> government passes law that requires companies to age verify users
> said government provides no way to actually verify a human's age
> hilarity ensues
cedws · 17h ago
That's exactly what pisses me off about it. The government could have at least devised a technical solution to verify the age of people privately. Data breaches happen all the time, do they just not care about the consequences when millions of peoples' porn watching habits are inevitably leaked?
progbits · 17h ago
Because that's their goal. Make you scared about using things that are even legal but private/embarrassing.
Telemakhos · 15h ago
It's a great first step toward making criticism of the government scary. Porn, hate speech, and other "legal but private/embarrassing" speech are the sharp end of the spear. When it's okay to restrict those, it becomes more easier to restrict political opposition.
astrange · 6h ago
Nobody in the UK cares about "criticism of the government". That's a paranoid concept that only makes sense in a presidential system like the US.
In Westminster systems you can kick out the government all you want and often do. The point of the constitutional monarchy is to separate the people you "shouldn't criticize" from the people who actually have any power.
The reason they're doing this is that British people hate themselves, hate their children, and the purpose of the country is to take everyone's money and give it to pensioners.
> A man who was arrested by police in England for asking who elected King Charles III says he’s worried that his arrest could have a “chilling effect” on freedom of expression in the country.
astrange · 6h ago
That's my point. King Charles isn't the government. Nobody thinks he is either.
Keir Starmer is "the government" if you want someone. And he's at 27% popularity.
msla · 3h ago
"The king of a country is not connected to that country's government" is a kind of hair-splitting I really, truly cannot abide.
astrange · 1h ago
That's the whole point of a constitutional monarchy!
The king's literal job is to not be the government. He gets to be the emotional symbol of the country and be treated with respect in exchange for promising to never actually do anything.
Most of them pretend the monarch is allowed to do things (as long as the government tells them what to do first), but in Japan and Sweden they don't even have that power. The emperor of Japan is basically just a prisoner we (the US, who wrote their constitution) keep in a palace for fun. They seem to like this and have taken to being the most boring family possible; the current emperor's official hobby is "water" and he stopped playing the violin because he thought it was too interesting.
As for why the UK still has lese majeste, beats me.
immibis · 11h ago
Hate speech is only "legal but embarrassing" in the USA. Almost everywhere else it's illegal.
tim333 · 5h ago
It's to reduce kids exposure to porn and the like. Does it really matter if it can be hacked?
In the old days the put the porno mags on the top shelf so kids couldn't read them. That was hackable too but it didn't matter much.
mindslight · 4h ago
Personally I'd rather my kid discover porn sites with cleartext(S) browsing, so I can be aware of the development and have a talk. Then later I can teach them how to use VPNs, TOR, and other secure protocols to eek out some freedom from this digital prison that Surveillance Valley has built for us.
brogufaw · 20h ago
It’s intentional to give them wiggle room to define truth as needed case by case.
Not saying it’s good or bad. Just that it’s intentional.
Culonavirus · 19h ago
My bank has an API endpoint that (basically) returns your name and age (in this use case). It can return more for signing electronic docs etc. and is basically your digital ID.
Need to buy "toys", vape products, alcohol... anything adult online?
There's a 3rd party web app (you rightfully don't trust) as an age check in the shopping cart / user account of any of these adult shops, and this has multiple ways of verifying your age - and one of them is the bank's api, you pick it, your bank's identity sharing page loads, you log in, it shows exactly what information will be shared in a bullet point list, you tap OK, immediately a request like "this app wants to know your age, please verify" pops up in your smart banking app on your phone, you tap ok, fingerprint scan, DONE.
Problem solved. The 3rd party app knows just what it needs to. All of this takes maybe a minute and your personal info is perfectly safe (unless you don't trust your bank at which point you have bigger problems to worry about...)
dfghjk4 · 18h ago
Identity shouldn’t be tied to a private institution that requires you to have a bank account to login.
Two of the well-used solutions to identity in the U.S. are login.gov (government-managed) and id.me (private, but used by government). Basically to get setup, at some point you have to have physical presence to get an actual government-approved physical ID, which can still be a barrier to some, but it doesn’t require a bank account.
Just don’t implement your own like Discourse and Tea.app.
masklinn · 16h ago
> Just don’t implement your own like Discourse and Tea.app.
FWIW discord did not implement their own (sensibly), but since the british government does not provide this service it basically mandates possibly dodgy middlemen.
>Identity shouldn’t be tied to a private institution
This right here. Just look at what happened with visa/mastercard this week, private institutions can and will cave to special interest groups advocating to block access to legal content.
close04 · 14h ago
Whether it’s a government controlled or private identity provider which can or has to provide data to the government, in the end it’s still the perfect way to control what people do online. It’s age restricted stuff at first, but can just as well be applied to any store or social media. Not so eager to express your dissent if it has your name stapled to it.
hnthrowaway7483 · 18h ago
> Discourse
Another victim of auto-correct!
cronin101 · 18h ago
As a Brit that relocated to Norway a decade ago, trust me when I say you cannot fathom the lack of organization around identity that the UK (somewhat intentionally) has. (It’s constantly used for political Godwin’s-law fear-mongering)
There is no centralized ID number, the closest is your social security number but this is basically only outbound for PAYE tax and haphazardly correlated to your pension payments in late life.
