New U.S laws designed to protect minors are pulling millions of adult Americans into mandatory age-verification gates to access online content, leading to backlash from users and criticism from privacy advocates that a free and open internet is at stake. Roughly half of U.S. states have enacted or are advancing laws requiring platforms — including adult content sites, online gaming services, and social media apps — to block underage users, forcing companies to screen everyone who approaches these digital gates.
surveillience data for palintir, to look for political dissidents and associated families, nothing more.
Can we please start our own mesh network completely decentralized from the main web?
This mesh would need to be completely anonymous where people can connect and disconnect from surrounding nodes and people could host their own websites.
I discovered this recently, looks like a fairly promising beginning: https://reticulum.network/
This looks very interesting thanks for sharing! I am definitely going to look into this deeper and see what I need to get something up and running as a start.
Who’s dumb enough to believe it was ever for child safety?
The sort of morons who shouldn’t be using the internet anyway. I miss when the internet was for nerds.
Probably most of the same people who believe ICE is only rounding up “illegals”.
I’m already pissy about them constantly trying to have my cc data everytime I make on online purchase. Windows asks, Google asks, ebay ask, and then my browser asks.
The answer is always no.
To ID verification, My discord is a decade old. If you can’t do math well enough to guess that I wasn’t 8 when I made it then that’s a you problem.
Yeah, that headline is incorrect. The laws are there specifically to surveil adults, “for child safety” is a smokescreen justification. This isn’t a “we tried to do a good thing, but there’s this unfortunate side effect,” the surveillance was the goal.
No reason it can’t be both.
Sure, no reason it couldn’t be, other than it isn’t.
If they wanted to actually protect children, they’d be arresting the pedophiles, not forcing everyone to identify themselves on the Internet.
Remember that “they” (at least here in the US) are as varied in opinion as are we.
The ones who have a sincere desire to protect children want them to have limited exposure to content online.
My personal thought is children should generally not be engaging others online, but it should be a social push (“don’t talk to strangers online” “don’t allow your children to be unsupervised online” ).
As for arresting child abusers, we seem to be in the habit of putting them in high office.
Children shouldn’t be on Reddit or Lemmy. And if anyone disagrees, they better not be complaining about idiots on those platforms.
My statements are about participation, not about how the enforcement should be handled.
I agree, children shouldn’t be on tiktok or any of these kinds of platforms.
And yes, it should be social pressure rather than legal pressure.
Parents who care are doing that. The amount of parents who don’t give a fuck and will just put their id in for their kids to watch porn would shock you. Shit the amount of them that would sell their kids to sex slavery is higher than you probably think.
Fuck this law they don’t give a fuck about kids.
When I was younger, there use to be “public service announcements” on TV that provided education for the kids and adults watching.
If politicians truly cared about the children, then Trump and half his administration would have been strung up by their thumbs at this point. It’s not about the children.
Politicians are humans, just like us (with MAYBE just a larger helping of narcism). They’re also required to work within the law.
I understand the reason I’m getting down votes. We’re in a really really frustrating time. Lots of angry people (me too).
Law…politicians don’t seem to be following them these days. They seem more like Judge Dredd finding out the law is more a suggestion when it comes to themselves. Being able to even start wars without calling it one.
Past year has seemed more like people going, but that’s against the law you can’t do that. And them going okay who’s going to stop us the courts? That’s for peasants.
What exactly has caused the outrage and need to identify the users age today? Why do we need this law now?
It isn’t both.
I can’t wait until it’s leaked that these child accounts are being used to target minors for whatever: ads, sexual exploitation, etc.
Terrifying once you realize what they really mean by “think of the children”
For real. What is stopping a program from querying if an account is an adult or child, and then seeing if there’s an email or username or whatever tied to that account age?
So now we have a database of children with their names and emails? Addresses? Or if a system gets hacked and that information is sold to bad actors?
What is stopping a pedophile from making a “child” account and then being lumped in with a group of other children?
