Why is checking age at os-level that bad?
Don't get me wrong, I'm all for privacy. But between setting up the birthdate when creating my children's local account on their computers, and having to send a copy of their ID to every platform under the sun, I'd easily chose the former.
I'd even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
You aren't setting up your childrens accounts. You're setting up your accounts to show that you're not a child. And suddenly, every single thing you use, from apps to websites, is gatekept behind an API that is controlled by the government. If checking age on social media is all it ever does, then sure, whatever. But that isn't all it will ever do. It will creep further and further, and the details you need to provide will increase, one shitty government term at a time. And then one day, they'll able able to decide that people in your country shouldn't be able to see safe sex information, or abortion information, and the framework to deny the whole country access is already there, and just one small tweak away from locking you out of information that is deemed inappropriate.
You're forgetting an important detail: you submitted an official ID to prove your age. Which means your face, address, and legal name are also on record. So every time you get age-verified, you're basically checking in with your full legal identity, leaving a breadcrumb path across the Internet of everything you do. That data can be used to track your online activities and build a database on who you are as a person, based on the things you access.
THIS is why age verification is a terrifying thing for computer access. It's a form of government tracking that should be illegal. Cops can't legally barge into your home anytime they want and go through your stuff. They can't take your computer and scan it for data collection. Not without a court order.
With age verification embedded within your OS, it won't matter if there's a court order or not. If your computer is connected to the Internet, you've just publicly broadcast all your data to the world, and anyone - cops or not - can tap into that data and build a profile on you. You don't even need to be browsing the Internet; if your OS is verifying your age, it could also be broadcasting that verification for every program you use locally on your computer. None of your data is safe; it's all tied to your legal identity and trackable.
I wasn't forgetting it. As it stands, at the OS level, you aren't supplying anything to prove your age. It's just a data field that software can read. And my point was that if that field, and social media was all it ever was, then, it's not great, but I can understand why the OP isn't too upset by it.
My point was more that it will never be just that.
Thats not what the current OS-level age gating is though. Its literally pick what age the account user is on account creation. You could set yourself to be 120 and that would be valid.
“current” is not what the lawmakers are thinking of though.
Nice to see lots of downvotes for stating factually correct statements while the parent post is literally all conjecture based on "well they would do that wouldnt they?" but is upvoted.
If they were planning on doing ID verification for this why would they take this half step? It doesnt make it easier for them down the road, if anything it makes it harder as there's the ability to say "but we already have that". If the plan was to mandate face ID why wouldnt they just go straight for that like the UK and Australia have for porn?
https://en.wikipedia.org/wiki/Boiling_frog
And there are several states that do have the age thing for porn here in the US, the biggest of which is Texas.
So exactly the same argument, while referencing an experiment where the frogs did jump out of the boiling water unless they were lobotomised. Very convincing.
C'mon, don't be that dense, it's is a metaphor explaining that people are more likely to accept change if done gradually as opposed to all at once.
Look around. Think of the average person, half of the people are below that person's intelligence and a good number of them vote.
No, I don’t believe you’re actually this stupid, sealion
It seems obvious to me that, invasive as it is - an OS-level "are you 18 yes/no" check at installation would not satisfy the "protect the children" crowd at all, nevermind too that immediately when/if it goes into action - every single user would suddenly have their OS downgraded to the kiddy-level unless they declare their age.
This is perfectly reasonable, but my feeling is that the real world isn't reasonable in this way.
Consider all the infractions of liberty that have been approved in the name of combating "terrorism." The no-fly lists. The universal warrant-less searches. All domestic communications recorded and archived for who-knows how long. The pervasive surveillance. The huge extension of CBP power to do things like raid Greyhound busses that aren't even crossing borders.
None of these steps were prevented with the argument "But we're already doing something about that issue." That argument never even came up, to any noteworthy degree, in the public discourse.
Look at it this way: All sorts of websites that aren't for kids already have banners requiring the visitor to affirm that they're legal adults. So, we're there: "We already have that." But no one is seriously making that argument. Because, of course, those banners do next to nothing: Visitors can just lie. So it will probably be for OS level age verification. Thus, in creating a system that doesn't work, the excuse for extending the system, to exert more control in the future, is built in from the start.
People who are interested in asserting more control over others are never content with the amount of control they have. They always want more. It is the gaining of more control that motivates them.
I actually used this same example further up. Yes the GWOT made some terrible legislation that has done real damage, but it wasnt a slippery slope. They didnt make laws a little bit invasive but generally ok before slowly nudging it further until it got to the point where it was able to be used for ill. They went in hard and fast with abusable legislation which could be criticised for what it actually was, not what it would lead to in further legislation down the line (and it was criticised at the time).
I disagree.
There was a certain (large) amount of government surveillance and eavesdropping going on before the GWOT, which was used as an excuse to massively expand it. There was already inspection and security and traveler record-keeping at airports before the GWOT, which was used as an excuse to expand those. CBP had long had the legislative authority to do all kinds of nastiness within 100 miles of a border before the GWOT, which was used as an excuse to step their activities up, to legal limits and beyond.
In every case, an initial claim of urgent, exceptional authority was used to create both the physical infrastructure and the cultural permission required to make later, expanded claims of urgent, exceptional authority much easier to implement when an excuse presented itself. That is the slippery slope, we really slid way down it, it's a real phenomenon. It doesn't have to be smooth or gradual, it can happen in jerks and waves. It doesn't have to come as a result of a plot, a plan, a deliberate conspiracy, it can be an accretion of individually opportunistic acts.
mlem is not showing me votes. so dunno what you are talking abt.
my point is that we have laws already that are perfectly appropriate to the “concern” stated, “child safety.”
any new laws will only give more access to important data to corporations who are known to do bad things with it.
that does not make it worth it. my opinion would change if there was a legit large inrush of charges using exiting laws that then did nothing to help, then one could argue we need more law. but thats just not the case today.
