Government sets up page to verify age. You head to it, no referrer. Age check happens by trusted entity (your government, not some sketchy big tech ass), they create a signed cert with a short lifespan to prevent your kid using the one you created yesterday and without the knowledge which service it is for. It does not contain a reference to your identity. You share that cert with the service you want to use, they verify the signature, your age, save the passing and everyone is happy. Your government doesn’t know that you’re into ladies with big booties, the big booty service doesn’t know your identity and you wank along in private.
But oh no, that wouldn’t work because think of the… I have no clue.
That sounds like a very functional and rational solution to the problem of age verification. But age verification isn’t the ultimate goal, it’s mass surveillance, which your solution doesn’t work for.
The fact that they haven’t gone for this approach that delivers age verification without disclosing ID, when it’s a common and well known pattern in IT services, very strongly suggests that age verification was never the goal. The goal is to associate your real identity with all the information data brokers have on you, and make that available to state security services and law enforcement. And to do this they will gradually make it impossible to use the internet until they have your ID.
We really need to move community-run sites behind Tor or into i2p or something similar. We need networks where these laws just can’t practically be enforced and information can continue to circulate openly.
The other day my kid wanted me to tweak the parental settings on their Roblox account. I tried to do so and was confronted by a demand for my government-issued ID and a selfie to prove my age. So I went to look at the privacy policy of the company behind it, Persona. Here’s the policy, and it’s without a doubt the worst I’ve ever seen. It basically says they’ll take every last bit of information about you and sell it to everyone, including governments.
https://withpersona.com/legal/privacy-policy
So I explained to my kid that I wasn’t willing to do this. This is a taste of how everything will be soon.
The fact that they haven’t gone for this approach that delivers age verification without disclosing ID, when it’s a common and well known pattern in IT services, very strongly suggests that age verification was never the goal.
I don’t agree. It certainly makes it possible that it isn’t the goal. But I genuinely believe that, at least here in Australia (where our recent age-gating law is not about porn, but about social media platforms, with an age limit of 16), the reason behind the laws being designed as they are is (1) optics: despite what those of us here say, keeping young children off of harmful social media algorithms is very politically popular and they wanted to pass a bill that banned it as quickly as they could. No time for serious discussion about methods. And (2) a complete lack of knowledge. Because they wanted the optics, they passed the bill extremely quickly and without a serious amount of consultation. And I don’t trust that even if they had done consultation, they would have known who is more reliable to listen to, the actual experts and privacy advocates, or the big AI companies with big money promising facial recognition will somehow solve this. Because politicians are, by and large, really fucking stupid at technology.
What is it they say? Never attribute to malice that which can be adequately explained by stupidity?
First, Mastodon is talking about Mississippi in the US.
Second, why can’t people parent their own kids? What if I don’t agree with the government and want my kid to see stuff the government has decided to block? The government isn’t the parent of your child and you shouldn’t be treating them as such. If you child is doing something you don’t want, it’s your job as their parent to stop it.
The article says “Mississippi and elsewhere”, so I assumed all sorts of bans were fair game for discussion.
As for your second point, I genuinely don’t really care all that much. Take my solution and require platform vendors provide a parental controls API and require websites and apps call it. From there, whether you legally required parents to set up parental controls, you strongly suggest they do it, or you just leave it there as an option doesn’t matter as much. Maybe different places can have different laws.
The important thing is that parents should at least be given the tools necessary to be able to do this.
Fuck, I went through that with VRchat…
Don’t forget censorship.
Because it’s not actually about age verification, it’s about totalizing surveillance of everyone.
ActivityPub is a major threat to the commercial social networks.
These laws are purely a way to regulate communication, but they are effectively a way to prevent new social networks from becoming established.
This is why the really big social networks are welcoming them with open arms. Even the criminal social networks are secretly pleased with them.
Laws only affect people too poor to manipulate them and too honest to disobey them.
This can be improved even further to lock a single age verification to a single account. Instead of issuing you a generic signed cert, they use blinded signatures to sign a cert that you generate and encrypt, containing the domain name and your username. The govt never sees the site or your username, because it’s encrypted, and the site never sees the document you provided the govt with to prove your age. But you have a cert that can only be used by you to verify your account is of age.
