Anyone reading this purely as a child safety or campaign finance story might miss the broader architectural war happening here. If you zoom out a little, this is the inevitable, scorched-earth retaliation for Apple's ATT rollout from a few years back.
Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
I was equally impressed/terrified by Apple's marketing blitz around client-side-scanning. So many people got paid to advocate for that, and the community barely convinced them it was a bad idea. There's not much hope left for any of FAANG deliberately resisting surveillance.
That law is perhaps an annoyance for Apple, but it can't cost them billions, can it? I seriously doubt that it would cost Apple more than the several hundred million dollars Meta still needs to funnel in order to get those laws passed in more states.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
> That law is perhaps an annoyance for Apple, but it can't cost them billions, can it?
The CEO has 24h in the day, and he/she is asked to be deposed (laws and legal system has that power), it chips away from grand visions. It isnt just money, you cant just stand up a team and be done with it. Everybody will be coming at you.
Expect to see a lot "Y alleges Apple didnt do enough to protect kids" and the burden of proof will be on Apple to make their executives available.
Well, I certainly prefer if big tech fight each other instead of the user as sometimes there might even come something good out of it - like elevated privacy in Apple's ATT case.
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
Sometimes something good (ATT). Sometimes something bad (this terrible age-verification thing that is a huge barrier to entry for small entrants and comes with massive state surveillance risk).
In the end, all the little people are just collateral damage or occasionally they get some collateral benefits from wherever the munitions land.
All they had to do was exempt free and open source software from the requirements, which are unworkable in the FOSS context anyway, and they would have gotten away scot-free with their tech company pillow fight.
But no, they had to let collateral damage frag the free software crowd, which is inconsequential to their aims anyway, but 100% a huge concern for those suffering the collateral damage.
I'm incredibly dubious of the conclusions of this researcher. Claude Opus was used to gather and analyze all of the data.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
I agree. I tried reading some of the documents and they're full of this:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
Some of these are also just like really weak? One of them for example seems to be some random employee at FB donating ~$1k to a politician and calling that a link. The entire "Proven Findings" is all over the place and provides no coherence. I don't think it's a particular secret that Meta would prefer age verification be done at the OS level so I'm not really sure what the added claim here is.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
This is a fascinating report, not because of the content or even quality of the report, but because of the way it was generated. It is an AI generated report dumped into GitHub and has made it onto the front page of Hacker News with over 1,000 upvotes and many comments.
This type of GitHub-based open-source research project will become more common as more people use tools like Claude Code or Codex for research.
In one part of the report, there seems to be this implicit assumption that Linux and Horizon OS (Meta's VR OS) are somehow comparable and that Meta will be better equipped than Linux if age verification is required.
It doesn't explicitly say "This will allow Horizon OS to become the defacto OS and Linux will die out" but that seems to be the impression I'm getting which uhh... would make zero sense.
More broadly, this entire report (and others like it) are extremely annoying in that I've seen some Reddit comments either taking "lots of text" as a signal of quality or asking "Does anyone have proof that these claims are inaccurate" which is
a) Of course entirely backwards as far as burden of proof
b) Not even the right rubick because it's not facts versus lies, it's manufactured intent/correlations versus real life intent/correlations (ie; bullshit versus not)
All of this could be factually true without Meta being smart enough to play 5D chess
Or of authority, when they're not equipped to evaluate the data first-hand.
The Gish gallop technique in debate overwhelms opponents with so many arguments that they're unable to address them all before the time limit. Reports presented like this are functionally that, but against reader comprehension and attention.
Similarly, being the first, loudest, or only voice claim is unreasonably effective at establishing perception of authority, where being unchallenged is tantamount to correctness. This also goes both ways; censorship in media, for instance, can be used to promote narratives by silencing competing views, like platforms selectively amplifying certain topics to frame them as more proven and widely supported than they might actually be.
It's unfortunate that inexpert execution often positions well-meaning and potentially correct arguments to be discredited and derided by prepared opponents before their merits can be established. In this case, it may be true that Meta may have organized a well-coordinated shadow campaign for legislation using technically legal channels, but I'm sure they've anticipated this at some point, or are relying on the inertia of the system and initial buy-in to force the course.
I know most of this affects only the US, but I'm wondering where this will go in the EU if the Age Verification Tech goes ahead in America. There's been lots of efforts to increase surveillance disguised as protection for kids in the EU and UK.
The Swiss implementation of eID may be hint that governments may/will take the responsibility to implement and maintain the tech, but the multiple intrusions and lobbying by Palantir and friends in the EU gives me the ick.
The Swiss eID is open source[1] and it's usage will be limited. Any type of age verification for online service would need go to a vote and would probably loose. "Eigenverantwortung", it is the parents job to look after the kids, not the state.
You can't just push responsibility for the kids to the parents, where is the world going? This is madness.
The next thing you are going to claim kids from young age shouldn't have fully unlocked smart phones, shouldn't install any app and so on. Where is the end of this? Are you telling me parents should spend more time with kids, heck even be their role models although it is much harder compared to just giving up on them and let the glorious internet and various fashionate toxic tribes raise them? Blasphemy!!!
The EU, unfortunately, has shown to be very susceptible to this kind of lobbying in the past. We regularly see legislation that is being rammed and rushed through in spite of vocal opposition. I would be very, very worried. (EU citizen)
The EU puts a nice shine on things, but there are systemic and fundamental characteristics of the EU that not only make it more susceptible to "lobbying" and ignoring the electorate; which are also far more difficult to change by that electorate than in the USA where we still have direct elections of individuals not party lists (in most cases) that cause total loyalty to the party, not the constituency.
This is because it's not an EU/Canada/US thing as much as some would like to make it. It's a "losing that one election" thing. "What about the Children" always sells. What the EU/Canada have is that the US got hit with this wave first so they can see the results. That's a data point the American Voter only had in theory, not in example form. The recent uptick of nationalism has people thinking there's some essentialism between states and there really isn't - anyone who's travelled in more places than the city knows it.
Yep. Sadly the EU is more or less lost, and freedom online will be squashed. I would not be surprised if age verification will tie in with the EU digital wallet, and with the EU democracy shield surveillance project, so that any opposition to Brussels ideological stance will get you disconnected from your bank, money, purchases, and your ability to ID yourself.
Basically, the chinese, through WTO, managed to utilize corona to show politicians, regardless of color, the enormous power of complete digital control of the population.
Our spineless and incompetent EU politicians thought it very erotic, and are now ramming it down our throats.
I don't really see a way to stop this apart from moving to south america or africa, to a small country with a weak government.
Not only the US. In the updated post [1] that was deleted at Reddit [2], it is commented there are three firms confirmed operating for Meta in both EU and US jurisdictions,
Firm: Trilligent (APCO Worldwide subsidiary), EU Role: EUR 680K for AI Act, DMA, DSA. US Connection: APCO offices in DC; Meta VP calls them "integrated members of our Meta team".
Firm: White & Case LLP, EU Role: EUR 50-100K. digital markets/services. US Connection: Lead international outside counsel, 70+ lawyer team.
Firm: FTI Consulting Belgium, EU Role: EUR 10-25K. US Connection: Subsidiary of FTI Consulting Inc (NYSE: FCN, HQ Washington DC).
This sounds like the mere tip of the iceberg, as it is commented that they maintain two separate networks with no overlap (their age verification lobbying goes through local specialists with no international footprint).
Trilligent (APCO Worldwide subsidiary), clients for closed financial year, Jan 2024 - Dec 2024,
- meta platforms ireland limited and its various subsidiaries, 50'000€ - 99'999€: EU Green Deal, EU AI Act, the European strategy for a better internet for kids (BIK+), online safety.
- verifymy limited ( age verification business), 0€ - 10'000€: Digital Services Act; eIDAS Regulation; Strategy for a better Internet for kids (BIK+); EU Artificial Intelligence Act; General Data Protection Regulation.
- user rights gmbh, 0€ - 10'000€: Digital Services Act.
Is it stupid or intentional? I believe the latter. There are many layers that these kinds of things go through before they are pushed in that manner and not in a "smart" manner that respects rights of the majority of the population. They are chasing this path for deliberate reasons, regardless of what they may be, or whether you like it or not. Ironically, they can only engage in these "stupid" things because people don't force them to not engage in "stupid things". Silence in consent in these kinds of cases.
I keep emailing my (Labour) MP about this, I suggest you do the same! I get the standard "protecting the children" response. I am not voting Labour again if this madness is still in place (or worse!) at the next GE.
Why do you think the EU would not also jump on the bandwagon if the OS makers have already done the work to comply with US laws? It would be less work on the OS makers to make it for all users rather than trying to determine what jurisdiction the computer was being used and to know if the verification was necessary based on that.
> The Swiss implementation of eID may be hint that governments may/will take the responsibility to implement and maintain the tech
Switzerland will be the exception, not the rule when it comes to internet ID debauchery.
> ... but I'm wondering where this will go in the EU
There's more money spent in lobbyism in the EU than anywhere else in the world. Lobbyism and downright corruption: like Qatari bribing EU MEPs [1] and police finding 1 million EUR in bills hidden at a MEP's apartment (in this case a bribe to explain publicly that Qatar is a country oh-so-respectful of human rights).
The EU is way more corrupt than the US and in many EU countries there's little private sector compared to the US. In France for example more than 60% of the GDP is public spending and all the big companies are state or partially state-owned or owned by people very close to the state.
And as to american companies bribing EU politicians: it's nothing new. IBM and Microsoft for example are two names everybody in the business knows have been splurging money to buy influence and illegal kickbacks have always been flying. It's just the way things have always been operating. Today you can very likely add Google and Palantir etc. to the list but it's nothing new.
EU politicians are whores. And cheap whores at that: investigative journalists have shown, in the past, the little amount of money that was needed to buy their votes. Most of them go into politics to extract as much taxpayers money as they can for their own benefit. They of course love to get bribes.
Also to try to not get caught, EU politicians voted themselves special powers and it's very difficult for the regular police to enter official EU buildings. I know an police inspector who went and arrested a MEP for possession of child porn: it required a very long procedure, way longer than usual, and the request of special authorization allowing them to enter the EU parliament (or EU commission, don't remember which but I think it was MEP at the EP).
American companies bribing EU politicians should scare you indeed: it's been ongoing since forever.
> The Swiss implementation of eID may be hint that governments may/will take the responsibility
Switzerland is in Europe but it's not in the EU: it's not representative of the insane corruption present in the EU institutions.
one hypothesis for why meta wants this is because AI (including its own push for it) has turned much of the internet and its social media platforms into slopfarms and clickbots that advertisers are increasingly moving away from.
The real driver is as always, ad revenue. This time, advertisers want and need to know a real human is engaging the brand and Meta cannot see any other way in sight to assure this fact save for age verification.
this is just the latest evolution of surveillance capitalism.
I think age verification laws are good in principle - there's a lot of stuff on the internet that people should be protected from. But it's the manner of age verification that is the issue.
The EU has zero knowledge proof age verification systems, e.g. through your bank, which are secure and don't involve sending a copy of your ID and / or face scan to a dodgy US based 3rd party.
I disagree. What if, hear me out, parents actually parent, instead of relegating the parenting to companies, and ruining the internet for the rest of us?
Zero knowledge is not true. All chains rely, ultimately, on a place where ID:s are stored, and from there, they will leak. That place can also be engineered to undo the zero knowledge design. Couple that with the already in place, surveillance by ISP:s within the EU, and it becomes obvious that zero knowledge is a scam, and only valid under unreal conditions that will never apply in the EU, and only in isolation, and not looking at the entire system.
I think these laws are a poor second-best substitute for proper moderation on the big content platforms.
As it stands one should be happy if Meta catches most calls for the extermination of an ethnicity on its platform, that they would provide capabilities that allows a kid to protect themselves from bullying or grooming is just unimaginable.
The US has a large unbanked population that is currently fighting the trend of places discovering they can get rid of undesirable poorer customers by refusing to accept cash. These people would then lose access to many services on the Internet now due to parents refusing to parent.
I expect the internet to be overrun with noise due to bots. So I have a feeling that eIDs are inevitable as a solution in the long run. If that is the case shouldn't we push for zero knowledge solutions?
Apparently most of the “original” report was done by Claude (https://news.ycombinator.com/item?id=47366804). And now paraphrased on various ad-space (and in this case affiliate link) sellers, probably also by Claude. Claude is the only real journalist here.
Personally I’d rather not see reposts of posts this recent, especially LLM posts.
I came to the comments dissatisfied with the writing.
Or maybe more specifically the structure, idk not much of a writer, but many of the sentences are solid journalist quality yet the right background is not being set nor the right transitions being given etc.
My dissatisfaction mode used to be boring high school newspaper sentences but the kids still seem to _assemble_ the details a tiny bit better.
These discussions remind me so much of the US discussions about federal ID documents as verification.
There's a vocal portion of people which opposes any solution because "privacy, government overreach, surveillance ...". So instead of a solution like e.g. zero-proof age verification, that tries to minimize intrusions on privacy, the result is the worst of all worlds, maximum surveillance (but I guess it's ok if it is not the federal government, but meta), with minimum utility. Just look at the freaking mess that is trying to proof your identity in the US.
For there to be a solution, there needs to be a problem. These bills are not addressing a problem. Assume the online platform has a video feed of my kid, or their SSN, or a zero-knowledge-proof of age, or whatever.
Now, what will the platform do with it? Concretely? As in: Name one bad outcome a reasonable parent would care about that's prohibited under these bills. If the bad thing happens due to willful negligence, then there needs to be some actual material consequence to someone at the platform provider.
>Name one bad outcome a reasonable parent would care about that's prohibited under these bills.
the bad outcomes don't need to be prohibited under these bills. it's already illegal to, for example, distribute pornography to minors. which i think is something that a reasonable parent would have a problem with.
but if there is no way to determine who is a minor and who isn't, then it's impossible to determine the difference between "willful negligence" and regular old negligence and enforce any consequences for breaking that law. age verification laws are about mechanisms to make other, already existing laws actually enforceable.
I can't speak for proof of identity in the US, but please understand that digital privacy is a slippery slope we're already sliding down, it is not unreasonable to be critical of any privacy violating initiative, because privacy is never given back, only taken away.
this position assumes the surveillance state or megacorps would be satisfied with a zero knowledge proof based ID/age verification system, which is not at all obvious to me
meta could spend their billions lobbying for that, if they wanted to
edit: to be clear, I do think a government developed and maintained ZKP ID/age system is the best possible compromise, I just don't think we have any chance of getting it
It's a bait and switch that can be seen by even Ray Charles from a mile away. ZKP assurances is just part of the high-IQ "useful idiots" spreading buy in for the bait.
Please explain how opposition to privacy invasive solutions result in even more privacy invasive solutions being implemented? Is it purely out of spite from the lawmakers? This logic doesn't follow.
It’s obviously worse for your privacy to have third parties handle full images of your drivers license or video of your entire face, which can then be leaked, rather than using a zero knowledge proof that only sends e.g. a birth year. And no, it’s not spite, it’s incoherence. Lawmakers are single minded seekers of re-election to a first degree approximation and will do things to get votes, even if those things don’t logically make sense together, such as requiring age verification without providing the tools for companies to abide by the law themselves.
Because we’re currently still in the phase where lawmakers are telling tech companies “please find a solution for this issue.” At some point, as has happened in the past with other issues, this will change to “solve this issue, here’s exactly how you have to do it.”
The logic not flowing is the point. People against a federal ID say it is government overreach into state's rights. They consider it the feds invading citizen's rights. They have no need, as it is the purview of the states. So in lieu of a federal ID, private companies are coming up with privacy invading techniques to attempt to verify age. How would one be okay with a private company's invasion of privacy yet not the government's? An invasion of privacy is an invasion of privacy regardless of the one doing the invading.
Ignoring the reality that some system of age (and ID verification, for certain tasks) system is desired by a significant portion of the population, and does have utility (despite the shouts for "just parent your children") is simply sticking your head in the sand. So by opposing any solution (even solutions that preserve privacy, like zero-knowledge), you make privacy concerns seem unreasonable and weaken stances opposing the more privacy invasive solutions.
When I hear this argument ("better the government do it than a private company") I recoil. The government is sovereign, only accepts lawsuits at its discretion, and can use violence to get its way. We also know for a fact that it abuses its powers and conducts surreptitious unlawful campaigns against its citizens.
I'm not on board with any of it, but the last thing I want is the government to control it.
The government is also, at least theoretically, democratic and accountable to the population.
Meta on the other hand is a dictatorship run by Zuck that's only marginally accountable to stockholders (which are only a small subset of the population).
When the government is working as intended, and have not abdicated their duties to the people, the government at least has controls over what they can and cannot do. Yes, they have a monopoly on violence, but they also in theory have lots of controls.
For example, the government cannot silence your speech, but a private company can. The government cannot share your data with others, a private company can.
Unfortunately the government has abdicated their duties and so you think they are worse than a private company.
This seems like a very easy problem. The government has birth records, passports, ssn, phone records, etc. so they could provide an age bracket to anybody that needs it. But instead a private corporation will get to do this and create an absolute mess à la Palantir.
That requires a high level of trust in your current government and whomever is in charge in the future.
Its worth remembering how the Nazis so efficiently found Jews in the Netherlands. The Dutch government kept meticulous records, including things like your name, address, and religious affiliation. That wasn't a big deal until the Nazis rolled in, throw in some level of Nazi sympathizers in the Dutch government and it wasn't hard for them to track down anyone they wanted to find.
Because this does not address the problem at all. Or rather - it does not address my problems as a citizen, and it just pushes responsibility of parents onto 3rd parties and punishes everyone collectively for it.
Also fundamentally speaking - this does just take away your right to privacy. do you just let your rights be taken away?
I don't want 'minimization' of intrusion of privacy, i want no intrusion of privacy.
> So instead of a solution like e.g. zero-proof age verification
A solution to what, though? I oppose any solution because I disagree with your premise: this is not a real problem. We do not need to do anything about it, and any cost would be too high.
Why exactly are you extending them the benefit of the doubt when they've proven they don't deserve it over and over again? Even if zero-proof age verification emerged as a strong political alternative I'd fully expect the final bill to have a carve out of the zero proof exemption for the government in it, a backdoor in encryption scheme essentially. Here you tell me that isn't zero proof, which is true but wouldn't change the name on the bill one iota.
Yup. And like the Clipper chip but with much less pushback. It's a weaponized manufacturing consent campaign to fool people into giving up their privacy and anonymity with d/misinformation. It's so disgusting that state and federal legislators are giving them everything they want, well beyond regulatory capture towards absolute corruption and absolute power.
Not everyone has (or can have) a driver's license and a social security card literally says it is *not* for identification because it lacks even the most basic aspects. But since the US never managed to come up with an actual system, companies started using SSNs like an identity verifier, because it is the one thing everyone has across every state. But that also makes identity theft or credit fraud trivial in the US compared to other countries.
You must not live in the US or have very odd patterns, I'm positive a majority of the US population have free credit monitoring due to the multiple SSN data leaks.
I think they're talking about proving your identity to a non govt entity. A few things that come to mind are any platform with a KYC, they require you to upload your ID and assure you they're secure with a little lock icon.
The identity issuer - the government - already has the your privacy. If you have a unique identifier from the government which websites can call the government with to verify your identity, you won't lose any privacy. All the websites get is just a unique string, no date of birth, no name, no address. This approach is the cornerstone of oauth/oidc.
> I'm not sure what's a mess about a driver's license, social security card
Neither of those are accepted by various states' voter id laws, nor can you reliably board an airplane with them since RealID.
The only foolproof identity card in the US appears to be a passport (which, you know, global federal identity card... exactly what the folks against universal ids dislike)
This is just the moderation fallacy, pronounced with the same kind of unearned confidence in which the moderation fallacy is usually pronounced.
To put it in Godwin's terms: you're the one saying that the people denying the Jewish Question are the people enabling the Nazis. If we would just agree to the moderate compromise (fill in the blank), then the Nazis wouldn't have an excuse.
Most importantly, it's also an attack on a strawman. Nobody is arguing agains zero-proof age verification. It's probably possible, but in reality is absolute nonsense. There is no material proposal anywhere for a zero-proof age verification system that prevents individuals from being tracked. There is mathematical speculation, and proposals that vaguely and dishonestly simulate what people are pretending exists somewhere.
All of them involve individuals giving up their privacy, and insidiously substitute protecting your identity from the providers of "adult" information where protecting your identity from the government and the providers of verification services are actually the important parts. I do not give half of a shit whether some porn site knows who I am; the only reason I care at all is because they may share this information with governments and private entities that will use it to track me, manipulate me, or blackmail me.
The reason for this? Governments would lose all interest in age verification if it were possible to do it without invading my privacy. If it is possible in the abstract (which it may well be, mathematically), governments would prioritize sabotaging any company or proposal that could make it happen.
The fake proposals of zero-proofs are offering me something I don't care about in order to trick me into giving up something I value, and calling me unreasonable for not falling for it. No, I'm just not a fool.
The real solution: a legal requirement for "adult" information services to only reply to requests that declare they're from someone over the legal age to consume that information. People who give their children computers could root them to make sure that that header is stripped, you could install browser extensions to make sure that header is stripped, you could make sure that header was stripped at the router, you could make sure that everyone could make a phone call to their ISP to tell them never to allow a packet across that carried that header unless it also included a key or a password that the adults of the household could add onto their own requests.
The above methods don't take any technical sophistication at all, and would solve the problem better than computers that attested age, the computers that 14-year olds would be operating for their often computer-illiterate parents anyway.
Why aren't they used? Because this is a totalitarian game, not a serious proposal to solve a serious problem, and it is just meant to fool morons long enough to screw us all in a permanent way.
Does this surprise anyone, just over a decade ago there was a whistleblower who said the government was spying on its own citizens. The president and half the country called him a traitor. The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification. That includes working any job that also requires the use of that tech(Basically all jobs). The only thing that talks is money and when half your workforce is not working(or buying anything because they aren't working) then things will get changed real quick. But most people don't want to do that because no one is willing to suffer short term for long term gains. The govt and 1% know this that's why they increment it slowly overtime with generic causes like "save the children"
> The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
> the way to stop it is to talk to your representatives.
I keep seeing this advice, yet whenever it actually matters, it doesn't really work
No amount of talking to representatives stopped the genocide in Gaza, no amount of talking to representatives is stopping what the US is doing now in Iran
Majority of Congress voted to continue war in Iran, despite an overwhelming majority of Americans being opposed to it
Unfortunately representatives are bought out by their donors. Nothing you say will change their minds. What will change their minds is if their donors start losing money. (i.e. Having no employees to make their product/service)
I hate to be negative here but every single time I have spoken with a representative, they will just take the party line. "Thank you for reaching out. We are doing X as advised by the department of Y based on our evidence of Z."
Then they just continue with that was already happening.
> The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification.
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
>You're busy pretending like you're going to do a boycott; they're going to boycott you.
What do you mean? They still need people purchasing software and hardware.
You can argue effectiveness, but if enough people say no, then a boycott is extremely effective. The issue is always on awareness and making people take hard actions.
Not working is the opposite of consumerism. Lol. Business's have one objective and that's to make a profit. You can't make a profit if you have no employees. With no employment, citizens won't have money to buy their products. So even if they have a huge inventory, it's useless. When their money stops flowing, that will make changes. And it will be swift.
Women posted their government IDs, including military IDs, in a stupid Tea/Gossip app. You or I refusing to participate means shit compared to the other 90% of the population.
Snowden's story makes zero sense. Former CIA employee turned NSA contractor, making six figures, working remotely in Hawaii, one day suddenly decides he has a conscience, somehow gets laptops filled with classified documents, hands them over in the South Pacific to Der Spegiel and Glenn Greenwald, then goes off to Russia where he's lived unmolested for years, and his smokin hot girlfriend joins him and he's never faced consequences where as Julian Assange was held captive in an embassy for years. Meanwhile, every other whistle blower that went to The Intercept was subsequently arrested and Greenwald still denies it was a honey pot, going as far as to throw Whitney Webb under the bus over it.
The reason nothing happened was because Snowden is still a State Dept or CIA asset. He's an actor and/or a limited hangout of some kind to show the US government and claim to be doing absolutely insane bullshit and nobody cares. New Zealand retroactively changed their laws (clearing John Key of any wrong doing for illegally spying on Kim Dotcom), allowing the GCHQ to legally spy on all their citizens.
As far as refusing to work for these companies, I was on Linux at work for over a decade. But after my last job I was forced to take a .NET role and with a $30k/yr paycut. It'd like to get back into a good role again where I can use Linux, but I'm not sure if I'd be willing to stand my ground on this issue, because I also don't want to lose my house and software jobs are incredibly scares right now. Unlike Snowden, I don't have a government paycheck coming in to continue spreading lies.
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
CFAA has been narrowed in scope through legal decisions but AFAIK it still applies to anyone using false information to bypass security measures. In my view, a federal prosecutor could easily make the argument that age gating is a security measure. You’re welcome to be a test case if you disagree!
The question I keep coming back to regarding the recent debate around age verification is "Why now?"
I'm 47, and I started using the internet in my early teens through BBS gateways. I've seen every age of the Internet, and there's always been widely available pornographic materials. Why all of a sudden is this a crisis?
Pornography is a very convenient pretext. The real target is anonymity and pseudonymity. Both have been abundantly available on the early Internet. Both were and are being gradually squeezed out from it.
Various law enforcement agencies would love to know more, always more. The more the users are required to identify themselves, link their online identity (maybe pseudonymous for other users) to their official offline identity, the easier it is to find and catch criminals. Not only criminals, of course, but even if we assume 0% nefarious intent, and only the desire to catch the evildoers who swindle grandmas out of their life's savings, this still holds.
Operators of big sites also would benefit. Easier to ban disruptive users. Many great ways to turn the precise identity into targeted ads.
The internet has become a very serious, consequential space. More like... the "real world", which was considered separate from the internet in 1990s. Now they are inseparable, so the pressures of the "real world" are equally present offline and online.
Quality comment, this is the answer. Also insightful how the nature of the internet and real world separation has changed with time. This should be obvious but this is the first time I’ve seen it stated explicitly like this.
To add to this, I suspect the data broker industry also has an interest in increasing the legitimacy of the data they sell about anyone they can get their hands on.
incongruent. first you say "pornography is just pretext" then say "it's like real world now". where in "real world" can preteen kids go and see not just porn but people limbs removed and other stuff?
pretending the actual issue doesn't exist will not help you stop laws like this
I don't think anyone who still holds up "the dangers of porn" can argue with any credibility anymore. We have a population scale study that lasted 30 years, and millennials turned out fine. Same with violent video games and harsh language music.
What does seem to definitely be having a severe negative impact though is social media.
I wouldn’t mind having some kind of law that restricts any minor from using social media whatsoever. Because I wish the current generation of children to have a somewhat worry-free childhood like I had.
Meta likes this stuff because (a) it's a barrier to entry to new social networks and (b) it heads off the under 16 bans which have happened in other countries.
It's also valuable verifiable data for advertisers, in that it verifies real people are being served your ads, and it's going to the desired age range/appropriate audience
People often cloak their power grabs behind a move to control some vice. It was just a bunch of us nerds on BBSs back in the day. Now everyone is online. The stakes are completely different.
Because they worked on it for decades, and it's finally showing results.
> I've seen every age of the Internet, and there's always been widely available pornographic materials.
Just because something bad happened in the past, we should stay away from fixing it? Just because you didn't (probably) suffer as much as others, we should continue looking away? And that's leaving out that the world on all levels and corners today has become significant worse than in your youth.
> Why all of a sudden is this a crisis?
It's not all of a sudden. The calls' haven been around for a decade and longer, but research has become better over the years, so it's harder to ignore them. And now there is also AI, which significant speeds up the spreading of fake news, bot messages, sexualized deep fakes, and other very problematic content.
I would suggest removing your artificial filter limiting your thinking to porn. During the days of BBS type sites, the monetization of personal information was not a thing. Forcing a user to be identifiable in a government mandated manner means the data gathered about you becomes more valuable because it can be pinned to you, not an account you've made, but to you. The government likes the same result if not for the same monetary reasoning, especially this government. Knowing who you are, what you've said, what you read, watch, listen, as well as where you are/have been will all be valuable in different forms of value.
