What we call "age verification" is actually mass surveillance

>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.

its been said 1000 times here, but: age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording unless you are somehow hoping to achieve 100% success rate (something we have not done with any other law ever). there are several reasonable proposals that would be 90%+ successful without stepping on anyone's toes.

i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.

>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.

i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.

Could you be more specific as to what you're imagining? I don't personally see a way to verify someone's age which doesn't involve either credit card verification, photo id verification, or some sort of facial recognition. If you know enough about someone to verify their age—even to a relatively low degree of accuracy—you probably know enough to pinpoint who they are in general.

Heck—in most cases, we can't even tell the difference between humans and bots anymore! And it's true that we basically accept that some bots will slip through the cracks—but identifying bots also strikes me as significantly easier than identifying children.

The age verification that doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording is called parental controls and it already exists in most systems. It doesn't require any proof of ID, internet connection, complex distributed systems, and so on. And it has near 100% success rate.

Where are these mythical sweet-spot solutions? Concretely, half the websites I visit from the UK want me to either scan my face or upload ID documents to access their full featureset. Now that users have been conditioned to accept this, nobody seems very interested in figuring out how to collect less PII - only insulating themselves from liability by having the data processed by a third party.

Exactly. The same way that selling alcohol doesn’t require a paper trail of every beer I’ve bought.

What's the point in making this distinction? This is HN, 99% of the users here are aware of what zero knowledge proof is and that it's possible to implement it that way.

The general consensus and what the article is alluding to is that it will be probably implemented in a way that allows individual tracking and identification.

The so-called "social media" companies' core "business model" requires acquiring ad targets. This includes data collection and surveillance. These companies in the past have bragged to advertisers and the public about how much they know about these targets. Statements like, "We know more about you than your friends and family."

Now, is this really true. Probably not. It's exaggeration. It's hype

But these companies have learned that 100% correct is not necessary to make money. For example, if they are correct 80% of the time, then maybe that's good enough

A law that achieves an 80% reduction in youth ad targets might also be "good enough"

The toes getting stepped on belong to the companies

The troubled kids who will access these companies' websites come hell or high water, the 20%, are unlikely to complain

Complaints come from the companies and those who rely on these companies to make money. Like the author of this blog post, they keep calling a handful of Big Tech websites/app endpoints "the internet"

Their toes are going to get crushed

Parents largely control what their kids have access to, whether it requires a device, a data plan, home Wi-Fi, whatever. Where parents don't/can't control their kids' access, no amount of regulation and technology will fix it.

This applies not just to social media, but drugs, alcohol, porn, etc. Yes, laws and IDs add friction and that's good, but if a kid really wants those things they are going to find a way.

Social media already had built in friction without needing new regulations and ID requirements. To access social media you need a relatively expensive (for kids) device and some way to connect that device to the Internet, which is also not free.

The biggest problem I see is that unlike alcohol, drugs, and porn, there are seemingly benign reasons for kids to use social media. Sports teams, dance classes, youth groups, etc. all want to keep in touch and allow group communication. Too often the adults in charge turn to Instagram or whatever social media app for the group communication. Now, unfortunately, your kid needs an IG account.

You can't spy on kids without spying on everyone, and in any case they're interested in the everyone part. Ultimately they want 24x7, realtime facial & biometric monitoring of everyone using any "approved" device, and be sure that only approved devices will be able to join networks and do stuff upon them, so for those brave nerds thinking they can survive on GhostBSD from their basement, yes you can, but as Gandalf said, you can only fence yourself in, but not fence the world out. Sooner or later they'll come for everyone.

>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.

Hilarious that the author doesn't think that this isn't already happening.

My main concern is transparency. How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?

If we are all subject to the same monitoring and there are no exceptions, that would be fair. However, if some people are exempt from monitoring because of their connections, relations, etc. then that would be unfair.

And if some people are allowed to harass and stalk others based on some attribute (race, religion, nationality, etc.) because they are in a monitoring position (while others are not) then that would be unfair as well.

We need full transparency.

Actual title, original title: Spying on kids to protect kids from spying is very, very stupid

I don’t think saving them from spying is the main concern. Instead it’s the direct negative effects of the usage upon the kids that’s the concern. Not that age verification isn’t problematic

This idea sounds like the death of social media. Remove anyone under 18 ensures they won't signup after. Forcing id verification means 70-80% of adult accounts will be dead. Network effects disappear. Those who remain will be businesses pushing something, hackers/spammers and some die hard group.

