I was sitting in a room the other day with a young adult, we were searching for additional algorithm learning materials. They searched in Google, and accept the cookies. They clicked on a website, and accepted those cookies too. They then started entering their email address to access another service. I was completely taken aback.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
> It is the young people that are growing up conditioned to press accept
It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy.
It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them.
The problem is, we haven't really created a safer world. We created an illusion of safety by taking away agency.
We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught.
Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety.
Growing up I had a "computing" class in high school. It's where I learned to type, but also learned the basics of using both macOS(9 at the time) and Windows.
It was also drilled into me that the default state of anything on the internet is to be untrusted and potentially harmful.
It also helped that you could actually tinker with things, and there were plenty of foot guns around to drill that lesson home.
Somewhere along the way that message got lost and didn't get communicated to the young ones, and I'm not even that old (38).
They'd just click it away every time, when my nephew got a gaming laptop he'd play mindcraft and the windows sticky keys popup would be firing constantly must have seen him dismiss it 15 times before I offered to show him how to get rid of it.
That's an exaggeration. Young people on average have grown up with drastically greater understanding of what a file is than any other generation that has come before them. They grew up using Chromebooks or laptops in school, constantly interacting with the local file systems, uploading files to Instagram and TikTok from the file systems on their smartphones, browsing their phones for files constantly. They know what a file is, they use & manage files more than any other generation prior.
No other prior generation comes close.
Compare them to people growing up in the 1980s. The average person at that time was overwhelmingly oblivious to computing very broadly, their grasp of a "file" as a concept would have been close to non-existent. That was just 40 years ago.
In the mid 1980s a mere 10% of US households had home computers. And that was a high mark globally, it was drastically lower in nearly every other country (closer to zero in eg China, India at that time). The number of people routinely using office PCs was still extremely low.
Today young people have a computer in their hand for hours each day, and they knowingly manage files throughout the day.
I use lights every day, but I know way less about electricity than my grandparents, two of whom who could remember when their town was electrified as children and who therefore treated it as the marvel it truly is. And also because we've worked out a ton of bugs in electricity and it often just works.
My kids will know way less about filesystems than I do, because I had to learn DOS commands to navigate around the operating system if I wanted to play computer games, which led to a lifelong interest in how computers actually work at a level they can (and, so far, do) happily ignore.
Maybe they do more intuitively think of things as virtual objects, but it seems like the issue is they don't have a deeper understanding of how the mechanisms behind the abstractions work and can easily get fooled into accepting terms they wouldn't if they properly understood.
> easily get fooled into accepting terms they wouldn't if they properly understood.
And easily get sold add-on services. How many people hit the 5GB iCloud limit for backups and just pay without stopping to think that it might be possible to do local backups to your computer and you don't really have to pay for extra storage?
Just hit them with the scary language "You are at risk of losing your photos forever if you don't pay!" because that concept of "Oh, photos are just files in a directory and I can copy those anywhere I want" doesn't exist. To many, those photos are part of the gallery app, not a separate file from it and since that app only runs on the phone, surely it must not be possible to copy them anywhere unless I pay for the storage.
There may be some demographic groups located between people who were young during the 1980s and people who are young during the 2020s, time periods which are 40 years apart.
You don’t upload a “file” in a “folder” to TikTok. You upload a “video” from your “library”. Consumers have been conditioned to stop thinking about files especially when it comes to media since iTunes and the iPod in 2001.
And yet, it's the generation that struggles the most with managing files on their work laptops and on SMB shares.
They know app silos, not file system hierarchy. Ask a teenager where a file is on their phone and the will tell you the name of an app. Ask them how to copy it somewhere else, and they'll use the share sheet and send it to another app.
To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions.
The only way to get, e. G., an attachment downloaded via Thunderbird to a PC or another app is the share dialogue. A user does not access to the isolated app storage by default on an unrooted Android phone. For better or worse the young user is actually making the right choice here for their platform.
(This is also why making a backup of an Android phone is a nightmare when you aren't using a first party option. ADB is sometimes able to bypass it)
I mean on iOS you do have a raw home storage path you can save arbitrary binary data stuff to, although Apple generally just has the option of "Save to Files"--but you have at least some basic folder structure there you can use and have full access to.
