Comment by collabs
7 hours ago
what if instead of this age gate or whatever government is doing, what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
remove all "reasonable step" shield to hide behind. for example, a shopkeeper can't say they took "reasonable steps" if they sell alcohol to a child so why should a website be any different? if we are going to the absurdity of age-gating VPNs, at least lets make it so that there is an incentive for children to self-report
The end result will be the same. If you face a 10k liability for serving the wrong customer, you end up needing to ID your customers.
If the government isn't going to provide that service you end up with private companies verifying identity and the data security issues that entails.
If you want to shift the responsibility of protecting children away from parents, then you end up in a situation where third parties need to be able to differentiate between a child and an adult. I haven't yet seen a proposal that doesn't entail someone - government or private enterprise - getting access to identifiable information.
Of course, you could have something like a signed certificate, so the identity verifier doesn't see who you are patronizing, and the identity seeking business only gets to see your age, but it still has privacy issues.
> . I haven't yet seen a proposal that doesn't entail someone - government or private enterprise - getting access to identifiable information
California's Digital Age Assurance Act
That isn’t age verification. It’s an api for reporting unverified age data.
It’s basically parental controls standardized.
> you end up needing to ID your customers.
You've needed to do that for at least ten years. Mobile internet either requires a contract, or an ID check before you get a sim (pay and go)
Anyone providing internets is liable for what the users are doing. The way you got out of that is responding to legal requests. (originally mostly copyright)
This is the frustrating thing, we have effective and relatively uncontroversial age gated network (mobile data) already. and it worked.
but now they've done and fucked it up with OSA.
I went to the uk with a foreign SIM. Didn’t have to show my id. I logged onto public WiFi networks without showing my id.
Plenty of ways to get it done.
I don’t think that would have worked. Parents buy phones for their kids since the kids can’t buy them. What would the choices be? Give them a phone or not give them a phone. I don’t think society is ready for that kind of choice anymore.
2 replies →
> what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
All of these proposals probably sound good to people who think the Venn diagram of sites they use and sites covered by these laws are two separate circles.
They probably sound a lot less good when you realize the law covers site like YouTube. The Australian law (which they said they’re modeling this after) also includes social news sites like Reddit.
If they passed a law like this extending to VPN services then you’d have to hand over your ID to use a VPN.
Usually people realize how bad these proposals are once they realize it might impact their internet use, too.
Or perhaps we should expect parents to take some responsibility for their kids' screen use?
Don't be daft. It's not the parent's responsibility to monitor and care for their kids.
Ok, can you explain what that looks like in practice or is it just some abstract feel-good words?
Sure! With my kids it's meant not buying them internet-enabled devices (or disabling the internet access, eg smart TVs), only having 1 family computer in a shared space, and managing my own local network. There also aren't screens in the house through the week.
On the flip side, I let them read whatever they want, including things that are upsetting or that other parents would say aren't appropriate, and I talk to them about what they've read.
Overall, I think these policies have meant more thoughtful media consumption, and more time outside and with friends. I'm not enough of a fool to think our rules are enforced at friends' houses, but we've chosen to live in a community that's largely on the same page.
None of this stuff is easy, but as a parent, it's the job.
You expect the average parent to outwit Meta and TikTok and their teams of psychologists scheming to get their kids attention?
The social media companies could have done the socially responsible thing a decade ago and avoided all this.
I expect them to give a shit, yeah. Just like they should care about what they read or watch, or who they hang out with.
Don't let your kids have an internet-connected phone, or keep it locked down so they don't have parasitic apps preying on their pre-frontal immaturity until they're old enough to handle it.
All of this needs to be done intentionally, of course, or it will feel like the kids are being punished. But I can't emphasize this enough... it's our job as parents to raise our kids.
How do you create new procurement pipeline and surveillance infrastructure from that?
Bingo
Because they will just withdraw from the jurisdiction rather than bother to implement that, most likely
> big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
HIPAA has been super effective this way. As we all know, American companies don’t give two shits about user privacy or even security. But wave the HIPAA flag and everyone starts caring real hard and taking extremely cumbersome steps to comply with patient privacy.
Very simple: Each HIPAA violation comes with a financial penalty for the business and personal penalty for every person involved in the leak. Very effective.
I agree the threat is there but I've never seen anyone actually punished for HIPAA violations and my data have been involved in several hospital and insurance breaches.
There's not even a test for HIPAA compliance, so you can't legally prove you were ever compliant in the first place, other than you did what you thought was right. People love to use the term "HIPAA-compliant" but it's technically not a thing.
From my understanding, HIPAA mostly just says that you need to have policies in place for various things, such as rotating passwords or encrypting data, but it doesn't go into explicit detail about what all must be IN those policies, or how you enforce them.
> these big companies need to self police
It's not possible to prevent a person (of any age) from reaching a specific website if they are determined enough. Full stop.
> It's not possible to prevent a person (of any age) from reaching a specific website if they are determined enough. Full stop.
right, and that reveals the absurdity of this "age gate", doesn't it? because I am sure giving every UK national their very own unicorn would also poll very well but that doesn't mean that's what a functional democracy should be prioritizing just because a majority of the public supports because doing so is not possible
That's because it's not about age gating, it's about identifying the internet users.
2 replies →
It’s not possible to prevent these same children from getting alcohol or drugs either but we certainly don’t permit it.
1 reply →
Fwiw they acknowledge this and claim the goal of this regulation is to drastically increase friction, not render it impossible