There’s an alternative solution that would enable a person’s browser or device to verify their age based on a govt-signed cert with repeated hashes. This would have the benefit of the government not even knowing how many verifications you had done, because they only provide one cert per person (with longer renewals. The downside of this is that it requires some form of unique multiple-use identifier. In the sample question that’s fine because it’s a passport. IRL it could be something like an email address, or even just your own unique UUID.
The service provider could even generate a certificate request that the age verification entity signs (again, with no identifying information, other than “I need an age verification signature, please”). That certificate would only be valid for that specific service provider and can’t be re-used.
I give it 2 years till Netflix requires you to have an ID every time you open the app because it has rated R movies.
This is the same principle. The account holder agreement should make the account holder responsible for the use of the service.
The government shouldn’t be parenting our minors, their guardians should be.
Otherswise we should put digital locks on every beer bottle, pack of cigarettes, blunt raps, car door, etc. That requires you to scan your ID before every use.
“Kids shouldn’t be driving cars, it isn’t safe!” Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
And the car is far more deadly than them seeing someone naked.
“Kids shouldn’t be driving cars, it isn’t safe!” Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
This is sort of my take. There’s a lot of fun to be had in discussing possible technical solutions to the problem. And technical solutions do exist. But they all have some sort of noteworthy downside, including relying on the government to build and maintain this signing server.
But the best solution, IMO, is much more low-tech. Parental controls. Mandate that all browsers and operating systems support a parental control API where apps and websites can request to know if a user is of age. Mandate that adult sites call this API. And put the onus on parents to actually set up parental controls on their children’s devices, with an appropriately strong password that the children cannot break into.
Oh, I was thinking the certificate would only be needed for signups - once the account is created, it absolutely should be on the account holder, not the service provider.
Why not apply this to the ISP account holder and trust them to protect their own kids the way they see fit?
Philosophically I agree with you. I was just discussing a technological way to accomplish age verification without giving up users’ identities to a service provider, or the government knowing what service you’re using. Unfortunately, too many governments want to know what you’re doing inside your pants.
Yeah, there is likely a tech answer to this that would work. Coming up with one and them choosing not to use it makes it even more clear kids’ safety isn’t their goal.
Signups + random checks to prevent reselling accounts.
“Kids shouldn’t be driving cars, it isn’t safe!” Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
Driving is a much more visible activity than looking at your phone in a locked room though.
Ideally, it would be handled directly on the hardware. Allow people to verify their logged in profile, using a government-run site. Then that user is now verified. Any time an age gate needs to happen, the site initiates a secure handshake directly with the device via TLS, and asks the device if the current user is old enough. The device responds with a simple yes/no using that secure protocol. Parents can verify their accounts/devices, while child accounts/devices are left unverified and fail the test.
Government doesn’t know what you’re watching, because they simply verified the user. People don’t need to spam an underfunded government site with requests every day, because the individual user is verified. And age gates are able to happen entirely in the background without any additional effort on the user’s side. The result is that adults get to watch porn without needing to verify every time, while kids automatically get a “you’re not age-verified” wall. And kids can’t MITM the age check, due to the secure handshake. And if it becomes common enough, even a VPN would be meaningless as adult sites will just start requiring it by default.
For instance, on a Windows machine, each individual user would be independently verified. So if the kid is logged into their account, they’d get an age wall. But if the parent is logged into their verified account, they can watch all the porn they want. Then keeping kids away from porn is simply a matter of protecting your adults’ computer password.
But it won’t happen, because protecting kids isn’t the actual goal. The actual goal is surveillance. Google (and other big tech firms like them) is pushing to enact these laws, because they have the infrastructure set up to verify users. And requiring verification via those big tech firms allows them to track you more.
Age check happens via trustest entity (your government)
Bold of you to assume a government entity is trusted. In the UK we have a large misrepresentative error due to our voting system.
Depends in what part you trust. I trust them with my ID, I wouldn’t trust a random website. They know it anyway as they made it.
It does not contain a reference to your identity.
but they know who they issued it to, and can secretly subpoena your data from your instance.
no thank you.