It's just not commonly used for the reason the other person mentioned (share buttons between apps that are file type aware)
That's also a stereotype. Gen Z (born 1997 to 2012) is roughly 2 billion people. Among them are the technorati, and the tech literate. The influencers and the influenced. It's fair to compare what was available to them growing up, vs yourself (I learned to program before there was Google), but it's hard to say things that are going to be universally true across that many humans that are interesting. Most of them will have two arms and two legs but will most be able to navigate /etc/systemd/user/? Can't say.
Most doesn't event know what cookies too. In fact, most doesn't put extra thought into the things they are clicking/accepting on web.
Because of this, I found it odd that the regulation allows displaying the accept cookies button. Instead, it should be rejecting cookies by default and a separate flow to accept tracking cookies (e.g. via account settings page)
It's not just cookies, it's explicit consent to track you, and sell your browsing history to ~1500 spy companies around the world.
To the sibling comments: don't "accept the cookies" and then delete them.
- - -
I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Not just the web. Last time I installed Backdrops on my phone (a nice wallpaper app), you would literally approve hundreds of uses of your data when you press Consent. Even if you choose to manage choices, 200 'legitimate interest' options are enabled by default. Even when you are a paying Pro user. Data used includes location data.
What makes it worse is that a substantial portion of users block web trackers through an adblocker. However on phones, unless you have a rooted phone or use some DNS-based blocker, all these analytics get uploaded without restraint.
Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Some browsers (e.g. Vanadium, Vivaldi) have a built-in adblocker, so you have to trust one party less.
> How would you implement ability to arbitrarily block any network connection on any website without giving an extension 100% access?
Browsers should provide a filtering option before they makes a request.
IMO a lot of no-brainer options are missing from personal computers. Like the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux). Browsers should provide the ability to inspect, and filter network access, run custom javascript on websites, etc.
What would a safe extension model look like to you?
At some point, you have to implicitly trust someone unless you audit every line of code (or write it yourself) and build everything from source that you run.
This is a solved problem for at least ad blockers for over a decade on iOS. The ad blocking extension gives Safari a list of URLs and regex expressions to block
I remember when it first became widely known that the government could see your library checkouts. People protested. It was a big deal in my tiny town.
I don't even think it would be even a blip on the radar now.
It really is depressing how much ground we've given.
I was just talking about this the other day. This all happened right after 9/11(nevr 4get) and people were fucking PISSED that the patriot act wanted to look at people's library histories. It was a HUGE deal where I lived. Now? Nobody gives a shit and people will trade away their valuable privacy for an IQ test.
My local library is run by the county government, so of course the government can see the checkouts, they are the ones I check the book out from. But they restrict checkout information from others. For example, a parent can see the checkouts of their own children, but not after they turn 13.
Perhaps you're talking about subpoenas? Checking some other libraries I see SF Public Library has some discussion about that, but they delete books from your checkout history once they are returned. https://sfpl.org/about-us/confidentiality-and-usa-patriot-ac...
I do this, more or less, although I am a bit older. It's not as if I enter my real name, address, or email at every opportunity, but there is really no perceptible feedback loop that would force one to contemplate the consequences. I visit my local news site and the first thing I see is a massive cookie banner which lists over a thousand third-party vendors and asks me to either "Accept all", or if I am being prudent, click adjacent button called "Choose" to go to another page, then manually untick dozens of tracker categories, and then click "Allow selection". Whatever I chose, it wouldn't have any tangible impact on my life. I simply do not care.
With uBlock Origin, you would not see such popups.
Also, it may not have an impact on your life, but it sure as hell has an impact on adtech guys' pockets.
I doubt the average person even reads those. They are just "the thing you must click to get on with things". How many of those does a person even see in a day?
People around me (including engineers) all casually use things like Alexa, Google Home, Ring, Nest, Chrome, are always signed into Google, have all sorts of apps installed on their phones, and have no problems giving up their phone numbers to services for verification. It's crazy.
That all random game and messaging sites now wants my kids' passport uploaded to some random 'id verification company' is madness.
But now instead, my 11 year old's Roblox thinks she is 18 because she wore glasses in their age verification webcam tool. And it can't be changed unless she uploads a passport, which I will never allow.
Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
Accept the cookies and flush them out every time you close the browser. I think it would be naive anyway to assume that clicking no on a cookie banner would achieve much for your privacy.
So-called "cookie banners" usually ask for your consent to much more than optional tracking cookies. By accepting you might be giving your permission to e.g. track you through various fingerprinting methods, build a profile and share it with advertising partners.
Because in some legal systems you're required to ask. You're also required to follow fairly specific rules relates to the user's selection and data, though I can't imagine enforcement keeps up with websites breaking those laws.
