EFF launches Age Verification Hub

Age Verification is about Kids and Censorship: to track them and censor them

Age Verification is about Kids: giving it to companies who will keep it as safe as they've kept your identity, email, and other information.

Age Verification is about Kids and Censorship: taking control from you and giving it to corporations and government.

Age Verification is about Kids and Censorship: to keep them on their platforms so they can profit from them

Age Verification isn't just about Kids: it's also about tracking you

I don't know why we want to put children's data online. I don't want cameras in the kids rooms to verify their face, that camera will be used by others. That camera will be used to do the very thing they claim it is to protect against. I don't want the kids online, easily meeting with pedos, pretending to be kids or otherwise. I don't want kids data online for those people to use it to harm them. I don't want kid's data being leaked and exposed forever. To create lasting damage that will follow then the rest of their lives.

The road to hell is paved with good intentions. The devil uses this to fool you. Seriously, y'all gonna trust your kids' data with the people in the Epstein list? Why would you let a fox guard the chicken coop?

> Your sci-fi distopia flash fiction is compelling, but not actually on topic in this discussion.

> "Think of the children" is weaponized for censorious purposes, but also the harms of social media are well documented (unlike many of the other moral panics fuelled by this phrase).

> I'm not sure a blanket under-16s ban on all social media is the right answer, but there are really good reasons why people support this that you need to engage with to have a useful discussion here.

So basically for everyone even with modest pattern recognition abilities the template used here should be crystal clear, which goes along the lines of

- I'm kinda with you (even though you are stupid and emotion-driven);

- But your point is totally invalid because you should be humiliated by the sheer number of your opponents, which renders you small and negligible;

- Your opponents have very good reasons to support any fascism that is able to address their reaction to prefabricated problems with prefabricated solutions, and you've got to support that too if you want to be heard.

I'm pretty sure these threads are chock full of shills, because one can't rob people of freedom without significant narraive steering efforts.

Parents need to parent then, but the amount that will are still larger than the people who want mass surveillance because they can't be arsed to raise their kids.

If they are too lazy to raise their kids, they don't have the energy to push the nanny state forward.

> 1. Most of the dollar costs of making it all happen will be paid by the people who actually need/use the feature.

> 2. No toxic Orwellian panopticon.

> 3. Key enforcement falls into a realm non-technical parents can actually observe and act upon: What device is little Timmy holding?

> 4. Every site in the world will not need a monthly update to handle Elbonia's rite of manhood on the 17th lunar year to make it permitted to see bare ankles. Instead, parents of that region/religion can download their own damn plugin.

(This includes being robust against law enforcement action, legal or otherwise.)

The state always thinks of self-preservation. Any bureaucrat is aligned to this goal by getting the benefits from the state. So, the more power it has over its citizens, which is the first threat it, the more safe it is and the less opinions of citizens matter.

Understanding this, every citizen must think carefully about giving away more power to the state.

This is today's top agrument! "There are far too many gangsters each operating in their own district for some kind of notion of organized crime to be credible".

Over 70% of teenagers <18 today have watched porn [1]. We all know (many from experience) that kids easily get around whatever restrictions adults put on their computers. We all know the memes about "click here if you're 18" being far less effective than "click here if you're not a robot."

Yes, there were other ways of trying to solve the problem. Governments could've mandated explicit websites (which includes a lot of mainstream social media these days) include the RTA rating tag instead of it being a voluntary thing, which social media companies still would've fought; and governments could've also mandated all devices come with parental control software to actually enforce that tag, which still would've been decried as overreach and possibly would've been easily circumventable for anyone who knows what they're doing (including kids).

But at the end of the day, there was a legitimate problem, and governments are trying to solve the problem, ulterior motives aside. It's not legal for people to have sex on the street in broad daylight (and even that would arguably be healthier for society than growing up on staged porn is). This argument is much more about whether it's healthy for generations to be raised on porn than many detractors want to admit.

[1] https://www.psychologytoday.com/us/blog/raising-kind-kids/20...

These are not equivalent, I don't have to scan my face, upload my ID and share my personal biometric data with various 3rd parties, who will sell and leak my data, every time I want to look at porn or sip a beer.

Also, there are countries where teenagers can drink and go to pubs, and society hasn't crumbled. We also have several generations of young adults with access to porn, and the sky didn't fall.

Maybe we shouldn't use the government to implement a "papers, please" process just to use and post on the internet, maybe we should instead legislate the root cause of the problem: algorithmic optimization and manipulation. That way everyone benefits, not just kids, and we won't have to scan our faces to look at memes on Reddit.

The one thing you can control is your childs access through their device using parental controls.

I can absolutely guarantee you that any teenager can easily get access to weed, cigarettes and alcohol despite the laws and definitely can use a VPN. It only takes one smart kid to show them how.

