Comment by cycomanic
3 months ago
These discussions remind me so much of the US discussions about federal ID documents as verification.
There's a vocal portion of people which opposes any solution because "privacy, government overreach, surveillance ...". So instead of a solution like e.g. zero-proof age verification, that tries to minimize intrusions on privacy, the result is the worst of all worlds, maximum surveillance (but I guess it's ok if it is not the federal government, but meta), with minimum utility. Just look at the freaking mess that is trying to proof your identity in the US.
For there to be a solution, there needs to be a problem. These bills are not addressing a problem. Assume the online platform has a video feed of my kid, or their SSN, or a zero-knowledge-proof of age, or whatever.
Now, what will the platform do with it? Concretely? As in: Name one bad outcome a reasonable parent would care about that's prohibited under these bills. If the bad thing happens due to willful negligence, then there needs to be some actual material consequence to someone at the platform provider.
The Illinois bill prohibits financial transactions, and feeds engineered to be addictive.
How do you define a “feed engineered to be addictive”? How do you distinguish between addictive and just good quality?
9 replies →
>Name one bad outcome a reasonable parent would care about that's prohibited under these bills.
the bad outcomes don't need to be prohibited under these bills. it's already illegal to, for example, distribute pornography to minors. which i think is something that a reasonable parent would have a problem with.
but if there is no way to determine who is a minor and who isn't, then it's impossible to determine the difference between "willful negligence" and regular old negligence and enforce any consequences for breaking that law. age verification laws are about mechanisms to make other, already existing laws actually enforceable.
> distribute pornography to minors. which i think is something that a reasonable parent would have a problem with.
I'm sorry what?
This is not even close to consensus, as you present it.
Also, a thought exercise, just for you:
1. Should stabbing people be illegal? 2. Should we make it impossible to stab people?
Think about those things, and how they relate to eachother. What would the consequences be of #2?
2 replies →
I can't speak for proof of identity in the US, but please understand that digital privacy is a slippery slope we're already sliding down, it is not unreasonable to be critical of any privacy violating initiative, because privacy is never given back, only taken away.
this position assumes the surveillance state or megacorps would be satisfied with a zero knowledge proof based ID/age verification system, which is not at all obvious to me
meta could spend their billions lobbying for that, if they wanted to
edit: to be clear, I do think a government developed and maintained ZKP ID/age system is the best possible compromise, I just don't think we have any chance of getting it
It's a bait and switch that can be seen by even Ray Charles from a mile away. ZKP assurances is just part of the high-IQ "useful idiots" spreading buy in for the bait.
Please explain how opposition to privacy invasive solutions result in even more privacy invasive solutions being implemented? Is it purely out of spite from the lawmakers? This logic doesn't follow.
It’s obviously worse for your privacy to have third parties handle full images of your drivers license or video of your entire face, which can then be leaked, rather than using a zero knowledge proof that only sends e.g. a birth year. And no, it’s not spite, it’s incoherence. Lawmakers are single minded seekers of re-election to a first degree approximation and will do things to get votes, even if those things don’t logically make sense together, such as requiring age verification without providing the tools for companies to abide by the law themselves.
US lawmakers are single-minded seekers of lobbying and insider trading money, they will sign and trade on whatever ALEC hands them so they receive more money.
Because we’re currently still in the phase where lawmakers are telling tech companies “please find a solution for this issue.” At some point, as has happened in the past with other issues, this will change to “solve this issue, here’s exactly how you have to do it.”
The logic not flowing is the point. People against a federal ID say it is government overreach into state's rights. They consider it the feds invading citizen's rights. They have no need, as it is the purview of the states. So in lieu of a federal ID, private companies are coming up with privacy invading techniques to attempt to verify age. How would one be okay with a private company's invasion of privacy yet not the government's? An invasion of privacy is an invasion of privacy regardless of the one doing the invading.
> An invasion of privacy is an invasion of privacy regardless of the one doing the invading.