These are things you think about in the first 10 minutes of questioning whether something like this is viable and how it can be exploited.
I think that ICE will be sent information about children, and then they will ship the good looking kids to the highest bidder.
This has nothing at all to do with “child safety”. It’s all about data mining. And controlling what everyone can see or say online.
also to monitor any left leaning activisim/dissidents , or associated agaisnt conservative governments.
I’m going to copy and paste a comment I made elsewhere:
The problem with age verification is VERY much in the implementation. It IS possible to do age verification without having to identify yourself to Meta/PornHub/Whoever. It IS possible to maintain privacy, AND restrict things like porn and social media to those who are of age. Look at how the Estonian system works, it’s brilliant. The problem isn’t age verification, it’s the blatant data grab that is currently trying to destroy your online anonymity…
The problem is: you’re assuming they’re arguing in good faith when they say it’s about pRoTeCtInG tHe ChIlDrEn. It’s not. It’s a pretext for the data grab and mass surveillance of everyone. They will gladly take your argument, claim age verification is compatible with privacy and anonymity, and then introduce age verification systems that do implement mass surveillance. Don’t give them an inch.
No I’m not! I’m in 100% agreement with you that this has nothing to do with protecting children! Age verification, if done properly, is a good idea, that I’m completely for. But you’re right, this isn’t that. This is a smokescreen.
I just want to be sure that people understand that they ARE using a good idea as their cover here. It CAN be compatible with privacy and anonymity, and it is a good idea to stop young children engaging with the cess pit that is modern social media.
At some point, I sincerely hope that the current regime will end and be replaced by something more sane. At that point, I don’t want people to immediately think “age verification = bad”
And because someone will probably ask, this is my understanding of how it would work for age verification (I am not an expert):
There are 3 parties in this scenario. The Estonian state, Meta, and a 3rd party (which is currently a real 3rd party, but work is being done to allow this to be a digital wallet on your device, that you control)
The state issues your 3rd party a magic cryptographic cert that has all your personal data like dob
Meta issue an age challenge: Not “what’s your dob” but rather “Are you old enough to use this service?”
3rd party show you exactly what Meta are requesting and give you the option to approve or deny the request
If you approve, the 3rd party generate a new cert that JUST says “Yes I’m of age” and nothing else.
Because it’s been generated from the states magic cert it can be verified with their public key.
Meta don’t get more info than they need, the state can’t see that you’ve logged into Meta, but you’ve successfully proved you’re old enough to use the service.
The current weak point is that the 3rd party can absolutely see all of it, but there’s no reason the 3rd party has to be an external service. It could absolutely be an app on your device.
You still need to prove yourself to the state, but you’d have to do that to get an id card in the first place. It’s WAAAAY better than trusting all the different porn sites and social media services individually to not leak or misuse your data
The problem isnt just that the third party can abuse their access to your information, it’s that it is digitally stored and certifiable at all
The most secure data providers in the world have all basically had data breaches by now - including the IRS and US government. There is no party that can guarantee data security, even if they themselves are benevolent.
And for what purpose are we willing to gut privacy online? So it’s marginally more difficult for minors to obtain porn?
GTFO. De-anonymization has always been the goal, not ‘protecting the children’.
it’s that it is digitally stored and certifiable at all
I fundamentally disagree with this. First off, that ship has sailed. Your data is already digitally stored. The problem is that it’s stored outside of your control and accessible without your consent. This system addresses those issues.
The most secure data providers in the world have all basically had data breaches
There is no technical reason your data ever needs to be on a device that is outside of your control. The 3rd party is just a local app, with local data storage. In other words there shouldn’t BE a massive database that can be breached. Sure, your device can still be breached, or stolen, but so can your physical wallet. Your device being stolen shouldn’t leak my data.
for what purpose are we willing to gut privacy online
I’m not. I’m trying to explain that giving up privacy is NOT a requirement for age verification
So it’s marginally more difficult for minors to obtain porn?
