The key problem with this entire issue is that it's basically a morality law. There are classes of crimes that, over time, society has discovered simply do not have an enforcement mechanism less damaging than the harm they are seeking to prevent.
An example is Adultery. Most people will agree that it is morally wrong to cheat on your spouse. The reason civilized countries no longer have adultery laws is not because a majority of people support the crime, it's that the level of control a government needs to exercise over its citizenry to actually enforce such a law is repugnant. The state must proscribe definitions of infidelity ( human sexuality being the mess it is, this alone is a massive headache), then engage the state apparatus to surveil people's intimate lives, and then provide a legal apparatus that prevents abuse via allegation. And for what? So that people's feelings are a little less hurt?
The juice simply is not worth the squeeze.
So it goes for age restrictions. Age verification creates massive potential for invasion of privacy, blackmail, censorship, and more, necessitating a massive state censorship apparatus to block foreign content, and for what? So that little Timmy's forced back into trading nudie mags at the bus stop? To save parents the onerous effort of telling their kids "no"?
It's simply not worth it.
Illniyar 24 minutes ago [-]
I think that's a bit of rationalizing. I don't thinks there's much evidence that Adultery is no longer a criminal offense because people were concerned about privacy or government control.
It's that people became more secular, Adultery is considered a sin and not a crime, and modern countries instituted separation between religious and secular laws.
amelius 24 minutes ago [-]
Ok, but how long will it take the people in power to figure this out (again)?
mzhaase 3 hours ago [-]
So in Germany we have an ID card with a PIN, NFC and a government app. Website owners can request to be able to use this feature. They then get a certificate from the government that has the fields they are allowed to request stored within it.
Websites can request data from the user by sending that certificate, it opens the app, it shows you the categories of data to be send, you hold your ID card to the phone, enter the PIN, and the certificate is uploaded to the ID card which verifies it. If its valid, the ID sends back the data that is specified in the certificate.
You then get presented with exactly the data that is going to be sent to the website. You can then agree or disagree. So far that is only used to log in to government websites.
This way the government does not know which sites you visit, and you only send your age to the website.
crote 1 hours ago [-]
The problem with schemes like these is that it is reasonably easy to come up with something which is pretty close, yet still missing some crucial details.
- You do not want the government to know which websites you visit. This rules out any kind of redirect / forwarding via a government website or app.
- You do not want websites to correlate their requests, as that would allow for cross-website tracking. Request data from website A should be completely useless to website B. This rules out most regular certificate schemes.
- You do not want a website to correlate multiple data requests, as that would allow websites to create some kind of supercookie. Requests should be completely independent, and two requests from the same user should be indistinguishable from requests from two different users.
- You do not want to lose privacy when the government and the website work together. The request should still be anonymous when the two collaborate, or else there can be no reasonable assumption of privacy. This rules out most clever pass-a-one-time-code schemes.
- You want the request to be unique and time-bound. It should not be possible to replay a response, either to the same website or a different one.
- You do not want to send more data than strictly necessary. If a website needs to know if you are 18 or older, it should only receive a boolean flag.
Getting some of those properties is easy. Getting all of them at the same time? Nearly impossible. And the worst part is that I almost certainly forgot a handful of requirements!
hedgehog 1 hours ago [-]
The technical issues are workable, the really difficult issue is none of the big stakeholders really care about the level of privacy you describe. Priorities like audit compatibility, cost of deployment, etc all end up governing what standards get adopted.
Edit: And as Doctorow points out there are a host of other issues that arise from actually deploying a working system.
fabian2k 3 hours ago [-]
It's even more restrictive than than, for age verification you only get back whether the person is above the age limit or not, it's a boolean response.
So I think from that view the eID works pretty well, it provides the minimal necessary information. The bigger issue with something like this is if you use them to enforce real name policies or stuff like that.
progbits 1 hours ago [-]
Presumably the request contains some nonce, otherwise this is trivial to replay?
But even then, I can volunteer my ID, keep it permanently attached to a computer running a server that allows certain requests (like the boolean age check), and then provide an API / client that allows anyone anywhere to use it to pass.
No risk to me (none of my data leaks), presumably no rate limits (the card has no way to track time; at best it could store recent request timestamps but I doubt it does).
In fact even better, use stolen or lost cards. Owner will get a new one, but the old one has no way of knowing it's voided. We can build a network that is able to sign whatever info (age, gender, city, name) you want, as long as we have one ID with such info.
hsbauauvhabzb 2 hours ago [-]
That still results in the government knowing you connected to that website though.
Edit: unless there’s a blind middleman that has tight data policies?
number6 2 hours ago [-]
I think it does not know. The app is open source and it just sends the Boolean. The government just gives out the id cards - they are not involved in the verification process
Hamuko 1 hours ago [-]
I know the whitelabel EU app is open source but are the derivatives going to be? As far as I understand it, every EU country will release its own version of the app.
raron 2 hours ago [-]
Not really (as far as the website and the government doesn't collaborate and share information with each other).
AFAIK the EU age verification app works by requesting bunch of digitally signed "proof of age" tokens (openid verifiable credentials) from a government institution and sends (uses up) one when you want to prove your age to a website. The website can check the validity of these tokens without connecting to the government institution.
They are even trying to do some form of blind signature or zero-knowledge proof to have better protections.
Age verification laws are easy to circumvent and they are bad for many other reason though.
danaris 2 hours ago [-]
...Unless the government is specifically looking out for this, that's easy to game by just submitting a bunch of requests for age validation with incrementing ages.
Is that worth it? No idea—but I'm willing to bet some surveillance advertisers think it's worth it.
Sayrus 2 hours ago [-]
I haven't read the spec so I'm not sure if you can request that or only 18+.
However doing dozens of requests requires the user's approval each time which may raise red flags and I can imagine your certificate revoked.
input_sh 2 hours ago [-]
I completely agree it's technologically feasible in basically every continental European country (as we all have some form of biometric IDs), but do you want to have to do that every time you open a private tab to look at porn? Do you want to not be able to clear your browser cookies without going through that process all over again for basically every website? Do you want to extend 2FA into 3FA with your national ID acting as the third factor so you can view "sensitive" content?
baby_souffle 1 hours ago [-]
This guy gets it!
Don't get me wrong, I love diving into the technical details just as much as anybody else here. I've learned something new almost every time there's a comment thread on the subject .
But the technical details are a distraction. That this is happening at all is the forest the technical crowd is going to miss for the trees.
Preserving some semblance of privacy on the internet is already hard enough. We do not need systems like this to encroach any farther; risks of personal privacy is so great and could be caused by such a simple innocent and subtle configuration mistake.
nottorp 2 hours ago [-]
> This way the government does not know which sites you visit
Hmm. It's not clear from the description that it is so. The government knows which site sent the request and authenticates your card, which is tied to your identity, right?
andy99 5 minutes ago [-]
Yes seconded, I don't understand from the description how it's anonymous. There has to be some way the government doesn't know who they are verifying - I assume that's cryptographically possible but is that what's happening here?
babypuncher 2 hours ago [-]
That certificate retrieved from the government has no personal information attached to it. It's essentially empty, only defining what information will be requested from the user.
The certificate is passed to the user's ID card where that information is populated, the document is cryptographically signed, and returned to the requesting party after the user reviews and approves the transaction.
nottorp 2 hours ago [-]
I'm not asking what goes to the site. Does the request to the goverment come from the site you visit? Can the government pair the site with your card? They know who they issued the card to.
crote 2 hours ago [-]
If the ID card cryptographically signs it, doesn't that mean that it isn't anonymous?
I assume it's a variant of PKI, with everyone trusting the government's root key, and each ID card storing a unique certificate signed by that root key. But an ID card will only have a single certificate, so it would be trivial to see that multiple data snippets were signed by the same certificate - and therefore the same person. That would allow a website to track users across sessions - or even across websites.
Hizonner 1 hours ago [-]
Age and IP address are probably sufficient to uniquely identify most Internet users.
michaelt 2 hours ago [-]
Interesting. How does the revocation of lost/stolen cards interact with the anonymous design of the age attestation?
If an enterprising 19-year-old sold their card and PIN to a 15-year-old and reported it lost to get a replacement, presumably there's some mechanism to stop the 'lost' card being used as proof of age?
zeeZ 10 minutes ago [-]
There are some steps missing.
The card communicates with an eID server via the app. This server is connected to the PKI and receives a new certificate daily-ish and also has a revocation list of blocked IDs. There's a ridiculous amount of regulation for hosting one yourself, so you get that service from one of the two or three who provide it as a service.
ID data this eID server received from the card is then sent to the eID service that initiated the session, which may either be the entity who needs it, or another service provider who wraps another set of regulation requirements and complex eID server API calls into an easy to use API for their customers.
ID data isn't actually shown to the user in the app unless it's a custom implementation that loops it all the way back from the service provider at the end.
flopbob 1 hours ago [-]
That would be an unlikely scenario. No one would just sell their ID just like that because you have to go to the police to make a report on what happened exactly which then gets distributed in whole Europe and also getting a new ID is quite a procedure and costly unfortunately
LtWorf 29 minutes ago [-]
You don't sell the id, you login once on their computer.
pier25 2 hours ago [-]
There's no way this could be implemented globally.
tetraodonpuffer 1 hours ago [-]
why don't you think this would work? Technically this is basically "the (SP) site trusts another (IDP) site to sign/encrypt a JWT containing some custom assertions". The user would go to the SP, get a signed blob (session nonce / expiry / whatever), take that to the IDP, log in there, IDP creates a JWT with the original blob plus any assertion you allow, you post the JWT back to the SP, SP decrypts the IDP packet, gets its own nonce, ties you to the session, done.
There are also obviously better ways (https://blog.cloudflare.com/privacy-pass-standard/ possibly some variation of zero knowledge proofs) but technically this seems like a solvable problem. Money wise the IDP or in general verifier can charge users for an account and/or generated assertions.
LtWorf 31 minutes ago [-]
And you think a crafty teenager can't get around that?
michael1999 3 hours ago [-]
I'd refine Doctorow's claims to "Privacy preserving age verification is bullshit in the Common Law Anglo world".
You are completely correct that civil law jurisdictions have already solved this: Germany, Estonia, and many others have the all the requirements: a register of all persons available to the central authority, and crypto infrastructure to make it work.
What's missing from the UK, Canada, USA, etc. is the first part! It is hard to believe if you live in Germany, but there really is no big master list of people in those countries. There are many (many, many) lists, linked badly by many different ids. The tax registry, pension registry, drivers license registry, and visa registry are some of the big ones.
