36 comments

  • jubilee33 12 minutes ago

    Free access to information is non negotiable. You can dress it up in whatever argument you like; safety, intellectual property rights, moral imperatives. Take your pick. Information will not be held back, it wasn't held back by any tyrannical regime of the past with much more asymmetrical access to control, not the banning of the printing press, the efforts of the Stasi to ban western music in East Germany, nor China's more recently attempted "Great Firewall", have worked. This also will not work.

    I am not worried for myself and for others who are technically inclined, we will just silently find and implement solutions for ourselves and any others who have the energy and inclination to use them. This is worst, as usual, for the most vulnerable among us. Those most in need of the information which they will not be able to access. Every freedom comes with risks and responsibilities, freedom of information maybe more than any, but the harms of limiting information are much more unacceptable than any caused by its unhindered natural flow. You can propagandize and scheme to your hearts content. You can lobby your governments to implement your halfbaked schemes. But in the end it won't work... Because people like me and millions of other will just not comply. We will build our own networks if need be, but we will do just about anything rather than accept your terms.

      jonhohle 8 minutes ago

      > Free access to information is non negotiable.

      For adults.

      There is information and images that are developmentally harmful to children. As the author says, this is no different from drugs, alcohol, tobacco, or gambling.

      If you can’t understand that, you either don’t have children, have a screw loose, or are a child predator.

  • dpark 31 minutes ago

    The offline version proposed doesn’t even work. If the government issues untraceable “I’m an adult” cards there’s nothing stopping someone from acquiring one and immediately selling it to a minor. There’s also realistically nothing stopping someone from acquiring multiple and selling them to minors. “Oops, I lost my adult card again. I need a new one.” The solution is of course to make them revocable which means traceable.

    The same applies online/digitally except that you can very likely distribute the same ID to many minors without getting a new one allocated.

    I’m in the “we should protect kids online” camp, but I am not sure there’s a real way to do it without compromising privacy for everyone.

      grey-area 9 minutes ago

      Untraceable is your invention and obviously absurd and unworkable.

      No scheme is going to issue cards/tokens that can be traded between people, that's obviously unworkable.

      Untraceable is for the consumers of the cards obviously, but in order to have trust they need to be traceable for somebody to verify them. The government can already determine who you are and already requires you to prove that at certain points, this is not a new invention of government it is required for governments to function.

      rootlocus 28 minutes ago

      Protecting kids online requires attention from their parents, not from the government.

        rpdillon 17 minutes ago

        This is my take, but I am a bit frustrated by OS manufacturers. The obvious move is have a screen after factory reset the puts the device in kid mode permanently. It then will send a "I'm underage" flag to sites, and sites return no content (or safe content) when they see that header. This is a system that makes it easier for parents to do their parenting job. All the pieces of this system already exist, but the UX for managing a device during setup to be a "kids device" isn't there.

        This system is good for a bunch of reasons:

        * It gives parents control such that they can tailor the experience to their kids. This is a problem with current proposals.

        * It doesn't bring identity into the mix at all, completely defusing the risk of mass surveillance.

        * It's easy to verify if adult sites are complying: hit them with a curl request containing the header, check the response. This is much easier that verifying that Discord is checking user ages properly using their face-scanning technology.

        Jtarii 9 minutes ago

        This approach has clearly failed and something different should therefore be attempted.

        dpark 19 minutes ago

        Protecting kids is well within the scope of the government.

        This “it’s the parents job” is also reductionist. It is, but somehow we still have made it illegal for minors to buy hard liquor and pornography from physical stores in the United States and few argue that restriction is wrong.

  • ibejoeb 43 minutes ago

    > When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently

    Parent have an obligation to loosen the restrictions, and, what, the government has obligations to tighten them and deprive them of the spaces where they can act independently?

    I don't care to talk about the premise itself. This reasoning is absurd.

      croes 37 minutes ago

      Do you show your ID when you buy alcohol?

      We have many place in real life where we already have to prove our age or identity but somehow the internet should be excluded

        rpdillon 27 minutes ago

        Offline and online are not equivalent spaces. They're not symmetric, they don't fail in the same way, and they don't have the same hazards or risks. I say this because I don't think the argument that we should do it online because we do it offline is coherent.

        I actually don't have to show my ID when I buy alcohol because I'm old. There's a material difference between an electronic record being submitted, passed through and stored on several different servers, and somebody seeing you and seeing a grey beard and saying, yeah, you can buy that beer. The worst case scenario in real life is that the bouncer at the bar looks at your ID, seems real enough, checks the date, matches the picture, and that's it. There is no record being stored, there is no log. It's not equivalent to the vast majority of online age verification mechanisms in use today.

        trewnews 17 minutes ago

        No I don't. Your reasoning is absurd.

        Today I can walk into a shop and buy alcohol without showing my ID.

        I can also walk into my local library and read any book I wish to, some with adult themes. I could do this as a teenage too. I also did this in my own school library.

        Demanding to see ID to access online content is a terrible idea and it is the parent's responsibility to look after children. It should be an understanding between the parent and child on what they should be accessing online. If that breaks down then the parent should do their job of being a parent. Take the device away and punish the child.

          muro 14 minutes ago

          buying alcohol without showing an ID might be possible in many places, but it's not a universal right.

        ibejoeb 26 minutes ago

        Not for the past 20 years. I also don't participate in Patronscan and other similar surveillance operations.