Any reasoning after that is just fluff to get people not looking at it critically to accept it.
Have you questioned whether you might have been better off without seeing ISIS decapitation videos when you were a teenager (you might be too old for that though)? Or maybe that you have something that makes you more immune to this stuff?
I think that I'm biased to think "it shouldn't be a crisis" because I saw that stuff as a kid and turned out ok, it's a prime example of survivor bias, maybe someone who saw that stuff didn't turn out that well. Also one thing I've been wondering I'm not sure if that's the beginning of my everlong cynicism. If it is, then I might have been better off without being exposed to that material that early in my life.
Nearly everyone I know that saw this stuff turned out just fine
We do not need to turn society into a police state because we're afraid the next generation might not be able to handle what we handled fine for the most part
Edge cases should not dictate the removal of our freedom & rights
> Have you questioned whether you might have been better off without seeing ISIS decapitation videos when you were a teenager (you might be too old for that though)?
See, I have, and I think I am actually a better person for it. Videos like these show how humans are really just apes and can easily fall into doing heinous things. It helped harden my view that religion is a net negative for the world, made me a bit more careful, especially in where I choose to travel, and has given me a wider worldview.
No one is rick-rolling with Isis decapitation videos, you go to those sites, and you know what you are getting into. One of the wonders of the early internet was rotten.com, and I am very sad its gone.
How exactly is seeing what human beings are capable of going to harm anyone? It certainly isn't so "damaging" that it needs to be hidden from anyone.
I'm the same age as you, started when I was maybe 15 on BBSes. The porn was certainly a lot harder to come by, still images that took a while to download, had to do it when family was out of sight on the family computer and clean up history after. Kids have personal devices and can go down a rabbit hole of content in their room. It seems fairly different. Age ranges are different too, 10 year olds have phones and have maybe been using an iPad their whole life.
But even then, I think if adults knew what we were up to, maybe they would have lobbied for stuff then too.
For my 10 year old, we don't allow youtube or any other algorithm doomscrolling feed. And no voice chat in online gaming. We plan on waiting until 13 for a phone, or behind-closed-doors internet, and we use parental controls.
I'm not presenting this as an argument for age verification, I think it's a naive solution that comes with major drawbacks and won't work anyway.
But the landscape is very different and I think we should try to understand where parents who support this are coming from, because lobbying from Meta or whatever isn't the only issue.
There are parents who have been making choices for their young kids and have to start letting go at some point as the kids age, and maybe, at whatever point parents stop monitoring, they would like the kids to not be fully in the deep end. I think we should acknowledge that and explain why age verification isn't a solution, rather than pretend the world is the same and pretend don't have any legitimate concerns by saying "well we turned out okay".
> at whatever point parents stop monitoring, they would like the kids to not be fully in the deep end
Parents want to stop monitoring their kids, but still want their kids' experiences to be catered to their ideals, so the rest of society must now bend towards what you want for your kids specifically?
What about parents who want a different set of guardrails for their kids - more limited or less limited than you? What about people who aren't kids - does their privacy or freedom not matter, just because you don't want to handle it yourselves anymore?
That sounds to me (a non-parent) like a very selfish and naive worldview. I'm assuming from your tone that you are in support of this, so would you explain to me why you think its not?
It's "Now" only because of a confluence of factors - namely, $2B spent on convincing lawmakers to do this now, because Meta doesn't wanna be fined $52B again. It's nothing to do with porn. The lawmakers passing this are passing it because "protecting the children" is always going to get them votes (even if it doesn't actually protect the children)
The value of data increases year on year, even old data, but old data is worth much less than new. But for hyperscalers we've cost the threshold, now any data at all is worth more than storage space, and the profits are too much to ignore.
It's not just targeted advertising, though you can open youtube kids/instagram/tiktok and see plenty of that and age brackets happen to perfectly align with leaked metas' advertising brackets. (5-10, 10-12) (group A), 13-15 (group B), 16-17 (group C), 18-24, 24-30.
I think it's largely driven by the increasing computing power
It has nothing to do with porn and everything to do with making anonymous use of the internet (and thus anonymous mass publishing) illegal and impossible.
This is better framed as something like "know your actor." The goal is to have everything attributable to a natural person. Nobody wants that, though, so we have say that porn isn't for kids. (Now, there's a lot of disagreement about that, but that's another matter.)
More studies are being done on the effects of social media. Social media execs have been brought in front of congress multiple times. The US tried to ban tiktok because it showed our military actions in a negative light to millions of teens.
its because we hired a generation of the greatest minds to build habit forming and addictive products. So now we're seeing signs of how bad that is for children's mental health prior to their ability to consent to that.
I wonder if it's because of election interference. Foreign countries bot farms basically have free reign to assault the minds of your people 24/7 online, idk how you stop that outside of identity verification systems
Try to start an ISP and/or become a public Certificate Authority.You will quickly run into steep requirement (admin and financial). To buy IP address space, get peering partners for traffic transit, hosting dns, hosting email (good luck getting mail delivered to the big providers without having your own users verified via mobile number). Try to build a mobile app, or phone or runtime - all the key signing, binary signing involved, the entire security model from hardware/firmware, boot, memory access, runtime safety and on and on. Then there are the intelligence agencies and various countries surveillance laws, information laws.
If you add it all together, we are already monitored 100%. They want to linked and prove the monitored device is linked a certain human beyond a doubt. Email, Mobile, Full names are not enough, they want your biometrics too. They want you serial numbers of devices and mac addresses of networked devices and SIM cards. They want it all.They want your children to have devices with camera, mic and gps trackers in. Your kids will be part of kompromat before they reach adulthood and some of them will be blackmailed by government agents and other bad actors throughout life. Some kids will be trafficked with the help of all these tech solutions, because they know exactly where your kids are at every moment.
Add home assistants, smart tv's with cameras, toys with cameras, outdoor cameras, shopping mall cameras everywhere, in-vehicle cameras and mics. Bluetooth beacons everywhere.
Add it all up and ask yourself, is this truly about child safety? Not at all. I'd argue they would be more exposed. If they wanted children safer, they'd recommend parents and schools to 100% remove kids from the internet or devices with public internet access. Why does a 10 year old need to know how to join a teams meeting and being comfortable on a video call?
Not to mention the access to weird porn and gore sites that WILL traumatize a young mind.
Then contemplate what all this data will be used for in the hands of extremists, nazi's, dictators, the effects on free speech & journalism, the propaganda machines reach on you and your family.
The internet is 10000% cooked and no longer open. It's better to disconnect from it at this point.
Just talked to a long-time friend laughing about the state of things and how we used to have unfettered access to horrific gore photos at 14. Don't ask me what the appeal was, I have no idea, but it was possible.
This is outlined in Project 2025 (which I have not read).
As I understand it, the age verification laws are part of a three pronged plan to eliminate privacy, freedom of speech and freedom of expression online.
The goals being to expand current police abuses to include LGBTQ++, reporters, democrats, non-whites, non-christians, demonstrators, etc.
It all is predictable and makes perfect sense if you assume the goal is to hold control over the white house in 2029 while being even less popular than they currently are.
> This is outlined in Project 2025 (which I have not read).
Great sentence.
Aside from making me completely doubt everything you're stating, I don't understand why people just take it as a given that Project 2025 is something the current administration gives two shits about.
maybe since minors can't enter into a contract they can't agree to TOS and therefore their content is ineligible to be used as LLM training material? just guessing.
They seek monopoly. Startups can’t afford these barriers and can’t convince users to trust them with the safety and value of the verification process without being an established brand.
"Now" is when this level and depth of mass identification and surveilance has become technologically feasible, financially valuable, and politically possible.
The political planets have aligned in many nations for private industry to lobby for this power, sating their own goals as advertisers and the state's goals as authoritarians. This is an open conspiracy between every tech giant and every government to perpetually identify every action that every person ever makes online for the sakes of advertising, propagandizing, surveiling, persecuting, and imprisoning people.
It is not a coincidence that this is occurring in all western nations at the same time; these economies are incredibly large and active, and these governments have been under attack from the far-right for decades.
An unfortunate side effect of Epstein mania is that people (particularly legislators) are more receptive than ever to the "think of the children!" strawman. This approach is highly effective right now, and it might never work again in Zuckerberg's lifetime.
My observation of Epstein "mania" is that politicians are revealing themselves to not particularly care about children being sexualized.
The push for age verification seems to stem from conservative states trying to appear to care about children through symbolic gestures while cutting other funding and protections for children.
It's a coordinated psyop to enforce mass surveillance and control. The question we should ask ourselves is "Who are they?". Their agenda is clear already.
It all makes a lot more sense when you find out they want to declare anything lgbtq related as pornographic.
The right has figured out that they can keep queer kids (especially trans kids) in the closet if they don't let them learn what their "difference" actually is. It's "don't say gay" applied to the internet.
Age verification is merely the background task to set up infrastructure for OS to provide many many other signals about who's using the device.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
Nobody stops the government from sending goons to your door right now for a snarky comment. Some govts in fact do it today. It is also cheaper than ai rocket and more precise too
The OP's point can be understood as an automization and mechanization of such targeting. Which will be necessary if the scope of thoughtcrime prosecution is to expand
You're being silly, the missile thing was hyperbole. Your computer will direct the thugs to your door.
> Nobody stops the government from sending goons to your door right now for a snarky comment.
This is just dumb. They literally don't know who wrote it, and have to assign somebody to track you down. The fact that they're putting infrastructure on your computer and on the network to make this one click away for them matters.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Any webconferencing app on iOS probably fires up the TrueDepth camera to power background replacement and could conceivably do that, albeit not so responsively. Recommend heading to your provider and opting out of share-or-sell if you can.
Also keep in mind keystroke dynamics can probably do that too and has been a topic of study in one form or another since the nineteenth century vis-a-vis telegraph operators.
>Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Watch as apps refuse to work when you deny them permission. Also the OS (and “privileged apps”) don’t ask for permission, they have full unfettered access to everything already.
> This is a non-issue because it's almost certainly going to be gated behind a permission prompt.
lol.
> Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
Slippery slope, but an interesting argument. While SteamOS is a thing, Steam isn't my OS.
> Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Really? You think that things built decades ago can't be further built-upon in the now or the future?
This is the doommongering coming to pass. Did it happen overnight? No! But you just provided the excuse! "gee see nothing bad came to pass. We can just use that tool"
Did Meta spend around 60Mn lobbying for age verification to be forcibly added to every OS install ?
If not, who has been paying to lobby for these age verification laws ?
That seems a question that we should have an answer to.
Forcing an age check upon linux install seems anti-competitive, and a violation of freedom of speech allowed by the Constitution.
Also impractical and ineffective, unless they plan on some sort of bio-metric confirmation of age.
Will they outlaw computation itself, or constrain a personal quota so that only corporations can access approved LLMs and certainly not run a local AGI ?
As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
> Did Meta spend around 60Mn lobbying for age verification to be forcibly added to every OS install ?
Of course they would want this -- as long as the OS reports that the user is over 18 via such a system, then Meta is legally off the hook for any COPPA violations.
> As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
Not advocating for this policy but if a critical argument against it is that policymakers can expect an analogous amount of computer innovation migrating out of the US as it saw in the 80s, then I think policymakers won't care remotely. Quite literally I think the lower bound for the proportion of global computer innovation happening in the US is 70%.
> age verification to be forcibly added to every OS install ?
This should be easy. Just in one of dialogs ask user to create a file 'me_age.txt' with age inside. No changes to OS at all. This will be the 'interface'. Any program can read the file. As far as I understand that's all California law requires (or will require).
Not sure about other versions. Strict verification would require binding to property software/services. Which is equivalent of reporting every user on every install.
I honestly wouldn't be surprised. They are absolutely negative player. But I'm kinda confused how this could even pass and what is the functional reason for this? Because "think about the children" it absolutely isn't.
You can of course chain child to the radiator and let him out but that's obviously not an protection.
Why can't we handle this the same way we handle knives, guns and chainsaws: require adults to secure the device before letting minors near them? All the devices need is the ability to create limited access profiles. A human adult performs age verification by only providing the minor with creditals to a limited profile. Trying to perform that verification so far away from the minor, after they have got to the last gate, seems like the worst way to do it.
I want my kids to grow up in a world where they can install linux themselves. I don't want them to grow up in a world where they can't walk to a neighborhood park without me.
Not sure I see the crossover between activities performed at home and problems of car centric street design and the resulting poor pedestrian traffic safety?
I'm pretty sure most kids older than 12 do have access to kitchen knives. And actively use them too.
I generally agree with your point. But at the same time access to the internet resouces and to gun or a chaisaw is not the same.
I have no problem securing a few items if my home, but I have no control over whatever is available on the net.
Sure, I can write some firewall rules or create "kid's account" on a streaming platform, but I can do this for every single known service, chat, IM group etc.
Even if you did, you just lower the chances. I've created Netflix kids account specifically for mine. On its own it suggests also various documentaries on top of cartoons. We took the first one it suggested, and IIRC in second episode there was a very gruesome and detailed part with polar bear eating baby seals, one chew at a time.
One way to traumatize 4-year old, I'd say an effective one.
The knife and the knife maker doesn't have intentions to pump propaganda and porn into the childs mind. The internet is not neutral like knife. The internet has an actor on the other end (human or algorithm) that has certain intentions. Thus a child can be intentionally influence via the internet. A knife does not act on its own to influence the child's mind. So, apples and oranges. I'd argue the internet is significantly more dangerous to a child vs a knife. The internet wasn't built for children, it was never child friendly to begin with and we shouldn't mutate the internet to cater to children. Its best to treat the internet like a hostile force for a child's mind and keep children completely off it to begin with. Make it illegal for children to use a device connected to the internet, it is the parents responsibility. Same as guns. Its not the gun smith or gun sellers responsibility to keep the child safe from guns - its the parent's.
For some of these, we fully disallow company to child transactions or interactions. Wouldn't applying the same logic require the adult to fetch any internet content and give it to the child on a case by case basis?
In this case, it is the data from the website, not the electronic device itself, that is seen as the item being transacted and regulated by age gates, no? The attempts to actually regulate it do feed back into changes on the electronic device, but the real cause of concern (per the protect the kids argument, if that is the real reason is debatable) is a company providing data directly to a child that parents find objectionable. That transaction doesn't have a parent directly involved currently.
Controlling the device itself and saying free game if a parent has allowed them access is a bit like saying that if a parent has allowed a kid to get to the store, there should be no further restrictions on what they can buy, including any of the above three items.
I don't know why you think this will stop page verification requirements. For almost all items where a parent/guardian is responsible for a child's access to the item, third parties are also required to not sell or transfer the item to a child. That gets us right back needing to age verify people.
That is kinda the idea behind the california law that was on the front page a few weeks ago. The parent set up a local account with a age bracket, and the OS verifies that in the app store and maybe webpages if they fit the age bracket.
> Why can't we handle this the same way we handle knives, guns and chainsaws: require adults to secure the device before letting minors near them?
Is this a thing?
My 10yo has used all three of those things. If there were some legislation requiring they be "secured" before my son could be in my presence, obviously I'd oppose it, along with every other reasonable parent.
Not really. It's the difference between a mandatory field and an optional field. And in practice, and its effects on the internet, that difference is huge.
I don’t know why this isn’t a very simple Internet standard. The browsers on devices that have a child lock turned on could send an http header. People who have websites that are adult-only could configure their web server to check for that header and do something appropriate.
That requires cooperation, but since most adult websites don’t want children to be visiting them, cooperation shouldn’t be hard to get. Governments can pass a law and businesses can set a config flag. For uncooperative websites, child-locked devices can check a blacklist.
Then it’s up to parents to make sure their kids only have child-locked devices and for stores to not sell unlocked devices to kids. It’s never going to perfect, but it doesn’t doesn’t have to be to change community norms.
There is already a set of standards for this: websites can send content ratings to the browser, and the browser can choose not to show content on the basis of those ratings.
We don't need another one, especially one that inverts the polarity by having the browser proactively send information to the site.
Maybe that would work too, but “this device has a child lock turned on” seems like reasonable information to send? It’s a lot better than having to check ID’s.
As a parent, none of these are useful to me. Age is not a useful indicator of what’s appropriate for my kid. At best, this can avoid a small portion of some stuff they probably wouldn’t see anyway. The bad actors who I’m worried about actively try to circumvent any automated systems that block them. These age verification systems don’t help even if they worked as intended… or at least as advertised.
I guess it would be most helpful for websites that can show that they’ve done their part by setting a config flag.
If there’s no society-wide standard for what’s kid appropriate then it’s going to be hard to set up a system that satisfies everyone, but it seems like movie ratings sort of worked?
If the browser has to do the same thing for adults and children (to avoid detection) then it’s going to be hard to build a system that does different things for adults versus children.
What I'm confused about is how the proposed bills would apply to servers.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
We're all going to have to use service accounts created on Windows Server 2003 or RHEL 4, otherwise they won't be old enough and will require manual login from an of-age administrator
The auth server would lie in Colorado. The FS server, in New Mexico. The CPU server, in Nevada. The terminal (the client), in Alaska. Shut down and repeat at random. Watch the lobbies collapsing down tring to sue that monster.
In the CA bill, "User" means child. It's pretty clear that non-human users aren't covered and don't have to participate. E.g. the API can return N/A or any other value for non-humans. If there is a way to make the API applicable only to human children users, then it doesn't even need to be callable for other entities. E.g. on android, each app gets its own uid, so the unix user doesn't correspond to a child, so the API will instead (probably) be associated with another entity (e.g. their Google account, an android profile, or an android (non-unix) user)
Honestly what I hope is that if these bills pass, sysadmins just turn off any server that doesn't have attestation and go off to the beach to collect shells.
> the sponsor of Louisiana's HB-570, publicly confirmed that a Meta lobbyist brought the legislative language directly to her. The bill as drafted required only app stores (Apple, Google) to verify user ages. It did not require social media platforms to do anything.
Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”. I think the OS is a better place than the website. (Let security conscious folks use a standalone device too if desired.)
The astroturfing stuff is obviously sus, I don’t have a feel for whether this is egregious by the standards of $T companies or just par.
> Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”.
Perhaps the "overwhelming" sentiment is paid actors? Or people whose jobs depend on not having that risk assigned to their employers?
Every single Linux kernel currently operating within the borders of any of these states should turn itself off and refuse to boot until an update is installed after these bills are rolled back.
We should also update all FOSS license terms to explicitly exclude Meta or any affilites from using any software licensed under them.
I probably don't have all the info on the various laws across the US and EU that are being pushed, but I'm confused why Linux distros don't just update their licensing and add a notice on the installation screen that it is illegal to run their OS in places where these laws exist?
Heck, Linus Torvalds should just add an amendment to the next release of the Linux Kernel that makes it illegal to use in any jurisdiction that requires age verification laws.
This would obviously cause such a massive disruption (especially in California) that the age laws would have to be rolled back immediately.
This seems like a no-brainer to me but I am admittedly ignorant on this situation. I'm sure there's a good reason why this isn't happening if anyone cares to explain.
That would be a violation of the copyright law or the GPL licence - you aren't permitted to take GPL code and redistribute it with some extra restrictions added on to it.
If it's not (fully) your code, you aren't free to set the licence conditions; Linus can't do that without getting approval from 100% (not 99% or so) of authors who contributed code.
What one can do is add an informative disclaimer saying "To the best of our knowledge, installing or running this thing in California is prohibited - we permit to do whatever you want with it, but how you'll comply with that law is your business".
The Linux kernel is licensed GPLv2. The GPLv2 license forbids adding addition terms that further restrict the use of the software.
A "Linux distro" is not the Linux kernel. It's possible for some distros to add such license terms to their distribution media, but others like Debian and Debian-based ones adhere to the GPL so no go.
Because they want market share, and throwing a hissyfit over being asked to add an "I am over 18" checkbox is not good PR. If Debian starts refusing to work in California because it doesn't want to add a checkbox, it will simply be replaced by someone who adds that checkbox and doesn't throw the fit.
If this was somehow introduced without anyone noticing and deployed, imagine the damage it would cause.
If we're fantasizing here, I like to imagine two major OS makers trying to comply these laws, fail miserably, and let FOSS OSes and kernels more recognition in the desktop market.
Honestly, like the Left-pad incident [1], getting things to go suddenly dark is extremely effective at getting people to drop everything else to fix an issue.
Ideally, getting these servers to auto turn off the day this goes into effect ("In compliance with this new law, Linux is now temporarily unusable. Please <call to action>.") would be glorious for getting the bill staved off, or killed.
It would hurt some productivity, but that is a risk these lawmakers taking donations are probably willing to make.
Side note, this comment is evidently quite controversial, it went from +3 to +1. If anyone is angry at me I would like to assuage them that I am not, in fact, any owner or maintainer of anything in the linux distribution system.
"some"? It would hurt a lot of productivity lol. If all linux boxes turned themselves off suddenly, I think the internet would fall over pretty fast. I dont know how much of the internet runs on windows or apple (or others), but I cant imagine it's very much
> Every single Linux kernel currently operating within the borders of any of these states should turn itself off and refuse to boot
What exactly do you think Linux is? I would say that Linux would be forked in like 2 seconds, a bunch of different companies would start offering "attested Linux," and all you'd have to do was change your repos and update.
I would say that, but what would really happen is that we'd find out that Canonical, Red Hat, and a bunch of other distributions had been talking to the government for a year behind closed doors and they're already ready to roll out attested Linux. Debian would argue about it for six months, and then do the same thing. Hell, systemd will require age attestation as a dependency. Devuan and any other stubborn distribution would face 9000 federal lawsuits, while having domain names blocked, and the Chinese hardware necessary to run them seized at the ports with the receivers locked up on terrorism charges.
I have no idea where the confidence of the IT tech comes from. You (we) are something between a mechanic and a highly-skilled janitor.
I'm not sure I fully grok the hypothesis that Meta is materially advantaged by pushing for OS-level age verification. I suppose its another intelligence signal for ad targeting, but they have to believe that at least on platforms like iOS this signal is going to be obfuscated from them. Its hard to believe it'd be any more valuable than the other non-verified heuristics they're already gathering.
Arguably they would be more materially advantaged if they were forced to KYC/validate ages, not the platform; because sure, there's a cost to doing it, but presumably having hard data on who your customer actually is, with age and address and everything, is worth a lot more than the verification cost. And being able to say "We're legally required to gather this" gives a lot of PR cover (even though it'd be followed with "but we're giddy to do so and we will abuse this data and you every way we possibly can. No one at Meta believes you are human. We hate you as much as you hate us, but we're stuck in this together, endlessly loathing the supernatural force that keeps us working together.")
But, On the flip side: I also don't doubt that Meta is doing this, because the purpose of a system is what it does, and the leadership at Meta has done nothing in the past four years to demonstrate that they're capable of cogent thought and execution. We want to believe there's some evil plan, and maybe there is, but in all likelihood one day we'll learn that they're just... unintelligent.
> I'm not sure I fully grok the hypothesis that Meta is materially advantaged by pushing for OS-level age verification.
These laws, that attempt to move "age verification" into the OS, 100% absolve Meta (and all the Meta owned "properties") from any legal liability so long as all of Meta's app's follow the law's required "ask the OS for the age signal of the user".
Any "bad stuff" which then gets shown to "underage users" then becomes "not Meta's fault, they followed the legally proscribed way to check the age of the user, and the OS said this user was 'old enough'" and Apple/Google then get to shoulder the liability (and pay out for the class action lawsuits) for failing to provide a proper age signal.
That's the "material advantage" gained by Meta by pushing these laws.
My point is that they already know how old you are, within some confidence interval, even if you never tell them or you lie to them, because they actively watch what you do and classify your behaviors with your age cohort. So why do they care so much that they gain another signal that only says "the user is over 18" rather than a much more valuable signal like "the user is 36 and lives in Albany" that they'd gain by doing the KYC internally?
I don't think absolution of legal liability has ever crossed any of these fools' empty heads. The threat of being fined & punished by the USG for doing something bad hasn't been a factor in corporate decision-making for decades.
The same sort of thing is happening for the 3d printer laws. Some company is trying to legislate its own software into ubiquity (guns first, then copyright enforcement) and then double-dip by charging both IP holders and printer manufacturers for their "services".
This was the thing the saws-all (or whatever it was called, the brake that stops you from cutting your fingers off with the table saw) tried, right? I don't know if it succeeded but the idea was a government mandate for an otherwise good idea. Everyone then pays more.
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a "grassroots" child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta's apps face zero new mandates.
When I moved from Sweden to Ireland and realized the Swedish central address registry makes moving fantastically easy, I started dreaming of a central registry where consumers and producers could meet. I can give my supplier access to exactly the information they need, and nothing else. I can revoke access when I feel like it. Like OAuth2 for personal data. They can subscribe to updates. It could be a federated protocol.
Not saying I think it's a good idea to provide the year of birth to all sites, but (session ID, year of birth) is the only information they would need. The problem is proving who's behind the keyboard at the time of asking, which would require challenge-response, and is why I think this should be an online platform, not a hardware PKI gadget with keys inevitably tied to individuals.
Knowing what we know about the current environment, each company is going to start selling everything they know about you to anybody who's willing to pay. Enforcing privacy is hard not because it's not possible, but companies have greater financial incentives to just breach your privacy to track and manipulate us.
> Enforcing privacy is hard not because it's not possible, but companies have greater financial incentives to just breach your privacy to track and manipulate us.
No, enforcing privacy is not hard, all it takes is imposing penalties _much greater than_ those financial incentives.
Damn, had to scroll a couple of comments to find this:
Anthropic donated $20 million to Public First Action, a PAC that promotes Republican Senator Marsha Blackburn and her sponsored Kids Online Safety Act (KOSA), a bill that will force everyone to scan their faces and IDs to use the internet under the guise of saving the children.
The legislative angle taken by companies like Anthropic is that they will provide the censorship gatekeeping infrastructure to scan all user-generated content that gets posted online for "appropriateness", guaranteeing AI providers a constant firehose of novel content they can train on and get paid for the free training. AI companies will also get paid to train on videos of everyone's faces and IDs.
As for why Blackburn supports KOSA:
Asked what conservatives’ top priorities should be right now, Senator Blackburn answered, “protecting minor children from the transgender [sic] in this culture and that influence.” She then talked about how KOSA could address this problem, and named social media platforms as places “where children are being indoctrinated.”
If Anthropic, the PACs it supports and Blackburn get their way with KOSA, the end result will be that anything posted on the internet will be able to be traced back to you.
Christ on a crutch, had they donated $25k or something you'd figure it was just a rounding error, but why this much from a company that isn't profitable? This is doing nothing to disabuse me of my theory 90% of "Startup Culture" is just an excuse for rich people to move money around. "Need to get your stoned mope of a C student a head-start on a resume that will let him stay gainfully employed? Well, I just brokered a VC deal for these kids that want to throw micro-concerts in parking spaces, we'll get your boy in as Senior Music Programmer."
Even steelmaning the case for age verification, does anyone really think the state is going to re-institute the innocence of childhood by filtering content and services? Of course not. There is no steelman. If you can do age, you can do identity, and the purpose of identity is recourse for authorities against truth and humor.
Doing ID or this fake age verification with anything other than a physical secure element is a dumb regulation that going to create its own regulatory arbitrages and spawn very powerful and profitable black and grey markets. Poor laws create criminal economic opportunity, and digital id is just creating a massive one.
Between Meta being behind a digital id initiative under the pretext of alleged "age verification" and the Debian project leads pivoting to political objectives, it appears gen Z now has a cause to build tech against and fight for. These are dying organizations that cannot innovate and they've attracted a pestilence that is pivoting them to the easier problem of political maneuvering. as it's easier to militate for what nobody wants than to make something anyone actually wants.
The upside is that people get to be hackers again. Tools to cleanse our networks and systems of Meta and other surveillance companies and the influence of these compromised organizations are an OS install and a vibecoding weekend away.