Things could be so much simpler if we had such a thing, but the politics between here and there are basically impossible.
wizzwizz4 2 hours ago [-]
Those big (computerised) master lists were really useful for the Holocaust: I'm not sure it's a bad thing that some countries don't have them.
crote 1 hours ago [-]
Unfortunately the countries that don't have them, still have them.
Your birth certificate is still stored somewhere. You're still entered in a bunch of databases from the moment you're given birth to in a hospital. You still get a social security number, which you need to work, which you need to do to afford food.
Sure, all those databases might not have a neat shared primary key, but that's definitely not going to stop future Holocaust 2.0 perpetrators from joining all those tables together.
lisbbb 1 hours ago [-]
I guess I'm such a hard line anarchist that this sounds totally awful to me. Remember East Germany? Nope, none of you do...
jchw 2 hours ago [-]
Even if you could do this in every single country (it would already be extremely hard to actually do this in the United States reliably, and I can only imagine it is basically a non-starter in a lot of developing countries) it does pose so, so, so many problems.
- How can you ensure the system can't be abused if there's no identifying information passed? Don't get me wrong, this is also a problem with current systems, maybe even worse. But if it's privacy preserving, ... Almost all kids under 18 have parents or guardians. Almost all of those parents or guardians are 18 or older. So literally all you have to do to bypass age verification is steal their ID for a few minutes? There are also a myriad of solvable problems that aren't guaranteed to be solved without care, like ensuring that the same ID is not used 100,000 times.
- This is a job that is best suited for the government to handle. The internet is global though, and there are a lot of governments. In the U.S., there is in fact not one federal ID, but instead we use state IDs. I assume that means you now need to handle around 50 different state IDs to be able to verify someone's identity, but it actually gets even worse than that, because some people will have IDs, and some will have drivers licenses, because oddly enough that's just how we structure IDs here. People without drivers licenses may have state IDs which are often intentionally visibly distinct to make sure they can't be mistaken for the other. In states I'm aware of, you'll never have both, the driver's license acts as a state ID if you have one. Now scale that to every country on Earth.
- As insane as it may sound, there are plenty of people who don't have essentially any form of ID. You might think I'm over-estimating the numbers with "plenty", but even just in the United States, it's literally over 2.5 million, off the top of my head. (No idea what the best source is here.) The closest thing we have that every citizen is supposed to have is Social Security, but that isn't really usable as a form of ID for various reasons. (And frankly it's a pretty terrible means to verify someone's identity at all anymore in the Internet age, but oh well.)
I'm totally sympathetic to the fact that people really don't want their kids browsing porn on the Internet, but children basically can't pay for Internet access or afford iPhones. I think it's insane that people keep suggesting using advanced cryptography, zero-knowledge proofs, privacy pass tokens or whatever else for a problem that so clearly needs to be solved socially and not technically. (And obviously, only the surface-level aspects of this are really about porn. We all know it's deeper than that, and if it wasn't, the UK would readily exempt Wikimedia from these requirements. I hope nobody here is deluding themselves into thinking this is a noble effort.) You are literally giving your children a device that can easily obtain porn and letting them use it unsupervised. It's not like it was a secret: Avenue Q told you everything you needed to know. I get that raising kids is hard and society pressures you to do this, but isn't that the problem you'd rather tackle?
The problem is that we've let this idea that you can solve the problem like this enter the mainstream, and now that we have, even smart and reasonable people may accidentally convince themselves that it is tractable just because it is technically feasible to devise such a system. This is bad because we're going to waste a lot of energy repeating ourselves on thinking about the entirely wrong way to look at things.
xorcist 9 minutes ago [-]
> all you have to do to bypass age verification is steal their ID for a few minutes?
There are numerous interesting and/or problematic aspects of this, but this question is perhaps the least interesting.
If your kid, or anyone else really, steals your ID then age verification is the least of your problems. They could transfer all your money, move house, get married, change your name or a myriad of other much more serious things. Willingly letting your kid use your ID would be borderline illegal and not an insurance in the world would cover it.
> literally over 2.5 million
These people have never borrowed a book, visited a doctor, paid taxes or opened a bank account? There are many things in society that require validating who you are. Surely they have some form of ID. Perhaps just a more insecure one than a cryptographically signed.
I don't think a federal identity is as far fetched as you make it sound, for better and for worse.
toast0 2 hours ago [-]
> In the U.S., there is in fact not one federal ID, but instead we use state IDs.
That's only partially true. We also have federal IDs: passports, passport cards, permanent resident cards, DoD Ids, Transportation Worker IDs. There's also some other federally issued IDs listed as Real ID compliant [1], but I've never seen them so I didn't list them.
That's not exactly what I mean though, I really mean to say that there's no federal ID that you can basically rely on people having. I totally get that there are actually federal IDs, and probably could've worded that a bit better.
What I really mean is that among IDs you might expect every citizen to actually have, state IDs are basically the most reliable and even that only gets you around 99% of the way there.
SamBam 2 hours ago [-]
> Almost all kids under 18 have parents or guardians. Almost all of those parents or guardians are 18 or older. So literally all you have to do to bypass age verification is steal their ID for a few minutes?
Presumably this is the purpose of the PIN, which I assume is in the owner's head, not on the card (otherwise it would be redundant with the NFC chip).
jchw 2 hours ago [-]
Look, I'm not trying to paint the picture that the problems aren't technically solvable; the fact that it kind of is is the part that makes this discussion so durable.
I admit that PIN verification would make it harder to bypass the system, though to be honest with you, I think it's also not really hard to realize that some kids will still manage to figure out their parent's PIN numbers, which they will likely re-use for their bank cards and a bunch of other shit, because most people don't really want to have to come up with 10 different PIN numbers, and we all kinda get the idea that PIN numbers aren't really that secure in the first place. Adding a PIN number requirement is probably a wise idea, but it does make the system a bit more of a PITA for everyone as people will inevitably forget their PIN and need to reset it or what have you. And I reckon that's basically how each countermeasure for problems of these systems go, each one just adds a little bit more pain depending on how hell bent you are on making it work. (I think the PIN number is good enough for trying to prevent someone for stealing your identity with your ID card to an extent, but not as good against people you live with misusing your ID card.)
Of course, you could keep going. You could try to come up with counter-measures to discourage someone from re-using their ID card for other people, and probably at least limit the impact of some of these issues to make the system basically work.
Even if you really do concoct the perfect solution for one country, you then have to make sure this problem gets solved correctly in every individual federal government, and then anyone who wants to offer adult content online has to individually handle identity verification across all countries that require it.
Meanwhile, we already have a system where essentially only adults can buy devices to connect to the Internet, and Internet service plans. You can't even get a debit card in the U.S. without being at least 18 years of age.
cogman10 2 hours ago [-]
The big problem I have with laws like the UK has been that they solve a non-issue at the cost of large infrastructure and potential privacy problems.
Teenagers have been looking at porn since forever. It's practically a trope of teens stealing their parents' porn mags. I don't think any of this has actually caused major societal issues.
The proposed solutions merely require that a teen steal their parent's identification, briefly, to create a porn account and move on. Heck, they can probably buy that information online if they are innovative enough. They certainly will be selling access to their porn accounts to their classmates. And even if they don't go through all that trouble, getting a porn mag is still pretty possible in the UK.
That makes this just a bad law. It doesn't meaningfully stop the problem it's meant to stop and it's expensive and intrusive. Even if privacy preserving age verification was bulletproof and perfect, you still have the access holes all over.
And then there's the simple fact that other nations exist. Yes, mainstream sites will put up protections, but what about the sealand porn site? Unless the UK wants a great firewall (ala the chinese firewall), they simply aren't going to stop this problem. Even then, VPNs are common knowledge at this point due to streaming.
Bad law, bad effects, and a pointless fight.
owisd 1 hours ago [-]
Having a device in your pocket that you take everywhere with no stigma to being seen with it yet it has unlimited access to any genre of porn you can think of is hardly comparable to finding a 90s porn mag in a bush from time to time, so you can't really say this has been happening forever.
cogman10 11 seconds ago [-]
Erotic novels have been discreet for a while. It's also not been usual to have a laptop in public since the 90s. There are definitely pictures of people perusing porn on trains (visible in reflections).
Briefcases were also a thing as have been strip clubs since forever. Quick access to porn hasn't been a problem since the printing press was invented.
can16358p 35 minutes ago [-]
It's 2025 and we're still discussing people's access to porn because of some conservatives, whereas we should be discussing how technology could actually be used to improve world.
Unbelievable. Let people watch their thing if they want to, jeez.
There are MUCH more important problems on Earth.
unfitted2545 44 minutes ago [-]
> I don't think any of this has actually caused major societal issues.
It degrades and oppresses all women.
impossiblefork 26 minutes ago [-]
I don't necessarily disagree, but surely not more than not having it age limited?
Seattle3503 3 hours ago [-]
To me it seems like Cory Doctorow is demanding perfection, and saying that because we can't achieve perfection in age verification, we can't do age verification at all. That isn't going to stop people from trying, and we will end up with a worse system overall. IMO this is a common pitfall of techno-idealists.
Technologies like the mdl standard [1] can attest to age without revealing the users identity.
As Cory points out, its still possible for kids to swipe someones ID and use that. There are probably practical solutions that are good enough. Android, iOS, and parents could work together to deal with the problem of stolen IDs. If mdl is implemented on devices such that they are managed by the device OS, that would lead to auditability. Parents can ask their child to see their phones ID app, which will show full roster of IDs on the child's device. If a parent sees an ID that shouldn't be there, they can have a conversation about it. In this way the law would be about empowering parents to shape their child's online experience. This is just a straw-man example solution, but there may be better ones.
The other objections I saw could be worked through in a similarly pragmatic fashion.
This is probably going to be good enough for most folks, and its probably a good thing to keep children away from pornography and such. And IMO coming up with a "good enough" solution will flush out all the bad actors who are hiding behind the excuse of "save the children" when really they want to build up an record of everyone's browsing history. But by denying any solution to a real problem, we let the bad actors hide amongst the well-intentioned folks who are trying to do the right thing.
> To me it seems like Cory Doctorow is demanding perfection, and saying that because we can't achieve perfection in age verification, we can't do age verification at all.
Not we can't, but we shouldn't. All the current solutions are terrible, and are either trivial to fool or mass surveillance machines. We shouldn't be stupid enough to go for either option because it'll either cost a fortune while giving us nothing, or cause immeasurable harm when the National Porn Viewing Database inevitably gets used to blackmail everyone.
We're trying to (poorly) use technology to solve a social problem. If we can't figure out a way to do so using technology without significant downsides, then perhaps we shouldn't be using technology to solve the problem at all.
wbl 3 hours ago [-]
The MDL standard does not do what you think it does.
philjohn 1 hours ago [-]
They also get who actually passed the bill wrong - it was the last Conservative government.
thomassmith65 2 hours ago [-]
Yeah, it seems like Doctorow presents arguments that a good IDP system is complicated, but begins and concludes by saying it's impossible.
