm in favour of this, so long as the restriction is narrow. Children shouldn't be on Facebook, but they should be able to participate in the RuneScape forums under a pseudonym, or contribute to Wikipedia (provided they understand the "no, nothing can be deleted ever" nature of the edit history).
However, most of the things we'd want to prohibit for children, aren't actually good for anyone. It would be much easier, in one sense, to blanket-ban the bad guys: no new accounts may be created on services like Facebook or Discord, unless they change their ways.
We've never properly acted upon reports of predators grooming children by investigating them, charging them, holding trials, and handing down sentences on any sort of large scale. There's a patchwork of LEOs that have to handle things and they have to do it right. Once the packets are sent over state lines, we have to involve the feds, and that's another layer.
Previously, I would have said it's up to platforms like Discord to organize internal resources to make sure that the proper authorities received reports, because it felt like there were instances of people being reported and nothing happening on the platform's side. Now, given recent developments, I'm not sure we can count upon authorities to actually do the job.
Well, I can't speak for parents (as in all parents). I can, however, tell you what we did.
When two of my kids were young we gave them iPods. The idea was to load a few fun educational applications (I had written and published around 10 at the time). Very soon they asked for Clash of Clans to play for a couple of hours on Saturdays. We said that was OK provided they stuck to that rule.
Fast forward to maybe a couple of months later. After repeated warnings that they were not sticking to the plan and promises to do so, I found them playing CoC under the blankets at 11 PM, when they were supposed to be sleeping and had school the next day.
I did not react and gave no indication of having witnessed that.
A couple of days later I asked each of them to their room and asked them to place their top ten favorite toys on the floor.
I then produced a pair of huge garbage bags and we put the toys in them, one bag for each of the kids.
I also asked for their iPods.
No anger, no scolding, just a conversation at a normal tone.
I asked them to grab the bags and follow me.
We went outside, I opened the garbage bin and told them to throw away their toys. It got emotional very quickly. I also gave them the iPods and told them to toss them into the bin.
After the crying subsided I explained that trust is one of the most delicate things in the world and that this was a consequence of them attempting to deceive us by secretly playing CoC when they knew the rules. This was followed by daily talks around the dinner table to explain just how harmful and addictive this stuff could be, how it made them behave and how important it was to honor promises.
Another week later I asked them to come into the garage with me and showed them that I had rescued their favorite toys from the garbage bin. The iPods were gone forever. And now there was a new rule: They could earn one toy per month by bringing top grades from school, helping around the house, keeping their rooms clean and organized and, in general, being well behaved.
That was followed by ten months of absolutely perfect kids learning about earning something they cherished every month. Of course, the behavior and dedication to their school work persisted well beyond having earned their last toy. Lots of talks, going out to do things and positive feedback of course.
They never got the iPods back. They never got social media accounts. They did not get smart phones until much older.
To this day, now well into university, they thank me for having taken away their iPods.
So, again, I don't know about parents in the aggregate, but I don't think being a good parent is difficult.
You are not there to be an all-enabling friend, you are there to guide a new human through life and into adulthood. You are there to teach them everything and, as I still tell them all the time, aim for them to be better than you.
Precisely. I am not saying I am perfect as a parent or that this was the best possible approach to the situation we had. Nobody is and perfect parenting is an absolute myth.
I knew full well just how addictive gaming could be because I experienced it in my 20's. Needless to say that the "shock and awe" consequence to their deceit was not the result of a single data point. We had been seeing changes in behavior over time (six months or so). The objective was three fold: Take away the device that delivered the addictive behavior. Take away something of value to them. Make them earn it back with positive behavior.
The decision was not planned and the consequences were not communicated in advance. Few things in life are like that. Sometimes people discover the consequences of their actions (or understand them) when they are sprung on them because of something they did. Drunk driving being one possible (though not perfect) example of this.
In this case, it worked. Perhaps we got lucky. Not sure. I also did highlight that I cannot speak for all parents. I did the best I thought made sense at the time. Based on the outcome, many years later, I can say it worked.
To the critics on this thread: Your mileage may vary. Some of the comments sound juvenile, perhaps you'll understand if you ever become a parent and face similar circumstances. Then see what you think of someone who thinks they know better from behind a keyboard than you did in the moment and without having to be responsible for the outcomes (which is a multi-year commitment).
> lies to own children about throwing their toys away
1. Teach children about consequences... by using clear expectations, timely feedback, and proportional responses.
2. Teach children about consequences... by allowing wrongdoing to become a festering mess until it "justifies" some big punishment that comes as deliberate emotional trauma and surprise.
Separately from asking which one is more "effective" at conditioning an immediate behavior, each choice also affects how those kids are going to behave when they are in any position to set and enforce rules. Being a role-model is hard.
True enough. Of course, you are not going to get that in this case. All I can say is that those commenting here about potentially cataclysmic consequences are likely precisely the kind of people who will practice the kind of soft "friend class" parenting that can result in really troubled kids. If they even have kids at all, because some of the comments by others sound infantile.
The other narrative that is utterly false is that of role models in the negative sense. Almost all of you are one or two generations away from a culture and style of parenting where beating the kids was considered normal and even good parenting. An era where teachers beating kids in school was also normal and accepted. And yet, that has largely not survived the generational divide except in some segments of some cultures.
Raising kids and being a role model isn't a matter of single events or experiences, it is, like most other things in the human condition, a matter of building a relationship over time and understanding that life usually is a rollercoaster ride, not a straight-and-flat road.
When you say “We‘ll try everything” that is simply not true, in particular what we do not try is strict consumer protection laws which prohibits targeting children. Europe used to have such laws in the 1980s and the 1990s, but by the mid-1990s authorities had all but stopped enforcing them.
We have tried consumer protection, and we know it works, but we are not trying it now. And I think there is exactly one reason for that, the tech lobby has an outsized influence on western legislators and regulators, and the tech industry does not want to be regulated.
If parents can't handle that they can give them up to the state.
Imagine a gun range that was well aware that their grounds were being used in nefarious ways. We'd shut it down. A hospital that just blindly gave out pain killers to anyone that asked. We'd shut it down.
Does this mean that a zero tolerance policy is what should be used to shut things down? I don't think so. We have some agency to control things, though.
We cannot expect every parent to be able to protect their children when they are being predated on by dozens of multi-million dollar companies, and the state is on the side of the companies.
Those kids shouldn't even have a mobile device to play said game. That's where the parents can, and should, make a difference: don't let your kid even have a smartphone in the first place.
And the reason we have these ads is that corporations are hoping that the kids will indeed disobey, and whine constantly at their parents, until they have their way (as directed to by the targeted ad). There was a good reason why targeting kids in ads used to be illegal in Europe.
The parents' job is to say no. If they're letting themselves be influenced too, that's bad parenting.
You've missed the point. No legislator or politician cares about what the parents are doing.
What they care about is gaining greater control of people's data to then coerce them endlessly (with the assitance of technology) into acting as they would liike. To do that, they need all that info.
"The children" is the sugar on the pill of de-anonymised internet.
Why this utter drivel is the top comment is beyond me, unbelievable.
It is plausible that the same applies to the digital realm.
I think there are many pros and cons to be said about age verification, but I think this method solves most problems this article supposes, if it is combined with other common practices in the EU such as deleting inactive accounts and such. These limitations are real, but tractable. IDs can be issued to younger teenagers, wallet infrastructure matures over time, and countries without strong identity systems primarily undermine their own age bans. Jurisdictions that accept facial estimation as sufficient verification are not taking enforcement seriously in the first place. The trap described in this article is a product of the current paradigm, not an inevitability.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
EUDI wallets are connected to your government issued ID. There is no "highly invasive age verification".
We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
You get it with the salts. When you want to prove you are 18+ you include salt for the "is aged over 18" claim, and the signed document with all the salts and the other side can validate if the document is signed and if your claim matches the document.
No face scanning, no driver license uploading to god-knows-where, no anything.
> to obtain 30 single use, easily trackable tokens that expire after 3 months
This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on. It is supposed to provide the "unlinkability". I don't feel competent enough to explain how those work.
> jailbreaking / "prevent tampering"
This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
> You have to blindly trust that the tokens will not be tracked
This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
Also we can't have a meaningful discussion without expanding on definition of "tracking".
Can the site owner track you when you verify if you are 18+? Not really, each token is unique, there should be no correlation here.
Can the government track you? No, not alone.
Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
Can they lie? Sure.
Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
Can they lie if you are using bbs+? Math says no.
The "open source" apps connect to proprietary backends run by a third party that you have to blindly trust. If EUDI wallets were truly open source and free from blindly trusting any authority, then you could simply remove that requirement and issue your own tokens without the use of potentially malicious third party.
I mean, you can. It's like with TLS certificates. The standard is there. The code is there. You can issue your own.
The question is, who will trust you?
If the "18+ claim" can't be linked to your identity and doesn't have any rate limits, someone can set up a token-as-a-service to sell tokens on the black market.
> Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
> Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
How does the math say no? Big tech companies already log absolutely everything. What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> Can they lie? Sure.
Well, they've lied to us over and over when it comes to surveillance, so I think at this point it's reasonable to assume they're lying unless it's technically impossible. Where's the in-person key verification that used to be in Whatsapp? How do the authorities get notified when someone makes a poorly thought out joke using Snapchat private messages before getting on a plane? Why is there a war on end-to-end encryption?
We're going to pay a fortune for these supposed zero knowledge systems and that's what it's about. Select companies are going to get paid to issue tokens and the scale is going to create a few new billionaires.
The people in charge are going to gain a ton of power when they betray everyone and disenfranchise us.
Now your EU government requires you to have an unmodified Google or Apple device to use any age restricted services. Cementing the US mobile OS duopoly and locking out any free systems and desktop etc. forever.
Any governmental service taking part in this is a violation of civil rights and even if you don't care about those, maybe you care about digital sovereignty.
This is so lightly handwaved away, almost as if attention needs to be drawn away. By the looks of this I'd say the end of general computing might be the actual goal, and all the age verification is just yet another "think of the children" pretense?
The inherent problem with all zero knowledge identity solutions is that they also prevent any of the safeguards that governments want for ID checking.
A true zero knowledge ID check with blind signatures wouldn't work because it would only take a single leaked ID for everyone to authenticate their accounts with the same leaked ID. So the providers start putting in restrictions and logging and other features that defeat the zero knowledge part that everyone thought they were getting.
That is not true and "true zero knowledge ID check" + "age verification" with blind signatures is what's being implemented by the EU ID project.
So someone's id leaks. It happens. In EUDI there are things called "cryptographic accumulators of non-revocation proofs". If your ID leaks it goes into the accumulator. Similar to the certificate revocation lists. During check, you include claims "im over 18" and "my id is not in the accumulator".
This is included in the standard.
This is also (I can only assume) one of the reasons why EUDI wallets require play integrity / attestation / secure element on the device. So your private key won't be easily leaked and no one can steal your ID.
What happens when someone sets up a marketplace where people can sell those blind signatures using their ID for $2 each? And then kids just pay $2 to have someone else blindly use their ID to validate the account, because supposedly the system is structured so that nobody can tell which ID was used or tie it back to the account?
In theory you cannot export your private key from the device (from the secure element), so for each $2 someone would have to quickly unlock their phone, scan code via the app and so on.
That's unnecessarily reductive.
Yes, every solution will have problems, but not all solutions have similar problems.
If a solution has problems such that it can be immediately reduced to security theater and bypassed by any teenager who cares, it's just extra hassle and privacy degradation for the rest of us.
These details matter. If a weak solution is regulated into law and the government discovers kids are easily bypassing it, they will immediately pivot into requiring more restrictions on it.
We've had decades of age gating being "are you 18+ or not" yet it is only now that talks of something more enforceable are coming up. This discussion is largely about how one can create a sense of safety and protection. For the more extreme end it's face scans and submitting ID. Even though these are bypassed by any teenager who cares they are still being pushed seriously because it instills that sense of safety and protection for children. Security theater is just a part of managing the internet and not going away unfortunately.
How? If it’s analyzes my ID 100% client side I can fake any info I want. If my ID goes to a server, it’s compromised IMO.
I think the zero proof systems being touted are like ephemeral messaging in Snapchat. That is, we’re being sold something that’s impossible and it only “works” because most people don’t understand enough to know it’s an embellishment of capabilities. The bad actors will abuse it.
Zero proof only works with some kind of attestation, maybe from the government, and there needs to be some amount of tracking or statistics or rate limiting to make sure everyone in a city isn’t sharing the same ID.
Some tracking turns into tracking everything, probably with an opaque system, and the justification that the “bad guys” can’t know how it works. We’ve seen it over and over with big tech. Accounts get banned or something breaks and you can’t get any info because you might be a bad guy.
Does your system work without sending my ID to a server and without relying on another party for attestation?
The verifier gets no other information than the strictly necessary (issuer, expiry, that kind of thing) and the over 18 bit, but can trust that it's from a real credential.
That's not strictly a zero knowledge proof based system, though, but it is prvacy-preserving.
you get your sd-jwt document signed once and you reuse it for like 30 days or so.
> you get your sd-jwt document signed once and you reuse it for like 30 days or so
So it still gets routed through the government once a month if you plan on using it.
You get your document with fields like "can drive", "is over 18" and so on. It's valid for some time; physical ID is valid for like 10 years and then you have to get a new document, this digital one is valid for lets say 30 days and if it expires you get a new one.
Then you present only those fields you want, when you want, without anyone talking to the government at all. All the other party needs to check is "is the document valid" and "do presented fields match the document". Like checking a tls certificate for a given domain name or purpose.
Strictly speaking there is no "routing through the government" of any information. The government just "issues a certificate" valid for X days without knowledge with whom, how or when you are using it.
I don't understand how you keep claiming there is no "routing through the government" right next to your explanations that the government is the one providing the documents every 30 days.
