Rendered at 10:43:07 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
Slow_Hand 3 days ago [-]
If I’m not mistaken, Meta has been lobbying heavily for all of these age-verification bills lately.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
mgfist 3 days ago [-]
It should be externalized to a degree. Facebook shouldn't be the ones verifying age, but there should be a trusted 3rd party service that does that, which just tells facebook "yes this user is old enough to use your service" or "no they're not old enough".
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
pianoben 3 days ago [-]
Or, and hear me out, _maybe our computers shouldn't spy on us in the first place_?
xtiansimon 2 days ago [-]
Once you force OS to communicate data about the user, here we’re talking age, is it a slippery slope? Once the architecture is created, why not put other things about you in there?
Dylan16807 3 days ago [-]
So which situation do you want instead of anonymous age verification:
A) 18+ content is behind a pinky swear
B) 18+ content is behind a parental control (what this bill would do)
C) The internet can't have 18+ content anymore
D) Some other system? Please describe it.
ekidd 3 days ago [-]
(A), honestly.
You might think you can keep 16 year olds from looking at porn, if they want to. You can't. You have never been able to. All you can do is teach them that the law is stupid and pointless, and they should treat rules with contempt. But they'll still be able to look at porn.
What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
Spartan-S63 3 days ago [-]
Yeah, I agree with this. I think age-related content moderation is a losing fight and one that will create more contempt for laws, more surveillance, and much more PII surface area that will be exploited.
There are really two "core" issues at play:
1. The prudish nature of US society
2. The fact that we don't have data privacy laws and restrictions on digital surveillance by private companies
genthree 2 days ago [-]
Sixteen year olds? Sure, mysterious Forest Porn and the older brother who'd give you skin mags have always existed. And Cinemax at night, catching the odd frame that somehow gets thought the scrambler. Whatever.
But we can't realize all the supposed glorious promise of all this tech bullcrap for education and free exploration of younger kids if we can't at least come pretty damn close to guaranteeing that an eight-year-old won't stumble on Rotten.com or hardcore porn if an adult isn't looking over their shoulder constantly. And whatever that solution is needs to work for parents who don't have the know-how or time to be sysadmins for their household.
rythmshifter 1 days ago [-]
I’m still trying to figure out why mysterious forest porn was a thing. I definitely encountered it.
Dylan16807 3 days ago [-]
I'm not overly concerned with 16 year olds. But the tools for protecting younger children suck. A consistent account setting and header would do a lot to improve parental controls.
> What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
This is already happening. A central setting would improve privacy over the way things are right now.
marcus_holmes 2 days ago [-]
> A central setting would improve privacy over the way things are right now.
What? How? What improvement are you seeing that I'm not?
Putting all our PII into one huge repository and then letting corps and govts access it sounds like a dystopian nightmare. This is why we don't like Palantir.
What happens if a bad guy steals that data and your identity? They go and look at CSAM using your ID? The police turn up at your door and cart you off to prison? Are you really going to be able to argue that it wasn't you? If so, what is the point of the system? If we're relying on IP addresses and other evidence for access (so you can fight these charges) can't we just use them in the first place?
Dylan16807 2 days ago [-]
I don't know what you're talking about, but it's not what this kind of bill is about.
This kind of bill is about the OS telling things whether you're: 0-12, 13-15, 16-17, 18+
No databases, no stealable identity, only the barest sliver of 2 bits of PII.
As for how it's an improvement, we already have sites asking to see your driver's license or pictures of your face for much worse age verification paradigms. If most of those changed to a local age setting, privacy would go up.
marcus_holmes 2 days ago [-]
How does the OS know that you moved from the "13-15" bracket to the "16-17" bracket without knowing your DoB?
And this is the thin edge. Because in a few years there'll be a bill saying something like "too many children are lying about their age online. We need to verify their age" and then we're capturing IDs and storing them somewhere.
ThatPlayer 2 days ago [-]
> How does the OS know that you moved from the "13-15" bracket to the "16-17" bracket without knowing your DoB?
No one says it has to be automatic. The OS could require the parent to manually update it.
godelski 1 days ago [-]
> The OS could require the parent to manually update it.
How is their age verified?
At some point one of two things is required:
1) A promise that the user is a certain age
- Which puts us exactly where we are
2) Official identification is used to verify age
- Which creates a PII nightmare
That's it. There's only those two options. You may not believe #2 is going to be a privacy nightmare but we're already seeing it happen with Discord/OpenAI/LinkedIn and everyone else that uses Persona[1]. They aren't doing the minimal security things and already aren't doing what they claimed (processed on device, then deleted). This "hack" couldn't happen if that was true
The difference here is it can be set by the parent on the OS and locked. Requiring sudo equivalent to change.
The way it is now, there's nothing stopping a (18-) user from logging out of a 'parental control enabled' account and making a new account without those controls on any service from Facebook to Steam. So the only effective option at that point is to entirely block that app or service.
This gives more power to parental control software. And yeah moves the responsibility from the service to the parents, which is what the services want cuz COPPA and other similar laws.
godelski 1 days ago [-]
That doesn't change anything I said.
But you do bring up another issue people aren't discussing. That the default setting is under 18.
So we protect the children from adults by... having no way to actually verify someone is a child?
The problem is less kids getting access to porn and more pedos getting accounts to spaces designed for children. Places like Club Penguin or very famously Roblox.
Here's the problem, you can't verify children. They don't have identification in the same way adults do. And worse, if we gave them that then it only makes them more vulnerable!
Then we have the whole problem of a global internet. VPN usage is already skyrocketing to circumvent these policies.
So the only real "solution" to this is global identification systems where essentially everyone is carrying around some dystopian FIDO key (definitely your phone) that has all your personal information on it and you sign every device you touch. Because everything from your fridge to your car is connected to the Internet.
But that's a cure worse than the poison. I mean what the fuck happens to IOT devices? Do we just not allow them on the internet? That they're assumed 18+? So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies. That information spread like wildfire and you bet it got easier as the smarter kids put in the legwork.
This is a losing battle. It's not a cat and mouse game it's While E Coyote vs Road Runner.
We're on HN FFS. If there's anywhere on the Internet that the average user is going to understand how impossible this is it should be here. We haven't even talked about hacking! And yes, teenage script kiddies do exist.
These policies don't protect kids, they endanger them. On top of that they endanger the rest of us. Seriously, just try to work it out. Try to create a solution and then actually try to defeat your solution. Don't be fucking Don Quixote.
Dylan16807 1 days ago [-]
> But you do bring up another issue people aren't discussing. That the default setting is under 18.
Some things do that. This law doesn't have a default. If the admin sets all the user accounts to 18+, then the users are stuck with the setting being 18+.
> I mean what the fuck happens to IOT devices? Do we just not allow them on the internet?
Sounds pretty good to me.
But yeah they need a different handling of some manner. Maybe a "give no access to anything age-gated" category, though is that really different from under-13 in practice?
> So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies.
Just delaying unrestricted access to high school would already solve most of the problem.
> These policies don't protect kids, they endanger them. On top of that they endanger the rest of us.
They do not. Some totally different system could endanger people, but this one doesn't.
godelski 12 hours ago [-]
> Some things do that.
I think you're missing the point...
> Sounds pretty good to me
Really? Be a bit more serious now. There are a lot of things that connect to the internet, and not just for stupid data harvesting reasons. I gave other examples. I think you can understand that this gets pretty hairy pretty quickly. If you don't, then dig in deeper to how the networking is done. You're an older account so I'm assuming you actually understand computers.
> They do not.
They definitely do. I explicitly stated how that happens too. If you want me to take you seriously you have to respond with something better than "trust me bro".
There is no evidence that these companies are actually handling that data properly. There is a lot of evidence that they are handling it improperly. That data being leaked does in fact, endanger kids.
I'm also unconvinced these things even achieve the goals they claim to be after. Which is keeping pedos away from kids. i.e. the reason I said you're missing the point. So either it is not achieving that goal, or lulling people into a false sense of security. Imagine if Roblox was saying "we don't allow adults on the platform" and so now all the tech illiterate parents and kids think their kids are exclusively talking to other kids. That's just a worse situation than now.
So what do these laws even solve?! I'm serious
Dylan16807 12 hours ago [-]
> Be a bit more serious now.
The serious answer is in the next line.
> They definitely do. I explicitly stated how that happens too. [...] data being leaked
Again "Some totally different system could endanger people, but this one doesn't."
Any system that has companies handling personal data and able to leak it is not the system this kind of law talks about.
> false sense of security. Imagine if Roblox was saying
In that situation, Roblox is the problem, not the law.
> So what do these laws even solve?! I'm serious
If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.
It wouldn't replace direct checks from the parent on what their kids are doing, but it would greatly reduce the risk profile. And making it simple and built-in means that non-tech-expert parents can set it.
godelski 5 hours ago [-]
>> Be a bit more serious now.
> The serious answer is in the next line.
> ...
> Again "Some totally different system could endanger people, but this one doesn't."
>> If you want me to take you seriously you have to respond with something better than "trust me bro".
I do have a hard time taking you seriously
> If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.
HOW
mittensc 2 days ago [-]
So the kid boots up linux off a USB stick and makes it all pointless
watwut 2 days ago [-]
Overwhelming majority of kids wont. The idea that the average teenager even knows what those words mean is not realistic.
mittensc 31 minutes ago [-]
kids would have time and motivation... they will learn pretty fast
marcus_holmes 1 days ago [-]
Heard exactly the same thing about VPN use (kids won't know how to set up a VPN). Then Australia age verification kicked in, and VPN use went through the roof [0]
And, of course, the response so far has included similar thoughts as the UK about banning VPNs [1]
They may not, but the friend selling porn sticks at school does.
Dylan16807 2 days ago [-]
> How does the OS know that you moved from the "13-15" bracket to the "16-17" bracket without knowing your DoB?
The OS has the birth date. Of probably 1-5 people.
> And this is the thin edge. Because in a few years there'll be a bill saying something like "too many children are lying about their age online. We need to verify their age" and then we're capturing IDs and storing them somewhere.
Those things are already happening. I see this kind of mechanism as significantly more of an alternative to privacy invasion than an enabler of privacy invasion.
marcus_holmes 2 days ago [-]
Requiring the central database is the scary part.
The political establishment used to be able to control what you read, through control of the media. Then 1995 happened and everyone got access to anything they wanted. The establishment have wanted to put that genie back in the bottle ever since. This is part of that effort.
Dylan16807 2 days ago [-]
> Requiring the central database is the scary part.
Yes, agreed.
And this type of proposal has no central database, so it removes the scary part.
(Unless you're talking about the local accounts on each computer storing dates of birth for a single household as a "central database" in which case you're being ridiculous and please stop doing that.)
gspetr 3 days ago [-]
A), which is the status quo. I don't see any other option as realistic.
B) makes things worse in several ways, but primarily by stifling innovation. Only large incumbents will have no trouble paying for the measures required to ensure compliance.
There's also the cost of enforcement, which will likely have to be borne by the taxpayers. I don't think this is a good thing to spend money on.
C) cannot be enforced, and any good faith attempts will cost more than the damage from harm they're supposed to prevent.
Dylan16807 3 days ago [-]
Option A isn't really the status quo. The status quo has a bunch of sites doing invasive checks and other sites region blocking users.
> Only large incumbents will have no trouble paying for the measures required to ensure compliance.
Oh my gawwwwwd. People trot this out any time any regulation is mentioned. Option B is a single easily accessible age category value. It's simpler than the status quo.
fn-mote 3 days ago [-]
> Option B is […] simpler than the status quo.
This bill FORBIDS platforms from operating in the state unless they provide age verification.
Forbid an OS for operating in Illinois? Sounds insane to me. When I bring my Linux laptop from California, what happens?
Dylan16807 3 days ago [-]
I'm not really focused on the exact wording of this bill. But mandating distros have a useradd and glibc with an extra couple functions is not a significant burden.
marcus_holmes 2 days ago [-]
So... a pinky swear then, right?
I mean, how is the OS going to actually verify the age of the operator?
I see how this helps Facebook - if you lie to the OS, and the OS tells Facebook that you're over 18, then it's not Facebook's fault if they provide you an 18+ service.
I don't see how this helps anyone else.
Dylan16807 2 days ago [-]
It's set by the administrator of the computer, so a parent can set it for their child instead of hoping their child is honest to every single individual site.
That's the difference between a parental control and a pinky swear.
marcus_holmes 2 days ago [-]
The thing we want (well, that other people want, I have other views) is that large tech companies are not able to brainwash kids.
The thing this creates is liability on parents, or schools, or anyone who provides computer access to children. And access to PII for bad guys (who can ask your computer for your date of birth in this proposal, right?)
Dylan16807 2 days ago [-]
> The thing we want (well, that other people want, I have other views) is that large tech companies are not able to brainwash kids.
That has little connection with this law.
And having no age settings at all is where you'll have the most brainwashing.
> The thing this creates is liability on parents, or schools, or anyone who provides computer access to children. And access to PII for bad guys (who can ask your computer for your date of birth in this proposal, right?)
They're already responsible for controlling that. I think they should have more tools to help.
> And access to PII for bad guys (who can ask your computer for your date of birth in this proposal, right?)
Did you look at the law(s)? They get one of four age ranges.
nickitolas 2 days ago [-]
I have no experience with minors using Linux. Do they not typically have sudo access?
cesarb 2 days ago [-]
> It's set by the administrator of the computer, so a parent can set it for their child instead of hoping their child is honest to every single individual site.
You are assuming the parent is the administrator of the computer.
Dylan16807 2 days ago [-]
I am not assuming that. That's why it's a "can". Parental controls are always "can".
mittensc 2 days ago [-]
so the kid boots linux off a usb stick and makes this pointless
sgarland 2 days ago [-]
I hope the number of downvotes you’re receiving makes you consider the absurdity of your suggestion.
Have you seen distrowatch? Are you going to go track down maintainers from every distro - many of whom live outside of the U.S. - and demand they implement this? The smaller ones would probably ignore you or tell you to get fucked, the larger ones with funding might decide to drag you into court.
roenxi 3 days ago [-]
Does "the government doesn't get to decide what people can look at on the internet" count as C or D to you? It is the situation we've been in technically for 20 years now anyway; the world hasn't ended and it generally seems to be pretty workable. The status quo isn't an especially radical one.
fcarraldo 2 days ago [-]
20 years ago was only 2006. The internet has been around for much longer. The first consumer focused ISPs launched in the early 90’s, 35 years ago, but CompuServe and others were providing access to chat and BBS’s in the 80s.
I’d say nearly 50 years is precedent enough that government intervention is unnecessary.
roenxi 2 days ago [-]
Yeah but most people weren't on the internet access in the early 90s. It is more a 2005+ phenomenon.
What about every other system where we rely on parents to parent?
Kids can turn apple juice into wine in their closet
they can drive their bicycle to a drug dealer
they can rub a butter knife against the sidewalk until it's pointy
Do we need govt AI cameras in kids closets and on their bicycles? How do we verify they're cycling somewhere safe? How do we make sure they're not getting shitfaced on bootleg hooch they made with bakers yeast and a latex glove?
Dylan16807 2 days ago [-]
This is more like a store being able to see their age just by looking at them, and make restrictions because of that. We don't rely on parents to prevent a 10 year old from going into a bar.
card_zero 2 days ago [-]
Which, unlike this, does not create issues, since the bar is a place staffed by people, employed to serve drinks, who can reasonably be required to look at their customers, while an operating system is some software, perhaps written by an enthusiast, which cannot reasonably be required to inspect its users.
2postsperday 2 days ago [-]
[flagged]
matheusmoreira 2 days ago [-]
D) Parents take sole responsibility for this.
array_key_first 2 days ago [-]
C and D, combined. New internet for kids-only. This internet would be WHITELIST only. We would not be wack-a-mole trying to catch porn sites (sigh...)
Rather, companies would have to submit a formal proposal to get their website listed on Kid Internet. This inverts the responsibility. It's not my cost, or your cost, it's their cost now. If they want kids, they better prove it.
Then, you can trivially configure your router or any computer, with any operating system, to use the Kid Internet DNS. It's now completely operating system and device agnostic. It can be organizational wide with the flick of a switch. It can be global, if we want.
The proposal we're seeing here is bad, bad, bad. Not just for privacy reasons, but because it will not work. Not might, will. This will not work. For many reasons:
1. Most operating systems are not going to implement some stupid ass bullshit.
2. Most websites do not give a single fuck. Porn websites will not care. Trying to play wack-a-mole is ALWAYS a losing game, no exceptions.
3. This is trivial to bypass.
4. If it's not trivial to bypass, it still will not work, but it will now be the end of computing as we know it.
marcus_holmes 2 days ago [-]
So we have some kind of control to stop your router from connecting to Adult Internet DNS? Because the difficult bit here is not allowing connections to the Kid Internet, but stopping connections to the Adult Internet.
How do we decide what sites resolve as part of the Kid Internet? Is there some process where a site submits itself for approval to be part of the Adult Internet?
How do we stop the government from using this to stop access to parts of the internet it doesn't like?
This proposal looks even less workable
array_key_first 2 days ago [-]
> So we have some kind of control to stop your router from connecting to Adult Internet DNS?
Yes, all routers currently have this built-in. Most software outside of routers does, too.
Will it be perfect? No. But, for example, this is how content filters work at schools and just about every workplace. And it seems to be good enough for them.
And, this will work better than that. Because the key point is we're not blacklisting anything. Nobody has to maintain a list of banned websites.
> How do we decide what sites resolve as part of the Kid Internet?
Companies or people send an application. The website is reviewed by a human, and they get approved or denied. If you don't care to target kids, which most people don't, you do nothing.
So I don't have to do anything, nor do you. But Meta does. Google does. I'm fine with that.
And, this "board" or whatever who hands out Kid-Friendly certificates can also take complaints. Why not?
> Is there some process where a site submits itself for approval to be part of the Adult Internet?
No, this it the beauty of it. If you want to be a part of adult internet, you do nothing. You already are.
Every website is implicitly adult internet, and it naturally completely subsumes kid internet. So, if you're just making a blog or whatever, nothing changes. In fact, you don't have to update anything from right now. It will all still work. Because Kid Internet is new thing, and it's whitelist only.
> How do we stop the government from using this to stop access to parts of the internet it doesn't like?
Related to above, adult internet is what we currently have. Nothing changes. You and I won't notice, and we can't notice. There will be the free-range internet, and then the subset of the internet approved for kids.
MidnightRider39 2 days ago [-]
> content filters work at schools
Maybe they are vastly more sophisticated now but when I was a kid it was a sport for us to break these filters - and pretty easy too
It would imo be much easier to effect a culture change so that not every kid needs or gets access to the internet or internet capable devices.
array_key_first 2 days ago [-]
Yes, they are more sophisticated, or at least I'm assuming from how pi-hole and my workplace blocking works. Meaning, it works.
But those are not the best solutions, because of blacklisting. There are basically infinite porn websites. So, if you're going to try to block every porn website, you will lose, point blank.
So, even considering that, they do quite good. So if we just take the principle and invert it, it will be very good.
I mean, whitelisting vs blacklisting is why I am able to open my computer up to the internet via SSH. I'm not out here blocking 1 billion sites. No, I'm just allowing my laptop. And that gives me a lot of confidence, and it works.
And, I agree with culture change. But, culture change is very hard and I don't think it's something we can rely on.
marcus_holmes 2 days ago [-]
So, you whitelist Kid Internet sites, and you have a DNS server that handles Kid Internet.
And everything else is Adult Internet, and there are many DNS servers that serve Adult Internet.
You sign your household router up for Kid Internet, and it ignores Adult DNS servers, and only routes according to Kid DNS, is that right?
I can think of about 50 ways around this already, but let's assume we're not talking about anyone with any knowledge of how the internet works. So the entire household is signed up for Kid Internet, and there's no way an adult can view an Adult Internet site from this household, is that right?
array_key_first 2 days ago [-]
Well most DNS can be done per-device, just like in an IT setting. For example look at iOS. The device controls DNS, so set up little Timmy's iPhone to do Kid DNS.
That sounds an awful lot like this proposal, right? Well yes and no. No because this would actually work. Just letting the iPhone say "im a kid" does fuck all, because all the websites we're targeting with that will just ignore it.
And of course there are ways around this. Wanting a solution with no ways around it is dystopian. But is it a better solution than this? I think yes, it is.
marcus_holmes 2 days ago [-]
So we're locking a per-user DNS choice in?
If Little Timmy signs in then OS chooses the Kids DNS, but if Uncle Bob signs in then it chooses the Adult DNS?
As you say, I can see a few ways around this ;)
Again, this feels like it just moves the responsibility for everything onto the parents, without meaningfully giving them any control. If something screws up and Little Timmy gets to see some boobies, who gets blamed? Is it the OS provider, the hardware provider, or the parents? Did the parents actually configure this themselves? If so, who taught them how to do that? Or did they buy the machine pre-configured? So does the vendor take responsibility?
array_key_first 1 days ago [-]
> So we're locking a per-user DNS choice in?
Sure, or per-device, or per-network, or per-organization. It depends on how each particular person wants to implement it.
> As you say, I can see a few ways around this ;)
Yes, notably less than the current proposal. Which, again, will just straight-up not work.
> f something screws up and Little Timmy gets to see some boobies, who gets blamed?
I think this really hit the nail on the head. None of this is about solving problems or helping little Timmy. It's about accountability management.
If we implement the OS syscall, then Meta gets to point their grimey finger at someone else while they continue to fuel genocide in Myanmar.
> Did the parents actually configure this themselves? If so, who taught them how to do that? Or did they buy the machine pre-configured? So does the vendor take responsibility?
Well, um, both. You can configure your router, sure, or your Linux computer. But I imagine a new iPhone would just come with a checkbox you can check at account creation time. Again, very similar to this proposal, except it works.
davidhyde 3 days ago [-]
D) Parenting
Dylan16807 2 days ago [-]
I think parents should have access to easy to operate parental controls to help them do their parenting.
newdee 2 days ago [-]
Yes, parental controls already exist. You’re up and down this thread advocating for this particular bill, but what does the technical solution actually look like to you beyond the controls already available? And with regards to account creation specifically, what do you see as a workable solution that isn’t defeated by a “pinky swear”?
Dylan16807 2 days ago [-]
Can you name a piece of parental control software that tells relevant apps and sites whether I'm above 13/18?
I'm sure there's plenty of software that can block sites entirely, but that's a lot less useful.
And how much should I trust the popular products on a scale of 1-10? An OS setting doesn't need much trust.
> And with regards to account creation specifically, what do you see as a workable solution that isn’t defeated by a “pinky swear”?
I'll copy a different reply: "It's set by the administrator of the computer, so a parent can set it for their child instead of hoping their child is honest to every single individual site. That's the difference between a parental control and a pinky swear."
The idea of something like this isn't to replace parents, it's to give them a simple centralized tool. The parent has the admin account.
SecretDreams 2 days ago [-]
Is D) parenting what they do for cigarettes in stores today as well?
carefulfungi 2 days ago [-]
E. Platforms that want to serve violent, sexual, predatory, scammy, snake oil content in the most addictive way possible to exploit minors and other vulnerable populations for profit should save some of their revenue for lawsuits when they hurt people. Hold products that cause harm responsible.
robocat 2 days ago [-]
This can only work if the damages cost less than the business is worth.