It kinda seems the internet has real, longstanding problems stemming from the inability to verify anything about anything online. For the most blatant example, a website admin can never permanently ban a troll or criminal (they just sign up under a new name).
It makes one wonder how Doctorow reconciles the internet as it is with his stand against adopting some kind of IDP system.
gjsman-1000 3 hours ago [-]
> common pitfall of techno-idealists
Common pitfall? It’s why these techno-idealists are loudmouthed on the internet, but don’t get respect anywhere politically. If you want to gain ground politically, you need to at least acknowledge what the problem is, or is perceived to be, and offer a real solution. “Nope we can’t do that because of this 0.1% edge case” doesn’t qualify. “Apple should just dump all schematics online regardless of what China might do” doesn’t qualify. “The internet is great at it is, and your political concerns are invalid” doesn’t qualify.
AllegedAlec 3 hours ago [-]
> If you want to gain ground politically, you need to at least acknowledge what the problem is, or is perceived to be, and offer a real solution.
Why? If you do not believe it is a problem that's just like apologizing when you haven't done anything wrong.
Barrin92 2 hours ago [-]
if you, like Cory Doctorow, are an activist there's two options. One you scream from a soapbox with no regard for what other people think in which case it's evident you're doing it for self-aggrandizement and attention, or you take into account what the sensibilities and problems are of the people you try to convince and work within that frame of reference.
If you're campaigning for technological and/or political change you're in the business of changing peoples minds and if that doesn't matter to you, you've chosen an odd way to spend your time.
Hizonner 58 minutes ago [-]
I think all members of your ethnic group are inferior and dangerous (if you identify with more than one ethnic group, pick one). I'm calling for legislation mandating that you all be rounded up and put in camps.
If you want to argue against my proposal, please remember to stay within my frame of reference.
Seattle3503 3 hours ago [-]
Yeah, it feels like a junior engineer fresh out their undergrad algorithms course. The business isn't going to grind to a halt and wait until you build the perfect solution.
gjsman-1000 3 hours ago [-]
Let’s take the pornography argument for example.
Regardless of whether pornography is, or should be legal, average exposure is now 11 years old. That’s average, many kids are even younger.
If this even prevents 95% of kids from accessing pornography until they’re 15 and get a debit card to buy a VPN, that’s a win in the eyes of most parents and legislators. It doesn’t need to be perfect, or even perfectly force you to be 18, to get the primary job done. Pointing to “a 16 year old can get around it with a VPN” is missing the point. It’s not a surprise why that argument falls on deaf ears.
Or, another one, “just use parental controls,” have you even tried this? Almost all parental controls are horrifically buggy, full of loopholes, and these kids can just borrow each other’s technology. Apple’s parental controls predate HTML5 (literally, HTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert fluent in Microsoft, Apple, Google, Nintendo, and other products all at once. You might as well get CompTIA certified. That argument also falls on deaf ears.
idle_zealot 3 hours ago [-]
> Apple’s parental controls predate HTML5 (literally, XHTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert. That argument also falls on deaf ears.
The solution, then, ought to be to pass a law requiring some sort of standardized parental controls that allow trivial set-and-forget management. Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode. Does this not solve the "prevents 95% of kids from accessing pornography" threshold of effectiveness while being infinitely less invasive?
thewebguyd 3 hours ago [-]
> Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode.
Wouldn't even need to develop anything new for this outside of a simplified UI over an MDM. Devices already support an incredible amount of monitoring and control, even iDevices, via MDMs.
But MDMs are for now only business/enterprise products, and are priced as such.
Makes me wonder if there's a market there for someone to just package up a consumer-focused, dead simple to use MDM. Enroll with QR code, set up some default policies, etc.
gjsman-1000 3 hours ago [-]
It’s a better argument, and would gain more political ground, than do nothing.
However, there’s one major problem: Most families aren’t actually using the multi-user capabilities of their devices. Many devices, like iPads or iPhones, just don’t support multi-user at all.
The result? Either parents are tech experts again, or have deep pockets to get everyone a device, or you’re going to have a bunch of kids logged in as their parents on their devices (as is already the case). Of course, that defeats the policy goal. That’s a non-starter, unless we agreed that a device manufacturer could force a biometric check when accessing an age-verified device account.
Nobody has proposed such a thing; but if there was a good way of making sure that the age-verified user is the actual person engaging with the age-verified account, then we might have progress in that direction.
Personally though, I would really prefer to not have the government get any ideas whatsoever about dictating firmware or OS security or OS parental control requirements. Do you really want your Linux distribution mandated to implement an age check firmware with phoning home requirements to a government parental control server?
wvenable 3 hours ago [-]
That's not a major problem. Also, how does age verification fix things in that scenario if a child is using their parents device?
If a parent can't be bothered to pin-lock their device or flip it into child mode then there is no technological solution. Now you're the one looking for the perfect solution that doesn't exist.
gjsman-1000 3 hours ago [-]
> Also, how does age verification fix things in that scenario if a child is using their parents device
Because the age is verified at the time of access; instead of once during initial setup. Odds are that the former will catch far more flies than the latter.
Your employer probably does the same. Do they have you log in once when you set up your laptop, then comfortably happily say it’s you for the next three years; or do they have you sign in every morning?
wvenable 2 hours ago [-]
> Because the age is verified at the time of access; instead of once during initial setup.
Is that really how it works? Every single time you visit any website on the Internet or launch any app it's going to age ID you? I don't think that's right. You validate your account and then you login and you're good. If someone else uses your account, they are you.
And as you said, people share devices but it's also usually one account per app per device. You have to go out of your way to sign out of each individual app or website.
crote 1 hours ago [-]
> You validate your account and then you login and you're good.
... which doesn't work, because it'll quickly lead to an enterprising 18-year-old highschooler selling pre-verified porn website accounts for $10.
wvenable 3 hours ago [-]
> Regardless of whether pornography is, or should be legal, average exposure is now 11 years old.
You make it sound like historically it was much later but actually even in the 1980s 11 years old was common. In fact, that matches my own personal experience from that era.
> Or, another one, “just use parental controls,” have you even tried this?
Parental Controls is the right answer but absolutely agree that parental controls suck. As a parent, I'd love just any level of better control. I don't even care if I have different controls per manufacturer as long they're pretty complete and capable.
If the EU can mandate USB-C, they can mandate all technologies include powerful and capable parental controls.
There is no need for age verification -- parents know how old their children are. Parents are providing children with the devices and often the means of connectivity as well. This is and has always been a parenting problem. If the government wants to assist parents, I'm all for that. But age verification is not the answer.
gjsman-1000 3 hours ago [-]
> mandate all technologies include powerful and capable parental controls
That is, until Linux is also forced to come into compliance with said parental control standard, complete with all centralized reporting and remote restriction capabilities.
> This is and has always been a parenting problem.
What do governments do when everyone has the same parenting problem? Listen to industry idealists, like those who would call teenage smoking a “parenting problem,” or crack down?
wvenable 3 hours ago [-]
> That is, until Linux is also forced to come into compliance with said parental control standard, complete with all centralized reporting and remote restriction capabilities.
Linux is fine. Someone can build the ultimately perfect parental control software for Linux and I'll use it. The same cannot be said for Windows, Android, or iOS -- third party system cannot exist for those platforms that are sufficient unless they're made by Microsoft, Google, or Apple respectively. Perhaps we just have to mandate an open standard. In fact, I would prefer that.
> What do governments do when everyone has the same parenting problem?
The wrong thing. Always.
crote 1 hours ago [-]
> Linux is fine. Someone can build the ultimately perfect parental control software for Linux and I'll use it.
You can't build a perfectly secure system and still respect the user's freedom. The perfect parental control system is by definition also going to be the ultimate rootkit - or else you'd just boot your own kernel which perfectly fakes the parental controls.
In such a world you wouldn't be allowed to build your own OS, only boot a pre-approved image. The Linux community is not exactly likely to participate in this.
wvenable 38 minutes ago [-]
No solution is perfect but we already have secure boot. It doesn't even have to mandate some pre-approved image; it just has to be an image that I approve and lock. This is already a well solved problem for corporate environments.
You miss the point. I want all the power. Let me install and configure a Linux image of any sort and then lock it down. I am root. My kid is a mere user.
There is nothing terribly difficult or even controversial about that.
Hizonner 54 minutes ago [-]
> Almost all parental controls are horrifically buggy, full of loopholes, and these kids can just borrow each other’s technology.
... and the centrally imposed, one-size-fits-all, politics-first age verification system you want will of course be free of bugs, loopholes, opportunities to borrow devices, or whatever.
That's good, since you want to apply it to every single person on the Internet.
2 hours ago [-]
2OEH8eoCRo0 3 hours ago [-]
All the govt needs to do is send fines to offenders and the industry will be forced to implement one or more solutions.
The govt doesn't care how you verify age only that you don't sell to minors.
crote 55 minutes ago [-]
And how well has this worked in practice? How would you even identify violations, if you're not requiring websites to store the user's real-world identity?
Large websites do not care even the slightest bit about how accurate the verification method is. They have zero incentive to genuinely get rid of underage users. If anything, they want to keep them - they are prime advertising real estate! Websites have every incentive to implement the age check in the cheapest and most half-baked way possible. As long as they are able to prove on paper that they are doing some form of age verification, they have met their requirements. Got a 90% false positive rate? Working as intended!
The only people getting fines are the small websites who can't afford to pay a 3rd party verification service. This'll shut down your local hobbyist communities, which only drives more visitors to the large megacorp websites.
wmf 3 hours ago [-]
Experience with GDPR and DSA shows that the fines lag years behind the abuses.
tim333 14 minutes ago [-]
>Others say they can estimate your age by using AI to analyze a picture of your face. This is a stupid idea for many reasons, not least of which is that biometric age estimation is notoriously unreliable when it comes to distinguishing, say, 16 or 17 year olds from 18 year olds.
It doesn't matter it's unreliable telling 17 year olds from 18 year olds. This thing is to reduce the amount of porn kids are exposed to. It's not like issuing a passport or something. As long as it sort of has some positive effect.
I actually did the face picture thing for Reddit. Seemed to work ok, although I'm 61 so not too near the cutoff.
Muromec 4 hours ago [-]
I'm confused. Author puts crypto backdors and IDP with ZKP into the same bucket and calls it "nerding harder". But why? You can have identity provider, several European countries do and you can have subcredentials. You literally can nerd harder here.