Obviously something in the document is tied to your ID and the government has mechanisms to revoke it. No matter how many layers you put on top of that, this all has to come back to the government's control.
I understand that the salts can be sent to 3rd party websites. However there's obviously a reason that those are only valid for 30 days instead of indefinitely.
If I choose to share that salt, and provide my name, someone could hash all that information and compare it to the government-issued document to verify if my name really is john smith (or if my claim "I'm over 18" is valid).
If I don't, they have no way of knowing.
> no "routing through the government"
> government is the one providing the documents
I'm also lost. I mean, this is the government issued ID we are talking about, right? How are you expected to get it if not from the government? "Are you over 18" claim is part of that government issued ID.
They don't have to know which sites or when you are visiting, but they do have to issue you the document.
(To be clear, there are also other options, it doesn't have strictly to be government; for example banks around here can provide ID documents - for their clients. There's a list of who is trusted for what https://eidas.ec.europa.eu/efda/trust-services/browse/eidas/...).
> However there's obviously a reason that those are only valid for 30 days instead of indefinitely.
It's the same reason why we prefer tls certificates with short lifespans.
amplifying your point, there is effectively no way for the layperson to make this distinction. And because the app needs to send data over an encrypted channel, it would be difficult at best for a sophisticated person to determine whether their info is being sent over the wire.
Switzerland is working on a system that does the former, but if Government really wants to identify users, they can still ask the company to provide the age verification tokens they collected, since the Government hosts a centralized database that associates people with their issued tokens.
The Swiss design actually doesn't store the issued tokens centrally. It only stores a trust root centrally and then a verifier only checks the signature comes from that trust root (slightly simplified).
The average person does not understand the math behind zero-knowledge proofs. They only see that state infrastructure is gatekeeping their web access. Furthermore, if the wallet relies on a centralized server for live revocation checks, the identity provider might still be able to log those authentication requests, effectively breaking anonymity at the state level.
On a practical level, this method verifies the presence of an authorized device rather than the actual human looking at the screen. Unless the wallet demands a live biometric scan for every single age check, they will simply bypass the system using a shared family computer or a parent's unlocked phone. We used to find our way around any sort of nanny software (remember net nanny)
what you are describing still remains a bubble and I really hope Americans aren't looking at EU for any sort of public policy directions here.
One of the most highly valued tech companies of today makes a software that sometimes talks its user's into killing themselves. Some guy put "uwu notices bulge" on a bullet casing and shot Charlie Kirk: things turned out fine indeed.
Requiring everyone to show their id on every website will not change that. It will limit free speech though.
Everyone does realize we're being constantly tracked by telemetry, right?
A proper ZK economy would mitigate the vast majority of that tracking (by taking away any excuse for those in power to do so under the guise of "security") and create a market for truly-secure hardware devices, while still keeping the whole world at maximal security and about as close to theoretical optimum privacy as you're going to get. We could literally blanket the streets with cameras (as if they aren't already) and still have guarantees we're not being tracked or stored on any unless we violate explicit rules we pre-agree to and are enforceable by our lawyers. ZK makes explicit data custody rules the norm, rather than it all just flowing up to whatever behemoth silently owns us all.
With LLMs and paid actors wreaking havoc on social media I do think that social media needs pivot towards allowing only human users on it. I wrote about this here: https://blog.picheta.me/post/the-future-of-social-media-is-h...
In that system does the age verification result come with some sort of ID linked to my government issued ID card? Say, if I delete my account on a platform after verifying and then create a new one, will the platform get the same ID in the second verification, allowing it to connect the two and track me? Or is this ID global, potentially allowing to track me through all platforms I verified my age on?
What a verification process looks like from the user perspective? Do I have to, as it happens now, pull out my phone, use it as a card reader (because I don't have a dedicated NFC device on my computer), enter the pin, and then I'll be verified on my computer so I can start browsing social media feed? Or, perhaps, you guys have come up with a simpler mechanism?
If they did the right thing and only asked for the over 18 bit, then they wouldn't have a trackable identifier.
Someone brought up the need for device attestation for trust purposes (to avoid token smuggling for example). That would surely defeat the purpose (and make things much much worse for freedom overall). If you have a solution that doesn't require device attestation, how does that solve the smuggling issue (are tokens time-gated, is there a limit to token generation, other things)?
This would only work with something like MS TPM 2 / Apple Secure Enclave (device attestation), which is anti-freedom by design. I was curious if they found a way around that (maybe with time/rate limits, or some actual useful use of blockchain tech).
If there's a fundamental culture shift, there's an easy way to prevent children from using the internet:
- Don't give them an unlocked device until they're adults
- "Locked" devices and accounts have a whitelist of data and websites verified by some organization to be age-appropriate (this may include sites that allow uploads and even subdomains, as long as they're checked on upload)
The only legal change necessary is to prevent selling unlocked devices without ID. Parents would take their devices from children and form locked software and whitelisting organizations.
It's my job as a parent (and I have several kids...) to monitor the things they consume and talk with them about it.
I don't want some blanket ban on content unless it's "age appropriate", because I don't approve that content being banned. (honestly - the idea of "age appropriate" is insulting in the first place)
Fuck man, I can even legally give my kids alcohol - I don't see why it's appropriate to enforce what content I allow them to see.
And I have absolutely all of the same tools you just discussed today. I can lock devices down just fine.
Age verification is a scam to increase corporate/governmental control. Period.
- Many parents don't think about restricting their kids' online exposure at all. And I think a larger issue than NSFW is the amount of time kids are spending: 5 hours according to this survey from 2 years ago https://www.apa.org/monitor/2024/04/teen-social-use-mental-h.... Educating parents may be all that is needed to fix this, since most parents care about their kids and restrict them in other ways like junk food
- Parents that want to restrict their kids struggle with ineffective parental controls: https://beasthacker.com/til/parental-controls-arent-for-pare.... Optional parental controls would fix this
Did you mean "mandatory" parental controls? All current systems are optional and as you describe they are frequently ineffective, so not clear why keeping things like they are would be different.
In the USA it depends on the state. Federal guidelines for alcohol law does suggest exemptions for children drinking under the supervision of their parents, but that's not uniformly adopted. 19 states have no such exceptions, and in many of the remaining 31, restaurants may be banned from allowing alcohol consumption by minors even when their parents are there.
Another thing: I fundamentally disagree with certain age rarings for kids content. Some explicit violence is rated OK for young audiences, but insert a swear word or a some skin and the age rating is bumped up? This rating system is nonhelp at all. I have to review each bit of content anyway before I can be certain.
yup we should all be able, to talk to our kids instead of screaming at them.
More simply: If ID checks are fully anonymous (as many here propose when the topic comes up) then every kid will just have their friends’ older sibling ID verify their account one afternoon. Or they’ll steal their parents’ ID when they’re not looking.
Discussions about kids and technology on HN are very weird to me these days because so many commenters have seemingly forgotten what it’s like to be a kid with technology. Before this current wave of ID check discussions it was common to proudly share stories of evading content controls or restrictions as a kid. Yet once the ID check topic comes up we’re supposed to imagine kids will just give up and go with the law? Yeah right.
This problem probably can't be solved entirely technologically, but technology can definitely be a part of solving it. I'm sure it's possible to make parental controls that most kids can't bypass, because companies can make DRM that most adults can't bypass.
This is exactly what I meant by my above comment: It’s like the pro-ID check commenters have become completely disconnected from how young people work.
Someone’s 18 year old sibling isn’t going to be stopped by “should know better”. They probably disagree with the law on principal and think it’s dumb, so they’re just helping out.
But imagine if a locked device was treated like alcohol. Most kids get access to alcohol at some point despite it being illegal, often from older siblings, and rarely with legal consequences for the adult. But it's much less of an issue, because most kids don't get it consistently. Furthermore, "good" kids understand that it's bad, and even some "bad" kids understand that they must limit themselves.
Since people are already talking about using the law instead of parenting this needs clarification. Are the parents the one that would revoke their privileges or the government?
Exactly the same way that kids used in former days to get cigarettes or alcohol: simply ask a friend or a sibling.
By the way: the owners of the "well-known" beverage shops made their own rules, which were in some sense more strict, but in other ways less strict than the laws:
For example some small shop in Germany sold beverages with little alcohol to basically everybody who did not look suspicious, but was insanely strict on selling cigarettes: even if the buyer was sufficiently old (which was in doubt strictly checked), the owner made serious attempts to refuse selling cigarettes if he had the slightest suspicion that the cigarettes were actually bought for some younger person. In other words: if you attempted to buy cigarettes, you were treated like a suspect if the owner knew that you had younger friends (and the owner knew this very well).
Digital ID with binary assertion in the device is an API call that Apple's app store curation can ensure is called on app launch or switch. Just checking on launch or focus resolves that problem. It's no longer the account being verified per se, it's the account and the use.
(So you need to keep all your stuff into one device to be fully tracked easily. And have no control over your device, share your location… )
If we must have controls, I hope the process of circumventing them continues to teach skills that are useful for other things.
A government could implement the equivalent of China's great firewall. Even if it doesn't stop everyone, it would stop most people. The main problem I suspect is that it would be widely unpopular in the US or Europe, because (especially younger) people have become addicted to porn and brainrot, and these governments are still democracies.
Porn is not just political information about human right abuses, government overreach or heavily censored overview of concentration camps for "group X". People can live just fine with government censorship buying into any kind of propaganda.
Kids would find a way to access porn though. Whatever it VPNs, tor or USB stick black market. Government cant even win war on drugs and you expect them to successfully ban porn. What a joke.
My kid logs out of this account so he can watch restricted content. I wonder - what is PG rating for logged out experience?
You mean this culture shift is needed for the masses but I don't think that's the case. In my widest social circle I am not aware of anyone giving alcohol to young kids (yes by the time they are 16ish yes but even that's rare). Most guardians would willingly do similar with locked devices.
The real problem is that the governments/companies won't get to spy on you if locked devices are given to children only. They want to spy on us all. That's the missing cultural shift.
Considering the echo chamber in which I was at school, my friends would have simply used some Raspberry Pi (or a similar device) to circumvent any restriction the parents imposed on the "normal" devices.
Oh yes: in my generation pupils
- were very knowledgeable in technology (much more than their parents and teachers) - at least the nerds who were actually interested in computers (if they hadn't been knowledgeable, they wouldn't have been capable of running DOS games),
- had a lot of time (no internet means lots of time and being very bored),
- were willing to invest this time into finding ways to circumvent technological restrictions imposed upon them (e.g. in the school network).
Hypothetically, if every kid in your social circle had their device "locked", the adults would probably have a very hard time the kids away from their devices, or just relent, because the kids would be very unhappy. Although maybe with today's knowledge, most people will naturally restrict new kids who've never had unrestricted access, causing a slow culture shift.
The whitelist would be decided by the market: the parents have the unlocked device, there are multiple solutions to lock it and they choose one. Which means that in theory, the dominant whitelist would be one that most parents agree is effective and reasonable; but seeing today's dominant products and vendor lock-in...
Any parent can be reckless and give their children all kinds of things - poison, weapons, pornographic magazines ... at some point the device has enough protective features and it is the parents responsibility.
I could not control how my parents were going to raise me, I was only able to play with the hand I was dealt. I hate the idea that parents are sacrosanct and do not share blame in these situations. At the same time, if this is just the family situation you're given and you're handed a device unaware of the implications, who is going to protect you from yourself and others online if your parents won't? Should anyone?
Of course no personal details should be provided to the site that requests age confirmation. Just "barer of this token" is an adult.
In Poland we have the same setup.
I think either is better than the staus quo. In the first case the parent is waiving away the protections, and in the second the kid is.
Even if a kid buys alcohol, I think it's healthier that they do it by breaking rules and faking ids and knowing that they are doing something wrong, than just doing it and having no way to know it's wrong (except a popup that we have been trained by UX to close without reading (fuck cookie legislation))
Trying to enforce parental controls via regulation may only be as effective as Europe enforcing the DMA against Apple. But maybe not, because there's a huge market; if Apple XOR Android does it, they'll gain market share. Or governments can try incentive instead of regulation (or both) and fund a phone with better parental controls. Europe wants to launch their own phone; such a feature would make it stand out even among Americans.
The problem of "kids accessing the Internet" is a purposeful distraction from the intent of these laws, which is population-level surveillance and Verified Ad Impressions.
But laws alone won't fix this, and laws aren't necessary (except maybe a law that prevents kids from buying phones). In the article, the child's devices had parental controls, but they were ineffective. There's demand for a phone with better parental controls, so it will come, and more parents are denying access, so their kids will become less alienated.
SOME parents give their children access to their ID. That is NOT the same as ALL parents, and therefore is not a reason not to give those parents a helping hand.
Even just informing children that they're entering an adult space has some value, and if they then have to go ask their parents to borrow their wallet, that's good enough for me.
I'm sure it will occasionally happen. But kids are terrible at keeping secrets, so they will only have the unlocked device for temporary periods, and I believe infrequent use of the modern internet is much, much less damaging than the constant use we see problems from today. A rough analogy, comparing social media to alcohol: it's as if today kids are suffering from chronic alcoholism, and in the future, kids occasionally get ahold of a six pack.
Ridiculous take.
We don't disagree on whether it is actually a problem, you just have your opinion about facts.
We also have no way to actually measure this even if we wanted to do an experiment. So comparing this very soft science to climate change is a bit out of pocket.
Sorry, WHAT? No way to measure it? My god, are we talking about the same thing? Are you sure you haven't missed past 12-24 months of increased reporting on the matter from several different angles, from cognitive skills, anxiety, sexual drive, and so on?
EOT for me.
* according to this survey from over 2 years ago: https://www.apa.org/monitor/2024/04/teen-social-use-mental-h...