They (the govt) would know that they issued a certificate to ex. lemmy.dbzer0.com
They can’t know that the certificate is issued to conmie
Unless, of course, the instance logs the age certificate used by each user
And also, unless the govt’s age verification service logs the certificate issued by each citizen
They can only subpoena your data if it is stored. Make the code open source (by law) and only store the cert, no connection to the user.
I think this starts to not work when you start to include other states that want to do this, other countries, cities, counties, etc… How many trusted authorities should there be and how do you prevent them from being compromised and exploited to falsely verify people? How do you prevent valid certs from being sold?
Some examples of the type of service you mentioned:
I can only verify with my own government. The rest I don’t know. But shut up, that’s how it works! /s
To be honest, I have no clue. But dropping my pants to write a mail isn’t what I want to do.
How do you prevent valid certs from being sold?
Sold by whom? The created cert can be time limited and single use, so the service couldn’t really sell them. You could rate limit how many certs users can create and obviously make it illegal to share them in order to deter people from using them. That’s not enough to prevent it completetly, but should be an improvement for the use cases I hear the most about: social media (because it reduces the network effect) and porn (because kids will at least know that they’re doing some real shady shit).
Age check happens by trusted entity (your government, not some sketchy big tech ass), they create a signed cert with a short lifespan to prevent your kid using the one you created yesterday and without the knowledge which service it is for.
Sorry, not sufficient.
Not secure.
" I certify that somebody is >18, but I don’t say who - just somebody "
This is an open invitation to fraud. You are going to create at least a black market for these certificates, since they are anonymous but valid.
And I’m sure some real fraudsters have even stronger ideas than I have.
What stops non-anonymous certificates from being sold?
If John Doe views way too much porn, then you expect the site to shut him down? They have no ability to track other site usage. The authorities have to block him after the 10,000th download.
At that point, why does the site need to know? Either the government blocks someone’s ID or they don’t
What stops
Not useful to look at it in such a black or white manner. The possibilities are presumably less, and surely not that obvious.
Making the certs short-lived (a few minutes) and single use and having a rate limit for users could make it difficult enough with serious risks (if you make it a crime) for little profit (I doubt many kids will pay serious amounts of money to watch porn; definetly not drug-scale amounts of money).
It was never about the kids.
https://en.wikipedia.org/wiki/2010s_global_surveillance_disclosures
Because think of the shareholders, I’m waiting to see which politicians spouses own controlling shares in the verification companies…
Oh, it will work fine, as soon as it issues it’s first cert without any reference to the identity, it wouldn’t even be needed until it’s expiry. But it’s easier to just not build it.
Hey, UK! When you are being compared to Mississippi, you are fucking up very very badly.
Lucky for Mastodon and other ActivityPub projects, they don’t need to host any servers. People outside of regions where age verification is required can host the servers instead.
But what if govt block the site hosted outside? And the VPNs require you to do an age verification?
Good luck blocking Tor or I2P. China already tried that.
If it’s a law, it should be free for both businesses and users.
That means being paid by the tax payers.
The free option is to trust your children.
Oh noes, won’t somebody think of the blessed tax payers.
I’d rather not have the law, or if law then big business pay but exclusions for smaller businesses/hobbyist.
This is exactly the kind of government overreach people like me have been screaming about since, in my case, the 1990s.
“I told you so” just doesn’t feel so good when what’s happening is nothing less than the entirety of human freedom and liberty is being eroded before our very eyes, and those who disagree with it get labeled as kooks, and accused of hating whatever “oppressed group” of the day is in vogue.
I’m so so very tired of being right.
Plus no one I have warned from 97 on admits to remembering my warnings. Them all saying nah keep your head down and live, govt has always been bad, nothing will fundamently change.
The same people still support establishment opposition to save us too, following the lead of authorities passing the buck and never admitting a mistake and correcting their behavior.
You’ve been screaming about internet censorship since before the internet?
Fucking time traveller right here
Brother, delete this silly comment and be a nicer person. Please, there is still time!
Nah. OCs a whinging boomer.
“Screaming” “People like me” “liberties eroding before our very eyes”
It’s like he’s never read a history book. Or travelled outside his state.
… I was online in 1993, bro. I was dialing into BBSs with worldwide fidonet bulletin boards even earlier than that.