In Canada the approach is going to be that social media and AI companies will need to figure out a system where those under 16 can’t access content. The government will be able to grant exemptions if the company can satisfy regulators that they have built and maintained adequate, alternative structural safeguards to protect children on their platform.

Further to that, companies are required to do this in a strict data minimization approach, results need to be anonymized and destroyed immediately after the check is complete.

The internet has grown into a bit of a letdown to some degree, especially social media. If I have to upload an ID or insert a grey hair into a scanner, that website or app will be dead to me and I will move on to something else or nothing at all.

This reminds me of being refused entry to a nightclub in the US because I’d forgotten my passport, even though I had a European ID card and I’m over 40. Offline, age checks already often become rigid “approved identity document” checks. Online, that problem seems even worse, because the check can become a persistent identity layer across the web.

The main problem is providing infrastructure for a government that can over use it in future if move to ultra right/left/authoritarian spectrum

Just for example Russia build infrastructure for blocks website for child safety, but it started to used much further

The slippery slope argument is hugely valid, but having kids not have access to alcohol, porn and guns is very normal. We don't even discuss it in the 'physical world' because it's absolutely normative.

Even in 'Europe' kids aren't going into the liquor store stocking up obviously - there are always age and responsibility-related conventions.

The 'online' nature of this piques our anti-authoritarian triggers and tends to err our judgment a bit.

There are valid reasons to do this, and there is 'a right way' - maybe we should have some hope and promote that.

I'm not hugely optimistic that they'll get it right, but we should aspire for to build the world we want. There's enough momentum that it's plausible.

We're cooked. The young kids I teach are unfortunately completely accustomed to go guardian spying on them at school. The admin constantly reinforce the need to dissect the internet, treat Chromebooks as media consumption devices, not computers. I hear it will be even worse here next year. Not sure how.

These people are obsessed with risk mitigation that it's not even worth having tech class anymore. No risk. 100% control all the time.

Could we step back a little and maybe revisit the premise that we need the gov't to be protecting children to begin with? That's what parents are supposed to be doing.

In general I'm opposed to this kind of regulation, but as a thought exercise, we do have the primitives needed to do age (or any other attribute) verification in a privacy-preserving and decentralized way.

You could imagine a hierarchy of organizations (governments, financial institutions, schools, etc) that a website trusts to verify some attribute (minimum age, citizenship, etc). Those organizations can attest that some identifier like an email address has been verified to belong to a real individual with that attribute, and that organization belongs to the hierarchy the website trusts, without revealing anything else about the user, the exact verifying organization, or the requesting website.

Could we instead disallow algorithmic skinner-box addiction machines for everyone?

The new laws in the US don't require any real verification. Parents who care will just select a flag on device/OS setup that gets passed to websites. They can also just lie if they really want to. In the EU, they are trying to verify age with zero knowledge proofs.

It would be nice if the author actually spelled out the specific weaknesses of those approaches or even just referenced those laws instead of fear-mongering about "spying on kids", but I suppose that would be to much to ask of someone who made a career out of vibes based rage. Ironic that Doctorow is so eager to capitalize on the enshittification of journalism.

This is a very strong argument simply put

Am I the only one who looked at NSFW websites at 10 years old and played games with voice chat with players of all ages too, and I turned out to be well adjusted productive member of society? People need to chill.

I grew up during the 90s/2000s and I used the internet, first social media platforms, messengers, etc. – a lot. My parents had no idea of computers, how to use them, how to use the internet, what is out there etc. Yet I am convinced that the way my parents dealt with it is still the gold standard.

Their parenting equipped me well to deal with weird, dangerous or otherwise harmful things I encountered. They were the kind of parents who would let us play in the woods till 9 in the evening, no questions asked if there were scratched knees or dirty cloths. If there was something they thought might be problematic, they talked to us in a way that left the ultimate decision how to deal with a situation with us, displaying a high level of trust into our ability to make good decisions ourselves (and sometimes letting us make bad ones just to talk about it after the fact).

Turns out if you want your kid to be able to deal with unexpected situations you need them to deal with situations, period. And the opposite of that is what I even back then saw with many of my friends parents: trying to shield their kid from every encountering (and mastering!) even the tiniest of dangers themselves, alone. You think you tell your kid about the dangers of the world, so they know, but the actual lesson you teach is that only their parent knows what is and isn't dangerous and that they themselves can't be trusted to judge it. That is a bad lesson.

Don't get me wrong, we did stupid stuff, like jumping of bridges into rivers and so on. But we were very careful about how we did it, diving beforehand, etc. The real stupid stuff in my youth was all done by other kids that had never learned to judge risks themselves and who in one brazen attempt of rebellion bit off more than they could chew in one go. That landed them in the hospital. My brother and I were the only kids in our friends circle who made it to 18 without having broken a single bone in our bodies, despite being regular skateboarders, snowboarders, climbers, cliff jumpers and all other kinds of borderline insane past-times, some of which don't even have a name.