To give perspective: in my high school, there were a few kids who vaped in bathrooms, but the majority (including me) did not; we were told many times that it was unhealthy, and anyone caught vaping would be suspended. Everyone I know (including me) had social media, we were not told it was unhealthy (only to not use it too much, not give out PII, avoid bullying, etc.), and it wasn't even policed in some classrooms.
You could, for example, make it illegal to target children with targeted advertising campaigns and addictive content. Then throw the executives who authorized such programs in jail. Punish the people causing the harm.
Stronger punishment creates more of an incentive to age verify. Which is basically why it's happening now.
There is a difference between identifying specific children, and running programs that target children more generally; and / or having research that shows how your product harms children, and failing to do anything to stop it. We can tackle both of those issues without requiring age verification. We're headed down the path of age verification because we know now that not only is social media harmful, it's especially harmful to kids, and has been specifically targeted to them. Those are things that can be fixed, regardless of how you feel about age verification. Its not different than tobacco being not allowed to create advertisements for kids; its the same type of people doing the same types of things in the end.
Gee, I wonder if the executives who are suspected of doing such things haven't spent the last 100 years building the infrastructure necessary to avoid charges, let alone jail time? Large corporate legal departments, wink-wink-nudge-nudge command and control hierarchies where nothing incriminating is ever put into writing, voluminous intra-office communications that bury even the circumstantial evidence so deeply no jury could understand it even if the plaintiffs/state could uncover it, etc.
Anyone over the age of 12 that thinks corporate entities can be made to be accountable in a meaningful way is more than naive. They are cognitively defective. Or is it that you realize they can't be held accountable but you'd rather maintain the status quo than contemplate a country which abolished them and enforced that all business was the conducted by sole proprietorships and (small-n) partnerships?
Sure, there's a lot of corruption right now. Doesn't have to stay that way.
Ah. I see, you believe that the godzilla monsters are useful and that you know how to make leashes for them that will definitely work this time.
Give our personal devices have the ability to verify our age and identity securely and store on device like they do our fingerprint or face data.
Services that need access only verify it cryptographically. So my iPhone can confirm I’m over 21 for my DoorDash app in the same way it stores my biometric data.
The challenge here is the adoption of these encryption services and whether companies can rely on devices for that for compliance without having to cut off service for those without it set up.
If we fight every and any solution, we may end up with their solution, becauase they build it. We end up in the position of saying "don't use the thing they built" without offering alternatives. I'd rather be saying "use whatbwe built, ita is better."
The hardware providers already have the information. You only need to make them reveal it to 3rd parties.
We should be able to verify facts about people on the internet without compromising personal data. Giving platforms the ability to select specific demographics will, in my view, make the web a better place. It doesn’t just let us age restrict certain platforms, but can also make them more authentic. I think it’s really important to be able to know some things to be true about users, simply to avoid foreign election interference via trolling, preventing scams and so much more.
With this, enforcement would also be increasingly easy: Platforms just have to prove that they’re using this method, e.g. via audit.
It would allow someone with an mDL on their device to present only their age instead of other identifying information.
The only reasonable way to deal with children on the Internet is to treat Internet access like access to alcohol/drugs. There is no need for children to access the Internet full stop.
Internet is a network in which everything can connect to everything, and every connected machine can run clients, servers, p2p nodes and what not. Controlling every possible endpoint your child might connect to is not feasible. Shutting the entire network down because "won't somebody please think of the children" is not acceptable.
And, don't let them trick you. This is the endgoal. An unprecedented level of control over the flow of information.
First of all, you cannot know that, since plenty of people before you learnt that stuff from libraries.
>So you would deny children the greatest source of knowledge in the history?
Yes, because other sources of knowledge exist and are much more appropriate for children. It is also the greatest source of despicable stuff in history. When you turn 18, have fun exploring the world wide web.
Undermining data protection and privacy is clearly the point. The fact that it's happening everywhere at the same time makes it look to me like a bunch of leaders got together and decided that online anonymity is a problem.
It's not like kids having access to adult content is a new problem after all. Every western government just decided that we should do something about it at roughly the same time after decades of indifference.
The "age verification" story is casus belli. This is about ID, political dissent, and fears of people being exposed to the wrong brand of propaganda.
How far does it go? Are all bugs features? Shall we assume that Boeing (via MCAS) and Ford (via the Pinto) were trying to kill their passengers? There's a difference between ulterior motive and incompetent execution of expressed intention.
"People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public." - Adam Smith
People do hide their intentions but that doesn’t give us a license to reduce complex system dynamics to absurdities.
Design features tend to persist.
The phrase/idiom "the purpose of a system is what it does" maps best to situations where a multiple decisions within a system make little sense when viewed through the lens of the stated purpose, but make perfect sense if the actual outcome is the desired one.
It is an invitation to analyze a system while suspending the assumption of good faith on the part of the implementors.
It’s not that simple. Especially not in politics but even in the domain you’re referencing, have you ever seen Mozilla’s bug tracker? Once your project is so big and involves so many people you move beyond fixing everything you want.
There may be central planning at play, in this case I assume there is, but to claim it necessarily is relies on an oversimplification that doesn’t exist in human political machines that are a giant ship of theseus essentially. There’s no identity -> management capacity proven anywhere enough to make that kind of claim. Institutions inherit and have emergent behavior driven by the dynamics of their constituents/individuals. That includes the inability to create imagined outcomes reliably. The platonic intent and physical regimes cannot be integrated.
This is a false premise already; the company can check the age (or have a third party like iDIN [0] do it), then set a marker "this person is 18+" and "we verified it using this method at this date". That should be enough.
and there is nothing I or the few (in terms of power) well-meaning government and corporate actors can do to change that.
He is currently prepping to overthrow his local Pizzeria while the rest of us argue as if social media even exists anymore (it doesn't, it's just algorithmic TV now).
It doesn't have to be perfect and there will of course be easy workarounds to hid the warnings for people that want. The goal is to improve the situation though, not solve it perfectly. Like putting information about the dangers of smoking on packages of smokes; it doesn't stop people from smoking but it does make the danger very easy to learn.
Better than muddying the waters trying to make it less addictive but then letting them on there when their brains aren't ready.
The problem of identifying a value for each person is very difficult. But government's role stops there. Until the teenager's screen more factors stay in the middle (parents, peers, criminals). I am curious how it turns out eventually. As a parent, I have already banned SM for my children, so not "affected" by the new policy.
We could start to ban many of the mechanisms social media companies have deployed over the last 10 years. Infinite scrolling, algorithmic feeds of "creator" content, AI generated ragebait from bot accounts, etc. I'd love to see social media reverted back to when it was just holiday photos from your friends.
In china there are places to scan you device and get coupons. usually at elevators in residential buildings so they can track also if you're arriving or leaving easily.
In the US every store tracks and report to ad networks your Bluetooth ids. and we know what happens to ad networks.
US now requires cars to report data, which was optional before (e.g. onstar) and china joined on this since the ev boom.
the public id space is booming.
This isn't true, there is no federal requirement for a cellular modem in cars. Most modern cars have one, but nothing prevents you from disabling or removing it. I certainly would not tolerate such a "bug" in by car.
> In the US every store tracks and report to ad networks your Bluetooth ids.
This also isn't true, modern phones randomize Bluetooth identifiers. I personally disable Bluetooth completely.
and yeah, your phone gives all the deniability and randon ids, etc. but if you allow apps to access location it's game over. also, just go see that google sells one option where you pay by people who saw you ad physically entered a store. (ps: sadly, I implemented the DSP side of this)
I am not sure I understand this.
I am aware that manufacturers benefit from spying on people through car telemetry, or else they would not shoulder the cost of providing a cell plan. But, I, the owner of the vehicle, have every right to literally cut the cord (or simply unplug and remove the cellular modem).
> and yeah, your phone gives all the deniability and randon ids, etc. but if you allow apps to access location it's game over.
I don't. I run GrapheneOS (fully degoogled), and the only apps allowed to access location services are OSMand and a self-hosted Home Assistant instance. Of course that does not change the fact that millions of other people are being spied on.
Every security attempt becomes a facade or veil in time, unless it's nothing. Capture nothing, keep nothing, say nothing. Kids are smart AF and will outlearn you faster than you can think. Don't even try to capture PII ever. Watch the waves and follow their flow, make things for them to learn from but be extremely careful how you let the grownups in, and do it in pairs, never alone.
So there is absolutely no way to change that and give out IDs from the age of 14? You can already get an ID for children in Germany https://www.germany.info/us-de/service/reisepass-und-persona...
This is a problem that has to be solved by the government and not by private tech companies.
This is a lazy cop out to say "we have tried nothing and we are all out of ideas"
Another example where this plays a role are voter registration and ID requirements for voting in the US. It is entirely bizarre to me how these discussions just accept it as a law of nature that it's expensive and a lot of effort to get an ID. This is something that could be changed.
(This is a genuine question) please could you describe the underlying problem that age verification is attempting to solve?
To regulate access to addicting material. This is done in the physical world - why should digital be lawless when it applies to the same human behaviors?
I've been addicted to a lot of digital media parts in harmful ways and I had the luck and support to grow out of most of it. A lot of people are not that lucky.
If governments want to require private companies to verify ages, those same governments need to provide accessible ways for their citizens to get verification documents, starting from the same age that is required.
The latter may not be great, but eating potato chips all day also probably isn't, and I don't think the government should outlaw minors eating potato chips. Plus it's variable: some get positive, educational, pro-social, productive outcomes from social media and some don't. Gambling is always bad in the limit.
A simple rule could probably be that if a website can make you lose over $200 of real money, it should probably require age verification. I don't see why other things should.
The cynic in me says that's not why governments want identity confirmation for gambling websites. It's so you can't dodge the taxman
There are options that don't involve any ID uploads whatsoever.
For example, with a German ID you can provide proof that you are older than 18 without giving up any identifying information. I mean, nobody uses this system at the moment, but it does exist and it works.
You could buy 19 gallons of milk for that money (80 liters).
If that happened in the US, Republicans would then:
1. Insist that non-white children carry ID at all times
2. Operationalize DHS and ICE to deport non-white children to foreign concentration camps.
Many of the worst present on the internet is not age gated at all, you have millions of porn websites without even a "are you over 18" popup. There are plethora of toxic forums...
Of course it's a complex problem, but the current approach sacrifice a lot of what made the internet possible and I don't like it.
This is what I find most insane about the UK's age verification law. It's literally so easy to find adult content without proving your age... You can literally just type in "naked women" into a search engine and get porn...
To call it ineffective would be an understatement. Finding adult content on the web almost just as easy as it's always been. The only thing it's made harder is accessing adult content from the normie-web – you can't access porn on places like Reddit anymore, but you can access porn on 4chan and other dodgy adult sites.
If the argument is "think about the kids" there are more effective ways to do it... Requiring device-level filtering for example would likely be more effective because it could just blacklist domains with hosting adult content unless unrestricted. It would also put more power in the parents hands about what is and what isn't restrict.
Not exactly a good moment for this caste of politicians to pretend they care about children's well-being, though.
Similar to how there is specific channels for children on the TV. Perhaps the government can even incentivize such channels. It would also make it easier for parents to monitor and set boundaries. Parents would only need to monitor if the tv is still tuned to disney channel or similar instead of some adult channels.
Similarly this kind of method could be applied to online spaces. Ofcourse there will be some kids that will find ways around it but they will most likely be outliers.
Children shouldn't be associating with other children, except in small groups. Even the typical classroom count is far too large. They become the nastiest, most horrible versions of themselves when they congregate. A good 90% of the pathology of public schools can be blamed on the fact that, by definition, public schools require large numbers of children to congregate.
For age verification specifically, the only information that services need proof of is that the users age is above a certain threshold. i.e. that the user is 14 years or older. But in order to make this determination, we see services asking for government ID (which many 14-year-olds do not have), or for invasive face scans. These methods provide far more data than necessary.
What the service needs to "prove" in this case is three things:
1. that the user meets the age predicate
2. that the identity used to meet the age predicate is validated by some authority
3. that the identity is not being reused across many accounts
All the technologies exist for this, we just haven't put them together usefully. Zero knowledge proofs, like Groth16 or STARKs allow for statements about data to be validated externally without revealing the data itself. These are difficult for engineers to use, let alone consumers. Big opportunity for someone to build an authority here.
like most proposed solutions, this just seems overcomplicated. we don't need "accessible cryptographic infrastructure for human identity". society has had age-restricted products forever. just piggy-back on that infrastructure.
1) government makes a database of valid "over 18" unique identifiers (UUIDs)
2) government provides tokens with a unique identifier on it to various stores that already sell age-restricted products (e.g. gas stations, liquor stores)
3) people buy a token from the store, only having to show their ID to the store clerk that they already show their ID to for smokes (no peter thiel required)
4) website accepts the token and queries the government database and sees "yep, over 18"
easy. all the laws are in place already. all the infrastructure is in place. no need for fancy zero-knowledge proofs or on-device whatevers.
to go on tiktok, you enter a UUID once onto your account, and thats it. the only person that sees your id card is the store clerk that glances at the birth date and says "yep, over 18" when you are buying the "age token" or whatever you want to call it. no copies of your id are made, it cant be hacked, theres no electronics involved at all. its just like buying smokes. theres no tie between your id and the "age token" UUID you received.
theres no fanciness to it, either. itd be dead simple, low-tech, cheap to implement, quick to roll out. all of the enforcement laws already exist.
>Why should I have to share more than required?
you shouldnt. having to prove age to use the internet is super dumb. but thats the way the winds are blowing apparently. if im gonna have to prove my age to use the internet, id much rather show my id to the same guy i buy smokes from (and already show my id to) than upload my id to a bunch of random services.
Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.
For the ultra-controlling, setting up a "kid's account" using the tools already provided in mainstream OS's [0][1] is a fine option.