And there's plenty of examples (J&J, oil titans) escaping financial consequences by other means.
cucumber3732842 2 days ago [-]
>A) 18+ content is behind a pinky swear
Things were way, way, way sketchier in like 2005 than they are now and those people turned out mostly fine.
panny 2 days ago [-]
The Illinois bill is not about 18+ content. It's about controlling who your children can talk to on social media. The OS age check is just a means to that end. The end is blatantly unconstitutional. The bill of rights doesn't mention age limits. Freedom of assosiation applies to kids just as much as it does to adults. If the bill passes, then any racist parent could block all comms from kids of a different color for example.
true_religion 2 days ago [-]
I get what you’re saying but it’s a false premise. In today’s era, racist parents already block their children from even attending school with someone of a different color. Merely blocking comms would be a step before that in severity of control.
Parents have always had the ability (though maybe not explicitly the right to) control their children’s environment for the purposes of teaching personal beliefs. So long as the belief itself wasn’t deemed harmful to the child, society would allow it to continue propagate that way. Racism unfortunately has never been seen as innately harmful. It’s looked down on, yes, but not to the point of making it illegal to enforce in family life.
nazzzi 2 days ago [-]
To be fair, as a parent I don’t want my under age children hooking up with literal nazis on social platforms, whoever that might be. The current tools and controls are lacking. A lot.
seany 2 days ago [-]
A. Not even a thought required.
dmix 2 days ago [-]
E) parenting
phendrenad2 2 days ago [-]
The spin control on this story is intense. Saying that it's "just parental controls" when we've had fscking parental controls since the 1990s is disingenuous as hell. Obviously it's something new, but that's really all they have got to try to spin it back into their favor.
kristopolous 2 days ago [-]
Every system intended to protect children ends up patronizing everyone as a child.
Protect people's rights and don't get tricked in to giving them up just cause someone has a story about a child.
ToucanLoucan 3 days ago [-]
I'm reminded of a video essay I watched about AI once, which took a side tangent into surveillance capitalism:
"Google's data harvesting operation became a load bearing piece of the Internet before the public understood digital privacy. And now we can't get rid of it."
The public has been conditioned to expect web services free at point of use. Legitimately it's hard to monetize things like YouTube without ads, and I get that. But turning our entire ecosystem of tech into a massive surveillance mini-state seems like an astonishingly shitty idea compared to just... finding a way to do advertising that DOESN'T involve 30 shadowy ad companies knowing your resting blood pressure. My otherwise creative and amazing industry seems utterly unwilling to confront this.
Edit: Like, I don't know, am I crazy for thinking that simply because we can target ads this granularity, that it simply must be that? I get that the ad-tech companies do not want to go back to blind-firing ads into the digital ether on the hope that they'll be seen, but that's also plus or minus the entirety of the history of advertising as an industry, with the last 20 or so years being a weird blip where you could show your add to INCREDIBLY specific demographics. And I wouldn't give a shit except the tech permitting those functions seems to be socially corrosive and is requiring even further erosion of already pretty porous user privacy to keep being legally tenable.
adi_kurian 3 days ago [-]
You are not crazy for thinking that.
However it appears that it takes pretty disasterous consequences for us to be able to walk anything back.
halfcat 2 days ago [-]
Society won’t delay reward now for future good on its own. Even if one person will, there’s a line of people who will step in to pollute the lake or kill the whales for a bag of money.
It will just decay until it’s a short squeeze into oligarchy or worse (the corrupt will be forced into an arms race of accelerating corruption as opportunity becomes scarce). Then some other country who isn’t leaving it up to their society to do the right thing will be in charge. Until the same happens to them.
This is the value of religion historically, one of the few ways of coercing a population into doing the right thing for their own good. But every group can be spoiled or hijacked by a small handful of bad actors who are willing to do what others are not.
gloosx 2 days ago [-]
It's not the gun that kills.
It's not the computer that spies.
3 days ago [-]
dadysgirl1 2 days ago [-]
Agreed! We shouldn't be because wouldn't we go to jail for shit like that if it were you or I?
jachee 3 days ago [-]
“Impossible to get a man to understand a thing, when his paycheck depends on his not understanding it.”
inetknght 3 days ago [-]
> It should be externalized to a degree.
Why?
We don't externalize age verification when buying alcohol or visiting the strip club. It's on the responsibility of those establishments to verify age.
sjsdaiuasgdia 3 days ago [-]
In those in-person contexts, the identification document is still externalized - they're checking a government-issued photo ID in the vast majority of situations.
It works for the in-person context because it's a physical object, making it easier to control access to it. A high resolution picture of the same ID is a privacy problem as it can be copied, shared, transferred, etc without the knowledge of the ID holder.
boyoboy 3 days ago [-]
[dead]
davorak 3 days ago [-]
> Why?
I think that main goal would be to keep the ability to have accounts be anonymous or pseudo anonymous.
If social mean company has to verify an accounts age themselves they then have to use some for of official government identification and with that any chance of anonymous or pseudo anonymous access.
autoexec 3 days ago [-]
Facebook has less than zero interest in allowing people to use their platform anonymously. They very much want to know everything about their users including their age and they would never back a law that would stop them from collecting that data. Now that you know that facebook isn't pushing this law to protect anyone's anonymity why do you think they're doing it?
davorak 3 days ago [-]
> Now that you know that facebook isn't pushing this law to protect anyone's anonymity why do you think they're doing it?
My comment was not about what I knew/know about facebook or not. I was answering the question of why age verification should be externalized to a degree and in this case externalized means the power stays with the user and parents rather than being in the hands of say facebook/meta.
I was not talking about why facebook/meta would want it or not want it. Large companies want lots of different things. Sometimes it is required to know their motivations to discuss or decide on something. I think it can be detrimental to do that though without discussing/analyzing a topic/idea on its own merits first or at least parallel. My comment was focused on the merits not the motivations or desires of companies like facebook.
autoexec 3 days ago [-]
The point is that you can't just externalize age verification and expect that data to never be sent to facebook because facebook needs that data to do anything (good or bad). It doesn't matter if your OS broadcasts that your child is 6-9 to facebook or if facebook has to ask the government to tell them that same information, either way, in the end facebook will know that your child is 6-9. The power is then in facebook's hands. Facebook won't see a copy of their government issued ID, but what difference does that make when they've got their age, their selfies, and a list of every friend and family member.
davorak 2 days ago [-]
> The point is that you can't just externalize age verification and expect that data to never be sent to facebook
facebook and similar social media companies have a ton of ways to get peoples age and or to narrow it down.
> either way, in the end facebook will know that your child is 6-9.
The main point of the law is not about restricting facebook or similar operator in the laws lanuage from knowing user ages. Though the does say the age bracket can not be used for anything other than to implement the intent of the law.
> The power is then in facebook's hands. Facebook won't see a copy of their government issued ID, but what difference does that make when they've got their age, their selfies, and a list of every friend and family member.
May not matter much for facebook or similar, it matters a bunch for any random website/forum/service you might sign up for where the intent of the service is not about public posting that sort of personal infromation.
autoexec 2 days ago [-]
> facebook and similar social media companies have a ton of ways to get peoples age and or to narrow it down... May not matter much for facebook or similar, it matters a bunch for any random website/forum/service you might sign up for
You're right about that. There are websites and services that won't have the kind of data needed to identify an individual using the age bracket data, and there are those who could do it anyway or could make some guesses about the ages of users even without having OS gathered age data sent to them. That said, I've seen how bad companies are at making those kinds of assumptions. For example, I've seen youtube's AI age guesser fail completely and mischaracterize viewers ages in both directions.
> Though the does say the age bracket can not be used for anything other than to implement the intent of the law.
I didn't see that anywhere in the text. It does have a section where it says that the age data collected can't be shared with third parties unless they're made a part of the implementation of age-check scheme. There's also this: "All information collected for the purpose of obtaining the verifiable parental consent required under this Section shall not be used for any purpose other than obtaining verifiable parental consent and shall be deleted immediately after an attempt to obtain verifiable parental consent" but it's entirely unclear if age bracket data is considered part of the data collected when "obtaining verifiable parental consent". I suspect that it isn't and this language is intended to protect the data of the adults who will be forced to prove they are the child's parents. In fact they don't define at all what "obtaining verifiable parental consent" should or shouldn't involve.
davorak 2 days ago [-]
> I didn't see that anywhere in the text...
You are right it is hard to use it for anything else though given the constraints.
> An operator that receives a signal in accordance with 20this Section shall use that signal to comply with this Section 21but shall not: 22 (1) request more information from an operating system 23 provider or a covered application store than the minimum 24 amount of information necessary to comply with this 25 Section;
You know the age bracket but nothing else and are not allowed to store more data on the topic to figure anything out. So you can not legally figure out someones age by keeping track of when they change age brackets.
> In fact they don't define at all what "obtaining verifiable parental consent" should or shouldn't involve.
It is the "Account holder". The user that set up the account and provide the age is considered the parent or legal guardian.
pstuart 3 days ago [-]
Do we make contractors do age verification on their supplies when building a liquor store or strip club? The OS is a tool used by Meta, just like the utilities and the compute itself.
Meta Apps can have age verification but it should be at the point of service, not the supply chain.
And even if we were to agree to this, uploading your IDs to an untrusted third party is asking too much.
alistairSH 3 days ago [-]
uploading your IDs to an untrusted third party is asking too much.
So have the government do it? They already know who we are and when we were born.
autoexec 3 days ago [-]
It's not enough for the government to know. Platforms, websites, and advertisers want to know. That's why the law facebook has been pushing for doesn't have a simple "is 18+" flag but instead has a long list of age buckets so that advertisers and platforms can target specific demographics even when they are minors.
pocksuppet 3 days ago [-]
Isn't that necessary because different levels of protection will be applied to each bracket?
autoexec 3 days ago [-]
The law doesn't require any protection levels at all. It just requires your OS to tell every website you visit which bucket your children fall into. Every website and platform can use that information in whatever ways they want, even if it's just to adjust how best to groom a victim or to decide which ads to push at a child. They could also use it to say that a 9 year old can't watch a certain video that a 13 year old can, but that would be entirely their choice.
lemoncookiechip 2 days ago [-]
I'd much rather a third party ID that I can easily bypass because they're lazy and cost saving every step of the way, than a governmental ID which will be x100 harder to bypass and can be abused by the goverment whenever there's a man-child in power who likes going after groups of people who don't agree with him.
But in a perfect world it would be parents doing their job and parenting. You can grab your child's pad, phone, laptop, whatever, and black list the entire internet allowing only a few select white lists of your choice. But it's too hard to educate parents on how to do that I guess, assuming this was ever about children and not data collection, which it is that.
kevin_thibedeau 3 days ago [-]
That requires trusting a government with a power that is likely to be abused.
alistairSH 3 days ago [-]
But they already know my age (and my address, and my SS#, and my income, and a whole bunch of other stuff).
kevin_thibedeau 3 days ago [-]
They don't know your full behavioral profile. They also may be willing to sell that data to third parties who use it for nefarious purposes.
monocasa 2 days ago [-]
They absolutely do. Anything you can get from data brokers doesn't require a warrant.
ToucanLoucan 3 days ago [-]
The power to tell people how old someone is?
mgulick 3 days ago [-]
The power of correlating your real ID with your browsing activity on the internet.
ToucanLoucan 3 days ago [-]
I mean, as much as I don't want the Government to be able to do that, I don't want private industry to be able to do that even more tbh. Though both options are pretty horrendous privacy-wise.
pstuart 2 days ago [-]
Until recently I felt the opposite way -- what they could do with that was more targeted advertising. The government currently in power is demonstrating that they can do far worse, and plans to.
basilgohar 2 days ago [-]
And then the government gets official, explicit, intimate knowledge of everything we do online. With our express permission now.
monksy 2 days ago [-]
Very good point. But there are businesses that are via the barcode on the back of the license. They're using machines to validate and do who knows what with that data.
3 days ago [-]
mech422 3 days ago [-]
I'm surprised that people think this is some new 'save-the-children' thing ? Didn't Zuck say like 10 years ago, you should not be allowed to be anonymous on the internet ? This just seems on-brand at this point.
mindslight 3 days ago [-]
A different approach that would keep incentives properly aligned is for Facebook (et al) to publish labels in website headers asserting the age (and other) suitability of content on various sections of the site. It would then be up to client software (eg a browser) to refuse to display sites that are unsuitable for kids on devices that have been configured for kid use.
As there has been a market failure for decades at this point, it would be reasonable to give this a legislative nudge - spelling out the specific labels, requiring large websites to publish the appropriate labels, and requiring large device manufacturers to include parental controls functionality. The labels would be defined such that a website not declaring labels (small, foreign, configuration mistake, etc) would simply not be shown by software configured with parental controls, preserving the basic permissionless nature of the Internet we take for granted.
But as it stands, this mandate being pushed is horribly broken - both for subjecting all users to the age verification regime, and also for being highly inflexible for parents who have opinions about what their kids should be seeing that differ from corporate attorneys!
inkysigma 3 days ago [-]
Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
bink 3 days ago [-]
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
inkysigma 3 days ago [-]
Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
pocksuppet 3 days ago [-]
Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple. Why am I rate limited though? Dang must hate this opinion.
Aeolun 3 days ago [-]
It’s because you are a sockpuppet.
nemomarx 3 days ago [-]
I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
davorak 3 days ago [-]
It gives the parents the tools to age restrict things, but does not require parents to use them or use them well.
somethoughts 3 days ago [-]
From a parent's perspective, that's the great part about bubbling it up to the OS user account level.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
MarsIronPI 3 days ago [-]
> You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
On what OS? Microslop Windows? On my computer no one is notified when an account is created. And the account list isn't visible when I log in. I log in to the TTY.
Now, granted, I am not the norm. But my OS falls under these regulations. So what is my OS vendor supposed to do? For that matter, who is the vendor? What if I were using LFS? Who even would be the vendor for LFS? It's not even a distro!
somethoughts 2 days ago [-]
Yes it doesn't show up probably because you were able to pretty easily mindlessly click through the part where you were asked if this is being provisioned as a child's computer.
When you provision a Windows, Mac or Chromebook these days as a child's device using your parental account, it will require a parental account to enable new user accounts and/or re-enable guest user on the device.
Like I said - my preference would have been for Microsoft, Apple, Google and Meta and TikTok to have made an industry effort to educate parents about the existence of such tools a priori of any legislation, we could have avoided Linux etc. getting sucked in.
autoexec 3 days ago [-]
It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.
somethoughts 2 days ago [-]
I don't think its quite so easy anymore that I can tell, with parental tools today - on a properly provisioned device you can require parental permission for app installs such as VPN, etc.
lich_king 3 days ago [-]
So you're advocating for stronger and more invasive controls?...
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
autoexec 3 days ago [-]
> I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop.
It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.
If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.
With 3rd party software parents are controlling what software is used, they have the ability to decide which kinds of content are appropriate for their children and can be allowed and which types of content should be blocked. They can black/whitelist as they see fit. All of the power is in the parent's hands. This law gives parents one choice only: "Do I honestly tell my OS how old my child is". That's the end of the parent's involvement and the end of their power.
1718627440 3 days ago [-]
I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.
phicoh 3 days ago [-]
There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.
Dylan16807 3 days ago [-]
Barriers like that for accessing 18+ sites would be so much better than nothing.
And cheat devices can be taken away as soon as the parent notices them.
phicoh 2 days ago [-]
The problem is that these laws tend to escalate. Once a government starts regulating, it doesn't stop.
It is also the wrong model. Instead of creating child-safe devices, just like there is a difference between toys and power tools, this regulation pretends that all devices are child safe and parents have to figure out which ones really aren't.
Dylan16807 2 days ago [-]
Well basically nobody is making child safe computers for ages over 7. Sitting around hoping that changes isn't useful.
So trying to force a very very basic child safe mode makes sense.
And I don't think this regulation pretends all devices are child safe.
enoint 3 days ago [-]
I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.
nullpoint420 3 days ago [-]
Yeah, let's just boil the frog here. Makes sense.
MarsIronPI 3 days ago [-]
Except how is this done on GNU/Linux or FreeBSD or Haiku? Who's going to implement it, who's going to ensure it can't be bypassed and who's going to be responsible if it's not?
secabeen 3 days ago [-]
I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.
themafia 3 days ago [-]
[flagged]
midnitewarrior 3 days ago [-]
I want to be able to hire a licensed Identity Service Provider that gets all of my verified identity data in an encrypted token and let me register it with the OS, and control what amount of the data I expose to apps, with age verification being one of the lower levels of access.
I pay the company to verify me, I am their customer. They take on the liability of the OS makers and app makers of age verification.
If you have a valid token signed by a licensed IDS that verified your age in your OS, that's all anyone needs to know.
davorak 3 days ago [-]
> trusted 3rd party service
So we have to pay some 3rd party service to hoard information about Children? Why we want to set that up? Why would we want to take that power from the parents and give it to some company?
themafia 3 days ago [-]
> Facebook shouldn't be the ones verifying age
So, they want to profit off children, but do nothing to protect them?
> but there should be a trusted 3rd party service that does that
Gee, if only Facebook would use their incredible might to create this, rather than trying to rob our representative government from underneath us.
> It abso-fucking-lutely should not be at the OS level though
It's not my problem. It shouldn't involve me at all. I don't use social media and I think if you let your kids on there unsupervised you have a screw loose.
kajaktum 2 days ago [-]
If social media, alcohol, drugs, gambling, phones are so, so, so bad for children. Just ban them from children.
We were completely fine 30 years ago without any phone. They will survive. They will probably thrive because now they have to learn how to hack the system.
Instead, we just give them everything they need and all the thinking they do is scrolling.
pjmlp 2 days ago [-]
On the 50's, it is incredible the proctective bubble that gets pushed around in some countries nowadays, externalizing all responsabilities.
eecc 3 days ago [-]
I guess the point is: delegate to kernel, then “oh, people with root can bypass with modules? Secure Boot!”
newdee 2 days ago [-]
And then only trusted devices with an “acceptable” posture and valid manufacturer attestation can participate! Hellscape.
bergfest 2 days ago [-]
This is exactly what will happen.
dangus 2 days ago [-]
The porn industry already figured this out and it’s super simple. Requires zero personal information.
And just which third party do you trust with your identity?
DANmode 2 days ago [-]
The trusted third-party is, in part, meant to be a society of responsible parents.
9991 2 days ago [-]
Yea, it's called Mom & Dad.
3 days ago [-]
kazinator 3 days ago [-]
> but there should be a trusted 3rd party service that does that
No, there shouldn't be any such thing; everyone pushing for any shape of this should just bugger off.
pocksuppet 3 days ago [-]
Sometimes even things that are good for Meta are good for the rest of us. This law, and the one in California, mean that liability is disclaimed as long as the parent selects an age above 18 for the child. It's like a section 230 for age protection. Meta supports this because they won't be liable for wrong age inputs, and we should also support this because it doesn't verify age in any other way.
phendrenad2 2 days ago [-]
We should support something that does the minimum to accomplish the goal. As luck would have it, we don't need to do anything because parental controls already exist, and apps like YouTube already have a "kid mode". But for some reason, people are very attached to the idea of getting that number. Your age. It isn't enough to have a boolean isAdult. Oh no, they want to know how old you are, and they want that number to follow tou everywhere you go. View a site on your PC and then load it in incognito to create an account and comment? Oh look, this person we've identified as pockauppet age 99 or whatever viewed the page, then someone registered aged 99 and commented on that same page. This is a data goldmine. But I guess we're not against sharing data anymore.
pocksuppet 2 days ago [-]
Have you used parental controls? They're complete and utter shit. You cut your child off from almost all of the internet, or you may as well not have any controls at all.
phendrenad2 20 hours ago [-]
Have you? What makes you think they can't be improved? And what do you think will happen when people set the age in this new system?
pear01 3 days ago [-]
He doesn't want to have to stand up, turn around and apologize to parents on behalf of an asleep at the wheel Congress again.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
Don't kid yourself, Meta already knows the age of all its users, at least within the broad categories that this bill defines.
thesuitonym 3 days ago [-]
Yes, but they want to show children content that is not appropriate, then claim ignorance.
fuzzfactor 3 days ago [-]
To give them the benefit of the doubt you could say they only want to show children content on its own that is fully parent-agreeable.
Meta just wants to do it in the most habit-forming way, that is embedded in a system crafted to mold young behavior into more manipulable consumers.
>Meta already knows the age of all its users
Roger, now they want a government mandate to target everyone else on the internet.
maxrmk 3 days ago [-]
If a company relies on self reported ages, they don't "know" it well enough to satisfy COPPA. Probably. I'm not a lawyer but I do keep up with the latest in privacy enforcement and I think this is the way things are headed.
For the record, I'm against age verification laws. But I think companies are pushing for them because of liabilities they face under other laws, not because they would actually like to have the data.
onlyrealcuzzo 3 days ago [-]
Legally, there's a difference between "knowing" and "accurate enough for loose cannon advertisers".
fuzzfactor 3 days ago [-]
Facebook has always been there for only one reason; for people who don't value privacy.
Nothing less, nothing more.
Most things that are not suitable for children were recognized so long ago that it was decades, centuries, or millennia before anybody living was ever born.
Like porn, when it got on the web it has always been instinctively gatekept as traditionally as possible, and complaints which do arise over the decades are addressed by the websites in ways that measure up to how you expect a company to act. Consistent with the way they truly don't want underage visitors to their websites at all.
Those complaints are now dwarfed by what parents are saying about Facebook in particular.
Facebook, and now Meta, is just not something that previous generations had to deal with, so it didn't get handled in a very adult way as it should have been from the beginning. And it only got worse as it got bigger.
If it wasn't worse for their kids than porn, parents wouldn't be screaming so much louder than ever.
I guess it turns out the combination of fundamentally devaluing privacy across-the-board including minors is the main problem, and then the idea of hooking them early, like cigarette companies would do with as much habit-forming reinforcement as possible, is what leverages the lack of overall privacy through the roof.
What's really needed is bold gatekeeping on Meta's digressions alone, they should be the ones to aggressively keep everyone underage off their site. Like they really mean it, which has not existed before. That's what's been wrong the whole time, the internet was so much better before Facebook came along with their anti-privacy mission, and it got put on steroids.
Reining in Meta alone should be big enough to be noticeable, no-one else has a shred of responsibility by comparison.
Facebook has invested $billions in these underage crowds and they want to know exactly when everyone else on the internet turns a certain age even if they are not on Facebook.
Don't give it to them no matter how much they pay.
It would be the complete opposite of an advanced thinker who wants to respond by compromising more people's privacy across the regular internet, when Meta is the primary source of the problem, and they're who stand to benefit the more privacy is compromised in any way, child or adult.
Like my 19th century grandmother would say, "what's wrong with some people?"
autoexec 3 days ago [-]
It's amazing how many things We The People want our government to do that go ignored year after year, but the moment corporations want something laws get pushed through at lightning speeds. Does anyone actually think that masses of regular people in Illinois were begging their government to force operating systems to tell every website and advertiser how old their children are? They weren't. A small number of corporations with lots of money wanted that though. Bribing matters a lot more than voting.
Lerc 3 days ago [-]
How should they do it? Surely they don't have a responsibility to do something that nobody knows how to do?
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
tyre 3 days ago [-]
They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
gruez 3 days ago [-]
>They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
intrasight 3 days ago [-]
OS-based age verification would also have to use a government ID. There is no alternatives to a government ID for such verification.
gruez 3 days ago [-]
>OS-based age verification would also have to use a government ID.