Don’t be such a dipshit.
Back in my day we had to dial in to get the internet.
GoddamnGl Gubberment ruining everything
What are you talking about? The internet existed all through the 90s
It sure did. Well done!
I too have been screaming about private online since the 90s. I have an intuitive reaction that sort of mirrors yours.
But can I ask you a question?
And it’s one that I’m asking because I genuinely wish to learn from others.
Because I can’t quite see the difference and maybe there’s something I’m missing.
Why is it not government overreach to ensure pornography isn’t sold to minors in an adult video store, but government overreach to have the same expectation of online pornography providers?
I would love your enlightened view on this so I can learn from it. Because I can’t quite see the difference.
I understand that many adults go into an adult video store and need not prove their age, because they clearly look like adults.
And so the difference here is that everyone have to prove their age online, even people that are clearly adults by how they look.
But entering a pornography website is the equivalent of entering an adult video store where the clerk cannot see you, cannot hear your voice. In that world I would also expect the clerk to check every purchase as they would have no other means of assessing the buyer’s age.
Or maybe you think that adult videos should be sold to everyone and it’s the very concept that pornography is restricted to minors that you disagree with. I don’t personally hold that view but then I can least understand why you would also reject online age verification.
Or maybe you think it is ineffective and won’t make a difference. That argument I most definitely agree with, but how we choose to implement a law, and whether it’s effective, is two different discussions I would posit.
Edit: I love that I’m getting downvoted for expressing a POV respectfully.
Parents have the ultimate say-so of what their kids have access to.
I don’t believe there needs to be a law that says that, no.
If a parent decides their kid is responsible enough to have their own money, then it’s the parents who are to blame if that kid buys “bad” things with that money.
Same thing online. If a parent decides their kid is responsible enough to have unrestricted internet access, then it’s their fault if the kid then goes to a “bad” website.
It’s not the store’s fault. Nor is it the website’s fault.
We have given away far too much of our parental responsibility over to 3rd parties, and now we don’t know how to parent anymore.
So you would also support a child buying alcohol online on account of being given money and access to the internet?
Support? Absolutely not.
Allow? Not my child.
Make illegal? Nope. Not my business to tell other parents how to raise their children.
And that’s exactly the problem here. People like YOU, who think that if I don’t want something illegal, than that of course means I like that thing, or that I personally want to do that thing.
Nope. It has to do with personal autonomy. I’m not your boss, I shouldn’t get to tell YOU what you can do to yourself. Period.
Nope. It has to do with personal autonomy. I’m not your boss, I shouldn’t get to tell YOU what you can do to yourself. Period.
Wait, this way every **laws **is useless then, I am not your boss, I shouldn’t get to tell YOU that you cannot drive while drunk.
Except you forget about the whole “as long as it doesn’t directly affect others” thing.
Or, more likely, you intentionally ignored it in order to score some “gotcha” for Internet points.
Except you forget about the whole “as long as it doesn’t directly affect others” thing.
I followed on your steatment. If I forgot it, you also forgot it.
But my point stand, by the traffic code you cannot drive drunk also if you don’t affect anyone else on the road.
Generally it is not that you can do something that is illegal thinking that it is ok as long as it doesn’t affect others.
I think that was the point. Not only decentralized services, but a lot of small and/or individual services too. The way age verification is done is both stupid, and expensive. Only the big names will remain.
Only the big names will remain.
As intended. Obvious regulatory capture
We NEED to Protect The Children which is WHY we’re SO LUCKY to have a President who is SO KEEN to PROTECT Child Rapists like Jeffrey Epstein and Ghislaine Maxwell!
Protect Jeffrey Epstein? Last I checked, he doesn’t need anymore “protecting”.
Trump only cares about himself. If he accidentally “protected” anyone but himself, it’s purely a coincidence.
If a government wants this in place, they should also facilitate the means.
If you know anyone who support age verifications laws remind them that the same governments that care so much about kids is backing and arming israel to murder and starve kids to death.
That’s far too many words for them to properly understand
Kids of Families who chose to stay despite efforts to evacuate them 👍
Fucking creepy comment.
are you suggesting the Palestine government does not have a right to exist you antisemitic troll
Calling me antisemitic is funny.