[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>
[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>
no, it is exactly as protective as the protections for purchasing alcohol or buying smokes or other controlled substances/products.
buying smokes/alcohol when underage is obviously harder than "click this box". (did you ever try to buy smokes/alcohol when underage? you cant just go up to the clerk at the store when you are 14 and say "trust me bro, im 18/19/21".)
>Anyone who is of legal age can buy UUIDs and pass them around to folks who are not.
same for smoking and alcohol. i could go to the store right now and buy smokes, then hand them to my 10 year old.
we have laws already in place to punish selling smokes/alcohol to underagers, and laws for consuming smokes/alcohol when underage. we can apply those laws to your internet-age-token.
most people seem fine with the current trade-off for smokes/alcohol. i see no reason why tiktok needs to be treated as more dangerous than either.
>Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.
i agree with this and everything you said afterwards. id rather not have any of it.
Right. That's exactly as protective as that tickbox. [0] As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age. Unlike with the proposed ID-collection-and-retention schemes (that are authoritarian's wet dreams) the vendor of the UUID is not responsible for ensuring that that UUID is not later used by someone who is not of-age.
If you were to -say- make alcohol vendors liable for the actions of of-age people who pass on alcohol to not-of-age people, then you'd see serious attempts to control distribution.
[0] Don't forget the existence of preexisting parental controls in every major OS. IME, this is a hurdle that's at least as difficult to surmount as the ID check done in non-chain convenience stores.
no, it isn't, for reasons already mentioned but i will say it again for clarity:
- a 14 year old can click "im of age" on a checkbox.
- a 14 year old cannot go into a gas station and buy smokes. they will be declined.
>As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age.
again... same with smokes and alcohol! but we are okay with how smokes and alcohol are regulated right now.
tiktok is not worse than a bottle of vodka. we are okay with how vodka is regulated. tiktok does not need even more strict age-verification than vodka.
it is not perfect, but it is absolutely more stringent than a checkbox. if you still doubt me, please send one of your 12-14 year old family members to buy a pack of smokes or a bottle of vodka at the nearest store. i will wait for your report.
or make them good for 1 month, but sold in 12-packs.
...if these tokens are as protective as you claim they are, why would it be important for them to expire?
Would you also advocate for the token issued by authoritarians' preferred "send a video of yourself [0] and/or your government-issued photo ID [1] to some random third-party for-profit company" check to frequently expire? If not, what's up with the discrepancy?
[0] Or of someone physically near you who is of-age
[1] See [0]
age verification is already being rolled out. so we can either suck it up and try advocate for less shitty versions, or we can bicker amongst ourselves while id/video-based age verification continues to be implemented everywhere.
>...if these tokens are as protective as you claim they are, why would it be important for them to expire?
read above for the conversation that occurred.
>Would you also advocate for the token issued by authoritarians' preferred "send a video of yourself [0] and/or your government-issued photo ID [1] to some random third-party for-profit company" check to frequently expire? If not, what's up with the discrepancy?
a) no, obviously not, because i dont advocate for video or id-based age verification.
b) i know that you know this, and are just pretending to be ignorant for some weird ass reason: various age verification implementations have different risks and benefits.
for some implementations, users are forced to give up significant amounts of privacy in favor of increased accuracy. other implementations give up less privacy, at the risk of reduced accuracy. look at discords implementation for a recent example (it was easier to spoof the client-side verification than the server-side id-based one. more privacy, less accuracy). this type of balancing act is not new. we do the same balancing act with alcohol, smoking, gambling, healthcare, security, development, etc.
so, when looking at potential mitigations for less-accurate methods, while maintaining the same level of privacy, a sensible option is to make the UUIDs time-bound which will limit the time an illicit token is valid. this makes much less sense for id/video-based verification, because they have higher accuracy than my version (paid for by giving up your privacy).
---------
something you said earlier: "Your time and energy are better spent resisting the expansion,".
so, go do that. find the people that are really pushing for age verification, and argue with them. instead of replying to me, use that time to call your state representative or something. im not your opponent here. if it were up to me, we wouldnt have age verification in the first place. you already know that my stance is anti-age verification!
my proposal is not perfect. i dont like age verification. you can have the karma from this argument, its cool, you can "win". what more do you want me to say?
(Also, like, did you ever go to college? Live in a dorm or apartment with underage students? It was super common for of-age people to buy and distribute booze to substantially underage students. Everyone knew it was happening all the damn time.)
> they are obviously not liable if i buy something legitimately, go home, and feed it to my kid. in that case, i am liable...
And if you changed up the rules to make them liable, you'd see serious attempts at controlling distribution.
What has been the state of the art in parental controls for quite some time is like the current regulatory regime for booze and tobacco. The single thing that needs to change to make it exactly the same would be to make it substantially illegal for US-based publishers to not tag the porn/violence/etc that they publish with age-restriction tags. [0]
What's being proposed and is currently implemented by several big-name sites is even more invasive.
> we are okay with how smokes and alcohol works right now.
I'm not. Either booze and tobacco need to be made into Schedule I substances, or their regulation needs to become much more lax. But I recognize that my opinion on the topic is considered to be somewhat out-of-the-ordinary.
[0] This might already be the law of the land right now. I haven't bothered to check.
because they dont matter. parental controls exist today but have been deemed ineffective for the age verification conversation, for whatever stupid reason. so we are stuck trying to figure something else out. do i wish we could just use the existing basic parental controls instead of whatever the hell we are going to end up with? obviously!
the easiest "something else" is to piggy-back on existing age-restriction regulations (i.e. smokes, alcohol, gambling) because they have broad (obviously not ubiquitous, but broad) support. we have decades of experience with them.
and, to that end, you create a little token and you show your id to the store clerk to buy it. the "protect the children" people are satisfied (its the same process everything else age-restricted!), and i dont need to send my id to a peter thiel company. it preserves privacy, it re-uses existing laws, it re-uses existing infrastructure, etc.
Consider that such arguments (just like the arguments of Prohibitionists that resulted in the rise to power of Organized Crime) are made in a varied combination of ignorance and bad faith, and that we should loudly reject them in the strongest possible terms.
To be clear, I'm asserting that the claim that preexisting parental controls are insufficient is an argument made in ignorance and bad faith, not your assertion that the argument is being made.
me and you can yell into the void all we want. and i will continue to do so!
but, age verification is already here. so while i continue to yell about how stupid it is, i am also going to propose options that i feel like are less bad than what is being actively rolled out right now.
As I mentioned, what you propose is exactly as useful and protective as what we have now. What we have now has been roundly rejected by the authoritarians pushing this expansion of power and influence. Your time and energy are better spent resisting the expansion, rather than suggesting alternatives that those authoritarians will never accept (and tacitly accepting their premise in the process).
i disagree, for reasons i have already said and for other reasons i havent yet.
but it is clear that we wont end up agreeing, so no need for us to keep going.
No matter what the actual mechanism is, I guarantee they will insist on something like that.
if the goal is "surveil everyone using the internet", yes, very obviously my proposal would not be selected, and you will have to upload your id to various 3rd-party id verifiers.
I'm not sure that's the right answer here, but I think it ticks a lot boxes for the state.
As it is we're seeing companies capture IDs and face scans and it's incredibly invasive relative to the need - "prove your birth year is in range". Getting hung up on unlinkable sessions is missing the forest for the trees.
At this point I think the challenge has less to do with the crypto primitives and more to do with building infrastructure that hides 100% of the complexity of identity validation from users. My state already has a gov't ID that can be added to an apple wallet. Extending that to support proofs about identity without requiring users to unmask huge amounts of personal information would be valuable in its own right.
Your crypto nerd dream is vulnerable to the fact that someone under 18 can just ask someone over 18 to make an account for them. All age verification is broken in this way.
There is a similar problem for people using apps like Ubereats to work illegally by buying an account from someone else. However much verification you put in, you don't know who is pressing the buttons on the screen unless you make the process very invasive.
An 18-year-old creating an account for a 12-year-old is a legal issue, not a service provider issue. How does a gas station keep a 21-year-old from buying beer for a bunch of high school students? Generally they don't, because that's the cops' job. But if they have knowledge that the 21-yo is buying booze for children, they deny custom to the 21-yo. This is simple.
They don't? Teenagers can easily get their hands on alcohol... you just need to know the right person at school who has a cool older brother. If their older brother is really cool they can get weed too!
The police absolutely do not have the time to investigate the crime of making a discord account for someone.
They don't care whether you are 14 or not. They want your biometrics and identification. "Think of the children" is just a pretense.
If you support privacy, you should support antitrust, else we're going to be seeing these same bills again and again and again until parents can effectively protect their children.
This rebuttal to privacy preserving approaches isn't compelling. Websites can split the difference and use privacy preserving techniques when available, and fall back to other methods when the user doesn't have an ID. I'd go further and say websites should be required to prioritize privacy preserving techniques where available.
There is a separate issue of improving access to government ID. I think that is important for reasons outside of age verification. Increasingly voting, banking, etc... already relies on having an ID.
The problem with social media isn't the inherent mixing of children and technology, as if web browsers and phones have some action-at-a-distance force that undermines society; it's the 20 years or so they spent weaponizing their products into an infinite Skinner box. Duck walk Zuckerburg.
This is all assuming good faith interest in "the children," which we cannot assume when what government will gain from this is a total, global surveillance state.
European proponents of "anti-big-tech action" make it pretty explicit - broad discretionary power should be given to executive branch, because otherwise "international corporations" will use "loopholes" (and these "loopholes" are, in practice, explicitly written laws used as intended).
Oh, remember those good old times when alcohol was kids' stuff.......
https://www.theguardian.com/technology/2026/jan/29/internet-...
Do we need laws to make this happen? What methods can be used to aid adoption? Do site operators really want to know the humanness and ages or are those just masks on adding more surveillance?
It's like bankid or myid works in Scandinavian countries.
When you need to identify yourself you are challenged by a 3rd party trusted service.
Making this a age verification should be very easy.
Now the issue of which properties can "ask to verify your age" and "apple now knows what you're looking at" is still an unsolved problem, but maybe that solution can be delivered by something like a one time offline token etc.
But again, this is a very hard problem to solve and I would personally like to not have companies verify age etc.
Practically that means all of them will be imprisoned for life, of course.
They are bothered that you were taught such things and have made sure that your children will never be exposed to such information.
Governments (and a few companies) really want this.
The site guidelines ask users to send those to us at hn@ycombinator.com rather than post about it in the threads, but we always look into such cases when people send them.
It almost invariably turns out to simply be that the community is divided on a topic, and this is usually demonstrable even from the public data (such as comment histories). However, we're not welded to that position—if the data change, we can too.
I do think that HN does a better job than most at containing this (thanks for your hard work).
I don't think that there is any definitive way to prevent or detect this anymore. The number of personnel dedicated to online manipulation has grown too much, and the technology has advanced too far.
These are now discussions that states and oligarchs have interests in, not Juicero or smart skillet astroturfing. And this remains a forum that people use to indicate elite support for their arguments.
All is not lost, though: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
The cynic in me fears they don't want a privacy-preserving solution, which blinds them to 'who'. Because that would satisfy parents worried about their kids and many privacy conscious folks.
Rather, they want a blank check to blackmail or imprison only their opponents.
"Citizens will be on their best behavior, because we’re constantly recording and reporting everything that is going on" - Larry Ellison
(I seem to recall from the context of the quote, he isn't saying this is the future he wants, but it's a future he's not particularly opposed to)
But the real threat is "accidental" database leaks from private websites. Let's say you live in a state where abortion isn't legal, and you sign up for a web forum where people discuss getting out-of-state abortions. As soon as that website is required to collect real names (which it will be), it becomes unusable, because nobody can risk getting doxxed.
When I challenged him on his rhetoric, my comment INSTANTLY disappeared. I thought maybe it was a fluke, so I tried again, and the next comment insta-disappeared also.
Soon thereafter I was locked out of the account and asked to provide a "selfie" to confirm my identity. (I declined.)
This is true of basically any issue discussed on the internet. Saying it must be astroturfing is reductive
How do you know what is "shared talking points" vs "humans learning arguments from others" and simply echoing those? Unless you work at one of the social media platforms, isn't it short of impossible to know what exactly you're looking at?
Interesting. Are you saying all the concerns raised by the proponents of ID verification are invalid and meritless? For example,
1. Foreign influence campaigns
2. Domestic influence campaigns
3. Filtering age-appropriate content
I’m sure there are many other points with various degree of validity.
Instead it would be more appropriate to let sites pass headers, such as "we have adult content", thst you could filter on the network or client side. It's still voluntary, of course. Anyone will just visit sites that don't have the checks if necessary.
In the US, #1 and #2 are invalid and meritless. Wholly and without reservation. One of the huge reasons for the First Amendment is to ensure that people are able to counter lies uttered in the public sphere with truth.
#3 is handled by parental controls that have existed in mainstream OSs for quite some time now. [0][1][2] However, those preexisting parental controls don't justify additional expansion of the power and influence of authoritarians, so here we are.
[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>
[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>
[2] <https://support.google.com/android/answer/16766047?hl=en-rw>
How does digital ID prevents you from speaking out? For example, 2nd amendment requires a lot of hoops in some jurisdictions, which were deemed constitutional, and not violating 2nd amendment. Same with the 1st amendment. You can argue that with digital IDs there will be less privacy and anonymity than before, but it’s a different story.
Moreover, influence campaigns are not about truth or lies, but about making the public loose face on the institutions. A good example of it today is Russia, where the public does not believe that democratic elections are possible at all, in principle.
> #3 is handled by parental controls that have existed in mainstream OSs for quite some time now.
It is not handled perfectly at all, and easily bypassed. To pretend that information access on the internet can be regulated through parental controls is ridiculous.
What? In the US, arguments #1 and #2 are entirely invalid and meritless. As I mentioned:
One of the huge reasons for the First Amendment is to ensure that people are able to counter lies uttered in the public sphere with truth.