I see no such claim that comment said that the parent verifies the child. That that means that the parent must be verified. I don't see that approach having any chance of succeeding. It would be a much more invasive process to both verify the parent and the relationship with the child.
tstrimple 2 days ago [-]
You're wrong. These laws aren't very long. You should read them instead of just passing around incorrect assumptions.
fn-mote 2 days ago [-]
The points:
1. No new law is required, FB could do this voluntarily.
2. Meta has a vested interest in a low-friction solution that maintains engagement.
Aunche 3 days ago [-]
> They could require government ID to sign up and an adult sponsor to certify accounts for kids.
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it as an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
Lerc 3 days ago [-]
I think the public in general woul be happier with the office on the moon idea than compulsory Government ID requirements to use services.
intrasight 3 days ago [-]
It's only required for services that require it. The states are also regulating which services those are.
Lerc 3 days ago [-]
All you have to to to become a member of tautology club is to join tautology club.
observationist 3 days ago [-]
It's up to parents to parent. It's not up to the government, and Facebook pushing this shit is evil.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
ehl0 3 days ago [-]
bad take man. these companies don't care about kids; they just want to take the responsivity off of themselves. they don't actually put any money towards child safety.
Dylan16807 3 days ago [-]
But the parent comment didn't say anything about companies caring. So you're not disagreeing with them, unless you think any selfish corporate action should be automatically opposed. And that would be a bad take; it's way too generic and applies to both sides of most issues.
cess11 3 days ago [-]
With all the LLM bots they need a new way to sort out the people from the machines to not lose ad revenue and to help their spook friends.
It's better for them if this "responsibility" rests with another organisation, they don't get blamed as much when the information leaks and it is replaceable.
cyanydeez 2 days ago [-]
I think their strategy is to just sell more software. Liability was cut by buying the presidency.
Really, I’m surprised that for all of the discussions on HN around these individual statewide acts that I see so little discussion of Meta as a primary force pushing them.
pesus 3 days ago [-]
There are probably many more people that would profit off of it on HN.
iAMkenough 3 days ago [-]
I wonder if Meta monitors their employees comments on HN?
alephnerd 3 days ago [-]
They don't but frankly no one who matters actually gives a s#it about HN anyhow.
HN is also much less representative of the demographics within the American tech industry now as well - almost all the references I see on here are stuff only men in their late 30s to 50s would recognize, and an increasing amount of users appear to be based in Western and Central Europe.
Heck, I'm on the younger end by HN standards (early/mid 30s) and when I introduced HN to my peers over a decade ago (this is my throwaway) even back then they complained that it was "toxic", "snooty", and "unhelpful". And it's reputation amongst the younger generation has only gotten worse.
HN has "SlashDot"ified, because most people are either in private groupchats on signal/imessage/discord or meeting each other with Luma invites.
hypeatei 3 days ago [-]
Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
Don't get me wrong, it's good to know but it's not earth shattering information.
gruez 3 days ago [-]
>Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
How does getting the OS to do age verification "get rid of anonymity online" or help "sell ads"? Assuming the verification is implemented in a competent way (ie. it's not just providing an id scan for any app to read), it's probably one of the more privacy friendly ways to implement age verification, that's also more secure than an "are you over 18" prompt on every website.
hypeatei 3 days ago [-]
You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate our privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
> implemented in a competent way (ie. it's not just providing an id scan for any app to read)
What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
gruez 3 days ago [-]
>You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate your privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case. The popular sentiment that smartphones and social networks are harming kids (thereby necessitating bans/verification) has been boiling over for a while now (eg. "The Anxious Generation, 2024", and the recent social media bans in Australia), and meta is just trying to get ahead of this with laws that favor them.
>What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
Probably less likely to cause vulnerabilities than web usb or web bluetooth , both of which gets some pushback here but nowhere as much an API that returns a number.
hypeatei 3 days ago [-]
> If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case
No, I'm saying the exact opposite: Meta is just one player in a campaign from intelligence agencies and other tech companies who want to normalize mandated prompts in your OS that collect information. Right now it's "just a DOB field bro" turns into "well... people can lie with the DOB field, let's just add a ID check step in that dialog" and build on it from there. Of course the pot has been boiling for a while and it's not just Meta looking for regulatory capture.
> Probably less likely to cause vulnerabilities
I don't care about likelihoods, this "feature" inherently introduces more risk and for something I don't even want on my computer. Even a small chance that this can be abused is unacceptable.
edgyquant 3 days ago [-]
I find it odd when people write off policies as using “save the children” or “protect women” as if this isn’t something people are really capable of thinking. You fail to understand why the Overton window has shifted because you fail to understand people really are worried about their children
hypeatei 3 days ago [-]
I don't know of any surveillance state act that used "protect women" as their top line, but maybe I missed it.
> because you fail to understand people really are worried about their children
No, I completely understand but that doesn't give anyone the right to start mandating that we give up our privacy in pursuit of that. That's sorta the joke with "save the children", it's meant to tug at your emotions and make you look like a bad person for not consenting to massive overreach.
edgyquant 2 days ago [-]
No it isn’t “meant” to do anything but reflect a desire to protect children. You’re projecting.
hypeatei 2 days ago [-]
Okay, so not every single person pushing surveillance is a bad faith actor and there are some parents in there who truly want the best for children. How does that change the substance of my point about overreach?
edgyquant 1 days ago [-]
We have laws going back decades requiring people to show id to purchase pornography and r rated movies. Why do tech companies get a pass on this?
JumpCrisscross 3 days ago [-]
> Why does it matter specifically that Meta is doing it?
Their entire top leadership has shown a multi-year tendency towards psychopathy and lying. Knowing Meta is pushing this bill makes me want to understand why my views and theirs randomly agree as well as carefully read the bill text for any signs Adam Mosseri was within 500 feet of it.
JCattheATM 3 days ago [-]
[flagged]
JumpCrisscross 3 days ago [-]
> That's probably a sign that you should reevaluate your views
On its own? No. We probably agree on the need to drink water, that doesn’t mean I should now die of thirst.
I've seen skepticism about the veracity of the claims, in part as various sources cited in the git repo pointed to todo files not actual data[1] (in that example was only just hours ago a source file was added, when the project still claims part of the conclusions are based on data said to be contained there).
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
That's the correct strategy, if anyone sues meta, meta can bring their age verifier into the lawsuit and blame them. It makes sense from a business perspective, insurance perspective. etc...
pembrook 3 days ago [-]
Meta is definitely helping to push this, but they aren't having to push very hard because its already in the zeitgeist. It's a classic moral panic. Millennials are raising kids and turning into their boomer parents.
Millennials had their hippie era in their 20s (same stuff their parents did rebranded as "hipster" instead of "hippie," where instead of building a lifestyle of free love and bong hits in the Haight-Ashbury, they built a lifestyle of free love and bong hits in Williamsburg Brooklyn).
Now in their 30s-40s they've moved to the suburbs, they're voting Reagan, and are falling for hysterical media-driven moral panics about "what kids these days are up to" just like their Boomer parents did in the 80s-90s.
What's even more funny about all these "social media is evil" legislative proposals, they're motivated by the idea of what social media used to be when millennials were in college...which doesn't even exist anymore.
The classic narrative that teens are depressed because they're seeing what parties they didn't get invited to is wildly outdated now. Social media isn't social anymore (see Tiktok), it's just algorithmic short form TV. Nobody is seeing content from their peers anymore.
In reality, most modern research on social media finds little to no affect on teen mental health. But of course, if you have ulterior motives to undermine privacy or shirk corporate responsibility under the cover of "saving the kids," this moral panic is an already burning flame waiting to be stoked.
fn-mote 2 days ago [-]
> teens are depressed because they're seeing what parties they didn't get invited to
More modern version: my experiences don’t look like the Instagram shots, my body doesn’t look like theirs, etc.
> modern research on social media finds little to no affect on teen mental health
Sounds like you know what you’re talking about, but if you have references I would read them.
How about research on the effects of social media on academic performance?
No disagreement at all that this is another power and surveillance grab.
pembrook 2 days ago [-]
> my experiences don’t look like the Instagram shots, my body doesn’t look like theirs, etc
Zero difference from the reality TV/tabloid era. "Influencer" is just a rebranding of "celebrity," and instead of seeing their Hollywood Hills mansion and chiseled bodies on MTV cribs and in Abercrombie ads you see them on your phone.
Here's a few quick pulls, the best stuff is the meta-analysis studies but don't have time to dig them all out:
What does this bill have to do with age verification?
It legally mandates the existence of a required "age" field in user account records, a user interface to populate it during account setup, a mechanism for service providers to read this field, and that providers act as if it has been populated accurately.
As someone who has been the de facto "system administrator" for my family's computer systems since kindergarten, this has to be one of the stupidest policies I've ever seen gain traction.
ezfe 3 days ago [-]
Is there a problem with this? Most users are using an iPhone and most iPhones already know the accurate age of their user
iszomer 24 hours ago [-]
I think it will be an extension of parental control and shift that accountability/responsibility upwards; Meta is not anyone's real life parents anyway.
gspetr 3 days ago [-]
People will just forge IDs with LLMs. This measure is basically unenforceable, and wastes everyone's time and money.
enoint 3 days ago [-]
I’ve heard Android is a more common OS. In any case, if your OS fails to ask a user their age, it’s banned.
ezfe 3 days ago [-]
Okay, sorry yes that was an oversimplification. Android does ask your age as well, so that's all of them for mobile phones.
saintfire 3 days ago [-]
Android doesn't ask your age, Google does for an account. You can use an android phone without a google account. Most people don't but the distinction is important because degoogled android phones will also have to comply.
subscribed 3 days ago [-]
No, unless the law mandates it.
So for example operating system that does not ask this question could simply declare itself "inappropriate"/"illegal" in the jurisdiction.
Say, GrapheneOS can explicitly disallow image downloads from Californian IPs and not sell phones with preinstalled GOS there.
You don't need to be complaint with the Mongolian law to sell in Burkina Faso.
Similarly they don't need to be complaint with Ohio law if they do not operate and have presence there.
American companies that decide to surveil users ont heir websites with pervasive tracking without consent would only contravene the European GDPR if they allowed EU users to use them. Block the EU (famous http/451), and they're in the clear.
IMO, but IANAL.
enoint 2 days ago [-]
This is what Ageless and some apps are deliberating. I wonder if my ToS can protect me as a scientific calculator maintainer; if I mandate that it cannot be installed within jurisdictions that ban or fine maintainers who fail to implement the age checks.
Edit: I have no control over who links to my library.
iAMkenough 3 days ago [-]
What about OSes that power shared devices you use in public, like airline ticket kiosks and bank ATMs?
enoint 3 days ago [-]
I'm fine with default settings:
> for all users that the operator has actual knowledge to be a minor, the operator shall use specified default settings for the minor.
I just think it should be opt-in. Applications should presume <13 unless the user opts in.
iAMkenough 3 days ago [-]
I'm fine with that too as a consumer.
As an "operating system provider," the law as written still requires me to provide an accessible interface for you to indicate your age to the operator.
Should we be asking your age every single time you use a credit card reader or ATM? If not, embedded operating system providers need exceptions to the law in each state that adopts their own non-standardized approach.
ottah 3 days ago [-]
This coordinated state level attack on the legislative process is crazy. These people can't seem to be bothered to do the basics of governing, but they always find time to do this cross-state nightmare fuel.
dmix 2 days ago [-]
State government is always the worst for this sort of garbage legislation. The number of "economically-impactful" regulatory pages generated by state governments far outpaces the federal government in the US. And plenty of it is just corporate or influential NIMBY appeasement.
notepad0x90 2 days ago [-]
It is a fault in part in the government designed with bits and pieces of "honor system" and "well no one will ever do that!"; and the governed unable or unwilling to enact consequences.
firtoz 3 days ago [-]
It's kinda convenient because every service needs to ask you for the age now because they can't serve under 13s in a lot of cases. Having it be a simple API would be a decent convenience, no?
If you connect it with a permission system where you can choose whether to provide this information (e.g. >13 as a bool or age as an integer or the birthday as a date) that can't be too bad I guess?
I haven't read the whole thing of course.
pull_my_finger 3 days ago [-]
It WOULD be nice if it only got used appropriately. But in 2026 its just one more metric to narrow down your profile for advertisers. Wouldn't it be convenient if you could just opt-out of tracking with a convenient API like the literal "do not track" header in browsers? It exists, but none of the people who SHOULD use it pay it any attention except as, ironically, another metric used to track people.
Not to mention that computing is a global thing, and in order for this to be useful it would definitely have to be providing more specific information than just a bool. Maybe chats require 13+, but pornography requires 18+. Maybe those ages are different based on location. All advertisers would need to do is ping the various different checks to get your actual or at least very approximate age.
This kind of thing is a slippery slope, and its ripe for abuse by doxxers, advertisers and big brother himself. Burn this with fire. I'm totally in agreement with the others that suggest stuff like this should b just get banned from getting introduced and reintroduced constantly trying to sneak it in as a rider or hidden provision. The people DON'T want it.
ottah 3 days ago [-]
It's a brute-force solution, for a problem with many simpler and limited solutions. This is being pushed so hard for it's intended side-effects. The goal is not to protect children, and it never has been. The goal is to eliminate anonymity on the internet
marak830 2 days ago [-]
Exactly. Slowly the screws will be tightened, saying "oh the age gates are too loose" and will need ID verification, step by step.
edgyquant 3 days ago [-]
What if someone else is using the computer/phone/etc?
2 days ago [-]
MarsIronPI 3 days ago [-]
No, because "Operating System Provider" is either too vague, or too imposing on free operating system developers.
mminer237 2 days ago [-]
Having a radio option for <13, 13–15, 16–17, and 18+ on account creation and a syscall to query that is not a huge imposition for OS.
tenacious_tuna 2 days ago [-]
what's account creation on an esp32 running micropython? or an arduino? what happens when the law is expanded to require biometric enforcement of what the user reports?
Also, I don't want my OS to report my age range to every website I visit anyway.
bigbuppo 3 days ago [-]
We got rid of the IDENT protocol a long time ago because it was stupid.
fn-mote 2 days ago [-]
You mean because it was being used as a doxxing tool.
Argumentation 101: “it’s stupid” isn’t a reason.
greycol 3 days ago [-]
It's forcing all OSs to do something that only a few should be doing. The correct way to do this is for the interested parties to form an association that does four things.
1. Creates a protocol with desired signals (country and a variable list of whatever others i.e. age,state) that clients (including browsers) CAN choose to use and forward.
2. Create an api OSs CAN implement to inform clients of those signals and if they can be overidden in the client. (Possibly even create an OS or service to run on OSs that implements it, parents can choose to install specific OS or service)
3. A open source server for governments to specify common classes of content and what to do when a specific SIGNAL (from the protocol in 1) is recieved (Serve content to SIGNAL group/serve content to everyone/never serve content). And what to do if content isn't in a class it recognizes(Serve content/not serve content). Association could also be extend it's duties to coordinate a list of types of content.
4. Maintain an authoritative list of servers by country so that those hosting services can reach the servers hosted in 3. So that webservers can visit those servers to find what they can serve if they wish to apply the law for that jurisdiction.
Horrible because it does codify less freedom and censorship. The advantages are that for a jurisdiction liability can fall on the right actor.
If you run a website/app you worry only if your in a jurisdiction that mandates you use the protocol and can easily geoblock crazy countries by using that signal and choose if a jurisdiction you want to deal with is worth the effort of coding for or whether you want to ignore that countries laws.
If you are a user you can choose to install the API or use an OS that implements it or an OS that spoofs it with only the liability of your jurisdiction. If you are a parent you can use an OS(or install a service) to implement it on your kids accounts.
If your an OS developer you can add functionality if desired/appropriate.
If you are a country you can specify what signals you use/require and can specify required signals (i.e. US may request the State signal so it can decide if it needs other signals to evaluate whether to serve "Social Media" content (i.e. age in the case of state=california)).
Not perfect but actually keeps punishment/enforcement to appropriate jurisdiction and means you can actually gracefully avoid liability for sites in broken jurisdictions rather than either kowtowing or being in breach. Also means it can be implemented in client if you don't want it on your OS or want the convenience of not being asked age without the ridiculous other stuff.
glitchc 3 days ago [-]
The law as is written mainly targets social media platforms. For an OS to comply, all it needs to do is provide a field during account creation that records the user's date of birth as supplied by the user. There is no onus on the operator to confirm the veracity of this information, or even record it anywhere other than the local OS install itself. I think we're safe.
Slippery slopes are a logical fallacy. Every single decision moving you down the slope is intentional. No sliding occurs if nothing actively pushes things down the slide.
Accordingly, it is never too late to lobby against these things.
areoform 3 days ago [-]
Not if you're being pushed down the slope.
It's not an accident that this appeared within a month or two of the California one. I would bet good money that there's someone shopping this bill around.
If you do a frequency analysis of when these bills are being introduced, you'll notice an odd cluster internationally. Less charitably, they're coordinating / talking / being pushed by someone. More charitably, the "idea" is spreading.
It's a very odd idea to spread though. Age "verification" isn't something people are truly passionate about.
I suspect that, long-term, this is about surveillance. The powers that be would rather kill the golden genie that's general purpose compute than have teens and radical youth with compute.
This is going to get bad.
tzs 3 days ago [-]
What you have overlooked is that this type of bill is being introduced in states that have the strongest data protection and privacy laws, such as California and Colorado, and now Illinois.
This is happening after several other states have introduced age verification laws that actually require age verification which typically involves uploading your identity documents to each website that is required to verify your age.
Apply Occam's razor. Which do you think is more likely?
1. These states that have a record of concern for privacy are now introducing an age verification law that relies entirely on the age that the administrator enters when configuring a user account in order to give a push down a slippery slope toward their nefarious secret goal...even though it would be a complete waste of time since as the examples from numerous other states shows it is not hard to pass a law that starts with making people upload their ID documents to any social media they want to use.
2. These states that have a record of concern for privacy are doing age verification in the way that many privacy advocates said it should be done when they were objecting to those bills in those other states that required uploading ID documents, because those states do not want to go down the slippery slop that those other state approaches risk going down. Namely, through parental controls on the devices that children use that put the parents in control and leave the government out of it (other than requiring that such controls be included with the OS).
Real conspiracies exist. Openly. They're open secrets for those in the know.
You'd be surprised by how banal so much of this is. So many parties trying to get what they want. Doing a cost v benefit analysis and looking the other way.
naikrovek 11 hours ago [-]
Did you know that the way people like you respond in posts like this pushes everyone else away with a strength that is unmatched by anything known anything man.
Black holes have less strength to destroy goodwill than posts like yours.
The tone of your post makes people dislike you intensely, makes them ignore you, and go about their business. But they’ll remember you and the repulsion they feel to posts like yours (which all of you saying this message seem to use) whenever they even think someone is saying something like you’re saying here.
You guys are your own worst enemies because you can’t see how fucking abrasive your posts are
:)
nlitened 3 days ago [-]
> Slippery slopes are a logical fallacy
How is this a counter-argument? I often read this, as if there's some international trusted organization of logical thinkers that has approved inclusion of slippery slope to a list of logical fallacies that must never be invoked in a conversation.
Every single time five years later it turns out that the slope actually was slippery.
rkomorn 3 days ago [-]
I don't think their comment was meant as a counter-argument.
I read it as a call to action: things only go down the slope if they're pushed that way, so now is the time to try and prevent said push.
naikrovek 12 hours ago [-]
That is what I meant, yes.
Why do people imagine that I said words I didn’t say, get mad at those words, then reply as if I had said them? This happens all the time.
Humans are stupid and I sincerely believe that we, as a species, will fail because we are so prone to this kind of behavior. We really are a garbage race.
bombcar 3 days ago [-]
Everyone who rants about slippery slopes being a fallacy also loves the boiling frog analogy (which technically might be a bit closer to what they're going for).
naikrovek 11 hours ago [-]
> Everyone who rants about slippery slopes being a fallacy also loves the boiling frog analogy
I didn’t. So why do you say “everyone”? Stop imagining people saying things that they didn’t actually say.
Every step we take down this “slope” is intentional and happens because there is more force pushing things down the slope than there is force resisting that push. There is no slippage, just people who refuse to act in their own best interests letting people who are acting in their own best interests do whatever they want.
1718627440 3 days ago [-]
The problem with slippery slope is that every step can be defended as reasonable, but the overall result can't. Pointing out that something is means saying, I can't refute that single step and you know that, but I still am against it, because it is crucial to an harmful outcome that I really don't want. It argues against a policy by putting it into context.
mattnewton 3 days ago [-]
Like gravity, there is some inexorably force drawing the state towards mass surveillance tools as it makes the job easier. Removing friction that fights against that force is real
1shooner 3 days ago [-]
> it is never too late to lobby against these things.
Putting aside the real possibility that the ability to lobby against certain things is already actively under attack, it isn't speech alone that is being addressed, it's political and cultural momentum.
Would you call it a fallacy that making incremental rather than sudden movement in a specific direction makes it politically easier to accomplish?
bs7280 3 days ago [-]
Calling everything a logical fallacy, is also a logical fallacy.
We have already seen the federal government use facial recognition data to create an app that tells ICE goons who's legal. We should not tolerate the government forcing more data tracking and privacy violations just because you are not "sliding" today.
3 days ago [-]
BoredomIsFun 3 days ago [-]
> Slippery slopes are a logical fallacy. Every single decision moving you down the slope is intentional.
First they came for the Communists
And I did not speak out
Because I was not a Communist
Then they came for the Socialists
And I did not speak out
Because I was not a Socialist
Then they came for the trade unionists
And I did not speak out
Because I was not a trade unionist
Then they came for the Jews
And I did not speak out
Because I was not a Jew
Then they came for me
And there was no one left
To speak out for me
zuminator 3 days ago [-]
This poem should be updated for modern sensibilities:
First they came for the Communists
And I was like fuck those Commies
Because I was not a Communist
ditto
ditto
ditto
Then they came for me
And what the fuck bro this is totally not what I voted for
BoredomIsFun 2 days ago [-]
duh
orsorna 3 days ago [-]
But you're effectively asking a third party application, running in a browser no less (i already understand that a browser exposes WAY too much os level information), to query the OS for age information.
ottah 3 days ago [-]
Several issues, one OS developers will likely use this to fully identify all users. Apple, Google and Microsoft would rather have legal identities tied to all activity, and this is an easy pretext.
Second, there's no certainty about how courts might interpret compliance. If the intent of the law is to positively identify minors, a user editable field may not be interpreted as sufficient to comply. We don't know what the safe level of identification will be outside of trying the law in court. Who wants to be on the bad side of that?
glitchc 2 days ago [-]
And we will finally have the year of the Linux desktop!
conor- 2 days ago [-]
Just as long as you're using a distro that isn't using systemd[0], which is kind of an uphill battle these days
One way is that you log in under a guest account and the guest account requires you to indicate your age. After your session is over, guest account logs out.
Another way is that the library has two sets of computers, ones set for adults, ones set for minors. You need access card to use computer and the librarian will give you the age-appropriate access card.
Another way is computers are set for restrictive (child) account by default. If you need adult access you have to ask librarian to unlock it.
iinnPP 3 days ago [-]
It's been a while but as a 12 year old I completely broke the library system, installed cracked Starcraft, and refroze DeepFreeze afterwards.