You are a sealion. “Factually correct” but still acting like a shitbird
Funny huh
“You gave us that previous bit of private information what’s a little bit more. You can trust us”
Yep. This is pretty much it. Require having popular operating systems to have child accounts as an option would be reasonably ok. But regular accounts shouldn't need any verification. ID checks wouldn't need to be anywhere near this either. Its on the parents, they didn't setup a child account? They are to blame.
Won't someone think of the poor bigots! They're getting banned without getting to defend their bigotry!
Ada is a fantastic admin and she does an incredible job keeping shitty people off of blahaj.zone. Sounds like you're mad you got banned for being shitty.
Modlogs are public, and come with removal reasons
I haven't banned any blahaj based accounts with that ban reason in the last 12 months.
To give a summary of the remote accounts I've banned in that time though...
There were a couple of accounts that had been deleted, and no history was available. And a couple of accounts where content was removed, and/or a community ban was implemented, but no other instance bans.
I'm quite happy to stand by all of those bans. And if you aren't sure why they're ban worthy, well, banning you was the right choice...
Because they don't care about your age. They want to tie you to your ID, so everything you say and do online can be tracked and tied to you as a person.
Meanwhile the leader of one of their countries has raped women and teenagers and even a couple of children, but they don't do anything about it. But you can be jailed for decades for seeing a picture or video of it. But the actual act? They don't care about that. (I'm saying you can be jailed for simply seeing CSAM online, but if you're a billionaire actually doing the things, you won't be tried for the actual CSA being recorded.)
So as you can see, it's not your age, but your identity.
Most people think the Nazis only locked up Jews. Some realise they also locked up minorities. Historians know it was also anyone who disagreed with them. Anyone who spoke out against them. Anyone who wouldn't wear the armband. And they're afraid history will repeat. And they're right to be afraid.
They started with the impoverished, queer, and disabled.
This is how they move the goalpost. They changed the argument.
You currently can just create a local account - period. It's yours. No tracking. No personal info.
But now you're accepting that you're willing to give a third party information, even just a little.
The next argument is: "If giving your age is okay, why not your home address?"
This is what police do to fish information out of you.
In a era where privacy conscious people don't even connect their TV to the internet... This is okay to you?
You went from "Why do they want my information?"
To
"I'm not concerned with sharing my age. But how should we do it?"
And that itself is the root issue.
Also this goalpost will move almost immediately. What if the parent doesn't understand why the OS is asking for a DOB and they type whatever? What if the parent doesn't log out and the kids use the adult account? What if the kid is really smart and bypasses the check (I think this could actually get bypassed easily)?
Rather than rolling back this rule they'll just go even further and say the OS must analyze every action and utilize every input (e.g. microphone, camera) to determine the age of the current user and that controls need to be at the hardware level and OSes need to get state certified, etc. Before long only Windows, Apple, Google, and maybe RedHat can comply. An entire community of Linux enthusiasts destroyed. And as some bills have stated, rather vaguely, this can apply to something as simple as a calculator!
Which we have already seen with content ratings. Instead of using the rating to inform themselves on what content to allow their child, they basically relied on the retailers/theatres not selling access to people below the age.
My calculator doesn't need to know how old anyone is. Nor does my refrigerator. I suppose a case could be made for a router if you are all onboard for age gating everything privacy and freedom be damned. An OS isn't just Mac or Windows... the CA law is just so so dumb as written that I have zero faith in anything from Silicon valley.
At least my printer already has a scanner I can put my ID into. How am I going to tell my smart fridge, that I'm not too old for the snacks with cartoon characters on the wrapper?
Voice recognition with the latest brainrot phrases built in, grouped by generation.
"That's gnarly, bro" - Millennial
"Skibidi Ohio Toilet brah" - Gen Z
"6 7 6 7” - Gen Alpha
Will you be allowed to lie about the age? If yes, then it's a pointless law. If no, then whoever is checking needs to have more control over your device than you do, DRM style. That's gives them an entry point through which they can put whatever they want without you being able to control it.
The Califirnia law, at least, states the age flag should be set when the account is created, presumably by the controller of the computer, and holds that controller responsible for setting it correctly, and the developer responsible for ensuring it's set and works correctly, at least, that's my reading of it. If it's your computer, that makes you resoonsible for setting your age and that of accounts you create for your children.
and to prove its not actually about safety and instead about control: parents are already responsible for what kids do online and could be charged using existing laws. but… where is the overreach in that?!
Just because they are responsible doesn't mean the have the means to exert their responsibility. Demanding birth-date upon (local) account creation would allow them to better exert that responsiblity.
no it wont. kids get around shit easier than ever especially with luddite parents.
if the gov actually cared they’d take to charging using existing laws.
Parents of current 8-18 year olds are gen X and millenials, who every survey shows are (on average) significantly more tech literate than gen Z and Alpha.
correct. i am a gen x software engineer and I know for a fact my kid who is now 25 would always find ways around firewalls when he was 14 and horned up.
my point is that we have laws already that are perfectly appropriate to the “concern” stated, “child safety.”
any new laws will only give more access to important data to corporations who are known to do bad things with it.
that does not make it worth it. my opinion would change if there was a legit large inrush of charges using exiting laws that then did nothing to help, then one could argue we need more law. but thats just not the case today.
Whilst parents absolutely should be guiding and helping the kids determine where they go online, and what they look at, I'm trying to envision where, or how, parents would be liable for them looking at something inappropriately "adult", barring actual child neglect.
A system like this would actually help parents be more confident that little Johnny wasn't going to stumble across something in appropriate, because, yes, in a way this is about control. It's about controlling what kids are exposed to before they are intellectually ready for it. Yes, there are potentially serious issues around that, such as limiting access to LGBTQ+ or other helpful material for young adults, but that should be a discussion around what information is needed at each age, rather than how to indicate that age.