What do you mean if you can do age you can do identity? If age is self-reported that's not true. Or if you need strong validation, ZKPs are possible where it is also not true.
design the protocol. we can run down the rabbit holes of anonymous attestation and yao's millionaire problem, but there's a simpler problem: the age of whom? Once you have a unique identifier, or even an anonymous one derived from a verified one, you are still creating an user identity scheme that is being imposed on people.
what is most likely in play, as we have seen in other identity schemes, is that the cryptography will be sufficiently opaque that experts won't be able to reason about it until after the products are forced on people, or, they will just accept junk protocols and use the law to shift liability to the user to comply with identifying themselves truthfully on the internet. the other scenario is if the protocol provides strong anonymity, it will use a bunch of new primitives without mature standards that happen to have escrow access built in.
I think this is only the first step towards a license for the Internet. The best example I know of is South Korea, where you have a state issued login. I think it's only a matter of time until the U.S. government knows exactly who you are at all times on the Internet, and this effort is completely agnostic of party or doctrine. This has been building across multiple administrations.
Bravo, some actual journalism! I wish a professional media organization had done this research. It seemed obvious this was a coordinated wave but I always figured it was moral busybodies.
Keep being cynical and that's the media you'll get.
In the real world, professional media organizations regularly expose corruption. More often than not? No idea. But to pretend they only engage in cover-ups is cynical fatalism.
The zero-knowledge proof angle is interesting but the real barrier
is implementation
most platforms won't voluntarily adopt privacy-preserving verification when the surveillance version gives them
more data. Regulation would need to mandate the privacy-preserving
approach specifically, not just "verify age somehow.
Lobbying is literally half of what representative democracy is. First, you elect representatives to office. Then, you try to get them to do what you want. The latter is lobbying.
Of course, when money becomes a significant portion of how the second one happens, things can get complicated.
The environmental movement and labor movement are two examples where citizens organize to go up against corporate interests and win pretty regularly and durably.
Most of those folks would not call it lobbying because of the negative associations of the word. “We have activists, our opponents have lobbyists.” But it works the same way.
It is specifically protected in the First Amendment: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”
Because freedom, and surveillance capitalism, have different effects depending on which side of the PR apparatus you find yourself on, and the laws that get passed are written by and for the industries and not crabs in the barrel voters who rely on them for income.
I tried to read the research when it was posted on Reddit a few days ago, but it’s all AI slop. The person who uploaded it admitted that they just had Claude go out and explore their hypotheses, but they didn’t even spend the time trying to get the real documents into Claude. Claude identified documents it wanted but couldn’t access them, so it just proposed hypothetical connections.
The research has a lot of these:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So the “research” isn’t some groundbreaking discoveries by a Redditor. It’s an afternoon worth of Claude Code slop where they couldn’t even take the time to get the real documents into the local workspace so Claude Code could access them. It’s now getting repeated by sites like Theo gadgetreview.com because the people posting to these sites aren’t reading the report either.
America will just get behind even more as years pass behind Europe in terms of proper regulation of the digital economy, which benefits citizens instead of companies and rich billionaries.
The reason is that europeans have nothing to win from those "winner-take-all" platforms the US has built in the past decades. Europe has built zero of them.
It contributes very little to Europe's GDP or the overall being of the european. And in some cases, it eats Europe's GDP, moving economic activity back to the US. This is different than for Americans which big tech is a net-positive contributor to society in my POV, mainly because how much economic activity $ it generates.
Big techs provide huge paychecks and made a lot of people rich in the US, and most of its GDP growth in the last decade. But it's a double-edged sword.
They will make laws in favor of them in detriment of the average American, while minting more billionaries than Europe could ever dream of.
Europe will take a long time to get the digital revolution the US already did, but it'll mostly come from regulations and government initiatives. And will be net-positive for humans living in Euope, not for owners of corporations.
> Most of Europe has better internet access than the US for similar reasons: sensible regulation led to high competition.
Which "most of Europe" would that be? Switzerland and handful of northern countries? Because it is definitely not Germany or several "you can't access half of the internet during times when twenty men kicking a ball on a field" southern states.
I am curious how this will play out for Linux. I won't accept any code that spies on my owned computer devices. No criminal goverment can force be to surrender my rights here. But it is interesting to see how easy it is to purchase legislation in the USA - well done, Facebook! I predict more people will abandon it though, now that they see that Meta is trying to push out global spying on regular people.
Download the source code and ISOs of distros without age gating and put them on durable media. Tell your friends about the issue and its implications (legislating how an OS works is a huge deal, is likely unconstitutional, and opens up the door to all kinds of future abusive laws). Find like minded people so if the worst happens you will have mutual support and can work together on circumvention of any future restrictions. Work on your C skills.
That is the most serious thing you can do, and the most effective.
Do you know how democracy works? There are these people called representatives. They are hired by you. They pass laws. They only get to continue having a job if people like you vote for them. When you tell them "I don't like the law you are passing", they are hearing "the people who hire me are angry with me". The more people that are angry at what they're doing, the more their job is at risk.
They do what the lobbyists say because somebody else is doing the work, and they get paid (by the lobbyist). But they won't have a job to get paid for if the voters don't vote for them again. So your entire defense against tyranny and bad laws is you speaking out. If you never talk to your reps (or vote), you're telling them you don't care what kind of government it is, and they really will do whatever they want.
You have to tell them how you feel, along with all the rest of us. That's the only power we have.
In addition to that, tell everyone you know. Your friends, family, coworkers, the dude running the local gas station. Explain to them why government-mandated surveillance of everything they do on a computer is a bad idea. Ask them to talk to their reps.
I think one of the reasons politicians can be bought so cheaply by interest groups is that the opponents of the interests groups have practically no money. The interest groups don't need to spend a ton as long as they spend more than their opponents.
The linked post talks about the effectiveness of AIPAC but fails to mention how much is spent by say, Palestinian interest groups. Perhaps there's a good reason for this: do Palestinian groups have any money to spend on US elections? Try fundraising in Gaza right now.
Likewise, business interest groups have a lot more money to spend on elections than, say, environmental groups. The latter have to beg for small donations from individuals just to stay afloat. Thus, it's relatively easy for business groups to outspend environmental groups. To win an auction, you just have to be the highest bidder.
Feels like a lot of words to avoid thinking about “black” money and favors in kind. For example, nobody would include Trump’s golden bar from Switzerland in such ann estimate - repeated ad nauseam for all lobbying corruption.
"Emails from October 2005 show that after Mandelson complained to Epstein about a lack of British Airways air miles, Epstein offered to pay for his plane tickets to the Caribbean."[1]
The biggest shocker to me has been just how "cheap" a lot of people are to buy off. Mandelson is complaining about air miles FFS. So much of this is a few thousand here, some fancy tickets there, a jet ride elsewhere, etc. In my mind it was always much, much bigger sums that people were selling their countries & souls out for, sadly, it turns out a lot of people, even in really high positions, are shockingly cheap.
I donated $100 to my state's gubernatorial campaign as a part of my annual "make the world a better place" campaign, and was surprised to receive a call from an unknown number the following day. It was the Governor, thanking me for my donation personally, and wondering if there were any issues close to my heart that she could keep in mind. Note that this was from her personal cell phone (for whatever value of personal an executive politician actually has, but still), and she invited me to phone her if I had any issues that the state government could resolve.
That's a wildly low sum of money for a 5 minute personal call, let alone even a modest intervention.
The Internet thinks that lobbying is bribery. If you wanted a bribery like vehicle, you'd just donate to a PAC or more recently, the new ballroom. Lobbying is just paying people to speak to politicians. After a company has said everything that wanted to every politician that can possibly support their cause, there isn't anything left for them to do.
I don't understand it .
There are so many ways to child-proof a device .
Google Family Link and the Apple equivalent .
Use cloudflares Family dns (blocks porn websites etc ..)
Instead of just creating a course that explains how to child-proof a device, we have to surveil everyone.
If you give your kid a lighter and they proceed to set their clothing on fire, it's not zippo's fault. If you send them to watch TV and they switch to pay-per-view, it's not the TV manufacturer's fault, nor is it the network's fault. It's your fault.
Your 4 year old doesn't need a tablet any more than they need a lighter. Neither does your 14 year old. (If they "need" one for school, the school can provide it and monitor their use). If you give your child a computer, it's your responsibility to make sure they're using it properly, not the government's and not the device manufacturer's. The government's job is to make sure that you're not endangering your child and split you up if necessary. The device manufacturer's responsibility is to make sure it works and doesn't hurt you or anyone else in the course of ordinary use. Your responsibility is to not use it in such a way that it causes harm.
Allowing your child to go online is much like allowing them to go outside; you tell them what they're allowed to do, and if you don't trust them to listen to you then you don't allow them to do it. The act of having a child is taking on a full-time 24/7 job of ensuring they stay alive and unharmed until they're old enough to do it themselves. If you aren't up to that challenge, then you can't have that job and it should be passed on to someone else. You can't just shove your responsibility off to Google and Apple because you're too busy to be a parent any more than you could push it off on Sony (what you watched on TV growing up) or Macy's (what products you chose to buy). Being tech companies doesn't make them magically responsible for what you do.
If you insist on providing your child with a cellphone so you can contact them in seconds at any time of day, get them a feature phone. They offer numerous advantages: they cost less to buy, they don't break when you drop them, the battery lasts longer and charges faster, and the bill costs less (the phone is for you, not them. You don't need an unlimited plan).
Solution: don't give your kids the device. Put up a computer in the family room like it's 1998. Perfect, now little Timmy can do his homework. And if he looks up "boobies", he won't be able to sneak it past you!
The best part? This is cheaper and easier. You're literally doing less. Locking down a smartphone is hard? Great, so don't do that. Problem solved, you're welcome, I'll send you my invoice.
I don't understand why nobody in the comments is freaked out about this. This isn't just "oh Google knows my age", or "oh politicians being corrupt again!" This is "the government made a law that every computer in the world must track every person's identity and send it to the cloud".
No offline devices. Commercial vendors get your biometric data (and the equivalent of your driver's license / SSN). Every application on the OS can query your data.
If you think it stops with one bill, after they get all the infrastructure for this in place? You're fooling yourself. The whole point of this is to identify you, on every web page you visit, every app you open, on every device you own. Once bills are passed, it's very hard to get them revoked or nullified.
This is the most aggregious, authoritarian, Big Brother government surveillance system ever devised, and it's already law. I am fucking terrified.
(Yes, the EU has a less horrifying version of this. But Google, Apple, and Microsoft still control most of the devices in the world, and they are US companies.)
Actually it's the opposite. Average people speaking out is how the world gets better. It's when they don't speak out that things are allowed to get worse.
You literally live in a Democracy. There's 5.8 billion people on this planet who wish they had the kind of power you have. If you give up your rights without a fight, you don't deserve them.
Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you're over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor's cloud. The EU's Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don't act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.
The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.
Just another reminder of how we need to protect what we have in the EU (not a guarantee, but at least a chance of fair dealing and a sustained commitment to civic values). Now that the mask has fully fallen, we have to take every step possible to root out American influence.
QWACs exist to provide a more stringent and user-accessible way to assert a website's identity, mostly to foil phishing and other exploits that regular certificate systems don't address well. Where does this cross into censorship at all?
Zero knowledge proofs stops corporations from tracking you, but they don't stop the government from tracking which websites you visit.
They also require hardware attestation for them to work, which means you will be only allow to use a locked-down goverment-approved OS for age verification, and that opens the door for the government to control the software running on every device.
> Just another reminder of how we need to protect what we have in the EU (not a guarantee, but at least a chance of fair dealing and a sustained commitment to civic values).
> Now that the mask has fully fallen, we have to take every step possible to root out American influence.
You have literal rogue states in your union that neutralize the entirety of it, as the above shows. It's a joke. The EU is a joke. A single country is enough to mean US tech can do whatever it wants, similarly a single other country is enough to mean Russia can largely do what it wants.
The others are of course in on it too. Which is why for all the empty EU talk on US big tech you've never heard them talk about the Irish DPA and what they all enable. Strange right? Would think that this would be a priority. But it shows that even if the rest weren't in on it, just one country would be enough. And it could even be a tiny place like Luxembourg.
Laws and regulations aren't worth the paper they're written on if they're not enforced. The current ones aren't enforced at all, why would any new ones be? Did you know that there was a long period where hosting European citizens' PII on US-controlled servers (like Amazon instances in Europe) was illegal, after the "Privacy Shield" was deemed unlawful? No one cared. Did you know that this is currently the case again, because the thing that replaced it has once again had its basis ripped out from under it by Trump? Once again, no one cares, and indeed EU governments and corporations are _still_ making migrations _to_ US clouds.
Not that it matters, within a few years RN will be running France and AfD will be running Germany and you don't have to pretend any more as the "mask will have fallen" just as much.
So meta acts as a government spy actor. Interesting.
When a company such as meta pursues mass-sniffing, is it still a company or is it just a spy-agency? Meta isn't even hiding this anymore. I am glad to finally understand why these "age verification" is pushed globally. Meta pays well.
Pretty sure that the current round of age check laws violates COPPA and FERPA... as transmitting age to any requestor would violate those laws. So, we're just furthering tyranny. Which law gets enforced today, which tomorrow, and who gets targeted?
> EU’s eIDAS 2.0 offers privacy-preserving age verification with zero-knowledge proofs that protect personal data.
I'm on a short phone break and this is the first I've heard about this. Commenting to ask if anyone can explain this. If not, it'll be a reminder for me to research later.
I'm not sure I'm on board with age verification, but I'm certainly opposed to all forms of identity linkage and tracking. Maybe this is a middle ground?
I'd still prefer if parents disciplined their own kids by limiting device access and controlling their peer groups instead of putting us all into a rats nest of surveillance.
This feels like a waste of time and money. Why are people so interested in tracking people who on average can't read or write better than a 12 year old child? By my count, I'm assuming things will be increasingly degraded for about the next 8-10 years or so.
The Reddit post mentions that DCA does not exist in any official record. It seems to be a ghost organization for the purpose of controlling perceptions.
I think it exists, as an umbrella group. It might only be 3 weeks old. But it seems preoccupied with minors accessing online pharmacies. Very preoccupied with that.
Age verification is surveillance. The organized campaign to push age verification is not actually trying to protect children. You can’t do age verification without identity verification. You can’t have internet privacy and identity verification.
TLDR: Meta want to push all the age verification requirements onto the OS makers (Apple, Google, everyone else gets caught in the crossfire) so that they don’t have to do anything AND they want it done in such a way that they can use it to profile people to push them targeted ads.
Its like they want to keep being seen as the bad guys.
I think this is also a way of getting ahead of any “ban social media for teens and preteens” bills that might pop up in the US. They do not want repeats of Australia! By adding age verification into the operating system they can deflect responsibility but also respond to legislators with a scalpel rather than getting sledge-hammered.
I want reverse age verification that lists the ages of every social network post. I think a lot of people that criticize social network toxicity don't realize their interlocutors are half their age. It's not one-to-one, meaning maturity doesn't follow from age, but I think there would be some affordances made in both directions. A younger person would be less surprised that a 60+ yr old would hold certain views. And vice versa.
It's easy to lie to an OS about your age because it's a single-user experience, and if your parents allow you to lie (or don't know), that's all it takes. Social networks are so much better equipped to estimate age because they have a simple double-check, which is that most kids follow other kids in their grade level.
The patches on top of this are really bad. For instance, we are seeing "AI" biometric video detectors with a margin-of-error of 5-7 years (meaning the validation studies say when the AI says you're 23-25 you can be considered 18+), totally inadequate to do the job this new legislation demands.
for ~2 decades i have attended events, written to my representatives, proposed solutions to whoever i can, and encouraged my students to do the same as various attempts are made to strip regular people of their privacy. for ~2 decades now, i have been trying to fight this fight.
one scary observation is that each year, less and less people care. at least, this is true among my students. plenty of them believe the 'protect the children' line and are more than willing to do whatever the government/big tech suggests. or they just shrug ("what difference would i make?").
for context, i teach at a college level, in tech. a few of my classes are from the cybersec program, one of the programs that should understand and care about the implications of bills like these, and even the majority of them do not care about this stuff anymore. they grew up with instagram and facebook and cameras everywhere. they grew up knowing that any little fuck up they have is recorded and posted online. they know that by the time they go to college, all of their data has already been leaked a few times. they never really had an expectation of privacy in the first place, so it just isnt a big deal.
as someone who interacts with this next generation of "hackers" on a daily basis... the concept of cypherpunk is gone. i got into this field because of my beliefs. they are going into this field because they want a chance at buying a house some day, and know that big tech has big bucks.
i am tired. and i recognize that this is exactly what they (lobbyists, meta, etc.) want! but i am tired and discouraged. more and more i find myself having to actively fight the urge to give up. i am not ready to give up just yet... but, i am sorry to say that as someone closer to retirement than i am comfortable admitting, i only have so much energy left.
>"Here’s where the lobbying gets surgical. The proposed laws hammer Apple’s App Store and Google Play with compliance requirements but reportedly spare social media platforms—Meta’s core busines
Because social media already has the age info exactly?
I think an OS and a web platform with accounts are different product categories. Not even sure what an interpretation of the bill that would affect meta would be.
What I find interesting is how this legislation suddenly leads
to some open project give in and submit - see MidnightBSD
wishing to spy on people via a daemon now. Linux will probably
follow suit via systemd; an appropriate name would be
systemd-sniffy, to sniff for user data and warn the authorities
"WARNING - 15 YEARS OLD IS WATCHING SOME P..., SHUT DOWN THE
HOUSE!!!". And the legislation calls this safety. And freedom.
It is like in the novel 1984. But stupid. Probably more like
minority report - but also stupid. All aided by Meta bribing
lobbyists to do their bidding.
Time and time again it amazes me how incredibly cheap lobbied politicians are. They may be earning big sums for an individual, but if you go full corruption[1] to sell out a state or a country - sell it for a fair price.
I remember from peak net neutrality discussions during trump 1 maybe around 2017-2018 ant saw an article on theverge.com (that cannot find now) and biggest sum to individual politician was around $200k, when median values were much much lower.
Politicians are selling tens of billions of dollars (if not hundreds of billions) worth of revenue to ISPs for couple or dozen million. Literally 1000x return on investment (if successful).
I remember local politician (I am not from US) got caught taking 100k bribe from a company for helping with alleged highway construction procurement. Project was valued ~1B - 10 000x return on investment (if they wouldn't have been caught).
Bribed are even smaller. Some councilmembers got indicted in LA some years back for pay for play development. The bribes were things like steak dinners, 5 figure sums of cash in paper bags, and hookers. Astoundingly cheap.
in the 1990's there was a woman prime minister of Turkey.
she ended up resigning in a scandal caused by her husband accepting a boat (or work on the boat..i don't remember). the scandal was caused by the amount of the bribe. it was too low. the Turkish people could understand some corruption, but to be able to bribe the top leader for $50k. Unacceptable. If it would have been $100 million, it would not have been a scandal.
We should ask ourselves why we continue to participate and perpetuate economic systems that result in levels of inequality so vast that they threaten control of our democracy.
After looking at the California bill a bit, I'm equally worried about the implications for application developers as I am for the implications for OS developers.
It says apps must use the age signal as proof the user is a minor, and then behave according to all California laws regarding that. (I'm not a lawyer, but that's my read.)
So, does this apply to applications that run locally? What if an under 13 year old tries to read a text file with lots of swear words or ascii b00bs? Does emacs need to stop them? cat? xterm?
The way the law is written is so utterly shit that I don't think it does what it's meant to do at all.
Microsoft has a trillion dollars in liability now because every historical OS is illegal, and every adult user of that historical OS (that you don't ask for their age) is a monetary fine.
$2500 fine for Microsoft for letting me continue use Windows 10 in Colorado, cause they never asked my age.
Also hilariously the law openly FORBIDS checking the user's identity to verify age. It says you MUST NOT collect any more information than is necessary to comply with the law. And complying with the law only requires that you ASK the user to TELL YOU their age, so my non-lawyer take is that if you do anything else like checking ID you can and probably will be prosecuted
This discussion, being so timely and important, inspired me to draft an article that explains a possible third way that might not have been fully considered. I would be humbled and honored to receive any feedback:
How much do you want to bet that Amutable, via its founder's control of the systemd codebase and ability to drive change, will be first-in-line to force a switch to its variant of systemd, along with a module for age verification?
I don't see it as coincidence that with all these laws passing, suddenly he announces a secure, "controlled", "locked down" version of systemd. Why, RedHat and Ubuntu can simply drop in this new variant, pay a small fee, and be done with compliance.
I have no idea if Meta is driving these, but the only way it would make sense for them to do it is if they saw age-verification as inevitable and would prefer to pass on the costs/liability of implementation to the app store providers. If they didn't see them as inevitable, then it makes no sense for them to be pushing for these as they are fundamentally against their own growth.
"But there is an obvious solution: mandate the operating systems (iOS and Android) to share device users' ages when they download apps from the app stores – data the operating systems get as part of the hardware acquisition already. This would be a simple one-step way for parents to control all the different apps that their kids use (in the US, the average teen uses forty different apps per month) and would remedy the fractured app-by-app approach we have today. We should make a societal judgement about whether to set these age limits for smartphones or social media
use at thirteen, fourteen, fifteen or sixteen, then write it into law." in How to Save the Internet by Nick Clegg
If we want really a set up where a child does not access it...
Psychology has a higher success rate...just tell them that their parents use it....
There are many systems where accuracy is loose and that is its core feature...for example postal addresses worldwide...I can a mistake in the address but the letter or package will still get there...
Oh look, the Heritage Foundation, the ones who wrote up the "Project 2025" agenda for most of the corruption and authoritarianism that has plagued America in the last year.
The very last people you should trust when it comes to "protecting the children."
To me it feels that the age verfication (adult de-anonymisation) push, at least in Europe, is coming more from the increasingly-authoritarian left as a reaction to the rise of the online right and Musk's Twitter.
(Maybe some unspoken element of concern over social media bots, too - as they evolve from spamming copy+pasted comments to being near-indistinguisable from actual human accounts?)
It would be interesting to see a similar lobbying breakdown for the EU and UK. I bet it's still Meta with other right wing actors. The left rarely has the money for this kind of lobbying scale
Heritage has been laying waste to America my whole life. They basically planned all of Reagan's legislative agenda, too, just like Project 2025 is doing today. In very real ways, they and their vision are America (a system is what it does, not what it says it does).
The idea that it might cost "someone" $2 every time a user opens and app AND it sends a bunch of private data to a 3rd party is completely dystopian, let alone everything else.
And a serious question: with deepest respect to the author for their extraordinarily impressive time and effort in this investigation... Why was this not already flagged by political reporters or investigative journalists? I'm not American so maybe I don't understand the media structure over there but it feels like SOMEONE should have been all over this way before it's gotten to the point described in this post.
When a megacorp funds a network of non-profits to lobby a bunch of politicians, draft legislation, and tell them to take it to committee, that can happen without much visibility, especially when it's been orchestrated at the state level, as this has. Where does any of this show up until there's a vote called on it? There's no open debate. No working "across the aisle" to address concerns. There's nothing left of the legislative process that started this country, or, indeed, any Western representative democracy. So someone has to be watching, see something on an agenda that raises the hairs on their necks, figure out what it is, and if there's a story there, and they're not going to get any help from anyone because everyone involved knows how the public is going to feel about it. And then, as the article indicates, even a place like Reddit is going to astroturf the effort to get the story out. (Which I've been trying to point out for YEARS, but which -- surprise, surprise! -- gets supressed.)
Mainstream media is largely captured by the same monied interests as discussed in the reddit post. Although the poster does mention an article from Bloomberg as evidence, most of their sources are local outlets or tech-focused. https://github.com/upper-up/meta-lobbying-and-other-findings...
Your website send request to the users for access to private networks. That´s called invasive. Hacker news should not allow posts with this kind of websites.
The OP’s point can be interpreted as describing the automation and mechanization of this kind of targeting, which would likely become necessary if the scope of prosecuting so-called “thought crimes” continues to expand.
age verification is always a backdoor for some nefarious constitutional rights-infringing policy because every child has their parents legally responsible for their well being and all the legal aspects as well. in other words, parents have the responsibility, and authority, to enforce what devices and what websites their kids are allowed to visit, and no silicon valley epstein pedos run by mosad should have any involvement in any of this whatsoever.
This is how bad journalism results in conspiracy theories.
I looked at the original analysis and it was fraught with language that leads to specific conclusions. It was most certainly LLM aided, if not generated.
I am not ascribing malice, but the author seems inexperienced with the repercussions of making assertions out of partial knowledge.
Also: Good grief, this article is also written via LLM! Human+machine comes up with theory that goes viral, and then Humans+machines amplify it? Is this the brilliant future we have to look forward to?
If politicians care so much about protecting children, then why aren't they going after the rich and powerful child abusers mentioned in the Epstein files?
Nobody is trying to age restrict the safari app (like a movie theater), but I don't see why websites or parts of websites can't be restricted like individual movies are as they are given a rating by an authority.
But other apps entirely like dating apps? or only fans? can probably be entirely restricted to some age.
This isn't even a hard question. The movie theater is open but movies that are rated R are not. In this case, Reddit.com is a movie theater, subreddits are movies. The website might be open, but not every subreddit is. This is in fact how Reddit already operates, age verification is just a joke right now.
Have you given any movie theaters a permanent and persistent copy of your ID lately? Your phone number? Make them a list of anything and everything you've read about lately?
What is the fight over? It semes like some people are fighting over age restriction at all, and others are fighting over the specific exchange of age proof mechanisms.
This is very lazy AI generated content, as admitted toward the end of the document.
Clicking through to the "findings" shows that they didn't even try to feed proper data into Claude when the AI bot was blocked or couldn't access the documents. Some examples:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So Claude then goes on to propose "Potential Role" that postulates connections might exist, but then caveats it by saying that no evidence was found:
> This negative finding is inconclusive due to inability to access Schedule I grant detail data in the actual 990 filings (PDF downloads returned 403 errors, and ProPublica's filing viewer loads data dynamically).
This is what happens when you try to lead an LLM toward a conclusion and it behaves as if your conclusion is true. Hacker News is usually quick to dismiss incomplete and lazy LLM content. I assume this is getting upvotes because it's easy to turn a blind eye to the obvious LLM problems when the output is agreeing with something you believe.
so as to not hold the liability bag, devs will publish the majority of their apps as 18+ (we're back to the 2000s with porn banner ads everywhere), and children will ask their parents to use their computer (orly owl).
This truly is the best democracy money can buy. As long as money and/or favors change hands in exchange for getting favorable laws passed, it's just legalized bribery and buying off your own "democracy".
And it snowballs, the more favorable laws someone buys, the more favorable their position, and the more they can buy in the future. The transition from "democratic facade" to "outright oligarchy" will be swift and seamless.
It's an important story, and I'm glad it's getting exposure, but this "article" is some really blatant AI slop. Go and read the original Reddit thread by the human being who did the work instead of this lazy regurgitated shit.
It appears that the original "research" was also pure AI slop--someone just asking Claude and quickly slapping together whatever it said. It's very low quality and should not be getting this much attention.
What makes you think it's "blatant AI slop"? I mean I agree with reading the source over something that went through a journalistic filter but you didn't even link it.
I'm surprised the "laboratory" of the globalist elite, India, hasn't implemented this yet.
Digital-ID (Aadhar) was heavily pushed by USAID and other US-deepstate associates; the same with digital-money and the "demonetization". Bill Gates's org actively tests out things on actual humans like guinea pigs, before globalizing the "solutions". These days all of this is kind of redundant since the phone-number + verification has become essentially a necessity to live in the city in any part of world today.
The prev. Govt. had considered doing this "login with your ID or no internet" scheme (to "protect" people no doubt) back in 2012s - there were explicit statements about disallowing people who would not authenticate with Aadhar, but it was shelved (likely because of their unpopularity).
If our current "Dear Leader" were to propose this, I think a significant population would opt-in simply because of a sense of belonging to a hero-worship-cult.
The state is determined to ensure that every human be their slave.
Your take in this entire ends up with you blaming Bill Gates like some MAGA tinhat? The GOP are literally the cabal of pedophilic, privacy ending, freedom crushing elites you’re looking for and this is somehow your perspective?