How so? The law doesn't require cookie banners.
However, you could argue that tracking/advertisement cookies should have been banned completely and that the law is flawed in that it allows for tracking given user "consent".
In Chile they started asking for your National Id with so many stupid pretexts that people got conditioned into just giving it away. It wasn't like this 10yrs ago.
It's technically public information, so collecting Ids is legal, but it's also a universal primary key within the country that allows merging any user-related table you run into.
Retail says it's just to associate it with receipts in case you need that later, but I'd rather just get a photo of the printed receipt for later than rely on them to find my receipt. Supermarkets, Drug stores, and petrol stations tie it to (possible) discounts or points at check-out, which is price discrimination and it's illegal, but we are in our way to get surge pricing as soon as the new US bootlicker president begins his period next week.
> It is the young people that are growing up conditioned to press accept
There is a similar story with Ford and how they build pavement everywhere and taught the young population that roads are for cars. Now we have to drive for 10 minutes to get from one shop on the plaza to another shop on the different plaza.
It was the bikes who fought for pavement everywhere. Cars took it all over. Mud is annoying to walk it, but otherwise humans handle bare dirt just fine.
Does it even actually matter what you do? How many lawsuits/investigations have there been in the last decade revealing that some company or another that swore up and down was following privacy laws, protecting your data, and not selling it actually were. I'm at the point where I figure anyone who wants to track me is, and any privacy pop-ups or the like are just for show.
It's been done for about a generation or two, and that's what people don't seem to realize.
In the early aughts I was sitting in on privacy discussions that reluctantly acknowledged that regardless of what we do online, surveys showed you could offer someone at the mall a free Snickers and they'd fill out the whole form.
The perceived cost to the individual of divulging their personal data is near zero; dangling nearly any incentive in front of them will induce them to let it go. And that's not a new phenomenon.
The fact that you think declining the cookies gets you privacy is the real grift. The fact that you think you're safe from tracking because of a cookie banner
I've been saying this for years. GDPR and Cookie Law were created for big corporations to legitimise data trade where before it was grey area. Now they get consent as people blindly click accept and they can make money. It was never about privacy.
I'm pretty old and was the same as you for about five years, but now I just tick anything, much like the young adults. If they want my info, they can have it. I've not heard a convincing explanation why I, personally, should care
I'm fine with providing my identity for online banking and other finance platforms for legal & taxation purposes.
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
I would say the time to buy mesh networking equipment is now. But it's not like I'm capable of defending the transmitter. So when they come for the VPNs, the VPSs, and encryption, I guess I'll just be out of luck.
(Out of luck = resigned to zero digital privacy. No matter I follow the law and “have nothing to hide” of course.)
Perhaps people will pass flash drives like North Korea or Cuba?
The problem is those self-same authoritarian strongmen are very successfully using sockpuppeting to change national discourses in ways that benefit them and are detrimental to the targeted countries. Hybrid war is real and has been ongoing for more than a decade. LLMs make it way more cost effective.
Being able to limit the influence of external bad actors is the main goal of ID verification. Age verification is a useful side effect that makes it easier to sell to the general public.
Big Tech has had at least a decade to fix this, did nothing of note, and is all out of ideas. Privacy advocates had the same time to figure out a "least bad" technical solution, but got so obsessed with railing against it happening at all, that nothing got any traction.
So governments are here to legislate, for better or worse. They know it's a trade-off between being undermined by external forces vs. the systems being abused by future governments, but their take is that a future authoritarian government will end up implementing something similar anyway.
People trade away longevity for short term convenience. Then when that convenience is shown to be bad/unhealthy people refuse to give up that convenience.
So many aspects of our lives are like this now. People just accept defeat cuz it would mean giving up one click ordering or free return shipping or they might have to look at labels to avoid bad companies.
Honestly I think these age verification laws are blunt instruments responding to the decade of avoided moderation the big platforms have managed to pull off.
I've run ad blockers for years now, but I'm still trying to forget those disgusting zit popping pictures that trended in ads for a while. Or those incredibly stupid life hack shorts, like the one where someone tied a cord around a mug and the hack to get it loose was smashing the cup... that crap made me despair for humanity as much as the Gaza genocide.
But google and facebook convinced the legislators that it would be impossible to keep that chum away from kids on their platform, so the legislators are going with the next option: banning the kids from the platforms.