Not to counteract your point, just as an anecdote I like remembering.
openclaw01 2 days ago [-]
[dead]
mattnewton 3 days ago [-]
Seems like a slippery slope. Now the infrastructure is there to ask apple, Google and microsoft to confirm identity with selfies over the internet.
ezfe 3 days ago [-]
That infrastructure is literally already there. It's done and live in some areas.
bthater 3 days ago [-]
Couldn't the OS just opt out of social media? I wouldn't mind promising that I won't engage in social media online.
mikestorrent 3 days ago [-]
I don't like this whole thing, but compared to what I was fearing would happen, this idea is nowhere near as bad.
What I expected was that we'd end up with the OS vendors actually being mandated to really do age verification, and then submitting that using Web Credentials and Secure Attestation so that the far end could trust the whole thing, locking open-source OS's out of the mix and creating more of a walled garden online than we already have. I was guessing it would become a simple checkbox on e.g. Cloudflare - "[ ] allow adult users only" or whatever - and that it would end up with vast swathes of the internet going off limits for anyone not on closed-source systems.
Now, it looks like this is just a way for parents to tell the OS "this is a kid account" and have it flow through to websites so they can easily proactively block kids from connecting without having to implement any of that crap. Yes, it's much potentially easier for a child to circumvent; but any kid who can get around that sort of thing from within an OS could probably just wipe/reinstall anyway, so who cares?
As a parent whose kids are continually trying to see what trouble they can get into, I appreciate that I will get one more potential weapon in the fight.
Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
shit_game 3 days ago [-]
> Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
You're being a fool by actually being a bit relieved it's going this way.
These bills are meant to nudge the overton window[0] of digital politics in the direction of mandating realtime identity verification for all forms of computing. Advertisers want it, governments want it, _bad people and bad governments want it_. By pushing a very small and "weak" legally-required form of user identification on everything under the guise of "saving the kids", all involved parties can point at those who disagree and say "Look, if you disagree you must want to hurt children!" And so the bills pass, and a weak form of identity verification passes and is enforced. Then it'll be shown it doesn't work, and the proposed solution will be to make these identity verification laws more intrusive and more restrictive. Repeat ad-nauseum.
Well, ok. That is what I was fearing, after all. Perhaps I was anchored into the worse position and now am accepting a slight erosion of rights since it's not the entire thing, all at once... the slippery slope is not always a fallacy, after all.
LooseMarmoset 3 days ago [-]
You shouldn't be downvoted for this, the problem is exactly as you described.
pooooka 3 days ago [-]
LOL. Well said...Seems as if we're on some dystopian track that's eventually going to transform a RealID card into something like a Common Access Card (or worse).
tracker1 3 days ago [-]
What do you think comes after this? This is just a first step towards exactly requiring age verification at the OS/Store level... Then comes ever more restrictive and intrusive tracking and eliminating all anonymity as a final goal.
Time to start throwing up hobby BBS sites... and I think in this case text mode interfaces over web might be an advantage.
Larrikin 3 days ago [-]
Websites can send down a single header indicating adult content. The device, the parent setup to indicate the users age, can respect that. Legitimate adult websites will not show the content. There is no need for any verification beyond that or it's just government mandated surveillance.
jacobgkau 3 days ago [-]
> There is no need for any verification beyond that or it's just government mandated surveillance.
There is no verification beyond that in these sorts of bills (CA, CO, IL). It's the parent's responsibility to watch their kids when they set up an account.
> Legitimate adult websites will not show the content.
This is a big problem (that won't necessarily be solved by this particular legislation, granted). There are already voluntary rating HTML tags websites can add to indicate parental control software should block them, but they're voluntary and non-standardized. Websites can choose not to comply with no real-world consequences. And I don't think platforms like Reddit or X, which are ostensibly all-ages social media but also have an abundance of adult content, are properly set up to serve tags like that on NSFW posts but not other ones.
It's a tricky problem to solve, and, imo, it's one the tech industry has demonstrated it doesn't have any desire to solve itself, hence legislation starting to get involved.
> Websites can send down a single header indicating adult content.
It sounds at first glance like a no-brainer that websites shouldn't have access to any information and the enforcement should be done at a local level (like the current voluntary HTML tags that locally installed parental control software can sometimes read). But some websites might want to display alternate content to minors-- e.g. a Wikipedia article with some images withheld, or Reddit sending a user back to an all-ages subreddit instead of just fully breaking or failing to load when the user stumbles upon something 18+. For anything like that, the website will need to know in some form that the user isn't able to see 18+ content.
jacobgkau 3 days ago [-]
Yeah, the laws in CA, CO, and now IL are essentially just mandating generally available OS's implement a standardized, local parental control system.
Detractors will say parents should just install existing parental control software, even though it's existed in its current form for decades and is obviously not effective. And they'll say it should be the parents' responsibility to enforce what their kids are doing with computers, while ignoring the fact that these laws provide tools allowing parents to do just that (the parents are the ones responsible for supervising their kids when they create accounts to ensure they're not lying about their age-- if the kids lie during setup, it's on the parents).
Anyone with kids will probably acknowledge that it's much easier supervising your kid once when they first set up an account on a new device than it would be to supervise them 24/7 when they're using the internet. But for some reason, lots of people without kids are in a panic about having to type in any date older than 18 years ago. The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
LooseMarmoset 3 days ago [-]
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
Because that's exactly what will happen. This is battlespace preparation for the destruction of anonymity on the internet, because politicians find this inconvenient.
MarsIronPI 3 days ago [-]
> Yeah, the laws in CA, CO, and now IL are essentially just mandating generally available OS's implement a standardized, local parental control system.
Except what about my OS which doesn't have parental controls and can't reasonably be expected to provide them because who's gonna do it and be responsible for it?
jacobgkau 2 days ago [-]
Your attitude is exactly why it's gotten to the point of being proposed as law.
Of course, nobody can ever stop you from running anything you're building yourself, privately. But you might end up finding that you need to implement additional APIs anyway in order to access what you want to on the internet, just as you're expected to have some sort of HTTP support and HTML rendering in order to get that far. The part you'd be able to "cheat" on in your own custom OS is just reporting a higher age bracket without making you type an age in first.
jeffbee 3 days ago [-]
The argument about the California bill is not that it is a slippery slope, but that it was drafted by people with zero domain knowledge. It applies equally to toaster ovens as well as iPhones.
wtallis 2 days ago [-]
It only applies to toaster ovens that can connect to the Internet to download third-party apps.
pianoben 3 days ago [-]
> while ignoring the fact that these laws provide tools allowing parents to do just that
These tools are called "parental controls" and already exist - we don't need laws to compel their production.
...unless, of course, the true aim is to use this as a beachhead for further expansion of privacy-violating requirements.
You write this off as a "slippery-slope" argument, but given that there are already quite a few tools that do what this law aims for, what's the point?
SoftTalker 3 days ago [-]
Because the tools don't work, and are too fragmentary and burdensome.
Would you prefer to inform each movie theater in town which movies your child is permitted to watch? Or just rely on the rating system that applies to most movies and is honored by most theatres?
Parents want one setting that says "this is a child" and then expect online platforms to respond appropriately. As we expect and mostly have in the real world.
autoexec 3 days ago [-]
> Parents want one setting that says "this is a child" and then expect online platforms to respond appropriately.
This law does not do that. It breaks the age of children into several buckets so that platforms, websites, and advertisers can target specific demographics. They won't "respond appropriately" they'll just use this data point as another way to improve how they exploit children online. Now every pedo with a website can tell how old the kid is so they can better adjust their grooming for that age bracket.
pianoben 3 days ago [-]
If parents want that solution, then the proper thing is for someone to build that solution and make a fortune selling it, IMO.
jacobgkau 3 days ago [-]
"If parents want drug stores to not sell liquor to their kids, then the proper thing is for someone to build that solution and make a fortune selling it, IMO." See how that makes zero sense in the context of a society?
Content providers are not incentivized to care about the problem, and will serve any content with ads next to it that they can unless they are forced not to. Ad-hoc solutions attempting to paper over that behavior on the consumer end are not adequate or effective. That's why they have a rationale at all for the laws here.
pianoben 3 days ago [-]
I don't see the incongruity. It's one thing to mandate that retailers not sell alcohol to children, but it's quite another to require that all computers must report on the identities of their users just so that children don't see porn. The proper analogy would be require verification on the part of the porn sellers.
jacobgkau 2 days ago [-]
> all computers must report on the identities of their users
Literally not what's happening with these bills. There is no identity, you would only have to type in a valid date (and nobody's forcing you at gunpoint to make it your actual birth date).
> The proper analogy would be require verification on the part of the porn sellers.
Red states tried that first, and it was very poorly received by the left and the porn industry, among other parties. Asking anonymously at the device level and leaving it to parents to enforce it is more privacy-respecting and less of a burden to adults. Which is exactly why blue states are now trying to do it this way (and is one of the reasons why Aylo & others have been asking for it to be done this way, with the other reason being it's also easier & cheaper on their end).
SoftTalker 2 days ago [-]
This bill doesn't require reporting identities. It requires that computers be able to communicate "this is a child" to websites, social media platforms, and apps.
Dylan16807 3 days ago [-]
Sometimes it's good to standardize things. Existing parental controls are a hot mess and they mostly work by completely blocking sites/apps, not giving them an age category.
dormento 3 days ago [-]
The parents can already do that. Its called "parenting". The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
> if the kids lie during setup, it's on the parents
Pretty much a "Yes, and?" scenario. See above.
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
I get where you're going, but precisely this. These things always start slow... then fast. The old adage "first they came for x, then y" is not a joke or an exaggeration. It is pretty much historic observation. I've lived long enough to know that whenever someone invokes the "think of the children" defense, there's always a catch.
mikestorrent 1 days ago [-]
> Its called "parenting".
I hear this and it makes me wonder if you have kids. Do you really have the ability to supervise their internet access at all times? Mine are in the next room, I check in on them regularly, but that still results in them being up to no good. Conversations on the topic are a regular thing, losing privileges as a punishment for breaking the rules is happening all the time, but they still always want to push up against the boundaries of what's allowed and what isn't.
And they're not even teenagers yet, with hormones and thirst-traps and whatever else there is to watch out for.
A little bit more control within the house would be useful - I don't want it to come in the form of anything that impacts anyone else, though. I don't need draconian laws, I just need some voluntary, owner-informed device controls that aren't completely trivial for unprivileged users to bypass.
jacobgkau 3 days ago [-]
I already responded to what you're saying in my initial comment. I'll expand for you.
> The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
My parents set me up with an AOL account when we first got a computer and dial-up internet. At first, I was kind of required to go through the AOL desktop application to browse the web since that's how we connected to the dial-up. Sometimes a website would be blocked through AOL, and I'd have to have one of my parents come and sign in to allow me into it.
But once we moved onto broadband DSL, I eventually figured out I could just open Internet Explorer instead of AOL to bypass the parental controls without having to get my parents to come allow a website. Of course, a few years after that, I was secretly browsing porn... at 10 years old.
As a parent today, what non-required tools would you suggest I use to effectively filter NSFW content from the internet for my kids? Network-level methods don't work in the age of laptops and smartphones. Any on-device software you might suggest would probably be for iOS/Android or Windows, not both. And which software supports Ubuntu, or do you think I shouldn't let my kids use it? Yes, it's probably possible to lock things down eventually (for me, as an IT professional). The parents next door probably have no clue about half the stuff I'd use, and my kid's gonna end up having access to whatever their kid does. Even if everyone does everything perfectly, all it takes is a slight paradigm shift or new piece of technology to sidestep all of it-- like when my parents did their jobs setting up AOL parental controls but then switched our connection type and inadvertently broke them.
The value of this legislation isn't necessarily making parental controls technically possible. The value is standardizing and normalizing it. As someone in another comment chain brought up, you're not expected to individually coordinate with every movie theater or every liquor store, or to helicopter your kids IRL with it being your fault if someone sells them beer when you let them go out with their friends. There's a basic societal understanding that certain things aren't available to kids. The internet being "wild west" for a few decades doesn't invalidate that, imo. This isn't parents not parenting, it's adjusting the level of burden we're expecting to come with parenting to a more reasonable level.
MarsIronPI 3 days ago [-]
OK, I'm going to ask a potentially-dumb question: why are we trying to stop kids who want porn from getting it? As I see it, part of parenting should be telling your children what's not good for them and why. As a kid, if I had seen a case of beer left out I wouldn't have gotten drunk because I wouldn't have wanted to. Likewise I wouldn't have gone to porn sites because I wouldn't have wanted to.
jacobgkau 2 days ago [-]
> As I see it, part of parenting should be telling your children what's not good for them and why.
We tell our kids that smoking is bad for them. It's still illegal to sell cigarettes to minors.
> As a kid, if I had seen a case of beer left out I wouldn't have gotten drunk because I wouldn't have wanted to.
Good for you, and neither would I, but that's because I'm a wet blanket (still don't drink today). Selling alcohol to kids and teenagers is still illegal.
dogleash 2 days ago [-]
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
And the arguments for it don't promise to fight tooth and nail not to make sure it's not slippery. If the slope does turn out to be slippery, today's proponents will be tomorrow's Hindsight Harrys (e.g. "the cat's already out of the bag, if you cared so much you should have fought this back when we all saw it coming").
dizhn 3 days ago [-]
Next thing you know they'll stamp your ID at the hardware level at point of purchase.
mikestorrent 1 days ago [-]
Well, your MAC is already stamped, and is on the outside label of the box sometimes...
spullara 3 days ago [-]
this is completely insane. we need some kind of constitutional amendment to get rid of all this kind legislation forever.
Aunche 3 days ago [-]
People are making way too big a deal of this IMO. This is basically the OS equivalent of that checkbox you click to enter a porn website that gets exposed to Meta, so they can claim that they did what they all the they could to protect children if they get sued by parents. Any determined kid would figure out a way around this, but I can see it stopping younger and less determined kids, and it's a useful tool for parents.
0xbadcafebee 3 days ago [-]
It does not stop at the check box. Someone is going to sue Google/Apple when a 13 year old gets on a porn site. Then Google/Apple will introduce "verification" that requires linking your identity to your device, and attesting this to the "operator" (porn site). Then every person using any OS is tracked, on every website and app, all the time, by law. And Linux becomes illegal without it.
This is not a theory. Laws requiring this are going through the state and federal level right now.
davorak 3 days ago [-]
Unlike the California law, I seemed to be in the minority in this opinion, this one does seem to require programs like grep to ask for a users age bracket.
> (b) An operator shall request a signal with respect to a
particular user from an operating system provider or a covered
application store when the application is downloaded and
launched.
Unlike the California law I do not see anything that restricts this to child accounts only.
So let say I have a program:
print("Hello, World!")
and I want to publish it to say npm or nixos, or some linux distribution. Not with out violating this law. This application needs to request the users age brackets at least at 'downloaded and launched' optimistically that means once on first launch, but potentially needs to be requested on each launch of the application. So lets fix the program
There we go, now the code is compliant with my imagined ageBracket module.
zardo 3 days ago [-]
Wouldn't a some kind of technical standard proposal be a more sensible way to do this than trying to pass OS laws state by state?
ezfe 3 days ago [-]
iOS (for example) already has that technical standard in place and usable.
whalesalad 3 days ago [-]
Microsoft has already made the installation of Windows a fucking nightmare with MS account requirements. Imagine when they are forcing every new device to not only have 50+ TOPS for Copilot, but also a tiny little internal mass spectrometer autosampler which will prick your finger as you login and analyze blood to carbon date the age of the user.
burnt-resistor 2 days ago [-]
Install offline, no ms cloud bullshit account required. I just did this with Win 11 enterprise 25h2. Used an activator cmd script at the end that bypassed activation.
acuozzo 3 days ago [-]
How would this work for e.g. RTOS or even TempleOS?!
Does the hidden Minix installation on every Intel CPU with the Intel Management Engine count?
varispeed 3 days ago [-]
constitutional amendment to criminalise corporate lobbying with severe penalties - including capital punishment and confiscation of entire corporation.
burnt-resistor 2 days ago [-]
Unfortunately, a rhetorical knee-jerk response that it needs universal, specific counter legislation for a "permanent fix" is panacea, magical thinking.
The root cause is a corrupt government doing the bidding of a few rich people and other countries. Fixing that will be very difficult but is nonetheless necessary and possible to largely thwart legislators from working against their own ostensible constituency.
ActorNightly 3 days ago [-]
I actually see the golden lining here
>"Operating system provider" means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
I.e Linux will most likely to be immune, since its not tied to a particular computer.
Which just means Linux stay winning. It already made big headway in the video game space, so its prime to take over personal computing too.
tokai 3 days ago [-]
All the distros are the providers here. The Linux kernel is not an operating system.
1718627440 3 days ago [-]
Since GNU(or other)/Linux OSes allow the sysadmin to compose the OS out of parts and change them, the final OS is created by the sysadmin. That's what makes distributing binary software so annoying for maintainers, every installation can be it's own snowflake OS.
jmye 3 days ago [-]
> since its not tied to a particular computer.
That's a really weird and nonsensical reading of "operating system software on a computer".
karmakaze 3 days ago [-]
Wouldn't that include using it on any cloud service that let's you pick it?
jjtheblunt 3 days ago [-]
it's entirely possible such nonsense is all show, and wouldn't be passed, however.
i'm from illinois, worked in california, and no longer live in either. from afar, it seems that whatever california bureaucrats propose, after a short delay, gets proposed by their little sibling bureaucrats in illinois.
golbez9 3 days ago [-]
This is 100% true
dmitrygr 3 days ago [-]
This. IL and MA follow whatever CA does with a few year lag. Considerations of sanity never enter into the discussion.
MarsIronPI 3 days ago [-]
As an Illinoisan, this kind of stuff makes me want to leave and get somewhere sane. Anybody have recommendations? What places don't have this kind of insanity?
stutstev 2 days ago [-]
There's some hope in New Hampshire. Our legislature just struck down our equivalent bill[1] while it was in committee. And within the last decade, privacy was enshrined in our state constitution[2], providing us with more legal teeth, on top of our free speech protections, to defeat digital age verification within the state.
As an Illinoisan who left 23 years ago for work in California, worked a summer in Massachusetts, now in Arizona, i think the answer is Antarctica.
dmitrygr 2 days ago [-]
Answers will be provided after adequate proof that you will not bring the voting record that made illinois what it is with you.
enoint 3 days ago [-]
It has already passed the Colorado senate.
chronic20001 3 days ago [-]
[flagged]
prophesi 3 days ago [-]
> For the record, I don’t care enough about age verification. Whether the law passes or not, I don’t really care.
Sounds like there actually would be some benefit commenting about it on HN.
alephnerd 3 days ago [-]
No one who matters uses HN or cares about HN. The handful of us on HN who are in or near a position to affect change are basically here due to habit or $#itposting until we get banned.
So they are right in that sense - commenting on HN is cathartic but ultimately useless.
And the people who matter and are against this also don't use HN because they view this platform as toxic and reactionary.
prophesi 3 days ago [-]
There are software engineers who directly work for the platforms lobbying for this whom post here.
alephnerd 3 days ago [-]
ICs don't matter. I can fire one and hire 5, and increasingly, the demographics on HN don't align with those who work in those organizations.
HN is basically slashdot now.
prophesi 3 days ago [-]
> and increasingly, the demographics on HN don't align with those who work in those organizations.
People have been worried about that on HN for years, but I still see the same culture. There do seem to be more bots and astroturfing, but that's a systemic issue with all social media platforms today.
alephnerd 3 days ago [-]
> People have been worried about that on HN for years, but I still see the same culture...
And that's the crux of the issue - the industry and people have changed, but HN hasn't changed discourse wise and is growing increasingly disconnected demographically speaking.
A large portion of HNers are men in their late 30s to 50s, and no longer located in the Bay Area or NYC.
No one's who matters is having these kinds of conversations on HN - they're meeting IRL with Luma invites or in signal/imessage/discord group chats.
prophesi 2 days ago [-]
And what I'm saying is that the people who actually matter are posting here. Because it's a trusted social platform. We want to talk to fellow experts of varied expertise, and I truly appreciate the discussions I have here. Feel free to have discussions of similar value on platforms with smaller, focused communities; I do the same for the tech I know. I do agree bots/astroturfing are prevalent here. But I've had https://news.ycombinator.com as my homepage for ages for a reason, as opposed to literally any other forum. I hope this doesn't become what reddit is now.
Did "hacker news" lose its stallman flavor in favor of venture capital investors? Yes, at the get-go; but that doesn't mean people have sold out their morals. We're all frustrated. We live in a society. At least in the US, you'll just call a representative who's getting paid by lobbyists letting your message fall on deaf ears. But I have seen so many great comments here by people with beautiful minds and good intentions; and sometimes I can even debate with them and get my ass handed to me, because they're much more brilliant than I.
edit: was curious on Luma. Is it basically meetup/radius/partiful/apple invites but for crypto bros?
alephnerd 2 days ago [-]
> And what I'm saying is that the people who actually matter are posting here. Because it's a trusted social platform
I am one of the those people who matter and work with other people who do as well yet I'm the only one in my peer group of VCs, CISOs, CPOs, CTOs, CEOs, Founders, SWEs, PMs, etc who still uses HN today.
Hell, Nvidia GTC has been going on for 3 days now and not a single post about it has come up. That shows how out of the loop HN has become.
> Did "hacker news" lose its stallman flavor in favor of venture capital investors
To me, it's become even more Stallman-esque and less relevant to founders, operators, or investors. And this is a growing sentiment amongst newer YCombinator founders as well.
Conversations that are actually relevant to founders and VCs don't happen on HN anymore. And an increasing number of HNers use VC and PE interchangeably - this is such a basic mistake that betrays how out of the loop and lack of context HNers have now.
> was curious on Luma. Is it basically meetup/radius/partiful/apple invites but for crypto bros
It's the new meetup. If you are seeing crypto bros on there then you are not located in a major tech hub.
Opening up Luma this morning I see invites to a fireside chat with Fei-Fei Li (ImageNet), a spring showcase by a VC fund that has invested in dozens of YC startups, a couple raves, a Quantum Computing breakfast at Stanford sponsored by the Danish and Norwegian Consulates, and an event by the Japanese Consulate on the intersection of manga, AI, and creativity. These events and others are where people who matter and can impact change are hanging out and chatting with each other.
> I hope this doesn't become what reddit is now.
At least as an American in tech, HN already has become as low signal-to-noise as Reddit.
Based on the time you posted along with your pattern of speech, I'm guessing you live in Central or maybe Western Europe. You have a very "DACH" coded speech pattern.
strongpigeon 3 days ago [-]
People here seem very against this, but I don't really see it. This only require to have a form asking about your age and provide an API to read it, right?
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
bloppe 3 days ago [-]
There are basically 2 possibilities with the outcome of this law: It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois (which wouldn't be effective either, but might be the kind of compliance theatre we'll see from maintainers worried about liability).
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
pizzathyme 3 days ago [-]
"so full of holes as to be meaningless"
what is the solution then to age gating apps that the public feels should be age gated? (TikTok, Instagram, etc). it seems like every app implementing its own guessing system would have even more holes, right?
this is one where I am sympathetic. the moment when someone, with their parent, is setting up a device seems like the best point to check age. right?
am I missing something?
bloppe 2 days ago [-]
The companies you mentioned are the ones profiting handsomely off their intentionally addictive platforms. They're the ones with massive legal departments. Obviously they should be the ones liable to make sure the kids aren't getting abused on their platforms, not a bunch of volunteer Linux developers who couldn't care less about social media or monetization.
They could've written these laws to go after Apple and Microsoft specifically, and assume that most kids wouldn't have the wherewithal to install Linux themselves. That may or may not be effective. But no, the way the law is written, any hobbyist OS dev is now legally liable for the abuse kids might suffer on massive social networks that are completely unrelated to the OS.