I suspect you only read up to the 2nd paragraph of OP's comment if that's what you got. They certainly aren't pinning the blame on Bill Gates. I don't think "current "Dear Leader"" (quotes included) is common MAGA vocabulary. Also, given the bipartisan support of the bills, funding and presence in the Epstein files, it seems unfair to include only MAGA as the "cabal of pedophilic, privacy ending, freedom crushing elites".
The primary goal of these efforts is to control communication and the flow of ideas. Information is a control mechanism, since we act on what we believe.
In history we had four media revolutions (printing press, radio, television, Internet), each greatly disrupting and reshaping society. This is the fifth (social media and maybe AI).
All these revolutions had the same theme: increased reach of information, increased speed of transmission, increased density (information amount per unit of time), and centralization of information sources.
Now we seem to reach the limits of change.
No more reach, since our information networks span the entire globe.
No more speed, since transmission times are close to how fast we can perceive things.
The only things left to change are even more centralization and tighter feedback loops (changing the information based on how the recipient reacts).
Given all that, this media revolution might be the last one, so there is a gold rush among the elites to come out on top.
The article makes one mistake: praising Europe for having a better approach. Governments here are pushing hard to force ID requirements. Sure, they start by pretending it's "for the children" and they "only want age verification". They also claim that e-IDs will be voluntary. Camel. Nose. Tent.
These are the same governments that file criminal charges when you compare lying leader to Pinocchio (Germany). The UK records something like 30 arrests per day for social media posts. Just imagine how much better they could do, if you were not pseudo-anonymous in the Internet!
I quite like the EU approach. It's a decent spec. Most countries already have digital apps to verify identity, like Denmark's MitID (https://www.mitid.dk/en-gb/get-started-with-mitid/). These could be expanded to fully EUDI compliant wallets and deliver encrypted proof-of-age without exposing any other identity.
For example a gambling site could require MitID auth, but only request proof-of-age and nothing else. You can see in the app which information is being requested, like with OAuth.
If there's no information provided beyond proof-of-age, what's stopping my friend's 18 year old brother from lending his ID to every 14 year old at school? IRL that's negated by the liquor store clerk looking at the kid who is obviously underage and seeing that his face doesn't match the borrowed card he just nervously presented.
I don’t mean to be as aggressive as this sounds but the frogs probably liked the increasingly warm water too until it started boiling. How many steps between MitID and a fork that is used to enforce extreme censorship?
Gambling sites already have payment information, which should include real names! (no, you should not be allowed to do non-KYC gambling, that's just money laundering)
Regarding the Pinocchio thing: Local police said „that‘s probably insult“ and sent it to public prosecutors. Public prosecutors investigated and said „nope, free speech“.
If you can disturb enough people that think differently, independent of the final result, you can end up silencing them. Is the same that happens with bogus DCMA claims in Youtube channels, when they negative reviews of products. For a normal guy, having the police showing up, going to court, lawyer, etc, can be a significant burden. I DO see a problem.
The investigation and the threat against your freedom and safety (the implication of prison is always that you'll be harmed in there) WAS the punishment.
Sure, but the fact remains that it was referred for criminal prosecution. They didn't follow through, this time, but the victim still had his "lesson" about insulting his betters.
And Germany really did sentence people for calling Mr. Habeck "Schwachkopf", which is about as mild an insult as you can find.
> This isn't age verification at the point of accessing restricted content. This is a persistent age-broadcasting service baked into the operating system itself, queryable by every installed application.
> Meta’s backing of DCA, part of a $70 million fragmented super PAC strategy designed to evade FEC tracking
Why is this never relevant politically? Its the same with the Epstein files, terrible things happen and we just hand-wring. It seems like the US electorate, doesn't know, doesn't care or is otherwise distracted. I don't see how the US is ever going to get shit together if it accepts this sort of corruption.
Has HN really stooped so low that we are upvoting unsourced AI slop? This “article” is sourced to a random Reddit thread and was clearly written by an LLM.
> A Reddit researcher just exposed
>The technical reality hits harder than policy abstractions.
It is actually not argumentum ad hominem, not least because this author is clearly not a person. It is extremely relevant to substance of this post that it was written by an LLM based on an anonymous Reddit commit (based on "reporting" itself written by Claude).
>If it’s clearly wrong then demonstrate.
Sorry, this does not work in the age of AI. If you don't bother writing your own words, then no one should bother responding to them.
It has been demonstrated as being wrong throughout this thread and the original threads about it.
The original report was AI slop from Claude Code. If you go to the repo it doesn’t even claim that Meta spent $2B, that’s just a sum of a lot of numbers Claude could find, not the number that Meta spent on lobbying this.
How is this preventing anyone booting up an old pc and sharing a usb key data. This is utter nonsense made to control people and instigate fear and self censorship... this is 'the system' discovering the internet in slow motion and immediately pushing its boot over it. We live in an artificial moral panic that should have no place in the minds of smart people.
Just generally, a good piece of context to keep in mind whenever you see electronic surveillance, backdoor, or anonymity-piercing legislation or legal efforts, _particularly_ when they're framed as protecting minors, is that Jeffrey Epstein's primary mode of communication with his co-offenders was Gmail, frequently via a BlackBerry.
If Citizens United is not challenged, we will end up being governed by corporate billionaires. Forcing age verification down our throats will be the least of our worries if this continues.
Am I the only person who recognized that this bill explicitly does not require any sort of id verification? The point is to make apps and websites more accountable.
I am now waiting for Gruber (daringfireball.net) to post another rant about how terrible EU regulation is.
Zero-knowledge proofs are the way to go for this type of thing, I find it mind-boggling that the US lets itself be bamboozled into complete lack of privacy.
I am from EU, and contrary to age verification laws in general.
My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.
Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS
> Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS
To be honest, I worry that the framing of this legislation and ZKP generally presents a false dichotomy, where second-option bias[1] prevails because of the draconian first option.
There's always another option: don't implement age verification laws at all.
App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried.
Yes! This is the way, give parents the ABILITY to advertise the users age to browsers, apps and everything in between. Only target cooperations, do not target open source projects. Fine websites for not using this API (ex: porn sites). Assume an adult if not present.
that is correct the parents are meant to pass on morals and parent the child. If the parents fall through, there is the community such as church, neighbors, schools etc. The absolute last resort is government or law enforcement intervention, and this should be considered an extreme situation. But as John Adams noted, "Our Constitution was made only for a moral and religious people" -- in other words, all these laws start to rip at the seams when the fabric of society, the people who make up the society no longer have morals. But I appreciate this article in general, we need to fight against mass surveilance at all costs.
"mechanism to enforce that is parental control on devices."
Meh, I use it, but it's super annoying and I think that with my Daughter I'll take a different approach (but it will be some years before that is relevant).
On Android: The kid can easily go on Snapchat (after approval of install of course, and then you can just see their "friends") before Pokemon Go (just a pain to get working, it keeps presenting some borked version which led to a lot of confusion at first). I just lied about his age in a bunch of places at some point. Snapchat is horrible and sick from our experiences in the first week.
On Windows: It's a curated set of websites (and no FireFox) or access to everything. It's not even workable for just school. Granting kids access to our own minercraft servers: My god, I felt dirty about what the other parents had to go through to enable that.
> My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.
Imho there is a place for regulation in that, actually. Devices that parents are managing as child devices could include an OS API and browser HTTP header for "hey is this a child?" These devices are functionally adminned by the parent so the owner of the device is still in control, just not the user.
Just like the cookie thing - these things should all be HTTP headers.
"This site is requesting your something, do you want to send it?
Y/N [X] remember my choice."
Do that for GPS, browser fingerprint, off-domain tracking cookies (not the stupid cookie banner), adulthood information, etc.
It would be perfectly reasonable for the EU to legislate that. "OS and browsers are required to offer an API to expose age verification status of the client, and the device is required to let an administrative user set it, and provide instructions to parents on how to lock down a device such that their child user's device will be marked as a child without the ability for the child to change it".
Either way, though, I'm far more worried about children being radicalized online by political extremists than I am about them occasionally seeing a penis. And a lot of radicalizing content is not considered "adult".
Same here, EU citizen who thinks parents should do some parenting, after all. However, try to confront "modern" parents with your position. Many of them will fight you immediately, because they think the state is supposed to do their work... Its a very concerning development.
I'll go further. As a human being, I am responsible for myself. I grew up in an extremely abusive, impoverished, cult-like religious home where anything not approved by White Jesus was disallowed.
I owe everything about who I am today to learning how to circumvent firewalls and other forms of restriction. I would almost certainly be dead if I hadn't learned to socialize and program on the web despite it being strictly forbidden at home. Most of my interests, politics and personality were forged at 2am, as quiet as possible, browsing the web on live discs. I now support myself through those interests.
We're so quick to forget that kids are people, too. And today, they often know how to safely navigate the internet better than their aging caretakers who have allowed editorial "news" and social media to warp their minds.
Even for people who think they're really doing a good thing by supporting these kinds of insane laws that are designed to restrict our 1A rights: the road to hell is paved with good intentions.
Even with ZKP this is still highly problematic, it create difficulty for undocumented people to access the web, create ton of phishing opportunity, reinforce censorship on most site (as they will now all need to be minor compliant or need age verification), reinforce the chilling effect and make the web even less crawlable/archivable (or you need to give a valid citizen ID to your crawler/archiver).
With no proof it will protect anyone from proven harm.
>it create difficulty for undocumented people to access the web
Why is this such a sticking point in US politics? If the "undocumented" people aren't supposed to be in the country in the first place, why should rest of society cater to them? Even if you're against age verification for other reasons, dragging in the immigration angle is just going to alienate the other half of the population who don't share your view on undocumented people, and is a great way to turn a non-partisan issue into a partisan one. It's kind of like campaigning for medicare for all, and then listing "free abortions and gender affirming surgery" as one of the arguments for it.
Though the EU is at large keeping it's composure with this. My only criticism towards the EU as an EU citizen is how slow and bureaucratic the EU is and that decisions that should be made on the fly are dragged on forever.
That said, government agencies have been doing a terrible job at keeping the private information of citizens safe. But it is nowhere nearly as bad as the US. My best childhood friend died in very questionable circumstances in 2009 in the US in very questionable circumstances. He had a US citizenship and we never really found out what had happened(to the point where we never really got any definitive proof that he had died). But that didn't stop me from trying and I was blown away by the fact that I could log into a US government website, register with a burner mail, pay 2 bucks with an anonymous gift credit/debit card and get a scanned copy of his death certificate in my email. And I didn't even have to provide his passport/id/anything. Just his name.
Point is, the US has been terrible at privacy for as long as I can remember. It is probably worse now with Facebook and Ellison holding TikTok.
The critical thing is not so much "Americans" as "big money". Big Russian money is also a threat. Big Chinese money .. well, there's a bit of that about, but it doesn't seem to have shown up at the legislation influencing layer.
> I was blown away by the fact that I could log into a US government website, register with a burner mail, pay 2 bucks with an anonymous gift credit/debit card and get a scanned copy of his death certificate in my email. And I didn't even have to provide his passport/id/anything. Just his name.
Death certificates become public record after a period of time, depending on the state. In some states it’s 25 years after death, some more, some less.
As far as I can tell this is the same as in the EU: Death certificates can be publicly accessed for a fee after a period of time defined by member states.
I found some comments saying death certificates in the UK could be accessed as early as 6 months in some locations.
So I don’t see this as the US being uniquely terrible on privacy. This is how most of the western world does it. You just had experience with the US and assumed EU was different.
> we never really found out what had happened(to the point where we never really got any definitive proof that he had died).
I’m sorry for your loss, but doesn’t this imply that the US did do a good job of protecting his privacy? It wasn’t until the time limit had passed that you were able to find the death certificate.
Death certificates are public records (at least in the UK) so why shouldn't you be able to get one? I think the alternative, where people's deaths could be kept secret by the state is a far greater risk than the privacy rights of the dead (GDPR type laws generally apply to the living).
I don't know about elsewhere but in the UK anyone can apply for any death certificate going back to 1837.
No, the way to go is the California way. The device owner (root user) can enter the age of the user. Restrictions are applied based on that. Nothing is verified.
The same argument could be said for other age verification methods. Nothing stops a kid from getting their older cousin to verify their identity for something and it will never be possible to prevent this.
Zero-knowledge proofs are only anonymous in theory if you ignore the issue of requiring a third party, and the issue of implementations.
And according to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
You are missing the point. The real purpose is to control the Internet and free speech. They've been trying this for ages. Now the excuse is protecting children. Soon terrorism will be back. And don't forget aոtisеmіtism, too.
Not exactly a good moment for this particular caste of politicians/elites to pretend they care about children's well-being!
The internet we grew up with is nearly gone. For my part I've downloaded most of what I want and am trying to move more towards physical books. I think in the future, the internet could be a lot like cable TV. The value it brings is not worth the costs it imposes.
Seeming as this affect everyone .. Is there anything like and Open Collective .. grassroots consortium, to put together strong sensible zero-knowledge proof based policy examples that could be given to law-makers instead of this shadowy surveillance Trojan horse nonsense?
> Zero-knowledge proofs are the way to go for this type of thing,
The benefit of zero-knowledge proofs is that the hide information about the ID and who it belongs to.
That’s also a limitation for how useful they are as an ID check mechanism. At the extreme, it reduces to “this user has access to an ID of someone 18+”. If there is truly a zero-knowledge construction using cryptographic primitives then the obvious next step is for someone to create an ad-supported web site where you click a button and they generate a zero-knowledge token from their ID for you to use. Zero knowledge means it can’t be traced back to them. The entire system is defeated.
This always attracts the rebuttal of “there will always be abuse, so what?” but when abuse becomes 1-click and accessible to every child who can Google, it’s not a little bit of abuse. It’s just security theater.
So the real cryptographic ID implementations make compromises to try to prevent this abuse. You might be limited to 3 tokens at a time and you have to request them from a central government mechanism which can log requests for rate limiting purposes. That’s better but the zero-knowledge part is starting to be weakened and now your interactions with private services require an interaction with a government server.
It’s just not a simple problem that can be solved with cryptographic primitives while also achieving the actual ID goals of these laws.
Not sure what the Gruber thing is about. I guess I lack context. But on ZKP, I will agree but add this:
The only authority that can be trusted to do age verification is the government.
You know, those people who give you birth certificates, passports, SSNs, driver's licenses, etc.
The idea that parental supervision here is sufficient has been shown to be wholly inadequate. I'm sorry but that train has sailed. Age verification is coming. It's just a question of who does it and what form it takes.
Take Youtube, for example. I think it should work like this:
1. If you're not of sufficient age, you simply don't see comments. At all;
2. Minors shouldn't see ads. At all;
3. Videos deemed to have age-restricted content should be visible;
4. If you're not logged in, you're treated as an age-restricted user; and
5. Viewing via a VPN means you need age verification regardless of your country of origin.
They're a government contractor specializing in identity and a monopoly who loves not being regulated. They're really a straw donor - this is the government donating money to lobby itself. All of this is money leaving the government proper and being put through barely two degrees of indirection to be sent both to politicians whose job is to direct the government, and to the media to misdirect the public.
This (an end to general purpose computing) isn't anything that people can prevent through civil channels. It will happen with or without public approval. You will have as much control over it as you had over the decision to go to war with Iran. It will never be on any ballot. People who help will get rich, people who don't, won't. Eventually, people who help will barely be middle class, and people who don't, won't. Their kids will own your kids.
AI companies are also donating tens of millions to these PACs and others that are promoting age verification laws, it lets them sell AI content rating systems using their models.
This doesn’t make sense, how do these fake accounts bring revenue ? I thought the end goal is to improve conversion rate by removing the “bots” and this would therefore lead to higher ad spend and more money to Facebook direct
I’m curious why Meta would benefit. Meta seems wholly unnecessary, the verification can be done at the OS level, completely in the hands of Apple/Alphabet and maybe Microsoft.
If anything, Meta’s utility would seem to shrink if the OS handles proof of being a real person.
Regulatory capture through a higher barrier to entry. Any social media platform that wants to compete with Meta's portfolio will now also need to have an age-verification system in place (which is guaranteed to introduce higher costs). Meta can likely afford to eat the costs here as a tradeoff for the higher impact on smaller players.
It also gives them more information on users as a bonus. Further, verification with a real ID is also a quite effective barrier against excessive bots.
Meta's entire business model lives on ad deals that are not on the frontend. They are in the data business and this campaign is to get access to more data without an option to opt out. Who takes the data doesn't really matter.
1. It deflects any obligation that would have landed on Meta itself to do age verification (which is what the regulators have long asked for).
2. It gives Instagram/Facebook/Messenger the ability to deliver the right ads to the right audience. It's free targeting data.
Wasn't it Apple that was trying to get Meta to implement age verification in the first place? So, Meta is trying to get them to do it, which seems right.
Doesn't apple already check your age when you make an Apple account? using credit card information (before you use any app)
It already feels enough to me.
Anyone reading this purely as a child safety or campaign finance story might miss the broader architectural war happening here. If you zoom out a little, this is the inevitable, scorched-earth retaliation for Apple's ATT rollout from a few years back.
Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
It's the US, all you have to do is drive a truckload of cash into Mar-A-Lago and you'll get whatever you want.
Arabella Advisors is about the farthest thing from MAGA you can imagine.
5 replies →
>Gotta give it to Zuck.
if "it" is the middle finger, for sure. "terrifying" is a great choice of word for it.
I was equally impressed/terrified by Apple's marketing blitz around client-side-scanning. So many people got paid to advocate for that, and the community barely convinced them it was a bad idea. There's not much hope left for any of FAANG deliberately resisting surveillance.
2 replies →
Idk the low road is generally the easier one.
That law is perhaps an annoyance for Apple, but it can't cost them billions, can it? I seriously doubt that it would cost Apple more than the several hundred million dollars Meta still needs to funnel in order to get those laws passed in more states.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
> That law is perhaps an annoyance for Apple, but it can't cost them billions, can it?
The CEO has 24h in the day, and he/she is asked to be deposed (laws and legal system has that power), it chips away from grand visions. It isnt just money, you cant just stand up a team and be done with it. Everybody will be coming at you.
Expect to see a lot "Y alleges Apple didnt do enough to protect kids" and the burden of proof will be on Apple to make their executives available.
4 replies →
Well, I certainly prefer if big tech fight each other instead of the user as sometimes there might even come something good out of it - like elevated privacy in Apple's ATT case.
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
Sometimes something good (ATT). Sometimes something bad (this terrible age-verification thing that is a huge barrier to entry for small entrants and comes with massive state surveillance risk).
In the end, all the little people are just collateral damage or occasionally they get some collateral benefits from wherever the munitions land.
4 replies →
All they had to do was exempt free and open source software from the requirements, which are unworkable in the FOSS context anyway, and they would have gotten away scot-free with their tech company pillow fight.
But no, they had to let collateral damage frag the free software crowd, which is inconsequential to their aims anyway, but 100% a huge concern for those suffering the collateral damage.
They fight each other by stomping on users.
I would hesitate with reading this and drawing any conclusions at all.
The methodology appears to be LLM driven, and the contextual framing which the conclusions are couched in, drive conclusions to a specific direction.
It does not clarify between two readings
1) Meta is driving Age verification efforts
2) Meta is being opportunistic with age verification efforts to further its own goals
The larger macro picture is that voters globally are tired of Tech firms and want something done about it.
The second macro trend is the inability of governments to handle/control tech, and are looking for reasons to bring tech to heel.
That’s context results in a sufficiently different degree of culpability and eventual path to resisting privacy reducing regulations.
Or its a prelude to nationwide digital censorship.
Truly disgusting. Wish these corporations would find ways to screw each other over without also screwing over normal people.
Screwing over normal people and their rights is a feature, not a side effect.
I'm incredibly dubious of the conclusions of this researcher. Claude Opus was used to gather and analyze all of the data.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
I agree. I tried reading some of the documents and they're full of this:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
Some of these are also just like really weak? One of them for example seems to be some random employee at FB donating ~$1k to a politician and calling that a link. The entire "Proven Findings" is all over the place and provides no coherence. I don't think it's a particular secret that Meta would prefer age verification be done at the OS level so I'm not really sure what the added claim here is.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
This is a fascinating report, not because of the content or even quality of the report, but because of the way it was generated. It is an AI generated report dumped into GitHub and has made it onto the front page of Hacker News with over 1,000 upvotes and many comments.
This type of GitHub-based open-source research project will become more common as more people use tools like Claude Code or Codex for research.
It's not slop when it confirms my biases. /s
1 reply →
I came here to say that this is pretty much my view having poked around a little bit as well.
This file does not exactly fill me with confidence: https://github.com/upper-up/meta-lobbying-and-other-findings...
In one part of the report, there seems to be this implicit assumption that Linux and Horizon OS (Meta's VR OS) are somehow comparable and that Meta will be better equipped than Linux if age verification is required.
It doesn't explicitly say "This will allow Horizon OS to become the defacto OS and Linux will die out" but that seems to be the impression I'm getting which uhh... would make zero sense.
More broadly, this entire report (and others like it) are extremely annoying in that I've seen some Reddit comments either taking "lots of text" as a signal of quality or asking "Does anyone have proof that these claims are inaccurate" which is
a) Of course entirely backwards as far as burden of proof
b) Not even the right rubick because it's not facts versus lies, it's manufactured intent/correlations versus real life intent/correlations (ie; bullshit versus not)
All of this could be factually true without Meta being smart enough to play 5D chess
>taking "lots of text" as a signal of quality
Or of authority, when they're not equipped to evaluate the data first-hand.
The Gish gallop technique in debate overwhelms opponents with so many arguments that they're unable to address them all before the time limit. Reports presented like this are functionally that, but against reader comprehension and attention.
Similarly, being the first, loudest, or only voice claim is unreasonably effective at establishing perception of authority, where being unchallenged is tantamount to correctness. This also goes both ways; censorship in media, for instance, can be used to promote narratives by silencing competing views, like platforms selectively amplifying certain topics to frame them as more proven and widely supported than they might actually be.
It's unfortunate that inexpert execution often positions well-meaning and potentially correct arguments to be discredited and derided by prepared opponents before their merits can be established. In this case, it may be true that Meta may have organized a well-coordinated shadow campaign for legislation using technically legal channels, but I'm sure they've anticipated this at some point, or are relying on the inertia of the system and initial buy-in to force the course.
Concur. The data is not independent of the conclusions reached, and feels very Reddit research like - (à la Boston bombing).
In this case they have named individuals and firms as well, without the degree of diligence that such call outs should warrant.
In its current state, I would count it as a prelude to witch hunts.
I know most of this affects only the US, but I'm wondering where this will go in the EU if the Age Verification Tech goes ahead in America. There's been lots of efforts to increase surveillance disguised as protection for kids in the EU and UK.
The Swiss implementation of eID may be hint that governments may/will take the responsibility to implement and maintain the tech, but the multiple intrusions and lobbying by Palantir and friends in the EU gives me the ick.
The Swiss eID is open source[1] and it's usage will be limited. Any type of age verification for online service would need go to a vote and would probably loose. "Eigenverantwortung", it is the parents job to look after the kids, not the state.
[1] https://github.com/swiyu-admin-ch
You can't just push responsibility for the kids to the parents, where is the world going? This is madness.
The next thing you are going to claim kids from young age shouldn't have fully unlocked smart phones, shouldn't install any app and so on. Where is the end of this? Are you telling me parents should spend more time with kids, heck even be their role models although it is much harder compared to just giving up on them and let the glorious internet and various fashionate toxic tribes raise them? Blasphemy!!!
38 replies →
The EU, unfortunately, has shown to be very susceptible to this kind of lobbying in the past. We regularly see legislation that is being rammed and rushed through in spite of vocal opposition. I would be very, very worried. (EU citizen)
The EU puts a nice shine on things, but there are systemic and fundamental characteristics of the EU that not only make it more susceptible to "lobbying" and ignoring the electorate; which are also far more difficult to change by that electorate than in the USA where we still have direct elections of individuals not party lists (in most cases) that cause total loyalty to the party, not the constituency.
3 replies →
The Swiss eID is designed the way it is to comply with the EUs digital ID proposal so I wouldn't doom this early.
(this one: https://digital-strategy.ec.europa.eu/en/policies/eudi-regul...)
This is because it's not an EU/Canada/US thing as much as some would like to make it. It's a "losing that one election" thing. "What about the Children" always sells. What the EU/Canada have is that the US got hit with this wave first so they can see the results. That's a data point the American Voter only had in theory, not in example form. The recent uptick of nationalism has people thinking there's some essentialism between states and there really isn't - anyone who's travelled in more places than the city knows it.
What examples of this do you have in recent years (post 2016)? The clearest example of lobbying (chat control) has repeatedly been struck down.
21 replies →
Yep. Sadly the EU is more or less lost, and freedom online will be squashed. I would not be surprised if age verification will tie in with the EU digital wallet, and with the EU democracy shield surveillance project, so that any opposition to Brussels ideological stance will get you disconnected from your bank, money, purchases, and your ability to ID yourself.
Basically, the chinese, through WTO, managed to utilize corona to show politicians, regardless of color, the enormous power of complete digital control of the population.
Our spineless and incompetent EU politicians thought it very erotic, and are now ramming it down our throats.
I don't really see a way to stop this apart from moving to south america or africa, to a small country with a weak government.
Not only the US. In the updated post [1] that was deleted at Reddit [2], it is commented there are three firms confirmed operating for Meta in both EU and US jurisdictions,
Firm: Trilligent (APCO Worldwide subsidiary), EU Role: EUR 680K for AI Act, DMA, DSA. US Connection: APCO offices in DC; Meta VP calls them "integrated members of our Meta team".
Firm: White & Case LLP, EU Role: EUR 50-100K. digital markets/services. US Connection: Lead international outside counsel, 70+ lawyer team.
Firm: FTI Consulting Belgium, EU Role: EUR 10-25K. US Connection: Subsidiary of FTI Consulting Inc (NYSE: FCN, HQ Washington DC).
[1] https://web.archive.org/web/20260314074025/https://www.reddi...
[2] https://www.reddit.com/r/linux/comments/1rtd51g/update_i_pul...
This sounds like the mere tip of the iceberg, as it is commented that they maintain two separate networks with no overlap (their age verification lobbying goes through local specialists with no international footprint).
Edit:
https://www.lobbyfacts.eu/datacard/trilligent?rid=5168569461...
Trilligent (APCO Worldwide subsidiary), clients for closed financial year, Jan 2024 - Dec 2024,
- meta platforms ireland limited and its various subsidiaries, 50'000€ - 99'999€: EU Green Deal, EU AI Act, the European strategy for a better internet for kids (BIK+), online safety.
- verifymy limited ( age verification business), 0€ - 10'000€: Digital Services Act; eIDAS Regulation; Strategy for a better Internet for kids (BIK+); EU Artificial Intelligence Act; General Data Protection Regulation.
- user rights gmbh, 0€ - 10'000€: Digital Services Act.
The UK is absolutely picking the most stupid option (delegate it to US companies doing face recognition)
Is it stupid or intentional? I believe the latter. There are many layers that these kinds of things go through before they are pushed in that manner and not in a "smart" manner that respects rights of the majority of the population. They are chasing this path for deliberate reasons, regardless of what they may be, or whether you like it or not. Ironically, they can only engage in these "stupid" things because people don't force them to not engage in "stupid things". Silence in consent in these kinds of cases.
I keep emailing my (Labour) MP about this, I suggest you do the same! I get the standard "protecting the children" response. I am not voting Labour again if this madness is still in place (or worse!) at the next GE.
1 reply →
Right, if these countries want these laws at least ensure the verification is all done within the country in question and the data never leaves.
Of course, that defeats the entire point of the exercise.
As mentioned in the article, the EU already has a different plan
Why do you think the EU would not also jump on the bandwagon if the OS makers have already done the work to comply with US laws? It would be less work on the OS makers to make it for all users rather than trying to determine what jurisdiction the computer was being used and to know if the verification was necessary based on that.
This does not only affect the US. They're ramming this kind of bullshit into law in Australia too. As rapidly as they can.