        That is beside the point. I'm talking about the incoherent argument about a parent's supposed obligation to stop parenting and the government taking over. There are three premises here asserted by the author: 1) the child's need for independence, 2) a parent's duty to stop parenting, and 3) the government stepping in. Number 1 is contrary to 3, and I don't agree with either 2 or 3. What do you think?

        ndr 29 minutes ago

        Use that logic to sell phones. Don't limit civil liberties to compensate for failures of parental supervision.

        dgellow 32 minutes ago

        Those places don’t track you and keep a registry and copy of your information

          dpark 29 minutes ago

          Depending on where you live this may be untrue. In Washington state I hand them my id and they scan the code on the back. There is every possibility that they store it and notify the state that I bought a bottle of rum.

        thomastjeffery 22 minutes ago

        And none of them are in my living room, nor do they belong there.

        The government does not get to put child locks on my liquor cabinet, or even keep me from leaving booze out on the counter. They get to restrict businesses from selling to people without identification. Note that this has already always been the case on the internet, too.

  • GuestFAUniverse 22 minutes ago

    A friend and I were the first to have modems at age 12. And we had access to all kind of stuff on BBS and later in newsgroups. That wasn't meant for our age group and yet there wasn't any harm done. Others in our classes didn't roam there. (They were more into drinking, smoking and stealing in real life instead)

    Guess who is heavily using social media today and unreflectively repeats fake news.

      granra 10 minutes ago

      But now kids grow up with social media and fake news. I too grew up seeing stuff I shouldn't have online and I turned out fine but I see the online landscape today as much scarier place and as a recent father I'm scared of what it can do to my child and will need to police it.

  • ulrikrasmussen an hour ago

    The article claims this is what the ZKP scheme reveals:

    > Here is cryptographic proof that I hold a valid credential proving I am over 18. You can verify the proof, but you learn nothing about who I am.

    Is this true though? I am genuinely interested as I haven't looked into the details, but must the user not at least also disclose who the issuer of the credential is so the verifier can verify it against a public key? This also reveals at least the nationality of the user and could be misused to block access to foreigners using VPN.

  • dom96 22 minutes ago

    If the EU actually mandates each member country implements a ZKP for this then I am all for it.

    Can they also provide other ZKPs? Specifically to attest that someone is a unique human being? Humanity verification is incredibly important to fight against propaganda online[1]

    1 - https://blog.picheta.me/post/the-future-of-social-media-is-h...

  • satansdeer 37 minutes ago

    Overall "more verification" goes in the direction of "more surveillance".

    The author described a narrow path that provides "kid safety in the internet" without sacrificing the general population privacy.

    Is it technically possible to implement the way he suggests? Yes. Will it be implemented that way? No.

    There are people who can affect the way this verification will be implemented who are genuinely interested in more surveillance, heck, remember chat control that is an ongoing fight in a very similar vein, there is a global desire in politicians to get more control over the communications.

    To me the author seems either naive or straight up malicious.

      dpark 22 minutes ago

      > Is it technically possible to implement the way he suggests? Yes.

      I actually don’t think it is. Fundamentally this kind of certificate is going to be revocable. It’s untenable politically to hand out irrevocable attestations that can be handed off to minors. If you allow that, the system has failed to prevent minors from accessing adult materials, and if you don’t then the system has failed to preserve privacy.

      > To me the author seems either naive or straight up malicious.

      I think just naive.

  • lokar 30 minutes ago

    I agree with the broad point. But it ignores another key requirement: it can’t be easy to “loan” your proof of age to someone else.

  • coda_cantabile 41 minutes ago

    But by what mechanism would one prove, when using such selective disclosures and zero-knowledge proofs to access an online service, that they are, in fact, the owner of said attestation?

      varispeed 35 minutes ago

      This is probably the wedge and the rest will follow once people are accustomed and desensitised to age checks.

  • NotPractical 36 minutes ago

    Except that within days of this service going live there's going to be a freeageverification.com that instantly generates an attestation for anyone for free. I fail to see how this is not untenable. You can compare it to geoblocks that can be circumvented using VPNs, but at least VPNs are costly to run and are usually paid services. With the implementation of verification described in the article, there is no cost to generate attestations nor any limit on the number of attestations nor any way to stop a known-but-anonymous abuser from generating new attestations.

    Maybe the EU knows it's untenable and is still moving forward because they will be able to demonstrate to the public that privacy enables abuse, creating pretext to make the system not private anymore after it's already been implemented.

  • readthenotes1 44 minutes ago

    We have people checking IDs at the doors of bars and strip clubs.

    And just like in those cases, what is to prevent someone who is of age giving their ID to someone underage?

      efitz 37 minutes ago

      A human glancing at an ID is not creating a log or transmitting every unique identity to the government.

      If you handed over your id, and the person checking it made a photocopy and handed it to a police officer who put it in a file in a briefcase they carried, you might feel differently.

        teddyh 3 minutes ago
        fmobus 32 minutes ago

        aren't a lot of bars in the US scanning the id card with some purpose-made id scanner? Seem to remember reading about that, and it being the US I would guess that data gets very much stored/shared/molested.

          sejje 17 minutes ago

          Yes, they are. The systems aren't even expensive, and they have some features like they track people who have been trespassed, etc.

          However, you can buy fake IDs online, and the IDs are reportedly beating those machines. So if you trust the machine for age-verification, you might let in underage people.

          technothrasher 18 minutes ago

          The scanner manufacturers proudly advertise that their systems dump the scanned IDs to a back-end database for storage and later use.

        varispeed 33 minutes ago

        I remember last time I was in the club (decade or so ago), the bouncers were taking IDs and photocopying them and of course there was CCTV as well and police were visible outside of the club.

          dgellow 28 minutes ago

          What country is that? Sounds insane to me