Age gating on the open internet will happen, I don't see any way that it wont, what matters is how it is implemented. We know that submitting government issued ID to every site with potentially contentious content is a terrible idea; this neatly sidesteps the need for that, and actually forbids it.
for ex: if you let your kid look at porn, in the US, the parents are absolutely liable for various forms of “risk of injury to a child “ laws.
To bring charges under those sorts of laws there's going to have to be some external evidence of harm. Either the kid is acting in a way that causes an agency sufficient concern that they investigate the family, or the government mandate much stricter monitoring of exactly who is doing what online. The former case is unlikely, but should probably be persued vigerously when it does hapoen, and the latter case is something I imagine we all very much want to avoid.
By providing a simple, privacy conscious, way of taking some of the burden of vigilence off of the parents (the child is less likely to stumble on inappropriate material) it makes it easier for them to provide actually beneficial guidance, and reduces the risk of law enforecement getting involved to investigate minor transgressions.
if they are claiming the new laws are for kid safety there must be existing already some external evidence of the need, no?
There's fairly clear evidence at a societal level that access to, for instance, hardcore pornigraphic material is harmful to children, but that is very different to having evidence that a particular child is currently being exposed to it.
putting burden for safety on corps is not a healthy thing.
The burden is still on the parents, but this would actually provide a useful tool for them to address that burden.
Right, so the law is pointless, since there is already a thousand different ways to control what children see on the Internet.
I've responded to your duplicated comnent elsewhere, could we take this thread there to avoid duplication?
So that means that kids can't buy computers?
Can't buy a cheap used raspberry pi or old laptop/desktop in order to set up as a server?
I don't think there would be any difficulty with a kid setting up a computer, as in most juristictions the parents are responsible for their childrens' actions until they are adults themselves. So the oarents would still be responsible for what the kid did with the computer in the same way they often are now.
So then the law is pointless as implemented, since parents can already do this. Which leads to the conclusion that there must be some other motivation
Not really, please see my response to towerful's sibling comment to save me duplicating it.
So these "os reporting age bands" laws are useless then.
Cause either the parents are being responsible, at which point there are many parental tools for network and device control.
Or they aren't being responsible, and the kid can easily bypass it or just buy their own device.
These age band laws basically work in the opposite way to the usual parental controls. Rather than having to install and maintain the control software and having the filtering at the client end of the connection, parents need only set a flag and filtering will occur at the source end of the connection.
Will these laws provide perfect protection that eliminates the need for parental oversight of childrens' internet access? No. Will they help stop kids accidentally stumbling into unsuitable content, reducing harm overall? Yes. As a parent, one of the things I worry about is my kids browsing sites such as youtube. Even if they're using it for research for school projects, I can never be certain it wont prompt them to watch an unsuitable video. With a simple "this user is a child, don't show them anything unsuitable" flag, I wouldn't have to spend so much energy monitoring everything and could spend more energy talking to them about what they're actually watching.
One of the key parts of the Californian law is that if the client machine sends the flag, the service must treat it as authoratative, and should not use other means of checking. That is good news, as it means there is no incentive for sites to integrate more intrusive measures such as third parties scanning givernment issued ID.
because its designed to feed surveillance data to Palintir, which allows governments all over the west to monitor any dissident movements, or relatives of "dissidents" against right wing governments. dont know of any computer system requiring your ID/ or birthday, you can always fake a birthday.
right now the biggest threat to conservative governments is anyone "left" of them.
That's your decision. The rest of us shouldn't be forced into it just because you're to lazy to watch what your kids are doing online. If a website thinks they need to my my age they can ask me and I'll decide if I want to provide it or not. I don't want my OS just handing it out to anyone who asks.
Come on, it's not about tending to a selected group of people, it's about mandating more surveillance. OP has done nothing to deserve this anger
Read his fucking post. He said he wants this so he doesn't have to put in ID every time his kids want to use a new service online. What do you call that if not laziness?
You idiot or brain-damaged? Is OP the person proposing/lobbying the legislation? Read his fucking post yourself, dumbass. He said he'd easily choose the option and asks why it can be a bad thing to do
Doesn't matter if they're the one proposing it, they're arguing in favor of it, that makes them part of the problem. People like that saying "well, this gross invasion of privacy isn't that bad for me" are why we have so much invasive bullshit going on in the first place.
Bullshit. But you are welcome to remain in your bubble, useful idiot that you are
What fucking bubble? Who am I a useful idiot to? People that are against this shit fucking legislation? Good. I'll gladly oppose this garbage at every turn, and anyone who isn't against it can go fuck themselves.
Shut the tuck up already, warrior of the idiocy
not what OOP said. why is this such a trigger for you that basic reading comprehension goes out the door?
Genuine question, what if the only information it hands out is that you are over 18? Would it be different if all it was able to say is you aren't a child?
Because you're going down what they call a slippery slope.
This shouldn't even be a thing. This shouldn't even be a conversation.
We were doing just fine before the Epstein Republicans got their matching orders.
they call it that because it usually is a fallacy
You got the framing question wrong. You should have been asking if age limits should be implemented at all, and then whether the current proposals will work (which they won't), and then whether they cause side damage (which they do).
And then you must understand the key point: once you build these surveillance tools, they will be expanded. You say "only 18" but once the framework is in place, why not add in "credit check" or "gender" or "nationality".
And actually, we already know how the checks are implemented: they involve identifying people specifically. There is actually no way to do "only 18" checks; it is a physical impossibility. You always have to gather more data.
And finally, the basics of individual liberty as well as safe computing involve you choosing what software you want to run on your computer, and that you have control of your machine. For this type of age checking to work, it must take control away from you, the end user. And companies like Windows and OS X love it, because that would destroy the FOSS world.