The funny thing is that Estonia actually already figured this all out. Their national ID system allows any platform to reliably verify anybody's age without gaining access to any other information about them. It's the perfect system for reliable checking age while maintaining perfect privacy about all other personal data. But I don't think we'll see that in the US in my lifetime, so we'll just have to keep fighting over all these ineffective privacy nightmares instead.
duskdozer 3 days ago [-]
the solution is to remove the bits of those apps that are harmful to children (and adults): the algorithmic data feed, the infinite scroll, the engagement tactics, the advertising
mminer237 2 days ago [-]
So, for instance, pornography and gambling should be 100% illegal? Or at the least, all social media sites should censor any discussions that aren't child-appropriate?
duskdozer 2 days ago [-]
No, I don't think pornography, or arguably gambling has the same "manipulative addictiveness" hooks in the same way. The equivalent for those would be something like, if a company every time you opened their porn app had your phone emit a silent puff of nicotine (just... imagine that existed for the sake of analogy). It's about the difference between going on to Facebook and seeing your feed of your friends' posts and seeing your feed of posts selected based on content expected to ragebait you into responding.
pizzathyme 3 days ago [-]
but how can you remove adult-only features for children only without knowing the age?
ronsor 3 days ago [-]
They're saying we should remove the features in general because they're anti-features harmful to everyone, and focusing on children distracts from that fact.
This conclusion is up for debate, but that's what they mean.
jqbd 3 days ago [-]
We should ban oil, drive EVs, everyone write Rust only, and invest in index funds. We should, but it's not going to happen.
justcool393 3 days ago [-]
don't do harmful things is pretty easy and can apply to adults too!
strongpigeon 3 days ago [-]
> It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
hypeatei 3 days ago [-]
What if I don't want my computer asking for my age and providing an API to give up that information? Why is the government mandating software devs to add bloat and privacy violating features to operating systems?
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
anthk 3 days ago [-]
Meanwhile Epstein and the pedo elite are untouchable and with no surveillance of course.
tt24 3 days ago [-]
Why are we bringing up our pet issues in threads that have nothing to do with them
Signal your virtue in the threads that are dedicated to those issues please, we don’t need to bring this up in a thread dedicated to some dumb law
cowboylowrez 2 days ago [-]
being against child abuse is woke too amirite?
tt24 2 days ago [-]
Not sure what you mean by “woke” here
cowboylowrez 23 hours ago [-]
Its a terrifically rare term that has never before been used before me (there are now copycats on x/twitter), so I can understand why you might be unfamiliar with it. There are so many subcurrents of meaning and subtlety and to truly understand it would require more dimensions than the current sad state of the average mind can comprehend. I would take you on a guided tour of the profound and terrifying truths that the term would reveal unfortunately I pay for internet by the gig and I have to save the rest to ensure my lights stay on. Ask around tho, someone wealthier than me may have used the term although I am uniquely the originator of it, the rich and their AIs have pilfered my IP rights but I think they preserved my original meaning. Try posting on "x.com" the following question:
"Can anyone help me understand the term "woke", I have never heard it before"?
tt24 20 hours ago [-]
I’ve heard it before, just not sure how it applies here in the way that you’ve used it.
cowboylowrez 20 hours ago [-]
oh I see. the way I'm using it is to mock your posts. now granted I'm not that smart so my mockery isn't going to be very cutting or anything and heck I don't even dislike you, in fact you should consider my mocking of your posts to be sort of a commentary on the general decline of humanity, of which you are just a small and common example. Its not even any sort of indictment of moral failings on your part, in fact you should take it no more seriously than a visit to the zoo to watch the monkeys fling poo. To be more exacting of our relationship, to me I am the visitor and you are a monkey, symbolically speaking of course, but still I would expect that from your vantage point the roles would be reversed and I wouldn't take offense, its a healthy adaptation to take when confronted with opposing viewpoints so far apart that they would probably never be reconciled. Just point and have a chuckle at my expense, thats what I would do if I were you!
nancyminusone 3 days ago [-]
I don't really see any good arguments in favor of it, so why do it? There's no reason my OS needs to know anything about me.
strongpigeon 3 days ago [-]
I guess I'm more surprised by the intensity of the backlash this generates here. I agree with you that mandating (weak) OS APIs like this the right approach, but that alone wouldn't warrant the severe reaction this is getting right?
TrueDuality 3 days ago [-]
A big chunk of the problem with this kind of legislation for me is that it inherently indicates a failure to govern to me. I disagree with the premise of the solution, but even more so this is trying to legislate a specific engineering solution for our current systems rather than any form of financial, objective guidance, or have reasonably actionable and enforceable consequences.
While laws that target engineering decisions are sometimes reasonable, they are always accompanied with specific guidance from a credible academic based institution (e.g. mechanical and civil engineering use private licensing bodies and develop specific curriculum and best practices).
The only time this law will ever be enforced is punitively for other crimes against major actors who are extremely limited in number. It is unenforceable for Linux, trivial for Apple, Microsoft, and Google to add to their OS. Presumably easy to spoof, the law describes it as minimal but once again, there isn't a specification so who knows. Websites won't be liable, they're getting a sweetheart deal here.
In practice what this law does is absolve abusive platforms an from any responsibility. It adds extra meaningless work and overhead for legitimate adult platforms while opening themselves up to new potential legal challenges, and ultimately doesn't replace the responsibility its removing.
This doesn't make children safer. This doesn't make the internet safer. This kind of legislation makes it easier to abuse children online by removing responsibility from platforms that are known to be dangerous to them yet profit from their presence the most.
bloppe 3 days ago [-]
It's considered offensive to the strongly freedom-loving FOSS community, and it's basically legally-required tech debt, which is annoying to all maintainers
akersten 3 days ago [-]
Code is speech. Open source projects are an exercise in speaking publicly. This law mandates particular speech in your otherwise Free as in freedom code.
How are you not outraged? People are missing the above forest for the "oh but it's a tiny little easy API and I don't see any downsides" trees.
tokai 3 days ago [-]
Seems pretty reasonable to get annoyed at a law that at best will be useless and at worse dangerous, while it will directly dictate features into the tools we all use everyday. All for no gain for anyone but maybe Meta and some other big companies.
burnt-resistor 2 days ago [-]
Exactly. It's the beachhead of corporations upon which they will pry even more mandatory metadata to market to, silence, and control people.
Also, not every jurisdiction defines adult and/or legally able to use social media the same way. Parents need to parent at the level 0 social layer than push this off to everything at technical layers and everyone else.
It's a moral panic ruse in legislative form for greed and power.
al_borland 3 days ago [-]
People lie, so there would need to be some kind of proof provided, right? How much data will one need to give up to use a computer? Where/how is that data stored? What else will it be used for? What happens when it’s hacked? How will test systems or servers work? If I want a computer that isn’t linked to the rest of my ecosystem, can I still do that or will age verification require I login with a cloud account?
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
SoftTalker 3 days ago [-]
[flagged]
al_borland 3 days ago [-]
I was using myself as an example. Nearly 60% of homes don't have any kids under 18.
jwitthuhn 3 days ago [-]
Why should an OS demand personal information from its users? It creates an unnecessary risk that the information will be leaked.
charcircuit 3 days ago [-]
Laws exist that dictate what apps are allowed to do depending on the user's age. This means that in order to follow the law they must collect the user's age. If collecting the user's age is a common requirement of apps it makes sense for the operating system to expose an easy way to do that to make app development easier on that platform.
enoint 3 days ago [-]
No, it makes sense for an App Store to do that. Or, that HTTP headers are set at the device or network proxy.
User account creation wizards could just create the dot files for the App Store. These weird laws ban OS.
charcircuit 3 days ago [-]
The issue is that software can be installed from outside of the app store on pretty much every OS. Also if you have multiple app stores it would be convenient if they could all get it from the same place.
enoint 3 days ago [-]
I'm skeptical we should ban all operating systems which permit this without an interactive age check. Shouldn't the free market acolytes be arguing that parents can choose between competitors which offer ever-improving parental controls?
charcircuit 2 days ago [-]
I agree with you, but it seems like the free market is moving too slowly in regards to this pain point for parents which is resulting in demand for them to force change through the legal system.
toomuchtodo 3 days ago [-]
I am very pro social media regulation (with regards to age gating) due to the evidenced harm it causes, and which court cases have shown these companies are well aware of internally; with that said, this is an attempt by social media companies to shift liability to keep business as usual/status quo. This is no different than what oil companies have done, cigarette companies, chemical companies who have polluted at scale while knowing the harm, etc.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
Purdue sold less than 4% of the prescription opioid pain pills in the U.S. from 2006 to 2012. They were a scapegoat for pill farm doctors and an incredible lack of personal responsibility from prescribers, pharmacists and patients.
toomuchtodo 3 days ago [-]
Personal responsibility isn't a thing from a consumption perspective, it's primarily brain chemistry. See: GLP-1s [1] [2] (tldr they patch the brain's reward center against suboptimal reward chasing and demand)
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human. My pattern matching in the comment you replied to stands imho, and while it is admittedly imperfect (as you point out), I believe it remains directionally accurate.
> This is an attempt by social media companies to shift liability to keep business as usual/status quo.
Do you mind expanding on why that is? Is it because it allows them to say "well the API told us they're adults so we're all good"?
steviedotboston 3 days ago [-]
and the verification that the OS has to provide is minimal. the OS doesn't need to verify and ID or anything. Probably just a checkbox when you create the account that you're an adult, or child, etc. and then that's provided to the browser. So it effectively becomes meaningless if the goal is to get children off social media.
akdev1l 3 days ago [-]
>keep business as usual/status quo.
Umm isn’t that what we want? Or are you suggesting there should be some other legislation in place?
toomuchtodo 3 days ago [-]
Age gating first [1] (no social for under X age), keep tightening the policy ratchet as data and evidence indicates. OODA loop applied to policy [2].
Either they’re doing a slippery slope trying to change the status quo or they’re doing this to keep the status quo
Seems you are contradicting yourself
2OEH8eoCRo0 3 days ago [-]
That's exactly how I see it. Verification should be on the social media platforms not your OS.
quincepie 3 days ago [-]
to me, it's both the slippery slope argument and the lack of real reason other than "protecting minors". operating systems were designed to run the program/programs. You can make applications use this API to determine the user age, or you can just...ask the user in the application itself. I also don't see why this is a requirement rather than an option the same way I don't see why having a Microsoft account is required to install windows or access to internet (without the current workarounds) or even those password reset questions and to some extent asking for first and last name. If I want to add those information, let me do that myself or when i use said software, don't make it a hard requirement.
The bill itself sort of goes against its "purpose". If the purpose is to make a convenient API for stores to know their user, and avoid showing them certain content then why did the bill state:
"If an operator has internal clear and convincing
information that a user's age is different than the age
indicated by a signal received in accordance with this
Section, the operator shall use that information as the
primary indicator of the user's age."
because many people lie in those forms. Many people on steam will select they were born in 1900, including myself. So how will this API help? the only way for it to be useful is if they later require full verification.
strongpigeon 3 days ago [-]
The way I see it (to strongman the bill's position) is that by mandating it at account creation, an adult/parent can ensure that the age is properly set for a minor/child.
That being said, I don't think this bill was that well thought out as the implication are far reaching (will I need to enter an age when provisioning a VM?).
I mostly see it as a clumsy attempt to provide a mechanism for age-category attestation in a way that is more privacy-friendly than Texas's "upload-your-id" law.
quincepie 3 days ago [-]
I can see the argument of parents or guardians ensuring the device is properly set for their child, but I feel like age is not the right information to use. But I agree, it's definitely not well thought out.
I feel like if we assume this is in good faith, and they want to make sure adults can ensure minors don't have access to certain content, why would they use age as the information?
This can be solved, or even have been solved by having Parental Control feature like in IOS which provides finer options than what you would get with age.
This could OK if this was requiring that any device or operating system have access to parental control in any capacity (either by default or via third party application) and limited for things that would be used by minors so that VMs or other stuff don't have to worry about this. Or, they could mandate products to indicate that the feature exist. That way, a parent can decide what to give their child.
array_key_first 2 days ago [-]
I think the implication is that this law is incredibly bad. I don't mean for privacy, I mean for fulfilling it's purpose. This will prevent approximately zero kids from accessing whatever.
What that means is that we will have to amp it up, if we want to achieve it's purpose. So, that's not a slippery slope, that's a prophecy.
When we get cryptographically backed identity verification on all computing, that will legitimately be the end of computing as we know it.
mihaaly 3 days ago [-]
If it is so simple - that ensures nothing, faked easily - then what's the point wasting efforts on it? Why to complicate things? Why spend time and efforts to do it? And annoy with one more tiny thing on top of the hundrends? Why not just not doing it?
Or, in contrary, when it is very reliable, so it can map a very specific real person to a reliable and true birth date, then f off binding myself to a randome computer account that gives it out to whomever is asking it!
There is no good in this story.
3 days ago [-]
kmbfjr 2 days ago [-]
The backlash is from Meta trying of assign liabilities of their business practices on people who may not even be users.
Yes, this is just the beginning of a huge swath of innocent APIs to identify people on the internet. Meta isn’t going to stop, and neither will governments.
iamnothere 3 days ago [-]
The government is not allowed to specify what your software you run on your local personal computer or how that software should work. This is a first amendment issue, it’s been defeated before, it will be defeated again. If this were ever upheld, you will immediately have legislation attempting to force OS makers to spy on users, add backdoors, and so on.
Edit: also, before the same jackass from the last few discussions on this mentions “muh ADA” again, the ADA has never been shown to apply to an OS in court nor does it mention anything about operating systems.
sneak 3 days ago [-]
This is the framework for requiring government ID to use online services, which increasingly power even local computing (thanks to DRM and cloud services).
They want to abolish anonymous use of internet services, because anonymous publishing at scale is powerful and dangerous to incumbents when they can’t retaliate with malicious prosecution, police harassment, or assassination.
cptroot 3 days ago [-]
Please explain how this law (or the CA one for that matter) require government IDs. It is worded specifically to _not_ require ID.
burnt-resistor 2 days ago [-]
"Framework" means "strategy". This bill is more likely than not a tactic in a much longer insidious campaign to erase anonymity to gain power and profit to normalize taking other rights away a little at a time. We've seen this before with the Clipper chip initiative. I feel sad and bad for anyone on the side of token Karen parents / useful idiots, limousine politicians, lobbyists, billionaires, and people okay with surrendering their and other people's rights. I don't want to live in a society with Flock everywhere, dragnet cell phone tracking, social credit, own nothing, an internet license, de-E2EE, transparent walls dwelling, zero privacy, and absolute proof of birth parents and citizenship every time, long lines, in-person only voting.
1970-01-01 3 days ago [-]
The "one weird trick" that all government hates? Stop forcing OSes to function with accounts. "User account" is an artifact of UNIX. You don't need an account to start a car, send and email, nor boot an operating system. I know it's hard to grasp, but it's true.
datsci_est_2015 3 days ago [-]
> You don't need an account to start a car, …
Don’t say this too loud please, I don’t honestly think we’re too far from this reality, at least from an “Overton Window” point of view.
IAmBroom 2 days ago [-]
Some cars already have accounts. If you don't pick one, it assumes the prior one is being reused - so de facto it's already here.
2postsperday 2 days ago [-]
[flagged]
gruez 3 days ago [-]
What's the "user account" for an iPhone? Sure you might have to sign into icloud, but that's not mandatory. It's effectively a single user system.
greenie_beans 2 days ago [-]
i'm sure there is some sorta root user on that system if you go digging far enough?? or am i just ignorant
1718627440 3 days ago [-]
The "User account" of the OS are the security contexts. You can say everything should be a single security context, and this is how a lot of people have been operating their MS Windows machines, logging in as admin constantly, but this is a stupid idea and comes with risks. Even when you say the OS can have a second root account, that the user never gets to use, you have two user accounts.
1970-01-01 3 days ago [-]
You're conflating profiles with user accounts. "Admin user" didn't exist until Windows NT. You don't need permission to change your clothes!
thoughtpalette 3 days ago [-]
Growing up, I vividly remember user accounts being important for our families personas on Windows XP. There's definitely a place for them, but there should be an option to not use one.
Unless your specifically calling out accounts that require online registration for the OS. I'm vehemently against that requirement.
MarsIronPI 3 days ago [-]
Nice username btw.
0xbadcafebee 3 days ago [-]
> the Children's Social Media Safety Act
>
> provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both
Thank goodness kids can't lie about their age!
> provide an operator who has requested a signal with respect to a particular user a signal that identifies the user's age by category
Wait - if this is just to pass a signal to an operator ("social media site"), why can't the "operator" just ask for the age themselves?
This is why Meta is forcing this legislation through nation-wide. They are forcing Google/Apple to take the liability, despite it not actually being Google or Apple that's providing the "harmful" social media. Meta are doing this state-by-state so nobody can track that it's them. Easier than pushing at a federal level, and raises fewer red flags from news media.
Since Google and Apple won't want to accept this liability either, the next step is requiring digital IDs and third-party verification to prove the user is of age. This will enable tracking of all users, whatever app or website they go to. Bills requiring this are already being passed at state and federal level.
tracker1 3 days ago [-]
I wonder how this will mix wit federal laws saying you aren't allowed to track users under the age of 13yo? Will this then be forced as a browser API/header passed to every server/request?
johnisgood 3 days ago [-]
Yeah but if so, what does it have to do with the OS itself, i.e. outside the browser?
tracker1 3 days ago [-]
From articles I've seen, it's mostly Facebook lobbying to "pass the buck" upstream to the OS level to actually inquire... this of course will blead into the OS provided "store" interfaces most likely. And while, likely mostly targeting Apple and Google, MS/Windows and Linux are definitely going to be catching stray bullets. In particular vendors with Linux pre-installed... hence System 76 adding the feature to PopOS. Who knows if/how this will come about in practice or how consistently.
saityi 3 days ago [-]
Even if open source operating systems comply and add such a feature, what's to stop individual people from removing this and blocking the API requests before they install the OS? Or providing dummy responses? They're open source, after all.
Is the government going to require some sort of automated checks that verify every person who connects to the internet has this API on their OS and go after individuals that aren't in compliance?
tsoukase 2 days ago [-]
In a perfect world the right way to protect children from digital dangers is by proper parenting. In the real world the government steps in so that the next generation doesn't come up crippled. The solution is imperfect and might be a privacy nightmare but is better than nothing. There is a lot of bad parenting in preventing digital-related problems in children.
For what I understand, OpenBSD could just patch useradd so that the age category is mentionned in the comment field of /etc/passwd or a random text file in /etc.
Haiku could just run an automatic dialog asking you if you are minor, in Illinois or California and write a text file with the corresponding age category of said person.
These bills do not mandate that the user cannot modify that information AFAIK.
JCattheATM 3 days ago [-]
I can't imagine OpenBSD would be bothered by laws specific to a very small selection of US states.
dpe82 3 days ago [-]
By adding a simple birthdate field to your account info and a system API of some sort for retrieving the account owner's age range, same as everyone else.
sanex 2 days ago [-]
Tbh they probably don't care about anyone other than Microsoft or Apple, though it's certainly not written that way.
iamnothere 3 days ago [-]
OpenBSD devs have signaled noncompliance from their Canadian fortress of freedom.
zb3 2 days ago [-]
I didn't know a single company could just pay politicians state-by-state to pass a given law - in my country that would be a crime, but it seems in the US this is how the legislation process works :)
i look forward to the police showing up and explaining to me how computing is a privilege, not a right
rnxrx 3 days ago [-]
There's something I've never seen a good answer to: why is this being mandated in the OS vs requiring it for apps - or classes of apps? There's plenty of parental controls already available for browsers - after verifying the user's age on startup, why not add a header field that the browser inserts along with AgentID (for example) and call it a day?
mminer237 2 days ago [-]
1. It's easier to download a new browser than reinstall your OS.
2. Plenty of websites make their own apps, and then you're back to just having every website under the sun trying to verify everyone's age to know who to show explicit content to.
balozi 3 days ago [-]
What recourse would Illinois have against open-source operating systems? Anyone can roll their own Linux distro and share it with whomever they want.
icwtyjj 3 days ago [-]
> What recourse would Illinois (!) have against open-source operating systems?
None but them corporations sure do. And with a little cash in the right place I'm sure they can push recourse onto people of power. We really need to end political lobbying one of these days
hypeatei 3 days ago [-]
What are they going to do to enforce this? Take down open source projects that "operate" in Illinois because a user downloaded the software there? Absolute joke and everyone should treat it that way; advanced compliance here means implicit support for the surveillance state.
fhn 3 days ago [-]
These people are just so clueless. All they will find is that everybody on the internet is an adult.
bigbuppo 3 days ago [-]
If allowing children access to social media is dangerous, then why aren't they enforcing existing child abuse and child endangerment laws? Throw the parents in prison for failing to control their children.
logicchains 3 days ago [-]
>If allowing children access to social media is dangerous, then why aren't they enforcing existing child abuse and child endangerment laws?
Because there's no remotely compelling evidence for this and it'd be thrown out by a judge as a huge parental rights violation.
bigbuppo 2 days ago [-]
So the justification for these age restrictions is bogus then?
SilverElfin 3 days ago [-]
Every single sponsor of this bill is a Democrat. Why is that? I would think they’re against the type of puritanical moralizing that is behind most age verification bills.
Oh I remember. I just assumed things have changed enough, and that the threat of theocratic ideology - what’s behind project 2025 - would have made such stances unacceptable. My guess is this has more to do with lobbying and donor interest.
autoexec 3 days ago [-]
they love money and facebook has the cash to bribe them
MarsIronPI 3 days ago [-]
"I like money." - Frito Pendejo
longislandguido 3 days ago [-]
The most progressive states doing exactly what their constituents elected them to do. I don't understand why everyone is so surprised.
favorited 3 days ago [-]
"Progressive states" like Utah, Texas, and Louisiana?
Literally every single thing you linked to is completely unrelated to the topic at hand.
Those are all specifically targeted at mobile app stores—which already verify age—and have nothing to do with general purpose operating systems or their account creation.
Try moving the goalposts more carefully next time.
favorited 2 days ago [-]
They are two sides of the same coin, both funded by Facebook to shift age verification liability from their platform to OS vendors.
If you were interested in information beyond your own echo chamber, you’d realize that literally every significant app store is run by an OS vendor.
three states passing the same template bill in three months isn't organic legislation
freeeek 2 days ago [-]
How can any of this be implemented in simpler OSes like freedos?
nerdyadventurer 2 days ago [-]
What is their intent with this, for an OS?
3 days ago [-]
anthk 3 days ago [-]
Read and share "Free Software, Free Society" now.
Richard Stallman advised us about it long ago.
Thank god Plan9 got relicensed into GPL. 9front might not totally free, but it's a step in case GNU+Linux gets utterly broken.
And, yes, please, go try Trisquel (novice users), GUIX (experts) and Hyperbola (experts and protocol purists).
Avoid every Google, Amazon, Facebook, Apple, Netflix service with nonfree JS.
longislandguido 2 days ago [-]
The pragmatic Richard that wrote that book is long gone I'm afraid.
Today his blog is filled with weird rants against voter ID, the Iran conflict, and a list of other countries he dislikes because they have national ID cards and this is a bad thing apparently.
For someone who is a renowned world traveler, you would think he has heard of passports by now.
