I think that this is actually a reasonable approach. It minimizes the information shared and doesn't create any identity tracking regime.
[0] https://media.reclaimthenet.org/docs/california-ab-1043-digi...
If you want to keep your kids safe get an OS that supports it?
Why is it the state’s responsibility?
If you are putting individual parents up against Meta, Google, etc, the big tech companies easily win. As we have seen already.
Those two things have absolutely nothing to do with one another. Something being easy to implement is completely unrelated to whether forcing its implementation is overreach.
- You have to have an approved browser.
- It has to be installed on an approved platform, Google or Apple, for which you have a valid account.
- You have to have an account on the posting platform.
- You have to get past moderation on the posting platform.
That's without age verification.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
But to get the money out? Oh no! We need a picture of your face! And there’s no option for going in person.
Having just gone through the annual KYC checks required by my bank/s I don't think this opinion stands universally.
Can also confirm to open an account I need to provide a live selfie and verifiable government ID.
Unauthorized deposits aren't nearly as much of a concern as unauthorized withdrawals, right? I'd imagine that there are far fewer malicious actors that try to deposit money into random bank accounts than there are ones that try to withdraw money from random bank accounts.
> And there’s no option for going in person.
Won't an in-person bank also take pictures of you via security cameras? I don't really understand your objection here, could you elaborate?
It seems like all expectation of privacy and anonymity evaporated in the last 5 years.
The www became infested with so-called "tech" companies acting as intermediaries (middlemen)
Lots of folks making money from surveillance ad system on the www. Oversized, unmanageable websites calling themselves "platforms"
The www is an ad network. Not a great place for non-commercial activity
Fortunately, the internet is more than the www. The internet was not created to collect behavioral data and deliver advertising as its primary purpose
People pay for an internet subscription, not a www subscription (or now a "social media subscription")
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
Maybe we need an alternative set of root servers for a free Internet.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
which brings you right back to verification...
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
Inbound mail on the other hand — notably, the OG form of Internet identification — is very achievable for a stick in the mud to set up.
Losing one’s Gmail account would likely have very little impact on one’s ability to send mail, but no longer being able to receive mail at a given address can be devastating. Set up your own domain!
Can't even do that. We'd need (ultra?) stable IP addresses, and the entities in charge of those don't hand them out anymore. We've sort of been cut out of the basic infrastructure to let us build stuff a second time.
Occasional communities may survive in a walled garden fashion.
Sorry, Tim Berners-Berners-Lee.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
I wonder if EU law could give every citizen a right to a google or Apple account, including a forced recovery option if the account is 'deactivated'?
If at some point such an account becomes essential to function in society, access to such an account becomes a legal mandate.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
"EU laws", the EU in general is plainly the excuse that will carry the day - people seem to believe this 'good cop' rendition.
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
I know it's a tangent.
The ability to seamlessly record, upload, comment, react on _everything_, _everwhere_, _all the time_ is not natural, and not necessary.
Let them keep the devices, whatever, but remove the internet access.
Or keep the internet access, but remove the display/audio/camera.
It's more enforceable in public than trying to enforce whatever age verification solution they come up with.
And it gives parents the ability to appeal to authority when they ask their children, and the parents of their child's friends, to stop giving kids access to such devices. Right now a lone parent trying to push for better/healthier online activity to their friend group looks like a crazy person.
But of course we know they aren't really interested in helping parents and children. They want the surveillance capabilities.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
Come on, do people seriously believe this will happen?
the beginning of the freedom of every person to become a developer
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
There absolutely is you're just not aware of it.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
Porn has always been around (national geographic, anyone), and parents can use screen time to limit access for their children if they want.
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.