Sure, there is a strong ideological argument why you should not have strong identities required in the internet in general (or even in offline) and on porn sites specifically, but the argument is not technical.
torginus 3 hours ago [-]
These 'anonymity' technologies are laughably worthless - sure ZKP might provide mathematical proof that it's impossible to find out who the subject is, but embed a tracking cookie and fingerprinting script into both the porn site, and the online grocery - and there you go, you have irrefutable cryptographic evidence of how John Doe likes to spend his evenings.
tzs 25 minutes ago [-]
The porn site and the grocery can already embed a tracking cookie and do fingerprinting to match their visitors.
ivan_gammel 2 hours ago [-]
As soon as fingerprinting becomes criminal offense, this will end quickly. Nobody big enough is going to risk that.
Hamuko 1 hours ago [-]
Isn't it basically illegal under the GDPR? You're not allowed to just collect data for the hell of it and need actual consent.
torginus 18 minutes ago [-]
The GDPR is a fucking joke even on the best of days.
If other laws were like it, they would be like: You're not allowed to steal (unless you really need to), but if you do, take as little as you can (as determined by you), and you have to give it back as soon as you can (again, according to you), and if the person you stole from wants it back, you have to (unless you have a good reason not to)
2 hours ago [-]
1 hours ago [-]
thyristan 3 hours ago [-]
But it is. In those European countries, IDPs and certification authorities are one and the same entity. So the technical requirement of privacy evaporates, the government will always know who is proving their age to which porn site.
ivan_gammel 3 hours ago [-]
That’s easy to fix. The IdP and the checking service do not have to be the same. The checking service can be a 3rd party that works with IdP verifying facts on behalf of regulated services like porn sites. The job of IdP is to certify the facts and do KYC for checkers to ensure they don’t cheat. The regulated service can ask customer which checker do they use and then ask the checker. The customer may have a long term relationship with preferred checker on a market where multiple checkers exist and reputation matters for being competitive. This way checker is incentivized to maintain privacy and does not have conflicts of interest like the government. Government agencies can still investigate customers but they will need a court order to get the data from checkers.
crote 51 minutes ago [-]
And how is the general public supposed to verify that the IdP and checking service aren't collaborating? If it is possible for a checking service to create a log, given how Big Tech has been treating user data, how can we ever trust that they aren't logging everyone's data?
Reputation is irrelevant. Everyone is trustworthy - until they are not. The dark web is filled with data leaks from reputable parties.
therein 3 hours ago [-]
I don't know why you are downvoted. And even more disappointingly, it is interesting how easily people overlook the fact that this is happening in lockstep across the globe, obviously the goal is to deanonymize the internet.
I can't wait for the next generation that will enjoy "nerding out" on how to best patrol every neighborhood with drones.
Let's put NFC tags on everyone at birth, we can then nerd out harder.
Anyway, I am not in the side of control freaks, but still find the question interesting.
kazinator 3 hours ago [-]
If you're a web person who understands SSL, privacy-preserving age verification can be explained by analogy.
It's a system which requires a central agency, probably a government agency, analogous to a certificate authority.
You are authenticated with that agency; it has personal info about you. But you are externally identified by some impersonal identifier, not your name.
The agency issues you a certificate binding this identifier to an assertion like "is over 18 years old".
When you interact with a site that wants to know whether you are over 18 years old, you present the certificate. The site can see that it's signed by the authority and that it has the assertion that you are over 18.
You can't just give that site someone else's certificate because it has to be the one tied to the abstract identity you are presenting (which contains no personal info; it's some kind of UUID or whatever). Plus the cert can be bound to a specific device and such.
The cert has a private keys with which you can prove that you own that cert; or at least that you are the authenticated operator of a device to which that cert was issued.
It's something like that. I may have some key details wrong. The main idea is that some brokerage that does have info about you can attest that you are over 18 without revealing any of the personal info via certificate-like objects.
It sounds like, in theory, the system can achieve good privacy in age verification. But not perfect age verification; people will find ways around it.
A grown up can certify themselves to be over 18 and then hand the device to a teenager; and such an operation can likely be scaled to some extent. And of course no cryptographic system can eliminate the possibility that minors are looking at the screen of a device operated by an adult, who may even step out of the way to let them operate it.
JanisErdmanis 4 hours ago [-]
How would setting up a primary credential with an identity provider differ from the process of registering to vote for USA citizens? All the discrimination opportunities and accountability issues seem to apply equally there.
nemomarx 3 hours ago [-]
if you had to register to vote to use Reddit or whatever people would complain about that constantly. and voter id laws are in fact controversial yes.
lmz 3 hours ago [-]
The same people who argue this will also argue that voter ID rules are discriminatory.
mattnewton 3 hours ago [-]
Voter ID laws actually have a long history of being used for disenfranchisement of certain classes in the US (most notably former slaves and their descendants, but also women), so it's understandable there is scar tissue there. It gives the incumbent state another lever of power in our very close first-past-the-post winner-take-all elections. Americans don't need imagination to see how it could be abused, just a good history book.
crote 41 minutes ago [-]
The problem with voter ID laws have rarely been with the ID itself. Very few people would have issue with a voter ID law which also guarantees that 100% of the population can easily obtain said ID at zero cost.
The issue is that those laws are usually linked to very specific forms of ID, which just so happen to be easily available to certain demographic groups.
Imagine a voter ID law where the only acceptable form of ID would cost $50.000 to purchase. Would you consider that fair and nondiscriminatory? What if you could only get the ID on the third Tuesday of the month, between 14:00 and 14:30, at a single location in the entire state? What if the ID required you to pass a certain kind of test, judged arbitrarily by a government official?
sltkr 3 hours ago [-]
Are the laws that require you to show ID to buy alcohol, tobacco, fire arms, or gamble in casinos also discriminatory? Or is it only discriminatory when you prevent people without IDs from watching porn?
mattnewton 3 hours ago [-]
The definition of Porn by the state can change to include things that some people consider protected by the first amendment - right now there are a lot of state politicians or members of the house on record supporting classifying discussion of LGBTQ lifestyles as pornography for example.
I think alcohol, tobacco and gambling here are mostly irrelevant, but the firearms is a better example because of the second amendment, where you have a clash between a very old right granted by the bill of rights clashing with modern societies beliefs.
9rx 3 hours ago [-]
> Are the laws that require you to show ID to buy alcohol, tobacco, fire arms, or gamble in casinos also discriminatory?
So long as it is done for a legitimate purpose and in good faith, generally no. As such, IDs are only expected where there is reasonable suspicion of possible violation. For example, there is no onus, with a few exceptions, to see an elderly person's ID to buy alcohol when there is no reason to think that they aren't below the minimum age.
The exceptions haven't really been tested. It very well could be found discriminatory, and you could make a pretty good case that it is. Which is ultimately the same case being made earlier. Asking a no-question-about-it 50 year old to provide his ID to watch porn isn't really in good faith, is it?
Seattle3503 3 hours ago [-]
I agree "ensuring everyone has ID" is a separate problem that we should absolutely trying to tackle. We are already seeing people struggle with it absent any new ID schemes, eg in the case of trying to get access to banking. You can already get ID at a post office, maybe we should add other government facilities such as libraries.
JoshTriplett 3 hours ago [-]
That's absolutely true, and orthogonal to the problem that you shouldn't need to identify yourself to anyone in order to access arbitrary websites.
Seattle3503 3 hours ago [-]
I don't think thats the proposal. The proposal is that you prove to websites that you are over 18 to see adult content.
JoshTriplett 3 hours ago [-]
"adult content" is the boogeyman, to try to make this harder to argue against. The actual net result is shutting down a wide variety of websites and making people identify themselves (to paid identity providers conveniently provided by those who lobbied for this legislation) in order to access others, including Reddit, Discord, etc.
You should not need to identify yourself to access arbitrary websites, either to the website or to some third party.
sltkr 3 hours ago [-]
The “not everyone has an ID!” argument is such an American perspective. The vast majority of world citizens live in countries that require you to have some form of government ID anyway:
It seems pretty reasonable to leverage this into online identification.
In fact, online ID is already used in the European Union for popular initiatives (see, e.g., https://www.stopkillinggames.com/ ) and nobody seems to think this is “bullshit” or infeasible or any of the concerns that are lobbed at the age verification requirements.
lmz 3 hours ago [-]
It's more accurately a very Anglo perspective. The US, UK, AU, NZ, CA all do not have national ID cards.
skybrian 3 hours ago [-]
You’re probably better off just reading the paper he links to:
I think it shows the difficulty of implementing it for everyone. But Apple and Google’s cell phone implementations would probably cover most people in some countries when finished, and then there will be a long tail of people who will need cheats and workarounds.
You’d be screwed if you didn’t have any friends who could help you cheat.
Let's say every citizen has an account with their federal government, and the account can be accessed securely in some reasonable way (password, 2FA, hardware token, etc.).
The government can have a public-private RSA key pair specifically for "At least 18 years old". Once the user is authenticated, he can generate a nonce and a blinding factor, multiply them together to get a blinded random number, and upload that to the government for signing. He takes the signature and unblinds it, then submits the original nonce and unblinded signature to the adult website. The website confirms that the nonce and signature is valid according to the government's public key.
This system raises many questions. For example, preventing replay attacks, so the adult website will reject any nonce being reused, or mandating that a timestamp be a subcomponent of the nonce. There is the un-answerable question of how to handle the case where a legitimate adult offers valid signatures for someone else to use. There is also the question of, to what extent the adult website should be able to keep track of the underlying users (even in a hashed format) to monitor abuse, suspicious users who have too much activity, etc.
torginus 3 hours ago [-]
The problem is not only that it's impossible to make cryptography that's only secure when the good guys use it, it's that once cryptography is made insecure, it's insecure for everyone, forever.
I'm not a privacy hardliner, and I think the socially acceptable tradeoff between privacy and security have been well established before the computer era - if the police has a well-enough established suspicion against you - they can get a warrant and search your home. That's due process.
I would accept if there was a digital version of that which targeted not the encryption itself (which could be as strong as possible) - but the endpoints, like smartphones and computers.
Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
The phone would be then presented as evidence at the trial, and not following due process would be a cause for mistrial, no matter what they find there.
The general public would be safe in the knowledge that as long as the police isn't hauling them in, their secrets are safe, and the government would get the tools for what they claimed they wanted - a way to catch bad guys with digital tools.
buzer 3 hours ago [-]
> Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
And when (not if) that device leaks whoever steals your phone will be able to get access all of the things in there.
torginus 2 hours ago [-]
I'd imagine such devices would be very tightly controlled, being hard to access for civilians, and lets say limited to 1 such device per 1m people(which would also give you an idea of what sort of frequency this is supposed to be used).