I'm even willing to talk about the possibility that we could use more robust systems deployed more broadly. A lot of folks here are talking about ZKPs in this regard, and that's not a bad idea at all.

The issue I'm trying to sound the horn on is that the current push for AF in the US and EU has nothing to do with kids. I think you could put together a working group on ZKPs and Age Verification, write up a paper and run experiments, and when you bring it to the lawmakers they're gonna say something to the tune of:

"yeah but that's not trustworthy enough and too technical for people to understand so we're just going to serve legal notices to VPN providers instead to tell them that they can't anymore"

...or something to that tune. I'm not a mind reader, I've just read the reports (by lawmakers) mentioning VPNs as an "area of concern".

This is a political gambit and not a new one. The more we treat the current issue as having anything to do with protecting kids the more we legitimize what is an obvious grift.

The concern about children is aimed at the wrong target. Instead of targeting everyone it would make far more sense to target the platforms. With Roblox having a pedo problem the company should face punishment. That will actually get them to change their ways. However all these massive platforms are major donors to politicians so the chance of that happening is low to none.

Ok. In real life, do we think having agents from the government and corporations following you everywhere, writing down your every move and word, is a good thing? Or rather, what kind of crime would one have to have committed, so that they would only be allowed out in public with surveillance agents trailing them everywhere?

The harms are real. The solution is a Surveillance Wolf wearing a dead Save The Kids Sheep(tm).

Solutions that might work - RTA headers [0]. More robust parental controls. Not this reimagining of the rules of the internet in service of a fairly vague and ineffective goal. It's like the whole AV concept was designed not to work in the current context at all - almost as if that was the point.

Perhaps I'm going a little out on a limb. I don't think I am - but quick, tell me you need to know where I'm dialing from without asking me where I'm dialing in from.

0 - https://www.rtalabel.org/index.php

I wonder if there's something like internet accelerationism - push things like having friends or watching movies online off the cliff as soon as possible.

Social media is akin to violent video games in the 2000s, tv addiction in the 90s, santanic heavy metal in 80s, and even 'bicycle face' in the 1890s bicycle craze.

Jonathan Haidt seems extremely earnest and thoughtful, but unfortunately being lovingly catapulted to fame for being the guy who affirms everyones gut reaction to change (moral panic)...makes it extremely difficult financially, emotionally and socially for him to steelman the opposite side of that thing.

Even if he hadn't compiled a bunch of suspect research from pre-2010 to make his claims, the field of Psychology is at the center of the replication crisis and is objectively its worst offender. Pyschology studies published in prestigious academic journals have been found to replicate only 36% of the time. [2]

1. https://reason.com/video/2024/04/02/the-bad-science-behind-j...

2. https://en.wikipedia.org/wiki/Reproducibility_Project

This completely leaves it up to the families / parents to control and gives some level of compliance to make the effort worth while.

There may even be a way to generate enough noise with the request to prevent any forms of tracking. This sort of thing should really be isolated in that way to prevent potential abuses via data brokers by way of sale of the information

It was derided as a "system for mass censorship", and got shot down. In hindsight a mistake, and it should have been implemented - it was completely voluntary by the user.

Which I still don't love, but is at least more fair.

It's not even necessary to block parents from giving their children Linux desktops or whatever. It'll largely solve the problem if parents are merely expected to enable parental controls on devices that have the capability.

What content is appropriate for children is properly up to their parents themselves, not to the government or to some nebulous concept of "society". If parent's choose not to set such a flag on their children's devices, then that means that they're choosing to allow their children to access content without restriction, and that's what defines what is OK for their children to access.

Wait, those grand parents also had bad models to work with, so really it's the great grandparents that were to blame...

No, wait, it was the society that they grew up in that encouraged poor behaviour toward them, and forced them to react by taking on toxic behaviours. We all should pay because we all actively contribute to the world around us, and that includes being silent when we see bad things happening.

I'm not seeing the correlation / causation here.

This assumes an absolutist approach to enforcement, which I did not advocate and is not a fundamental part of my proposed solution. In any case, the law already has to make a subjective decision in non-technology areas. It would be no different here. Courts would be able to consider the surrounding context, and over time set precedents for what does and does not cross the bar in a way that society considers acceptable.

That's no different to a law mandating identification-based age verification though. A site in a different jurisdiction can ignore that just the same.

It's a client-side flag saying "treat this request as coming from a child (whatever that means to you)". I don't follow what the jurisdiction concern is.

[EDIT] Oooooh you mean if a child is legally 18 where the server is, but 16 where the client is. But the header could be un-set for a 5-year-old, too, so I don't think that much matters. The idea would be to empower parents to set a policy that flags requests from their kids as coming from a child. If they fail to do that, I suppose that'd be on them.

