The Norwegian Consumer Council published a report last week on commercial exploitation of children and adolescents online which included a warning against technical blocking of digital services. I found their reasoning against age verification in this context to be well informed, and think it is also relevant here:
> There are many ongoing discussions about whether to introduce technical measures to block or remove children and adolescents from certain digital services. In the report, the Norwegian Consumer Council cautions against rushing into such measures, and presents numerous principles that any such solutions must adhere to before potentially being implemented.
>–Age verification may seem like a relatively simple technical solution to a larger problem, but involves significant challenges related to the rights of children and adolescents, including privacy, social and political participation, and the possibility to seek information, says Inger Lise Blyverket.
>–It is also important to note that introducing such measures would require everyone to identify themselves online, which could mean that people over the age limit are exclud ed. Many adolescents will also likely be able to circumvent such technical barriers.
>Before considering introducing such technical barriers, several criteria must be fulfilled. This includes, among other things, that the use of an age verification system is proportional to the problem one wants to solve, does not lead to the exclusion of vulnerable groups and individuals, and that it safeguards security and privacy.
Press release in English: https://www.forbrukerradet.no/siste-nytt/tech-companies-must...
> It is also important to note that introducing such measures would require everyone to identify themselves online, which could mean that people over the age limit are excluded
This seems like a solvable problem. Imagine there is an age verification authority that people can use to prove their age (upload a drivers' license or something). Websites can issue a cryptographic challenge for age verification that does not include the details of the website. The user then completes the challenge at the verification authority and is issued a token (that does not include the true identity of the user) proving they meet the required criteria. This way, the users' online activity is shielded from the verification authority and the users' true identity is shielded from the website.
Of course, none of this solves the problem of having someone else log in for you but that's a different issue.
What happens when, as a service provider you need to verify users in 190 different countries? That's at least 190 different age verification platforms you might need to integrate with. Probably 50 just for the USA.
These regulations do not necessarily apply only to the major platforms. If you run a phpBB forum in Australia with a few dozen old guys discussing steam trains, you will also be in scope of Australia's proposed regulations; that is a "social media" platform.
Don't worry, we'll all fight tooth and nail against any sort of compromise we can live with [1], until compromise if off the table and the worst case scenario is shoved down our throats.
[1] Anonymous attestations by trusted authorities. IE a Login.gov service that returns a token indicating that the user is an adult without providing identification details about that user.
I absolutely cannot "live with" any system where I have to provide my identity to a government service in order to receive a token that lets me access websites, or to live in a world where publishers need to integrate with such a government service.
Your compromise sounds far worse to me than all the bots, extremists, vulgarity or whatever other problem it's supposed to solve.
Done correctly, the government entity would be one that already knows your identity and age, and the website would not interact directly with that government entity. They would only interact with you, when you give them the thing you got from the government entity that certifies your age.
Again, if done correctly, the thing you give them is not the actual thing you got from the government but rather the result of running that through a transformation. The transformed token can still be recognized as certifying your age, but if given to the government entity they would not be able to tell which token they issued it is based on.
Based on the answers below I think yes you are perfectly right: we will be forced with the absolutely worst solution ever because apparently no smart engineer will want to invest into anything less that the perfect anonymization solution. So the leadership will say "ok fine then ID it is" and that's that. Thanks to everybody for their moral high ground, it always helped.
This is a great way to tackle the problem! It also would go a long way to fighting bots, and the government has no way of directly linking identity with the online activity.
>the government has no way of directly linking identity with the online activity.
I am so tired of the naivete that just because something isn't direct somehow translated to "we're safe from the possibility of". Especially from amongst an audience presumably composed of people who deal with manufacturing layers of indirection on a day-to-day basis.
Lets just do a thing that leads to a bad outcome. Don't worry, it doesn't directly lead to a bad outcome. You just need to aggregate a few other things first! 2 years later Oh my goodness, how could anyone have forseen someone would implement the requisite integrations with the right channels of indirection to cause the bad thing to happen!
Besides which, the described service, (provisioning a token signifying that the bearer is... Well... Anything really) without at some point on the backend having sufficient connection to a person in the data with whom you are claiming the assertion represented by your is true, and by extension, is capable of associating online traffic utilizing said token with a bearer identity is no different than just believing when the client clicks a button saying "yup, totes that". It is a non-solution. It does not solve the actual problem. You can't and nor should you even attempt to solve the stated problem. You're just mild inconveniences for the chance at creating slightly more remote, but far more severe problems.