Technically, yes, but one party (e.g. USGOV) has many more strands that it can weave together into a larger coherent picture than the other (e.g. Meta).
Also one party has guns and an almost blanket immunity to using them on people it deems it does not like via its privacy violations.
That probably tips the scales for some people.
1 reply →
>”How would one be okay with a private company's invasion of privacy yet not the government's? An invasion of privacy is an invasion of privacy regardless of the one doing the invading.”
‘Invasion’ is doing a lot of work in your comment, and I don’t think there is a clear and widely agreed upon definition of what constitutes an ‘invasion of privacy’. If you have such a definition, please do share it.
Ignoring the reality that some system of age (and ID verification, for certain tasks) system is desired by a significant portion of the population, and does have utility (despite the shouts for "just parent your children") is simply sticking your head in the sand. So by opposing any solution (even solutions that preserve privacy, like zero-knowledge), you make privacy concerns seem unreasonable and weaken stances opposing the more privacy invasive solutions.
> Ignoring the reality that some system of age ... system is desired by a significant portion of the population
How do you think this came to be?
2 replies →
When I hear this argument ("better the government do it than a private company") I recoil. The government is sovereign, only accepts lawsuits at its discretion, and can use violence to get its way. We also know for a fact that it abuses its powers and conducts surreptitious unlawful campaigns against its citizens.
I'm not on board with any of it, but the last thing I want is the government to control it.
The government is also, at least theoretically, democratic and accountable to the population.
Meta on the other hand is a dictatorship run by Zuck that's only marginally accountable to stockholders (which are only a small subset of the population).
They're still accountable to customers/users. If you don't like their products, don't use them. I don't.
The unfortunate thing about this lobbying effort is that it's making the government accountable to Meta, which is the worst of all worlds.
2 replies →
Right. It's theoretical. We have hard proof that it's not, though. The second part is that the government can compel it. I am free to ignore Zuck.
When the government is working as intended, and have not abdicated their duties to the people, the government at least has controls over what they can and cannot do. Yes, they have a monopoly on violence, but they also in theory have lots of controls.
For example, the government cannot silence your speech, but a private company can. The government cannot share your data with others, a private company can.
Unfortunately the government has abdicated their duties and so you think they are worse than a private company.
I get all of these hypotheticals, but, again, we know that it's not true. The government routinely collects and shares information that it shouldn't. We can't talk about it like it doesn't because it was designed not to. We have to contend with reality.
8 replies →
This seems like a very easy problem. The government has birth records, passports, ssn, phone records, etc. so they could provide an age bracket to anybody that needs it. But instead a private corporation will get to do this and create an absolute mess à la Palantir.
An absolute mess for you. A tidy profit for them.
That requires a high level of trust in your current government and whomever is in charge in the future.
Its worth remembering how the Nazis so efficiently found Jews in the Netherlands. The Dutch government kept meticulous records, including things like your name, address, and religious affiliation. That wasn't a big deal until the Nazis rolled in, throw in some level of Nazi sympathizers in the Dutch government and it wasn't hard for them to track down anyone they wanted to find.
That's an argument against any mass collection/concentration of data in anyone's hands. Not against gov. collection of data in particular.
2 replies →
Based on your other comments, I’m curious what your solution is?
The government needs our records to collect taxes. So at the minimum the government must have some information. We can argue over the mechanism and trust factor but that’s not the core issue here.
The private companies doing this is the core problem. This is a service that the government could provide for free with the most safeguards.
Or perhaps you have some other proposal? And I’m not interested in the no government anarchy you propose elsewhere.
> That requires a high level of trust in your current government and whomever is in charge in the future.
Some entity has to be trusted with our data anyway, at least government supposed to have some accountability before the citizens, corporations have much higher incentives for profit.
7 replies →
Because this does not address the problem at all. Or rather - it does not address my problems as a citizen, and it just pushes responsibility of parents onto 3rd parties and punishes everyone collectively for it.