This is exactly what I am feeling (the title, didn't read). I can't see why I would give a copy of my official id card or a picture of my face to a basic service on the Internet. Seriously ? They do not deserve it. Even my phone number is too much but well Google has it now.
The age verification proposal of the EU tries to do that, the government knows you used age verification (and I think the rough number of times you used it), but they don't know when or where you used it.
See eg. BBS+[1]. Proofs that preserve anonymity are generated locally and neither the verifier nor issuer can determine the user based on these (in scenarios of non PII signals like age thresholds), while still allowing the verifier to validate it's issuer approved.
Steam thinks I was born Jan 1, 1970. Not that I needed to lie when I did my age verification back 15 years ago, I just randomly scrolled the year down and selected one.
As the years have marched on, though, that "birthdate" becomes significantly closer to my real birthday.
Only when chatting in a large channel at work, did I realise nearly 1/3 of the people there also set theirs as 1/1/1970. Which I presume is the first date that phisers will try to enter to reset people's accounts.
I am fully aware that my standard fake birthday is now used by me in some many places, that I have started to have a fake fake birhday. I should really just randomise and store it in my password manager.
But obviously the context of this OP story ruins all that.
When you're 10, a year is a long time, when you're 60 it is not. There's an implicit "relatively" here, which is unusual but not unknown in English. Almost poetic, I like it.
Thanks now I understand. I am "only" 26, but I remember being 20 like yesterday. I can't believe I'm on the second half of the way to 50. COVID lockdowns and responsibilities didn't help.
I feel time has gone faster since I got a job, if that makes sense. Every day yearning for it to be 5o clock so I can check out, every week yearning for the weekend, every month yearning for the last day to get paid. Doing this is just asking for time to be over sooner.
When a 10-year-old registers for an adult website, they pretend they're 100 years old. Their age is 90 years different from the stated birthday. Eighty years later, the birth date is just as far off—but the implied age is now only 10 years off.
I have a date I use that's incorrect, but consistent so I can remember it if I need to, that I use for age verification for anything that doesn't truly need an accurate birthdate (example, age verification to view games on Steam).
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
I'm of the same mind as the author. I can't think of a single online service that would be worth the risk of exposing myself to age or identity verification.
I live in China, where every mobile game requires age verification. Teenagers can play for up to 1.5h/d on weekends. But as far as I can see, some parents will assist their children to unlock more time on purpose.
More like the state (at least in places like USA) cracked down on children roaming freely so now people hide their kids inside playing video games so a Karen doesn't call CPS when mommy has other things to do all day besides play helicopter parent staring down at their kid all day.
Neglect laws are written too broadly, giving too much discretion to CPS to decide what constitutes neglect or inadequate supervision. There have been a couple cases IIRC in Florida where parents were arrested for letting their kids walk/play in parks alone, albeit these were very young children.
Outside of that, there's increased traffic and the US as a whole is way too car centric. Suburbs are horribly designed, and we prioritize moving cars instead of moving people, and any kind of infrastructure design that might slow down traffic, reduce the need to drive, or mildly inconvenience a driver gets shot down.
There is a very real danger of getting killed by a distracted idiot in a car, and that risk is much higher today. I commute on I5 every day for work and every single day I see multiple people, going 80MPH watching tiktoks on their phone on the dash mount, or obviously looking down texting. I can't blame anyone for not wanting their kids running around the neighborhood when we can't even be responsible enough to pay attention when we are driving 2 ton death machines.
Here's one anecdote. I always walked home from the bus. When I tried it with my child, the bus driver would not even release my child on their own, and I was given a timer to pick her up before the authorities would seize her.
On one other occasion I walked with my child (again from the bus) until we got to our own property, then my child and I parted ways while my child walked the long road (our private road) around. A Karen pulled up and interrogated our child for being outside "alone" and I had to intervene before they could resort to calling the authorities.
Either of these anecdotes were absolutely unheard of when I was a kid. I would literally walk around all day alone with a real, loaded gun hunting animals on many occasion including on public roads starting around age 7. I cannot imagine what would happen if you let a kid do that today.