The keys for every phone would be stored in a central repo, with a separate key for every phoneX every decryptor(which has its own private key). Meaning you'd need a device and the central repo to access users data.
But lets say they manage to build a bootleg version, what would be the criminal gain for them? Reading the data doesn't mean they can impersonate you, as the device wouldn't give you access to private keys used for authentication (lets even say these are deleted), only encryption.
The criminals could brick your phone and read your texts. There's only very niche cases when this would be worth it to them, like you're the subject of a highly targeted intelligence gathering op.
JoshTriplett 3 hours ago [-]
> The problem is not only that it's impossible to make cryptography that's only secure when the good guys use it, it's that once cryptography is made insecure, it's insecure for everyone, forever.
Correct.
> Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
You are now advocating for making phones insecure for everyone, forever. No.
MattPalmer1086 26 minutes ago [-]
What a breathlessly overhyped post. Basically - yes we can do it technically, but there's big economic and social limitations on rolling something like it out.
Hard for sure, but not bullshit. I actually found it hard to read the post - it could have been a third as long and more useful and measured. But I guess it gets clicks.
andrewla 1 hours ago [-]
Overall this article is completely correct and I agree with every point of it and have tried to make these arguments about the various ZKP proposers that I have encountered.
But I almost gave up early because he can't resist the urge to take a dig:
> For politicians to make good policy, they don't need to be technical experts: they need to have solid, independent, well-resourced expert agencies. Those would be the very agencies that Trump and Musk have DOGEd into oblivion ...
And then in the next paragraph blithely engages in some Gell-Mann amnesia
> But when it comes to tech policy, politicians get it all so goddamned wrong
Expert agencies formulating clean water policies are emphatically not the reason that we have potable water. Experts in actually doing the work of producing clean water are the ones that push the standards upstream. It's a subtle but important difference.
Look, it's not 2018 anymore, we survived a round of Trump and we'll survive this one and the world will not end and some things will get better and some things will get worse, but trying to tie everything back to how Trump has ruined everything is going to make your views look worse and worse as they age.
irchans 3 hours ago [-]
Even after reading the article, I think there are reasonable ways to set up a low cost system that uses zero-knowledge proofs to "prove" your age without disclosing your identity. I do think that you will need trusted entities and the system will only stop most, maybe 80 or 90 percent of children under 18 from seeing porn. But, if you do this, then maybe 99% of kids under the age of 14 will have a lot of difficulty viewing porn which is a good thing. There may be valid a slippery slope argument for not setting up the age validation system even if everything I said above is true.
crote 19 minutes ago [-]
On the other hand: Are you willing to pay hundreds of millions for developing the biggest data leak in human history, killing websites like Wikipedia in the process, while stopping only 10% of underage children from seeing porn?
The current systems being put in place in the UK are privacy-invading and ineffective. In my opinion they are worse than not having anything at all. I might be willing to change my viewpoint if something better comes along, but if a proper solution was so easy, why haven't we seen a peer-reviewed reference design yet? What's stopping the nerds from nerding harder?
Seattle3503 3 hours ago [-]
Yeah, I think even if we only manage to delay the "age of first porn viewing" to something like 14-15, thats probably a win.
jofla_net 3 hours ago [-]
Maybe, but as a parent, I believe its an embarrassment to expect to radically retrofit a society in such ways as to make up for my own negligent lack of responsibility for my own children, which I do take quite seriously.
Not to mention the myriad of resultant unintended consequences which invariably arise when such systems(of which i'm quite familiar) are brought to bear.
Though I do speak from such a position of professional neutrality, as I would gain no benefit at all from implementing such a ubiquitously mandated system. Perhaps if things were different, I'd think otherwise.
doright 2 hours ago [-]
In my opinion "we need mandatory age verification" is an admission that we can't really address the overarching issue of parents that can't/won't parent at a good enough level. Narcissistic parenting without any added access to questionable content on a smartphone is still... narcissistic parenting. The definition of "parent better" differs between people and is often non-negotiable, even way before anything involving CPS occurs. Not to mention, the content being withheld will become available at adulthood anyway, and can still be harmful if the person has not been given the tools to navigate it well.
Admittedly the bar is far higher with ubiquitous social media and smartphones. I'm not sure a parenting license system would ever work out in practice. Yet a lot of issues stemming from upbringing can cause irreversible harm and I don't feel like those root causes are brought up that much in the broader discussion about mental health symptoms.
It pains me to think that some amount of debilitating childhood trauma is unavoidable, but content restriction at least sounds like an actionable problem that doesn't require uprooting the fabric of society to correct.
ratelimitsteve 1 hours ago [-]
Remember when they passed a bunch of really strong anti-terrorism bills in the US after 9/11 and we were all super sure that it was a great idea because they promised us they'd show restraint and only use the powers they were giving themselves against the worst of the worst, then they declared vandalism to be terrorism (https://www.reuters.com/world/us/trump-says-he-will-buy-new-...)?
That's how I expect "privacy-preserving age verification" to go. It's the narrow end of the wedge. Once privacy-preserving age verification is in place there will be some reason to get rid of the privacy, and we will have a fully tracked and identified internet.
dathinab 3 hours ago [-]
> "Privacy preserving age verification" is bullshit
it is possible if you accept that it only needs to be good enough
- it's fully okay if it can be deceived in all kinds of ways
- verifying only once per account is okay, if a adult passes their verified account to a child that their responsibility
- legally not just forbid but criminalize (with required prison sentence) the storing of any data except is adult yes/no from a age verification process
- allow a OS accounts to just tell applications (including websites) that "is 18", if a age verification was done in the account, also no singing or anything cryptographically, because again it's good enough no need to protect it against hacking, the main responsibility still lies with the parents
so then you can do a single age verification per OS account, once, and be done with
furthermore this verification could e.g. go through a process which might identify you identity but a) isn't allowed to pass anything but adult yes/no to anyone else b) isn't allowed to store that info c) on a storing it is a "criminal liability" level where a CTO ordering data collection would go to prison
through if you live in a country where everyone has a passport with NFC chips (e.g. all of EU) just adding a "adult yes/no" function(1) to it + a transparent (open source, non profit) app per country to bridge it to accounts which need verification would do the job without needing the extra strict criminalize abuse part.
Which brings us to the main problem:
- requiring politicians to accept a "good enough" solution, accept that the main responsibility still lies with the parent
- politicians not abusing it to spy on their population
- make laws to prevent companies from ab-using "age verification" to collect private data
and that seems indeed impossible
---
(1): Technically I think it does exist, somewhat in many passes already. But practically it not viable as it (I think) discloses too much information and has too much issues wrt. integrating it (wrt. certificate nonsense)
loglog 3 hours ago [-]
No cryptographic verification is required for content blocking. Make it easy to set up a slightly locked down "child" account (e.g. one behind a MITM proxy that only lets through HTTP(S) and blocks some domains) by requiring it from every OS vendor. Label existing devices/software without it "18+".
causality0 21 minutes ago [-]
From logical standpoint it seems pretty obvious that the person providing children access to porn is their parents when they give them an unfiltered internet connection, not the porn websites. God forbid we actually require parents to, you know, parent.
charcircuit 4 hours ago [-]
>politicians all over the world demanded a kind of impossible encryption
It's not impossible to design a cryptographic system where law enforcement is a party within it. The false dichotomy of encrypted or not encrypted in my opinion is used to shutdown the conversation since it's easy to argue why no encryption is bad. It's a strawman.
JoshTriplett 3 hours ago [-]
It's impossible to design a cryptographic system that does end-to-end encryption and has a backdoor that can never be misused. No technical solution will address the fact that it's failing at its one job.
jgeada 3 hours ago [-]
That is a bad faith argument.
As soon as there is another untrusted party in the encryption, an in particular a party with a "skeleton key" that can decrypt anybody's message, then your encrypted communications are merely one leak away from being decoded by everybody else.
aaronmdjones 3 hours ago [-]
If there's one thing you can trust a government to do, it's to not be able to keep secrets for very long.
You can do things like require the service to verify that the court order is valid before they gain the capability to decrypt a subset of messages that the court order allows them to see. There doesn't have to be a skeleton key.
crote 13 minutes ago [-]
What is the mathematical formula for a valid court order? How does it look different from a court order signed by a judge held at gunpoint? How does it look different from a court order signed by a dictator's minion? How does it prevent someone from tricking a judge into signing an order to decrypt message 2421425241 instead of 2421475241? What is stopping the service from accepting invalid court orders? What is stopping the service from just decrypting everything for convenience?
jgeada 2 hours ago [-]
Right, just "nerd harder".
The mathematics of encryption just doesn't play that way.
thyristan 3 hours ago [-]
Then please prove the possibility by doing so.
Up to now, there has only been intense wishful thinking by politicians, and strong "NOPE" by anyone with any kind of knowledge about cryptography. Either really everyone, including the likes of NSA, CIA and other spy services don't actually employ top cryptographers. Or they repeatedly tried and failed miserably. Or really nobody, including the spies, wants backdoored NOBUS encryption.
loglog 3 hours ago [-]
NSA does probably want it, and did probably standardized at least one such scheme in the past: Dual_EC_DRBG.
layer8 3 hours ago [-]
The argument regarding general use of encryption for communication is that (a) law enforcement private keys would leak sooner or later, suddenly exposing everyone’s past communication, and that (b) criminals would just use “forbidden” encryption (“if x is outlawed, only outlaws will use x”).
charcircuit 2 hours ago [-]
(a) LE keys don't have to be all powerful. It can require actions from other parties such as the company that is running the chat or a judge. It can limit the scope of who or what messages can be decrypted.
(b) Perfect is the enemy of good. Smaller services won't have the same utility and network effects of large ones.
crooked-v 3 hours ago [-]
If you include law enforcement by default, the system becomes completely insecure literally the first time an agent is corrupt, lazy, or just gets access stolen from them.
charcircuit 2 hours ago [-]
You can design it such that the a single agent isn't able to decrypt anything. You can also do things like limiting the number of decrypted messages per period of time and more.
4 hours ago [-]
RajT88 4 hours ago [-]
Also, water wet.
aktuel 3 hours ago [-]
Not just age verification. The whole security circus is bs. Kids cannot go outside by themselves anymore. They have to wear helmets while being constantly monitored. None of it has brought us to a better place. Fuck it. Just fuck it.
lisbbb 1 hours ago [-]
I couldn't read past the dig at Trump, quite honestly. All that the Trump admin has done is reduce some of the massive bloat in the Federal Government, but people with TDS can't see it because they have this enormous blind spot of hatred built up in their minds. And if they have that kind of inability to think through real life in that regard, then they have other massive blind spots as well.