Not a peep about these bills that could have a very real impact on an operating system he invented (gah-noo).
Then again, since he's never installed it himself*, account creation is not something he would have to deal with or care about.
Maybe the solution is as simple as having an adult create your account for you.
Like paying a homeless guy to buy you booze or cigarettes, not that anyone would ever do that.
k33n 3 days ago [-]
When I need to use my computer, I'm not thinking about someone else's crusade. I have crusades of my own to fail miserably at and I need all the help I can get from whatever products function best.
thrill 3 days ago [-]
“Use of this computer is illegal in the state of Illinois - your friendly neighborhood SWAT team has been notified.”
albertsw 3 days ago [-]
How old is root?
worksonmine 3 days ago [-]
$today - 1970-01-01T00:00:00
notepad0x90 2 days ago [-]
I was talking about middle grounds and finding a workable/tolerable solution a few days ago, but as I'm entitled to, I've changed my mind now that I've found out freaking zuckerberg is behind all this. it isn't the will of the people.
That's what has me down about US politics big time. Even the most extreme voices in politics (warren, sanders, aoc,etc..) don't even come close to holding these people accountable. I don't care about taxing them, I care about prison time for interfering with a democracy like this (not retroactively of course). No one is even entertaining properly criminalizing such behavior. Even they made it illegal, they'll just make it a fine a billionaire can pay like an oopsie parking ticket.
These ruling class types have always been there, and human nature is such that they will always be there. But you have to understand, this isn't feudal era England, the government and society isn't built to tolerate them. Their behavior as such is parasitical and only leads to destruction of society. In their parasitism, they've fooled themselves into believing their wealth can shield them. But the nature of the parasite is such that it can't live without a viable host.
Whatever you believe about billionaires controlling politicians, it's much much worse than you think.
fredgrott 3 days ago [-]
here is the date I will put out....
1 10 0000
or even better
1 10 -2000
This will turn into most useless set of laws ever
wosined 3 days ago [-]
Karens making stupid bills. What is and what is not an OS?
jdprgm 3 days ago [-]
What the hell is going on. Why does it seem like largely out of nowhere there is suddenly such a dramatic push on age verification and internet censorship popping up literally all over the world at the same time.
MarsIronPI 3 days ago [-]
Meta seems to be pushing for it to cover their liability.
burnt-resistor 2 days ago [-]
Fuck this "think of the children" unnecessary, astroturfed, privacy invasive corporate corruption of government. This is just the opening salvo in erosion of individual rights.
Mars008 3 days ago [-]
Somehow I'm not surprised. They voted for Biden in 2020 then for Kamala. Just like california with it's OS age verification.
MarsIronPI 3 days ago [-]
Hey, it's mostly those northern city folk who vote blue. Down where I'm at it's all pretty much red.
exabrial 3 days ago [-]
Why suddenly are all of the blue states doing this BS? What is going on and what control is this affording the government?
tadfisher 3 days ago [-]
Lobbying from Meta. They do not want to do age-verification themselves (and pay for it).
Blue states: paternalism over your property, liberty for your body
Red states: paternalism over your body, liberty for your property
gruez 3 days ago [-]
except for during covid, where there was a weird reversal.
anonym29 3 days ago [-]
I don't even know if that was much of a "reversal".
Blue states were paternalistic over both your property (business and social gathering shutdowns) and your body (masking, social distancing enforcement), while red states (particularly Texas, Florida) were very laissez-faire for both.
What's perplexing about this is that research has generally correlated higher amygdala activity (fear/worry) with political conservatism, and lower amygdala activity with political progressivism, but in this case, the effect seemed almost inverted.
mghackerlady 3 days ago [-]
In that case, I imagine that the response of mask mandates wasn't out of fear but was done do to the obvious benefit in controlling a disaster. The anti-masking movement is also I suspect a fear response. People are afraid of change, especially extremely visible change
bitwize 2 days ago [-]
When progressives become the status quo, they turn into conservatives. There's a meme going around about a 1950s Soviet communist vs. a 2020s American communist, and their diametrically opposed views on things like LGBTQ and immigration.
logicchains 3 days ago [-]
Fear of infectious diseases is inversely correlated with testosterone levels, and so is liberalism.
exabrial 2 days ago [-]
The funny thing is the more this comment is downvoted, the more accurate you know it is.
Nijikokun 3 days ago [-]
Meta is behind a huge amount of it, they have funded the majority of these
dzink 3 days ago [-]
Meta is lobbying with millions for it.
tzs 3 days ago [-]
A few people have replied saying Meta lobbying, but the bills Meta is known to have lobbied for seem to be the ones that require actual age verification that would tend to increase the amount of personal data Meta gets.
Meta's lobbying spending is cited for states not doing that kind of bill, but that's their total lobbying spending in that state.
These new bills in the style of the California one do not require any actual age verification and don't give any information to sites or apps other than the age range that whoever made the user account on the device entered.
It is essentially just requiring a simple parental control mechanism be provided by the OS which provides a way for parents to set age ranges for the accounts of their children and an API that apps that need to check age can query.
On a Unix or Unix like system this could be as simple as having the command to create a user account ask for age or birthdate and store that somewhere (maybe a new field in /etc/passwd) and then adding a getage() function to the standard library that apps can call to get the age range for the current user.
From the "we want to slurp up everything we can about you" point of view usually associated with Meta it is not obvious why Meta would support this approach.
Age checks can broadly be divided into 3 categories.
1. Done entirely on the local system, with only the result being revealed to the app/site that is asking. Age information comes from the owner/administrator of the system. I.e., the parental control approach.
2. Done using the local system and some external source of age information like your government. Only the result is revealed to the app/site that is asking.
3. Verification is done directly with the site that is asking, or through a third party. You have to supply sensitive documents like your government ID to the site or the third party.
#3 is terrible for privacy and anonymity. The red state laws tend to be in this category.
#2 depends on the details. There may be ways using the timing of the communications between your system and your ID supplier (e.g., your government) and the communications between your system and the site you are proving ID to that could allow the site and the government to get more information that you want them to. There are cryptographic ways to prevent that, especially if the device has a hardware security module. It thus comes down to with #2 that you really need to look at the details.
I'm not sure if any US state is taking this approach. The EU is, with cryptography to make it GDPR compatible and allow anonymous verification. Google and Apple are also working on such systems.
#1 is basically equivalent to the "Are you 18+" dialogs on many adult web sites, except moves to the device and the admin can if they wish prevent non-admin users from lying.
It is not really surprising that blue states are tending more toward #1, especially considering that several of them are among the states that have the strongest state privacy and data protection laws.
bitwize 2 days ago [-]
Because Meta's got the government breathing down their neck to confirm that everyone who interacts with their site is of appropriate age due to COPPA. They don't want to do that kind of verification themselves so they're backing legislation to compel the OS to do it.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
A) 18+ content is behind a pinky swear
B) 18+ content is behind a parental control (what this bill would do)
C) The internet can't have 18+ content anymore
D) Some other system? Please describe it.
You might think you can keep 16 year olds from looking at porn, if they want to. You can't. You have never been able to. All you can do is teach them that the law is stupid and pointless, and they should treat rules with contempt. But they'll still be able to look at porn.
What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
There are really two "core" issues at play:
1. The prudish nature of US society
2. The fact that we don't have data privacy laws and restrictions on digital surveillance by private companies
But we can't realize all the supposed glorious promise of all this tech bullcrap for education and free exploration of younger kids if we can't at least come pretty damn close to guaranteeing that an eight-year-old won't stumble on Rotten.com or hardcore porn if an adult isn't looking over their shoulder constantly. And whatever that solution is needs to work for parents who don't have the know-how or time to be sysadmins for their household.
> What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
This is already happening. A central setting would improve privacy over the way things are right now.
What? How? What improvement are you seeing that I'm not?
Putting all our PII into one huge repository and then letting corps and govts access it sounds like a dystopian nightmare. This is why we don't like Palantir.
What happens if a bad guy steals that data and your identity? They go and look at CSAM using your ID? The police turn up at your door and cart you off to prison? Are you really going to be able to argue that it wasn't you? If so, what is the point of the system? If we're relying on IP addresses and other evidence for access (so you can fight these charges) can't we just use them in the first place?
This kind of bill is about the OS telling things whether you're: 0-12, 13-15, 16-17, 18+
No databases, no stealable identity, only the barest sliver of 2 bits of PII.
As for how it's an improvement, we already have sites asking to see your driver's license or pictures of your face for much worse age verification paradigms. If most of those changed to a local age setting, privacy would go up.
And this is the thin edge. Because in a few years there'll be a bill saying something like "too many children are lying about their age online. We need to verify their age" and then we're capturing IDs and storing them somewhere.
No one says it has to be automatic. The OS could require the parent to manually update it.
At some point one of two things is required:
That's it. There's only those two options. You may not believe #2 is going to be a privacy nightmare but we're already seeing it happen with Discord/OpenAI/LinkedIn and everyone else that uses Persona[1]. They aren't doing the minimal security things and already aren't doing what they claimed (processed on device, then deleted). This "hack" couldn't happen if that was true[0] https://cybernews.com/privacy/persona-leak-exposes-global-su...
[1] https://withpersona.com/customers
The difference here is it can be set by the parent on the OS and locked. Requiring sudo equivalent to change.
The way it is now, there's nothing stopping a (18-) user from logging out of a 'parental control enabled' account and making a new account without those controls on any service from Facebook to Steam. So the only effective option at that point is to entirely block that app or service.
This gives more power to parental control software. And yeah moves the responsibility from the service to the parents, which is what the services want cuz COPPA and other similar laws.
But you do bring up another issue people aren't discussing. That the default setting is under 18.
So we protect the children from adults by... having no way to actually verify someone is a child?
The problem is less kids getting access to porn and more pedos getting accounts to spaces designed for children. Places like Club Penguin or very famously Roblox.
Here's the problem, you can't verify children. They don't have identification in the same way adults do. And worse, if we gave them that then it only makes them more vulnerable!
Then we have the whole problem of a global internet. VPN usage is already skyrocketing to circumvent these policies.
So the only real "solution" to this is global identification systems where essentially everyone is carrying around some dystopian FIDO key (definitely your phone) that has all your personal information on it and you sign every device you touch. Because everything from your fridge to your car is connected to the Internet.
But that's a cure worse than the poison. I mean what the fuck happens to IOT devices? Do we just not allow them on the internet? That they're assumed 18+? So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies. That information spread like wildfire and you bet it got easier as the smarter kids put in the legwork.
This is a losing battle. It's not a cat and mouse game it's While E Coyote vs Road Runner.
We're on HN FFS. If there's anywhere on the Internet that the average user is going to understand how impossible this is it should be here. We haven't even talked about hacking! And yes, teenage script kiddies do exist.
These policies don't protect kids, they endanger them. On top of that they endanger the rest of us. Seriously, just try to work it out. Try to create a solution and then actually try to defeat your solution. Don't be fucking Don Quixote.
Some things do that. This law doesn't have a default. If the admin sets all the user accounts to 18+, then the users are stuck with the setting being 18+.
> I mean what the fuck happens to IOT devices? Do we just not allow them on the internet?
Sounds pretty good to me.
But yeah they need a different handling of some manner. Maybe a "give no access to anything age-gated" category, though is that really different from under-13 in practice?
> So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies.
Just delaying unrestricted access to high school would already solve most of the problem.
> These policies don't protect kids, they endanger them. On top of that they endanger the rest of us.
They do not. Some totally different system could endanger people, but this one doesn't.
There is no evidence that these companies are actually handling that data properly. There is a lot of evidence that they are handling it improperly. That data being leaked does in fact, endanger kids.
I'm also unconvinced these things even achieve the goals they claim to be after. Which is keeping pedos away from kids. i.e. the reason I said you're missing the point. So either it is not achieving that goal, or lulling people into a false sense of security. Imagine if Roblox was saying "we don't allow adults on the platform" and so now all the tech illiterate parents and kids think their kids are exclusively talking to other kids. That's just a worse situation than now.
So what do these laws even solve?! I'm serious
The serious answer is in the next line.
> They definitely do. I explicitly stated how that happens too. [...] data being leaked
Again "Some totally different system could endanger people, but this one doesn't."
Any system that has companies handling personal data and able to leak it is not the system this kind of law talks about.
> false sense of security. Imagine if Roblox was saying
In that situation, Roblox is the problem, not the law.
> So what do these laws even solve?! I'm serious
If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.
It wouldn't replace direct checks from the parent on what their kids are doing, but it would greatly reduce the risk profile. And making it simple and built-in means that non-tech-expert parents can set it.
And, of course, the response so far has included similar thoughts as the UK about banning VPNs [1]
[0] https://www.rmit.edu.au/news/media-releases-and-expert-comme...
[1] https://www.techradar.com/vpn/vpn-privacy-security/no-approa...
The OS has the birth date. Of probably 1-5 people.
> And this is the thin edge. Because in a few years there'll be a bill saying something like "too many children are lying about their age online. We need to verify their age" and then we're capturing IDs and storing them somewhere.
Those things are already happening. I see this kind of mechanism as significantly more of an alternative to privacy invasion than an enabler of privacy invasion.
The political establishment used to be able to control what you read, through control of the media. Then 1995 happened and everyone got access to anything they wanted. The establishment have wanted to put that genie back in the bottle ever since. This is part of that effort.
Yes, agreed.
And this type of proposal has no central database, so it removes the scary part.
(Unless you're talking about the local accounts on each computer storing dates of birth for a single household as a "central database" in which case you're being ridiculous and please stop doing that.)
B) makes things worse in several ways, but primarily by stifling innovation. Only large incumbents will have no trouble paying for the measures required to ensure compliance.
There's also the cost of enforcement, which will likely have to be borne by the taxpayers. I don't think this is a good thing to spend money on.
C) cannot be enforced, and any good faith attempts will cost more than the damage from harm they're supposed to prevent.
> Only large incumbents will have no trouble paying for the measures required to ensure compliance.
Oh my gawwwwwd. People trot this out any time any regulation is mentioned. Option B is a single easily accessible age category value. It's simpler than the status quo.
This bill FORBIDS platforms from operating in the state unless they provide age verification.
Forbid an OS for operating in Illinois? Sounds insane to me. When I bring my Linux laptop from California, what happens?
I mean, how is the OS going to actually verify the age of the operator?
I see how this helps Facebook - if you lie to the OS, and the OS tells Facebook that you're over 18, then it's not Facebook's fault if they provide you an 18+ service.
I don't see how this helps anyone else.
That's the difference between a parental control and a pinky swear.
The thing this creates is liability on parents, or schools, or anyone who provides computer access to children. And access to PII for bad guys (who can ask your computer for your date of birth in this proposal, right?)
That has little connection with this law.
And having no age settings at all is where you'll have the most brainwashing.
> The thing this creates is liability on parents, or schools, or anyone who provides computer access to children. And access to PII for bad guys (who can ask your computer for your date of birth in this proposal, right?)
They're already responsible for controlling that. I think they should have more tools to help.
> And access to PII for bad guys (who can ask your computer for your date of birth in this proposal, right?)
Did you look at the law(s)? They get one of four age ranges.
You are assuming the parent is the administrator of the computer.
Have you seen distrowatch? Are you going to go track down maintainers from every distro - many of whom live outside of the U.S. - and demand they implement this? The smaller ones would probably ignore you or tell you to get fucked, the larger ones with funding might decide to drag you into court.
I’d say nearly 50 years is precedent enough that government intervention is unnecessary.
https://en.wikipedia.org/wiki/Global_Internet_usage
Kids can turn apple juice into wine in their closet
they can drive their bicycle to a drug dealer
they can rub a butter knife against the sidewalk until it's pointy
Do we need govt AI cameras in kids closets and on their bicycles? How do we verify they're cycling somewhere safe? How do we make sure they're not getting shitfaced on bootleg hooch they made with bakers yeast and a latex glove?
Rather, companies would have to submit a formal proposal to get their website listed on Kid Internet. This inverts the responsibility. It's not my cost, or your cost, it's their cost now. If they want kids, they better prove it.
Then, you can trivially configure your router or any computer, with any operating system, to use the Kid Internet DNS. It's now completely operating system and device agnostic. It can be organizational wide with the flick of a switch. It can be global, if we want.
The proposal we're seeing here is bad, bad, bad. Not just for privacy reasons, but because it will not work. Not might, will. This will not work. For many reasons:
1. Most operating systems are not going to implement some stupid ass bullshit.
2. Most websites do not give a single fuck. Porn websites will not care. Trying to play wack-a-mole is ALWAYS a losing game, no exceptions.
3. This is trivial to bypass.
4. If it's not trivial to bypass, it still will not work, but it will now be the end of computing as we know it.
How do we decide what sites resolve as part of the Kid Internet? Is there some process where a site submits itself for approval to be part of the Adult Internet?
How do we stop the government from using this to stop access to parts of the internet it doesn't like?
This proposal looks even less workable
Yes, all routers currently have this built-in. Most software outside of routers does, too.
Will it be perfect? No. But, for example, this is how content filters work at schools and just about every workplace. And it seems to be good enough for them.
And, this will work better than that. Because the key point is we're not blacklisting anything. Nobody has to maintain a list of banned websites.
> How do we decide what sites resolve as part of the Kid Internet?
Companies or people send an application. The website is reviewed by a human, and they get approved or denied. If you don't care to target kids, which most people don't, you do nothing.
So I don't have to do anything, nor do you. But Meta does. Google does. I'm fine with that.
And, this "board" or whatever who hands out Kid-Friendly certificates can also take complaints. Why not?
> Is there some process where a site submits itself for approval to be part of the Adult Internet?
No, this it the beauty of it. If you want to be a part of adult internet, you do nothing. You already are.
Every website is implicitly adult internet, and it naturally completely subsumes kid internet. So, if you're just making a blog or whatever, nothing changes. In fact, you don't have to update anything from right now. It will all still work. Because Kid Internet is new thing, and it's whitelist only.
> How do we stop the government from using this to stop access to parts of the internet it doesn't like?
Related to above, adult internet is what we currently have. Nothing changes. You and I won't notice, and we can't notice. There will be the free-range internet, and then the subset of the internet approved for kids.
Maybe they are vastly more sophisticated now but when I was a kid it was a sport for us to break these filters - and pretty easy too
It would imo be much easier to effect a culture change so that not every kid needs or gets access to the internet or internet capable devices.
But those are not the best solutions, because of blacklisting. There are basically infinite porn websites. So, if you're going to try to block every porn website, you will lose, point blank.
So, even considering that, they do quite good. So if we just take the principle and invert it, it will be very good.
I mean, whitelisting vs blacklisting is why I am able to open my computer up to the internet via SSH. I'm not out here blocking 1 billion sites. No, I'm just allowing my laptop. And that gives me a lot of confidence, and it works.
And, I agree with culture change. But, culture change is very hard and I don't think it's something we can rely on.
And everything else is Adult Internet, and there are many DNS servers that serve Adult Internet.
You sign your household router up for Kid Internet, and it ignores Adult DNS servers, and only routes according to Kid DNS, is that right?
I can think of about 50 ways around this already, but let's assume we're not talking about anyone with any knowledge of how the internet works. So the entire household is signed up for Kid Internet, and there's no way an adult can view an Adult Internet site from this household, is that right?
That sounds an awful lot like this proposal, right? Well yes and no. No because this would actually work. Just letting the iPhone say "im a kid" does fuck all, because all the websites we're targeting with that will just ignore it.
And of course there are ways around this. Wanting a solution with no ways around it is dystopian. But is it a better solution than this? I think yes, it is.
If Little Timmy signs in then OS chooses the Kids DNS, but if Uncle Bob signs in then it chooses the Adult DNS?
As you say, I can see a few ways around this ;)
Again, this feels like it just moves the responsibility for everything onto the parents, without meaningfully giving them any control. If something screws up and Little Timmy gets to see some boobies, who gets blamed? Is it the OS provider, the hardware provider, or the parents? Did the parents actually configure this themselves? If so, who taught them how to do that? Or did they buy the machine pre-configured? So does the vendor take responsibility?
Sure, or per-device, or per-network, or per-organization. It depends on how each particular person wants to implement it.
> As you say, I can see a few ways around this ;)
Yes, notably less than the current proposal. Which, again, will just straight-up not work.
> f something screws up and Little Timmy gets to see some boobies, who gets blamed?
I think this really hit the nail on the head. None of this is about solving problems or helping little Timmy. It's about accountability management.
If we implement the OS syscall, then Meta gets to point their grimey finger at someone else while they continue to fuel genocide in Myanmar.
> Did the parents actually configure this themselves? If so, who taught them how to do that? Or did they buy the machine pre-configured? So does the vendor take responsibility?
Well, um, both. You can configure your router, sure, or your Linux computer. But I imagine a new iPhone would just come with a checkbox you can check at account creation time. Again, very similar to this proposal, except it works.
I'm sure there's plenty of software that can block sites entirely, but that's a lot less useful.
And how much should I trust the popular products on a scale of 1-10? An OS setting doesn't need much trust.
> And with regards to account creation specifically, what do you see as a workable solution that isn’t defeated by a “pinky swear”?
I'll copy a different reply: "It's set by the administrator of the computer, so a parent can set it for their child instead of hoping their child is honest to every single individual site. That's the difference between a parental control and a pinky swear."
The idea of something like this isn't to replace parents, it's to give them a simple centralized tool. The parent has the admin account.
And there's plenty of examples (J&J, oil titans) escaping financial consequences by other means.
Things were way, way, way sketchier in like 2005 than they are now and those people turned out mostly fine.
Parents have always had the ability (though maybe not explicitly the right to) control their children’s environment for the purposes of teaching personal beliefs. So long as the belief itself wasn’t deemed harmful to the child, society would allow it to continue propagate that way. Racism unfortunately has never been seen as innately harmful. It’s looked down on, yes, but not to the point of making it illegal to enforce in family life.
Protect people's rights and don't get tricked in to giving them up just cause someone has a story about a child.
"Google's data harvesting operation became a load bearing piece of the Internet before the public understood digital privacy. And now we can't get rid of it."
The public has been conditioned to expect web services free at point of use. Legitimately it's hard to monetize things like YouTube without ads, and I get that. But turning our entire ecosystem of tech into a massive surveillance mini-state seems like an astonishingly shitty idea compared to just... finding a way to do advertising that DOESN'T involve 30 shadowy ad companies knowing your resting blood pressure. My otherwise creative and amazing industry seems utterly unwilling to confront this.
Edit: Like, I don't know, am I crazy for thinking that simply because we can target ads this granularity, that it simply must be that? I get that the ad-tech companies do not want to go back to blind-firing ads into the digital ether on the hope that they'll be seen, but that's also plus or minus the entirety of the history of advertising as an industry, with the last 20 or so years being a weird blip where you could show your add to INCREDIBLY specific demographics. And I wouldn't give a shit except the tech permitting those functions seems to be socially corrosive and is requiring even further erosion of already pretty porous user privacy to keep being legally tenable.
However it appears that it takes pretty disasterous consequences for us to be able to walk anything back.
It will just decay until it’s a short squeeze into oligarchy or worse (the corrupt will be forced into an arms race of accelerating corruption as opportunity becomes scarce). Then some other country who isn’t leaving it up to their society to do the right thing will be in charge. Until the same happens to them.
This is the value of religion historically, one of the few ways of coercing a population into doing the right thing for their own good. But every group can be spoiled or hijacked by a small handful of bad actors who are willing to do what others are not.
Why?