Hilarious: The proposed age verification app, which has already been dubbed on social media as “pajaporte” — an amalgam of the Spanish words “paja” (to jerk off or wank) and “pasaporte”. I wonder if there will be a trading system setup too like carbon credits trading so if you dont need a wank for a day or two you can sell them to someone who needs a few more.
Lobbying from "Big Tech" against legislation that could interefere with their profits.
https://news.bloomberglaw.com/tech-and-telecom-law/big-tech-...
Aguably the so-called "tech" companies running "video sharing platforms", i.e., thinly-veiled surveillance and data collection operations, already know the age of users, among other things. If they did not have this information then how could they sell targeted advertising.
Remember when "Big Tech" companies told the government they could "self-regulate". Not when it reduces their profits.
There are currently git repositories that contain domains that share malware, scams, annoying advertisements, etc... Will there be repositories for sites that force Age Verification or Digital ID's? If so I would gladly use it in combination with my local DNS to outright block such sites. I like the multiple formats of 1Hosts [1] so that anyone can use it without having to modify the format.
Face recognition of age has been used by Tencent on mobile since 2021.[1][2]
Age recognition as a service is available now.[3] Mean error is about 1.3 years for 13-17 year olds.
[1] https://www.theverge.com/2021/7/9/22567029/tencent-china-fac...
[2] https://www.nytimes.com/2021/07/09/business/tencent-games-us...
Given how persistent the attempts are to push this by various govs it seems reasonable to conclude that the answer to the title question is yes.
Worse I don’t think digital id is the end goal but rather pervasive identity across all spheres of life like some countries already have. It’s a uniquely powerful tool to control a population. It actively alters behaviour. Bit like you’re not likely to do something that’ll mess up your credit score
A company that KYC all 855 partners? Now give me a year or two to verify all of them myself and then maybe come back to accept your cookie banner ...
No other comments as I'd be guessing the content from the title.
VPNs and bye bye.
That’s for now. Look at what they did in Brazil—they banned the use of VPNs and threatened anyone using one with jail time.
Not even Russia and China jails for VPN use for now. Hats off to Brazil I guess..
is it working? i avoid these types of things at all costs.
i think the subtle push to mobile phone based mias is the real mass rollout of digital ids.
Norway has been discussing age verification for social media sites.
I keep getting told Republicans are all for "Freedom". Individual Rights.
Then they turn around and want 'show me your papers' laws.
Require ID's.
Digital Tracking.
"Require IDs" for what? That seems like very important context here?
Showing a driver's license to a police officer when stopped for a traffic violation seems reasonable to me. Showing a passport when crossing an international border seems reasonable. Showing some sort of ID to vote seems reasonable. Showing some sort of ID to receive social security or some other government-issued money seems reasonable. Showing a hunting or fishing license to a game warden seems reasonable.
But showing a government ID to access a website or post something online or walk down the sidewalk or buy something from a store would all seem unreasonable, dystopian and police-statey.
Examples:
Show your birth certificate to use a bathroom. (that is only for them? lot of old people I can't tell if they are male/female, better check their documents) (NC law, struck down during Democratic times, now back on table)
Carry proof of Citizenship at all time's. (that is only for non-citizens? Really, everyone needs proof or how do authorities know?) (Arizona Law, struck down during Democratic times, now back on table)
Once you are trying to target one group, you actually impact everyone, because, everyone needs the IDs to prove they aren't in the targeted group.
The Republican platform is small government except for military and violent enforcement of (mostly property) law. It's a consistent worldview if you want private industry to own most of society, and fund security services for them with taxpayer money. Very pro-business. So "freedom" in this mindset is "freedom to pursue business free from government interference, and with government assistance," not so much day-to-day freedoms. Except for guns, which you need to be free to own to defend yourself from hypothetical government overreach and petty theft.
Political parties differ only in stated platform on a poster they pay lip service to. You have to look at their actions, and if you do, you will recognize that both share a single overarching goal. The accretion of power at the highest level and widest scope possible. It's really not even two parties in that regard.
ugh, I’d hope not
I have integrated digital identity solutions like eIDAS compliant government products or Mastercards offering and can tell you that there is absolutely nothing nefarious about them. All service providers really want is to reduce fraudulent sign-ups/logins and in the deepfaked future there is just no way around digital-identities.