And then there was the other time, I took my child to the park, and the police were called on me, because apparently it is "suspicious" for a child to be out and about with a man of a different race (yes I FOIAd the body cam). I was detained under suspicion of kidnapping while the police terrified me and my child. When I was a kid the police wouldn't get called because the father would never bother accompanying their child to the park. After I was released I just drove off and took her inside to watch youtube.
the private road is part of an easement, so it's not gated
The park incident happened in a very liberal, rich area and the rest happened in very conservative area. The only place I've lived where the Karens and nanny state CPS stuff doesn't seem to penetrate well is black working class neighborhoods because there are so many working single moms that the Karens literally don't have enough hours in the day to snitch out all the "unsupervised" kids playing outside and the balance finally tilts hard enough the kids can have some age appropriate independence
The problem for me is not services where the content is online, you can just avoid those, but cases where access to scarce real resources is controlled through online verification. E.g. renting recording studios, background checks for job applications, things like this. Often there is no route that does not go through a third-party verification service.
I gave a bunch of details of my personal history to a verification service thinking naively that it would be used to prove I was me.
Instead, they didn't know much about me apparently and just stored what I told them.
Then it appears they were hacked because some completely unrelated release of stolen data included all my data, specifically all that data I had provided to that service, that one time.
The Verification Service is the honeypot for your private information. Arg.
And you shouldn’t verify. Many companies offering these identity verification services have ties to the intelligence networks of a country that shall not be named (similar to most VPN services that are supposedly there to protect your anonymity).
When thinking about verifying your identity with a service, you have to ask yourself "what will be the impact to me if everything this service knows about me, every click I've made, everything I've watched/read/uploaded is posted publicly on the internet, attached to my full name, address and photo?". Because those are the very real stakes; if you verify with enough services, this will happen to you.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
How true this is probably varies a whole lot from person to person.
Very few of the things you list are things that I do primarily online (even during the pandemic), and none of those are things that I can only do online.
There are some services where it makes sense. E.g., submitting taxes with the government, logging into the banking website. Apart from that kind of service, yes I don't think I would want my identity or age verified on more or less any website.
I mean, if you live in a country where the state will delegate ID verification to a creepy company instead of having that as an in house capability you have more pressing structural issues to deal with.
Ha! You are concerned about the privacy aspects of IDs but you want me to list what authentication services I use for you? That's too funny to help out with :p
I will never tell my real age if possible. I especially love free forms for entry, because then I can be born in the 1800s. Surprisingly few services have an issue with that.
Related: this[1] current article/thread about privacy-preserving age verification.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
yeah, but wait till you have to id yourself to use online governments service, or do a one hour drive to meet in person with officials. and then if you have to do this four times. i gave up and submited my face to save 8+ hours and inevitably most of people will do the same...
This stuff worries me as one needs to be a hard target when they reach their 80 and 90’s. People do not need personal info out there in the public domain.
The problem for me is that the reason this is needed is that kids are permanently online, completely unprepared for the wild west that is the internet and increasingly effectively raised by the internet.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
Could be worse. OpenAI is asking for ID verification to use Codex 5.3, through Persona, which was just exposed as doing extremely dodgy surveillance stuff.
I encountered my first run-in with an age verification prompt when I went to authenticate into the Claude iOS app. It asked me to use me iOS/iCloud account to confirm myage. It was quick and seamless enough, but even though I'm aware of this trend, it struck me as a bit jarring.
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
Google didn't do anything wrong, they lost their Yahoo and it was the only way they had of verifying their older Gmail. What do you expect, when you don't have access to your recovery method, and it's a free service so it's not like you can prove ownership of a credit card previously used for billing or something? And especially since that was presumably from before the days when Gmail required a phone number, so your recovery e-mail was the only mechanism, and things like 2FA authentication codes didn't exist.
I use multiple "real" identities so I don't have my real name associated with certain open source projects that involve sensitive things like cryptography etc. This is a huge concern of mine.
We’ve had age verification for decades. It just depends on specifically what is being verified. Congress passed Children’s Online Privacy Protection Act back in 1998, that basically made it extremely tedious for websites to serve children under 13 years of age. How did everyone manage this in the early 2000s? Every child simply lied to the website with an incorrect birthdate. Now that was before real name policy was instituted by social networks and it was also common for people to provide a false name to websites. This approach of “asking the user for a birthdate and accepting it as true” is the only age verification method that’s sane.
See, I think, you're not supposed to continue using those services as before. They want them all gone, and so-called age verification is a means to chase away users that are less dedicated.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
People don't like these checks. Ok. But. Parents worry about their kids being exposed to porn and social media. They want someone to do something about it. That political force is real, and someone is going to take advantage of it. What tools can they ask for if not these checks everyone agrees they hate? That's what I hope for in these types of comment threads.
Age and identity verification can and should be done at the country level.
