Comment by Slow_Hand
5 days ago
If I’m not mistaken, Meta has been lobbying heavily for all of these age-verification bills lately.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
It should be externalized to a degree. Facebook shouldn't be the ones verifying age, but there should be a trusted 3rd party service that does that, which just tells facebook "yes this user is old enough to use your service" or "no they're not old enough".
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
Or, and hear me out, _maybe our computers shouldn't spy on us in the first place_?
Once you force OS to communicate data about the user, here we’re talking age, is it a slippery slope? Once the architecture is created, why not put other things about you in there?
So which situation do you want instead of anonymous age verification:
A) 18+ content is behind a pinky swear
B) 18+ content is behind a parental control (what this bill would do)
C) The internet can't have 18+ content anymore
D) Some other system? Please describe it.
71 replies →
I'm reminded of a video essay I watched about AI once, which took a side tangent into surveillance capitalism:
"Google's data harvesting operation became a load bearing piece of the Internet before the public understood digital privacy. And now we can't get rid of it."
The public has been conditioned to expect web services free at point of use. Legitimately it's hard to monetize things like YouTube without ads, and I get that. But turning our entire ecosystem of tech into a massive surveillance mini-state seems like an astonishingly shitty idea compared to just... finding a way to do advertising that DOESN'T involve 30 shadowy ad companies knowing your resting blood pressure. My otherwise creative and amazing industry seems utterly unwilling to confront this.
Edit: Like, I don't know, am I crazy for thinking that simply because we can target ads this granularity, that it simply must be that? I get that the ad-tech companies do not want to go back to blind-firing ads into the digital ether on the hope that they'll be seen, but that's also plus or minus the entirety of the history of advertising as an industry, with the last 20 or so years being a weird blip where you could show your add to INCREDIBLY specific demographics. And I wouldn't give a shit except the tech permitting those functions seems to be socially corrosive and is requiring even further erosion of already pretty porous user privacy to keep being legally tenable.
2 replies →
It's not the gun that kills. It's not the computer that spies.
Agreed! We shouldn't be because wouldn't we go to jail for shit like that if it were you or I?
“Impossible to get a man to understand a thing, when his paycheck depends on his not understanding it.”
> It should be externalized to a degree.
Why?
We don't externalize age verification when buying alcohol or visiting the strip club. It's on the responsibility of those establishments to verify age.
In those in-person contexts, the identification document is still externalized - they're checking a government-issued photo ID in the vast majority of situations.
It works for the in-person context because it's a physical object, making it easier to control access to it. A high resolution picture of the same ID is a privacy problem as it can be copied, shared, transferred, etc without the knowledge of the ID holder.
1 reply →
> Why?
I think that main goal would be to keep the ability to have accounts be anonymous or pseudo anonymous.
If social mean company has to verify an accounts age themselves they then have to use some for of official government identification and with that any chance of anonymous or pseudo anonymous access.
6 replies →
Do we make contractors do age verification on their supplies when building a liquor store or strip club? The OS is a tool used by Meta, just like the utilities and the compute itself.
Meta Apps can have age verification but it should be at the point of service, not the supply chain.
And even if we were to agree to this, uploading your IDs to an untrusted third party is asking too much.
14 replies →
Very good point. But there are businesses that are via the barcode on the back of the license. They're using machines to validate and do who knows what with that data.
I'm surprised that people think this is some new 'save-the-children' thing ? Didn't Zuck say like 10 years ago, you should not be allowed to be anonymous on the internet ? This just seems on-brand at this point.
A different approach that would keep incentives properly aligned is for Facebook (et al) to publish labels in website headers asserting the age (and other) suitability of content on various sections of the site. It would then be up to client software (eg a browser) to refuse to display sites that are unsuitable for kids on devices that have been configured for kid use.
As there has been a market failure for decades at this point, it would be reasonable to give this a legislative nudge - spelling out the specific labels, requiring large websites to publish the appropriate labels, and requiring large device manufacturers to include parental controls functionality. The labels would be defined such that a website not declaring labels (small, foreign, configuration mistake, etc) would simply not be shown by software configured with parental controls, preserving the basic permissionless nature of the Internet we take for granted.