It changes nothing. This is just to get their foot in the door and when it doesn't work they're going to escalate. I'm not interested in giving them a fucking inch. Big tech collects enough data on us as it is, we don't need to make it easier for them.
They already have a giant list of pedos they aren't dealing with. If they want me to trust their intentions are to protect children they need to start with that.
What is a computer? My microwave has a computer in it. My car. My printer. My smartwatch. My TV. My treadmill. My security cameras. Many many things have little embedded systems running linux. Some are Internet connected, some aren't. This feels terribly invasive for something that allegedly protects kids (doubtful). What if i don't have any kids in my household? Would this have stopped Trump and his friends? How about the government focus on real problems instead of requiring cameras be installed on my toaster and a credit card to be able to watch TV.
Because I don't give a shit what your kids do on the Internet, and there are already plenty of tools for you to curate the experience for them.
As others have said
It has nothing to do with age checking, protecting the children, or security. NOTHING.
That’s one of the main things to me. The argument jumps directly to drivers license / DOB collection, but makes no conclusions about how it would protect children. It is OVERTLY, 100%, about feeding lists of targets to the pedophiles that run the biggest tech companies.
They claim it's to protect the children, when in reality, they will target everyone that DOESN'T have CP on their phones.
Because it has little to do with protecting anyone and is another gross violation of privacy to serve corporate interests.
To be fair, that was mostly because those people are absolute fucking morons who posted videos of themselves and their buddies involved in, or actually committing, crimes.
Wrong technical solution to a made up problem.
Governments have commissioned enough studies to know that education, training, and parental controls filtering content at the receiving end are more effective & less infringing of civil rights than laws imposing restrictions & penalties on website operators to comply with online age verification. Laws could instead allocate resources to promote the former in a major way, setup independent evaluations reporting the effectiveness of child protection technologies to the public, promote standards & the development of better standards in the industry. Laws of the latter kind simply aren't needed & also suffer technical defects.
The most fatal technical defect is they lack enforceability on websites outside their jurisdiction. They're limited to HTTP (or successor). They practically rule out dynamic content (chat, fora) for minors unless that content is dynamically prescreened. Parental control filters lack all these defects, and they don't adversely impact privacy, fundamental rights, and law enforcement.
Governments know better & choose worse, because it's not about promoting the public good, it's about imposing control.
Having a gatekeeper behind what you can use on your own hardware is always bad.
While an international cabal of rich white men participate in a pedophile club run by america/israeli rich white other men, we need to ensure that the youth of today don't prematurely access "racy" pictures. Make it make sense.
Yes.
My conspiracy theory is their end goal is a full database of everyone's children's photos and locations, to they can window shop which of our kids they want to grab and take to Epstein Island 2.0, next.
On the one hand, it is a privacy nightmare.
On the other hand, those laws are so badly written, they will apply to things you would never consider an issue. E.g. a security camera, a router, a NAS. For each of them, the law applies, because they have an OS, they are attached to a network, and they have logins. Think about it, and it basically applies to any network enabled device.
Because parents are responsible for stuff their off-spring does and the government should not be needed to do that.
At the very most, provide tools to help parents (e.g. on device filtering etc. or require companies to provide APIs to facilitate the same goal)
Other than that: Fuck off of my phone.
How is your first reason an argument against OS-level check?
It's not needed, thar's the parents job. Not the OS' job
People keep saying this. Is it not within an operating system's purview to provide parents tools to configure what their kid can do with the system? Have parental controls been out-of-scope for all these OSes this whole time?
Whether it should be government-mandated is one question, but it seems more like this "it's the parent's job, not the OS's" has become a tagline that people just repeat rather than really thinking through it.
Is your expectation then that parents should sit over their kids' shoulder every moment that they access the internet? Are our tools not supposed to make that easier to handle?
I thought that this is what you were getting at here, which is why I asked how this was an argument against values held locally on the device.
People usually repeat it for calls for checks on online platforms, not just within the scope of OS - but its primarily stated because people, quite fairly, don't want to see websites having to shut down, or them losing access entirely, or losing access without handing over private data because of parents inability to control their childs access to the internet.
Sure. I think clearly this thread has been talking about the OS piece specifically. I wholly disagree with having some private company that collects IDs and makes the determination themselves. If instead your browser can just ask your device if you have parental controls enabled, then that removes the privacy concern entirely, as far as I know. Is there an extra data point for browser fingerprinting? Yeah, I guess. But I would also assume that anyone who cares to avoid this fingerprinting is going to not have parental controls enabled.
Essentially, I'm confused why the world gave up so quickly on parental controls (not really confused—the alternative provides more surveillance capability).
But even if it happened purely at the OS level, it would be laughably unenforceable at best.
I can easily imagine a piece of software parents can download, for free, that if installed would basically function akin to a virus on someone's computer - it blacklists much of the internet and is updated and maintained by a company that updates the allowed sites and banned sites regularly. It could not be turned off. If it crashes, is ended by force, it automatically reloads - and any attempts to remove it sends emails or text messages to the owners (the parents) who would know something is up. It could be turned off only by the parent putting in a specific password to disable it, and if they forgot, they would have to phone the company to get it reset.
Any responsible parent would install this on the phones and computers of their kids and it would do everything they need.
One thing I said before is the question of what is the research on this, and how do we know child internet safety is actually a problem? I don't know the statistics on this, and I haven't done much studying on it yet. So I will admit that I have been operating under the premise that this is an issue to begin with. Someone mentioned routers with parental blocks. Aside from being able to easily disconnect from the network (inevitability for kids because it's easy and they have plausible deniability, in my opinion), if child internet safety is currently an issue, then clearly there is something about it that isn't working.
Don't get me wrong, it would still require another component whether that be a requirement for websites to query the OS via the browser, or a database of "bad" websites.