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
Honestly seems like the moral panic of the day. I was just reading about some “red vs blue” school meme in London which led to a lot of hand wringing and parents keeping their kids at home. The kicker? There was no actually school battles, it was a viral meme (mostly consumed by adults) and the kids just thought it was a joke.
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
The most relevant question to answer for your jurisdiction is "What is the penalty for lying?"
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
I also wish it were not true. I was a Hannah Arendt, Philo, and Jospehus fan. The digital prison wanters are the digital prison wanters unfortunately. Alas, the numbers speak for themselves.
I also specifically pointed out India. It is they who are going for the the tech stacks via strategic attempts to shift the learning curves so that only full time employees can keep up with open source technologies.
I am not justifying myself to you, merely pointing out the plot points for the AI summary fans
Enforcing laws against porn companies distributing porn to minors seems reasonable. It's already illegal many places, such as the US. It is then their responsibility to gate by age. It has always worked this way for liquor stores or basically anything else age-gated, including some online services like poker. If you dont want to provide age verification you don't have to.
There is a difference between a liquor store checking your ID, and a liquor store scanning your ID, appending it to a record of your purchase, and uploading it to a service to be processed by third parties (such as insurance companies, perhaps).
(In the US, the latter occurs more often than you may expect.)
When I buy liquor (well, I don't drink anymore, so THC seltzers), the liquor company isn't saving my ID to my profile and then following me around everywhere I go for the rest of my life shouting "This is MALFIST, he's 42! He buys alcohol! He also visited X Y and Z last week and had interests in A, B and C. He's annual income is six figures and buys expensive bourbon."
Not yet anyway. But there's nothing much stopping Google to offer a "verification" service to "help combat fake IDs" using a web connected camera at the till.
You can absolutely buy for instance tobacco, cannabis by the pound ("CBD" but actually ~20+% THC[a]), explosives(tannerite), alcohol (wine), and guns (black powder, or perfectly functional cartridge pre-1898) completely legally online without ID check. It's really not a problem, which is why most people probably haven't heard of it being one or even realize all can legally be bought online without ID.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy.
It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them.
> It's not hard to see why though. They grew up with app stores & locked down devices.
When we create a safer world, people’s defense mechanisms naturally atrophy or are never developed in the first place.
We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught.
Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety.
It was also drilled into me that the default state of anything on the internet is to be untrusted and potentially harmful.
It also helped that you could actually tinker with things, and there were plenty of foot guns around to drill that lesson home.
Somewhere along the way that message got lost and didn't get communicated to the young ones, and I'm not even that old (38).
No other prior generation comes close.
Compare them to people growing up in the 1980s. The average person at that time was overwhelmingly oblivious to computing very broadly, their grasp of a "file" as a concept would have been close to non-existent. That was just 40 years ago.
In the mid 1980s a mere 10% of US households had home computers. And that was a high mark globally, it was drastically lower in nearly every other country (closer to zero in eg China, India at that time). The number of people routinely using office PCs was still extremely low.
Today young people have a computer in their hand for hours each day, and they knowingly manage files throughout the day.
My kids will know way less about filesystems than I do, because I had to learn DOS commands to navigate around the operating system if I wanted to play computer games, which led to a lifelong interest in how computers actually work at a level they can (and, so far, do) happily ignore.
And easily get sold add-on services. How many people hit the 5GB iCloud limit for backups and just pay without stopping to think that it might be possible to do local backups to your computer and you don't really have to pay for extra storage?
Just hit them with the scary language "You are at risk of losing your photos forever if you don't pay!" because that concept of "Oh, photos are just files in a directory and I can copy those anywhere I want" doesn't exist. To many, those photos are part of the gallery app, not a separate file from it and since that app only runs on the phone, surely it must not be possible to copy them anywhere unless I pay for the storage.
They know app silos, not file system hierarchy. Ask a teenager where a file is on their phone and the will tell you the name of an app. Ask them how to copy it somewhere else, and they'll use the share sheet and send it to another app.
High adoption doesn't equate to high literacy.
To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions.
The only way to get, e. G., an attachment downloaded via Thunderbird to a PC or another app is the share dialogue. A user does not access to the isolated app storage by default on an unrooted Android phone. For better or worse the young user is actually making the right choice here for their platform.
(This is also why making a backup of an Android phone is a nightmare when you aren't using a first party option. ADB is sometimes able to bypass it)
It's just not commonly used for the reason the other person mentioned (share buttons between apps that are file type aware)
Because of this, I found it odd that the regulation allows displaying the accept cookies button. Instead, it should be rejecting cookies by default and a separate flow to accept tracking cookies (e.g. via account settings page)
To the sibling comments: don't "accept the cookies" and then delete them.