Also fundamentally speaking - this does just take away your right to privacy. do you just let your rights be taken away?
I don't want 'minimization' of intrusion of privacy, i want no intrusion of privacy.
It’s the classic American route of attempting a technical solution to a societal problem.
Technology is what solutions are made of. The "nontechnical solutions to societal problems" are the things like "wishful thinking", "pretending the problem doesn't exist", "wishing it away", etc.
(Which is fine when the problem is bullshit and there is nothing to solve, which actually may be the case here.)
4 replies →
> So instead of a solution like e.g. zero-proof age verification
A solution to what, though? I oppose any solution because I disagree with your premise: this is not a real problem. We do not need to do anything about it, and any cost would be too high.
Why exactly are you extending them the benefit of the doubt when they've proven they don't deserve it over and over again? Even if zero-proof age verification emerged as a strong political alternative I'd fully expect the final bill to have a carve out of the zero proof exemption for the government in it, a backdoor in encryption scheme essentially. Here you tell me that isn't zero proof, which is true but wouldn't change the name on the bill one iota.
https://www.aclu.org/documents/5-problems-national-id-cards
Yup. And like the Clipper chip but with much less pushback. It's a weaponized manufacturing consent campaign to fool people into giving up their privacy and anonymity with d/misinformation. It's so disgusting that state and federal legislators are giving them everything they want, well beyond regulatory capture towards absolute corruption and absolute power.
'Nobody is allowed to do it' remains a valid option.
How would a porn site operate on the internet?
A simple question with a simple answer: as it has done since the inception.
If a kid wants to sneak some porn, he's going to have to hide his digital nudeymag under his digital mattress, and when it's discovered, he'll have to accept his fate as decided by his parents.
3 replies →
Age verification is a non-problem.
These solutions don’t solve anything.
If a corporation has your information, multiple governments do as well, either legally or otherwise
> Just look at the freaking mess that is trying to proof your identity in the US.
Care to elaborate? I'm not sure what's a mess about a driver's license, social security card. I've never once had any issue with my identity.
Not everyone has (or can have) a driver's license and a social security card literally says it is *not* for identification because it lacks even the most basic aspects. But since the US never managed to come up with an actual system, companies started using SSNs like an identity verifier, because it is the one thing everyone has across every state. But that also makes identity theft or credit fraud trivial in the US compared to other countries.
> a social security card literally says it is not for identification
It no longer says this, and has not for a long long time. My parent's cards did, but mine does not. Also, I'm old (for this forum at least), so this isn't a recent change.
2 replies →
> companies started using SSNs like an identity verifier
Probably because USGOV said it is[0]
"In 1943 a presidential executive order directed the military and other government agencies to use the number for identification purposes, and in 1961 the Internal Revenue Service began using the number for taxpayer identification."
[0] https://www.straightdope.com/21341325/why-does-my-old-social...
That's correct, but what does a driver license have to do with it? A state-issued driver license is one document that can serve as identification. There are plenty of others, including those that are solely for identification. Are you unintentionally conflating them, or are you suggesting that there a eligible people who are unable to get an identity document?
Identity can not be stolen.
Some financial institutions may not have proper fraud prevention policies, but that is a problem both caused by and to be resolved by the financial institution, not the consumer. Pretending it's the consumer's problem may protect the financial institution, but leads to entire categories of new problems far more devastating. Don't pretend some nebulous concept of identity has been stolen. Say it like it is: the financial institution was defrauded due to their own lax policies.
4 replies →
You must not live in the US or have very odd patterns, I'm positive a majority of the US population have free credit monitoring due to the multiple SSN data leaks.
The situation is so bad that the SSA has to explicitly state: "Social Security card is not an identification document" https://www.ssa.gov/blog/en/posts/2023-03-23.html
Ah, yes, I'm sure the crap that they make up next week won't ever leak anything.