And no, necer said that. Just calling the people stupid that let their children die for propaganda
Say you’re trash without saying you’re trash
You racist antisemitic terrorist.
Please elaborate 👍
Please leave, your voice is not wanted here.
If you continue to spread blantant disinformation about the genocide of palestinians I will report you.
You could just read up on the facts
Oh yeah just pack up and move! What an easy solution! Why didn’t the Jews think of that back in the 30’s and 40’s? They could have ended the holocaust all on their own by simply leaving!
Uh yeah just go. Die or go but don’t complain if you die because you didn’t wanna go. This was to be expected
“Move or I’ll kill you”
Ah yes, the one that’s being said to is at fault
Yeah exactly. It’s not right but they are at fault.
If I wanted you I was gonna steal your house, and you didn’t leave, you’d be okay with your children being murdered? You’re fucking nuts
Collateral damage. They knew this was going to happen, so it’s their fault. And no, I’m no longer an Israel supporter, I’m against both sides.
Ew. Please stop talking.
Nope
I live in the UK, and this is something I was saying about the Online Safety Act. It puts all the onus on the websites and not only do some websites not have the money or resources to comply, but with something like Mastodon, it doesn’t really work. Like this bill was written and passed by people who don’t know shit about fuck about tech. Several Lemmy and Mastodon instances have shut down/Geoblocked the UK because of this, and other jurisdictions don’t seem to understand that either.
but with something like Mastodon, it doesn’t really work. Like this bill was written and passed by people who don’t know shit about fuck about tech. Several Lemmy and Mastodon instances have shut down/Geoblocked the UK because of this
So they knew what they were doing. Age verification is about removing all sources that can’t be controlled.
and yet they’re doing a fucking terrible job at it (source, I’m using a VPN, something people in the Lords didn’t even know was a thing until it was too late). It would be funny if it wasn’t my reality.
The control isn’t complete until VPNs are controlled. Everybody evading the ban will help to make the case that VPNs have to be regulated, too.
That’s already happening, alas, but I suspect things will get very quiet when people realise something like this would affect the bottom line negatively. Look at what happened (twice) with encryption.
- Government said they wanna ban encryption.
- Starts planning the legislation.
- Someone (a civil servant who’s job it is to point out the fucking obvious) points out that Banking and Commerce requires Encryption to function and banning Encryption would crash the Economy.
- Plans are quietly dropped.
How it will likely go with VPNs.
- Government says they wanna restrict VPNs.
- Government Starts planning legistlation (we are here).
- Someone points out that Banking, Tech Security, The Military, The Foreign Office and others rely on VPNs to function and getting rid of them will fuck the economy and put national security at risk and risk negatively affecting their
pay masterscorporate donors. - Plans are quietly dropped.
One of the main purposes of the OSA is to make money for YOTI and the Data brokers, because you and I both know these are the main corporate sponsors, and the MPs and Lords who passed it likely have investments in said companies. Hoovering up IDs and linking them to web activity doesn’t just help the government fuck us, it makes money for MPs, Lords, and their Friends. But here’s the thing: It’ll bite not just US, but them in the arse. So here’s what’s (hopefully) going to happen.
- OSA is installed.
- Someone important enters their info into a fake age check/Someone important gets age verified for something and the service gets hacked.
- The hack gets made public and a lot of important people get burnt.
- The Bill gets quietly modified or abolished.
British Politicians are greedy, self serving authoritarian cunts, but they are also remarkably dim. Like sometimes impressively so. Look up this passage in Hansard to see what I mean. It might cause you to have a fucking crisis.
But yes, they do like control, problem is they don’t know what they wish for,
Do you think those debates are for real and not a show that ends with whatever has been decided elsewhere?
The houses don’t need to know because they don’t do the planning.
Since the EU does the same thing at the same time, after it was not a problem for years, the origin for these laws must lie elsewhere.
Do you think those debates are for real and not a show that ends with whatever has been decided elsewhere?
If that was the case, then the Lords wouldn’t have blocked the 2016 Disability Bill. You remember the one. I don’t think that was theatre, I think people in the Lords looked at that and went “lol fuck no.” They also wouldn’t have done a lot of shit if it was all planned behind the scenes and some shadowy cabal actually just called the shots.