- - -
I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
We need a browser with a safe extension model.
What makes it worse is that a substantial portion of users block web trackers through an adblocker. However on phones, unless you have a rooted phone or use some DNS-based blocker, all these analytics get uploaded without restraint.
Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Some browsers (e.g. Vanadium, Vivaldi) have a built-in adblocker, so you have to trust one party less.
But the browser also has 100% access to all of the websites. The browser is software that works for you. You control the browser.
Who but yourself do you imagine controls your extensions?
Browsers should provide a filtering option before they makes a request.
IMO a lot of no-brainer options are missing from personal computers. Like the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux). Browsers should provide the ability to inspect, and filter network access, run custom javascript on websites, etc.
At some point, you have to implicitly trust someone unless you audit every line of code (or write it yourself) and build everything from source that you run.
I don't even think it would be even a blip on the radar now.
It really is depressing how much ground we've given.
My local library is run by the county government, so of course the government can see the checkouts, they are the ones I check the book out from. But they restrict checkout information from others. For example, a parent can see the checkouts of their own children, but not after they turn 13.
Perhaps you're talking about subpoenas? Checking some other libraries I see SF Public Library has some discussion about that, but they delete books from your checkout history once they are returned. https://sfpl.org/about-us/confidentiality-and-usa-patriot-ac...
But now instead, my 11 year old's Roblox thinks she is 18 because she wore glasses in their age verification webcam tool. And it can't be changed unless she uploads a passport, which I will never allow.
Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
It’s naive to think that cookies are the only tool used for tracking, but they are the most powerful tool for web based tracking.
Accept everything, the end the session.
That said even with throwaway relay emails I don't sign up to much
It's technically public information, so collecting Ids is legal, but it's also a universal primary key within the country that allows merging any user-related table you run into.
Retail says it's just to associate it with receipts in case you need that later, but I'd rather just get a photo of the printed receipt for later than rely on them to find my receipt. Supermarkets, Drug stores, and petrol stations tie it to (possible) discounts or points at check-out, which is price discrimination and it's illegal, but we are in our way to get surge pricing as soon as the new US bootlicker president begins his period next week.
There is a similar story with Ford and how they build pavement everywhere and taught the young population that roads are for cars. Now we have to drive for 10 minutes to get from one shop on the plaza to another shop on the different plaza.
In the early aughts I was sitting in on privacy discussions that reluctantly acknowledged that regardless of what we do online, surveys showed you could offer someone at the mall a free Snickers and they'd fill out the whole form.
The perceived cost to the individual of divulging their personal data is near zero; dangling nearly any incentive in front of them will induce them to let it go. And that's not a new phenomenon.
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
I would say the time to buy mesh networking equipment is now. But it's not like I'm capable of defending the transmitter. So when they come for the VPNs, the VPSs, and encryption, I guess I'll just be out of luck.
(Out of luck = resigned to zero digital privacy. No matter I follow the law and “have nothing to hide” of course.)
Perhaps people will pass flash drives like North Korea or Cuba?
Being able to limit the influence of external bad actors is the main goal of ID verification. Age verification is a useful side effect that makes it easier to sell to the general public.
Big Tech has had at least a decade to fix this, did nothing of note, and is all out of ideas. Privacy advocates had the same time to figure out a "least bad" technical solution, but got so obsessed with railing against it happening at all, that nothing got any traction.
So governments are here to legislate, for better or worse. They know it's a trade-off between being undermined by external forces vs. the systems being abused by future governments, but their take is that a future authoritarian government will end up implementing something similar anyway.
So many aspects of our lives are like this now. People just accept defeat cuz it would mean giving up one click ordering or free return shipping or they might have to look at labels to avoid bad companies.
I've run ad blockers for years now, but I'm still trying to forget those disgusting zit popping pictures that trended in ads for a while. Or those incredibly stupid life hack shorts, like the one where someone tied a cord around a mug and the hack to get it loose was smashing the cup... that crap made me despair for humanity as much as the Gaza genocide.
But google and facebook convinced the legislators that it would be impossible to keep that chum away from kids on their platform, so the legislators are going with the next option: banning the kids from the platforms.
I'd be curious how that might work as I haven't yet seen a zero-trust age verification system.
https://ageverification.dev/av-doc-technical-specification/d...