Now, if you want there to be an app that handles this, that's your opinion and I respect that. Personally, I would rather it be built into the OS. Least of all because already-on-your-device is easier than something parents need to research and download on their kids' devices. More significantly, if this kind of capability becomes an expectation for your general usage OSes to have, then that's less incentive for some company to come in and try to capitalize off of it and charge $12.99 per month, and then still have incentive to collect and sell data on which sites are being visited. I mean, you can be reasonably sure that Microsoft is gonna do that too, but that would be another reason to switch to a Linux distro that doesn't do that.
I see the numerous websites having to close down because they can't/won't do the integration.
I mean look at YT.
The stupid COPPA law prevents me from reading funny comments under cartoon intros because youtube couldnt be arsed to prevent kids from using the regular youtube app instead of the "youtube kids" app.
Even some meme clips are barred because youtube thinks they are "for kids" (lmao) (Example. Ironically those videos, when shared, don't have a tracking id in the url and some of the quick access share options like for whatsapp are not available, only the internal share options by the OS)
Another example that grinds my gears on YT:
All of these just because some USA state needed to extend their reach across country borders because they are headquartered there.
Just restrict it to USA-IPs or something. ლ(ಠ益ಠლ)
That:s my primary issue
In a perfect world, I would want APIs and other integrations be made available that will do that and the parent will only need to press a button to allow/deny it.
Not really government mandated but voluntarily by a group that executes the vision of a parent, requested by the government (due to requests by the parental society but not because corps deciding they need/want more controllable elements) and the technical parties (e.g. OS devs) that can integrate the wish.
Unfortunately this will probably be a mandated integration requiring everyone, doesnt matter if a child is existing, to authenticate that they are truly legally able to access the device and/or ressource.
Great, now as a childless person I have to do those things because some were irresponsible and ruined it for everyone :/
I hope I could communicate my issue.
That's my issue too. We're in agreement, but I just wanted to point out that the "it's the parent's job, not the OS's" doesn't communicate that and instead applies a blanket statement that actually undermines what you're saying you want.
The other guy is right when they say it applies to the check existing on the web-level. That is the issue, in my opinion, and I think people are just conflating that issue with the OS value's merit. Having a check at web level is actually what removes the responsibility and capability for parents to parent their children. Having it at the OS level makes it a tool for parents to use. They don't have to set it up, but the idea is that it makes it really easy for parents with zero computer prowess.
Again, should it be government mandated on the OS side? I strongly don't think so. But if anyone has a good solution to not mandate developers to respect the browser's report of the parental controls setting, I'd love to hear it (zero sarcasm, I don't want to have anyone breathing down my neck to implement this stuff either). The best I can think of is to take advantage of AI, but I can see why it could be unsavory. Should the browser itself carry a database of sites it has scanned and then use that to determine whether a site is safe? Should it query a user-owned model that's more customizable for the parent's tastes? Can we get that to run locally for everyone?
Lots of people are about to be born on 01-01-1900. I guess 01-01-2000 works now though. Man, I'm old.
So
What's wrong with it then? By the numbers, it seems everything is wrong with it.
When you go order something from Amazon, you're using about 15-20 computers in a row; probably more. PROVE you have the right. Yes, the server farm you're using to make an order is included, and it's a lot of machines.
Who pays to make sure Ticketmaster server farm is 'used' by age-appropriate customers and the code to check that is installed and maintained? Why, you, of course. The order panel at the burger joint? You, eventually. Toll ticket at Airport Parking? You're gonna love this. Guess what's in your cable box? Guess how often you'll have to have your face scanned just to turn on the TV? TV too. Fancy thermostat? There's a computer Nesting in there. Scan that face, bucko; on the new unit you have to buy because, dude, that and your microwave just became e-waste.
The list is unending. The implementation is shit. The data leak has already been shown with .. discord, right?
Show us your ID, then. Or even just your age. Now your children too.
Don't want to? That's why.
No. As soon as you're sending in your official ID your entire online presence will be tracked to your ID by the government, Google, Meta and the likes. Privacy is totally gone by then...
OS age verification would effectively make some, if not most, linux distributions (or other less-popular operating systems) illegal. Because many linux distributions are made by small team of volunteers. In some cases a linux distribution might be maintained by literally one person. So these people likely do not have the time or money to include something like age verification into the operating system.
That said, there are some technically possible ways where this could be done to reduce the load on developers (perhaps with access codes, and a government maintained database) but the way age verification had is being done right now (face scanning, etc) would be a real headache to implement and quite possibly cost or time prohibitive.
It would be a shame if age verification laws effectively made open source operating systems illegal. It would suck if these laws inadvertently made it legally required that we need to support big tech companies like Apple or Microsoft in order to use a computer.
This is why I consider it regulatory capture in a trench coat.
Including an age flag field in user data on Linux is fairly trivial, and I've seen several proposals for it. Once that's in place it's up to browsers, "app stores", or anything else that needs it to request the data and use it.
The effort from a Linux team here would amount to little more than a "are you 18 yes/no" and there's no way that would be considered good enough down the line if not now.
Yet, with the way the California bill is written, so long as that data was collected at account creation, it would be adaquate.
Sure. For now. But in any case, aren't they legally viable if someone complains?
That's one bit that I do think could do with clarifying. As written resposibility seems to be split between the developer and the controller. From the rest of the bill, it seems like the developer is in the clear if the system functions, and it's down to the computer controller to ensure users are correctly set up.
What would these systems look like? Im curious.
My concern is that, even if these systems are technically possible, the law will settle on using lucky inefficient methods of age verification such as using AI to scan someone’s face.
It one of the reasons I like the way the California bill has been written, it's very clear that you set the flag, or provide a date, and not only makes no mention of verifying it in any way, but also requires that anything using it trusts it and may not perform any other checking. A service using that data is also explicitly not liable if it's wrong, so they have no insentive check any further.