I think they're talking about proving your identity to a non govt entity. A few things that come to mind are any platform with a KYC, they require you to upload your ID and assure you they're secure with a little lock icon.
Even proving your identity to a government entity is non-trivial, as can be seen by the administration trying to use that as a new poll tax.
1 reply →
The identity issuer - the government - already has the your privacy. If you have a unique identifier from the government which websites can call the government with to verify your identity, you won't lose any privacy. All the websites get is just a unique string, no date of birth, no name, no address. This approach is the cornerstone of oauth/oidc.
> I'm not sure what's a mess about a driver's license, social security card
Neither of those are accepted by various states' voter id laws, nor can you reliably board an airplane with them since RealID.
The only foolproof identity card in the US appears to be a passport (which, you know, global federal identity card... exactly what the folks against universal ids dislike)
My drivers license is a real id and has been for like 5 years? This is a non issue if you went to the DMV instead of waiting until now.
6 replies →
My research suggests that all U.S. states that require identification at the polls accept a driving license as a form of valid photo ID. Are you aware of any that don’t?
3 replies →
> Neither of those are accepted by various states' voter id laws
You've made this up.
> nor can you reliably board an airplane with them since RealID.
That sounds like a problem that they created, and can choose to uncreate. I don't need to know the identity of people on planes any more than I need to know the identity of people in trains, buses, or taxis. "RealID" itself is dumb, and was the result of wearing down popular resistance for decades.
1 reply →
The federal government is trying to create problems. For instance, a Real ID won't be good enough to vote this fall if SAVE passes:
https://www.politifact.com/factchecks/2025/apr/18/byron-dona...
There are also a bunch of other gotchas: Original birth certificates and all currently-issued military IDs are not acceptable, for instance (even though the bill lists birth certificates and military IDs as acceptable, there are carve-outs to ban the common cases).
Good luck getting a passport between now and then.
7 replies →
This is just the moderation fallacy, pronounced with the same kind of unearned confidence in which the moderation fallacy is usually pronounced.
To put it in Godwin's terms: you're the one saying that the people denying the Jewish Question are the people enabling the Nazis. If we would just agree to the moderate compromise (fill in the blank), then the Nazis wouldn't have an excuse.
Most importantly, it's also an attack on a strawman. Nobody is arguing agains zero-proof age verification. It's probably possible, but in reality is absolute nonsense. There is no material proposal anywhere for a zero-proof age verification system that prevents individuals from being tracked. There is mathematical speculation, and proposals that vaguely and dishonestly simulate what people are pretending exists somewhere.
All of them involve individuals giving up their privacy, and insidiously substitute protecting your identity from the providers of "adult" information where protecting your identity from the government and the providers of verification services are actually the important parts. I do not give half of a shit whether some porn site knows who I am; the only reason I care at all is because they may share this information with governments and private entities that will use it to track me, manipulate me, or blackmail me.
The reason for this? Governments would lose all interest in age verification if it were possible to do it without invading my privacy. If it is possible in the abstract (which it may well be, mathematically), governments would prioritize sabotaging any company or proposal that could make it happen.
The fake proposals of zero-proofs are offering me something I don't care about in order to trick me into giving up something I value, and calling me unreasonable for not falling for it. No, I'm just not a fool.
The real solution: a legal requirement for "adult" information services to only reply to requests that declare they're from someone over the legal age to consume that information. People who give their children computers could root them to make sure that that header is stripped, you could install browser extensions to make sure that header is stripped, you could make sure that header was stripped at the router, you could make sure that everyone could make a phone call to their ISP to tell them never to allow a packet across that carried that header unless it also included a key or a password that the adults of the household could add onto their own requests.
The above methods don't take any technical sophistication at all, and would solve the problem better than computers that attested age, the computers that 14-year olds would be operating for their often computer-illiterate parents anyway.
Why aren't they used? Because this is a totalitarian game, not a serious proposal to solve a serious problem, and it is just meant to fool morons long enough to screw us all in a permanent way.
[dead]