Probably off topic, but is the cringey wordplay between e-ID and Eid (as in Genossenschaft) intentional in Switzerland?
https://www.eid.admin.ch/en/e-id-e
> The Swiss implementation of eID may be hint that governments may/will take the responsibility to implement and maintain the tech Switzerland will be the exception, not the rule when it comes to internet ID debauchery.
> ... but I'm wondering where this will go in the EU
There's more money spent in lobbyism in the EU than anywhere else in the world. Lobbyism and downright corruption: like Qatari bribing EU MEPs [1] and police finding 1 million EUR in bills hidden at a MEP's apartment (in this case a bribe to explain publicly that Qatar is a country oh-so-respectful of human rights).
The EU is way more corrupt than the US and in many EU countries there's little private sector compared to the US. In France for example more than 60% of the GDP is public spending and all the big companies are state or partially state-owned or owned by people very close to the state.
And as to american companies bribing EU politicians: it's nothing new. IBM and Microsoft for example are two names everybody in the business knows have been splurging money to buy influence and illegal kickbacks have always been flying. It's just the way things have always been operating. Today you can very likely add Google and Palantir etc. to the list but it's nothing new.
EU politicians are whores. And cheap whores at that: investigative journalists have shown, in the past, the little amount of money that was needed to buy their votes. Most of them go into politics to extract as much taxpayers money as they can for their own benefit. They of course love to get bribes.
Also to try to not get caught, EU politicians voted themselves special powers and it's very difficult for the regular police to enter official EU buildings. I know an police inspector who went and arrested a MEP for possession of child porn: it required a very long procedure, way longer than usual, and the request of special authorization allowing them to enter the EU parliament (or EU commission, don't remember which but I think it was MEP at the EP).
American companies bribing EU politicians should scare you indeed: it's been ongoing since forever.
> The Swiss implementation of eID may be hint that governments may/will take the responsibility
Switzerland is in Europe but it's not in the EU: it's not representative of the insane corruption present in the EU institutions.
[1] https://en.wikipedia.org/wiki/Eva_Kaili
Is there any evidence Palantir is doing any of this? Doesn't really seem like their wheelhouse?
https://www.lobbyfacts.eu/datacard/palantir-technologies-inc...
https://www.lobbyfacts.eu/datacard/palantir-technologies-inc...
Lobbyists having Palantir as a client:
FTI Consulting Belgium,
https://www.lobbyfacts.eu/datacard/fti-consulting-belgium?ri...
one hypothesis for why meta wants this is because AI (including its own push for it) has turned much of the internet and its social media platforms into slopfarms and clickbots that advertisers are increasingly moving away from.
The real driver is as always, ad revenue. This time, advertisers want and need to know a real human is engaging the brand and Meta cannot see any other way in sight to assure this fact save for age verification.
this is just the latest evolution of surveillance capitalism.
[dead]
I think age verification laws are good in principle - there's a lot of stuff on the internet that people should be protected from. But it's the manner of age verification that is the issue.
The EU has zero knowledge proof age verification systems, e.g. through your bank, which are secure and don't involve sending a copy of your ID and / or face scan to a dodgy US based 3rd party.
I disagree. What if, hear me out, parents actually parent, instead of relegating the parenting to companies, and ruining the internet for the rest of us?
19 replies →
Zero knowledge is not true. All chains rely, ultimately, on a place where ID:s are stored, and from there, they will leak. That place can also be engineered to undo the zero knowledge design. Couple that with the already in place, surveillance by ISP:s within the EU, and it becomes obvious that zero knowledge is a scam, and only valid under unreal conditions that will never apply in the EU, and only in isolation, and not looking at the entire system.
1 reply →
I think these laws are a poor second-best substitute for proper moderation on the big content platforms.
As it stands one should be happy if Meta catches most calls for the extermination of an ethnicity on its platform, that they would provide capabilities that allows a kid to protect themselves from bullying or grooming is just unimaginable.
The US has a large unbanked population that is currently fighting the trend of places discovering they can get rid of undesirable poorer customers by refusing to accept cash. These people would then lose access to many services on the Internet now due to parents refusing to parent.
I expect the internet to be overrun with noise due to bots. So I have a feeling that eIDs are inevitable as a solution in the long run. If that is the case shouldn't we push for zero knowledge solutions?
> The EU has zero knowledge proof age verification systems
No, they don't. And they can't.
1 reply →
Apparently most of the “original” report was done by Claude (https://news.ycombinator.com/item?id=47366804). And now paraphrased on various ad-space (and in this case affiliate link) sellers, probably also by Claude. Claude is the only real journalist here.
Personally I’d rather not see reposts of posts this recent, especially LLM posts.
I came to the comments dissatisfied with the writing.
Or maybe more specifically the structure, idk not much of a writer, but many of the sentences are solid journalist quality yet the right background is not being set nor the right transitions being given etc.
My dissatisfaction mode used to be boring high school newspaper sentences but the kids still seem to _assemble_ the details a tiny bit better.
Agreed. IMO your comment should be at the top. (Would it make sense to post it at the top level, so that it can be voted up independently?)
I've moved it to the top level and into the merged thread.
(This subthread was originally a child of https://news.ycombinator.com/item?id=47411314.)
These discussions remind me so much of the US discussions about federal ID documents as verification.
There's a vocal portion of people which opposes any solution because "privacy, government overreach, surveillance ...". So instead of a solution like e.g. zero-proof age verification, that tries to minimize intrusions on privacy, the result is the worst of all worlds, maximum surveillance (but I guess it's ok if it is not the federal government, but meta), with minimum utility. Just look at the freaking mess that is trying to proof your identity in the US.
For there to be a solution, there needs to be a problem. These bills are not addressing a problem. Assume the online platform has a video feed of my kid, or their SSN, or a zero-knowledge-proof of age, or whatever.
Now, what will the platform do with it? Concretely? As in: Name one bad outcome a reasonable parent would care about that's prohibited under these bills. If the bad thing happens due to willful negligence, then there needs to be some actual material consequence to someone at the platform provider.
The Illinois bill prohibits financial transactions, and feeds engineered to be addictive.
10 replies →
>Name one bad outcome a reasonable parent would care about that's prohibited under these bills.
the bad outcomes don't need to be prohibited under these bills. it's already illegal to, for example, distribute pornography to minors. which i think is something that a reasonable parent would have a problem with.
but if there is no way to determine who is a minor and who isn't, then it's impossible to determine the difference between "willful negligence" and regular old negligence and enforce any consequences for breaking that law. age verification laws are about mechanisms to make other, already existing laws actually enforceable.
3 replies →
I can't speak for proof of identity in the US, but please understand that digital privacy is a slippery slope we're already sliding down, it is not unreasonable to be critical of any privacy violating initiative, because privacy is never given back, only taken away.
this position assumes the surveillance state or megacorps would be satisfied with a zero knowledge proof based ID/age verification system, which is not at all obvious to me
meta could spend their billions lobbying for that, if they wanted to
edit: to be clear, I do think a government developed and maintained ZKP ID/age system is the best possible compromise, I just don't think we have any chance of getting it
It's a bait and switch that can be seen by even Ray Charles from a mile away. ZKP assurances is just part of the high-IQ "useful idiots" spreading buy in for the bait.
Please explain how opposition to privacy invasive solutions result in even more privacy invasive solutions being implemented? Is it purely out of spite from the lawmakers? This logic doesn't follow.
It’s obviously worse for your privacy to have third parties handle full images of your drivers license or video of your entire face, which can then be leaked, rather than using a zero knowledge proof that only sends e.g. a birth year. And no, it’s not spite, it’s incoherence. Lawmakers are single minded seekers of re-election to a first degree approximation and will do things to get votes, even if those things don’t logically make sense together, such as requiring age verification without providing the tools for companies to abide by the law themselves.
1 reply →
Because we’re currently still in the phase where lawmakers are telling tech companies “please find a solution for this issue.” At some point, as has happened in the past with other issues, this will change to “solve this issue, here’s exactly how you have to do it.”
The logic not flowing is the point. People against a federal ID say it is government overreach into state's rights. They consider it the feds invading citizen's rights. They have no need, as it is the purview of the states. So in lieu of a federal ID, private companies are coming up with privacy invading techniques to attempt to verify age. How would one be okay with a private company's invasion of privacy yet not the government's? An invasion of privacy is an invasion of privacy regardless of the one doing the invading.
3 replies →
Ignoring the reality that some system of age (and ID verification, for certain tasks) system is desired by a significant portion of the population, and does have utility (despite the shouts for "just parent your children") is simply sticking your head in the sand. So by opposing any solution (even solutions that preserve privacy, like zero-knowledge), you make privacy concerns seem unreasonable and weaken stances opposing the more privacy invasive solutions.
3 replies →
When I hear this argument ("better the government do it than a private company") I recoil. The government is sovereign, only accepts lawsuits at its discretion, and can use violence to get its way. We also know for a fact that it abuses its powers and conducts surreptitious unlawful campaigns against its citizens.
I'm not on board with any of it, but the last thing I want is the government to control it.
The government is also, at least theoretically, democratic and accountable to the population.
Meta on the other hand is a dictatorship run by Zuck that's only marginally accountable to stockholders (which are only a small subset of the population).
4 replies →
When the government is working as intended, and have not abdicated their duties to the people, the government at least has controls over what they can and cannot do. Yes, they have a monopoly on violence, but they also in theory have lots of controls.
For example, the government cannot silence your speech, but a private company can. The government cannot share your data with others, a private company can.
Unfortunately the government has abdicated their duties and so you think they are worse than a private company.
9 replies →
This seems like a very easy problem. The government has birth records, passports, ssn, phone records, etc. so they could provide an age bracket to anybody that needs it. But instead a private corporation will get to do this and create an absolute mess à la Palantir.
An absolute mess for you. A tidy profit for them.
That requires a high level of trust in your current government and whomever is in charge in the future.
Its worth remembering how the Nazis so efficiently found Jews in the Netherlands. The Dutch government kept meticulous records, including things like your name, address, and religious affiliation. That wasn't a big deal until the Nazis rolled in, throw in some level of Nazi sympathizers in the Dutch government and it wasn't hard for them to track down anyone they wanted to find.
12 replies →
Because this does not address the problem at all. Or rather - it does not address my problems as a citizen, and it just pushes responsibility of parents onto 3rd parties and punishes everyone collectively for it.
Also fundamentally speaking - this does just take away your right to privacy. do you just let your rights be taken away?
I don't want 'minimization' of intrusion of privacy, i want no intrusion of privacy.
It’s the classic American route of attempting a technical solution to a societal problem.
5 replies →
> So instead of a solution like e.g. zero-proof age verification
A solution to what, though? I oppose any solution because I disagree with your premise: this is not a real problem. We do not need to do anything about it, and any cost would be too high.
Why exactly are you extending them the benefit of the doubt when they've proven they don't deserve it over and over again? Even if zero-proof age verification emerged as a strong political alternative I'd fully expect the final bill to have a carve out of the zero proof exemption for the government in it, a backdoor in encryption scheme essentially. Here you tell me that isn't zero proof, which is true but wouldn't change the name on the bill one iota.
https://www.aclu.org/documents/5-problems-national-id-cards
Yup. And like the Clipper chip but with much less pushback. It's a weaponized manufacturing consent campaign to fool people into giving up their privacy and anonymity with d/misinformation. It's so disgusting that state and federal legislators are giving them everything they want, well beyond regulatory capture towards absolute corruption and absolute power.
'Nobody is allowed to do it' remains a valid option.
How would a porn site operate on the internet?
4 replies →
Age verification is a non-problem.
These solutions don’t solve anything.
If a corporation has your information, multiple governments do as well, either legally or otherwise
> Just look at the freaking mess that is trying to proof your identity in the US.
Care to elaborate? I'm not sure what's a mess about a driver's license, social security card. I've never once had any issue with my identity.
Not everyone has (or can have) a driver's license and a social security card literally says it is *not* for identification because it lacks even the most basic aspects. But since the US never managed to come up with an actual system, companies started using SSNs like an identity verifier, because it is the one thing everyone has across every state. But that also makes identity theft or credit fraud trivial in the US compared to other countries.
10 replies →
You must not live in the US or have very odd patterns, I'm positive a majority of the US population have free credit monitoring due to the multiple SSN data leaks.
The situation is so bad that the SSA has to explicitly state: "Social Security card is not an identification document" https://www.ssa.gov/blog/en/posts/2023-03-23.html
1 reply →
I think they're talking about proving your identity to a non govt entity. A few things that come to mind are any platform with a KYC, they require you to upload your ID and assure you they're secure with a little lock icon.
2 replies →
The identity issuer - the government - already has the your privacy. If you have a unique identifier from the government which websites can call the government with to verify your identity, you won't lose any privacy. All the websites get is just a unique string, no date of birth, no name, no address. This approach is the cornerstone of oauth/oidc.
> I'm not sure what's a mess about a driver's license, social security card
Neither of those are accepted by various states' voter id laws, nor can you reliably board an airplane with them since RealID.
The only foolproof identity card in the US appears to be a passport (which, you know, global federal identity card... exactly what the folks against universal ids dislike)
21 replies →
This is just the moderation fallacy, pronounced with the same kind of unearned confidence in which the moderation fallacy is usually pronounced.
To put it in Godwin's terms: you're the one saying that the people denying the Jewish Question are the people enabling the Nazis. If we would just agree to the moderate compromise (fill in the blank), then the Nazis wouldn't have an excuse.
Most importantly, it's also an attack on a strawman. Nobody is arguing agains zero-proof age verification. It's probably possible, but in reality is absolute nonsense. There is no material proposal anywhere for a zero-proof age verification system that prevents individuals from being tracked. There is mathematical speculation, and proposals that vaguely and dishonestly simulate what people are pretending exists somewhere.
All of them involve individuals giving up their privacy, and insidiously substitute protecting your identity from the providers of "adult" information where protecting your identity from the government and the providers of verification services are actually the important parts. I do not give half of a shit whether some porn site knows who I am; the only reason I care at all is because they may share this information with governments and private entities that will use it to track me, manipulate me, or blackmail me.
The reason for this? Governments would lose all interest in age verification if it were possible to do it without invading my privacy. If it is possible in the abstract (which it may well be, mathematically), governments would prioritize sabotaging any company or proposal that could make it happen.
The fake proposals of zero-proofs are offering me something I don't care about in order to trick me into giving up something I value, and calling me unreasonable for not falling for it. No, I'm just not a fool.
The real solution: a legal requirement for "adult" information services to only reply to requests that declare they're from someone over the legal age to consume that information. People who give their children computers could root them to make sure that that header is stripped, you could install browser extensions to make sure that header is stripped, you could make sure that header was stripped at the router, you could make sure that everyone could make a phone call to their ISP to tell them never to allow a packet across that carried that header unless it also included a key or a password that the adults of the household could add onto their own requests.
The above methods don't take any technical sophistication at all, and would solve the problem better than computers that attested age, the computers that 14-year olds would be operating for their often computer-illiterate parents anyway.
Why aren't they used? Because this is a totalitarian game, not a serious proposal to solve a serious problem, and it is just meant to fool morons long enough to screw us all in a permanent way.
[dead]
Does this surprise anyone, just over a decade ago there was a whistleblower who said the government was spying on its own citizens. The president and half the country called him a traitor. The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification. That includes working any job that also requires the use of that tech(Basically all jobs). The only thing that talks is money and when half your workforce is not working(or buying anything because they aren't working) then things will get changed real quick. But most people don't want to do that because no one is willing to suffer short term for long term gains. The govt and 1% know this that's why they increment it slowly overtime with generic causes like "save the children"
> The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
> the way to stop it is to talk to your representatives.
I keep seeing this advice, yet whenever it actually matters, it doesn't really work
No amount of talking to representatives stopped the genocide in Gaza, no amount of talking to representatives is stopping what the US is doing now in Iran
Majority of Congress voted to continue war in Iran, despite an overwhelming majority of Americans being opposed to it
Unfortunately representatives are bought out by their donors. Nothing you say will change their minds. What will change their minds is if their donors start losing money. (i.e. Having no employees to make their product/service)
I hate to be negative here but every single time I have spoken with a representative, they will just take the party line. "Thank you for reaching out. We are doing X as advised by the department of Y based on our evidence of Z."
Then they just continue with that was already happening.
> The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification.
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
>You're busy pretending like you're going to do a boycott; they're going to boycott you.
What do you mean? They still need people purchasing software and hardware.
You can argue effectiveness, but if enough people say no, then a boycott is extremely effective. The issue is always on awareness and making people take hard actions.
2 replies →
Not working is the opposite of consumerism. Lol. Business's have one objective and that's to make a profit. You can't make a profit if you have no employees. With no employment, citizens won't have money to buy their products. So even if they have a huge inventory, it's useless. When their money stops flowing, that will make changes. And it will be swift.
Give your interlocutor an explicit alternative to consumer activism!
Just because you're a pessimist doesn't mean you have to be coy. :)
2 replies →
>You've been fooled into thinking that being victimized is a moral failure of the victim.
And you seem to have been fooled into thinking all victims are powerless.
>The only way to stop this from happening is half the >country refuse to buy any tech that implements OS age >verification.
Or, refuse to participate or use any tech that implements OS age verification (start with communication app Discord).
Women posted their government IDs, including military IDs, in a stupid Tea/Gossip app. You or I refusing to participate means shit compared to the other 90% of the population.
Snowden's story makes zero sense. Former CIA employee turned NSA contractor, making six figures, working remotely in Hawaii, one day suddenly decides he has a conscience, somehow gets laptops filled with classified documents, hands them over in the South Pacific to Der Spegiel and Glenn Greenwald, then goes off to Russia where he's lived unmolested for years, and his smokin hot girlfriend joins him and he's never faced consequences where as Julian Assange was held captive in an embassy for years. Meanwhile, every other whistle blower that went to The Intercept was subsequently arrested and Greenwald still denies it was a honey pot, going as far as to throw Whitney Webb under the bus over it.
The reason nothing happened was because Snowden is still a State Dept or CIA asset. He's an actor and/or a limited hangout of some kind to show the US government and claim to be doing absolutely insane bullshit and nobody cares. New Zealand retroactively changed their laws (clearing John Key of any wrong doing for illegally spying on Kim Dotcom), allowing the GCHQ to legally spy on all their citizens.
As far as refusing to work for these companies, I was on Linux at work for over a decade. But after my last job I was forced to take a .NET role and with a $30k/yr paycut. It'd like to get back into a good role again where I can use Linux, but I'm not sure if I'd be willing to stand my ground on this issue, because I also don't want to lose my house and software jobs are incredibly scares right now. Unlike Snowden, I don't have a government paycheck coming in to continue spreading lies.
yes and the earth is flat too along with the moon landing of course classic
2 replies →
> The president and half the country called him a traitor.
Turns out they were right
For a project attempting to track these and coordinate technical resistance, see: https://github.com/AntiSurv/oss-anti-surveillance
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
I believe CFAA talks about exceeding authorization, not just typing in things that are not true.
CFAA has been narrowed in scope through legal decisions but AFAIK it still applies to anyone using false information to bypass security measures. In my view, a federal prosecutor could easily make the argument that age gating is a security measure. You’re welcome to be a test case if you disagree!
4 replies →
Did that link just get taken down?
I can still access it, is it blocked for you?
No? I just hit it.
no
The question I keep coming back to regarding the recent debate around age verification is "Why now?"
I'm 47, and I started using the internet in my early teens through BBS gateways. I've seen every age of the Internet, and there's always been widely available pornographic materials. Why all of a sudden is this a crisis?
Perhaps I'm missing something?
Missing something? Perhaps.
Pornography is a very convenient pretext. The real target is anonymity and pseudonymity. Both have been abundantly available on the early Internet. Both were and are being gradually squeezed out from it.
Various law enforcement agencies would love to know more, always more. The more the users are required to identify themselves, link their online identity (maybe pseudonymous for other users) to their official offline identity, the easier it is to find and catch criminals. Not only criminals, of course, but even if we assume 0% nefarious intent, and only the desire to catch the evildoers who swindle grandmas out of their life's savings, this still holds.
Operators of big sites also would benefit. Easier to ban disruptive users. Many great ways to turn the precise identity into targeted ads.
The internet has become a very serious, consequential space. More like... the "real world", which was considered separate from the internet in 1990s. Now they are inseparable, so the pressures of the "real world" are equally present offline and online.
Quality comment, this is the answer. Also insightful how the nature of the internet and real world separation has changed with time. This should be obvious but this is the first time I’ve seen it stated explicitly like this.
To add to this, I suspect the data broker industry also has an interest in increasing the legitimacy of the data they sell about anyone they can get their hands on.
incongruent. first you say "pornography is just pretext" then say "it's like real world now". where in "real world" can preteen kids go and see not just porn but people limbs removed and other stuff?
pretending the actual issue doesn't exist will not help you stop laws like this
4 replies →
I don't think anyone who still holds up "the dangers of porn" can argue with any credibility anymore. We have a population scale study that lasted 30 years, and millennials turned out fine. Same with violent video games and harsh language music.
What does seem to definitely be having a severe negative impact though is social media.
I wouldn’t mind having some kind of law that restricts any minor from using social media whatsoever. Because I wish the current generation of children to have a somewhat worry-free childhood like I had.
2 replies →
Meta likes this stuff because (a) it's a barrier to entry to new social networks and (b) it heads off the under 16 bans which have happened in other countries.
It's also valuable verifiable data for advertisers, in that it verifies real people are being served your ads, and it's going to the desired age range/appropriate audience
People often cloak their power grabs behind a move to control some vice. It was just a bunch of us nerds on BBSs back in the day. Now everyone is online. The stakes are completely different.
> "Why now?"
Because they worked on it for decades, and it's finally showing results.
> I've seen every age of the Internet, and there's always been widely available pornographic materials.
Just because something bad happened in the past, we should stay away from fixing it? Just because you didn't (probably) suffer as much as others, we should continue looking away? And that's leaving out that the world on all levels and corners today has become significant worse than in your youth.
> Why all of a sudden is this a crisis?
It's not all of a sudden. The calls' haven been around for a decade and longer, but research has become better over the years, so it's harder to ignore them. And now there is also AI, which significant speeds up the spreading of fake news, bot messages, sexualized deep fakes, and other very problematic content.
I would suggest removing your artificial filter limiting your thinking to porn. During the days of BBS type sites, the monetization of personal information was not a thing. Forcing a user to be identifiable in a government mandated manner means the data gathered about you becomes more valuable because it can be pinned to you, not an account you've made, but to you. The government likes the same result if not for the same monetary reasoning, especially this government. Knowing who you are, what you've said, what you read, watch, listen, as well as where you are/have been will all be valuable in different forms of value.
Any reasoning after that is just fluff to get people not looking at it critically to accept it.
Have you questioned whether you might have been better off without seeing ISIS decapitation videos when you were a teenager (you might be too old for that though)? Or maybe that you have something that makes you more immune to this stuff?
I think that I'm biased to think "it shouldn't be a crisis" because I saw that stuff as a kid and turned out ok, it's a prime example of survivor bias, maybe someone who saw that stuff didn't turn out that well. Also one thing I've been wondering I'm not sure if that's the beginning of my everlong cynicism. If it is, then I might have been better off without being exposed to that material that early in my life.
Nearly everyone I know that saw this stuff turned out just fine
We do not need to turn society into a police state because we're afraid the next generation might not be able to handle what we handled fine for the most part
Edge cases should not dictate the removal of our freedom & rights
4 replies →
> Have you questioned whether you might have been better off without seeing ISIS decapitation videos when you were a teenager (you might be too old for that though)?
See, I have, and I think I am actually a better person for it. Videos like these show how humans are really just apes and can easily fall into doing heinous things. It helped harden my view that religion is a net negative for the world, made me a bit more careful, especially in where I choose to travel, and has given me a wider worldview.
No one is rick-rolling with Isis decapitation videos, you go to those sites, and you know what you are getting into. One of the wonders of the early internet was rotten.com, and I am very sad its gone.
How exactly is seeing what human beings are capable of going to harm anyone? It certainly isn't so "damaging" that it needs to be hidden from anyone.
1 reply →
[dead]
I'm the same age as you, started when I was maybe 15 on BBSes. The porn was certainly a lot harder to come by, still images that took a while to download, had to do it when family was out of sight on the family computer and clean up history after. Kids have personal devices and can go down a rabbit hole of content in their room. It seems fairly different. Age ranges are different too, 10 year olds have phones and have maybe been using an iPad their whole life.
But even then, I think if adults knew what we were up to, maybe they would have lobbied for stuff then too.
For my 10 year old, we don't allow youtube or any other algorithm doomscrolling feed. And no voice chat in online gaming. We plan on waiting until 13 for a phone, or behind-closed-doors internet, and we use parental controls.
I'm not presenting this as an argument for age verification, I think it's a naive solution that comes with major drawbacks and won't work anyway.
But the landscape is very different and I think we should try to understand where parents who support this are coming from, because lobbying from Meta or whatever isn't the only issue.
There are parents who have been making choices for their young kids and have to start letting go at some point as the kids age, and maybe, at whatever point parents stop monitoring, they would like the kids to not be fully in the deep end. I think we should acknowledge that and explain why age verification isn't a solution, rather than pretend the world is the same and pretend don't have any legitimate concerns by saying "well we turned out okay".
(edit: reworked the tone in response to feedback)
> at whatever point parents stop monitoring, they would like the kids to not be fully in the deep end
Parents want to stop monitoring their kids, but still want their kids' experiences to be catered to their ideals, so the rest of society must now bend towards what you want for your kids specifically?
What about parents who want a different set of guardrails for their kids - more limited or less limited than you? What about people who aren't kids - does their privacy or freedom not matter, just because you don't want to handle it yourselves anymore?
That sounds to me (a non-parent) like a very selfish and naive worldview. I'm assuming from your tone that you are in support of this, so would you explain to me why you think its not?
3 replies →
[dead]
It's "Now" only because of a confluence of factors - namely, $2B spent on convincing lawmakers to do this now, because Meta doesn't wanna be fined $52B again. It's nothing to do with porn. The lawmakers passing this are passing it because "protecting the children" is always going to get them votes (even if it doesn't actually protect the children)
The value of data increases year on year, even old data, but old data is worth much less than new. But for hyperscalers we've cost the threshold, now any data at all is worth more than storage space, and the profits are too much to ignore.
It's not just targeted advertising, though you can open youtube kids/instagram/tiktok and see plenty of that and age brackets happen to perfectly align with leaked metas' advertising brackets. (5-10, 10-12) (group A), 13-15 (group B), 16-17 (group C), 18-24, 24-30.
I think it's largely driven by the increasing computing power
It has nothing to do with porn and everything to do with making anonymous use of the internet (and thus anonymous mass publishing) illegal and impossible.
This is better framed as something like "know your actor." The goal is to have everything attributable to a natural person. Nobody wants that, though, so we have say that porn isn't for kids. (Now, there's a lot of disagreement about that, but that's another matter.)
More studies are being done on the effects of social media. Social media execs have been brought in front of congress multiple times. The US tried to ban tiktok because it showed our military actions in a negative light to millions of teens.
its because we hired a generation of the greatest minds to build habit forming and addictive products. So now we're seeing signs of how bad that is for children's mental health prior to their ability to consent to that.
Blocking this is the responsibility of a parent. Spend some time to configure parental controls etc.
Pushing to turn society into a police state because parents are too tired/lazy/tech-illiterate is simply not the solution
4 replies →
I wonder if it's because of election interference. Foreign countries bot farms basically have free reign to assault the minds of your people 24/7 online, idk how you stop that outside of identity verification systems
Locking down the entire chain of trust.
Try to start an ISP and/or become a public Certificate Authority.You will quickly run into steep requirement (admin and financial). To buy IP address space, get peering partners for traffic transit, hosting dns, hosting email (good luck getting mail delivered to the big providers without having your own users verified via mobile number). Try to build a mobile app, or phone or runtime - all the key signing, binary signing involved, the entire security model from hardware/firmware, boot, memory access, runtime safety and on and on. Then there are the intelligence agencies and various countries surveillance laws, information laws.
