>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.

its been said 1000 times here, but: age verification doesn't have to be a nightmare dystopia of 24/7 fine-grained tracking and recording unless you are somehow hoping to achieve 100% success rate (something we have not done with any other law ever). there are several reasonable proposals that would be 90%+ successful without stepping on anyone's toes.

i am convinced that enough people in power know it, too, but see this as their chance to get the full-dystopia version rolled out.

Parents largely control what their kids have access to, whether it requires a device, a data plan, home Wi-Fi, whatever. Where parents don't/can't control their kids' access, no amount of regulation and technology will fix it.

This applies not just to social media, but drugs, alcohol, porn, etc. Yes, laws and IDs add friction and that's good, but if a kid really wants those things they are going to find a way.

Social media already had built in friction without needing new regulations and ID requirements. To access social media you need a relatively expensive (for kids) device and some way to connect that device to the Internet, which is also not free.

The biggest problem I see is that unlike alcohol, drugs, and porn, there are seemingly benign reasons for kids to use social media. Sports teams, dance classes, youth groups, etc. all want to keep in touch and allow group communication. Too often the adults in charge turn to Instagram or whatever social media app for the group communication. Now, unfortunately, your kid needs an IG account.

You can't spy on kids without spying on everyone, and in any case they're interested in the everyone part. Ultimately they want 24x7, realtime facial & biometric monitoring of everyone using any "approved" device, and be sure that only approved devices will be able to join networks and do stuff upon them, so for those brave nerds thinking they can survive on GhostBSD from their basement, yes you can, but as Gandalf said, you can only fence yourself in, but not fence the world out. Sooner or later they'll come for everyone.

My main concern is transparency. How do we know that the ruling/governing class is not abusing these monitoring systems and exempting themselves from monitoring?

If we are all subject to the same monitoring and there are no exceptions, that would be fair. However, if some people are exempt from monitoring because of their connections, relations, etc. then that would be unfair.

And if some people are allowed to harass and stalk others based on some attribute (race, religion, nationality, etc.) because they are in a monitoring position (while others are not) then that would be unfair as well.

We need full transparency.

There are at least two methods to verify age without disclosing identity:

1) Yubikey-like tokens supporting attestation and sold at places not accessible to minors like liquor stores

2) "parent mode" on desktop and mobile devices - the device would refuse to load any inappropriate sites and install inappropriate apps like Telegram, Omegle or Facebook.

I don’t think saving them from spying is the main concern. Instead it’s the direct negative effects of the usage upon the kids that’s the concern. Not that age verification isn’t problematic

The slippery slope argument is hugely valid, but having kids not have access to alcohol, porn and guns is very normal. We don't even discuss it in the 'physical world' because it's absolutely normative.

Even in 'Europe' kids aren't going into the liquor store stocking up obviously - there are always age and responsibility-related conventions.

The 'online' nature of this piques our anti-authoritarian triggers and tends to err our judgment a bit.

There are valid reasons to do this, and there is 'a right way' - maybe we should have some hope and promote that.

I'm not hugely optimistic that they'll get it right, but we should aspire for to build the world we want. There's enough momentum that it's plausible.

This reminds me of being refused entry to a nightclub in the US because I’d forgotten my passport, even though I had a European ID card and I’m over 40. Offline, age checks already often become rigid “approved identity document” checks. Online, that problem seems even worse, because the check can become a persistent identity layer across the web.

In Canada the approach is going to be that social media and AI companies will need to figure out a system where those under 16 can’t access content. The government will be able to grant exemptions if the company can satisfy regulators that they have built and maintained adequate, alternative structural safeguards to protect children on their platform.

Further to that, companies are required to do this in a strict data minimization approach, results need to be anonymized and destroyed immediately after the check is complete.

The internet has grown into a bit of a letdown to some degree, especially social media. If I have to upload an ID or insert a grey hair into a scanner, that website or app will be dead to me and I will move on to something else or nothing at all.

We're cooked. The young kids I teach are unfortunately completely accustomed to go guardian spying on them at school. The admin constantly reinforce the need to dissect the internet, treat Chromebooks as media consumption devices, not computers. I hear it will be even worse here next year. Not sure how.

These people are obsessed with risk mitigation that it's not even worth having tech class anymore. No risk. 100% control all the time.

The main problem is providing infrastructure for a government that can over use it in future if move to ultra right/left/authoritarian spectrum

Just for example Russia build infrastructure for blocks website for child safety, but it started to used much further

Age Verification is not about “saving kids from spying/social media”.

Same as Regulatory Encryption Backdoors are not about “protecting kids from child predators”

This is framing. Abusing kids is bad. But that is not what this about. Let’s keep the discussion on topic: the goal is 1984-level oversight… not just of the kids

[Edit: I guess HN agrees: meanwhile the title changed from “saving kids from spying” to “is actually mass-surveillance” - good]

This idea sounds like the death of social media. Remove anyone under 18 ensures they won't signup after. Forcing id verification means 70-80% of adult accounts will be dead. Network effects disappear. Those who remain will be businesses pushing something, hackers/spammers and some die hard group.