So namespace it then. "I'm a child as defined by the $country_code government". It's no more of a challenge than what identity-based age verification already needs to do.

> 2) It seems like it could be abused by fingerprinters, ad services, and even hostile websites that want to show inappropriate content to children.

This is still strictly better than identify-based age verification. Hostile or illegal sites can already do this anyway. Adding a single boolean flag which a large proportion of users are expected to have set isn't adding any significant fingerprinting information.

This is where I'm concerned too. We are seeing a proliferation of third party verification services that I have to interact with and that have no real obligations to citizens, because their customer is the website.

I'd like to see governments step in as semi-trusted third parties to provide primitives that allow us to bootstrap some sort of anonymous verification system. By semi-trusted, I mean trusted to provide attestations like "This person is a US citizen over the age of 18" but not necessarily trusted with an access log of all our websites.

If Big Brother starts mandating the collusion - then yes, there's a hill to die on. But in some ways that's the point here. There are hills to die on - this just isn't it. And if you pick the wrong hill then you already died so you are losing the ones that really mattered. If the EFF pointed out to everyone that there is a privacy preserving answer to the core issue that is driving this, they could then mount a strong defense for the part that is truly problematic, since it isn't actually required to solve the problem.

There's no way everybody will agree what constitutes "adult only content," therefore there's no way to come up with a rating for websites.

I'd argue that this is negligible for data collectors and governments. Governments already know who you are and what sites you vist for 99.99% of the population. Data collectors already know who you are and have a pretty good idea of the sites you vist.

What unique information is this going to give the government and data collectors to abuse? Lets establish one case that both affects average people and is "bad" and not waste time discussing things that only affect a tiny minority of privacy minded people.

Keep in mind the law states a platform must provide multiple ways to reasonably verify a user is older than 16. No mention of giving the specific user age or requiring govt id

https://www.consumermedsafety.org/safety-articles/how-childr...

Required reading: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...

Yes. You are emphasizing a reason it would be a good idea.

Sideline the ulterior/hidden motive. Or at a minimum, force it into the open, where it has less of a chance. (Ulterior motives are kept quiet for a reason.)

> Fun fact: many ZK identity solutions run centralized provers and can be subpoenaed. Need to use something that generates proofs client-side.

Subpoenas are one of the many privacy problems solved by this.

If there is no log of your real identity tied to visiting a site, there is nothing to hack or subpoena.

A verifier can report you got keys validated. But they don't know what sites they were for.

Sites can ensure users are vetted for age. Without knowing who they are.

This is such a classic cryptography scenario, I don't know how it isn't being pushed to the center of this debate. Anything that reduces the practical tension between divisive goal posts is going to have practical benefit, and make worst case legislation much less likely.

Or you pick three verifiers of your choice who you coordinate between to get verified, without knowing who each other are.

What the ZKP does is let you limit the information the site collects to the fact that you are under 18, and nothing else. It’s an application of the principle of least privilege. It lets you give the website that one fact without revealing your name, birthdate, address, browsing history, and all your other private data.

(IANAL) That demonstrates the opposite: that's a voluntary system with no force of law behind it—the private sector "self-regulating" itself, if you will.

The film rating systems were created under threat of legislation in the first half of the 20th century (so, in lieu of actual legislation). The transformative 1st Amendment rulings of the Warren Court would have made such laws unconstitutional after the 1960's, but the dynamic that created these codes predates that—predates the modern judicial interpretation of the 1st Amendment.

https://en.wikipedia.org/wiki/Hays_Code (history background)

https://en.wikipedia.org/wiki/Motion_Picture_Association_fil... ("The MPA rating system is a voluntary scheme that is not enforced by law")

No, its legal (in some jurisdictions) pornography. Prostitution on the platform, as well as whatever the legal status is in the set of jurisdictions involved, is also, from what I understand, explicitly against the platform ToS.

I know that the preparations for eIDAS 2.0 (the European thing) did contain many good parts. Taking inspiration from SSI. So at that point their specifications were rather good. I havent kept up with it for almost one year now, so that might have changed.

Either you're old enough to understand what porn is and have desires to consume it in which case you won't be scarred by it and don't need protection from it, or your not in which case you won't seek it out. You need id checks for alcohol because people too young to consume it want it, and given how much teens drink and how not a problem lower drinking ages are in other countries even that claim is somewhat dubious.

I'd be comfortable with it having large segments of "uncategorized." But right now, if I scan over to my ISP to see how much data I have used for the month, I have little to no help in saying how much of that was what.

https://en.wikipedia.org/wiki/Organ_transplantation_in_China

Extrapolate that how you will.