It is, obviously, possibly that laws will change in future, but it seems to me that having something like this in place actually makes it harder to implement anything more intrusive later.
Yeah I’ve heard of similar systems in Europe. It’s similar to two factor authentication. Hopefully something like this could also screen out bots, making influence campaigns more difficult. But regardless, however its implemented I hope it will be easy for not-for-profit operating systems (such as linux distros) to operate
Tools should be provided if you want to do that but shouldn't be standard. People should have freedom of choice on how to use their own property, in terms of computers, and how they manage/raise their children.
This is a bad idea for privacy: Slippery Slope. @[email protected] has explained this perfectly. It also gives you more data that you can use to fingerprint your users. 1 new data point that might enable better targeting and deanonymization
This is also a bad idea for security: The mere presence of this signal exists allows it to be used for nefarious purposes, such as giving u-18 or u-21 signal to enter "protected space".
This is also a bad idea for the non mega corps. It allows the platforms (like FB, YT, Twitch, etc.) to throw away their moderation teams and ask for OS level fixes because of the age reporting mechanism worked, then this would have never happened.
Because I should not have to. Im fine with them selling specially child computers that are listed as under 18 you can buy for your kids but I don't want that crap on mine.
It's a slippery slope and also regulatory capture as the only ones with the means to actually pull this off are the Big Tech companies.
There is a difference between providing the capability, and requiring that capability.
Under this law, something as simple as sharing a Google Drive could make you an "app store" and potentially liable for penalties.
These laws are specifically designed to be broadly interpreted. We have no idea just how widely the nets will be cast, either tomorrow, or 10 years from now. It is prudent to assume the absolute worst case.
How can you provide the capability for parents to keep their children off inappropriate websites if you don't require that sites adhere to a conduct?
(I'm simply asking why this makes it an inherently bad solution—not suggesting that there aren't better solutions.)
Parents, schools, employers, and governments, already use content controls to restrict users from accessing undesirable sites and services on the internet.
Searching the terms "content blocking" or "parental controls" will get you lists of apps and services doing just that.
Parents already have the capability. This law doesn't provide any additional capability for parents to parent their kids. This law seeks, instead, to remove the power and responsibility of parenting from the parents, and assign it to pornographers. They want the operators of adult websites around the world to be the ones determining whether or not to provide content to their kids.
What this law actually does is provide a means for a website to determine whether an adult or a child is trying to access their content, and to use that information to decide what content to provide. The thinking is that a respectable services like Netflix will be able to decide to provide only age-appropriate content, blocking kids from adult content.
However, that also means that services like "KidGroomer dot com" will be able to provide different content to adults than it does to children. To an adult, they can portray themselves as a site that provides information on how to protect kids from grooming. But when a kid visits, this law lets the site know it is a kid. The site can now show them kid-targeted content, like how to get in contact with the nearest candy-giving stranger.
Perhaps we don't actually want a website to be able to determine whether there is a kid on the other side of the screen.
If they can. They will. Eventually.
Look at the data selling on car data.
The issue with "children" local accounts (assuming they ever remained 100% local anyway) is that for it to be effective, you would have to control who install the OS for it to be effective.
I have been managing my own OS install since I was a teen, so I could have just created an adult account for me. But, okay, you could say that you could just regularly check your child hasn't reinstalled the machine.
Well, see, they could just install a Virtual Machine. There is plenty of Virtual Machine software out there, and then we're back at whoever installs it being responsible for filling in that information. And Virtual Machines are very useful for a bunch of things: from running software not made for your hardware (see Android emulators, WSL), to being safer around dodgy software.
You could counter that by not letting them install things with your permissions... but there are portable versions of software that people make for a bunch of reasons which don't recall an installation. And I am not talking about hypotheticals: back when I was in school people would carry portable versions of games in USB sticks to copy around school machines so they could play video games during IT class.
Never mind that it means that whenever they want to install something, they will poke you about it, and now you're on the hook for reviewing that. Which you should already be doing because you care about what your child does and they don't have the years of experience to not break their OS.
But if you are doing that, why not use proper parental control software that let's you have much finer-grained control over what they can see or not online, along with other controls around how much time they can spend on the machine and a few nicer things?
Kids also get alcohol from their older siblings. It doesnt have to be 100% effective to still make a massive impact on children. Plus, kids these days could learn a thing or two about computers. Maybe byspassing restrictions will give them motivation to learn
It's techno-fascism
most homes don't run their computers in multi-user mode. Even when they do most kids will learn the admin password because parents don't select good passwords.
Kids are not stupid. Even if some are, there are many kids in school and so any bypass will spread kid to kid fast. For each of the following reread this paraghraph to remind yourself all kids will know this.
kids can install linux /bsd on a raspberry pi or old/cheap computer - this is something I want to encourage. that of course means they are root and can claim whatever age. They can likewise do it in a vm.
if there is any security flaw kids can use it to change their age.
many programs will not check when they should. Kids will install/use these instead. this is a likely exploit vector of actors (in foriegn counties) that target kids - release a new program that does what the kids wants while also doing what they want. (Websites have done bitcoin in javascript while you read them)
who will check? onlyfans probably will, but small web sites spring up all the time, and they won't bother - many are already illegal (either copyright or illegal content).
Meanwhile many programs that we want kids to use won't bother to check. why would things autocad check - they target professionals but kids can use them and may even have to.
the above is not a complete list!
Age is useful for 'buy cigerettes' that is illegal for kids in some way.