Actual title, original title: Spying on kids to protect kids from spying is very, very stupid

I'm against mass surveillance, but gambling sites managed for years.... Can't addictive social media algoshit be thrown in the same bucket?

>"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities.

Hilarious that the author doesn't think that this isn't already happening.

Could we step back a little and maybe revisit the premise that we need the gov't to be protecting children to begin with? That's what parents are supposed to be doing.

Could we instead disallow algorithmic skinner-box addiction machines for everyone?

In general I'm opposed to this kind of regulation, but as a thought exercise, we do have the primitives needed to do age (or any other attribute) verification in a privacy-preserving and decentralized way.

You could imagine a hierarchy of organizations (governments, financial institutions, schools, etc) that a website trusts to verify some attribute (minimum age, citizenship, etc). Those organizations can attest that some identifier like an email address has been verified to belong to a real individual with that attribute, and that organization belongs to the hierarchy the website trusts, without revealing anything else about the user, the exact verifying organization, or the requesting website.

Am I the only one who looked at NSFW websites at 10 years old and played games with voice chat with players of all ages too, and I turned out to be well adjusted productive member of society? People need to chill.

I grew up during the 90s/2000s and I used the internet, first social media platforms, messengers, etc. – a lot. My parents had no idea of computers, how to use them, how to use the internet, what is out there etc. Yet I am convinced that the way my parents dealt with it is still the gold standard.

Their parenting equipped me well to deal with weird, dangerous or otherwise harmful things I encountered. They were the kind of parents who would let us play in the woods till 9 in the evening, no questions asked if there were scratched knees or dirty cloths. If there was something they thought might be problematic, they talked to us in a way that left the ultimate decision how to deal with a situation with us, displaying a high level of trust into our ability to make good decisions ourselves (and sometimes letting us make bad ones just to talk about it after the fact).

Turns out if you want your kid to be able to deal with unexpected situations you need them to deal with situations, period. And the opposite of that is what I even back then saw with many of my friends parents: trying to shield their kid from every encountering (and mastering!) even the tiniest of dangers themselves, alone. You think you tell your kid about the dangers of the world, so they know, but the actual lesson you teach is that only their parent knows what is and isn't dangerous and that they themselves can't be trusted to judge it. That is a bad lesson.

Don't get me wrong, we did stupid stuff, like jumping of bridges into rivers and so on. But we were very careful about how we did it, diving beforehand, etc. The real stupid stuff in my youth was all done by other kids that had never learned to judge risks themselves and who in one brazen attempt of rebellion bit off more than they could chew in one go. That landed them in the hospital. My brother and I were the only kids in our friends circle who made it to 18 without having broken a single bone in our bodies, despite being regular skateboarders, snowboarders, climbers, cliff jumpers and all other kinds of borderline insane past-times, some of which don't even have a name.

One aspect: Since my parents had no idea what was on the internet and how to protect against specific dangers lurking within it an educational method that didn't have to rely on them knowing and enumerating every danger in the world proved to be a really smart choice in hindsight. Since the landscapes of social media especially for kids and young teenagers is shifting constantly at a high pace, any parenting ideas would need to keep track of all this as well. I can't even imagine how that would work.

The alternative is to ban everything. But how do they build a healthy immune system if they are never even exposed to the mild dangers first?

The new laws in the US don't require any real verification. Parents who care will just select a flag on device/OS setup that gets passed to websites. They can also just lie if they really want to. In the EU, they are trying to verify age with zero knowledge proofs.

It would be nice if the author actually spelled out the specific weaknesses of those approaches or even just referenced those laws instead of fear-mongering about "spying on kids", but I suppose that would be to much to ask of someone who made a career out of vibes based rage. Ironic that Doctorow is so eager to capitalize on the enshittification of journalism.

The bigger threat to kids is all the browsers now bypassing domain filtering by default, even if you specify a DNS server. There was a time when multiple vendors sold protection software, but apparently some unsavory elements wanted all the browsers to build in DNS bypassing to go around it. The best protection for children is blocking the bad stuff at the DNS level.

If it's stupid but it works it ain't stupid.

here's alternative legislation that should be at least as effective without the mass surveillance aspect:

* as your kid's legal guardian you're legally liable for whatever the fuck your kid does, including but not limited to harming themselves: Parents should care for their kids

* platforms will do their best to not be available to minors unless minors are actually their core audience, will inform monthly how they did that, and the bottom 10% of achievers will pay an escalating percentual of their valuation as fine for each instance where they're found lacking: Platforms should care about kids as a category of people

* posession of personally identifiable information about an unrelated minor by any unrelated person/company without a clear and preapproved reason is grounds for a child abuse investigation on every person anywhere in the chain of custody of said data: Children's PII should be such a hassle to manage it's not worth taking

This is a very strong argument simply put

I also dislike how confident people are in children's technical skills. It's really not hard at all to block VPN's. It's actually relatively easy to block certain content on your internet devices. I get it, kids are smart, but why do we think everyone is a malicious person who also has the ability to bypass all the restrictions?