I’m actually thinking about social media. There’s plenty of data to suggest that underage access causes severe harm, that can and has led to suicides. This is a problem with a body count.
De-anonymization has always been the goal, not ‘protecting the children’.
100% agree. I just want people to understand that it IS a smokescreen. “Age verification” is a GOOD IDEA that is being used as a cover. Recognize the underlying threat, absolutely, but also recognize the good idea that’s being used to hide it.
The problem is that it’s stored outside of your control and accessible without your consent. This system addresses those issues.
Sorry, I just don’t agree with this, either. It isn’t just that it’s a third party, it’s that verification necessarily ties your device to your personal identity at all. No matter how you store the actual identity data, there needs to be an identifier associated with every device/account. I’d be fine if the OS just asked for my age and didn’t verify it with my state-issued ID - but if there’s any cross-checking involved that’s a dealbreaker.
If there were any possibility that a state actor had interest in identifying my personal identity of this account, and there was a record that pointed to my name, SSN, or other unique personal identifiers, i’d be absolutely fucked. There are really good reasons not to want social media accounts tied to real, verifiable identities - even if you think social media should be limited to adults (i’m not on willing to concede this, for what it’s worth).
It doesn’t matter if the data is stored on your local device - if it’s being verified by a state authority at all, that’s a huge problem.
verification necessarily ties your device to your personal identity
needs to be an identifier associated with every device/account
I think you’ve misunderstood. Neither of these statements is true
If there were any possibility that a state actor had interest in identifying my personal identity of this account, and there was a record that pointed to my name, SSN, or other unique personal identifiers
That’s the whole point. This isn’t possible. There are NO identifiers ANYWHERE that link your account to your real world credentials.
if it’s being verified by a state authority at all
It’s not. At least not in the way you’re thinking. You are issued a file, like you are issued an id. This could be done from any device anywhere, and could theoretically be copied and moved around to other devices. This file is cryptographically SIGNED by the state.
Meta then send you a request with their own cert.
The third party then generates a 3rd cert that JUST verifies that you are of age, and contains NO other PII. It uses a combination of signatures from the request and your credentials file to generate this.
The result is that Meta can verify that this new cert was generated in response to their request, that it was based off of an authentic state credentials file, and that the user is of age. That’s it. Not the exact date of birth, no names, addressses, ssns or anything. JUST “user is >16.” There are no identifiers, and no way to tie it back to you IRL.
The state get absolutely no indication that any of this has gone down at all. The 3rd cert is verified off of a universal public key
A state issuing a cert file has to be able to verify that it goes to the intended person. The state would have to know the ID of the person they’re issuing it to, otherwise it wouldn’t function as intended. Similar to blockchain wallets - they are anonymous all the way up to the point of fiat exchange, where most state actors can still end up ID’ing wallet owners.
Even if you try obscuring that information via encryption, it still gets signed by a ‘trusted’ authority at the end of the chain.
Even in theory this is a shit idea.
Yes you need to prove yourself to the issuer, but that’s no different to proving yourself to the dmv to get a driver’s license. But this is the START of the process, not the end.
Once that process is done, like with a drivers license, the issuer gets no further information on what you do with it.
A SECONDARY cert that contains no PII is what Meta get sent.
Even if Meta sent that cert to the state, the ONLY information they could get from it is that it was state issued, and that it was issued to someone over 16.
The point isn’t to obscure the information, it’s to not send it in the first place.
There is no relation to the blockchain. There is no “chain” here to trace back. This is just an extension on regular old school cryptography. The only provable link is that the parent cert was generated by an authority. There is no way to tell if a 3rd cert was generated with your parent cert or mine
How about a system where I can go physically to a shop, show them my id, then the clerk allows me to buy a box of tokens that I picked up myself from the shelf.
I can pay with cash, the clerk just looks at my face and ID, nothing gets entered into the system.