If you add it all together, we are already monitored 100%. They want to linked and prove the monitored device is linked a certain human beyond a doubt. Email, Mobile, Full names are not enough, they want your biometrics too. They want you serial numbers of devices and mac addresses of networked devices and SIM cards. They want it all.They want your children to have devices with camera, mic and gps trackers in. Your kids will be part of kompromat before they reach adulthood and some of them will be blackmailed by government agents and other bad actors throughout life. Some kids will be trafficked with the help of all these tech solutions, because they know exactly where your kids are at every moment.
Add home assistants, smart tv's with cameras, toys with cameras, outdoor cameras, shopping mall cameras everywhere, in-vehicle cameras and mics. Bluetooth beacons everywhere.
Add it all up and ask yourself, is this truly about child safety? Not at all. I'd argue they would be more exposed. If they wanted children safer, they'd recommend parents and schools to 100% remove kids from the internet or devices with public internet access. Why does a 10 year old need to know how to join a teams meeting and being comfortable on a video call?
Not to mention the access to weird porn and gore sites that WILL traumatize a young mind.
Then contemplate what all this data will be used for in the hands of extremists, nazi's, dictators, the effects on free speech & journalism, the propaganda machines reach on you and your family.
The internet is 10000% cooked and no longer open. It's better to disconnect from it at this point.
> Some kids will be trafficked with the help of all these tech solutions, because they know exactly where your kids are at every moment.
What the hell are you talking about? They already know where my kids are! At school which is funded by government.
Just talked to a long-time friend laughing about the state of things and how we used to have unfettered access to horrific gore photos at 14. Don't ask me what the appeal was, I have no idea, but it was possible.
This is outlined in Project 2025 (which I have not read).
As I understand it, the age verification laws are part of a three pronged plan to eliminate privacy, freedom of speech and freedom of expression online.
The goals being to expand current police abuses to include LGBTQ++, reporters, democrats, non-whites, non-christians, demonstrators, etc.
It all is predictable and makes perfect sense if you assume the goal is to hold control over the white house in 2029 while being even less popular than they currently are.
> This is outlined in Project 2025 (which I have not read).
Great sentence.
Aside from making me completely doubt everything you're stating, I don't understand why people just take it as a given that Project 2025 is something the current administration gives two shits about.
Is war in Iran in Project 2025?
5 replies →
As Gov you can use it to request for "real names" on the internet?
> Perhaps I'm missing something?
maybe since minors can't enter into a contract they can't agree to TOS and therefore their content is ineligible to be used as LLM training material? just guessing.
They seek monopoly. Startups can’t afford these barriers and can’t convince users to trust them with the safety and value of the verification process without being an established brand.
Did any groups recently lose control of a narrative?
Are people in that group powerful, influential and wealthy?
Would that group benefit from being able to use state power against individuals who just won't stop shining light on injustice?
"Now" is when this level and depth of mass identification and surveilance has become technologically feasible, financially valuable, and politically possible.
The political planets have aligned in many nations for private industry to lobby for this power, sating their own goals as advertisers and the state's goals as authoritarians. This is an open conspiracy between every tech giant and every government to perpetually identify every action that every person ever makes online for the sakes of advertising, propagandizing, surveiling, persecuting, and imprisoning people.
It is not a coincidence that this is occurring in all western nations at the same time; these economies are incredibly large and active, and these governments have been under attack from the far-right for decades.
An unfortunate side effect of Epstein mania is that people (particularly legislators) are more receptive than ever to the "think of the children!" strawman. This approach is highly effective right now, and it might never work again in Zuckerberg's lifetime.
America needs another Zappa.
My observation of Epstein "mania" is that politicians are revealing themselves to not particularly care about children being sexualized.
The push for age verification seems to stem from conservative states trying to appear to care about children through symbolic gestures while cutting other funding and protections for children.
1 reply →
It's a coordinated psyop to enforce mass surveillance and control. The question we should ask ourselves is "Who are they?". Their agenda is clear already.
It all makes a lot more sense when you find out they want to declare anything lgbtq related as pornographic.
The right has figured out that they can keep queer kids (especially trans kids) in the closet if they don't let them learn what their "difference" actually is. It's "don't say gay" applied to the internet.
Age verification is merely the background task to set up infrastructure for OS to provide many many other signals about who's using the device.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
Nobody stops the government from sending goons to your door right now for a snarky comment. Some govts in fact do it today. It is also cheaper than ai rocket and more precise too
Goons don't scale well. Wide-scale intimidation does.
17 replies →
Cost kind of stops the government from sending goons right now, sure some governments do it but, it's costly at scale.
11 replies →
The OP's point can be understood as an automization and mechanization of such targeting. Which will be necessary if the scope of thoughtcrime prosecution is to expand
> It is also cheaper than ai rocket and more precise too
Never stopped people overengineering :P
Wasn’t ICE pretty much doing exactly that with no oversight or accountability?
1 reply →
You're being silly, the missile thing was hyperbole. Your computer will direct the thugs to your door.
> Nobody stops the government from sending goons to your door right now for a snarky comment.
This is just dumb. They literally don't know who wrote it, and have to assign somebody to track you down. The fact that they're putting infrastructure on your computer and on the network to make this one click away for them matters.
The government already does that. The only challenge is scale.
Who needs rockets when you have autonomous mini drones
1 reply →
Stop justifying more horrible stuff with "there is already some horrible stuff"
The goons are. Almost no government can create goons that are submissive enough to comply with any kind of crazy order.
4 replies →
Not just governments, though.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Any webconferencing app on iOS probably fires up the TrueDepth camera to power background replacement and could conceivably do that, albeit not so responsively. Recommend heading to your provider and opting out of share-or-sell if you can.
Also keep in mind keystroke dynamics can probably do that too and has been a topic of study in one form or another since the nineteenth century vis-a-vis telegraph operators.
The application has access to your entire home folder, isn't that enough information?
“This isn’t freedom, this is fear”
Cpt America in the Winter Soldier
Indeed. They hate us for our freedoms.
[flagged]
[flagged]
Buddy... I've been called a robot since long before AI became mainstream.
1 reply →
>Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
> permission prompt
Watch as apps refuse to work when you deny them permission. Also the OS (and “privileged apps”) don’t ask for permission, they have full unfettered access to everything already.
2 replies →
> This is a non-issue because it's almost certainly going to be gated behind a permission prompt.
lol.
> Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
Slippery slope, but an interesting argument. While SteamOS is a thing, Steam isn't my OS.
> Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Really? You think that things built decades ago can't be further built-upon in the now or the future?
1 reply →
This is the doommongering coming to pass. Did it happen overnight? No! But you just provided the excuse! "gee see nothing bad came to pass. We can just use that tool"
I bet you are the same clown that also says that we don't need QA because there are no incidents in production
Did Meta spend around 60Mn lobbying for age verification to be forcibly added to every OS install ?
If not, who has been paying to lobby for these age verification laws ?
That seems a question that we should have an answer to.
Forcing an age check upon linux install seems anti-competitive, and a violation of freedom of speech allowed by the Constitution.
Also impractical and ineffective, unless they plan on some sort of bio-metric confirmation of age.
Will they outlaw computation itself, or constrain a personal quota so that only corporations can access approved LLMs and certainly not run a local AGI ?
As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
> Did Meta spend around 60Mn lobbying for age verification to be forcibly added to every OS install ?
Of course they would want this -- as long as the OS reports that the user is over 18 via such a system, then Meta is legally off the hook for any COPPA violations.
> As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
Not advocating for this policy but if a critical argument against it is that policymakers can expect an analogous amount of computer innovation migrating out of the US as it saw in the 80s, then I think policymakers won't care remotely. Quite literally I think the lower bound for the proportion of global computer innovation happening in the US is 70%.
> age verification to be forcibly added to every OS install ?
This should be easy. Just in one of dialogs ask user to create a file 'me_age.txt' with age inside. No changes to OS at all. This will be the 'interface'. Any program can read the file. As far as I understand that's all California law requires (or will require).
Not sure about other versions. Strict verification would require binding to property software/services. Which is equivalent of reporting every user on every install.
I honestly wouldn't be surprised. They are absolutely negative player. But I'm kinda confused how this could even pass and what is the functional reason for this? Because "think about the children" it absolutely isn't. You can of course chain child to the radiator and let him out but that's obviously not an protection.
Why can't we handle this the same way we handle knives, guns and chainsaws: require adults to secure the device before letting minors near them? All the devices need is the ability to create limited access profiles. A human adult performs age verification by only providing the minor with creditals to a limited profile. Trying to perform that verification so far away from the minor, after they have got to the last gate, seems like the worst way to do it.
I want my kids to grow up in a world where they can install linux themselves. I don't want them to grow up in a world where they can't walk to a neighborhood park without me.
Not sure I see the crossover between activities performed at home and problems of car centric street design and the resulting poor pedestrian traffic safety?
8 replies →
>same way we handle knives
I'm pretty sure most kids older than 12 do have access to kitchen knives. And actively use them too.
I generally agree with your point. But at the same time access to the internet resouces and to gun or a chaisaw is not the same.
I have no problem securing a few items if my home, but I have no control over whatever is available on the net.
Sure, I can write some firewall rules or create "kid's account" on a streaming platform, but I can do this for every single known service, chat, IM group etc.
Even if you did, you just lower the chances. I've created Netflix kids account specifically for mine. On its own it suggests also various documentaries on top of cartoons. We took the first one it suggested, and IIRC in second episode there was a very gruesome and detailed part with polar bear eating baby seals, one chew at a time.
One way to traumatize 4-year old, I'd say an effective one.
4 replies →
The knife and the knife maker doesn't have intentions to pump propaganda and porn into the childs mind. The internet is not neutral like knife. The internet has an actor on the other end (human or algorithm) that has certain intentions. Thus a child can be intentionally influence via the internet. A knife does not act on its own to influence the child's mind. So, apples and oranges. I'd argue the internet is significantly more dangerous to a child vs a knife. The internet wasn't built for children, it was never child friendly to begin with and we shouldn't mutate the internet to cater to children. Its best to treat the internet like a hostile force for a child's mind and keep children completely off it to begin with. Make it illegal for children to use a device connected to the internet, it is the parents responsibility. Same as guns. Its not the gun smith or gun sellers responsibility to keep the child safe from guns - its the parent's.
> I'm pretty sure most kids older than 12 do have access to kitchen knives. And actively use them too.
True, and it's the parents responsibility to ensure that children won't injure themselves with the knives, or take them out or to school or whatever.
1 reply →
For some of these, we fully disallow company to child transactions or interactions. Wouldn't applying the same logic require the adult to fetch any internet content and give it to the child on a case by case basis?
In this case, it is the data from the website, not the electronic device itself, that is seen as the item being transacted and regulated by age gates, no? The attempts to actually regulate it do feed back into changes on the electronic device, but the real cause of concern (per the protect the kids argument, if that is the real reason is debatable) is a company providing data directly to a child that parents find objectionable. That transaction doesn't have a parent directly involved currently.
Controlling the device itself and saying free game if a parent has allowed them access is a bit like saying that if a parent has allowed a kid to get to the store, there should be no further restrictions on what they can buy, including any of the above three items.
I don't know why you think this will stop page verification requirements. For almost all items where a parent/guardian is responsible for a child's access to the item, third parties are also required to not sell or transfer the item to a child. That gets us right back needing to age verify people.
That is kinda the idea behind the california law that was on the front page a few weeks ago. The parent set up a local account with a age bracket, and the OS verifies that in the app store and maybe webpages if they fit the age bracket.
> Why can't we handle this the same way we handle knives, guns and chainsaws: require adults to secure the device before letting minors near them?
Is this a thing?
My 10yo has used all three of those things. If there were some legislation requiring they be "secured" before my son could be in my presence, obviously I'd oppose it, along with every other reasonable parent.
Because this is clearly not about children. Children is a pretext.
Doing it "the same way we handle knives, guns and chainsaws" would require handing over your ID to even buy computer parts if it's the same as the EU.
This is essentially what the California law is mandating
Not really. It's the difference between a mandatory field and an optional field. And in practice, and its effects on the internet, that difference is huge.
Because that doesn't work?
I don’t know why this isn’t a very simple Internet standard. The browsers on devices that have a child lock turned on could send an http header. People who have websites that are adult-only could configure their web server to check for that header and do something appropriate.
That requires cooperation, but since most adult websites don’t want children to be visiting them, cooperation shouldn’t be hard to get. Governments can pass a law and businesses can set a config flag. For uncooperative websites, child-locked devices can check a blacklist.
Then it’s up to parents to make sure their kids only have child-locked devices and for stores to not sell unlocked devices to kids. It’s never going to perfect, but it doesn’t doesn’t have to be to change community norms.
There is already a set of standards for this: websites can send content ratings to the browser, and the browser can choose not to show content on the basis of those ratings.
We don't need another one, especially one that inverts the polarity by having the browser proactively send information to the site.
Maybe that would work too, but “this device has a child lock turned on” seems like reasonable information to send? It’s a lot better than having to check ID’s.
10 replies →
As a parent, none of these are useful to me. Age is not a useful indicator of what’s appropriate for my kid. At best, this can avoid a small portion of some stuff they probably wouldn’t see anyway. The bad actors who I’m worried about actively try to circumvent any automated systems that block them. These age verification systems don’t help even if they worked as intended… or at least as advertised.
I guess it would be most helpful for websites that can show that they’ve done their part by setting a config flag.
If there’s no society-wide standard for what’s kid appropriate then it’s going to be hard to set up a system that satisfies everyone, but it seems like movie ratings sort of worked?
The CA law is pretty much this but for any program.
Then predators can show normal content to adults, while children are redirected. I'd rather the browser didn't leak this kind of information.
If the browser has to do the same thing for adults and children (to avoid detection) then it’s going to be hard to build a system that does different things for adults versus children.
2 replies →
What I'm confused about is how the proposed bills would apply to servers.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
We're all going to have to use service accounts created on Windows Server 2003 or RHEL 4, otherwise they won't be old enough and will require manual login from an of-age administrator
Good luck enforcing that on Guix, or 9front.
The auth server would lie in Colorado. The FS server, in New Mexico. The CPU server, in Nevada. The terminal (the client), in Alaska. Shut down and repeat at random. Watch the lobbies collapsing down tring to sue that monster.
In the CA bill, "User" means child. It's pretty clear that non-human users aren't covered and don't have to participate. E.g. the API can return N/A or any other value for non-humans. If there is a way to make the API applicable only to human children users, then it doesn't even need to be callable for other entities. E.g. on android, each app gets its own uid, so the unix user doesn't correspond to a child, so the API will instead (probably) be associated with another entity (e.g. their Google account, an android profile, or an android (non-unix) user)
Honestly what I hope is that if these bills pass, sysadmins just turn off any server that doesn't have attestation and go off to the beach to collect shells.
> the sponsor of Louisiana's HB-570, publicly confirmed that a Meta lobbyist brought the legislative language directly to her. The bill as drafted required only app stores (Apple, Google) to verify user ages. It did not require social media platforms to do anything.
Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”. I think the OS is a better place than the website. (Let security conscious folks use a standalone device too if desired.)
The astroturfing stuff is obviously sus, I don’t have a feel for whether this is egregious by the standards of $T companies or just par.
Of course, the EU option of using proper ZK proofs etc sounds way better as portrayed in the OP. But when you actually dig in, doesn’t the EU effectively mandate OS support too, eg https://eudi.dev/1.7.1/architecture-and-reference-framework-..., https://github.com/eu-digital-identity-wallet/eudi-doc-archi... ? Maybe this isn’t set yet but it seems a likely direction at least.
> Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”.
Perhaps the "overwhelming" sentiment is paid actors? Or people whose jobs depend on not having that risk assigned to their employers?
Perhaps, or perhaps there are legitimate privacy concerns with requiring every website to collect a photo of your ID to prove you are not a minor?
2 replies →
Every single Linux kernel currently operating within the borders of any of these states should turn itself off and refuse to boot until an update is installed after these bills are rolled back.
We should also update all FOSS license terms to explicitly exclude Meta or any affilites from using any software licensed under them.
I probably don't have all the info on the various laws across the US and EU that are being pushed, but I'm confused why Linux distros don't just update their licensing and add a notice on the installation screen that it is illegal to run their OS in places where these laws exist?
Heck, Linus Torvalds should just add an amendment to the next release of the Linux Kernel that makes it illegal to use in any jurisdiction that requires age verification laws.
This would obviously cause such a massive disruption (especially in California) that the age laws would have to be rolled back immediately.
This seems like a no-brainer to me but I am admittedly ignorant on this situation. I'm sure there's a good reason why this isn't happening if anyone cares to explain.
That would be a violation of the copyright law or the GPL licence - you aren't permitted to take GPL code and redistribute it with some extra restrictions added on to it.
If it's not (fully) your code, you aren't free to set the licence conditions; Linus can't do that without getting approval from 100% (not 99% or so) of authors who contributed code.
What one can do is add an informative disclaimer saying "To the best of our knowledge, installing or running this thing in California is prohibited - we permit to do whatever you want with it, but how you'll comply with that law is your business".
3 replies →
The Linux kernel is licensed GPLv2. The GPLv2 license forbids adding addition terms that further restrict the use of the software.
A "Linux distro" is not the Linux kernel. It's possible for some distros to add such license terms to their distribution media, but others like Debian and Debian-based ones adhere to the GPL so no go.
Because they want market share, and throwing a hissyfit over being asked to add an "I am over 18" checkbox is not good PR. If Debian starts refusing to work in California because it doesn't want to add a checkbox, it will simply be replaced by someone who adds that checkbox and doesn't throw the fit.
11 replies →
Would be funny indeed... And also curious why nobody does that.
1 reply →
> should turn itself off
If this was somehow introduced without anyone noticing and deployed, imagine the damage it would cause.
If we're fantasizing here, I like to imagine two major OS makers trying to comply these laws, fail miserably, and let FOSS OSes and kernels more recognition in the desktop market.
Honestly, like the Left-pad incident [1], getting things to go suddenly dark is extremely effective at getting people to drop everything else to fix an issue.
Ideally, getting these servers to auto turn off the day this goes into effect ("In compliance with this new law, Linux is now temporarily unusable. Please <call to action>.") would be glorious for getting the bill staved off, or killed.
It would hurt some productivity, but that is a risk these lawmakers taking donations are probably willing to make.
1 - https://en.wikipedia.org/wiki/Npm_left-pad_incident
It would make people move quickly to use a forked version of the kernel and would be an all around blunder by the Linux foundation
1 reply →
Side note, this comment is evidently quite controversial, it went from +3 to +1. If anyone is angry at me I would like to assuage them that I am not, in fact, any owner or maintainer of anything in the linux distribution system.
"some"? It would hurt a lot of productivity lol. If all linux boxes turned themselves off suddenly, I think the internet would fall over pretty fast. I dont know how much of the internet runs on windows or apple (or others), but I cant imagine it's very much
2 replies →
It still blows my mind that anyone trusts npm after this whole incident.
> Every single Linux kernel currently operating within the borders of any of these states should turn itself off and refuse to boot
What exactly do you think Linux is? I would say that Linux would be forked in like 2 seconds, a bunch of different companies would start offering "attested Linux," and all you'd have to do was change your repos and update.
I would say that, but what would really happen is that we'd find out that Canonical, Red Hat, and a bunch of other distributions had been talking to the government for a year behind closed doors and they're already ready to roll out attested Linux. Debian would argue about it for six months, and then do the same thing. Hell, systemd will require age attestation as a dependency. Devuan and any other stubborn distribution would face 9000 federal lawsuits, while having domain names blocked, and the Chinese hardware necessary to run them seized at the ports with the receivers locked up on terrorism charges.
I have no idea where the confidence of the IT tech comes from. You (we) are something between a mechanic and a highly-skilled janitor.
Someone would just submit a patch overriding this
Microsoft would love that.
Obviously not a serious proposal, but I do like the alt mentioned below:
Update the terms to indicate that you can do what you want, but this OS is probably not compliant with states run by evil dipshits.
I'm not sure I fully grok the hypothesis that Meta is materially advantaged by pushing for OS-level age verification. I suppose its another intelligence signal for ad targeting, but they have to believe that at least on platforms like iOS this signal is going to be obfuscated from them. Its hard to believe it'd be any more valuable than the other non-verified heuristics they're already gathering.
Arguably they would be more materially advantaged if they were forced to KYC/validate ages, not the platform; because sure, there's a cost to doing it, but presumably having hard data on who your customer actually is, with age and address and everything, is worth a lot more than the verification cost. And being able to say "We're legally required to gather this" gives a lot of PR cover (even though it'd be followed with "but we're giddy to do so and we will abuse this data and you every way we possibly can. No one at Meta believes you are human. We hate you as much as you hate us, but we're stuck in this together, endlessly loathing the supernatural force that keeps us working together.")
But, On the flip side: I also don't doubt that Meta is doing this, because the purpose of a system is what it does, and the leadership at Meta has done nothing in the past four years to demonstrate that they're capable of cogent thought and execution. We want to believe there's some evil plan, and maybe there is, but in all likelihood one day we'll learn that they're just... unintelligent.
> I'm not sure I fully grok the hypothesis that Meta is materially advantaged by pushing for OS-level age verification.
These laws, that attempt to move "age verification" into the OS, 100% absolve Meta (and all the Meta owned "properties") from any legal liability so long as all of Meta's app's follow the law's required "ask the OS for the age signal of the user".
Any "bad stuff" which then gets shown to "underage users" then becomes "not Meta's fault, they followed the legally proscribed way to check the age of the user, and the OS said this user was 'old enough'" and Apple/Google then get to shoulder the liability (and pay out for the class action lawsuits) for failing to provide a proper age signal.
That's the "material advantage" gained by Meta by pushing these laws.
My point is that they already know how old you are, within some confidence interval, even if you never tell them or you lie to them, because they actively watch what you do and classify your behaviors with your age cohort. So why do they care so much that they gain another signal that only says "the user is over 18" rather than a much more valuable signal like "the user is 36 and lives in Albany" that they'd gain by doing the KYC internally?
I don't think absolution of legal liability has ever crossed any of these fools' empty heads. The threat of being fined & punished by the USG for doing something bad hasn't been a factor in corporate decision-making for decades.
1 reply →
The same sort of thing is happening for the 3d printer laws. Some company is trying to legislate its own software into ubiquity (guns first, then copyright enforcement) and then double-dip by charging both IP holders and printer manufacturers for their "services".
This was the thing the saws-all (or whatever it was called, the brake that stops you from cutting your fingers off with the table saw) tried, right? I don't know if it succeeded but the idea was a government mandate for an otherwise good idea. Everyone then pays more.
SawStop
Main takeaway:
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a "grassroots" child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta's apps face zero new mandates.
A comment someone made on the post about OpenAi lobbying the DOD against Anthropic to mind: "Not only are the whores - they are cheap ones too".
When I moved from Sweden to Ireland and realized the Swedish central address registry makes moving fantastically easy, I started dreaming of a central registry where consumers and producers could meet. I can give my supplier access to exactly the information they need, and nothing else. I can revoke access when I feel like it. Like OAuth2 for personal data. They can subscribe to updates. It could be a federated protocol.
Not saying I think it's a good idea to provide the year of birth to all sites, but (session ID, year of birth) is the only information they would need. The problem is proving who's behind the keyboard at the time of asking, which would require challenge-response, and is why I think this should be an online platform, not a hardware PKI gadget with keys inevitably tied to individuals.
Knowing what we know about the current environment, each company is going to start selling everything they know about you to anybody who's willing to pay. Enforcing privacy is hard not because it's not possible, but companies have greater financial incentives to just breach your privacy to track and manipulate us.
> Enforcing privacy is hard not because it's not possible, but companies have greater financial incentives to just breach your privacy to track and manipulate us.
No, enforcing privacy is not hard, all it takes is imposing penalties _much greater than_ those financial incentives.
Your idea has been implemented as datapods: https://www.capitalnumbers.com/blog/data-pod-decentralized-d...
It seems dead though...
Damn, had to scroll a couple of comments to find this:
https://www.cnbc.com/2026/02/12/anthropic-gives-20-million-t...
Christ on a crutch, had they donated $25k or something you'd figure it was just a rounding error, but why this much from a company that isn't profitable? This is doing nothing to disabuse me of my theory 90% of "Startup Culture" is just an excuse for rich people to move money around. "Need to get your stoned mope of a C student a head-start on a resume that will let him stay gainfully employed? Well, I just brokered a VC deal for these kids that want to throw micro-concerts in parking spaces, we'll get your boy in as Senior Music Programmer."
Companies shouldn't be allowed to grow so big that they can manipulate laws as they want.
Too late they already did, and now they control the laws that decide how big a company can be allowed to be.
This is the failure of capitalism.
[dead]
has any of upvoters at least opened the article? there's no proof or event screen/link to reddit discussion. It's just comparison to EU's law.
The article starts with the words "A Reddit researcher", and "Reddit researcher" is a link to the reddit thread in question.
If you open the supposed research it’s just a pile of Claude Code generated AI slop. It was discussed on HN at the time.
Every time I point it out, including with actual quotes from the research showing the problems with it, I get downvoted on HN.
This headline is becoming one of those “too good to fact check” clams because the people posting it know it will drive traffic.
Even steelmaning the case for age verification, does anyone really think the state is going to re-institute the innocence of childhood by filtering content and services? Of course not. There is no steelman. If you can do age, you can do identity, and the purpose of identity is recourse for authorities against truth and humor.
Doing ID or this fake age verification with anything other than a physical secure element is a dumb regulation that going to create its own regulatory arbitrages and spawn very powerful and profitable black and grey markets. Poor laws create criminal economic opportunity, and digital id is just creating a massive one.
Between Meta being behind a digital id initiative under the pretext of alleged "age verification" and the Debian project leads pivoting to political objectives, it appears gen Z now has a cause to build tech against and fight for. These are dying organizations that cannot innovate and they've attracted a pestilence that is pivoting them to the easier problem of political maneuvering. as it's easier to militate for what nobody wants than to make something anyone actually wants.
The upside is that people get to be hackers again. Tools to cleanse our networks and systems of Meta and other surveillance companies and the influence of these compromised organizations are an OS install and a vibecoding weekend away.
What do you mean if you can do age you can do identity? If age is self-reported that's not true. Or if you need strong validation, ZKPs are possible where it is also not true.
design the protocol. we can run down the rabbit holes of anonymous attestation and yao's millionaire problem, but there's a simpler problem: the age of whom? Once you have a unique identifier, or even an anonymous one derived from a verified one, you are still creating an user identity scheme that is being imposed on people.
what is most likely in play, as we have seen in other identity schemes, is that the cryptography will be sufficiently opaque that experts won't be able to reason about it until after the products are forced on people, or, they will just accept junk protocols and use the law to shift liability to the user to comply with identifying themselves truthfully on the internet. the other scenario is if the protocol provides strong anonymity, it will use a bunch of new primitives without mature standards that happen to have escrow access built in.
Your premise is flawed, you can do age without doing identity. Not that I'm a fan of either, I just wanted to point out the flaw.
[dead]
> Debian project leads pivoting to political objectives
What does this mean? Free software was always a politics of itself.
What makes you think Debian leads have taken a stand?
I want to appreciate the fact that the investigation exists, and that someone has made it.
However this is the kind of investigation that Reddit is famous for, which ends up causing more harm than good, like the Boston bombing investigation.
Age verification, for example, is coming no matter what - there’s a big enough chunk of voters tired of tech globally.
Governments are also tired of dealing with tech and want to bring them to heel.
These macro forces are far more significant than the amounts identified on lobbying in this investigation (~$63 mn iirc)
Given the title, the reading of the article implies Meta is driving age verification.
The content of the investigation, reads more as meta taking advantage of the push for age verification to move it to the OS layers.
It was removed. Here is the archived version:
https://web.archive.org/web/20260313125244/https://old.reddi...
I wonder what made them do it. The conspiracy theorists are really going to enjoy this.
I think this is only the first step towards a license for the Internet. The best example I know of is South Korea, where you have a state issued login. I think it's only a matter of time until the U.S. government knows exactly who you are at all times on the Internet, and this effort is completely agnostic of party or doctrine. This has been building across multiple administrations.