However most of what parents care about isn't automatically bad and I know plenty of panents who are frusterated because we can't controll things how we need to without being a helicopter parent (bad). Playing video games is fine in moderation - AFTER YOUR HOMEWORK IS DONE - but we don't get an easy way to enforce that. My teens are old enough to stay home alone and do homework - but they will not do their homework when they can do something else (this problem has been around since school)
my kids phones have parental controls that I turn on. However they lack a way to enforce homework vs play vs sleep time. There is likely more, this is just what frusterated me yesterday. some things are not gated - my kids have got up at 3am, and connected their school device (under school control not me) to their phone hotspot (turned on who knows when - I can't block that at all) to play a game that the school will block next week when they figure out it is one kids are playing but they shouldn't.
people are proposing age verification because they have no idea what else they can do and are frusterated at how bad things are.
What would you say if, to be allowed to open your fridge (the one you own and purchased with your money) in order to pick something to eat out of it, you were required to make a blood test (say through some mechanism included in the door handle) to prove that you don't have any serious disease preventing you from, say, eating a slice of that delicious cake, or whatever?
The idea might not be completely stupid (one with some serious disease should not not eat what can harm them) but the implementation is not right. It's considering 100% of the population as suspects by default; just because they exist and have a fridge.
Replace 'fridge' with computer, 'cake' with online content, and 'disease' with 'being a minor'. That's how sad that is.
let's follow the argument this is to protect children: why does is seem like a good idea to let everybody on the internet know what age your child is?
so if it is not to protect the children, what else could it be?
I don't want the device I own to enforce laws that I don't get a say on.
Is it my device or am I renting it?
Should all cars have breathalyzers installed by default?
Yes!
But should all cars have a reader for your government ID and drivers license and immediately log every use of your car to $authority?
The issue in general is that there is no organization that can be trusted to verify the age, but not find a way to leverage that into gathering some info about the child and selling it.
That aside. Age is mostly meaningless. Everyone matures at different rates. The difference in rate between girls and boys results in effectively several years meaningful difference. Like a 10 year old female muturity is more similar to a 13 years old boy than a 10 year old boy. And 18 is just an arbitrary number that happens to coincide with finishing high school. And has no actual association to maturity. This is why car rental places won't rent to under 21s most of the time. Some hotels won't let you have a room until 25. So trying to decide what content should be available based on age is pointless. And they know that. So they aren't tryi g to protect anyone. They are trying to extract information they can sell.
Well, the problem is less setting up the birthdate and more whether the birthdate needs to be verified.
Plenty of OSs already query for a birthdate, particularly on gaming devices. And yes, they will provide age-based protections already.
The question is, does the parent/account creator need to enter an accurate birthdate or not, and how does the system know?
If they don't, then whatever, it's the same self-declaration we already have all over the Internet. No biggie. Everybody was born in 1901 and we're all chill about it. It still makes for an absurd situation where you HAVE to have a personal profile for every user on every computer, which a ton of computers aren't expecting, so it's still dumb on top of being useless, but it's a solvable problem.
If they do, then you know have one of the biggest cryptographic and data management challenges in computing history. How do you have every single device across the entire planet interface with every single piece of software and server to authenticate a piece of personal data and safely store it so you don't have to constantly re-check? It's insane. Plus it removes a parent's ability to enable their children to engage with content at whatever speed they see fit. And there are potentially different regulations in different areas, where both the server and user location may change the required behavior, so the whole thing is an absolute mess from the concept up.
Because it will only be a simple birthdate until they decide to use those laws to go even further.
OS defined does seem the best way, but I would prefer it wasn't legislated. The people writing these rules have no clue about the real world, so they end up doing stupid things.
Just because one option is better than another, doesn't mean it's good.
OS level age check applies to everyone, not just children. Some legislations require strong age checking, which means you need to send some identification to some service. You won't be able to know how the information is handled, for how long it's stored and for what purposes it's used beside age checking. And because this applies to everyone, and is required to be able to use your computer, everything you do with your computer and phone is tied to your user account, and as such to you as an individual and identifiable human being.
Some of these legislations uses age ranges, and the OS is required to inform applications, and such, whether the user is, for example, below 13 years old, or 13 to 16 years old, etc. Consider this simple scenario: Some user uses some application, and the OS reports the user's age as below 13. The user uses the same app the next day, but now the OS reports the user's age as 13 to 16 years old. Can you figure out the user's exact birthday and age? If that application is part of some kind of larger network of advertisers and whatnots, they will now forever know the user's exact age without the OS reporting anything else.
These can also be used to make some software illegal, especially free and open source software. If you can replace Windows with Linux, Photoshop with Gimp, etc. it hurts the bottom line of those companies. Those companies can't prevent you from using the open source alternative, but it would be in their interest if those pieces of software becomes illegal to use and distribute. If age checking functionality is added to some open source software, the age checking can simply be removed by the user. You only need to correctly form the age checking law and that entire software is now illegal, and must be removed from the internet.
While the intention of these laws might to be to protect children, they cause too much harm for little good. The age checking can be circumvented in some situations, meaning the children aren't protected. And the entire thing is a huge privacy mess (data leaks, etc.) for every single computer user.
and to prove its not actually about safety and instead about control: parents are already responsible for what kids do online and could be charged using existing laws. but… where is the overreach in that?!
Lots of the criticisms will eventually start sounding like seatbelt law opponents. Lots of “it should be optional, if you want to do it that’s fine but don’t force me to, I feel safer without it, it’s each individual’s responsibility and shouldn’t be mandated, etc” types of arguments.
The problem with the current implementation is that it isn’t done privately. There are several ways to do secure and private age verifications, where your device never passes your browsing history off to the government, and the individual sites never get your personal info. But lawmakers have been lobbied by companies who want to insert themselves as the age verifiers to skim your data. So the current laws being passed are written in such a way that they’ll result in massive privacy violations.
If opponents truly wanted to prevent privacy violations, they would be devising ways to get lawmakers on board with secure age verification. That way the laws would actually reflect best practices, and wouldn’t just result in less privacy. But they’re still trapped in the knee jerk “but my privacy” reactions, which shuts down any further discussion and leaves the door wide open for lobbyists to write and pass whatever legislation they want.