At worst, with a bad implementation, to steal someone's digital identity you need to steal their smartphone and be able to fully unlock it -I don't even know if any solution really is that bad! At best, you need to provide your live face. I just checked, for Austria, on iOS the governments app requires Face ID for example. For the privacy minded: No biometrics online, just offline, local Face ID! Stealing my phone and knowing my lock key is not enough! Some other governments might offer online authentication-via-face+liveness solutions though, which are also safe, but more of a privacy concern.
One more thing: All those solutions offer a way for a service-provider to just ask for a service-provider-specific persistent identity + age verification only. No name, birthday, selfie or cross-service identifier necessary!
tl;dr - the reptilians are not stealing your identity and biometric information, this is not the mark of the beast and this makes services more trustable, safer and cheaper to use.
> All those solutions offer a way for a service-provider to just ask for a service-provider-specific persistent identity
Even if working solely as advertised, and somehow implemented flawlessly without compromising a user's right to modify their device, I think the stated goal itself is contentious. Alt/throwaway accounts are a useful (and for some, necessary) tool for maintaining privacy. I do not want identity-bound "rationing" of certain types of online content, nor do I see elimination of "unlawful account sharing" as a positive.
Age verification doesn't have to be in conflict with anonymous accounts.
I agree - but a persistent identity (which is what the comment I'm replying to is advocating) would be. Need to be careful not to use it as an excuse to create a digital ID system.
You're missing the point. This isn't reptilians siphoning your DNA and iris scans, it's an attack on digital freedoms. Your phone can verify your identity privately and offline, sure. But only if the party you're attesting to trusts your phone isn't lying about your age. In other words, the only way the scheme works is if users don't control their devices. Want to go online? You have to use a locked down industry-approved terminal device (Google's Android, Apple computer, Windows 12 with a TPM or whatever). It completes the erosion of end-user control of the means of computation. Three companies will dictate all software you're allowed to run on modern hardware, attempts to run your own stuff will fall afoul of anti-DRM circumvention laws and be a felony. All software development, even basic automation and scripting, will be relegated to hobbyist programmable microcontrollers and cloud VMs. This is the future we're gunning for full-speed-ahead, with basically no push-back. What should've been an empowering technology brought to the masses, allowing free-form problem solving, communication, and collaborative solution building has been near-totally dominated by barely-functional opaque push-button solutions and constricting walled gardens. I chalk it up to a total failure of education to teach people how powerful computing can be to solve everyday problems, combined with a concerted effort by tech companies to teach helplessness in pursuit of profits.
Do these people really really want to leave behind a world of mass surveillance?
Are they uneducated (no way), sinister or what?
I am legitimately baffled. You can have one psychopath pushing for mass surveillance and corrupt or cowardly people will follow suit.
But for this kind of asinine and borderline insane behavior to emerge in multiple places at once?
I used to firmly believe in online anonymity, but not any more. If you have an opinion, have the courage to stand behind it. People going to Nazi rallies are the ones covering their faces after all. Now in thr age of LLMs having digital IDs may be the only answer to the dead internet anyway.
Absolutely not. Thoughts should be free to exchange, and independent of who says it. The "Nobody knows you're a dog" aspect of the internet is not a joke, but a serious advantage. Having a - even multiple - self-chosen personas is a big step-up from classical societal norms. We should not revert back.
Indeed. On the other hand, it takes very little for an idiot to come to power. And it's very handy having everyone wearing the star of david in a nice parseable list isn't it?
This is a fair point.
What a weird thing to say under a pseudonym, bad_haircut72.
You can suffer negative consequences for far less. Society is very polarised, if your opinion is even slightly outside a group's Overton window, they'll try to deplatform, harass, cancel or SWAT you.
A similar tendency is also observed with governments too. (Durov, anyone?)
A fairly inconspicuous personal example: I have had people on the internet act very despicably simply due to me mentioning my age. Anonymity/pseudonymity in these times is vital.
Eh, I just don’t want my very innocent hobbies (hi-fi, games) to be associated with my main online persona
Why?
Just because it’s my deal
Digital IDs during covid: World says yay
Digital IDs when accessing porn: world says nay.
What specifically did you need to provide digital attestation of age from a verified government entity for during covid? Am Canadian, we had vaccine passports that were a QR code linked to your vax status but it wasn't required for the web.