[1] https://news.ycombinator.com/item?id=47231456
As the years have marched on, though, that "birthdate" becomes significantly closer to my real birthday.
I am fully aware that my standard fake birthday is now used by me in some many places, that I have started to have a fake fake birhday. I should really just randomise and store it in my password manager.
But obviously the context of this OP story ruins all that.
I understand there's a clever phrasing here but I didn't get it. English is only my second language.
I feel time has gone faster since I got a job, if that makes sense. Every day yearning for it to be 5o clock so I can check out, every week yearning for the weekend, every month yearning for the last day to get paid. Doing this is just asking for time to be over sooner.
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
I suppose idea is that Chinese women will stay at home with the child so the state doesn't have to provide any help?
Outside of that, there's increased traffic and the US as a whole is way too car centric. Suburbs are horribly designed, and we prioritize moving cars instead of moving people, and any kind of infrastructure design that might slow down traffic, reduce the need to drive, or mildly inconvenience a driver gets shot down.
There is a very real danger of getting killed by a distracted idiot in a car, and that risk is much higher today. I commute on I5 every day for work and every single day I see multiple people, going 80MPH watching tiktoks on their phone on the dash mount, or obviously looking down texting. I can't blame anyone for not wanting their kids running around the neighborhood when we can't even be responsible enough to pay attention when we are driving 2 ton death machines.
On one other occasion I walked with my child (again from the bus) until we got to our own property, then my child and I parted ways while my child walked the long road (our private road) around. A Karen pulled up and interrogated our child for being outside "alone" and I had to intervene before they could resort to calling the authorities.
Either of these anecdotes were absolutely unheard of when I was a kid. I would literally walk around all day alone with a real, loaded gun hunting animals on many occasion including on public roads starting around age 7. I cannot imagine what would happen if you let a kid do that today.
And then there was the other time, I took my child to the park, and the police were called on me, because apparently it is "suspicious" for a child to be out and about with a man of a different race (yes I FOIAd the body cam). I was detained under suspicion of kidnapping while the police terrified me and my child. When I was a kid the police wouldn't get called because the father would never bother accompanying their child to the park. After I was released I just drove off and took her inside to watch youtube.
None of those are true in my area, and how did the "Karen" even get to your child on your private road?
The park incident happened in a very liberal, rich area and the rest happened in very conservative area. The only place I've lived where the Karens and nanny state CPS stuff doesn't seem to penetrate well is black working class neighborhoods because there are so many working single moms that the Karens literally don't have enough hours in the day to snitch out all the "unsupervised" kids playing outside and the balance finally tilts hard enough the kids can have some age appropriate independence
Instead, they didn't know much about me apparently and just stored what I told them.
Then it appears they were hacked because some completely unrelated release of stolen data included all my data, specifically all that data I had provided to that service, that one time.
The Verification Service is the honeypot for your private information. Arg.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
(“what will be the impact to me”)
> And… the answer is “none”.
> At least, none that I can think of at the moment.
Think back to the recent pandemic.
Work? Online. School? Online. Recreational activities? Online. Talking to loved ones you don’t live with? Online. Birthday party? Online. Nonfood shopping? Online. Banking? Paying taxes and bills? Online. Job interview? Doctors appointment? Online. Dating? You guessed it, online.
The internet’s a big thing these days.
Very few of the things you list are things that I do primarily online (even during the pandemic), and none of those are things that I can only do online.
and remember its like ratchet. there might be 99% of services that use inhouse face id, and its enough to have only one to leak your data.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
[1] https://news.ycombinator.com/item?id=47229953
The question I'd ask myself is; who would _I_ trust to implement privacy preserving verification?
The only answer I can come up with right now is; myself. I would trust myself.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
It's honestly a reason why I don't use the service.
Banking, taxes, treasurydirect, linkedin, docusign, online filing,
Right now all those are tied to my gmail account.
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
1 - 1 - 1970 is always mine - Unix zero
Offline there is a reason for that, online are enough countries where it breaks the law if you sell without verification at least for NC-17 titles
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
I don't understand how this is even an issue.
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
I also specifically pointed out India. It is they who are going for the the tech stacks via strategic attempts to shift the learning curves so that only full time employees can keep up with open source technologies.
I am not justifying myself to you, merely pointing out the plot points for the AI summary fans
(In the US, the latter occurs more often than you may expect.)
I'm in the UK, I'm normally connected through a VPN these days.