> A good example of it today is Russia, where...
We're talking about the US. Many other governments (and governed people) do not agree that freedom of speech is important or even desirable.
> It is not handled perfectly at all, and easily bypassed.
For quite some time now it has been handled at least as well as these new schemes that authoritarians (and those that profit from their actions) are strong-arming companies into preemptively complying with.
> Moreover, influence campaigns are not about truth or lies, but about making the public loose face on the institutions.
If the institution that's being actually damaged by losing face [0] is (or is intimately associated with) one that has spent the last many decades normalizing the replacement of cogent political discussion with Twitter-grade zingers and ragebait, and is now finding it difficult to engage in cogent discussion then, well, they've made the bed they're now forced to lie in. The way out of that bed is sustained, good faith, cogent discussion, rather than building dossiers and the automated infrastructure for information restriction.
But, in truth, most of the folks pushing these systems aren't interested in cogent discussion and are arguing for them in some combination of ignorance and bad faith.
[0] As is often the case in matters like this, I expect the claimed damage is far, far greater than the actual damage.
Is that really evidence of astroturfing? If we're in the middle of an ongoing political debate, it doesn't seem that far fetched for me that people reach similar conclusions. What you're hearing then isn't "astro-turfing" but one coalition, of potentially many.
I often hear people terrified that the government will have a say on what they view online, while being just fine with google doing the same. You can agree or disagree with my assesment, but the point is that hearing that point a bunch doesn't mean it's google astroturfing. It just means there's an ideology out there that thinks it's different (and more opressive seemingly) when governments do it. It means all those people have a similar opinion, probably from reading the same blogs.
But I don't think we need 99.99% confidence -- isn't even acknowledged that 30% of twitter is bots or something? I think it's safe to conclude there's astroturfing on any significant political issue.
Also as far as documented cases, there were documented cases of astroturfing around fracking [1], or pesticides [2]
1. https://journals.sagepub.com/doi/10.1177/2057047320969435 2. https://www.corywatson.com/blog/monsanto-downplay-roundup-ri...
This was before the heyday of influencer culture, so I can only imagine how sophisticated things are nowadays. It’s not always bots.
I recommend the book Trust Me, I’m Lying for a deep but somewhat dated look at the online influence industry.
How do you suppose it is that millions of people, separated by vast geographic distances, somehow all reach similar conclusions all at once?
Related: How do you suppose it is that out of 350-700+ million people (depending on whose numbers you believe), there's always only two "choices" and both of them suck?
In the same way that patriarchy rose amongst them all.
In the same way that a shared currency was deemed necessary.
Escpecially in matters of governance, there is something to be said about how humans like to organise themselves. No country has truly escaped capitalism so far.
> In the same way that they came up with the idea of divine being(s) in the image of man that rule nature.
Thanks to the diligent efforts of the Priesthood, of course, who never cease in their 'education' of humanity as to the 'truth.'
Before the world came under centralized control of the Priesthood, there were many tribes of 'Nephelim'--or no-faith-God-people. (ne-phe-el-im.)
(Nope, it has nothing to do with aliens. Guess who is telling that lie also?)
> In the same way that patriarchy rose amongst them all.
Not among my ancestors the Cherokee. They were a matriarchy. They were wiped out (genocided) by foreigners who were controlled by a paternal Priesthood.
In our own history, we were once ruled by such a priesthood. They were called the Nicotani, or Ani-Kutani. They grew insolent and arrogant and eventually crossed the line when one of them raped a man's wife. They were subsequently exterminated, to the last man.
> In the same way that a shared currency was deemed necessary.
By whom? Who made that decision for you? Is it you who is deciding to get rid of cash and make everything digital too, so that you can be even more easily tracked, controlled, monitored...enslaved?
> Escpecially in matters of governance, there is something to be said about how humans like to organise themselves.
That's just the thing. It's not you organizing yourself.
"Real" user verification is a wet dream to googlr, meta, etc. Its both a ad inflation and a competive roadblock.
The benefits are real: teens are being preyed upon and socially maligned. State actors and businesses alike are responsible.
The technology is not there nor are governments coordinating appropiate digital concerns. Unsurprising because no one trusts gov, but then implicitly trust business?
Yeah, so obviously, its implementation that will just move around harms.
Groups of people who wake up at the same time of the day often have a tendency to be from a similar place, hold similar values and consume similar media.
Just because a bunch of people came to the same conclusion and have had their opinions coalesce around some common ideas, doesn't mean it's astroturfing. There's a noticeable difference between the opinions of HN USA and HN EU as the timezones shift.
Things that didn't seem likely to have broad support previously, now are seen as acceptable. In the 90's no one could envision rounding up immigrants. No one could envision uploading an ID card to use ICQ. No one could envision the concept of DE-naturalization or getting rid of birthright citizenship.
Today, in the US for instance, there are entire new generations of people alive. And many, many people who were alive in the 90's are gone. Well these new people very much can envision these things. And they seem to have stocked the Supreme Court to make all these kinds of things a reality.
All because the rest of us keep dismissing all of this as just harmless extreme positions that no one in society really supports. We have to start fighting things like this with more than, "It's not real."
Things that have broad support now may have that support primarily because of longstanding influence campaigns.
Both the widespread growth in smoking, and its later drop in popularity, are often credited to determined influence campaigns. You are not immune to propaganda!
Both Clinton and Obama deported way more people than Trump.
And Clinton only deported 2 million across his entire 8 years in office. With a laser focus on convicted criminals as part of a war on drugs. (Now the efficacy of the old "War on Drugs" can be argued, but the numbers can't. We have the records.)
I think you're conflating the number of "returns", defined in the 90's as people who were not allowed to enter at the border; and "deportations", defined in the 90's as people who were in the US, and then we put on a plane back out of the US. IE - "Returns" were people who showed up at the border, sea port, airport or border checkpoint; asked to get in, and we said no. Basically, the nice people.
What you mean is that Clinton simply didn't let anyone into the country. This is true. (Again, we have the records. Clinton refused entry to the US more than any president in US history.) He didn't, however, round up immigrants living in the US on this scale and deport them like we're seeing today. People would never have allowed for that.
To put numbers on it, Trump is on year 5, and has already processed more formal removal orders than Clinton did by year 8. Not only that, voluntary removals were near non-existent under Clinton in the 90's. Today, for just this year alone, they sit at around 1.5 million.
You are correct. Further, I suggest that Democrats and Democrat-controlled media cultivate a delusional worldview which allows their supporters to ignore the right-wing brutality consistently and continually imposed by Democrat leaders.
How do you feel about the second Trump admin's nationwide, made-for-TV DHS/ICE siege?
Never take TV seriously.
The key mistake is even watching it in the first place.
"If you don't read the newspaper, you're uninformed. If you do read the newspaper, you're misinformed." - Mark Twain
I love the quote, thanks for sharing.
“To your request of my opinion of the manner in which a newspaper should be conducted, so as to be most useful, I should answer, ‘by restraining it to true facts and sound principles only.’ Yet I fear such a paper would find few subscribers.
It is a melancholy truth, that a suppression of the press could not more completely deprive the nation of its benefits, than is done by its abandoned prostitution to falsehood. Nothing can now be believed which is seen in a newspaper. Truth itself becomes suspicious by being put into that polluted vehicle. The real extent of this state of misinformation is known only to those who are in situations to confront facts within their knowledge with the lies of the day.
I really look with commiseration over the great body of my fellow citizens, who, reading newspapers, live and die in the belief that they have known something of what has been passing in the world in their time; whereas the accounts they have read in newspapers are just as true a history of any other period of the world as of the present, except that the real names of the day are affixed to their fables.
General facts may indeed be collected from them, such as that Europe is now at war, that Bonaparte has been a successful warrior, that he has subjected a great portion of Europe to his will, etc., etc.; but no details can be relied on.
I will add, that the man who never looks into a newspaper is better informed than he who reads them; inasmuch as he who knows nothing is nearer to truth than he whose mind is filled with falsehoods and errors. He who reads nothing will still learn the great facts, and the details are all false.”
- Thomas Jefferson
- Governments benefit from easier monitoring and enforcement.
- The advertising industry prefers verified identities for better targeting.
- Social media companies gain more reliable data and engagement.
- Online shopping companies can reduce fraud and increase tracking.
- Many SaaS companies would also welcome stronger identity verification.
In short, anonymity is not very profitable, and governments often favor identification because it increases oversight and control.
Of course, this leads to political debate. Some point out that voting often does not require ID, while accessing online services does. The usual argument is that voting is a constitutional right. However, one could argue that access to the internet has become a fundamental part of modern life as well. It may not be explicitly written into the Constitution, but in practice it functions as an essential right in today’s society.
Realizing that much of the internet is totally toxic to children now and should have a means of keeping them out is distinct from agreeing to upload ID to everything.
A better implementation would be to have a device/login level parental control setting that passed age restriction signals via browsers and App Stores. This is both a simpler design and privacy friendly.
At least here in US: Google/Apple device controls allow app to request whether user meets age requirements. Not the actual age, just that the age is within the acceptable range. If so, let through, if not, can't proceed through door.
I know I am oversimplifying.
But I like this approach vs. uploading an ID to TikTok. Lesser of many evils?
parents need to start parenting by taking responsibility on what their kids are doing, and government should start governing with regulations on ad tech, addictive social media platforms, instead of using easily hackable platforms for de anonymization, which in turn enable mass identity theft.
No, I think both ideas are bad.
"use a token from the device so the ID never leaves, this is way better right!"
This is the true objective. They actually want DEVICE based ID.
I want LESS things that are tied to me financially and legally to be stolen when(not if) these services and my device are compromised.
I also think the FUD they've succeeded in creating around the use of LLMs for code generation (there's a portion of the management class that seems to genuinely believe that Claude Code is AGI) is the greatest marketing operation of our lifetimes.
1. Automatic shaping of online community discussions (social media, bots, etc)
2. Automatic datamining, manipulating and reacting to all digitally communicated conversations (think dropping calls or MITM manipulation of conversations between organizers of a rival poltical party in swing districts proir to an election, etc. CointelPro as a service)
3. Giving users a new UI (speech) with which they can communicate with computer applications
Its not unreasonable to assume that he would seek to automate his bullshit.
See here for some examples:
https://www.techdirt.com/2022/08/26/who-would-benefit-from-c...
https://www.michaelgeist.ca/2025/10/senate-bill-would-grant-...
That being said, this is a 1 bit information, adult in current legislation yes/no.
I consider it a huge success of the Internet architects that we were able to create a protocol and online culture resilient for over 3 decades to this legacy meatspace nonsense.
> That being said, this is a 1 bit information, adult in current legislation yes/no.
If that's all it would take to satisfy legislatures forever, and the implementation was left up to the browser (`return 1`) I'd be all for it. Unfortunately the political interests here want way more than that.
From what I’ve seen, most of the pro-ID commenters are coming from positions where they assume ID checks will only apply to other people, not them. They want services they don’t use like TikTok and Facebook to become strict, but they have their own definitions of social media that exclude platforms they use like Discord and Hacker News. When the ID checks arrive and impact them they’re outraged.
Regulation for thee, not for me.
So we should probably get ahead of this debate and push for good ways to do part-of-identity-checks. Because I don't see any good way to avoid them.
We could potentially do ID checks that only show exactly what the receiver needs to know and nothing else.
A stronger statement: we know how to build zero-knowledge proofs over government-issued identification, cf. https://zkpassport.id/
The services that use these proofs then need to implement that only one device can be logged in with a given identity at a time, plus some basic rate limiting on logins, and the problem is solved.
The challenge here though is to prove to the user, especially without forcing the user to go into technical details, that it is indeed private and isn't giving away details.
The user needs to be able to sandbox an app like that and have full control of its communications.
This is still the case. The difference now is that the astroturfed bot accounts are pushing for fascism (I.E., the second problem).
I think a lot of the younger generation supports it, actually. They didn't really grow up with a culture of internet anonymity and some degree of privacy.
So people are kind of primed for "makes sense to keep kids from these attention driven platforms"
But I think the average person isn't understanding the implications of the facial/id scanning.
Actually, yes, it seems to have shifted quite a bit. As far as I can tell, it seems correlated with the amount of mis/disinformation on the web, and acceptance of more fringe views, that seems to make one group more vocal about wanting to ensure only "real people" share what they think on the internet, and a sub-section of that group wanting to enforce this "real name" policy too.
It in itself used to be fringe, but really been catching on in mainstream circles, where people tend to ask themselves "But I don't have anything to hide, and I already use my real name, why cannot everyone do so too?"
It's never fucking safety, or protecting children, or preventing fraud, or preventing terrorism, or preventing drugs or money laundering or gang activities. It's always, 100% of the time, inevitably, without exception, a tool used by petty bureaucrats and power hungry politicians to exert power and control over the citizens they are supposed to represent.
They might use it on a couple of token examples for propaganda purposes, but if you look throughout the world where laws like this are implemented, authoritarian countries and western "democracies" alike, these laws are used to control locals. It's almost refreshingly straightforward and honest when a country just does the authoritarian things, instead of doing all the weaselly mental gymnastics to justify their power grabs.
People who support this are ignorant or ideologically aligned with authoritarianism. There's no middle ground; anonymity and privacy are liberty and freedom. If you can't have the former you won't have the latter.
Do you think strip clubs and bars should stop IDing people at the door? I don't. Why should porn sites be any different?
The principle of online ID checks is completely sound; the implementation is not.
This would be impractical in meatspace, but works perfectly fine on the internet.
The data stays with them[1].
I think you grossly underplay the current practices.
[1] there's no hard, irrefutable proof companies like Persona (intimately connected with known law abusers, ie US government) keep their promises or obey the law.