Here’s the thing: “It’s all planned” is the cornerstone of most conspiracies, from 9/11 to “Covid is a bioweapon” or “Covid isn’t real” to literally every major conspiracy theory. But wanna know something? All of that is a weighted comfort blanket to sooth people, it is soothing to believe that there is someone or something in control and it’s just a case of getting rid of them, and it’s an ego boost to believe that You are part of a club that figured it out. They used to call it being “woke” until the far right took that term as an Alias for “Degenerate” as the Nazis used it.
But the truth is this: There is no man behind the curtain, there is no shadowy cabal who actually control everything. It’s call Capitalism, Sociopaths, and Morons who either want to make money or think they’re doing good.
I have lived through two governments (a Labour one and a Conservative one) that have floated the idea of banning encryption publicly. Both times they quietly dropped the idea when they were told that doing something like that would crash the economy. My parents are both former Civil Servants. My dad watched the Scottish Secretary at the time nearly type “Thatcher is a Bitch” into a Teletype machine that sent out press releases to every major newspaper.
I watched my own MSP (and Leader of the Scottish Lib Dems) address a crowd of mostly transgender mostly leftist people and ask them to applaud Tories who voted for the Gender Recognition Act.
There is shit in Hansard that looks like it came from a bad sitcom. There are people who are in parliament right now who I wouldn’t trust with a fucking Self Scan Checkout, let alone a seat in either of the houses.
Are there scheming bastards, genuinely Machiavellianism Motherfucks in parliament? Yes! Politics attract people who score high in the Dark Triad. Starmer, Streeting, and Farage are all genuinely horrible people. Starmer and Streeting openly want to harm transgender people, Farage wants to fund the fucking Taliban, and if we wanna talk about non-MPs, Boris Johnson stated he’s rather have mass death than another Lockdown and the last government used Covid as a way to Launder Money.
But alongside that, a good chunk of the people in our parliaments are simply fucking morons. They might be good at a collection of specific things, but they are also impressively Moronic on a level that would make the Thick of It and Yes Minister look fucking optimistic. Indeed, some of the more bastardous people I have listed and not listed here are also, weirdly, fucking morons. Look at Trump’s first term for example.
And if you wanna cling to “there’s a puppet master behind all this”, be it Satan or the Illuminati, to save you from the genuinely terrifying thought that the people at the Helm of the ship of state are Francesco Schettino, Yiannis Avranas and Lafayette Ronald Hubbard, fair, but personally, I’m a realist and the only conspiracy I hold is that the “Phillip Killed Diana” conspiracy was invented by the British Press so they wouldn’t face a shitstorm when people realised what the paps did when they got to the crash scene.
If you wanna know what is actually happening here it is:
A Dunfermline based investment firm, charitable trust and think tank (yes you heard) by the name of Carnegie United Kingdom Trust invested money in data collection firms and age verification firms like YOTI, so they lobbied the government and even basically wrote the Online Safety Act. The government sometimes lets outside groups write legislation for them because Corruption, they have other shit to do, and they don’t often know shit about the fucking shite they’re voting for.
Some of those MPs also likely had investments in YOTI and VPNs. When this was presented to the government, some poor sod of a Civil Servant had to sit down the PM/Minister responsible and try convince them that it’s a bad idea, clearly they failed. So, utilising the moral panic around Porn, Extremist Material, Pro-Ana content and the like, they passed this bill, even when a good number of these fucking numbskulls don’t even know what a VPN is, just “we need to do something” and “it’s just common sense™”.
Now not only do they (and future governments, God help us if Reform get in and use this against “woke” content like they’re doing in Kent Libraries) have the ability to age gate literally anything, but the companies they have invested in have got a GOLDMINE of very sensitive Data they can sell to people, be them from the Private, Public or “underground” sectors. Line goes up for the Investment firms, MPs with shares in YOTI and the rest. When it comes down to it, it comes down to Money, Moronity, and Kneejerk reactionism.
If you wanna know what is actually happening here it is:
To me, that is a conspiracy. Turning it into a business is the way to remove political oversight, but the profits don’t hurt.
