Comment by btown
5 hours ago
One aspect of this normalization of photo uploading is that, if a platform allows user-generated content that can splash a modal to kids, a bad actor can do things like say “you need to re-verify or you’ll lose all your in-game currency, go here” and then collect photo identification without even needing to compromise identity verification providers!
I truly fear the harm that will be done before legislators realize what they’ve created. One only hopes that this prevents the EU and US from doing something similar.
The fundamental question that needs answering is: should we actually prevent minors below the age of X from accessing social media site Y? Is the harm done significant enough to warrant providing parents with a technical solution for giving them control over which sites their X-aged child signs up, and a solution that like actually works? Obviously pinky-swear "over 13?" checkboxes don't work, so this currently does not exist.
You can work through robustness issues like the one you bring up (photo uploading may not be a good method), we can discuss privacy trade-offs like adults without pretending this is the first time we legitimately need to make a privacy-functionality or privacy-societal need trade-off, etc. Heck, you can come up with various methods where not much privacy needs trading off, something pseudonymous and/or cryptographic and/or legislated OS-level device flags checked on signup and login.
But it makes no sense to jump to the minutiae without addressing the fundamental question.
> The fundamental question that needs answering is: should we actually prevent minors below the age of X from accessing social media site Y?
I suspect if you ask Hacker News commenters if we should put up any obstacles to accessing social media sites for anyone, a lot of people will tell you yes. The details don't matter. Bashing "social media" is popular here and anything that makes it harder for other people to use is viewed as a good thing.
What I've found to be more enlightening is to ask people if they'd be willing to accept the same limitations on Hacker News: Would they submit to ID review to prove they aren't a minor just to comment here? Or upvote? Or even access the algorithmic feed of user-generated content and comments? There's a lot of insistence that Hacker News would get an exception or doesn't count as social media under their ideal law, but in practice a site this large with user-generated content would likely need to adhere to the same laws.
So a better question might be: Would you be willing to submit to ID verification for the sites you participate in, as a fundamentally good thing for protecting minors from bad content on the internet?
> Would you be willing to submit to ID verification for the sites you participate in, as a fundamentally good thing for protecting minors from bad content on the internet?
The friction would be sufficient to give up. Arguably no loss to me and certainly none to the internet.
This is what has happened already, I am not giving my id to some shitty online provider. If I lose more sites so be it.
This is a good opportunity to link to the recent archive of Hacker News, for when this happens: https://news.ycombinator.com/item?id=46435308
> The details don't matter.
The details very much DO matter.
You can look at all manner of posts here on HN that explain exactly how you should do age verification without uploading IDs or giving central authority to some untrustworthy entity.
The fact that neither the governments proposing these laws nor the social media sites want to implement them those ways tells you that what these entities want isn't "verification" but "control".
And, yes, most of us object to that.
1 reply →
> The fundamental question that needs answering is: should we actually prevent minors below the age of X from accessing social media site Y?
This is only an interesting question if we can prevent it. We couldn't prevent minors from smoking, and that was in a world where you had to physically walk into a store to buy cigarettes. The internet is even more anonymous, remote-controlled, and wild-west. What makes us think we can actually effectively age gate the Internet, where even Nobody Knows You're A Dog (1993)[1].
1: https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_...
> We couldn't prevent minors from smoking,
Smoking rates among minors have plummeted and continue to decline.
That's not really a good example because the war on underage smoking has been a resounding success.
Yeah we didn't stop every single minor everywhere from ever smoking at any time, but the decline was dramatic.
1 reply →
The real solution, IMO, is a second internet. Domain names will be whitelisted, not blacklisted, and you must submit an application to some body or something.
I agree. There were attempts to do something like this with porn sites via the .xxx TLD I believe, but that inverts the problem. Don't force the public to go to a dark alley for their guilty pleasures. Instead, the sites that want to target kids need to be allowlisted. That is much more practical and palatable.
3 replies →
I dont see why phones can't come with a browser that does this. Parents could curate a whitelist like people curate playlists, and share it, and the browser would honor that.
Combined with some blacklisted apps (e.g., all other browsers), this would be a passable opt-in solution. I'm sure there's either a subscription or a small incentive for someone to build this that hopefully isn't "Scam children".