But as it stands, this mandate being pushed is horribly broken - both for subjecting all users to the age verification regime, and also for being highly inflexible for parents who have opinions about what their kids should be seeing that differ from corporate attorneys!
Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
17 replies →
I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.
Yeah, let's just boil the frog here. Makes sense.
Except how is this done on GNU/Linux or FreeBSD or Haiku? Who's going to implement it, who's going to ensure it can't be bypassed and who's going to be responsible if it's not?
I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.
[flagged]
I want to be able to hire a licensed Identity Service Provider that gets all of my verified identity data in an encrypted token and let me register it with the OS, and control what amount of the data I expose to apps, with age verification being one of the lower levels of access.
I pay the company to verify me, I am their customer. They take on the liability of the OS makers and app makers of age verification.
If you have a valid token signed by a licensed IDS that verified your age in your OS, that's all anyone needs to know.
> trusted 3rd party service
So we have to pay some 3rd party service to hoard information about Children? Why we want to set that up? Why would we want to take that power from the parents and give it to some company?
> Facebook shouldn't be the ones verifying age
So, they want to profit off children, but do nothing to protect them?
> but there should be a trusted 3rd party service that does that
Gee, if only Facebook would use their incredible might to create this, rather than trying to rob our representative government from underneath us.
> It abso-fucking-lutely should not be at the OS level though
It's not my problem. It shouldn't involve me at all. I don't use social media and I think if you let your kids on there unsupervised you have a screw loose.
If social media, alcohol, drugs, gambling, phones are so, so, so bad for children. Just ban them from children.
We were completely fine 30 years ago without any phone. They will survive. They will probably thrive because now they have to learn how to hack the system.
Instead, we just give them everything they need and all the thinking they do is scrolling.
On the 50's, it is incredible the proctective bubble that gets pushed around in some countries nowadays, externalizing all responsabilities.
I guess the point is: delegate to kernel, then “oh, people with root can bypass with modules? Secure Boot!”
And then only trusted devices with an “acceptable” posture and valid manufacturer attestation can participate! Hellscape.
This is exactly what will happen.
The porn industry already figured this out and it’s super simple. Requires zero personal information.
https://www.rtalabel.org/index.html
And just which third party do you trust with your identity?
The trusted third-party is, in part, meant to be a society of responsible parents.
Yea, it's called Mom & Dad.
> but there should be a trusted 3rd party service that does that
No, there shouldn't be any such thing; everyone pushing for any shape of this should just bugger off.
Sometimes even things that are good for Meta are good for the rest of us. This law, and the one in California, mean that liability is disclaimed as long as the parent selects an age above 18 for the child. It's like a section 230 for age protection. Meta supports this because they won't be liable for wrong age inputs, and we should also support this because it doesn't verify age in any other way.
We should support something that does the minimum to accomplish the goal. As luck would have it, we don't need to do anything because parental controls already exist, and apps like YouTube already have a "kid mode". But for some reason, people are very attached to the idea of getting that number. Your age. It isn't enough to have a boolean isAdult. Oh no, they want to know how old you are, and they want that number to follow tou everywhere you go. View a site on your PC and then load it in incognito to create an account and comment? Oh look, this person we've identified as pockauppet age 99 or whatever viewed the page, then someone registered aged 99 and commented on that same page. This is a data goldmine. But I guess we're not against sharing data anymore.
Have you used parental controls? They're complete and utter shit. You cut your child off from almost all of the internet, or you may as well not have any controls at all.
1 reply →
He doesn't want to have to stand up, turn around and apologize to parents on behalf of an asleep at the wheel Congress again.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
https://youtu.be/yUAfRod2xgI
Don't kid yourself, Meta already knows the age of all its users, at least within the broad categories that this bill defines.
Yes, but they want to show children content that is not appropriate, then claim ignorance.
To give them the benefit of the doubt you could say they only want to show children content on its own that is fully parent-agreeable.
Meta just wants to do it in the most habit-forming way, that is embedded in a system crafted to mold young behavior into more manipulable consumers.