Are we sure parental control methods were proven to be fundamentally inadequate for the situation? There's no bulletproof security method to guard this data, so the discussion is about weighing privacy loss vs child safety, against existing methods (or improving other methods). Also the choice to set the age is in the hands of the parent, so I don't see the benefit besides enabling the kid to choose app in a more self served manner (which you probably don't want to allow).
Seatbelts are there because it's obvious you're not in control of other drivers, even if your car has all the safety controls. The downsides are minuscule in comparison to the privacy discussion, in my opinion.
It's not just a privacy issue. Regulatory capture is a problem too. It encumbers small services to the point where they can't afford to exist, and the only winners are the walled gardens. And it's also logistically an impossible thing to attempt to regulate at scale.
That isn't a problem with proper implementation. Not that it will be done properly, just that it can be done properly
Trying to get every site that offers mixed content, or could do so to implement recognition of all of this is herding cats. It's completely impossible without a walled internet. Moreover, there's just no way a OS asking if you're 18 is going to be accepted. It just isn't. The expectation will be that they verify your age properly.
The goal isnt to herd every single cat. Just get the bulk of them. That's how existing age regulation works. Alcohol age limit doesn't stop underage drinking, but it does substantially reduce it. With that in mind, there are privacy respecting solutions that will do what needs to be done
I doubt you would even get "the bulk of them". Again, people are saying "it's just a yes/no tickbox bro". For now. You cannot be naive enough to think it won't change. And the absurdity of it too. Forcing something someone may program for fun to have a specific feature.
I do expect it to change. I expect it to be standardized with zero knowledge proofs. If I am avle to communicate with you on a random internet forum from anywhere in the world using standardized protocols, we can get private and secure "I am 18+" verification. It may initially start with proving it in some form or another, but if done correctly you would essentialy have a private key that certifies you are over X age. The company would know nothing about you, other than you are not a child. I have extremely simplified it, but it is possible.
Many OS here aren't made by companies. They can all easily just be forked and edited to immediately wave people through any hypothetical age checks, moreover any website could just ignore it and wave everyone through.
This is highjacking the narrative
Is it though? I’ve been saying for a while that direct device verification is the way to go. It would allow for systems that maintain privacy, while also allowing lawmakers to say they’re protecting kids (and enabling parental controls by default, which is important when many are basically tech illiterate). But that wouldn’t help the big tech companies harvest your data, which is why they haven’t lobbied for it. Instead, lawmakers have been pushing the worst form of age verification, which requires all kinds of privacy violations every time you want to jork it.
If lawmakers feel like they need to say their protecting the kids and this is their answer, then we know they're phony.
Well written, but I disagree, because "get out of my backyard". It is clear as day that the goal of this legislation is not taking care of children, helping parents or anything else worthwhile. So nah, in a well-functioning society this would be immediately put down with "get the fuck out with this hypocrisy" note
Its the principle for me
What I'm really confused about is how are we going to confirm at account creation that the age is correct? Or that the person using the computer is who the account is for?
Slightly off topic, but I used DansGuardian when my kids were young. Works great.
Imagine a hacker who’s also coincidently a pedo Now we all know hackers can easily coincidently access webcams Now we all know atleast a few kids with laptops or computers left on quite a lot, note with a convenient little flag telling everyone online they’re underaged Now we all know companies are corrupt and target children (look at any cartoon channel there’s so many toy ads!) Little Timmy wants the 99$ toy that everyone has because marketing is making him develop fomo!
It will start with age and that’s pretty bad but who’s to say it will stop there? This isn’t actually about children (while it will put them into some pretty big risks) it’s actually about more control of the population. More control to companies to advertise and push their products to you and to transfer wealth even faster than before. They want no anons they want your every thought. It’ll start with your age and in the end you’re social security.
If they say they're doing something "to protect the children," you know it's some truly heinous shit.
I don't necessarily have an issue with that - as long as it can truly be done in a way where the only information the platform gets about me is whether I'm of age (they don't even need to know my exact age). But I don't have faith that it can actually be done like that, and I see it as a slippery slope toward even more surveillance.
They can have one bit. I'm ok with one bit.
As soon as they ask for a byte, they are gathering too much information about me.
I can accept that this is a significant issue, and if knowing that I'm an adult is required for certain online activities, I'll go along, but we all know damned well this will creep.
What ever elements need to verify who I am stay private client side, and they can have a single flag that verifies I'm what I claim to be.
It can be done like that, but then it'd be (trivially) fake-able by anyone with root permissions on their own computer. But then, my point is that kids shouldn't be root of their computers, so let's just parents vouch for children's age, and leave everything more complicated out.
From what I understood, the rules (in California?) would be : a) Every operating system provider must collect the user’s age or date of birth during the initial account setup process. b) The OS must classify the user into one of the four defined age brackets: under 13 years old, 13–15 years old, 16–17 years old, or 18 years and older. c) This information must be made available to application developers through a real-time API as soon as an application is launched or downloaded.
Unless I've missed something, I could definitely live with that. I haven't seen anything more acceptable when it comes to age verification. Point a) doesn't need to prove age or date of birth.
Now there is a small issue that came to my mind since my first post, which might be quite problematic : if ANY website is able to tell whether ANY user is a child, it'll be as easy to keep children out of certain sites that it'll be easy to keep adults out of others.
Imagine a bulletin board with highly disturbing/predatory content which would ONLY show to kids? Whenever mom or dad checks, website is all normal. And that would be real bad, probably worse than our current, no age verified situation.
So you're ok about your official ID being broadcast everywhere you go on the internet? Every step you take can be tracked by the government, google, Meta and more? No more fucking privacy what so ever?
Yes. That's exactly what I'm saying.
and to prove its not actually about safety and instead about control: parents are already responsible for what kids do online and could be charged using existing laws. but… where is the overreach in that?!