Then I have a bag of tokens that could have various expire dates. Some could last years. They are not tied to any person in anyway but only adults could access them.
And yes, I can totally give it to some kids, but that’s no different than me buying kids alcohol.
I mean, yes, it’s the same process. It’s just moving the convenience store to your phone, and instead of being issued a physical ID by the dmv or whoever, you’re given a digital one. To be clear, that ID, and therefore your information is stored locally on your device, not in a server somewhere.
stored locally on your device
While I would trust that for a FOSS app, it would be too easy for a proprietary app to just “backup” your data.
With the physical method, everyone can be sure they are anonymous through common sense.
Sure, but I have 2 counterpoints:
-
There’s no reason the 3rd party app needs to be proprietary. This is starting to get technical, but my understanding is that you get a cert from the requester, and it’s the combination of that with the state issued magic cert that’s used for validation. The 3rd party app is essentially just a calculator. It doesn’t need any certs of its own
-
That’s an implementation detail. My argument is that it’s the implementation that’s the real cause for concern here, not the idea
-
What’s a distribution of Linux that is not made in the US and is not subject to these insane laws?
Picasochu?
My head hurts.
In the uk, you have to have your face filmed at different angles with your webcam. Spooky…
Just to be able to access Reddit
Also fuck reddit and fuck Spez
Fuck that
I assume you can still use a foreign VPN?
The people who dont care kids are killed almost daily at school which they have no choice but attend. The people watch movies and buy products from businesses literally destroying the environment. The people who vote for people who rape and eat children to run the government. I totally believe you have the countries kids best interests in mind /s [x]
They people who wave away bombing a school and killing 175 because “it’s war”(that we unilaterally started). These are definitely the people who you want to trust on child safety and well-being.
Nah man it’s not war didn’t you hear bro? It’s not war bro the department of
defenseWardefense says it’s not brah!
I should be able to go to a convenience store, hand them hard cash after showing my id. And get a random credential that I can give websites.
That’s an interesting idea! Provides a level of abstraction, and maintains a semblance of privacy.
Have a look at my other comment. It’s possible
This is how it works in Estonia?
Swap the convenience store for an app, and the ID for a digital cert, and ye basically!
Any Estonians reading, please feel free to correct me
What I like about the convenience store idea, is that the certification process is decentralized. An app wouldn’t be.
The store won’t keep a copy of your ID on a database to be inevitably hacked
There is no technical reason it couldn’t be decentralized. It’s a file handed to you by a trusted issuer, like (not American, so guessing:) the dmv. From that point on it should all be local processing to generate the child certs. It doesn’t need to phone home until the credentials expire.
Again, the implementation is the problem
ETA: Also, phone “home” here is wrong. The app should be a completely independent, 3rd party entity, not built or owned by the dmv (in this scenario) in any way. I believe in Estonia there’s a bunch of different options for the 3rd parties, and they’re heavily vetted and certified, but still independent from the state (who issue the certs).
Now that we see groups pushing for age verification are third parties like Palantir and the US government having demanded account info on those who were critical of ICE I don’t think third party entities going forward can be trusted anymore to be unaffiliated with the state.
Maybe when Estonia got their program implemented. But, now such a system being put in place for other countries is going to be untrustworthy in their motives and methods.
If that ID is only verified by an underpaid store clerk, that means the system is already a nonstarter. That person is ripe for corruption.
This sort of idea always rolls back up to the government being directly involved if you game it out. Be it federal or state or province or whatever.
The underpaid clerk already sells booze and cigarettes.
The age token would be free at the time of acquisition (paid by taxes of course).
Yes, you’d get the “buy me a porn token please!” request behind the 7-11, but I’d bet it would be far less frequent than requests to buy booze.
No system is perfect. The “show us your face so we can guess your age” thing we have in the UK (i think its an American company anyway) can be tricked by showing it the guy from Death Stranding, and i assume any other sufficiently realistic game.
Have a look at my other comment. That’s essentially what you’re describing