Bravo, some actual journalism! I wish a professional media organization had done this research. It seemed obvious this was a coordinated wave but I always figured it was moral busybodies.
EDIT: why is it deleted now?
The wayback machine got it: https://web.archive.org/web/20260313090844/https://www.reddi...
that goes against the goals of the professional media organizations.
Keep being cynical and that's the media you'll get.
In the real world, professional media organizations regularly expose corruption. More often than not? No idea. But to pretend they only engage in cover-ups is cynical fatalism.
Oh no, you fell for it.
The zero-knowledge proof angle is interesting but the real barrier is implementation
most platforms won't voluntarily adopt privacy-preserving verification when the surveillance version gives them more data. Regulation would need to mandate the privacy-preserving approach specifically, not just "verify age somehow.
Why "lobbying" is not treated as corruption? This kind of corporate influence should be illegal.
Lobbying is literally half of what representative democracy is. First, you elect representatives to office. Then, you try to get them to do what you want. The latter is lobbying.
Of course, when money becomes a significant portion of how the second one happens, things can get complicated.
I’m not so sure. First the representatives are selected to be elected.
A significant portion of both of your suggested halves are “complicated” by money.
2 replies →
It's not democracy if one with the most money gets their way.
1 reply →
It's not democracy when it's not the votes that determine what government does, but money.
Eventually it is the fault of voters to keep voting for the same people.
Technically because citizens are also allowed to lobby, but in practice only corporations get to play, so it becomes "legal bribing".
The environmental movement and labor movement are two examples where citizens organize to go up against corporate interests and win pretty regularly and durably.
Most of those folks would not call it lobbying because of the negative associations of the word. “We have activists, our opponents have lobbyists.” But it works the same way.
It is specifically protected in the First Amendment: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”
Emphasis mine.
1 reply →
Everybody lobbies for their own interests.
The issue that should rather worry you is that people
- don't delete their Meta/Facebook/WhatsApp/Instagram/Threads/... account because of this proposal,
- don't strongly urge friends and colleagues to do the same.
Generally, a lobbyist is someone who is paid to give money to lawmakers.
And for a lawmaker who is considering retirement, "become a lobbyist" is often the most lucrative career option.
Now who are you imagining will pass effective laws against lobbying?
Because if someone tries to outlaw it, the lobbies will lobby very hard against it.
"Corporations are people, my friend"
Presidential Candidate Mitt Romney
Because freedom, and surveillance capitalism, have different effects depending on which side of the PR apparatus you find yourself on, and the laws that get passed are written by and for the industries and not crabs in the barrel voters who rely on them for income.
Power corrupts.
This is probably protected free speech
You have the right to remain silent, but you must assert it verbally.
Dude, do you not know who's president in the US right now? Getting paid is easily the biggest* reason he ran!
Are you sure it was to get paid, not to avoid prosecution? It could be both among other reasons.
1 reply →
I tried to read the research when it was posted on Reddit a few days ago, but it’s all AI slop. The person who uploaded it admitted that they just had Claude go out and explore their hypotheses, but they didn’t even spend the time trying to get the real documents into Claude. Claude identified documents it wanted but couldn’t access them, so it just proposed hypothetical connections.
The research has a lot of these:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So the “research” isn’t some groundbreaking discoveries by a Redditor. It’s an afternoon worth of Claude Code slop where they couldn’t even take the time to get the real documents into the local workspace so Claude Code could access them. It’s now getting repeated by sites like Theo gadgetreview.com because the people posting to these sites aren’t reading the report either.
Meta spent $2B to buy anti-privacy laws.
Meta didn’t spend $2B. Even the original report doesn’t say that Meta spent that amount.
The $2B number was the sum of all the numbers Claude could find, not the money Meta spent.
There is so much AI slop in this article and source that it should be tripping everyone’s clickbait detectors, not being taken as accurate reporting.
3 replies →
America will just get behind even more as years pass behind Europe in terms of proper regulation of the digital economy, which benefits citizens instead of companies and rich billionaries.
The reason is that europeans have nothing to win from those "winner-take-all" platforms the US has built in the past decades. Europe has built zero of them.
It contributes very little to Europe's GDP or the overall being of the european. And in some cases, it eats Europe's GDP, moving economic activity back to the US. This is different than for Americans which big tech is a net-positive contributor to society in my POV, mainly because how much economic activity $ it generates.
Big techs provide huge paychecks and made a lot of people rich in the US, and most of its GDP growth in the last decade. But it's a double-edged sword.
They will make laws in favor of them in detriment of the average American, while minting more billionaries than Europe could ever dream of.
Europe will take a long time to get the digital revolution the US already did, but it'll mostly come from regulations and government initiatives. And will be net-positive for humans living in Euope, not for owners of corporations.
It is interesting isn't it? Most of Europe has better internet access than the US for similar reasons: sensible regulation led to high competition.
> Most of Europe has better internet access than the US for similar reasons: sensible regulation led to high competition.
Which "most of Europe" would that be? Switzerland and handful of northern countries? Because it is definitely not Germany or several "you can't access half of the internet during times when twenty men kicking a ball on a field" southern states.
This is an underhand way of mandating digital id at the point of operating system boot or login
I am curious how this will play out for Linux. I won't accept any code that spies on my owned computer devices. No criminal goverment can force be to surrender my rights here. But it is interesting to see how easy it is to purchase legislation in the USA - well done, Facebook! I predict more people will abandon it though, now that they see that Meta is trying to push out global spying on regular people.
They will require remote attestation of your entire boot chain eventually.
Also no exclusion for RTC and RTOS systems.
O great more big money warping our lives for the worse.
I’d write my senator but they won’t do shit. Is there anything that can seriously be done?
Download the source code and ISOs of distros without age gating and put them on durable media. Tell your friends about the issue and its implications (legislating how an OS works is a huge deal, is likely unconstitutional, and opens up the door to all kinds of future abusive laws). Find like minded people so if the worst happens you will have mutual support and can work together on circumvention of any future restrictions. Work on your C skills.
That is the most serious thing you can do, and the most effective.
Do you know how democracy works? There are these people called representatives. They are hired by you. They pass laws. They only get to continue having a job if people like you vote for them. When you tell them "I don't like the law you are passing", they are hearing "the people who hire me are angry with me". The more people that are angry at what they're doing, the more their job is at risk.
They do what the lobbyists say because somebody else is doing the work, and they get paid (by the lobbyist). But they won't have a job to get paid for if the voters don't vote for them again. So your entire defense against tyranny and bad laws is you speaking out. If you never talk to your reps (or vote), you're telling them you don't care what kind of government it is, and they really will do whatever they want.
You have to tell them how you feel, along with all the rest of us. That's the only power we have.
In addition to that, tell everyone you know. Your friends, family, coworkers, the dude running the local gas station. Explain to them why government-mandated surveillance of everything they do on a computer is a bad idea. Ask them to talk to their reps.
It’s not the most effective though. I’ve been writing all my reps at various levels and yet the things I don’t want keep happening.
1 reply →
The hard part is writing in a way that these legislators and their help can instantly understand.
Ideas? Time to spin up a local LLM for some editing advice.
Every election boils down to Kang vs Kodos.
Do your homework, vote, and help inform other people so they vote too.
O yeah that worked so well in this last election.
The guy posted a Ask HN there:
https://github.com/upper-up/meta-lobbying-and-other-findings...
Didn't read yet, but "Reddit researcher" struck me. :-)
Only 26 million is way way lower than I expected, especially given how much these companies make in profit
Scott Alexander had a few posts about that ("why is there so little money in politics?"): https://www.astralcodexten.com/p/tech-pacs-are-closing-in-on...
I think one of the reasons politicians can be bought so cheaply by interest groups is that the opponents of the interests groups have practically no money. The interest groups don't need to spend a ton as long as they spend more than their opponents.
The linked post talks about the effectiveness of AIPAC but fails to mention how much is spent by say, Palestinian interest groups. Perhaps there's a good reason for this: do Palestinian groups have any money to spend on US elections? Try fundraising in Gaza right now.
Likewise, business interest groups have a lot more money to spend on elections than, say, environmental groups. The latter have to beg for small donations from individuals just to stay afloat. Thus, it's relatively easy for business groups to outspend environmental groups. To win an auction, you just have to be the highest bidder.
7 replies →
Feels like a lot of words to avoid thinking about “black” money and favors in kind. For example, nobody would include Trump’s golden bar from Switzerland in such ann estimate - repeated ad nauseam for all lobbying corruption.
"Emails from October 2005 show that after Mandelson complained to Epstein about a lack of British Airways air miles, Epstein offered to pay for his plane tickets to the Caribbean."[1]
The biggest shocker to me has been just how "cheap" a lot of people are to buy off. Mandelson is complaining about air miles FFS. So much of this is a few thousand here, some fancy tickets there, a jet ride elsewhere, etc. In my mind it was always much, much bigger sums that people were selling their countries & souls out for, sadly, it turns out a lot of people, even in really high positions, are shockingly cheap.
[1] https://en.wikipedia.org/wiki/Relationship_of_Peter_Mandelso...
I donated $100 to my state's gubernatorial campaign as a part of my annual "make the world a better place" campaign, and was surprised to receive a call from an unknown number the following day. It was the Governor, thanking me for my donation personally, and wondering if there were any issues close to my heart that she could keep in mind. Note that this was from her personal cell phone (for whatever value of personal an executive politician actually has, but still), and she invited me to phone her if I had any issues that the state government could resolve.
That's a wildly low sum of money for a 5 minute personal call, let alone even a modest intervention.
The Internet thinks that lobbying is bribery. If you wanted a bribery like vehicle, you'd just donate to a PAC or more recently, the new ballroom. Lobbying is just paying people to speak to politicians. After a company has said everything that wanted to every politician that can possibly support their cause, there isn't anything left for them to do.
I don't understand it . There are so many ways to child-proof a device . Google Family Link and the Apple equivalent . Use cloudflares Family dns (blocks porn websites etc ..)
Instead of just creating a course that explains how to child-proof a device, we have to surveil everyone.
Because they’re not really trying to protect kids.
Please scan your asshole to use the toaster.
It's to save the kids.
We care about the kids. We don't bomb them.
Do you have a child? Because I think the device makers haven't really done a good job, there are just too many workarounds.
If you give your kid a lighter and they proceed to set their clothing on fire, it's not zippo's fault. If you send them to watch TV and they switch to pay-per-view, it's not the TV manufacturer's fault, nor is it the network's fault. It's your fault.
Your 4 year old doesn't need a tablet any more than they need a lighter. Neither does your 14 year old. (If they "need" one for school, the school can provide it and monitor their use). If you give your child a computer, it's your responsibility to make sure they're using it properly, not the government's and not the device manufacturer's. The government's job is to make sure that you're not endangering your child and split you up if necessary. The device manufacturer's responsibility is to make sure it works and doesn't hurt you or anyone else in the course of ordinary use. Your responsibility is to not use it in such a way that it causes harm.
Allowing your child to go online is much like allowing them to go outside; you tell them what they're allowed to do, and if you don't trust them to listen to you then you don't allow them to do it. The act of having a child is taking on a full-time 24/7 job of ensuring they stay alive and unharmed until they're old enough to do it themselves. If you aren't up to that challenge, then you can't have that job and it should be passed on to someone else. You can't just shove your responsibility off to Google and Apple because you're too busy to be a parent any more than you could push it off on Sony (what you watched on TV growing up) or Macy's (what products you chose to buy). Being tech companies doesn't make them magically responsible for what you do.
If you insist on providing your child with a cellphone so you can contact them in seconds at any time of day, get them a feature phone. They offer numerous advantages: they cost less to buy, they don't break when you drop them, the battery lasts longer and charges faster, and the bill costs less (the phone is for you, not them. You don't need an unlimited plan).
Solution: don't give your kids the device. Put up a computer in the family room like it's 1998. Perfect, now little Timmy can do his homework. And if he looks up "boobies", he won't be able to sneak it past you!
The best part? This is cheaper and easier. You're literally doing less. Locking down a smartphone is hard? Great, so don't do that. Problem solved, you're welcome, I'll send you my invoice.
1 reply →
Tell me how a whitelist isn’t going to work for you
Why are you buying your child devices made for adults and not devices purpose built for children?
I don't understand why nobody in the comments is freaked out about this. This isn't just "oh Google knows my age", or "oh politicians being corrupt again!" This is "the government made a law that every computer in the world must track every person's identity and send it to the cloud".
No offline devices. Commercial vendors get your biometric data (and the equivalent of your driver's license / SSN). Every application on the OS can query your data.
If you think it stops with one bill, after they get all the infrastructure for this in place? You're fooling yourself. The whole point of this is to identify you, on every web page you visit, every app you open, on every device you own. Once bills are passed, it's very hard to get them revoked or nullified.
This is the most aggregious, authoritarian, Big Brother government surveillance system ever devised, and it's already law. I am fucking terrified.
(Yes, the EU has a less horrifying version of this. But Google, Apple, and Microsoft still control most of the devices in the world, and they are US companies.)
> I don't understand why nobody in the comments is freaked out about this.
Because it's hopeless? It's been proven time and time again there's nothing the average person can do to fight this sort of thing.
It's just better to sit back and watch as everything gets ruined.
Actually it's the opposite. Average people speaking out is how the world gets better. It's when they don't speak out that things are allowed to get worse.
You literally live in a Democracy. There's 5.8 billion people on this planet who wish they had the kind of power you have. If you give up your rights without a fight, you don't deserve them.
2 replies →
Just another reminder of how we need to protect what we have in the EU (not a guarantee, but at least a chance of fair dealing and a sustained commitment to civic values). Now that the mask has fully fallen, we have to take every step possible to root out American influence.
Isn't eIDAS the same technology stack that would put the government in total control of what websites you can view & what ones you can't?
https://en.wikipedia.org/wiki/Qualified_website_authenticati...
QWACs exist to provide a more stringent and user-accessible way to assert a website's identity, mostly to foil phishing and other exploits that regular certificate systems don't address well. Where does this cross into censorship at all?
6 replies →
Zero knowledge proofs stops corporations from tracking you, but they don't stop the government from tracking which websites you visit. They also require hardware attestation for them to work, which means you will be only allow to use a locked-down goverment-approved OS for age verification, and that opens the door for the government to control the software running on every device.
> Just another reminder of how we need to protect what we have in the EU (not a guarantee, but at least a chance of fair dealing and a sustained commitment to civic values).
What you have in the EU is this: https://noyb.eu/en/project/dpa/dpc-ireland
> Now that the mask has fully fallen, we have to take every step possible to root out American influence.
You have literal rogue states in your union that neutralize the entirety of it, as the above shows. It's a joke. The EU is a joke. A single country is enough to mean US tech can do whatever it wants, similarly a single other country is enough to mean Russia can largely do what it wants.
The others are of course in on it too. Which is why for all the empty EU talk on US big tech you've never heard them talk about the Irish DPA and what they all enable. Strange right? Would think that this would be a priority. But it shows that even if the rest weren't in on it, just one country would be enough. And it could even be a tiny place like Luxembourg.
Laws and regulations aren't worth the paper they're written on if they're not enforced. The current ones aren't enforced at all, why would any new ones be? Did you know that there was a long period where hosting European citizens' PII on US-controlled servers (like Amazon instances in Europe) was illegal, after the "Privacy Shield" was deemed unlawful? No one cared. Did you know that this is currently the case again, because the thing that replaced it has once again had its basis ripped out from under it by Trump? Once again, no one cares, and indeed EU governments and corporations are _still_ making migrations _to_ US clouds.
Not that it matters, within a few years RN will be running France and AfD will be running Germany and you don't have to pretend any more as the "mask will have fallen" just as much.
So Meta's corporate strategy involves manipulating our social lives even more than they already do? I'm tired boss.
They can always go lower
Here's some more technical details of the Swiss new official way (yet to be implemented) of doing age verification and more: https://www.liip.ch/en/blog/swiss-eid-from-a-developer-persp...
So meta acts as a government spy actor. Interesting.
When a company such as meta pursues mass-sniffing, is it still a company or is it just a spy-agency? Meta isn't even hiding this anymore. I am glad to finally understand why these "age verification" is pushed globally. Meta pays well.
Pretty sure that the current round of age check laws violates COPPA and FERPA... as transmitting age to any requestor would violate those laws. So, we're just furthering tyranny. Which law gets enforced today, which tomorrow, and who gets targeted?
Quis custodiet ipsos custodes?
Wrote to my state representative this morning.
"You implemented a law that enables vibe-coding pedophiles to deploy apps that find all the children. Please resign."
It was even published by Yahoo lol [0].
0: https://www.yahoo.com/news/articles/reddit-user-uncovers-beh...
> EU’s eIDAS 2.0 offers privacy-preserving age verification with zero-knowledge proofs that protect personal data.
I'm on a short phone break and this is the first I've heard about this. Commenting to ask if anyone can explain this. If not, it'll be a reminder for me to research later.
I'm not sure I'm on board with age verification, but I'm certainly opposed to all forms of identity linkage and tracking. Maybe this is a middle ground?
I'd still prefer if parents disciplined their own kids by limiting device access and controlling their peer groups instead of putting us all into a rats nest of surveillance.
This feels like a waste of time and money. Why are people so interested in tracking people who on average can't read or write better than a 12 year old child? By my count, I'm assuming things will be increasingly degraded for about the next 8-10 years or so.
> organizations like the Digital Childhood Alliance (DCA)
The Reddit post mentions that DCA does not exist in any official record. It seems to be a ghost organization for the purpose of controlling perceptions.
I think it exists, as an umbrella group. It might only be 3 weeks old. But it seems preoccupied with minors accessing online pharmacies. Very preoccupied with that.
Age verification is surveillance. The organized campaign to push age verification is not actually trying to protect children. You can’t do age verification without identity verification. You can’t have internet privacy and identity verification.
TLDR: Meta want to push all the age verification requirements onto the OS makers (Apple, Google, everyone else gets caught in the crossfire) so that they don’t have to do anything AND they want it done in such a way that they can use it to profile people to push them targeted ads.
Its like they want to keep being seen as the bad guys.
I think this is also a way of getting ahead of any “ban social media for teens and preteens” bills that might pop up in the US. They do not want repeats of Australia! By adding age verification into the operating system they can deflect responsibility but also respond to legislators with a scalpel rather than getting sledge-hammered.
…Honestly this seems something very likely, more than the other suggestions.
I want age verification but not at the OS level.
I want reverse age verification that lists the ages of every social network post. I think a lot of people that criticize social network toxicity don't realize their interlocutors are half their age. It's not one-to-one, meaning maturity doesn't follow from age, but I think there would be some affordances made in both directions. A younger person would be less surprised that a 60+ yr old would hold certain views. And vice versa.
> I want age verification
Please feel free to verify your own age with anyone you like. If you mean "I want other people to", then no.
Yes, let me send a picture of my ID to every app on the internet. That's so much better than having the device I own attest to my age anonymously.
What would a world with your preferred age verification system look like?
4 replies →
> I want age verification
Why?
4 replies →
It's easy to lie to an OS about your age because it's a single-user experience, and if your parents allow you to lie (or don't know), that's all it takes. Social networks are so much better equipped to estimate age because they have a simple double-check, which is that most kids follow other kids in their grade level.
The patches on top of this are really bad. For instance, we are seeing "AI" biometric video detectors with a margin-of-error of 5-7 years (meaning the validation studies say when the AI says you're 23-25 you can be considered 18+), totally inadequate to do the job this new legislation demands.
for ~2 decades i have attended events, written to my representatives, proposed solutions to whoever i can, and encouraged my students to do the same as various attempts are made to strip regular people of their privacy. for ~2 decades now, i have been trying to fight this fight.
one scary observation is that each year, less and less people care. at least, this is true among my students. plenty of them believe the 'protect the children' line and are more than willing to do whatever the government/big tech suggests. or they just shrug ("what difference would i make?").
for context, i teach at a college level, in tech. a few of my classes are from the cybersec program, one of the programs that should understand and care about the implications of bills like these, and even the majority of them do not care about this stuff anymore. they grew up with instagram and facebook and cameras everywhere. they grew up knowing that any little fuck up they have is recorded and posted online. they know that by the time they go to college, all of their data has already been leaked a few times. they never really had an expectation of privacy in the first place, so it just isnt a big deal.
as someone who interacts with this next generation of "hackers" on a daily basis... the concept of cypherpunk is gone. i got into this field because of my beliefs. they are going into this field because they want a chance at buying a house some day, and know that big tech has big bucks.
i am tired. and i recognize that this is exactly what they (lobbyists, meta, etc.) want! but i am tired and discouraged. more and more i find myself having to actively fight the urge to give up. i am not ready to give up just yet... but, i am sorry to say that as someone closer to retirement than i am comfortable admitting, i only have so much energy left.
27 years against software patents in the EU, feeling the same unfortunately.
But sometimes very few people can make a difference.
i felt that.
>"Here’s where the lobbying gets surgical. The proposed laws hammer Apple’s App Store and Google Play with compliance requirements but reportedly spare social media platforms—Meta’s core busines
Because social media already has the age info exactly?
I think an OS and a web platform with accounts are different product categories. Not even sure what an interpretation of the bill that would affect meta would be.
> Because social media already has the age info exactly?
Then it shouldn't be difficult to comply.
"Because social media already has the age info exactly?" I don't know what this question means. What information does social media have "exactly"?
Facebook can make a very accurate guess from your photos, your posts, your friends' ages, and the data brokers they link it all up with.
2 replies →
What I find interesting is how this legislation suddenly leads to some open project give in and submit - see MidnightBSD wishing to spy on people via a daemon now. Linux will probably follow suit via systemd; an appropriate name would be systemd-sniffy, to sniff for user data and warn the authorities "WARNING - 15 YEARS OLD IS WATCHING SOME P..., SHUT DOWN THE HOUSE!!!". And the legislation calls this safety. And freedom.
It is like in the novel 1984. But stupid. Probably more like minority report - but also stupid. All aided by Meta bribing lobbyists to do their bidding.
Isn't age verification effectively useless given PI breaches?
"Do such breaches make it trivial to lie to age and identity verification systems?"
"1B identity records exposed in ID verification data leak" https://news.ycombinator.com/item?id=47348440#
Jesus. As an American I can do my part, but it’s not much.
$70 million is chump change for Meta, yet is far more money than I’ll ever have and does so much to influence state legislation.
Time and time again it amazes me how incredibly cheap lobbied politicians are. They may be earning big sums for an individual, but if you go full corruption[1] to sell out a state or a country - sell it for a fair price.
I remember from peak net neutrality discussions during trump 1 maybe around 2017-2018 ant saw an article on theverge.com (that cannot find now) and biggest sum to individual politician was around $200k, when median values were much much lower.
Politicians are selling tens of billions of dollars (if not hundreds of billions) worth of revenue to ISPs for couple or dozen million. Literally 1000x return on investment (if successful).
I remember local politician (I am not from US) got caught taking 100k bribe from a company for helping with alleged highway construction procurement. Project was valued ~1B - 10 000x return on investment (if they wouldn't have been caught).
[1] I am sorry, not "corruption", but "lobbying".
Bribed are even smaller. Some councilmembers got indicted in LA some years back for pay for play development. The bribes were things like steak dinners, 5 figure sums of cash in paper bags, and hookers. Astoundingly cheap.
in the 1990's there was a woman prime minister of Turkey.
she ended up resigning in a scandal caused by her husband accepting a boat (or work on the boat..i don't remember). the scandal was caused by the amount of the bribe. it was too low. the Turkish people could understand some corruption, but to be able to bribe the top leader for $50k. Unacceptable. If it would have been $100 million, it would not have been a scandal.
2 replies →
We should ask ourselves why we continue to participate and perpetuate economic systems that result in levels of inequality so vast that they threaten control of our democracy.
After looking at the California bill a bit, I'm equally worried about the implications for application developers as I am for the implications for OS developers.
It says apps must use the age signal as proof the user is a minor, and then behave according to all California laws regarding that. (I'm not a lawyer, but that's my read.)
So, does this apply to applications that run locally? What if an under 13 year old tries to read a text file with lots of swear words or ascii b00bs? Does emacs need to stop them? cat? xterm?
The way the law is written is so utterly shit that I don't think it does what it's meant to do at all.
Microsoft has a trillion dollars in liability now because every historical OS is illegal, and every adult user of that historical OS (that you don't ask for their age) is a monetary fine.
$2500 fine for Microsoft for letting me continue use Windows 10 in Colorado, cause they never asked my age.
Also hilariously the law openly FORBIDS checking the user's identity to verify age. It says you MUST NOT collect any more information than is necessary to comply with the law. And complying with the law only requires that you ASK the user to TELL YOU their age, so my non-lawyer take is that if you do anything else like checking ID you can and probably will be prosecuted
Microsoft is not going to let you continue using Windows 10 under any circumstances.
They cannot fucking stop me. $2500
This is key:
‘The “child safety” rhetoric masks a competitive strategy that shifts liability from platforms to operating system makers.’
the post getting mass-reported off reddit twice is the best evidence that the research is accurate lol
This discussion, being so timely and important, inspired me to draft an article that explains a possible third way that might not have been fully considered. I would be humbled and honored to receive any feedback:
https://www.robpanico.com/articles/display/presence-derived-...
(posting link because it would be too much for a comment)
How much do you want to bet that Amutable, via its founder's control of the systemd codebase and ability to drive change, will be first-in-line to force a switch to its variant of systemd, along with a module for age verification?
I don't see it as coincidence that with all these laws passing, suddenly he announces a secure, "controlled", "locked down" version of systemd. Why, RedHat and Ubuntu can simply drop in this new variant, pay a small fee, and be done with compliance.
I have no idea if Meta is driving these, but the only way it would make sense for them to do it is if they saw age-verification as inevitable and would prefer to pass on the costs/liability of implementation to the app store providers. If they didn't see them as inevitable, then it makes no sense for them to be pushing for these as they are fundamentally against their own growth.
Follow what Nick Clegg has been saying post-Meta. He might give a big clue.
.. do you think you could quote it here to save time please?
"But there is an obvious solution: mandate the operating systems (iOS and Android) to share device users' ages when they download apps from the app stores – data the operating systems get as part of the hardware acquisition already. This would be a simple one-step way for parents to control all the different apps that their kids use (in the US, the average teen uses forty different apps per month) and would remedy the fractured app-by-app approach we have today. We should make a societal judgement about whether to set these age limits for smartphones or social media use at thirteen, fourteen, fifteen or sixteen, then write it into law." in How to Save the Internet by Nick Clegg
4 replies →
If we want really a set up where a child does not access it...
Psychology has a higher success rate...just tell them that their parents use it....
There are many systems where accuracy is loose and that is its core feature...for example postal addresses worldwide...I can a mistake in the address but the letter or package will still get there...
Oh look, the Heritage Foundation, the ones who wrote up the "Project 2025" agenda for most of the corruption and authoritarianism that has plagued America in the last year.
The very last people you should trust when it comes to "protecting the children."
To me it feels that the age verfication (adult de-anonymisation) push, at least in Europe, is coming more from the increasingly-authoritarian left as a reaction to the rise of the online right and Musk's Twitter.
(Maybe some unspoken element of concern over social media bots, too - as they evolve from spamming copy+pasted comments to being near-indistinguisable from actual human accounts?)
If you look at the people pushing these bills it's the anti-trans and anti-porn activists. Not the left.
4 replies →
It would be interesting to see a similar lobbying breakdown for the EU and UK. I bet it's still Meta with other right wing actors. The left rarely has the money for this kind of lobbying scale
Heritage has been laying waste to America my whole life. They basically planned all of Reagan's legislative agenda, too, just like Project 2025 is doing today. In very real ways, they and their vision are America (a system is what it does, not what it says it does).
The idea that it might cost "someone" $2 every time a user opens and app AND it sends a bunch of private data to a 3rd party is completely dystopian, let alone everything else.
And a serious question: with deepest respect to the author for their extraordinarily impressive time and effort in this investigation... Why was this not already flagged by political reporters or investigative journalists? I'm not American so maybe I don't understand the media structure over there but it feels like SOMEONE should have been all over this way before it's gotten to the point described in this post.