I'm 100% against the modern Puritanism being pushed by statists. I think it's disgusting. Police your own kids, don't look at things you don't like, and let the rest of us be. Massive government surveillance systems are evil, and "government experts" are just assholes, to be brutally honest. It's make-work jobs at the taxpayers' expense, and we never actually could afford that "expert class" of know it alls meddlers.
An example is Adultery. Most people will agree that it is morally wrong to cheat on your spouse. The reason civilized countries no longer have adultery laws is not because a majority of people support the crime, it's that the level of control a government needs to exercise over its citizenry to actually enforce such a law is repugnant. The state must proscribe definitions of infidelity ( human sexuality being the mess it is, this alone is a massive headache), then engage the state apparatus to surveil people's intimate lives, and then provide a legal apparatus that prevents abuse via allegation. And for what? So that people's feelings are a little less hurt?
The juice simply is not worth the squeeze.
So it goes for age restrictions. Age verification creates massive potential for invasion of privacy, blackmail, censorship, and more, necessitating a massive state censorship apparatus to block foreign content, and for what? So that little Timmy's forced back into trading nudie mags at the bus stop? To save parents the onerous effort of telling their kids "no"?
It's simply not worth it.
It's that people became more secular, Adultery is considered a sin and not a crime, and modern countries instituted separation between religious and secular laws.
Websites can request data from the user by sending that certificate, it opens the app, it shows you the categories of data to be send, you hold your ID card to the phone, enter the PIN, and the certificate is uploaded to the ID card which verifies it. If its valid, the ID sends back the data that is specified in the certificate.
You then get presented with exactly the data that is going to be sent to the website. You can then agree or disagree. So far that is only used to log in to government websites.
This way the government does not know which sites you visit, and you only send your age to the website.
- You do not want the government to know which websites you visit. This rules out any kind of redirect / forwarding via a government website or app.
- You do not want websites to correlate their requests, as that would allow for cross-website tracking. Request data from website A should be completely useless to website B. This rules out most regular certificate schemes.
- You do not want a website to correlate multiple data requests, as that would allow websites to create some kind of supercookie. Requests should be completely independent, and two requests from the same user should be indistinguishable from requests from two different users.
- You do not want to lose privacy when the government and the website work together. The request should still be anonymous when the two collaborate, or else there can be no reasonable assumption of privacy. This rules out most clever pass-a-one-time-code schemes.
- You want the request to be unique and time-bound. It should not be possible to replay a response, either to the same website or a different one.
- You do not want to send more data than strictly necessary. If a website needs to know if you are 18 or older, it should only receive a boolean flag.
Getting some of those properties is easy. Getting all of them at the same time? Nearly impossible. And the worst part is that I almost certainly forgot a handful of requirements!
Edit: And as Doctorow points out there are a host of other issues that arise from actually deploying a working system.
So I think from that view the eID works pretty well, it provides the minimal necessary information. The bigger issue with something like this is if you use them to enforce real name policies or stuff like that.
But even then, I can volunteer my ID, keep it permanently attached to a computer running a server that allows certain requests (like the boolean age check), and then provide an API / client that allows anyone anywhere to use it to pass.
No risk to me (none of my data leaks), presumably no rate limits (the card has no way to track time; at best it could store recent request timestamps but I doubt it does).
In fact even better, use stolen or lost cards. Owner will get a new one, but the old one has no way of knowing it's voided. We can build a network that is able to sign whatever info (age, gender, city, name) you want, as long as we have one ID with such info.
Edit: unless there’s a blind middleman that has tight data policies?
AFAIK the EU age verification app works by requesting bunch of digitally signed "proof of age" tokens (openid verifiable credentials) from a government institution and sends (uses up) one when you want to prove your age to a website. The website can check the validity of these tokens without connecting to the government institution.
They are even trying to do some form of blind signature or zero-knowledge proof to have better protections.
https://ageverification.dev/av-doc-technical-specification/d...
Age verification laws are easy to circumvent and they are bad for many other reason though.
Is that worth it? No idea—but I'm willing to bet some surveillance advertisers think it's worth it.
However doing dozens of requests requires the user's approval each time which may raise red flags and I can imagine your certificate revoked.
Don't get me wrong, I love diving into the technical details just as much as anybody else here. I've learned something new almost every time there's a comment thread on the subject .
But the technical details are a distraction. That this is happening at all is the forest the technical crowd is going to miss for the trees.
Preserving some semblance of privacy on the internet is already hard enough. We do not need systems like this to encroach any farther; risks of personal privacy is so great and could be caused by such a simple innocent and subtle configuration mistake.
Hmm. It's not clear from the description that it is so. The government knows which site sent the request and authenticates your card, which is tied to your identity, right?
The certificate is passed to the user's ID card where that information is populated, the document is cryptographically signed, and returned to the requesting party after the user reviews and approves the transaction.
I assume it's a variant of PKI, with everyone trusting the government's root key, and each ID card storing a unique certificate signed by that root key. But an ID card will only have a single certificate, so it would be trivial to see that multiple data snippets were signed by the same certificate - and therefore the same person. That would allow a website to track users across sessions - or even across websites.
If an enterprising 19-year-old sold their card and PIN to a 15-year-old and reported it lost to get a replacement, presumably there's some mechanism to stop the 'lost' card being used as proof of age?
The card communicates with an eID server via the app. This server is connected to the PKI and receives a new certificate daily-ish and also has a revocation list of blocked IDs. There's a ridiculous amount of regulation for hosting one yourself, so you get that service from one of the two or three who provide it as a service.
ID data this eID server received from the card is then sent to the eID service that initiated the session, which may either be the entity who needs it, or another service provider who wraps another set of regulation requirements and complex eID server API calls into an easy to use API for their customers.
ID data isn't actually shown to the user in the app unless it's a custom implementation that loops it all the way back from the service provider at the end.
There are also obviously better ways (https://blog.cloudflare.com/privacy-pass-standard/ possibly some variation of zero knowledge proofs) but technically this seems like a solvable problem. Money wise the IDP or in general verifier can charge users for an account and/or generated assertions.
You are completely correct that civil law jurisdictions have already solved this: Germany, Estonia, and many others have the all the requirements: a register of all persons available to the central authority, and crypto infrastructure to make it work.
What's missing from the UK, Canada, USA, etc. is the first part! It is hard to believe if you live in Germany, but there really is no big master list of people in those countries. There are many (many, many) lists, linked badly by many different ids. The tax registry, pension registry, drivers license registry, and visa registry are some of the big ones.
Things could be so much simpler if we had such a thing, but the politics between here and there are basically impossible.
Your birth certificate is still stored somewhere. You're still entered in a bunch of databases from the moment you're given birth to in a hospital. You still get a social security number, which you need to work, which you need to do to afford food.
Sure, all those databases might not have a neat shared primary key, but that's definitely not going to stop future Holocaust 2.0 perpetrators from joining all those tables together.
- How can you ensure the system can't be abused if there's no identifying information passed? Don't get me wrong, this is also a problem with current systems, maybe even worse. But if it's privacy preserving, ... Almost all kids under 18 have parents or guardians. Almost all of those parents or guardians are 18 or older. So literally all you have to do to bypass age verification is steal their ID for a few minutes? There are also a myriad of solvable problems that aren't guaranteed to be solved without care, like ensuring that the same ID is not used 100,000 times.
- This is a job that is best suited for the government to handle. The internet is global though, and there are a lot of governments. In the U.S., there is in fact not one federal ID, but instead we use state IDs. I assume that means you now need to handle around 50 different state IDs to be able to verify someone's identity, but it actually gets even worse than that, because some people will have IDs, and some will have drivers licenses, because oddly enough that's just how we structure IDs here. People without drivers licenses may have state IDs which are often intentionally visibly distinct to make sure they can't be mistaken for the other. In states I'm aware of, you'll never have both, the driver's license acts as a state ID if you have one. Now scale that to every country on Earth.
- As insane as it may sound, there are plenty of people who don't have essentially any form of ID. You might think I'm over-estimating the numbers with "plenty", but even just in the United States, it's literally over 2.5 million, off the top of my head. (No idea what the best source is here.) The closest thing we have that every citizen is supposed to have is Social Security, but that isn't really usable as a form of ID for various reasons. (And frankly it's a pretty terrible means to verify someone's identity at all anymore in the Internet age, but oh well.)
I'm totally sympathetic to the fact that people really don't want their kids browsing porn on the Internet, but children basically can't pay for Internet access or afford iPhones. I think it's insane that people keep suggesting using advanced cryptography, zero-knowledge proofs, privacy pass tokens or whatever else for a problem that so clearly needs to be solved socially and not technically. (And obviously, only the surface-level aspects of this are really about porn. We all know it's deeper than that, and if it wasn't, the UK would readily exempt Wikimedia from these requirements. I hope nobody here is deluding themselves into thinking this is a noble effort.) You are literally giving your children a device that can easily obtain porn and letting them use it unsupervised. It's not like it was a secret: Avenue Q told you everything you needed to know. I get that raising kids is hard and society pressures you to do this, but isn't that the problem you'd rather tackle?
The problem is that we've let this idea that you can solve the problem like this enter the mainstream, and now that we have, even smart and reasonable people may accidentally convince themselves that it is tractable just because it is technically feasible to devise such a system. This is bad because we're going to waste a lot of energy repeating ourselves on thinking about the entirely wrong way to look at things.
There are numerous interesting and/or problematic aspects of this, but this question is perhaps the least interesting.
If your kid, or anyone else really, steals your ID then age verification is the least of your problems. They could transfer all your money, move house, get married, change your name or a myriad of other much more serious things. Willingly letting your kid use your ID would be borderline illegal and not an insurance in the world would cover it.
> literally over 2.5 million
These people have never borrowed a book, visited a doctor, paid taxes or opened a bank account? There are many things in society that require validating who you are. Surely they have some form of ID. Perhaps just a more insecure one than a cryptographically signed.
I don't think a federal identity is as far fetched as you make it sound, for better and for worse.
That's only partially true. We also have federal IDs: passports, passport cards, permanent resident cards, DoD Ids, Transportation Worker IDs. There's also some other federally issued IDs listed as Real ID compliant [1], but I've never seen them so I didn't list them.
[1] https://publicpoint.fnal.gov/get-connected/Shared%20Document...
What I really mean is that among IDs you might expect every citizen to actually have, state IDs are basically the most reliable and even that only gets you around 99% of the way there.
Presumably this is the purpose of the PIN, which I assume is in the owner's head, not on the card (otherwise it would be redundant with the NFC chip).