[edit] I did a little reading and it sounds like the company does not query the government with your ID. You get the cryptographic ID from the government, and present it to a company who is able to verify its validity directly. My source is mostly this: https://www.eff.org/deeplinks/2025/04/age-verification-europ...
That sort information can permanently destroy peoples lives.
The average tech literate person keep seeing their data breached over and over again. Not because THEY did anything wrong, but because these Corpos can't help themselves. No matter how well the tech literate person secures their privacy it has become clear that some Corpo will eventually release everything in an "accident" that causes their efforts to become meaningless.
After a while it's only human for fatigue to build up. You can't stop your information from getting out there. And once it's out there it's out there forever.
Meanwhile every Corpo out there in tech is deliberately creating ways to track you and extract your personal information. Taking steps to secure your information ironically just makes you stand out more and narrows the pool you're in to make it easier to find you and your information. And again you're always just one "bug" from having it all be for nothing.
I still take some steps to secure my privacy, I'm not out there shouting my social security information or real name. But that's habit. I no longer believe that privacy exists.
To the extent we ever had it in the past was simply the insurmountable restrictions on tracking and pooling the information into some kind of organization and easy lookup. Now that it is easier and easier to build profiles on mass numbers of people and to organize those and rank them the illusion is gone. Privacy is dead. Murdered.
And people are tired of pretending otherwise.
HN has largely shifted away from tech literacy and towards business literacy in recent years.
Needless to say that an internet where every user's real identity is easily verifiable at all times is very beneficial for most businesses, so it's natural to see that stance here.
HN comments sentiment seems to shift over the age of the thread and time of day.
My suspicion is that the initial comments are from people in the immediate social circle of the poster. They share IRC or Slack or Discord or some other community which is likely to be engaged and have already formed strong opinions. Then if the story gains traction and reaches the front page a more diverse and thoughtful group weighs in. Finally the story moves to EU or US and gets a whole new fresh take.
I’m not surprised that people who support something are the ones most tuned in to the discussion because for anyone opposed they also have their own unrelated thing they care about. So the supporters will be first since they’re the originators.
These are not the same people from 30 years ago. The new generation has come to love big brother. All it took to sell their soul was karma points.
I dont think they want to figure it out. They think the internet should be stagnant unchanging and eternal as it currently exists because it makes the most money. If you disagree you're either a normie, bot, or need to parent harder or something. There is nothing you can do don't dare try to change it.
The short version is that voters want government to bring tech to heel.
From what I see, people are tired of tech, social media, and enshittified apps. AI hype, talk of the singularity, and fears about job loss have pushed things well past grim.
Recent social media bans indicate how far voter tolerance for control and regulation has shifted.
This is problematic because government is also looking for reasons to do so. Partly because big tech is simply dominant, and partly because governments are trending toward authoritarianism.
The solution would have been research that helped create targeted and effective policy. Unfortunately, tech (especially social media) is naturally hostile to research that may paint its work as unhealthy or harmful.
Tech firms are burned by exposés, user apathy, and a desire to keep getting paid.
The lack of open research and access to data blocks the creation of knowledge and empirical evidence, which are the cornerstones of nuanced, narrowly tailored policy.
The only things left on the table are blunt instruments, such as age verification.
Cui bono?
Yes.
Or more honestly, there was always an undercurrent of paternalistic thought and tech regulation from the Columbine Massacre days [0] to today.
Also for those of us who are younger (below 35) we grew up in an era where anonymized cyberbullying was normalized [1] and amongst whom support for regulating social media and the internet is stronger [2].
The reality is, younger Americans on both sides of the aisle now support a more expansive government, but for their party.
There is a second order impact of course, but most Americans (younger and older) don't realize that, and frankly, using the same kind of rhetoric from the Assange/Wikileaks, SOPA, and the GPG days just doesn't resonate and is out of touch.
Gen X Techno-libertarianism isn't counterculture anymore, it's the status quo. And the modern "tech-literate" uses GitHub, LinkedIn, Venmo, Discord, TikTok, Netflix, and other services that are already attached to their identity.
[0] - https://www.nytimes.com/1999/05/02/weekinreview/the-nation-a...
[1] - https://www.nytimes.com/2013/09/14/us/suicide-of-girl-after-...
[2] - https://www.washingtonpost.com/politics/2022/06/09/why-young...
This is how you sound to me.
Why did you put "privacy" in scare quotes?
there is a lot you can do to determine a person’s age without ever having to see a formal ID.
I still haven't read any truly compelling argument, why this type of surveillance is actually effective and proportionate.
This conflicts with my concerns about government crackdowns and the importance of anonymity when discussing topics that cover people who have a monopoly on violence and a tendency to use it.
So it's not entirely a black/white discussion to me.
The underlying internet should remain anonymous. People should remain able to communicate anonymously with consenting parties, send private DMs and create private group chats, and create their own service with their own form of identity verification.
* All big services are unlikely to require ID without laws, because any that does not will get refugees, or if all big services collaborate, a new service will get all refugees.
I mean, this is _literally the only thing needed_ for the Trump admin to tie real names to people criticizing $whatever. Does anyone want that? Replace "Trump" with "Biden", "AOC", "Newsom", etc. if they're the ones you disagree with.
Stop trying to reason with fascists.
Everyone in the world knows that the Democrats you named are too ideologically aligned with right-wing hatred to ever leverage the repressive power of the state apparatus in the same way Republicans do.
I've seen people post appalling shit on fuckin LinkedIn under their own names.
Strong moderation keeps Internet spaces from devolving into cesspools. People themselves have no shame.
Real name moderator is a fallacy.
Tons of data also showing higher suicide rates, depression rates, eating disorders etc. so it's not as if there is no good side to this.
Here is the data:
https://www.cdc.gov/mmwr/volumes/66/wr/mm6630a6.htm
and the more recent data:
https://afsp.org/suicide-statistics/
I was a child of the 90's, where the numbers were higher, where we had peak PMRC.
> depression rates
Have these changed? Or have we changed the criteria for what qualifies as "depression"? We keep changing how we collect data, and then dont renormalized when that collection skews the stats. This is another case of it, honestly.
> eating disorders
Any sort of accurate data collection here is a recent development:
https://pmc.ncbi.nlm.nih.gov/articles/PMC7575017/
> never ending cat and mouse game with my kids (especially my son)
Having lived this with my own, I get it. Kids are gonna be kids, and they are going to break the rules and push limits. When I think back to the things I did as a kid at their age, they are candidly doing MUCH better than I, or my peer group was. Drug use, Drinking, ( https://usafacts.org/articles/is-teen-drug-and-alcohol-use-d... ) teen pregnancy are all down ( https://www.congress.gov/crs-product/R45184 )
When you’re older and have children—especially preteens and teenagers—you want those barriers up, because you’ve seen just how fucked up some children can get after overexposure to unhealthy materials and people who want to exploit or harm them.
It’s a matter of perspective and experience. As adults age, their natural curiosity evolves into a desire to protect their children from harm.
I presume you prefer hard requirement of IDs.
I'm saying this will make kids go to i2p, tor, to the obscure fora in countries not giving a f* about western laws.
As a parent to the teens and teens, THIS makes me concerned. The best vpns are very hard to detect (I know, I try it myself).
Some will, but most won't. Similarly, most kids who are dissuaded from buying alcohol because they don't have ID are not going to break the law to get it, or switch to hard drugs as an alternative.
You can't let perfect be the enemy of better.
And you don't mind that freedoms of all of us would be restricted as a result?
And then, we keep blaming boomers for those restrictions.
Usually the people who say things like that really just want to restrict everyone's freedoms. Everything else is just bluster.
You may be failing to comprehend the concept of "freedom".
I'll get my simpleminded ass out of here leave this discussion to the scientists.
If you think only "political scientists and lawyers" have to decide what a freedom is, you have quite a totalitarian mindset.
If you have some arguments, pray tell. "I'm the smartest guy here" is not an argument. It's just something an NPC would say when they run out of arguments.
PS: This is not ad hominem. It's a dismissal of your claim of authority.
They've been deciding what "freedom" is for a long time (even deciding what constitutional rights are, on occasion, see ATF bureaucrats constantly publishing and changing rules re-deciding what constitutional restraints they think there are on the 2A).
Of course, these "scientist and lawyers" know they have this power, and are so seeped in it, they occasionally forget when they step out of the ivory tower that the plebs (and indeed, the foundational ideals USA was built on written by those such as Locke) usually either disagree with it or aren't aware that much of the USA functions under "credentialism/technocrat makes right" and the scientist and the lawyer as the arbiter of freedom.
This feels like one of those moments when the technocrats forget that they've shed the thin façade they hide behind.
As for "freedoms," you're not free to vote or drink alcohol below a certain age. And before the internet, minors couldn't purchase pornography, either. Some people perceive this change as a return to normal, not an egregious destruction of freedom.
I am not talking about pornography or alcohol at all.
I hope you are aware that requiring an ID to surf the internet leads to total censoring and self-censoring of the complete internet. There goes your privacy, anonymity, and right to free speech.
If your country's regime really wanted to address pornography or alcohol, I'm pretty sure they would be able to shut it down without requiring everyone's identity. The issue is, they are just using these topics to manipulate people, and you are failing to that trap.
Who's proposing this? I don't want to argue over a straw man.
They are talking about it in the context of "high risk" services and social media, but not the Internet as such.
I think the solution we really need is age verification for table saws. Of course, it goes without saying that the saw should also monitor the user's cuts to make sure they're connected with the right national suppliers who can supply material to meet their needs, and to ensure that you aren't using the saw to cut any inappropriate materials from unregistered sources.
The door is over there. Take the baby out with the bathwater as you leave. -->
You mean that you shirk your responsibility to teach your child how to protect themself on the Internet, and instead trust the faceless corp to limit their access at the cost of everyone's privacy? How does this make sense...
Heck, you can't even obtain housing -- which is an essential service -- without having to provide identity in most cases.
What remains to be seen is if the outcome of teenagers becoming social pariahs is really worse than the alternatives.
Aside from the privacy concerns, all this age verification tech seems incredibly complicated and expensive.
A service provider of adult content now cannot serve a child, regardless of the involvement or lack thereof of a parent.
I could generate my own key, have the government blind sign it upon verifying my identity, and then use my key to prove I'm an adult citizen, without anyone (even the signing government) know which key is mine.
Any veryfying entity just need to know the government public key and check it signed my key.
If the identity check was blind it wouldn't actually be an identity check. It would be "this person has access to an adult identity".
If there is truly no logging or centralization, there is no limit on how many times a single ID could be used.
So all it takes is one of those adult blind signatures to be leaked online and all the kids use it to verify their accounts. It's a blind process, so there's no way to see if it's happening.
Even if there was a block list, you would get older siblings doing it for all of their younger siblings' friends because there is no consequence. Or kids stealing their parents' signature and using it for all of their friends.
A signed key is still unique.
- You can still check that user 1 and user 2 don't use the same key.
- You can still issue a challenge to the user every 10 days to make sure he has indeed access to his key and not just borrowed it.
- You can still enforce TPM use of said keys, so that they cannot be extracted or distributed online, but require a physical ID card.
- You can still do whatever revocation system you want for the cases when a key is stolen or lost.
Really the "blind" nature of the signature changes nothing to what you would normally do with a PKI.
If the site you send your information to gets a uniquely identifying piece of information, that's not blind to your identity.
> - You can still check that user 1 and user 2 don't use the same key.
The systems described elsewhere in the thread give people a set of signatures that can't be traced back to their source.
Because one could argue that the government could keep track of the keys they give away.
That is where blind signing is interesting. The government can sign _your_ key without knowing it.
to a lot of people it never sat well that people could just go online and say whatever they want, and communicate with each other unsupervised at large scale, and be effectively untargetable while doing so - that model of the internet was only allowed because it happened under the radar and those uncomfortable with it have been fighting it since they got the memo
The reason you don’t see it in policy discussion from the officials pushing these laws is because removal of anonymity is the point. It’s nit about protecting kids, it never was. It’s about surveillance and a chilling effect on speech.
LOL.
Of course these technologies keep existing, and you end up with the worst, most wretched people implementing them, and we're all worse off. Concretely, few people are working on ZKPs for age verification because the hive mind of "good people" who know what ZKPs are make working on age verification social anathema.
You are not building a parental filter. You are building rails.
"Protect the children" is the canonical playbook for every surveillance expansion since forever. The children get protected for six months. The infrastructure stays forever.
Maybe TBL is right and we need a new internet? I don’t have the answer here, but this one is too commercialized and these companies are very hawkish.
Obvious flaws are OK. I absolutely hate the Nirvana fallacy that you people think is acceptable here, while hundreds of millions of kids suffer from serious developmental issues, as reported left and right by all kinds of organizations and governments themselves.
That's the whole point, right? A pretense to remove any remaining anonymity from communications?
Governments are endlessly infested with the worst people. They look back at historical attempts at totalitarianism and think to themselves, "Let's facilitate something like that, but worse".
Big tech don't have wait for an outright government ban when they can just say that we are a teen-only site by default and everyone have to verify if they are over 18 or not. This age verification will affect everyone no matter what.
Liquor stores, bars, strip clubs, adult bookstores, or similar businesses don't let kids in. Movie theatres don't let a 10 year old in to an R-rated movie. The tech industry ignored their social responsibility to keep kids away from adult and age-inappropriate content. Now, they are facing legal requirements to do so. Tough for them, but they could have been more proactive.
Yup.
I think most people are aligned here, and that an internet without identification is inevitable whether we like it or not.
Identification fixes nothing here, you log with your account, plug in the AI.
The problems with social media have nothing to do with ID and everything to do with godawful incentives, the argument seems to be that it's a large price to pay but that it's worth it. Worth it for what? The end result is absolutely terrible either way
Why? Like, what makes you think that?