When a megacorp funds a network of non-profits to lobby a bunch of politicians, draft legislation, and tell them to take it to committee, that can happen without much visibility, especially when it's been orchestrated at the state level, as this has. Where does any of this show up until there's a vote called on it? There's no open debate. No working "across the aisle" to address concerns. There's nothing left of the legislative process that started this country, or, indeed, any Western representative democracy. So someone has to be watching, see something on an agenda that raises the hairs on their necks, figure out what it is, and if there's a story there, and they're not going to get any help from anyone because everyone involved knows how the public is going to feel about it. And then, as the article indicates, even a place like Reddit is going to astroturf the effort to get the story out. (Which I've been trying to point out for YEARS, but which -- surprise, surprise! -- gets supressed.)
Mainstream media is largely captured by the same monied interests as discussed in the reddit post. Although the poster does mention an article from Bloomberg as evidence, most of their sources are local outlets or tech-focused. https://github.com/upper-up/meta-lobbying-and-other-findings...
Your website send request to the users for access to private networks. That´s called invasive. Hacker news should not allow posts with this kind of websites.
Hey, my favorite youtuber just made a video on you!
https://www.youtube.com/watch?v=o41VCmCgm9I&t=24s
Just ban lobby groups. Politicians are public servants, not corporate servants.
I'm unclear how banning the ACLU and the EFF is supposed to improve the alignment of politicians to public interests.
The OP’s point can be interpreted as describing the automation and mechanization of this kind of targeting, which would likely become necessary if the scope of prosecuting so-called “thought crimes” continues to expand.
Here is an Archive: https://arctic-shift.photon-reddit.com/search?fun=ids&ids=t3...
age verification is always a backdoor for some nefarious constitutional rights-infringing policy because every child has their parents legally responsible for their well being and all the legal aspects as well. in other words, parents have the responsibility, and authority, to enforce what devices and what websites their kids are allowed to visit, and no silicon valley epstein pedos run by mosad should have any involvement in any of this whatsoever.
Puts Linux on every flash drive they own in prep
The post looks to be deleted. Anyone know a way to view the original content?
This is a junk AI article sourcing Reddit.
See? It was never about children. Never fails.
Corporations literally buy the laws they want and Silicon Valley is the newest lobbying monster. Genuinely terrifying.
That's what Washington and Brussels are about: lobbying capitals and buying influence over how laws are made.
https://archive.ph/6kiqr
I must say I’ve been on the internet since around 7 or 8 with no restrictions and I turned out just fine
So the theory of advertisers needing a way to verify who’s a bot and who’s not is not that crazy
I was already on my way to de-internetizing and de-digitalizing my life, this just makes it more of an imperitive.
Have at it Meta, you broke it you most certainly bought it!
This is how bad journalism results in conspiracy theories.
I looked at the original analysis and it was fraught with language that leads to specific conclusions. It was most certainly LLM aided, if not generated.
I am not ascribing malice, but the author seems inexperienced with the repercussions of making assertions out of partial knowledge.
Also: Good grief, this article is also written via LLM! Human+machine comes up with theory that goes viral, and then Humans+machines amplify it? Is this the brilliant future we have to look forward to?
If politicians care so much about protecting children, then why aren't they going after the rich and powerful child abusers mentioned in the Epstein files?
Best they can do is only arrest maxwell.
We age gate the movie theater, so why is age gating a website or app any worse?
What age is appropriate for the Safari app? What age is appropriate for PlannedParenthood.com? Reddit.com?
A movie is a distinct piece of content. A website and an app can be a container for lots of different content.
Nobody is trying to age restrict the safari app (like a movie theater), but I don't see why websites or parts of websites can't be restricted like individual movies are as they are given a rating by an authority.
But other apps entirely like dating apps? or only fans? can probably be entirely restricted to some age.
This isn't even a hard question. The movie theater is open but movies that are rated R are not. In this case, Reddit.com is a movie theater, subreddits are movies. The website might be open, but not every subreddit is. This is in fact how Reddit already operates, age verification is just a joke right now.
Have you given any movie theaters a permanent and persistent copy of your ID lately? Your phone number? Make them a list of anything and everything you've read about lately?
What is the fight over? It semes like some people are fighting over age restriction at all, and others are fighting over the specific exchange of age proof mechanisms.
1 reply →
???
I've never needed to give any documentation to buy a movie ticket.
This is very lazy AI generated content, as admitted toward the end of the document.
Clicking through to the "findings" shows that they didn't even try to feed proper data into Claude when the AI bot was blocked or couldn't access the documents. Some examples:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So Claude then goes on to propose "Potential Role" that postulates connections might exist, but then caveats it by saying that no evidence was found:
> This negative finding is inconclusive due to inability to access Schedule I grant detail data in the actual 990 filings (PDF downloads returned 403 errors, and ProPublica's filing viewer loads data dynamically).
This is what happens when you try to lead an LLM toward a conclusion and it behaves as if your conclusion is true. Hacker News is usually quick to dismiss incomplete and lazy LLM content. I assume this is getting upvotes because it's easy to turn a blind eye to the obvious LLM problems when the output is agreeing with something you believe.
so as to not hold the liability bag, devs will publish the majority of their apps as 18+ (we're back to the 2000s with porn banner ads everywhere), and children will ask their parents to use their computer (orly owl).
This truly is the best democracy money can buy. As long as money and/or favors change hands in exchange for getting favorable laws passed, it's just legalized bribery and buying off your own "democracy".
And it snowballs, the more favorable laws someone buys, the more favorable their position, and the more they can buy in the future. The transition from "democratic facade" to "outright oligarchy" will be swift and seamless.
It's an important story, and I'm glad it's getting exposure, but this "article" is some really blatant AI slop. Go and read the original Reddit thread by the human being who did the work instead of this lazy regurgitated shit.
The original reddit post was also written by AI
in this thread: people hating an ai company from an ai written article about an ai written reddit thread
It appears that the original "research" was also pure AI slop--someone just asking Claude and quickly slapping together whatever it said. It's very low quality and should not be getting this much attention.
What makes you think it's "blatant AI slop"? I mean I agree with reading the source over something that went through a journalistic filter but you didn't even link it.
I'm surprised the "laboratory" of the globalist elite, India, hasn't implemented this yet.
Digital-ID (Aadhar) was heavily pushed by USAID and other US-deepstate associates; the same with digital-money and the "demonetization". Bill Gates's org actively tests out things on actual humans like guinea pigs, before globalizing the "solutions". These days all of this is kind of redundant since the phone-number + verification has become essentially a necessity to live in the city in any part of world today.
The prev. Govt. had considered doing this "login with your ID or no internet" scheme (to "protect" people no doubt) back in 2012s - there were explicit statements about disallowing people who would not authenticate with Aadhar, but it was shelved (likely because of their unpopularity).
If our current "Dear Leader" were to propose this, I think a significant population would opt-in simply because of a sense of belonging to a hero-worship-cult.
The state is determined to ensure that every human be their slave.
Your take in this entire ends up with you blaming Bill Gates like some MAGA tinhat? The GOP are literally the cabal of pedophilic, privacy ending, freedom crushing elites you’re looking for and this is somehow your perspective?
I suspect you only read up to the 2nd paragraph of OP's comment if that's what you got. They certainly aren't pinning the blame on Bill Gates. I don't think "current "Dear Leader"" (quotes included) is common MAGA vocabulary. Also, given the bipartisan support of the bills, funding and presence in the Epstein files, it seems unfair to include only MAGA as the "cabal of pedophilic, privacy ending, freedom crushing elites".
The primary goal of these efforts is to control communication and the flow of ideas. Information is a control mechanism, since we act on what we believe.
In history we had four media revolutions (printing press, radio, television, Internet), each greatly disrupting and reshaping society. This is the fifth (social media and maybe AI).
All these revolutions had the same theme: increased reach of information, increased speed of transmission, increased density (information amount per unit of time), and centralization of information sources. Now we seem to reach the limits of change. No more reach, since our information networks span the entire globe. No more speed, since transmission times are close to how fast we can perceive things. The only things left to change are even more centralization and tighter feedback loops (changing the information based on how the recipient reacts).
Given all that, this media revolution might be the last one, so there is a gold rush among the elites to come out on top.
The article makes one mistake: praising Europe for having a better approach. Governments here are pushing hard to force ID requirements. Sure, they start by pretending it's "for the children" and they "only want age verification". They also claim that e-IDs will be voluntary. Camel. Nose. Tent.
These are the same governments that file criminal charges when you compare lying leader to Pinocchio (Germany). The UK records something like 30 arrests per day for social media posts. Just imagine how much better they could do, if you were not pseudo-anonymous in the Internet!
I quite like the EU approach. It's a decent spec. Most countries already have digital apps to verify identity, like Denmark's MitID (https://www.mitid.dk/en-gb/get-started-with-mitid/). These could be expanded to fully EUDI compliant wallets and deliver encrypted proof-of-age without exposing any other identity.
For example a gambling site could require MitID auth, but only request proof-of-age and nothing else. You can see in the app which information is being requested, like with OAuth.
If there's no information provided beyond proof-of-age, what's stopping my friend's 18 year old brother from lending his ID to every 14 year old at school? IRL that's negated by the liquor store clerk looking at the kid who is obviously underage and seeing that his face doesn't match the borrowed card he just nervously presented.
12 replies →
I don’t mean to be as aggressive as this sounds but the frogs probably liked the increasingly warm water too until it started boiling. How many steps between MitID and a fork that is used to enforce extreme censorship?
5 replies →
Gambling sites already have payment information, which should include real names! (no, you should not be allowed to do non-KYC gambling, that's just money laundering)
6 replies →
Regarding the Pinocchio thing: Local police said „that‘s probably insult“ and sent it to public prosecutors. Public prosecutors investigated and said „nope, free speech“.
I really don’t see the problem.
If you can disturb enough people that think differently, independent of the final result, you can end up silencing them. Is the same that happens with bogus DCMA claims in Youtube channels, when they negative reviews of products. For a normal guy, having the police showing up, going to court, lawyer, etc, can be a significant burden. I DO see a problem.
5 replies →
The investigation and the threat against your freedom and safety (the implication of prison is always that you'll be harmed in there) WAS the punishment.
Sure, but the fact remains that it was referred for criminal prosecution. They didn't follow through, this time, but the victim still had his "lesson" about insulting his betters.
And Germany really did sentence people for calling Mr. Habeck "Schwachkopf", which is about as mild an insult as you can find.
5 replies →
It is almost like every government is shit and politics only attract psychopaths who want more power over other people.
If this lobbying forces Microsoft to finally add local child accounts to Windows, I'll consider Meta's money well-spent.
Removed! Anyone got a copy of the original text?
> This isn't age verification at the point of accessing restricted content. This is a persistent age-broadcasting service baked into the operating system itself, queryable by every installed application.
You're not missing anything. It's just an AI generated summary of the original GitHub link https://github.com/upper-up/meta-lobbying-and-other-findings
I found the original article much easier to read anyways
https://web.archive.org/web/20260313125244/https://old.reddi...
They linked to this GitHub project: https://github.com/upper-up/meta-lobbying-and-other-findings
Also curious why it would be removed.
See https://reddit.com/r/linux/comments/1rshc1f/i_traced_2_billi...
AutoModerator on /r/linux is set up to automatically remove posts after a set amount of reports.
1 reply →
Mass reporting, likely coordinated. This person had a previous submission on this topic that was also attacked this way.
It (for the second time) was automatically removed via mass reporting by reddit accounts.
> Meta’s backing of DCA, part of a $70 million fragmented super PAC strategy designed to evade FEC tracking
Why is this never relevant politically? Its the same with the Epstein files, terrible things happen and we just hand-wring. It seems like the US electorate, doesn't know, doesn't care or is otherwise distracted. I don't see how the US is ever going to get shit together if it accepts this sort of corruption.
i find it funny this got more upvotes than the original post on HN
Has HN really stooped so low that we are upvoting unsourced AI slop? This “article” is sourced to a random Reddit thread and was clearly written by an LLM.
> A Reddit researcher just exposed
>The technical reality hits harder than policy abstractions.
> Here’s where the lobbying gets surgical.
Ad hominem. If it’s clearly wrong then demonstrate.
It is actually not argumentum ad hominem, not least because this author is clearly not a person. It is extremely relevant to substance of this post that it was written by an LLM based on an anonymous Reddit commit (based on "reporting" itself written by Claude).
>If it’s clearly wrong then demonstrate.
Sorry, this does not work in the age of AI. If you don't bother writing your own words, then no one should bother responding to them.
It has been demonstrated as being wrong throughout this thread and the original threads about it.
The original report was AI slop from Claude Code. If you go to the repo it doesn’t even claim that Meta spent $2B, that’s just a sum of a lot of numbers Claude could find, not the number that Meta spent on lobbying this.
How is this preventing anyone booting up an old pc and sharing a usb key data. This is utter nonsense made to control people and instigate fear and self censorship... this is 'the system' discovering the internet in slow motion and immediately pushing its boot over it. We live in an artificial moral panic that should have no place in the minds of smart people.
Just generally, a good piece of context to keep in mind whenever you see electronic surveillance, backdoor, or anonymity-piercing legislation or legal efforts, _particularly_ when they're framed as protecting minors, is that Jeffrey Epstein's primary mode of communication with his co-offenders was Gmail, frequently via a BlackBerry.
teacher, leave em linux kids alone
Eh... That "[removed]" there means there was something to read and now it's gone?
At least the author posted a link to the dataset in a comment so it survived:
https://github.com/upper-up/meta-lobbying-and-other-findings
Why?
Where do I donate to oppose this bullshit?
I want to open my wallet. It should be the top comment.
Donate a phone call. You aren't gonna win the bribing war against people who own a machine that turns your worthless data into millions of dollars.
If everybody who cared to and lived in the affected districts called they would kill the bill just to clear their phone-lines.
If Citizens United is not challenged, we will end up being governed by corporate billionaires. Forcing age verification down our throats will be the least of our worries if this continues.
> we will end up being governed by corporate billionaires
I think it's a little late for that.
How are Apple and Google reacting to this? Surely these companies aren't ignorant of it.
Man if the EU made GDPR a 45M+ user platform thing most of the issues with it would've gone away.
Now it is only age verification. Next they will try to impose digital ID.
That's when you know the new world has begun.
Am I the only person who recognized that this bill explicitly does not require any sort of id verification? The point is to make apps and websites more accountable.
That's just great, now the tech-bros are going to start a war!!!
I am now waiting for Gruber (daringfireball.net) to post another rant about how terrible EU regulation is.
Zero-knowledge proofs are the way to go for this type of thing, I find it mind-boggling that the US lets itself be bamboozled into complete lack of privacy.
I am from EU, and contrary to age verification laws in general.
My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.
Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS
> Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS
To be honest, I worry that the framing of this legislation and ZKP generally presents a false dichotomy, where second-option bias[1] prevails because of the draconian first option.
There's always another option: don't implement age verification laws at all.
App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried.
[1] https://rationalwiki.org/wiki/Appeal_to_the_minority#Second-...
49 replies →
Yes! This is the way, give parents the ABILITY to advertise the users age to browsers, apps and everything in between. Only target cooperations, do not target open source projects. Fine websites for not using this API (ex: porn sites). Assume an adult if not present.
25 replies →
that is correct the parents are meant to pass on morals and parent the child. If the parents fall through, there is the community such as church, neighbors, schools etc. The absolute last resort is government or law enforcement intervention, and this should be considered an extreme situation. But as John Adams noted, "Our Constitution was made only for a moral and religious people" -- in other words, all these laws start to rip at the seams when the fabric of society, the people who make up the society no longer have morals. But I appreciate this article in general, we need to fight against mass surveilance at all costs.
1 reply →
"mechanism to enforce that is parental control on devices."
Meh, I use it, but it's super annoying and I think that with my Daughter I'll take a different approach (but it will be some years before that is relevant).
On Android: The kid can easily go on Snapchat (after approval of install of course, and then you can just see their "friends") before Pokemon Go (just a pain to get working, it keeps presenting some borked version which led to a lot of confusion at first). I just lied about his age in a bunch of places at some point. Snapchat is horrible and sick from our experiences in the first week.
On Windows: It's a curated set of websites (and no FireFox) or access to everything. It's not even workable for just school. Granting kids access to our own minercraft servers: My god, I felt dirty about what the other parents had to go through to enable that.
4 replies →
> My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.
Imho there is a place for regulation in that, actually. Devices that parents are managing as child devices could include an OS API and browser HTTP header for "hey is this a child?" These devices are functionally adminned by the parent so the owner of the device is still in control, just not the user.
Just like the cookie thing - these things should all be HTTP headers.
"This site is requesting your something, do you want to send it?
Y/N [X] remember my choice."
Do that for GPS, browser fingerprint, off-domain tracking cookies (not the stupid cookie banner), adulthood information, etc.
It would be perfectly reasonable for the EU to legislate that. "OS and browsers are required to offer an API to expose age verification status of the client, and the device is required to let an administrative user set it, and provide instructions to parents on how to lock down a device such that their child user's device will be marked as a child without the ability for the child to change it".
Either way, though, I'm far more worried about children being radicalized online by political extremists than I am about them occasionally seeing a penis. And a lot of radicalizing content is not considered "adult".
You could make the same case for parental control as evil.
"You‘re reading about evolution! Not in my house"
13 replies →
Same here, EU citizen who thinks parents should do some parenting, after all. However, try to confront "modern" parents with your position. Many of them will fight you immediately, because they think the state is supposed to do their work... Its a very concerning development.
> My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online
As a parent, sure, that is my stance as well. What... what other stances are there even? How would they work?
19 replies →
I'll go further. As a human being, I am responsible for myself. I grew up in an extremely abusive, impoverished, cult-like religious home where anything not approved by White Jesus was disallowed.
I owe everything about who I am today to learning how to circumvent firewalls and other forms of restriction. I would almost certainly be dead if I hadn't learned to socialize and program on the web despite it being strictly forbidden at home. Most of my interests, politics and personality were forged at 2am, as quiet as possible, browsing the web on live discs. I now support myself through those interests.
We're so quick to forget that kids are people, too. And today, they often know how to safely navigate the internet better than their aging caretakers who have allowed editorial "news" and social media to warp their minds.
Even for people who think they're really doing a good thing by supporting these kinds of insane laws that are designed to restrict our 1A rights: the road to hell is paved with good intentions.
6 replies →
Even with ZKP this is still highly problematic, it create difficulty for undocumented people to access the web, create ton of phishing opportunity, reinforce censorship on most site (as they will now all need to be minor compliant or need age verification), reinforce the chilling effect and make the web even less crawlable/archivable (or you need to give a valid citizen ID to your crawler/archiver).
With no proof it will protect anyone from proven harm.
>it create difficulty for undocumented people to access the web
Why is this such a sticking point in US politics? If the "undocumented" people aren't supposed to be in the country in the first place, why should rest of society cater to them? Even if you're against age verification for other reasons, dragging in the immigration angle is just going to alienate the other half of the population who don't share your view on undocumented people, and is a great way to turn a non-partisan issue into a partisan one. It's kind of like campaigning for medicare for all, and then listing "free abortions and gender affirming surgery" as one of the arguments for it.
10 replies →
Though the EU is at large keeping it's composure with this. My only criticism towards the EU as an EU citizen is how slow and bureaucratic the EU is and that decisions that should be made on the fly are dragged on forever.
That said, government agencies have been doing a terrible job at keeping the private information of citizens safe. But it is nowhere nearly as bad as the US. My best childhood friend died in very questionable circumstances in 2009 in the US in very questionable circumstances. He had a US citizenship and we never really found out what had happened(to the point where we never really got any definitive proof that he had died). But that didn't stop me from trying and I was blown away by the fact that I could log into a US government website, register with a burner mail, pay 2 bucks with an anonymous gift credit/debit card and get a scanned copy of his death certificate in my email. And I didn't even have to provide his passport/id/anything. Just his name.
Point is, the US has been terrible at privacy for as long as I can remember. It is probably worse now with Facebook and Ellison holding TikTok.
The critical thing is not so much "Americans" as "big money". Big Russian money is also a threat. Big Chinese money .. well, there's a bit of that about, but it doesn't seem to have shown up at the legislation influencing layer.
32 replies →
> I was blown away by the fact that I could log into a US government website, register with a burner mail, pay 2 bucks with an anonymous gift credit/debit card and get a scanned copy of his death certificate in my email. And I didn't even have to provide his passport/id/anything. Just his name.
Death certificates become public record after a period of time, depending on the state. In some states it’s 25 years after death, some more, some less.
https://www.usa.gov/death-certificate#:~:text=Can%20anyone%2...
As far as I can tell this is the same as in the EU: Death certificates can be publicly accessed for a fee after a period of time defined by member states.
I found some comments saying death certificates in the UK could be accessed as early as 6 months in some locations.
So I don’t see this as the US being uniquely terrible on privacy. This is how most of the western world does it. You just had experience with the US and assumed EU was different.
> we never really found out what had happened(to the point where we never really got any definitive proof that he had died).
I’m sorry for your loss, but doesn’t this imply that the US did do a good job of protecting his privacy? It wasn’t until the time limit had passed that you were able to find the death certificate.
Death certificates are public records (at least in the UK) so why shouldn't you be able to get one? I think the alternative, where people's deaths could be kept secret by the state is a far greater risk than the privacy rights of the dead (GDPR type laws generally apply to the living).
I don't know about elsewhere but in the UK anyone can apply for any death certificate going back to 1837.
2 replies →
No, the way to go is the California way. The device owner (root user) can enter the age of the user. Restrictions are applied based on that. Nothing is verified.
That way should be paired with "adult by default". So that No age data means adult.
Zero-knowledge proofs are unworkable for age verification because they can't prevent use of somebody else's credentials.
The same argument could be said for other age verification methods. Nothing stops a kid from getting their older cousin to verify their identity for something and it will never be possible to prevent this.
7 replies →
Two billion in lobbying. And the conclusion is that regulation is the problem?
Zero-knowledge proofs are only anonymous in theory if you ignore the issue of requiring a third party, and the issue of implementations.
And according to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
You are missing the point. The real purpose is to control the Internet and free speech. They've been trying this for ages. Now the excuse is protecting children. Soon terrorism will be back. And don't forget aոtisеmіtism, too.
Not exactly a good moment for this particular caste of politicians/elites to pretend they care about children's well-being!
The internet we grew up with is nearly gone. For my part I've downloaded most of what I want and am trying to move more towards physical books. I think in the future, the internet could be a lot like cable TV. The value it brings is not worth the costs it imposes.
The way to go for this kind of thing is to not go for this kind of thing at all.
Seeming as this affect everyone .. Is there anything like and Open Collective .. grassroots consortium, to put together strong sensible zero-knowledge proof based policy examples that could be given to law-makers instead of this shadowy surveillance Trojan horse nonsense?
The real answer is that there is no solution to the problem other than what basically amounts to better parental controls.
> Zero-knowledge proofs are the way to go for this type of thing,
The benefit of zero-knowledge proofs is that the hide information about the ID and who it belongs to.
That’s also a limitation for how useful they are as an ID check mechanism. At the extreme, it reduces to “this user has access to an ID of someone 18+”. If there is truly a zero-knowledge construction using cryptographic primitives then the obvious next step is for someone to create an ad-supported web site where you click a button and they generate a zero-knowledge token from their ID for you to use. Zero knowledge means it can’t be traced back to them. The entire system is defeated.
This always attracts the rebuttal of “there will always be abuse, so what?” but when abuse becomes 1-click and accessible to every child who can Google, it’s not a little bit of abuse. It’s just security theater.
So the real cryptographic ID implementations make compromises to try to prevent this abuse. You might be limited to 3 tokens at a time and you have to request them from a central government mechanism which can log requests for rate limiting purposes. That’s better but the zero-knowledge part is starting to be weakened and now your interactions with private services require an interaction with a government server.
It’s just not a simple problem that can be solved with cryptographic primitives while also achieving the actual ID goals of these laws.
it's not about protecting children. that's only the PR.
once you get this you stop asking why the tech details are the way they are.
Counterpoint: yes it is
4 replies →
"how terrible EU regulation is"
Judges in other countries (Texas) found out this kind of law was a violation of the Free Speech.
Since when Free Speech do not apply to -16y old?
Made laws are made, then killed by courts later one.
Not sure what the Gruber thing is about. I guess I lack context. But on ZKP, I will agree but add this:
The only authority that can be trusted to do age verification is the government.
You know, those people who give you birth certificates, passports, SSNs, driver's licenses, etc.
The idea that parental supervision here is sufficient has been shown to be wholly inadequate. I'm sorry but that train has sailed. Age verification is coming. It's just a question of who does it and what form it takes.
Take Youtube, for example. I think it should work like this:
1. If you're not of sufficient age, you simply don't see comments. At all;
2. Minors shouldn't see ads. At all;
3. Videos deemed to have age-restricted content should be visible;
4. If you're not logged in, you're treated as an age-restricted user; and
5. Viewing via a VPN means you need age verification regardless of your country of origin.
It's not perfect. It doesn't have to be.
The original post was removed from reddit but it links to this GitHub repo that has most of the same information, but in a different format:
https://github.com/upper-up/meta-lobbying-and-other-findings
Luckily it was archived: https://web.archive.org/web/20260313125244/https://old.reddi...
Also on the wayback machine: https://web.archive.org/web/20260313090844/https://www.reddi...
Ok thanks, we've repointed the URL to the GitHub page.
Not surprisingly, Meta is possibly the worst "offender" behind funding of these campaigns.
They're a government contractor specializing in identity and a monopoly who loves not being regulated. They're really a straw donor - this is the government donating money to lobby itself. All of this is money leaving the government proper and being put through barely two degrees of indirection to be sent both to politicians whose job is to direct the government, and to the media to misdirect the public.
This (an end to general purpose computing) isn't anything that people can prevent through civil channels. It will happen with or without public approval. You will have as much control over it as you had over the decision to go to war with Iran. It will never be on any ballot. People who help will get rich, people who don't, won't. Eventually, people who help will barely be middle class, and people who don't, won't. Their kids will own your kids.
AI companies are also donating tens of millions to these PACs and others that are promoting age verification laws, it lets them sell AI content rating systems using their models.
Which is strange, because it is widely known a large amount of their advertising revenue comes from fake accounts.
This doesn’t make sense, how do these fake accounts bring revenue ? I thought the end goal is to improve conversion rate by removing the “bots” and this would therefore lead to higher ad spend and more money to Facebook direct
2 replies →
I’m curious why Meta would benefit. Meta seems wholly unnecessary, the verification can be done at the OS level, completely in the hands of Apple/Alphabet and maybe Microsoft.
If anything, Meta’s utility would seem to shrink if the OS handles proof of being a real person.
Regulatory capture through a higher barrier to entry. Any social media platform that wants to compete with Meta's portfolio will now also need to have an age-verification system in place (which is guaranteed to introduce higher costs). Meta can likely afford to eat the costs here as a tradeoff for the higher impact on smaller players.
It also gives them more information on users as a bonus. Further, verification with a real ID is also a quite effective barrier against excessive bots.
2 replies →
Meta's entire business model lives on ad deals that are not on the frontend. They are in the data business and this campaign is to get access to more data without an option to opt out. Who takes the data doesn't really matter.
1 reply →
Meta get to impose verified ID on everyone and link it to their advertisers, AND kill competing networks.
because upstart competitors cant afford the verification process / lobbying efforts next instagram wont be bought out, it cant even begin to exist
Liability and they probably want whatever blob of bits they use to identify you from the OS.
1. It deflects any obligation that would have landed on Meta itself to do age verification (which is what the regulators have long asked for). 2. It gives Instagram/Facebook/Messenger the ability to deliver the right ads to the right audience. It's free targeting data.
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
[flagged]
[dead]
Wasn't it Apple that was trying to get Meta to implement age verification in the first place? So, Meta is trying to get them to do it, which seems right.
Why does Apple always get a free pass?
Doesn't apple already check your age when you make an Apple account? using credit card information (before you use any app) It already feels enough to me.