I admit that PIN verification would make it harder to bypass the system, though to be honest with you, I think it's also not really hard to realize that some kids will still manage to figure out their parent's PIN numbers, which they will likely re-use for their bank cards and a bunch of other shit, because most people don't really want to have to come up with 10 different PIN numbers, and we all kinda get the idea that PIN numbers aren't really that secure in the first place. Adding a PIN number requirement is probably a wise idea, but it does make the system a bit more of a PITA for everyone as people will inevitably forget their PIN and need to reset it or what have you. And I reckon that's basically how each countermeasure for problems of these systems go, each one just adds a little bit more pain depending on how hell bent you are on making it work. (I think the PIN number is good enough for trying to prevent someone for stealing your identity with your ID card to an extent, but not as good against people you live with misusing your ID card.)
Of course, you could keep going. You could try to come up with counter-measures to discourage someone from re-using their ID card for other people, and probably at least limit the impact of some of these issues to make the system basically work.
Even if you really do concoct the perfect solution for one country, you then have to make sure this problem gets solved correctly in every individual federal government, and then anyone who wants to offer adult content online has to individually handle identity verification across all countries that require it.
Meanwhile, we already have a system where essentially only adults can buy devices to connect to the Internet, and Internet service plans. You can't even get a debit card in the U.S. without being at least 18 years of age.
Teenagers have been looking at porn since forever. It's practically a trope of teens stealing their parents' porn mags. I don't think any of this has actually caused major societal issues.
The proposed solutions merely require that a teen steal their parent's identification, briefly, to create a porn account and move on. Heck, they can probably buy that information online if they are innovative enough. They certainly will be selling access to their porn accounts to their classmates. And even if they don't go through all that trouble, getting a porn mag is still pretty possible in the UK.
That makes this just a bad law. It doesn't meaningfully stop the problem it's meant to stop and it's expensive and intrusive. Even if privacy preserving age verification was bulletproof and perfect, you still have the access holes all over.
And then there's the simple fact that other nations exist. Yes, mainstream sites will put up protections, but what about the sealand porn site? Unless the UK wants a great firewall (ala the chinese firewall), they simply aren't going to stop this problem. Even then, VPNs are common knowledge at this point due to streaming.
Bad law, bad effects, and a pointless fight.
Briefcases were also a thing as have been strip clubs since forever. Quick access to porn hasn't been a problem since the printing press was invented.
Unbelievable. Let people watch their thing if they want to, jeez.
There are MUCH more important problems on Earth.
It degrades and oppresses all women.
Technologies like the mdl standard [1] can attest to age without revealing the users identity.
As Cory points out, its still possible for kids to swipe someones ID and use that. There are probably practical solutions that are good enough. Android, iOS, and parents could work together to deal with the problem of stolen IDs. If mdl is implemented on devices such that they are managed by the device OS, that would lead to auditability. Parents can ask their child to see their phones ID app, which will show full roster of IDs on the child's device. If a parent sees an ID that shouldn't be there, they can have a conversation about it. In this way the law would be about empowering parents to shape their child's online experience. This is just a straw-man example solution, but there may be better ones.
The other objections I saw could be worked through in a similarly pragmatic fashion.
This is probably going to be good enough for most folks, and its probably a good thing to keep children away from pornography and such. And IMO coming up with a "good enough" solution will flush out all the bad actors who are hiding behind the excuse of "save the children" when really they want to build up an record of everyone's browsing history. But by denying any solution to a real problem, we let the bad actors hide amongst the well-intentioned folks who are trying to do the right thing.
[1] https://en.wikipedia.org/wiki/Mobile_driver%27s_license
Not we can't, but we shouldn't. All the current solutions are terrible, and are either trivial to fool or mass surveillance machines. We shouldn't be stupid enough to go for either option because it'll either cost a fortune while giving us nothing, or cause immeasurable harm when the National Porn Viewing Database inevitably gets used to blackmail everyone.
We're trying to (poorly) use technology to solve a social problem. If we can't figure out a way to do so using technology without significant downsides, then perhaps we shouldn't be using technology to solve the problem at all.
It kinda seems the internet has real, longstanding problems stemming from the inability to verify anything about anything online. For the most blatant example, a website admin can never permanently ban a troll or criminal (they just sign up under a new name).
It makes one wonder how Doctorow reconciles the internet as it is with his stand against adopting some kind of IDP system.
Common pitfall? It’s why these techno-idealists are loudmouthed on the internet, but don’t get respect anywhere politically. If you want to gain ground politically, you need to at least acknowledge what the problem is, or is perceived to be, and offer a real solution. “Nope we can’t do that because of this 0.1% edge case” doesn’t qualify. “Apple should just dump all schematics online regardless of what China might do” doesn’t qualify. “The internet is great at it is, and your political concerns are invalid” doesn’t qualify.
Why? If you do not believe it is a problem that's just like apologizing when you haven't done anything wrong.
If you're campaigning for technological and/or political change you're in the business of changing peoples minds and if that doesn't matter to you, you've chosen an odd way to spend your time.
If you want to argue against my proposal, please remember to stay within my frame of reference.
Regardless of whether pornography is, or should be legal, average exposure is now 11 years old. That’s average, many kids are even younger.
If this even prevents 95% of kids from accessing pornography until they’re 15 and get a debit card to buy a VPN, that’s a win in the eyes of most parents and legislators. It doesn’t need to be perfect, or even perfectly force you to be 18, to get the primary job done. Pointing to “a 16 year old can get around it with a VPN” is missing the point. It’s not a surprise why that argument falls on deaf ears.
Or, another one, “just use parental controls,” have you even tried this? Almost all parental controls are horrifically buggy, full of loopholes, and these kids can just borrow each other’s technology. Apple’s parental controls predate HTML5 (literally, HTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert fluent in Microsoft, Apple, Google, Nintendo, and other products all at once. You might as well get CompTIA certified. That argument also falls on deaf ears.
The solution, then, ought to be to pass a law requiring some sort of standardized parental controls that allow trivial set-and-forget management. Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode. Does this not solve the "prevents 95% of kids from accessing pornography" threshold of effectiveness while being infinitely less invasive?
Wouldn't even need to develop anything new for this outside of a simplified UI over an MDM. Devices already support an incredible amount of monitoring and control, even iDevices, via MDMs.
But MDMs are for now only business/enterprise products, and are priced as such.
Makes me wonder if there's a market there for someone to just package up a consumer-focused, dead simple to use MDM. Enroll with QR code, set up some default policies, etc.
However, there’s one major problem: Most families aren’t actually using the multi-user capabilities of their devices. Many devices, like iPads or iPhones, just don’t support multi-user at all.
The result? Either parents are tech experts again, or have deep pockets to get everyone a device, or you’re going to have a bunch of kids logged in as their parents on their devices (as is already the case). Of course, that defeats the policy goal. That’s a non-starter, unless we agreed that a device manufacturer could force a biometric check when accessing an age-verified device account.
Nobody has proposed such a thing; but if there was a good way of making sure that the age-verified user is the actual person engaging with the age-verified account, then we might have progress in that direction.
Personally though, I would really prefer to not have the government get any ideas whatsoever about dictating firmware or OS security or OS parental control requirements. Do you really want your Linux distribution mandated to implement an age check firmware with phoning home requirements to a government parental control server?
If a parent can't be bothered to pin-lock their device or flip it into child mode then there is no technological solution. Now you're the one looking for the perfect solution that doesn't exist.
Because the age is verified at the time of access; instead of once during initial setup. Odds are that the former will catch far more flies than the latter.
Your employer probably does the same. Do they have you log in once when you set up your laptop, then comfortably happily say it’s you for the next three years; or do they have you sign in every morning?
Is that really how it works? Every single time you visit any website on the Internet or launch any app it's going to age ID you? I don't think that's right. You validate your account and then you login and you're good. If someone else uses your account, they are you.
And as you said, people share devices but it's also usually one account per app per device. You have to go out of your way to sign out of each individual app or website.
... which doesn't work, because it'll quickly lead to an enterprising 18-year-old highschooler selling pre-verified porn website accounts for $10.
You make it sound like historically it was much later but actually even in the 1980s 11 years old was common. In fact, that matches my own personal experience from that era.
> Or, another one, “just use parental controls,” have you even tried this?
Parental Controls is the right answer but absolutely agree that parental controls suck. As a parent, I'd love just any level of better control. I don't even care if I have different controls per manufacturer as long they're pretty complete and capable.
If the EU can mandate USB-C, they can mandate all technologies include powerful and capable parental controls.
There is no need for age verification -- parents know how old their children are. Parents are providing children with the devices and often the means of connectivity as well. This is and has always been a parenting problem. If the government wants to assist parents, I'm all for that. But age verification is not the answer.
That is, until Linux is also forced to come into compliance with said parental control standard, complete with all centralized reporting and remote restriction capabilities.
> This is and has always been a parenting problem.
What do governments do when everyone has the same parenting problem? Listen to industry idealists, like those who would call teenage smoking a “parenting problem,” or crack down?
Linux is fine. Someone can build the ultimately perfect parental control software for Linux and I'll use it. The same cannot be said for Windows, Android, or iOS -- third party system cannot exist for those platforms that are sufficient unless they're made by Microsoft, Google, or Apple respectively. Perhaps we just have to mandate an open standard. In fact, I would prefer that.
> What do governments do when everyone has the same parenting problem?
The wrong thing. Always.
You can't build a perfectly secure system and still respect the user's freedom. The perfect parental control system is by definition also going to be the ultimate rootkit - or else you'd just boot your own kernel which perfectly fakes the parental controls.
In such a world you wouldn't be allowed to build your own OS, only boot a pre-approved image. The Linux community is not exactly likely to participate in this.
You miss the point. I want all the power. Let me install and configure a Linux image of any sort and then lock it down. I am root. My kid is a mere user.
There is nothing terribly difficult or even controversial about that.
... and the centrally imposed, one-size-fits-all, politics-first age verification system you want will of course be free of bugs, loopholes, opportunities to borrow devices, or whatever.
That's good, since you want to apply it to every single person on the Internet.
The govt doesn't care how you verify age only that you don't sell to minors.
Large websites do not care even the slightest bit about how accurate the verification method is. They have zero incentive to genuinely get rid of underage users. If anything, they want to keep them - they are prime advertising real estate! Websites have every incentive to implement the age check in the cheapest and most half-baked way possible. As long as they are able to prove on paper that they are doing some form of age verification, they have met their requirements. Got a 90% false positive rate? Working as intended!
The only people getting fines are the small websites who can't afford to pay a 3rd party verification service. This'll shut down your local hobbyist communities, which only drives more visitors to the large megacorp websites.