We don't externalize age verification when buying alcohol or visiting the strip club. It's on the responsibility of those establishments to verify age.
It works for the in-person context because it's a physical object, making it easier to control access to it. A high resolution picture of the same ID is a privacy problem as it can be copied, shared, transferred, etc without the knowledge of the ID holder.
I think that main goal would be to keep the ability to have accounts be anonymous or pseudo anonymous.
If social mean company has to verify an accounts age themselves they then have to use some for of official government identification and with that any chance of anonymous or pseudo anonymous access.
My comment was not about what I knew/know about facebook or not. I was answering the question of why age verification should be externalized to a degree and in this case externalized means the power stays with the user and parents rather than being in the hands of say facebook/meta.
I was not talking about why facebook/meta would want it or not want it. Large companies want lots of different things. Sometimes it is required to know their motivations to discuss or decide on something. I think it can be detrimental to do that though without discussing/analyzing a topic/idea on its own merits first or at least parallel. My comment was focused on the merits not the motivations or desires of companies like facebook.
facebook and similar social media companies have a ton of ways to get peoples age and or to narrow it down.
> either way, in the end facebook will know that your child is 6-9.
The main point of the law is not about restricting facebook or similar operator in the laws lanuage from knowing user ages. Though the does say the age bracket can not be used for anything other than to implement the intent of the law.
> The power is then in facebook's hands. Facebook won't see a copy of their government issued ID, but what difference does that make when they've got their age, their selfies, and a list of every friend and family member.
May not matter much for facebook or similar, it matters a bunch for any random website/forum/service you might sign up for where the intent of the service is not about public posting that sort of personal infromation.
You're right about that. There are websites and services that won't have the kind of data needed to identify an individual using the age bracket data, and there are those who could do it anyway or could make some guesses about the ages of users even without having OS gathered age data sent to them. That said, I've seen how bad companies are at making those kinds of assumptions. For example, I've seen youtube's AI age guesser fail completely and mischaracterize viewers ages in both directions.
> Though the does say the age bracket can not be used for anything other than to implement the intent of the law.
I didn't see that anywhere in the text. It does have a section where it says that the age data collected can't be shared with third parties unless they're made a part of the implementation of age-check scheme. There's also this: "All information collected for the purpose of obtaining the verifiable parental consent required under this Section shall not be used for any purpose other than obtaining verifiable parental consent and shall be deleted immediately after an attempt to obtain verifiable parental consent" but it's entirely unclear if age bracket data is considered part of the data collected when "obtaining verifiable parental consent". I suspect that it isn't and this language is intended to protect the data of the adults who will be forced to prove they are the child's parents. In fact they don't define at all what "obtaining verifiable parental consent" should or shouldn't involve.
You are right it is hard to use it for anything else though given the constraints.
> An operator that receives a signal in accordance with 20this Section shall use that signal to comply with this Section 21but shall not: 22 (1) request more information from an operating system 23 provider or a covered application store than the minimum 24 amount of information necessary to comply with this 25 Section;
You know the age bracket but nothing else and are not allowed to store more data on the topic to figure anything out. So you can not legally figure out someones age by keeping track of when they change age brackets.
> In fact they don't define at all what "obtaining verifiable parental consent" should or shouldn't involve.
It is the "Account holder". The user that set up the account and provide the age is considered the parent or legal guardian.
Meta Apps can have age verification but it should be at the point of service, not the supply chain.
And even if we were to agree to this, uploading your IDs to an untrusted third party is asking too much.
So have the government do it? They already know who we are and when we were born.
But in a perfect world it would be parents doing their job and parenting. You can grab your child's pad, phone, laptop, whatever, and black list the entire internet allowing only a few select white lists of your choice. But it's too hard to educate parents on how to do that I guess, assuming this was ever about children and not data collection, which it is that.
As there has been a market failure for decades at this point, it would be reasonable to give this a legislative nudge - spelling out the specific labels, requiring large websites to publish the appropriate labels, and requiring large device manufacturers to include parental controls functionality. The labels would be defined such that a website not declaring labels (small, foreign, configuration mistake, etc) would simply not be shown by software configured with parental controls, preserving the basic permissionless nature of the Internet we take for granted.
But as it stands, this mandate being pushed is horribly broken - both for subjecting all users to the age verification regime, and also for being highly inflexible for parents who have opinions about what their kids should be seeing that differ from corporate attorneys!
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
On what OS? Microslop Windows? On my computer no one is notified when an account is created. And the account list isn't visible when I log in. I log in to the TTY.
Now, granted, I am not the norm. But my OS falls under these regulations. So what is my OS vendor supposed to do? For that matter, who is the vendor? What if I were using LFS? Who even would be the vendor for LFS? It's not even a distro!
When you provision a Windows, Mac or Chromebook these days as a child's device using your parental account, it will require a parental account to enable new user accounts and/or re-enable guest user on the device.
Like I said - my preference would have been for Microsoft, Apple, Google and Meta and TikTok to have made an industry effort to educate parents about the existence of such tools a priori of any legislation, we could have avoided Linux etc. getting sucked in.
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.
If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.
With 3rd party software parents are controlling what software is used, they have the ability to decide which kinds of content are appropriate for their children and can be allowed and which types of content should be blocked. They can black/whitelist as they see fit. All of the power is in the parent's hands. This law gives parents one choice only: "Do I honestly tell my OS how old my child is". That's the end of the parent's involvement and the end of their power.
And cheat devices can be taken away as soon as the parent notices them.
It is also the wrong model. Instead of creating child-safe devices, just like there is a difference between toys and power tools, this regulation pretends that all devices are child safe and parents have to figure out which ones really aren't.
So trying to force a very very basic child safe mode makes sense.
And I don't think this regulation pretends all devices are child safe.
I pay the company to verify me, I am their customer. They take on the liability of the OS makers and app makers of age verification.
If you have a valid token signed by a licensed IDS that verified your age in your OS, that's all anyone needs to know.
So we have to pay some 3rd party service to hoard information about Children? Why we want to set that up? Why would we want to take that power from the parents and give it to some company?
So, they want to profit off children, but do nothing to protect them?
> but there should be a trusted 3rd party service that does that
Gee, if only Facebook would use their incredible might to create this, rather than trying to rob our representative government from underneath us.
> It abso-fucking-lutely should not be at the OS level though
It's not my problem. It shouldn't involve me at all. I don't use social media and I think if you let your kids on there unsupervised you have a screw loose.
We were completely fine 30 years ago without any phone. They will survive. They will probably thrive because now they have to learn how to hack the system.
Instead, we just give them everything they need and all the thinking they do is scrolling.
https://www.rtalabel.org/index.html
No, there shouldn't be any such thing; everyone pushing for any shape of this should just bugger off.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
https://youtu.be/yUAfRod2xgI
Meta just wants to do it in the most habit-forming way, that is embedded in a system crafted to mold young behavior into more manipulable consumers.
>Meta already knows the age of all its users
Roger, now they want a government mandate to target everyone else on the internet.
For the record, I'm against age verification laws. But I think companies are pushing for them because of liabilities they face under other laws, not because they would actually like to have the data.
Nothing less, nothing more.
Most things that are not suitable for children were recognized so long ago that it was decades, centuries, or millennia before anybody living was ever born.
Like porn, when it got on the web it has always been instinctively gatekept as traditionally as possible, and complaints which do arise over the decades are addressed by the websites in ways that measure up to how you expect a company to act. Consistent with the way they truly don't want underage visitors to their websites at all.
Those complaints are now dwarfed by what parents are saying about Facebook in particular.
Facebook, and now Meta, is just not something that previous generations had to deal with, so it didn't get handled in a very adult way as it should have been from the beginning. And it only got worse as it got bigger.
If it wasn't worse for their kids than porn, parents wouldn't be screaming so much louder than ever.
I guess it turns out the combination of fundamentally devaluing privacy across-the-board including minors is the main problem, and then the idea of hooking them early, like cigarette companies would do with as much habit-forming reinforcement as possible, is what leverages the lack of overall privacy through the roof.
What's really needed is bold gatekeeping on Meta's digressions alone, they should be the ones to aggressively keep everyone underage off their site. Like they really mean it, which has not existed before. That's what's been wrong the whole time, the internet was so much better before Facebook came along with their anti-privacy mission, and it got put on steroids.
Reining in Meta alone should be big enough to be noticeable, no-one else has a shred of responsibility by comparison.
Facebook has invested $billions in these underage crowds and they want to know exactly when everyone else on the internet turns a certain age even if they are not on Facebook.
Don't give it to them no matter how much they pay.
It would be the complete opposite of an advanced thinker who wants to respond by compromising more people's privacy across the regular internet, when Meta is the primary source of the problem, and they're who stand to benefit the more privacy is compromised in any way, child or adult.
Like my 19th century grandmother would say, "what's wrong with some people?"
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
Source? Another commenter claims the opposite: https://news.ycombinator.com/item?id=47416653
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it as an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
It's better for them if this "responsibility" rests with another organisation, they don't get blamed as much when the information leaks and it is replaceable.
https://www.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a...
HN is also much less representative of the demographics within the American tech industry now as well - almost all the references I see on here are stuff only men in their late 30s to 50s would recognize, and an increasing amount of users appear to be based in Western and Central Europe.
Heck, I'm on the younger end by HN standards (early/mid 30s) and when I introduced HN to my peers over a decade ago (this is my throwaway) even back then they complained that it was "toxic", "snooty", and "unhelpful". And it's reputation amongst the younger generation has only gotten worse.
HN has "SlashDot"ified, because most people are either in private groupchats on signal/imessage/discord or meeting each other with Luma invites.
Don't get me wrong, it's good to know but it's not earth shattering information.
How does getting the OS to do age verification "get rid of anonymity online" or help "sell ads"? Assuming the verification is implemented in a competent way (ie. it's not just providing an id scan for any app to read), it's probably one of the more privacy friendly ways to implement age verification, that's also more secure than an "are you over 18" prompt on every website.
> implemented in a competent way (ie. it's not just providing an id scan for any app to read)
What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case. The popular sentiment that smartphones and social networks are harming kids (thereby necessitating bans/verification) has been boiling over for a while now (eg. "The Anxious Generation, 2024", and the recent social media bans in Australia), and meta is just trying to get ahead of this with laws that favor them.
>What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
Probably less likely to cause vulnerabilities than web usb or web bluetooth , both of which gets some pushback here but nowhere as much an API that returns a number.
No, I'm saying the exact opposite: Meta is just one player in a campaign from intelligence agencies and other tech companies who want to normalize mandated prompts in your OS that collect information. Right now it's "just a DOB field bro" turns into "well... people can lie with the DOB field, let's just add a ID check step in that dialog" and build on it from there. Of course the pot has been boiling for a while and it's not just Meta looking for regulatory capture.
> Probably less likely to cause vulnerabilities
I don't care about likelihoods, this "feature" inherently introduces more risk and for something I don't even want on my computer. Even a small chance that this can be abused is unacceptable.
> because you fail to understand people really are worried about their children
No, I completely understand but that doesn't give anyone the right to start mandating that we give up our privacy in pursuit of that. That's sorta the joke with "save the children", it's meant to tug at your emotions and make you look like a bad person for not consenting to massive overreach.
Their entire top leadership has shown a multi-year tendency towards psychopathy and lying. Knowing Meta is pushing this bill makes me want to understand why my views and theirs randomly agree as well as carefully read the bill text for any signs Adam Mosseri was within 500 feet of it.
On its own? No. We probably agree on the need to drink water, that doesn’t mean I should now die of thirst.
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
[1] https://web.archive.org/web/20260317184359/https://lobste.rs...
Millennials had their hippie era in their 20s (same stuff their parents did rebranded as "hipster" instead of "hippie," where instead of building a lifestyle of free love and bong hits in the Haight-Ashbury, they built a lifestyle of free love and bong hits in Williamsburg Brooklyn).
Now in their 30s-40s they've moved to the suburbs, they're voting Reagan, and are falling for hysterical media-driven moral panics about "what kids these days are up to" just like their Boomer parents did in the 80s-90s.
What's even more funny about all these "social media is evil" legislative proposals, they're motivated by the idea of what social media used to be when millennials were in college...which doesn't even exist anymore.
The classic narrative that teens are depressed because they're seeing what parties they didn't get invited to is wildly outdated now. Social media isn't social anymore (see Tiktok), it's just algorithmic short form TV. Nobody is seeing content from their peers anymore.
In reality, most modern research on social media finds little to no affect on teen mental health. But of course, if you have ulterior motives to undermine privacy or shirk corporate responsibility under the cover of "saving the kids," this moral panic is an already burning flame waiting to be stoked.
More modern version: my experiences don’t look like the Instagram shots, my body doesn’t look like theirs, etc.
> modern research on social media finds little to no affect on teen mental health
Sounds like you know what you’re talking about, but if you have references I would read them.
How about research on the effects of social media on academic performance?
No disagreement at all that this is another power and surveillance grab.
Zero difference from the reality TV/tabloid era. "Influencer" is just a rebranding of "celebrity," and instead of seeing their Hollywood Hills mansion and chiseled bodies on MTV cribs and in Abercrombie ads you see them on your phone.
Here's a few quick pulls, the best stuff is the meta-analysis studies but don't have time to dig them all out:
[1] Effects of reducing social media use are small and inconsistent: https://www.sciencedirect.com/science/article/pii/S266656032...
[2] Belief in "Social media addiction" is wholly explained by media framing and not an actual addiction: https://www.nature.com/articles/s41598-025-27053-2
[3] No causal link between time spent on social media and mental health harm: https://www.theguardian.com/media/2026/jan/14/social-media-t...
[4] The Flawed Evidence Behind Jonathan Haidt's Panic Farming: https://reason.com/2023/03/29/the-statistically-flawed-evide...
It legally mandates the existence of a required "age" field in user account records, a user interface to populate it during account setup, a mechanism for service providers to read this field, and that providers act as if it has been populated accurately.
As someone who has been the de facto "system administrator" for my family's computer systems since kindergarten, this has to be one of the stupidest policies I've ever seen gain traction.
So for example operating system that does not ask this question could simply declare itself "inappropriate"/"illegal" in the jurisdiction.
Say, GrapheneOS can explicitly disallow image downloads from Californian IPs and not sell phones with preinstalled GOS there.
You don't need to be complaint with the Mongolian law to sell in Burkina Faso.
Similarly they don't need to be complaint with Ohio law if they do not operate and have presence there.
American companies that decide to surveil users ont heir websites with pervasive tracking without consent would only contravene the European GDPR if they allowed EU users to use them. Block the EU (famous http/451), and they're in the clear.
IMO, but IANAL.
Edit: I have no control over who links to my library.
> for all users that the operator has actual knowledge to be a minor, the operator shall use specified default settings for the minor.
I just think it should be opt-in. Applications should presume <13 unless the user opts in.
As an "operating system provider," the law as written still requires me to provide an accessible interface for you to indicate your age to the operator.
Should we be asking your age every single time you use a credit card reader or ATM? If not, embedded operating system providers need exceptions to the law in each state that adopts their own non-standardized approach.
If you connect it with a permission system where you can choose whether to provide this information (e.g. >13 as a bool or age as an integer or the birthday as a date) that can't be too bad I guess?
I haven't read the whole thing of course.
Not to mention that computing is a global thing, and in order for this to be useful it would definitely have to be providing more specific information than just a bool. Maybe chats require 13+, but pornography requires 18+. Maybe those ages are different based on location. All advertisers would need to do is ping the various different checks to get your actual or at least very approximate age.
This kind of thing is a slippery slope, and its ripe for abuse by doxxers, advertisers and big brother himself. Burn this with fire. I'm totally in agreement with the others that suggest stuff like this should b just get banned from getting introduced and reintroduced constantly trying to sneak it in as a rider or hidden provision. The people DON'T want it.
Also, I don't want my OS to report my age range to every website I visit anyway.
Argumentation 101: “it’s stupid” isn’t a reason.
1. Creates a protocol with desired signals (country and a variable list of whatever others i.e. age,state) that clients (including browsers) CAN choose to use and forward.
2. Create an api OSs CAN implement to inform clients of those signals and if they can be overidden in the client. (Possibly even create an OS or service to run on OSs that implements it, parents can choose to install specific OS or service)
3. A open source server for governments to specify common classes of content and what to do when a specific SIGNAL (from the protocol in 1) is recieved (Serve content to SIGNAL group/serve content to everyone/never serve content). And what to do if content isn't in a class it recognizes(Serve content/not serve content). Association could also be extend it's duties to coordinate a list of types of content.
4. Maintain an authoritative list of servers by country so that those hosting services can reach the servers hosted in 3. So that webservers can visit those servers to find what they can serve if they wish to apply the law for that jurisdiction.
Horrible because it does codify less freedom and censorship. The advantages are that for a jurisdiction liability can fall on the right actor.
If you run a website/app you worry only if your in a jurisdiction that mandates you use the protocol and can easily geoblock crazy countries by using that signal and choose if a jurisdiction you want to deal with is worth the effort of coding for or whether you want to ignore that countries laws.
If you are a user you can choose to install the API or use an OS that implements it or an OS that spoofs it with only the liability of your jurisdiction. If you are a parent you can use an OS(or install a service) to implement it on your kids accounts.
If your an OS developer you can add functionality if desired/appropriate.
If you are a country you can specify what signals you use/require and can specify required signals (i.e. US may request the State signal so it can decide if it needs other signals to evaluate whether to serve "Social Media" content (i.e. age in the case of state=california)).
Not perfect but actually keeps punishment/enforcement to appropriate jurisdiction and means you can actually gracefully avoid liability for sites in broken jurisdictions rather than either kowtowing or being in breach. Also means it can be implemented in client if you don't want it on your OS or want the convenience of not being asked age without the ridiculous other stuff.
Accordingly, it is never too late to lobby against these things.
It's not an accident that this appeared within a month or two of the California one. I would bet good money that there's someone shopping this bill around.
If you do a frequency analysis of when these bills are being introduced, you'll notice an odd cluster internationally. Less charitably, they're coordinating / talking / being pushed by someone. More charitably, the "idea" is spreading.
It's a very odd idea to spread though. Age "verification" isn't something people are truly passionate about.
I suspect that, long-term, this is about surveillance. The powers that be would rather kill the golden genie that's general purpose compute than have teens and radical youth with compute.
This is going to get bad.
This is happening after several other states have introduced age verification laws that actually require age verification which typically involves uploading your identity documents to each website that is required to verify your age.
Apply Occam's razor. Which do you think is more likely?
1. These states that have a record of concern for privacy are now introducing an age verification law that relies entirely on the age that the administrator enters when configuring a user account in order to give a push down a slippery slope toward their nefarious secret goal...even though it would be a complete waste of time since as the examples from numerous other states shows it is not hard to pass a law that starts with making people upload their ID documents to any social media they want to use.
2. These states that have a record of concern for privacy are doing age verification in the way that many privacy advocates said it should be done when they were objecting to those bills in those other states that required uploading ID documents, because those states do not want to go down the slippery slop that those other state approaches risk going down. Namely, through parental controls on the devices that children use that put the parents in control and leave the government out of it (other than requiring that such controls be included with the OS).
https://nationalpress.org/topic/model-legislation-statehouse...
https://www.thegazette.com/opinion/guest-columnists/lawmaker...
I have looked into hiring lobbyists. I have seen how the sausage gets made.
Pop quiz, who do you think funds https://www.digitalchildhoodalliance.org/ ?
https://ifstudies.org/in-the-news/over-50-conservative-group...
:)
https://www.yahoo.com/news/articles/reddit-user-uncovers-beh...
https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b...
https://github.com/upper-up/meta-lobbying-and-other-findings
---
In general, this is an example of the Martha Mitchell effect. https://en.wikipedia.org/wiki/Martha_Mitchell_effect
Real conspiracies exist. Openly. They're open secrets for those in the know.
You'd be surprised by how banal so much of this is. So many parties trying to get what they want. Doing a cost v benefit analysis and looking the other way.
Black holes have less strength to destroy goodwill than posts like yours.
The tone of your post makes people dislike you intensely, makes them ignore you, and go about their business. But they’ll remember you and the repulsion they feel to posts like yours (which all of you saying this message seem to use) whenever they even think someone is saying something like you’re saying here.
You guys are your own worst enemies because you can’t see how fucking abrasive your posts are
:)
How is this a counter-argument? I often read this, as if there's some international trusted organization of logical thinkers that has approved inclusion of slippery slope to a list of logical fallacies that must never be invoked in a conversation.
Every single time five years later it turns out that the slope actually was slippery.
I read it as a call to action: things only go down the slope if they're pushed that way, so now is the time to try and prevent said push.
Why do people imagine that I said words I didn’t say, get mad at those words, then reply as if I had said them? This happens all the time.
Humans are stupid and I sincerely believe that we, as a species, will fail because we are so prone to this kind of behavior. We really are a garbage race.
I didn’t. So why do you say “everyone”? Stop imagining people saying things that they didn’t actually say.
Every step we take down this “slope” is intentional and happens because there is more force pushing things down the slope than there is force resisting that push. There is no slippage, just people who refuse to act in their own best interests letting people who are acting in their own best interests do whatever they want.
Putting aside the real possibility that the ability to lobby against certain things is already actively under attack, it isn't speech alone that is being addressed, it's political and cultural momentum.
Would you call it a fallacy that making incremental rather than sudden movement in a specific direction makes it politically easier to accomplish?
We have already seen the federal government use facial recognition data to create an app that tells ICE goons who's legal. We should not tolerate the government forcing more data tracking and privacy violations just because you are not "sliding" today.
First they came for the Communists
And I was like fuck those Commies
Because I was not a Communist
ditto
ditto
ditto
Then they came for me
And what the fuck bro this is totally not what I voted for
Second, there's no certainty about how courts might interpret compliance. If the intent of the law is to positively identify minors, a user editable field may not be interpreted as sufficient to comply. We don't know what the safe level of identification will be outside of trying the law in court. Who wants to be on the bad side of that?
[0]https://github.com/systemd/systemd/pull/40954
One way is that you log in under a guest account and the guest account requires you to indicate your age. After your session is over, guest account logs out.
Another way is that the library has two sets of computers, ones set for adults, ones set for minors. You need access card to use computer and the librarian will give you the age-appropriate access card.
Another way is computers are set for restrictive (child) account by default. If you need adult access you have to ask librarian to unlock it.
Not to counteract your point, just as an anecdote I like remembering.
What I expected was that we'd end up with the OS vendors actually being mandated to really do age verification, and then submitting that using Web Credentials and Secure Attestation so that the far end could trust the whole thing, locking open-source OS's out of the mix and creating more of a walled garden online than we already have. I was guessing it would become a simple checkbox on e.g. Cloudflare - "[ ] allow adult users only" or whatever - and that it would end up with vast swathes of the internet going off limits for anyone not on closed-source systems.
Now, it looks like this is just a way for parents to tell the OS "this is a kid account" and have it flow through to websites so they can easily proactively block kids from connecting without having to implement any of that crap. Yes, it's much potentially easier for a child to circumvent; but any kid who can get around that sort of thing from within an OS could probably just wipe/reinstall anyway, so who cares?
As a parent whose kids are continually trying to see what trouble they can get into, I appreciate that I will get one more potential weapon in the fight.
Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
You're being a fool by actually being a bit relieved it's going this way.