>Meta already knows the age of all its users
Roger, now they want a government mandate to target everyone else on the internet.
If a company relies on self reported ages, they don't "know" it well enough to satisfy COPPA. Probably. I'm not a lawyer but I do keep up with the latest in privacy enforcement and I think this is the way things are headed.
For the record, I'm against age verification laws. But I think companies are pushing for them because of liabilities they face under other laws, not because they would actually like to have the data.
Legally, there's a difference between "knowing" and "accurate enough for loose cannon advertisers".
Facebook has always been there for only one reason; for people who don't value privacy.
Nothing less, nothing more.
Most things that are not suitable for children were recognized so long ago that it was decades, centuries, or millennia before anybody living was ever born.
Like porn, when it got on the web it has always been instinctively gatekept as traditionally as possible, and complaints which do arise over the decades are addressed by the websites in ways that measure up to how you expect a company to act. Consistent with the way they truly don't want underage visitors to their websites at all.
Those complaints are now dwarfed by what parents are saying about Facebook in particular.
Facebook, and now Meta, is just not something that previous generations had to deal with, so it didn't get handled in a very adult way as it should have been from the beginning. And it only got worse as it got bigger.
If it wasn't worse for their kids than porn, parents wouldn't be screaming so much louder than ever.
I guess it turns out the combination of fundamentally devaluing privacy across-the-board including minors is the main problem, and then the idea of hooking them early, like cigarette companies would do with as much habit-forming reinforcement as possible, is what leverages the lack of overall privacy through the roof.
What's really needed is bold gatekeeping on Meta's digressions alone, they should be the ones to aggressively keep everyone underage off their site. Like they really mean it, which has not existed before. That's what's been wrong the whole time, the internet was so much better before Facebook came along with their anti-privacy mission, and it got put on steroids.
Reining in Meta alone should be big enough to be noticeable, no-one else has a shred of responsibility by comparison.
Facebook has invested $billions in these underage crowds and they want to know exactly when everyone else on the internet turns a certain age even if they are not on Facebook.
Don't give it to them no matter how much they pay.
It would be the complete opposite of an advanced thinker who wants to respond by compromising more people's privacy across the regular internet, when Meta is the primary source of the problem, and they're who stand to benefit the more privacy is compromised in any way, child or adult.
Like my 19th century grandmother would say, "what's wrong with some people?"
It's amazing how many things We The People want our government to do that go ignored year after year, but the moment corporations want something laws get pushed through at lightning speeds. Does anyone actually think that masses of regular people in Illinois were begging their government to force operating systems to tell every website and advertiser how old their children are? They weren't. A small number of corporations with lots of money wanted that though. Bribing matters a lot more than voting.
How should they do it? Surely they don't have a responsibility to do something that nobody knows how to do?
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
>They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
5 replies →
> They could require government ID to sign up and an adult sponsor to certify accounts for kids.
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it as an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
I think the public in general woul be happier with the office on the moon idea than compulsory Government ID requirements to use services.
2 replies →
It's up to parents to parent. It's not up to the government, and Facebook pushing this shit is evil.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
bad take man. these companies don't care about kids; they just want to take the responsivity off of themselves. they don't actually put any money towards child safety.
But the parent comment didn't say anything about companies caring. So you're not disagreeing with them, unless you think any selfish corporate action should be automatically opposed. And that would be a bad take; it's way too generic and applies to both sides of most issues.
With all the LLM bots they need a new way to sort out the people from the machines to not lose ad revenue and to help their spook friends.
It's better for them if this "responsibility" rests with another organisation, they don't get blamed as much when the information leaks and it is replaceable.
I think their strategy is to just sell more software. Liability was cut by buying the presidency.
Yes
https://www.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a...
Really, I’m surprised that for all of the discussions on HN around these individual statewide acts that I see so little discussion of Meta as a primary force pushing them.
There are probably many more people that would profit off of it on HN.
I wonder if Meta monitors their employees comments on HN?
1 reply →
Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
Don't get me wrong, it's good to know but it's not earth shattering information.