One aspect: Since my parents had no idea what was on the internet and how to protect against specific dangers lurking within it an educational method that didn't have to rely on them knowing and enumerating every danger in the world proved to be a really smart choice in hindsight. Since the landscapes of social media especially for kids and young teenagers is shifting constantly at a high pace, any parenting ideas would need to keep track of all this as well. I can't even imagine how that would work.

The alternative is to ban everything. But how do they build a healthy immune system if they are never even exposed to the mild dangers first?

The bigger threat to kids is all the browsers now bypassing domain filtering by default, even if you specify a DNS server. There was a time when multiple vendors sold protection software, but apparently some unsavory elements wanted all the browsers to build in DNS bypassing to go around it. The best protection for children is blocking the bad stuff at the DNS level.

here's alternative legislation that should be at least as effective without the mass surveillance aspect:

* as your kid's legal guardian you're legally liable for whatever the fuck your kid does, including but not limited to harming themselves: Parents should care for their kids

* platforms will do their best to not be available to minors unless minors are actually their core audience, will inform monthly how they did that, and the bottom 10% of achievers will pay an escalating percentual of their valuation as fine for each instance where they're found lacking: Platforms should care about kids as a category of people

* posession of personally identifiable information about an unrelated minor by any unrelated person/company without a clear and preapproved reason is grounds for a child abuse investigation on every person anywhere in the chain of custody of said data: Children's PII should be such a hassle to manage it's not worth taking

I also dislike how confident people are in children's technical skills. It's really not hard at all to block VPN's. It's actually relatively easy to block certain content on your internet devices. I get it, kids are smart, but why do we think everyone is a malicious person who also has the ability to bypass all the restrictions?

Perhaps it's the parents who are too dumb to understand how to configure a network?

If it's stupid but it works it ain't stupid.

i was thinking of having a mobile/tablet with kiosk mode and full restrictions on the content.

My solution is simple: Fine companies that allow minors. How you implement that is not my problem! Something that is severely lacking in tech is liability!

What's with the "we can't do that" helplessness that pervades this topic?

> What we call "age verification" is actually mass surveillance

Thank you.

It has never been about "protecting the children" either. That was always a lie - the red herring. Many pointed that out from the get go too.

The much more fascinating thing is how legislation is still being actively changed to sustain that narrative. This is like a pre-scripted event what we are seeing here. I find it quite fascinating. It shows how real lobbyism actually works.

My prediction is that mandatory age sniffing will come, they will continue to claim it is all for children, and the openness of the world wide web will factually be transformed into a two-class apartheid system. The latter has already happened actually - you have walled gardens e. g. discord rather than oldschool phpBB webforums (aka privately controlled access to information), Google already ruined its search engine, AI slop continues to ruin more here. These are all not isolated. This is a deliberate mega-slop attack, combined with payments to key lobbyists. We see a degradation of services here. That they attack VPNs is very logical - after all VPNs allow people to break out of the global ghetto system they are building here. They want to know who is who.

Interestingly I see this attack also related to them trying to abolish the right to repair movement. Now, there is no direct connection here, but right to repair also attempts to put people at the center - you purchased something, you should be able to freely change it to your own liking, without some random private company being able to proxy-deny any change to that. With mandatory age sniffing coming, it also means that people will lose the ability to change software. Recently a university here in Europe started to demand that students must own a smartphone AND must install an app from a private company (via google store) in order to be able to read email sent to them via a webmail account. I also found this fascinating, because now people need to submit to Google, in order to study in a small european country, if they study at that university (which is paid for by taxpayers by the way). These interdependencies will keep on increasing here. Even Linux will fall victim - systemd already added data fields to track your age. More to come in the future despite Poettering's claim that it is all very, very harmless. Until it is not. And then it is too late.

I'm just gonna say here that all of this, whatever solution whatever unaccountable political group decides is the one, can only be built by tech workers. All of these require fingers hitting keys to produce code to function.

If we unified and refused, it wouldn't happen. It couldn't happen. I am begging my fellow developers in this space to remember that you are WORKERS. The owning class will throw you into the meat grinder with every other worker the second it's convenient to their wealth extraction.

Throw down your tools and say no.

If you find yourself tasked with implementing age verification shit you think is profoundly unethical, don't build it.

If you find yourself building products you know to be harmful, refuse.