It doesn't matter it's unreliable telling 17 year olds from 18 year olds. This thing is to reduce the amount of porn kids are exposed to. It's not like issuing a passport or something. As long as it sort of has some positive effect.
I actually did the face picture thing for Reddit. Seemed to work ok, although I'm 61 so not too near the cutoff.
Sure, there is a strong ideological argument why you should not have strong identities required in the internet in general (or even in offline) and on porn sites specifically, but the argument is not technical.
If other laws were like it, they would be like: You're not allowed to steal (unless you really need to), but if you do, take as little as you can (as determined by you), and you have to give it back as soon as you can (again, according to you), and if the person you stole from wants it back, you have to (unless you have a good reason not to)
Reputation is irrelevant. Everyone is trustworthy - until they are not. The dark web is filled with data leaks from reputable parties.
I can't wait for the next generation that will enjoy "nerding out" on how to best patrol every neighborhood with drones.
Let's put NFC tags on everyone at birth, we can then nerd out harder.
Anyway, I am not in the side of control freaks, but still find the question interesting.
It's a system which requires a central agency, probably a government agency, analogous to a certificate authority.
You are authenticated with that agency; it has personal info about you. But you are externally identified by some impersonal identifier, not your name.
The agency issues you a certificate binding this identifier to an assertion like "is over 18 years old".
When you interact with a site that wants to know whether you are over 18 years old, you present the certificate. The site can see that it's signed by the authority and that it has the assertion that you are over 18.
You can't just give that site someone else's certificate because it has to be the one tied to the abstract identity you are presenting (which contains no personal info; it's some kind of UUID or whatever). Plus the cert can be bound to a specific device and such.
The cert has a private keys with which you can prove that you own that cert; or at least that you are the authenticated operator of a device to which that cert was issued.
It's something like that. I may have some key details wrong. The main idea is that some brokerage that does have info about you can attest that you are over 18 without revealing any of the personal info via certificate-like objects.
It sounds like, in theory, the system can achieve good privacy in age verification. But not perfect age verification; people will find ways around it.
A grown up can certify themselves to be over 18 and then hand the device to a teenager; and such an operation can likely be scaled to some extent. And of course no cryptographic system can eliminate the possibility that minors are looking at the screen of a device operated by an adult, who may even step out of the way to let them operate it.
The issue is that those laws are usually linked to very specific forms of ID, which just so happen to be easily available to certain demographic groups.
Imagine a voter ID law where the only acceptable form of ID would cost $50.000 to purchase. Would you consider that fair and nondiscriminatory? What if you could only get the ID on the third Tuesday of the month, between 14:00 and 14:30, at a single location in the entire state? What if the ID required you to pass a certain kind of test, judged arbitrarily by a government official?
I think alcohol, tobacco and gambling here are mostly irrelevant, but the firearms is a better example because of the second amendment, where you have a clash between a very old right granted by the bill of rights clashing with modern societies beliefs.
So long as it is done for a legitimate purpose and in good faith, generally no. As such, IDs are only expected where there is reasonable suspicion of possible violation. For example, there is no onus, with a few exceptions, to see an elderly person's ID to buy alcohol when there is no reason to think that they aren't below the minimum age.
The exceptions haven't really been tested. It very well could be found discriminatory, and you could make a pretty good case that it is. Which is ultimately the same case being made earlier. Asking a no-question-about-it 50 year old to provide his ID to watch porn isn't really in good faith, is it?
You should not need to identify yourself to access arbitrary websites, either to the website or to some third party.
https://en.wikipedia.org/wiki/List_of_national_identity_card...
It seems pretty reasonable to leverage this into online identification.
In fact, online ID is already used in the European Union for popular initiatives (see, e.g., https://www.stopkillinggames.com/ ) and nobody seems to think this is “bullshit” or infeasible or any of the concerns that are lobbed at the age verification requirements.
https://www.cs.columbia.edu/~smb/papers/age-verify.pdf
I think it shows the difficulty of implementing it for everyone. But Apple and Google’s cell phone implementations would probably cover most people in some countries when finished, and then there will be a long tail of people who will need cheats and workarounds.
You’d be screwed if you didn’t have any friends who could help you cheat.
Let's say every citizen has an account with their federal government, and the account can be accessed securely in some reasonable way (password, 2FA, hardware token, etc.).
The government can have a public-private RSA key pair specifically for "At least 18 years old". Once the user is authenticated, he can generate a nonce and a blinding factor, multiply them together to get a blinded random number, and upload that to the government for signing. He takes the signature and unblinds it, then submits the original nonce and unblinded signature to the adult website. The website confirms that the nonce and signature is valid according to the government's public key.
This system raises many questions. For example, preventing replay attacks, so the adult website will reject any nonce being reused, or mandating that a timestamp be a subcomponent of the nonce. There is the un-answerable question of how to handle the case where a legitimate adult offers valid signatures for someone else to use. There is also the question of, to what extent the adult website should be able to keep track of the underlying users (even in a hashed format) to monitor abuse, suspicious users who have too much activity, etc.
I'm not a privacy hardliner, and I think the socially acceptable tradeoff between privacy and security have been well established before the computer era - if the police has a well-enough established suspicion against you - they can get a warrant and search your home. That's due process.
I would accept if there was a digital version of that which targeted not the encryption itself (which could be as strong as possible) - but the endpoints, like smartphones and computers.
Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
The phone would be then presented as evidence at the trial, and not following due process would be a cause for mistrial, no matter what they find there.
The general public would be safe in the knowledge that as long as the police isn't hauling them in, their secrets are safe, and the government would get the tools for what they claimed they wanted - a way to catch bad guys with digital tools.
And when (not if) that device leaks whoever steals your phone will be able to get access all of the things in there.
The keys for every phone would be stored in a central repo, with a separate key for every phoneX every decryptor(which has its own private key). Meaning you'd need a device and the central repo to access users data.
But lets say they manage to build a bootleg version, what would be the criminal gain for them? Reading the data doesn't mean they can impersonate you, as the device wouldn't give you access to private keys used for authentication (lets even say these are deleted), only encryption.
The criminals could brick your phone and read your texts. There's only very niche cases when this would be worth it to them, like you're the subject of a highly targeted intelligence gathering op.
Correct.
> Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
You are now advocating for making phones insecure for everyone, forever. No.
Hard for sure, but not bullshit. I actually found it hard to read the post - it could have been a third as long and more useful and measured. But I guess it gets clicks.
But I almost gave up early because he can't resist the urge to take a dig:
> For politicians to make good policy, they don't need to be technical experts: they need to have solid, independent, well-resourced expert agencies. Those would be the very agencies that Trump and Musk have DOGEd into oblivion ...
And then in the next paragraph blithely engages in some Gell-Mann amnesia
> But when it comes to tech policy, politicians get it all so goddamned wrong
Expert agencies formulating clean water policies are emphatically not the reason that we have potable water. Experts in actually doing the work of producing clean water are the ones that push the standards upstream. It's a subtle but important difference.
Look, it's not 2018 anymore, we survived a round of Trump and we'll survive this one and the world will not end and some things will get better and some things will get worse, but trying to tie everything back to how Trump has ruined everything is going to make your views look worse and worse as they age.
The current systems being put in place in the UK are privacy-invading and ineffective. In my opinion they are worse than not having anything at all. I might be willing to change my viewpoint if something better comes along, but if a proper solution was so easy, why haven't we seen a peer-reviewed reference design yet? What's stopping the nerds from nerding harder?
Admittedly the bar is far higher with ubiquitous social media and smartphones. I'm not sure a parenting license system would ever work out in practice. Yet a lot of issues stemming from upbringing can cause irreversible harm and I don't feel like those root causes are brought up that much in the broader discussion about mental health symptoms.
It pains me to think that some amount of debilitating childhood trauma is unavoidable, but content restriction at least sounds like an actionable problem that doesn't require uprooting the fabric of society to correct.
That's how I expect "privacy-preserving age verification" to go. It's the narrow end of the wedge. Once privacy-preserving age verification is in place there will be some reason to get rid of the privacy, and we will have a fully tracked and identified internet.
it is possible if you accept that it only needs to be good enough
- it's fully okay if it can be deceived in all kinds of ways
- verifying only once per account is okay, if a adult passes their verified account to a child that their responsibility
- legally not just forbid but criminalize (with required prison sentence) the storing of any data except is adult yes/no from a age verification process
- allow a OS accounts to just tell applications (including websites) that "is 18", if a age verification was done in the account, also no singing or anything cryptographically, because again it's good enough no need to protect it against hacking, the main responsibility still lies with the parents
so then you can do a single age verification per OS account, once, and be done with
furthermore this verification could e.g. go through a process which might identify you identity but a) isn't allowed to pass anything but adult yes/no to anyone else b) isn't allowed to store that info c) on a storing it is a "criminal liability" level where a CTO ordering data collection would go to prison
through if you live in a country where everyone has a passport with NFC chips (e.g. all of EU) just adding a "adult yes/no" function(1) to it + a transparent (open source, non profit) app per country to bridge it to accounts which need verification would do the job without needing the extra strict criminalize abuse part.
Which brings us to the main problem:
- requiring politicians to accept a "good enough" solution, accept that the main responsibility still lies with the parent
- politicians not abusing it to spy on their population
- make laws to prevent companies from ab-using "age verification" to collect private data
and that seems indeed impossible
---
(1): Technically I think it does exist, somewhat in many passes already. But practically it not viable as it (I think) discloses too much information and has too much issues wrt. integrating it (wrt. certificate nonsense)
It's not impossible to design a cryptographic system where law enforcement is a party within it. The false dichotomy of encrypted or not encrypted in my opinion is used to shutdown the conversation since it's easy to argue why no encryption is bad. It's a strawman.
As soon as there is another untrusted party in the encryption, an in particular a party with a "skeleton key" that can decrypt anybody's message, then your encrypted communications are merely one leak away from being decoded by everybody else.
https://www.vice.com/en/article/hackers-published-replicas-a...
The mathematics of encryption just doesn't play that way.
Up to now, there has only been intense wishful thinking by politicians, and strong "NOPE" by anyone with any kind of knowledge about cryptography. Either really everyone, including the likes of NSA, CIA and other spy services don't actually employ top cryptographers. Or they repeatedly tried and failed miserably. Or really nobody, including the spies, wants backdoored NOBUS encryption.
(b) Perfect is the enemy of good. Smaller services won't have the same utility and network effects of large ones.
I'm 100% against the modern Puritanism being pushed by statists. I think it's disgusting. Police your own kids, don't look at things you don't like, and let the rest of us be. Massive government surveillance systems are evil, and "government experts" are just assholes, to be brutally honest. It's make-work jobs at the taxpayers' expense, and we never actually could afford that "expert class" of know it alls meddlers.