12 replies →
I think? the most recent version of that post is https://web.archive.org/web/20260314074025/https://www.reddi..., which is "awaiting moderator approval"
I've seen skepticism about the veracity of the claims, in part as various sources cited in the git repo pointed to todo files not actual data[1] (in that example was only just hours ago a source file was added, when the project still claims part of the conclusions are based on data said to be contained there).
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
[1] https://web.archive.org/web/20260317184359/https://lobste.rs...
And discussed on HN: <https://news.ycombinator.com/item?id=47410870>.
That's the correct strategy, if anyone sues meta, meta can bring their age verifier into the lawsuit and blame them. It makes sense from a business perspective, insurance perspective. etc...
Meta is definitely helping to push this, but they aren't having to push very hard because its already in the zeitgeist. It's a classic moral panic. Millennials are raising kids and turning into their boomer parents.
Millennials had their hippie era in their 20s (same stuff their parents did rebranded as "hipster" instead of "hippie," where instead of building a lifestyle of free love and bong hits in the Haight-Ashbury, they built a lifestyle of free love and bong hits in Williamsburg Brooklyn).
Now in their 30s-40s they've moved to the suburbs, they're voting Reagan, and are falling for hysterical media-driven moral panics about "what kids these days are up to" just like their Boomer parents did in the 80s-90s.
What's even more funny about all these "social media is evil" legislative proposals, they're motivated by the idea of what social media used to be when millennials were in college...which doesn't even exist anymore.
The classic narrative that teens are depressed because they're seeing what parties they didn't get invited to is wildly outdated now. Social media isn't social anymore (see Tiktok), it's just algorithmic short form TV. Nobody is seeing content from their peers anymore.
In reality, most modern research on social media finds little to no affect on teen mental health. But of course, if you have ulterior motives to undermine privacy or shirk corporate responsibility under the cover of "saving the kids," this moral panic is an already burning flame waiting to be stoked.
> teens are depressed because they're seeing what parties they didn't get invited to
More modern version: my experiences don’t look like the Instagram shots, my body doesn’t look like theirs, etc.
> modern research on social media finds little to no affect on teen mental health
Sounds like you know what you’re talking about, but if you have references I would read them.
How about research on the effects of social media on academic performance?
No disagreement at all that this is another power and surveillance grab.
> my experiences don’t look like the Instagram shots, my body doesn’t look like theirs, etc
Zero difference from the reality TV/tabloid era. "Influencer" is just a rebranding of "celebrity," and instead of seeing their Hollywood Hills mansion and chiseled bodies on MTV cribs and in Abercrombie ads you see them on your phone.
Here's a few quick pulls, the best stuff is the meta-analysis studies but don't have time to dig them all out:
[1] Effects of reducing social media use are small and inconsistent: https://www.sciencedirect.com/science/article/pii/S266656032...
[2] Belief in "Social media addiction" is wholly explained by media framing and not an actual addiction: https://www.nature.com/articles/s41598-025-27053-2
[3] No causal link between time spent on social media and mental health harm: https://www.theguardian.com/media/2026/jan/14/social-media-t...
[4] The Flawed Evidence Behind Jonathan Haidt's Panic Farming: https://reason.com/2023/03/29/the-statistically-flawed-evide...
What does this bill have to do with age verification?
It legally mandates the existence of a required "age" field in user account records, a user interface to populate it during account setup, a mechanism for service providers to read this field, and that providers act as if it has been populated accurately.
As someone who has been the de facto "system administrator" for my family's computer systems since kindergarten, this has to be one of the stupidest policies I've ever seen gain traction.
Is there a problem with this? Most users are using an iPhone and most iPhones already know the accurate age of their user
I think it will be an extension of parental control and shift that accountability/responsibility upwards; Meta is not anyone's real life parents anyway.
People will just forge IDs with LLMs. This measure is basically unenforceable, and wastes everyone's time and money.
I’ve heard Android is a more common OS. In any case, if your OS fails to ask a user their age, it’s banned.
Okay, sorry yes that was an oversimplification. Android does ask your age as well, so that's all of them for mobile phones.
6 replies →