While I am not against internet ID, there is a case to be made for social media for the harms they are causing.
It's amazing how there is a much larger crowd, of completely real people, who approve of the government, than those nasty dissenters. We know they're real people because we trust the government vouching for its own IDs.
And because of the real ID policy, the government can also ask the social media company for the ID used by opposed posters, and find out where they live and "visit" them, maybe "warn" them.
Hooray for democracy!
2) Your point is valid. I too want to know whether I am engaging with a bot or a person. This is impossible now and it will be impossible once ID check becomes ubiquitous.
3) I will be happy to see (or not) a blue checkmark by the profile name. Just like in Twitter. That's enough.
Look at the facebook real name policy.
But beyond that we can look at places similar things have been rolled out.
Facebook has a real name policy and is overflowing with fraudsters and ai slop
Although I can't figure out how to sign up for a second telegram account with their phone number restriction that hasn't stopped multiple scammers hitting me up every day on the service.
On YouTube, their demographics has ladies in their 30s watching nursery rhyme videos by the millions because mothers give their children their phone.
On social media, scammers tend to take over the accounts of dead people because the deceased don't update their passwords after a data breach. Your ID card policy, however strict, isn't going to stop the most common attack vector
So I don't know what you're trying to solve with id checks: parents hand their logged in devices to their children, scammers raid the accounts of the verified dead, existing systems clearly aren't working and strictly enforcing ineffective security theater isn't going to change this
I'm all for empathizing with the concerns but doing something that doesn't work isn't a solution
Like everything else in society, there are tradeoffs here, I'm much more concerned with the damage done to children's developing brains than I am to violations of data privacy, so I'm okay with age verification, however draconian it may be.
Our middle child (aged 12) has an Android phone, but it has Family Link on it.
Nominally he gets 60 mins of phone time per day, but he rarely even comes close to that, according to Family Link he used it for a total of 17 minutes yesterday. One comes to the conclusion that with no social media apps, the phone just isn't that attractive.
He seems to spend most of his spare time reading or playing sports...
Just one of the many joys of parenting :)
If it's a concern, parents can prevent or limit their children's use. If all this were being done to prevent consistent successful terrorist attacks in the US with tens of thousands of annual casualties, I'd say okay maybe there is an unavoidable trade-off that must be made here, but this is so absurd.
No we do not.
>I don’t want to live in a world where the average person unknowingly interacts with bots more than other individuals and where black market actors can sway public opinion with armies of bots.
That is not the argument for identification on many places on the internet. It's not even the argument that the gov reps pushing it typically make. And why would it be. The companies that go along with all this don't want to get rid of all bots and public opinion campaigns. They make money off of many of those.
At any point they can tell a real human what they can and can't say, and if they go against their masters, their "real human" status is revoked, because you trust the platform and not the person.
If we want to go full conspiritard, we could accuse those of wanting to control speech to be the financial backers of those flooding social media with AI slop: https://www.youtube.com/watch?v=-gGLvg0n-uY -- this fictional video thematically marries Metal Gear Solid 2's plot with current events: "perfect AI speech, audio and video synthesis will drown out reality [...] That is when we will present our solution: mandatory digital identity verification for all humans at all times"
The various government actions trying to force "robust" age verification on the internet are being woefully naive in trusting other internet companies and letting them skirt existing laws on data protection.
That's not even mentioning other factions whose real goal is in shutting down legal speech that doesn't meet their Christian agenda: https://theintercept.com/2024/08/16/project-2025-russ-vought...
You are being a useful idiot, sorry. Your weakness is what politicians exploit when they say "think of the children", you fail to see the amoral power-grabs hiding beneath their professed sentiment.
I don't want you encouraging people to demand my identity because you trust "authorities" taking yours
Why don't we have PKI built in to our birth certificates and drivers licenses? Why hasn't a group of engineers and experts formed a consortium to try and solve this problem in the least draconian and most privacy friendly way possible?
Plus what you're asking would require international id verification for everyone, which would first mostly make those IDs a lot cheaper. But there's a second negative effect. The organizations issuing those IDs, governments, are the ones making the bot armies. Just try to discuss anything about Russia, or how bad some specific decision of the Chinese CCP is. Or, if you're so inclined: think about how having this in the US would mean Trump would be authorizing bot armies.
This exists within China, by the way, and I guarantee you: it did not result in honest online discussion about goods, services or politics. Anonymity is required.
Of course we hate child abuse.
Of course we hate criminals.
Of course we hate social media addicting our kids.
But they’re just used as emotional framing for the true underlying desire: government surveillance.
(For the record: I am not into conspiracy theories; the EU has seen proposals for - imho technically impossible - “legally-breakable encryption” alone in 2020, 2022, and 2025; now we”ll also see repeated attempts at the “age verification” thing to force all adults to upload their IDs to ‘secure’ web portals)
To be clear, tackling the issue of child access to the internet is a valuable goal. Unfortunately, "well what if there was a magic amulet that held the truth of the user's age and we could talk to it" is not a worthwhile path to explore. Just off the top of my head:
1. In an age of data leaks, identity theft, and phishing, we are training users to constantly present their ID, and critically for things as low stakes as facebook. It would be one thing if we were training people to show their ID JUST for filing taxes online or something (still not great, but at least conveys the sensitivity of the information they are releasing), but no, we are saying that the "correct future" is handing this information out for Farmville (and we can expect its requirement to expand over time of course). It doesn't matter if it happens at the OS level or the web page level -- they are identical as far as phishing is concerned. You spoof the UI that the OS would bring up to scan your face or ID or whatever, and everyone is trained to just grant the information, just like we're all used to just hitting "OK" and don't bother reading dialogs anymore.
2. This is a mess for the ~1 billion people on earth that don't have a government ID. This is a huge setback to populations we should be trying to get online. Now all of a sudden your usage of the internet is dependent on your country having an advanced enough system of government ID? Seems like a great way for tech companies to gain leverage over smaller third world companies by controlling their access to the internet to implementing support for their government documents. Also seems like a great way to lock open source out of serious operating system development if it now requires relationships with all the countries in the world. If you think this is "just" a problem of getting IDs into everyone's hands, remember that it a common practice to take foreign worker's passports and IDs away from them in order to hold them effectively hostage. The internet was previously a powerful outlet for working around this, and would now instead assist this practice.
3. Short of implementing HDCP-style hardware attestation (which more or less locks in the current players indefinitely), this will be trivially circumvented by the parties you're attempting to help, much like DRM was.
Again, the issues that these systems are attempting to address are valid, I am not saying otherwise. These issues are also hard. The temptation to just have an oracle gate-checker is tempting, I know. But we've seen time and again that this just (at best) creates a lot of work and doesn't actually solve the problem. Look no further than cookie banners -- nothing has changed from a data collection perspective, it's just created a "cookie banner expert" industry and possibly made users more indifferent to data collection as a knee-jerk reaction to the UX decay banners have created on the internet as a whole. Let's not 10 years from now laugh about how any sufficiently motivated teenager can scan their parent's phone while they're asleep, or pay some deadbeat 18 year-old to use their ID, and bypass any verification system, while simulateneously furthering the stranglehold large corporations have over the internet.
1) Person signs up with discord with fake name and fake email.
2) Discord asks (state system) for an age validation.
3) In pop up window, state validates the persons age with ID matching with face recognition.
3) State system sends token to discord with yes or no with zero data retention in the state records.
4) Discord takes action on the account.
What is so hard about this?
Your system seems to address none of the issues I listed. For example, I argue that one difficulty is in the fact that these systems would be highly phishable -- a property that is present in your described "easy" solution. Your system trains users to become accustomed to being pestered by pop up windows that ask to see their ID and use their camera. Congrats, I can now trivially make a pop up a window that looks like this UI and use it to steal your info, as the user will just respond on auto-drive, as we have repeatedly shown both in user studies and in our own lived experiences. I also explained how a system like this would assist in the practice of trapping migrant workers by confiscating their government credentials [1]. This is a huge problem today in Asia, and one of the few outlets captive workers can use to escape this control is the internet -- a "loophole" your system would dutifully close for these corporations.
I am happy to have a discussion about this -- it's how we come up with new solutions! But that requires reading and responding to the concerns I brought up, not assuming that my issue is that I can't imagine implementing a glorified OAuth login flow.
1. There's tons of articles about this, here is one of the first ones that comes up on Google: https://www.amnesty.org/en/latest/news/2025/05/saudi-arabia-...
Well this is true of all of the internet, yes?
https://bankingjournal.aba.com/2025/08/report-financial-inst...
https://www.cyberdefensemagazine.com/the-rise-in-phishing-sc...
Your example about migrant workers is not an internet problem, it is a government problem. And a capitalism problem. I mean migrant workers? Why do these workers need to migrate? Usually because the U.S. has probably decimated their country.
But never mind, I agree that this is an unsolvable problem, not from lack of capability, but because we are ruled by sociopaths and most humans have been hacked by their addiction pathways. And I do not care about Saudi Arabia or Asia because I do not live there. And I do not care if they block all of the internet. We do not need it for anything, even less so for organizing.
Maybe we should just leave the internet, which is only a capitalist and government collusion to make people spend money. All the internet did was concentrate power to a few oligarchs. For everything good that the internet has provided I can show you ten things that are not only bad, but 1000 times worse, like monkey torture video sharing.
If I had kids today they would not even use the internet until they were out of my care. I only have six accounts on the internet. Including HN. I do not view porn, gamble, have any social media, and in fact I am trying to became un-homeless so I can go back to a flip phone.
IMHO, the answer is not a fee internet, the answer is leaving the internet. But it seems you made and make a nice living at all of this so I see what a sacrifice that would be for you. You are probably part of the reason I am homeless today, with the separation for wealth and all that. I see that you dnated to a bunch of neoliberal types and that fits. Seems you had over $17,000 to give to politicians. That is more than I survive on for a year. I mean, you do not need to do any work at all today. You could retire right now.
Sorry for the unrelated rant, but needed to get that off my chest for myself. Just tired of wealthy people trying to perfect a horrible system and technology that keeps making them money. You pretend like you care about the poor, like the migrant worker, but that is just laughable. If you did you would be against capitalism. You would give up all you own and follow Christ or Buddha or whatever. I mean you got $20 million and what did you do? You started making addictive games. And then you donate to these neoliberals who are no different than the neoconservatives.
Love, a old homeless guy who left Cisco in 1999 because he saw where all of this was going and who is currently sitting in a hotel he cannot afford because the 2002 minivan he lives in just lost its water pump.
> I mean you got $20 million and what did you do? You started making addictive games.
I refrained from responding to the rest since it seems that there is a deeper issue, but I could not help setting the record straight here. I think everyone who has ever played Bonsai Slice will firmly attest to it being the opposite of addicting. My parents never let me own a game console so I never really wrapped my head around games, and made exactly the kind of game someone like that would come up with: a deep tech exploration, to hopefully make progress on two problems that were plaguing me at the time: 1) how little mobile UI had seemed to progress (instead getting stuck in one-tap local maxima), and 2) building an app that is generally considered to be the worst candidate for a pure immutable language... in a pure immutable language in order to serve as a forcing function to surface new ideas in the space. I've always believed that if you wanted to make a general purpose programming language, you should probably try to have as much varied experience as possible, or otherwise you'll end up with a domain-specific language that is misused for every other domain (this is how I would describe most programming languages. In fact, I'd say most programming languages are written for the niche use case of writing a compiler, since they are written by compiler writers. Ironic that that is the last thing most get used for.). As such, I made a decision to start actually writing a wide variety of apps.
Age verification is a good thing. Giving children unrestricted access to hardcore pornography is bad for them. Whatever arguments you want to make, fundamentally this is true.
This puts more onus on parents and guardians to ensure their child's devices are set up correctly. The system wouldn't be perfect and people using something like Gentoo would be able to work around it, but I think it helps address the concerns. A framework would need to be created for content providers to enforce their own rating system but I don't think it's an impossible task. It obviously wouldn't cover someone not rating content operating out of Romania, but should be part of the accepted risk on an open internet.
Personally I do agree with the "do nothing" stance, but I don't think it's going to hold up among the wider public. The die is cast and far too many average people are supporting moves like this. So the first defense should be to steer that conversation in a better way instead of stonewalling.
Basically, kids can sign up for an account triggering a notification to parents. The parent either approves or rejects the sign in. Parents can revoke on demand. See kids login usage to various apps/services. Gets parental restrictions in the login flow without making it a PITA.
Just make Google/Apple reveal part of that data (age > x years) to websites and apps.
Boom, done. Privacy guarded. Easy.
This is the internet.
Among those who were very familiar with it, the smartest money never started doing things like that.
PS = pr0n site
AV = age verification site (conforming to age-1 spec and certified)
PS: Send user to AV with generated token
AV: Browser arrives with POST data from PS with generated token
AV: AV specific flow to verify age - may capturing images/token in a database. May be instant or take days
AV: Confirms age, provides link back to original PS
PS: Requests AV/status response payload:
{
"age": 21,
"status": "final"
}
I don't know if this is already the flow, but I suspect AV is sending name, address, etc... All stuff that isn't needed if AV is a certified vendor.
A better solution would be a simple "minor" flag that is only included on the devices of minors. No third party verification required for adults.
And either way, none of that requires de-anonymizing literally everyone on the internet. I'd be more than happy to see governments provide cryptographically secure digital ID and so that sites can self-select to start requiring this digital ID to make moderation easier.
Announcement: https://blog.google/innovation-and-ai/technology/safety-secu...
Library: https://github.com/google/longfellow-zk
Paper: https://eprint.iacr.org/2024/2010
Afterwards, folks from ISRG produced an independent implementation https://github.com/abetterinternet/zk-cred-longfellow with our blessing and occasional help. I don't know if the authors would call it "production ready" yet, but it is at least code complete, fast enough, and interoperable with ours.