It's not like kids are using PCs, and if they use someone else's phone, that's at least a severely limiting factor.
2 replies →
AOL returns!
sounds like an app store
Nice job of sidestepping the "fundamental question" of whether that can be done and what damage it would do. You do not get to answer the question as you posed it in a vacuum.
It's not a "robustness issue". Nobody has proposed anything that works at all.
But to answer your "fundamental question", no. Age gating is dumb. Giving parents total control is also dumb.
Can we actually prevent children under 16 from buying beer?
If they are persistent enough, no. But then everyone knows it's not going to stop every child in every situation. It sets a president for what society thinks is a sensible limit though, and society raises children not just individual families or parents.
Do we want kids becoming alcoholics? Do we want them turning up drunk to school and disrupting classes? Do we want to give parents trying to do the right thing some backup? So they know that when their kid is alone they can expect that other adults set a similar example.
Sure, you can't stop a kid determined to consume alcohol. But I think the societal norm is an overall good thing.
The same should be applied to the online space, kids spend more and more time there. Porn, social media, gambling etc. should be just a much of a concern as alcohol.
Is there actually a difference between transactions between humans in meatspace (getting a government ID, then using it at a store) and age estimation algorithms?
It's never been about porn. By marking certain part of the internet "adult-only" you imply that the rest is "family-friendly" and parents can feel less bad about themselves leaving their children with iPads rather than actually parenting them, which is exactly what Big Tech wants for obvious reasons. If I had a child I'd rather have it watch porn than Cocomelon, which has been scientifically developed so that it turns your child's brain into seedless raspberry jam. Yet nobody's talking about the dangers of that, because everyone's occupied with <gasp> titties.
> If I had a child I'd rather have it watch porn than Cocomelon
As a parent that regularly fears who my children will encounter in the world, I’m glad there’s an “if” at the beginning of this sentence.
1 reply →
> I truly fear the harm that will be done before legislators realize what they’ve created.
Not defending the legislation as I overwhelmingly disagree with it, but if I recall, I don't think any of the age verification legislation specifies a specific implementation of how to verify age.
Requiring photos, or photo ID, or any other number of methods being employed, were all decided on by the various private companies. All the legislators did is tell everyone "you must verify age." The fault here is on Roblox as much as it is on the legislature and they should equally share blame.
How would you suggest they verify age? I am not aware of a good way to do it from a privacy and security perspective.
A digital ID, like someone said below. But people (in the UK at least) go mental about that, despite the government already having all the information anyway. Creating a easy way to securely share that information with a 3rd party for online verification is apparently the work of the devil.
In the real world you turn up in person with a passport, or maybe use snail mail as a way to verify an address which is hard to fake.
Online we have to pretend it is still the internet of the 90s where it's all just chill people having a fun time using their handle...
It doesn't have to be exclusively digital. You can be psuedoanonymous using some form of key as verification. To get a key, you have to present your ID in person at, for example, the social security office or local DOL.
All the key does is attest that "this person is over X years old" with no other identifying information associated with it.
I think blending in person & digital together is going to be the best way forward. Like going to the store and buying alcohol. I have little privacy risk from the cashier glancing at my ID for a second to check my birth date.
1 reply →
You can take a look at what Switzerland is about to do:
https://www.homburger.ch/de/insights/swiss-voters-approve-ne...!
3 replies →
I’m sorry to say that a number of US states have instituted age verification laws over the past year
Aka, morality laws mostly.
i call this slipstreaming, it can even occur during the signup yeah, once the bouncing around to many domains / uploading photos is psychologically normalized havoc can ensue. this is the greater evil.
I'm optimistic actually. I think "Gen Alpha" is gonna be alright and sufficiently wary of Internet sharing and privacy. Unlike the previous few generations, esp. Milleneals and to a somewhat lesser extent Gen Z and Boomers, who have massively over-shared and are now reaping some of the horrible harvest that comes from that oversharing. Today's teens and tweens seem to finally be getting the message.
I also actually think AI might be a savior here. The ability to fake realistic 18+ year old selfies might help put the nail in the coffin of these idiotic "share a photo with the Internet" verification methods.
I otherwise agree with what you're saying, but I think the ratio of conscientious people has fluctuated over time across all generations. It has more to do with what year it is than how old they are.