These bills are meant to nudge the overton window[0] of digital politics in the direction of mandating realtime identity verification for all forms of computing. Advertisers want it, governments want it, _bad people and bad governments want it_. By pushing a very small and "weak" legally-required form of user identification on everything under the guise of "saving the kids", all involved parties can point at those who disagree and say "Look, if you disagree you must want to hurt children!" And so the bills pass, and a weak form of identity verification passes and is enforced. Then it'll be shown it doesn't work, and the proposed solution will be to make these identity verification laws more intrusive and more restrictive. Repeat ad-nauseum.
0: https://en.wikipedia.org/wiki/Overton_window
Time to start throwing up hobby BBS sites... and I think in this case text mode interfaces over web might be an advantage.
There is no verification beyond that in these sorts of bills (CA, CO, IL). It's the parent's responsibility to watch their kids when they set up an account.
> Legitimate adult websites will not show the content.
This is a big problem (that won't necessarily be solved by this particular legislation, granted). There are already voluntary rating HTML tags websites can add to indicate parental control software should block them, but they're voluntary and non-standardized. Websites can choose not to comply with no real-world consequences. And I don't think platforms like Reddit or X, which are ostensibly all-ages social media but also have an abundance of adult content, are properly set up to serve tags like that on NSFW posts but not other ones.
It's a tricky problem to solve, and, imo, it's one the tech industry has demonstrated it doesn't have any desire to solve itself, hence legislation starting to get involved.
> Websites can send down a single header indicating adult content.
It sounds at first glance like a no-brainer that websites shouldn't have access to any information and the enforcement should be done at a local level (like the current voluntary HTML tags that locally installed parental control software can sometimes read). But some websites might want to display alternate content to minors-- e.g. a Wikipedia article with some images withheld, or Reddit sending a user back to an all-ages subreddit instead of just fully breaking or failing to load when the user stumbles upon something 18+. For anything like that, the website will need to know in some form that the user isn't able to see 18+ content.
Detractors will say parents should just install existing parental control software, even though it's existed in its current form for decades and is obviously not effective. And they'll say it should be the parents' responsibility to enforce what their kids are doing with computers, while ignoring the fact that these laws provide tools allowing parents to do just that (the parents are the ones responsible for supervising their kids when they create accounts to ensure they're not lying about their age-- if the kids lie during setup, it's on the parents).
Anyone with kids will probably acknowledge that it's much easier supervising your kid once when they first set up an account on a new device than it would be to supervise them 24/7 when they're using the internet. But for some reason, lots of people without kids are in a panic about having to type in any date older than 18 years ago. The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
Because that's exactly what will happen. This is battlespace preparation for the destruction of anonymity on the internet, because politicians find this inconvenient.
Except what about my OS which doesn't have parental controls and can't reasonably be expected to provide them because who's gonna do it and be responsible for it?
Of course, nobody can ever stop you from running anything you're building yourself, privately. But you might end up finding that you need to implement additional APIs anyway in order to access what you want to on the internet, just as you're expected to have some sort of HTTP support and HTML rendering in order to get that far. The part you'd be able to "cheat" on in your own custom OS is just reporting a higher age bracket without making you type an age in first.
These tools are called "parental controls" and already exist - we don't need laws to compel their production.
...unless, of course, the true aim is to use this as a beachhead for further expansion of privacy-violating requirements.
You write this off as a "slippery-slope" argument, but given that there are already quite a few tools that do what this law aims for, what's the point?
Would you prefer to inform each movie theater in town which movies your child is permitted to watch? Or just rely on the rating system that applies to most movies and is honored by most theatres?
Parents want one setting that says "this is a child" and then expect online platforms to respond appropriately. As we expect and mostly have in the real world.
This law does not do that. It breaks the age of children into several buckets so that platforms, websites, and advertisers can target specific demographics. They won't "respond appropriately" they'll just use this data point as another way to improve how they exploit children online. Now every pedo with a website can tell how old the kid is so they can better adjust their grooming for that age bracket.
Content providers are not incentivized to care about the problem, and will serve any content with ads next to it that they can unless they are forced not to. Ad-hoc solutions attempting to paper over that behavior on the consumer end are not adequate or effective. That's why they have a rationale at all for the laws here.
Literally not what's happening with these bills. There is no identity, you would only have to type in a valid date (and nobody's forcing you at gunpoint to make it your actual birth date).
> The proper analogy would be require verification on the part of the porn sellers.
Red states tried that first, and it was very poorly received by the left and the porn industry, among other parties. Asking anonymously at the device level and leaving it to parents to enforce it is more privacy-respecting and less of a burden to adults. Which is exactly why blue states are now trying to do it this way (and is one of the reasons why Aylo & others have been asking for it to be done this way, with the other reason being it's also easier & cheaper on their end).
> if the kids lie during setup, it's on the parents
Pretty much a "Yes, and?" scenario. See above.
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
I get where you're going, but precisely this. These things always start slow... then fast. The old adage "first they came for x, then y" is not a joke or an exaggeration. It is pretty much historic observation. I've lived long enough to know that whenever someone invokes the "think of the children" defense, there's always a catch.
I hear this and it makes me wonder if you have kids. Do you really have the ability to supervise their internet access at all times? Mine are in the next room, I check in on them regularly, but that still results in them being up to no good. Conversations on the topic are a regular thing, losing privileges as a punishment for breaking the rules is happening all the time, but they still always want to push up against the boundaries of what's allowed and what isn't.
And they're not even teenagers yet, with hormones and thirst-traps and whatever else there is to watch out for.
A little bit more control within the house would be useful - I don't want it to come in the form of anything that impacts anyone else, though. I don't need draconian laws, I just need some voluntary, owner-informed device controls that aren't completely trivial for unprivileged users to bypass.
> The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
My parents set me up with an AOL account when we first got a computer and dial-up internet. At first, I was kind of required to go through the AOL desktop application to browse the web since that's how we connected to the dial-up. Sometimes a website would be blocked through AOL, and I'd have to have one of my parents come and sign in to allow me into it.
But once we moved onto broadband DSL, I eventually figured out I could just open Internet Explorer instead of AOL to bypass the parental controls without having to get my parents to come allow a website. Of course, a few years after that, I was secretly browsing porn... at 10 years old.
As a parent today, what non-required tools would you suggest I use to effectively filter NSFW content from the internet for my kids? Network-level methods don't work in the age of laptops and smartphones. Any on-device software you might suggest would probably be for iOS/Android or Windows, not both. And which software supports Ubuntu, or do you think I shouldn't let my kids use it? Yes, it's probably possible to lock things down eventually (for me, as an IT professional). The parents next door probably have no clue about half the stuff I'd use, and my kid's gonna end up having access to whatever their kid does. Even if everyone does everything perfectly, all it takes is a slight paradigm shift or new piece of technology to sidestep all of it-- like when my parents did their jobs setting up AOL parental controls but then switched our connection type and inadvertently broke them.
The value of this legislation isn't necessarily making parental controls technically possible. The value is standardizing and normalizing it. As someone in another comment chain brought up, you're not expected to individually coordinate with every movie theater or every liquor store, or to helicopter your kids IRL with it being your fault if someone sells them beer when you let them go out with their friends. There's a basic societal understanding that certain things aren't available to kids. The internet being "wild west" for a few decades doesn't invalidate that, imo. This isn't parents not parenting, it's adjusting the level of burden we're expecting to come with parenting to a more reasonable level.
We tell our kids that smoking is bad for them. It's still illegal to sell cigarettes to minors.
> As a kid, if I had seen a case of beer left out I wouldn't have gotten drunk because I wouldn't have wanted to.
Good for you, and neither would I, but that's because I'm a wet blanket (still don't drink today). Selling alcohol to kids and teenagers is still illegal.
And the arguments for it don't promise to fight tooth and nail not to make sure it's not slippery. If the slope does turn out to be slippery, today's proponents will be tomorrow's Hindsight Harrys (e.g. "the cat's already out of the bag, if you cared so much you should have fought this back when we all saw it coming").
This is not a theory. Laws requiring this are going through the state and federal level right now.
> (b) An operator shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
Unlike the California law I do not see anything that restricts this to child accounts only.
So let say I have a program:
and I want to publish it to say npm or nixos, or some linux distribution. Not with out violating this law. This application needs to request the users age brackets at least at 'downloaded and launched' optimistically that means once on first launch, but potentially needs to be requested on each launch of the application. So lets fix the program There we go, now the code is compliant with my imagined ageBracket module.Does the hidden Minix installation on every Intel CPU with the Intel Management Engine count?
The root cause is a corrupt government doing the bidding of a few rich people and other countries. Fixing that will be very difficult but is nonetheless necessary and possible to largely thwart legislators from working against their own ostensible constituency.
>"Operating system provider" means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
I.e Linux will most likely to be immune, since its not tied to a particular computer.
Which just means Linux stay winning. It already made big headway in the video game space, so its prime to take over personal computing too.
That's a really weird and nonsensical reading of "operating system software on a computer".
i'm from illinois, worked in california, and no longer live in either. from afar, it seems that whatever california bureaucrats propose, after a short delay, gets proposed by their little sibling bureaucrats in illinois.
[1] https://legiscan.com/NH/bill/HB1658/2026
[2] https://www.nh.gov/glance/state-constitution/bill-rights
Sounds like there actually would be some benefit commenting about it on HN.
So they are right in that sense - commenting on HN is cathartic but ultimately useless.
And the people who matter and are against this also don't use HN because they view this platform as toxic and reactionary.
HN is basically slashdot now.
People have been worried about that on HN for years, but I still see the same culture. There do seem to be more bots and astroturfing, but that's a systemic issue with all social media platforms today.
And that's the crux of the issue - the industry and people have changed, but HN hasn't changed discourse wise and is growing increasingly disconnected demographically speaking.
A large portion of HNers are men in their late 30s to 50s, and no longer located in the Bay Area or NYC.
No one's who matters is having these kinds of conversations on HN - they're meeting IRL with Luma invites or in signal/imessage/discord group chats.
Did "hacker news" lose its stallman flavor in favor of venture capital investors? Yes, at the get-go; but that doesn't mean people have sold out their morals. We're all frustrated. We live in a society. At least in the US, you'll just call a representative who's getting paid by lobbyists letting your message fall on deaf ears. But I have seen so many great comments here by people with beautiful minds and good intentions; and sometimes I can even debate with them and get my ass handed to me, because they're much more brilliant than I.
edit: was curious on Luma. Is it basically meetup/radius/partiful/apple invites but for crypto bros?
I am one of the those people who matter and work with other people who do as well yet I'm the only one in my peer group of VCs, CISOs, CPOs, CTOs, CEOs, Founders, SWEs, PMs, etc who still uses HN today.
Hell, Nvidia GTC has been going on for 3 days now and not a single post about it has come up. That shows how out of the loop HN has become.
> Did "hacker news" lose its stallman flavor in favor of venture capital investors
To me, it's become even more Stallman-esque and less relevant to founders, operators, or investors. And this is a growing sentiment amongst newer YCombinator founders as well.
Conversations that are actually relevant to founders and VCs don't happen on HN anymore. And an increasing number of HNers use VC and PE interchangeably - this is such a basic mistake that betrays how out of the loop and lack of context HNers have now.
> was curious on Luma. Is it basically meetup/radius/partiful/apple invites but for crypto bros
It's the new meetup. If you are seeing crypto bros on there then you are not located in a major tech hub.
Opening up Luma this morning I see invites to a fireside chat with Fei-Fei Li (ImageNet), a spring showcase by a VC fund that has invested in dozens of YC startups, a couple raves, a Quantum Computing breakfast at Stanford sponsored by the Danish and Norwegian Consulates, and an event by the Japanese Consulate on the intersection of manga, AI, and creativity. These events and others are where people who matter and can impact change are hanging out and chatting with each other.
> I hope this doesn't become what reddit is now.
At least as an American in tech, HN already has become as low signal-to-noise as Reddit.
Based on the time you posted along with your pattern of speech, I'm guessing you live in Central or maybe Western Europe. You have a very "DACH" coded speech pattern.
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
what is the solution then to age gating apps that the public feels should be age gated? (TikTok, Instagram, etc). it seems like every app implementing its own guessing system would have even more holes, right?
this is one where I am sympathetic. the moment when someone, with their parent, is setting up a device seems like the best point to check age. right?
am I missing something?
They could've written these laws to go after Apple and Microsoft specifically, and assume that most kids wouldn't have the wherewithal to install Linux themselves. That may or may not be effective. But no, the way the law is written, any hobbyist OS dev is now legally liable for the abuse kids might suffer on massive social networks that are completely unrelated to the OS.
The funny thing is that Estonia actually already figured this all out. Their national ID system allows any platform to reliably verify anybody's age without gaining access to any other information about them. It's the perfect system for reliable checking age while maintaining perfect privacy about all other personal data. But I don't think we'll see that in the US in my lifetime, so we'll just have to keep fighting over all these ineffective privacy nightmares instead.
This conclusion is up for debate, but that's what they mean.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
Signal your virtue in the threads that are dedicated to those issues please, we don’t need to bring this up in a thread dedicated to some dumb law
"Can anyone help me understand the term "woke", I have never heard it before"?
While laws that target engineering decisions are sometimes reasonable, they are always accompanied with specific guidance from a credible academic based institution (e.g. mechanical and civil engineering use private licensing bodies and develop specific curriculum and best practices).
The only time this law will ever be enforced is punitively for other crimes against major actors who are extremely limited in number. It is unenforceable for Linux, trivial for Apple, Microsoft, and Google to add to their OS. Presumably easy to spoof, the law describes it as minimal but once again, there isn't a specification so who knows. Websites won't be liable, they're getting a sweetheart deal here.
In practice what this law does is absolve abusive platforms an from any responsibility. It adds extra meaningless work and overhead for legitimate adult platforms while opening themselves up to new potential legal challenges, and ultimately doesn't replace the responsibility its removing.
This doesn't make children safer. This doesn't make the internet safer. This kind of legislation makes it easier to abuse children online by removing responsibility from platforms that are known to be dangerous to them yet profit from their presence the most.
How are you not outraged? People are missing the above forest for the "oh but it's a tiny little easy API and I don't see any downsides" trees.
Also, not every jurisdiction defines adult and/or legally able to use social media the same way. Parents need to parent at the level 0 social layer than push this off to everything at technical layers and everyone else.
It's a moral panic ruse in legislative form for greed and power.
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
User account creation wizards could just create the dot files for the App Store. These weird laws ban OS.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
https://en.wikipedia.org/wiki/Sackler_family
https://en.wikipedia.org/wiki/Opioid_epidemic_in_the_United_...
https://www.profgalloway.com/addiction-economy/
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human. My pattern matching in the comment you replied to stands imho, and while it is admittedly imperfect (as you point out), I believe it remains directionally accurate.
[1] Why Ozempic Beats Free Will - https://www.psychologytoday.com/us/blog/hot-thought/202410/w... - October 4th, 2024
[2] https://news.ycombinator.com/item?id=45907422 (additional citations)
(think in systems)
Do you mind expanding on why that is? Is it because it allows them to say "well the API told us they're adults so we're all good"?
Umm isn’t that what we want? Or are you suggesting there should be some other legislation in place?
[1] Tracking Efforts To Restrict Or Ban Teens from Social Media Across the Globe - https://www.techpolicy.press/tracking-efforts-to-restrict-or... - February 23rd, 2026
[2] https://en.wikipedia.org/wiki/OODA_loop
Seems you are contradicting yourself
The bill itself sort of goes against its "purpose". If the purpose is to make a convenient API for stores to know their user, and avoid showing them certain content then why did the bill state: "If an operator has internal clear and convincing information that a user's age is different than the age indicated by a signal received in accordance with this Section, the operator shall use that information as the primary indicator of the user's age."
because many people lie in those forms. Many people on steam will select they were born in 1900, including myself. So how will this API help? the only way for it to be useful is if they later require full verification.
That being said, I don't think this bill was that well thought out as the implication are far reaching (will I need to enter an age when provisioning a VM?).
I mostly see it as a clumsy attempt to provide a mechanism for age-category attestation in a way that is more privacy-friendly than Texas's "upload-your-id" law.
I feel like if we assume this is in good faith, and they want to make sure adults can ensure minors don't have access to certain content, why would they use age as the information? This can be solved, or even have been solved by having Parental Control feature like in IOS which provides finer options than what you would get with age.
This could OK if this was requiring that any device or operating system have access to parental control in any capacity (either by default or via third party application) and limited for things that would be used by minors so that VMs or other stuff don't have to worry about this. Or, they could mandate products to indicate that the feature exist. That way, a parent can decide what to give their child.
What that means is that we will have to amp it up, if we want to achieve it's purpose. So, that's not a slippery slope, that's a prophecy.
When we get cryptographically backed identity verification on all computing, that will legitimately be the end of computing as we know it.
Or, in contrary, when it is very reliable, so it can map a very specific real person to a reliable and true birth date, then f off binding myself to a randome computer account that gives it out to whomever is asking it!
There is no good in this story.
Yes, this is just the beginning of a huge swath of innocent APIs to identify people on the internet. Meta isn’t going to stop, and neither will governments.
Edit: also, before the same jackass from the last few discussions on this mentions “muh ADA” again, the ADA has never been shown to apply to an OS in court nor does it mention anything about operating systems.
They want to abolish anonymous use of internet services, because anonymous publishing at scale is powerful and dangerous to incumbents when they can’t retaliate with malicious prosecution, police harassment, or assassination.
Don’t say this too loud please, I don’t honestly think we’re too far from this reality, at least from an “Overton Window” point of view.
Unless your specifically calling out accounts that require online registration for the OS. I'm vehemently against that requirement.
Answer: they don't want to be liable and get fined $400 Million, like Meta got fined, for letting kids on social media. (https://www.nytimes.com/2022/09/05/business/meta-children-da...)
This is why Meta is forcing this legislation through nation-wide. They are forcing Google/Apple to take the liability, despite it not actually being Google or Apple that's providing the "harmful" social media. Meta are doing this state-by-state so nobody can track that it's them. Easier than pushing at a federal level, and raises fewer red flags from news media.
Since Google and Apple won't want to accept this liability either, the next step is requiring digital IDs and third-party verification to prove the user is of age. This will enable tracking of all users, whatever app or website they go to. Bills requiring this are already being passed at state and federal level.
Is the government going to require some sort of automated checks that verify every person who connects to the internet has this API on their OS and go after individuals that aren't in compliance?
Haiku could just run an automatic dialog asking you if you are minor, in Illinois or California and write a text file with the corresponding age category of said person.
These bills do not mandate that the user cannot modify that information AFAIK.
2. Plenty of websites make their own apps, and then you're back to just having every website under the sun trying to verify everyone's age to know who to show explicit content to.
None but them corporations sure do. And with a little cash in the right place I'm sure they can push recourse onto people of power. We really need to end political lobbying one of these days
Because there's no remotely compelling evidence for this and it'd be thrown out by a judge as a huge parental rights violation.
https://en.wikipedia.org/wiki/Tipper_Gore
https://le.utah.gov/~2025/bills/static/SB0142.html
https://capitol.texas.gov/tlodocs/89R/billtext/html/SB02420S...
https://www.legis.la.gov/Legis/ViewDocument.aspx?d=1427667
Those are all specifically targeted at mobile app stores—which already verify age—and have nothing to do with general purpose operating systems or their account creation.
Try moving the goalposts more carefully next time.
If you were interested in information beyond your own echo chamber, you’d realize that literally every significant app store is run by an OS vendor.
Try using basic critical thinking next time.
https://www.reddit.com/r/linux/comments/1rmhxk1/i_pulled_the...
Richard Stallman advised us about it long ago.
Thank god Plan9 got relicensed into GPL. 9front might not totally free, but it's a step in case GNU+Linux gets utterly broken.
And, yes, please, go try Trisquel (novice users), GUIX (experts) and Hyperbola (experts and protocol purists).
Avoid every Google, Amazon, Facebook, Apple, Netflix service with nonfree JS.
Today his blog is filled with weird rants against voter ID, the Iran conflict, and a list of other countries he dislikes because they have national ID cards and this is a bad thing apparently.
For someone who is a renowned world traveler, you would think he has heard of passports by now.
Not a peep about these bills that could have a very real impact on an operating system he invented (gah-noo).
Then again, since he's never installed it himself*, account creation is not something he would have to deal with or care about.
* https://www.youtube.com/watch?v=umQL37AC_YM
Maybe the solution is as simple as having an adult create your account for you.
Like paying a homeless guy to buy you booze or cigarettes, not that anyone would ever do that.
That's what has me down about US politics big time. Even the most extreme voices in politics (warren, sanders, aoc,etc..) don't even come close to holding these people accountable. I don't care about taxing them, I care about prison time for interfering with a democracy like this (not retroactively of course). No one is even entertaining properly criminalizing such behavior. Even they made it illegal, they'll just make it a fine a billionaire can pay like an oopsie parking ticket.
These ruling class types have always been there, and human nature is such that they will always be there. But you have to understand, this isn't feudal era England, the government and society isn't built to tolerate them. Their behavior as such is parasitical and only leads to destruction of society. In their parasitism, they've fooled themselves into believing their wealth can shield them. But the nature of the parasite is such that it can't live without a viable host.
Whatever you believe about billionaires controlling politicians, it's much much worse than you think.
1 10 0000
or even better
1 10 -2000
This will turn into most useless set of laws ever
Red states: paternalism over your body, liberty for your property
Blue states were paternalistic over both your property (business and social gathering shutdowns) and your body (masking, social distancing enforcement), while red states (particularly Texas, Florida) were very laissez-faire for both.
What's perplexing about this is that research has generally correlated higher amygdala activity (fear/worry) with political conservatism, and lower amygdala activity with political progressivism, but in this case, the effect seemed almost inverted.
Meta's lobbying spending is cited for states not doing that kind of bill, but that's their total lobbying spending in that state.
These new bills in the style of the California one do not require any actual age verification and don't give any information to sites or apps other than the age range that whoever made the user account on the device entered.
It is essentially just requiring a simple parental control mechanism be provided by the OS which provides a way for parents to set age ranges for the accounts of their children and an API that apps that need to check age can query.
On a Unix or Unix like system this could be as simple as having the command to create a user account ask for age or birthdate and store that somewhere (maybe a new field in /etc/passwd) and then adding a getage() function to the standard library that apps can call to get the age range for the current user.
From the "we want to slurp up everything we can about you" point of view usually associated with Meta it is not obvious why Meta would support this approach.
Age checks can broadly be divided into 3 categories.
1. Done entirely on the local system, with only the result being revealed to the app/site that is asking. Age information comes from the owner/administrator of the system. I.e., the parental control approach.
2. Done using the local system and some external source of age information like your government. Only the result is revealed to the app/site that is asking.
3. Verification is done directly with the site that is asking, or through a third party. You have to supply sensitive documents like your government ID to the site or the third party.
#3 is terrible for privacy and anonymity. The red state laws tend to be in this category.
#2 depends on the details. There may be ways using the timing of the communications between your system and your ID supplier (e.g., your government) and the communications between your system and the site you are proving ID to that could allow the site and the government to get more information that you want them to. There are cryptographic ways to prevent that, especially if the device has a hardware security module. It thus comes down to with #2 that you really need to look at the details.
I'm not sure if any US state is taking this approach. The EU is, with cryptography to make it GDPR compatible and allow anonymous verification. Google and Apple are also working on such systems.
#1 is basically equivalent to the "Are you 18+" dialogs on many adult web sites, except moves to the device and the admin can if they wish prevent non-admin users from lying.
It is not really surprising that blue states are tending more toward #1, especially considering that several of them are among the states that have the strongest state privacy and data protection laws.