If you find yourself put against a wall to ship garbage you know doesn't work to check boxes for some fucking CEO, stop.

We are the tip of the spear in the global effort to make the world more surveilled, more dangerous, less free, and more expensive. We have a CHOICE and we have to start making it.

And yes, it may cost you your job. It'll certainly cost you status. Your boss will hate you. But the last year or so has made it abundantly clear that whatever professional "safety" we feel is not warranted. We are just as replaceable as the delivery drivers who get caught pissing in bottles.

Arab spring, Gaza genocide and genZ revolutions lately has the attention of the oligarchy... The war for youth attention and minds

This whole shitshow thread is a bunch of techies coming up with more inane and erudite ways to implement spying on every web activity, but 'technically better'.

And people here are NOT asking why its even needed at all. This is what those ethics classes are for - not asking HOW to make, but whether we should at all.

And invasive country identity level online personas is NEVER something we should ever go for. This is basically "FLOCK ONLINE". And we see how devastating Flock is, even when pigs only have access.

No ID scans. No eyeball scans. No face scans. Im done with all of it.

Security and Privacy are not the same thing.

Perhaps save kids from peter file gangsters first? If local police protects child molesters, and government supports it... Very difficult to take this child internet protection seriously!!!

What an exceptionally bad faith way to put this whole thing. A five year old watching hours of the most depraved porn available is harmful to that child. Even if you disagree with that statement, you surely must acknowledge that it is an entirely reasonable opinion to hold and one our societies have generally held to this sort of thing for ages.

I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented.

There is also a reasonable debate to be had about the merits of various technical and legal schemes being implemented to achieve these goals.

But this take is neither of those. For one, surveillance isn't the number one harm being prevented (even though, a number of legal codes attempt to make this the case).

As has been pointed out previously, there absolutely can be age verification that is without surveillance. The fact that these solutions aren't always legally mandated and therefore age verification can be used to increase surveillance is a reasonable thing to attempt to amend to the implementations of these laws.

This applies not just to social media, but drugs, alcohol, porn, etc. Yes, laws and IDs add friction and that's good, but if a kid really wants those things they are going to find a way.

Even as an adult who doesn't use social media, I find the use of Facebook as a company home page, or using it as a forum for group communication, to be problematic. Especially as Meta makes it more and more difficult to see content without an account.

>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.

Hilarious that the author doesn't think that this isn't already happening.

You can always have more of it. Currently, you can use some technical tools like Tor Browser to protect yourself. Age verification makes it easier to block them.

My main concern is transparency. How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?

We need full transparency.

> How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?

It's not even just about the current people in charge or with access. Who's next? The "trust us" approach doesn't work when trust has already been broken with the people, or in a scenario where the data will change hands to an unknown future administration.

The best way to win my trust is to not even want the data in the first place.

Transparency doesn't matter without consequences. Many of the currently ruling governments have demonstrated that already.

> We need full transparency.

A couple years ago I would have tended to agree with you, transparency would be a good first step. But then I have recently seen demonstrated that transparency just proves that you do not need to hide corruption as long as a powerful bloc of voters actually agrees with your corrupt position. I think what we really are going to need is consequences defined ahead of time, along with an enforcement mechanism not easily corrupted itself. This is hard. But it is a topic we will hopefully be spending quality time working out over the next few years anyway.

> exempting themselves from monitoring

Wasn’t that in the Chat Control proposal? i.e. politicians and other important individuals are exempt

> If we are all subject to the same monitoring and there are no exceptions, that would be fair.

Not everyone is an exhibitionist. Some people thrive when they are very public about their life. Some prefer a much more private life.

>How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?

Ah, so except for THE ENTIRE FUCKING PROBLEM, this is fine.

>And if some people are allowed to harass and stalk others based on some attribute (race, religion, nationality, etc.) because they are in a monitoring position (while others are not) then that would be unfair as well.

Yes, we wouldn't want racial profiling in our Orwellian hellscape. That would truly put it over the edge.

They are 100% abusing until proven otherwise. Naive to think otherwise.

Actual title, original title: Spying on kids to protect kids from spying is very, very stupid

I don’t think saving them from spying is the main concern. Instead it’s the direct negative effects of the usage upon the kids that’s the concern. Not that age verification isn’t problematic

The possibly too subtle point of this article is that the spying is what makes the negative effects so powerful. Social media spies on what you are viewing and then sends you more of that, and send the info to other people so they can send you more of that too

Then ban underage smartphones altogether, that would probably make the single biggest improvement in child safety and mental health. Trying to police content is an utter waste of time.

Have you been on instagram lately? We're already there.