Once you are verified, you just flip a bit "verified" in the database and delete all identification data.
No reason to store the data indefinitely
politicians are interested in it because they're begging for some way to censor the internet, which would actually be even worse for parenting because now it prevents children from ever learning to be responsible with these highly addictive platforms
That being said nothing about these laws is about protecting children; their primary purpose is to crack down on the next Just Stop Oil or Palestine Action so for that reason should be opposed.
Uh. I could check in the back of my parents' closet (hidden under some fabric) for at least a decade's worth of dirty magazines. It's true that that's less than a lifetime's worth of pictures and articles, but I'd say that that's effectively equivalent.
> That can't be healthy.
The only thing that's unhealthy is not being able to talk frankly and honestly about sex and sexuality with your peers, parents, and other important adults in your life. Well, that and never being told that sex leads to pregnancy, or how to recognize common STDs... but you're likely to get that "for free" if you're able to talk frankly and honestly about sex and sexuality.
For you'll need to be accounted while they do the counting.
Instead of requiring IDs, we should let parents manage what their children do online.
Governments recycle "Think of the children" mantra and they are again after terrorists and bad guys.
We should focus on teaching parents how to educate their children properly, and teach children how to safely browse the internet and how to avoid common scams and pitfalls.
I played Roblox when I was a teenager and all the time my aunt told me to be careful of who I talked to online, as they could be a pedo. Even though there wasn't a constant monitoring from my parents or family, her words were repeated many times that I actually thought 5 times before sharing any kind of personal information online, back then.
The pain in trying to set up fortnite and minecraft online as parents is unsummounted, involving creating half a dozen accounts with different companies just to get some form of control. Far easier to just give them an adult account.
The process to create a child account should be seamless and no harder than creating an adult account.
nope, they are going after dissenters, not bad guys. It's how it always ends up.
and if you have internet access without paying, that means someone else is legally responsible for your access
"problem solved" ?
I'm not for these draconian age verification nonsense, but this isn't a valid argument.
This is the way it works with e.g. alcohol and cigarettes, most places. Famously kids can just get a beer from a random fridge and chug it, but someone 16/18/21+ will be responsible and everyone seems mostly fine with this.
I regularly talk to other parents at the school gates who have no idea that permissions on mobiles even exist, let alone that they can choose what they let each app have access to.
The general public people just dont care.
(fwiw I regularly talk to parents who are quite aware of various parental controls and use them effectively, combined with talking to their kids and just general good parenting practices)
Is it bypassable by a sufficiently determined child? Yes, but so it is the current age verification nonsense.
No, that's not the case.
just like you already are responsible for what happens on your free public network (torrenting, hacking, CSAM, etc.) in most jurisdictions
(for what its worth, i think age verification is dumb. but it looks like we're getting it one way or the other)
It cannot be a friction-less experience. Allowing children to see gore and extreme porn at a young age is not healthy. And then we have all the "trading" platforms (gambling).
Even though my brothers were able to get many hard drugs when I was young, around 1977, there was a lot of friction. Finding a dealer, trusting them, etc. Some bars would not card us but even then there was risk and sometimes they got caught. In NY we could buy cigarettes, no friction, and the one drug I took when I was young, addicted to them at 16, finally quitting for good at 20. I could have used some friction there.
So how do we create friction? Maybe hold the parents liable? They are doing this with guns right now, big trial is just finishing and it looks like a father who gave his kid an ak47 at 13 is about to go to jail.
I would like to see a state ID program when the ID is just verified by the State ID system. This way nothing needs to be sent to any private party. Sites like Discord could just get a OK signal from the state system. They could use facial recognition on the phone that would match it with the ID.
Something needs to be done however. I disagree that the internet needs to be open to all at any age. You do not need an ID to walk into a library, but you need one to get into a strip club. I do not see why that should not be the same on the internet.
Major banks and government institutions can’t even be bothered to implement the NIST password guidelines. If they got their gdpr soc2 fedramp whatever it’s green lights and the rest is insurance.
It's not even worth talking about online. There's too much inorganic support for the objectives of nation-states and the corporations that own them.
Legislation has been advanced in Colorado demanding that all OSes verify the user's age. It will fail, but it will be repeated 100 times, in different places, smuggled attached to different legislation, the process and PR strategies refined and experimented with, versions of it passed in Australia, South Korea, maybe the UK and Europe, and eventually passed here. That means that "general purpose" computing will be eventually be lost to locked bootloaders.
https://www.pcmag.com/news/colorado-lawmakers-push-for-age-v...
[edit: I'm an idiot, they already passed it in California https://www.hunton.com/privacy-and-cybersecurity-law-blog/ca...]
And it will be an entirely engineered and conscious process by people who have names. And we will babble about it endlessly online, pretending that we have some control over it, pretending that this is a technical discussion or a moral discussion, on platforms that they control, that they allow us to babble on as an escape valve. Then, one day the switch will flip, and advocacy of open bootloaders, or trading in computers that can install unattested OSes, will be treated as organized crime.
All I can beg you to do is imagine how ashamed you'll be in the future when you're lying about having supported this now, or complaining that you shouldn't have "trusted them to do it the right way." Don't let dumb fairytales about Russians, Chinese, Cambridge Analytics and pedophile pornography epidemics have you fighting for your own domination. Maybe you'll be the piece of straw that slows things down just enough that current Western oligarchies collapse before they can finish. Maybe we'll get lucky.
Polls and ballots show that none of this stuff has majority organic support. But polls can be manipulated, and good polls have to be publicized for people to know they're not alone, and not afraid they're misunderstanding something. If both candidates on the ballot are subverted, the question never ends up on the ballot.
The article itself says nothing that hasn't been said before, and stays firmly under the premise that access to content online by under-18s is suddenly one of the most critical problems of our age, rather than a sad annoyance. What is gained by having this dumb discussion again?
The advantage, I think, of age verification by private companies over cellphone bans in public schools is that cellphone bans appear as a line-item on the government balance sheet, whereas the costs of age verification are diffuse and difficult to calculate. It's actually quite common for governments to prefer imposing costs in ways that make it easier for the legislators to throw up their hands and whistle innocently about why everything just got more expensive and difficult.
And the argument over age verification for merely viewing websites, which is technically difficult and invasive, muddles the waters over the question of age verification for social media profiles, where underage users are more likely to get caught and banned by simple observation. The latter system has already existed for decades -- I remember kids getting banned for admitting they were under 13 on videogame forums in the '00s all the time. It seems like technology has caused people to believe that the law has to be perfectly enforceable in order to be any good, but that isn't historically how the law has worked -- it is possible for most crimes to go unsolved and yet most criminals get caught. If we are going to preserve individual privacy and due process, we need to be willing to design imperfect systems.
But, I don't get the approach. It's not like social media starts being a positive in our life at 20. The way these companies do social media is harmful to mental health at every age. This is solving the wrong problem.
The solution is to take away their levers to make the system so addictive. A nice space to keep in touch with your friends. Nothing wrong with that.
I don't think this legislation would have helped me. I found the material I did outside of social media and Facebook was not yet ubiquitous. I did not have a smartphone at the time, only a PC. I stayed off social media entirely in college. Even with nobody at all in my social sphere, it was still addicting. There are too many sites out there that won't comply and I was too technically savvy to not attempt to bypass any guardrails.
The issue in my case was not one of "watching this material hurt me" in and of itself. It was having nobody to talk to about the issues causing my addiction. My parents were conservative and narcissistic and did not respect my privacy so I never talked about my addiction to them. They already punished me severely for mundane things and I did not want to be willingly subjected to more. To this day they don't realize what happened to me. The unending mental abuse caused me to turn back to pornography over and over. And I carried a level of shame and disgust so I never felt comfortable disclosing my addiction to any school counselors or therapists for decades. The stigma around sexual issues preventing people from talking about them has only grown worse in the ensuing years, unfortunately.
At most this kind of policy will force teenagers off platforms like Discord which might help with being matched with strangers, but there are still other avenues for this. You cannot prevent children from viewing porn online. You cannot lock down the entire Internet. You can only be honest with your children and not blame or reproach them for the issues they have to deal with like mine did.
In my opinion, given that my parents were fundamentally unsafe people to talk to, causing me to think that all people were unsafe, then the issue of pornography exposure became an issue. In my case, I do not believe there was any hope for me that additional legislation or restrictions could provide, outside of waking up to my abuse and my sex addiction as an adult decades later. Simply put, I was put into an impossible situation, I didn't have any way to deal with it as a child, and I was ultimately forsaken. In life, things like those just happen sometimes. All I can say was that those who forsook me were not the platforms, not the politicians, but the people who I needed to trust the most.
I believe many parents who need to think about this issue simply won't. The debate we're having here on this tech-focused site is going to pass by them unnoticed. They're not going to seriously consider these issues and the status quo will continue. They won't talk with their children to see if everything's okay. I don't have many suggestions to offer except "find your best family," even if they aren't blood related.
These so-called "platforms" already collect data about who people are in order to facilitate online advertising and whatever else the "platform" may choose to do with it. There is no way for the user to control where that data may end up or how it may be used. The third party can use the data for any purpose and share it with anyone (or not). Whether they claim they do or don't do something with the data is besides the point, their internal actions cannot be verified and there are no enforceable restrictions in the event a user discovers what they are doing and wants to stop them (at that point it may be too late for the user anyway)
"Tech" journalists and "tech bros" routinely claim these "platforms" know more about people than their own families, friends and colleagues
That's not "privacy"
Let's be honest. No one is achieving or maintaining internet "privacy" by using these "platforms", third party intermediaries (middlemen) with a surveillance "business model", in order to communicate over the internet
On the contrary, internet "privacy" has been diminishing with each passing year that people continue to use them
The so-called "platforms" have led to vast repositories of data about people that are used every day by entities who would otherwise not be legally authorised or technically capable of gathering such surveillance data. Most "platform" users are totally unaware of the possibilities. The prospect of "age verification" may be the wake up call
"Age verification" could potentially make these "platforms" suck to a point that people might stop using them. For example, it might be impossible to implement without setting off users' alarm bells. In effect, it might raise more awareness of how the vast quantity of data about people these unregulated/underregulated third parties collect "under the radar" could be shared with or used by other entities. Collecting ID is above the radar and may force people to think twice
The "platforms" don't care about "privacy" except to control it. Their "business model" relies on defeating "privacy", reshaping the notion into one where privacy from the "platform" does not exist
Internet "privacy" and mass data collection about people via "platforms" are not compatible goals
"... our founders displayed a fondness for hyperbolic vilification of those who disagreed with them. In almost every meeting, they would unleash a one-word imprecation to sum up any and all who stood in the way of their master plans.
"Bastards!" Larry would exclaim when a blogger raised concerns about user privacy."
- Douglas Edwards, Google employee number 59, from 2011 book "I'm feeling lucky"
If a user decides to stop using a third party "platform" intermediary (middleman) that engages in data collection, surveillance and ad services, for example, because they wish to avoid "age verification", then this could be the first step toward meaningful improvements in "internet privacy". People might stop creating "accounts", "signing in" and continuing to be complacent toward the surreptititious collection of data that is subsequently associated with their identity to create "profiles"
Tradeoff acknowledged, and this runs both sides, there's hundreds of risks that these policies are addressing.
To mention a specific one, I was exposed to pornography online at age 9 which is obviously an issue, the incumbent system allowed this to happen and will continue to do so. So to what tradeoffs in policy do detractors of age verification think are so terrible that it's more important than avoiding, for example, allowing kids first sexual experiences to be pornography. Dystopian vibes? Is that equivalent?
Or, what alternative solutions are counter-proposed to avoid these issues without age verification and vpn bans.
Note 2 things before responding:
1)per the original quote, it is not valid to ignore the trade offs with arguments like "child abuse is an excuse to install civilian control by governments"
2) this was not your initiave, another group is the one making huge efforts to intervene and change the status quo, so whatever solution is counterproposed needs to be new, otherwise, as an existing solution, it was therefore ineffective.
If any of those is your argument, you are not part of the conversation, you have failed to act as wardens of the internet, and whatever systems you control will be slowly removed from you by authorities and technical professionals that follow the regulations. Whatever crumbs you are left as an admin, will be relegated to increasingly niche crypto communities where you will be pooled with dissidents and criminals of types you will need to either ignore or pretend are ok. You will create a new Tor, a Gab, a Conservapedia, a HackerForums, and you will be hunted by the obvious and inequivocal right side of the law. Your enemy list will grow bigger and bigger, the State? Money? The law? God? The notion of right and wrong which is like totally subjective anyways?
I was initially exposed to pornography at 8 years old, by finding a disgarded magazine in a hedge. However this was pretty soft.
I was exposed to serious pornography at 10 years by finding a hidden VHS tape in the back of a drawer at a friends house and getting curious. This was hardcore German stuff with explicit violence. This has caused me to have therapy in my lifetime.
This was all in the 80s by the way.
Therefore anything you are mentioning happened long before the internet, and is totally possible in a completely offline world as well. So how do these new digital laws 'protect children' again?
> And the only way to prove that you checked is to keep the data indefinitely.
This is not true and made me immediately stop reading. If a social media app uses a third party vendor to do facial/ID age estimation, the vendor can (and in many cases does) only send an estimated age range back to the caller. Some of the more privacy invasive KYC vendors like Persona persist and optionally pass back entire government IDs, but there are other age verifiers (k-ID, PRIVO, among others) who don't. Regulators are happy with apps using these less invasive ones and making a best effort based on an estimated age, and that doesn't require storing any additional PII. We really need to deconflate age verification from KYC to have productive conversations about this stuff. You can do one thing without doing the other.
I don't think a bulletproof age verification system can be implemented on the server side without serious privacy implications. It would be quite easy to build it on the client side (child mode) but the ones pushing for these systems (usually politicians) don't seem to care about that.