Perhaps it's the parents who are too dumb to understand how to configure a network?

i was thinking of having a mobile/tablet with kiosk mode and full restrictions on the content.

My solution is simple: Fine companies that allow minors. How you implement that is not my problem! Something that is severely lacking in tech is liability!

What's with the "we can't do that" helplessness that pervades this topic?

> What we call "age verification" is actually mass surveillance

Thank you.

It has never been about "protecting the children" either. That was always a lie - the red herring. Many pointed that out from the get go too.

The much more fascinating thing is how legislation is still being actively changed to sustain that narrative. This is like a pre-scripted event what we are seeing here. I find it quite fascinating. It shows how real lobbyism actually works.

My prediction is that mandatory age sniffing will come, they will continue to claim it is all for children, and the openness of the world wide web will factually be transformed into a two-class apartheid system. The latter has already happened actually - you have walled gardens e. g. discord rather than oldschool phpBB webforums (aka privately controlled access to information), Google already ruined its search engine, AI slop continues to ruin more here. These are all not isolated. This is a deliberate mega-slop attack, combined with payments to key lobbyists. We see a degradation of services here. That they attack VPNs is very logical - after all VPNs allow people to break out of the global ghetto system they are building here. They want to know who is who.

Interestingly I see this attack also related to them trying to abolish the right to repair movement. Now, there is no direct connection here, but right to repair also attempts to put people at the center - you purchased something, you should be able to freely change it to your own liking, without some random private company being able to proxy-deny any change to that. With mandatory age sniffing coming, it also means that people will lose the ability to change software. Recently a university here in Europe started to demand that students must own a smartphone AND must install an app from a private company (via google store) in order to be able to read email sent to them via a webmail account. I also found this fascinating, because now people need to submit to Google, in order to study in a small european country, if they study at that university (which is paid for by taxpayers by the way). These interdependencies will keep on increasing here. Even Linux will fall victim - systemd already added data fields to track your age. More to come in the future despite Poettering's claim that it is all very, very harmless. Until it is not. And then it is too late.

This whole shitshow thread is a bunch of techies coming up with more inane and erudite ways to implement spying on every web activity, but 'technically better'.

And people here are NOT asking why its even needed at all. This is what those ethics classes are for - not asking HOW to make, but whether we should at all.

And invasive country identity level online personas is NEVER something we should ever go for. This is basically "FLOCK ONLINE". And we see how devastating Flock is, even when pigs only have access.

No ID scans. No eyeball scans. No face scans. Im done with all of it.

Security and Privacy are not the same thing.

I'm just gonna say here that all of this, whatever solution whatever unaccountable political group decides is the one, can only be built by tech workers. All of these require fingers hitting keys to produce code to function.

If we unified and refused, it wouldn't happen. It couldn't happen. I am begging my fellow developers in this space to remember that you are WORKERS. The owning class will throw you into the meat grinder with every other worker the second it's convenient to their wealth extraction.

Throw down your tools and say no.

If you find yourself tasked with implementing age verification shit you think is profoundly unethical, don't build it.

If you find yourself building products you know to be harmful, refuse.

If you find yourself put against a wall to ship garbage you know doesn't work to check boxes for some fucking CEO, stop.

We are the tip of the spear in the global effort to make the world more surveilled, more dangerous, less free, and more expensive. We have a CHOICE and we have to start making it.

And yes, it may cost you your job. It'll certainly cost you status. Your boss will hate you. But the last year or so has made it abundantly clear that whatever professional "safety" we feel is not warranted. We are just as replaceable as the delivery drivers who get caught pissing in bottles.

Arab spring, Gaza genocide and genZ revolutions lately has the attention of the oligarchy... The war for youth attention and minds

[dead]

Perhaps save kids from peter file gangsters first? If local police protects child molesters, and government supports it... Very difficult to take this child internet protection seriously!!!

What an exceptionally bad faith way to put this whole thing. A five year old watching hours of the most depraved porn available is harmful to that child. Even if you disagree with that statement, you surely must acknowledge that it is an entirely reasonable opinion to hold and one our societies have generally held to this sort of thing for ages.

I also acknowledge that there is a reasonable debate to be had if the disadvantages to adults and businesses from imposing these rules are worth the harms prevented.

There is also a reasonable debate to be had about the merits of various technical and legal schemes being implemented to achieve these goals.

But this take is neither of those. For one, surveillance isn't the number one harm being prevented (even though, a number of legal codes attempt to make this the case).

As has been pointed out previously, there absolutely can be age verification that is without surveillance. The fact that these solutions aren't always legally mandated and therefore age verification can be used to increase surveillance is a reasonable thing to attempt to amend to the implementations of these laws.