Everything operates on a “trust system” where you often present paper (!) with whatever address you claim to be living at as proof you are real (e.g. opening bank accounts).
Passport loss is rectified by seeking out “professionals” with government-approved occupations that are not related to you that can vouch you are actually the person you are trying to replace a passport for.
The entire thing is a mess and living in digital-identity-native Europe is a dream come true that you should be extremely thankful for.
vidarh · 11h ago
It's even worse now: A lot of places now accept PDF's of things like bank statements, since so many people don't get paper copies any more.
It's not that it was hard to fake before if you wanted to, but when you can just get a real PDF as a starting point, and edit it slightly it's just theatre.
astrange · 6h ago
It doesn't have to be perfect. This is how financial regulation works in the US too, but it does work. The idea is that every individual step is weak, but it's a crime to bypass any of it. So the deterrence is you can catch things probabilistically and most people don't want to commit a whole bunch of crimes at once because they all have individual punishments.
The-Old-Hacker · 15h ago
The mess around voter ID is a case in point. A badly-implemented "solution" to a problem that didn't exist.
gambiting · 13h ago
>>There is no centralized ID number, the closest is your social security number
Until you find out that due to a cock up years ago the National Insurance numbers are not guaranteed to be unique, and you realize that somehow the best proof of identity British people have is a humble driving licence because DVLA is at least somewhat competent.
pasc1878 · 5h ago
Unfortunately I don't have a driving license as I am physically unable to get one by law.
jonathantf2 · 18h ago
B-but... if we have an ID card the "government" will be able to track us! /s
It does annoy me how much people get away with scaremongering, I just read a comment of someone who's against digital payments because "then the government will be able to work out how much tax you owe"????
W3zzy · 18h ago
This is the way. Belgian banks joined forces years ago to create such a platform for identity verification and private companies can get granular acces when needed and after they are vetted.
It's all based on the 2014 eIDAS regulation.
This really deserves a digital solution. Let me get a government account and generate tokens that websites can ingest to confirm I'm an adult (and other optional details about me).
Having to use passports or poor solutions like face scanning isn't good enough. I guess the reason they don't do this is because they fear the cost, anything governments price up these days seems to be in the billion range. So the politicians who don't understand how cheap it is to build software assume it's way out of their price range.
parsimo2010 · 14h ago
When you place all the requirements on a software product like what the government has to, then it’s going to be expensive. Anyone who thinks that the total cost of a privacy protecting, government accredited, widely available, reliable, audited, and domestically produced age verification system isn’t going to be in the hundreds of millions has never actually shipped something comparable.
It is literally illegal to slap a few lines of glue code and say “there’s your age verification, look how cheap it is.” The public would be happy about saving money right up until there’s a massive privacy breach and all the ways you cut corners are exposed.
I don’t know if leaving the standards unspecified is the right thing to do (it’s probably not), but don’t pretend like a government verified solution could ever be cheap when dealing with citizens’ identities.
kingstnap · 12h ago
A small group of closely working skilled engineers would produce something more reliable and far less likely to have a privacy breach than the typical government contracting system.
The idea that a small group of people can't produce something that can scale to millions of people is just false.
It also wouldn't just be cheaper; it would be better. The "government" way of doing things would be far more likely to be broken glue code with privacy issues because all those committee meetings and bottom of the barrel contractor selection don't produce better end results
benhurmarcel · 7h ago
> A small group of closely working skilled engineers would produce something more reliable and far less likely to have a privacy breach than the typical government contracting system.
Large technological companies are unable to pull this off either, it’s unrealistic to expect it from a government.
hulitu · 10h ago
> The idea that a small group of people can't produce something that can scale to millions of people is just false.
No. Regards, Palantir, Microsoft, HP (and other government providers)
criley2 · 13h ago
I disagree. This is exactly what happened with the initial launch of Healthcare.gov after the Affordable Care Act. The government spent hundreds of millions contracting a large firm that completely botched the site, it couldn't even handle a few hundred users at launch.
Then a small team of highly skilled engineers from Google/Facebook etc were brought in to fix it. They stabilized and relaunched the system in weeks at a fraction of the original cost. It showed that the problem wasn't the complexity or the standards, it was how the project was managed and who was building it.
zdragnar · 13h ago
IIRC, it wasn't even that it contracted one firm, it contracted many, and the individual contracts were managed separately. None of the systems were actually required to work with each other in letter, only in spirit.
The major advantage of bringing in the engineers (only one ex-googler, most were oracle and redhat, again IIRC) was that they were all already bigwigs and knew how to take ownership of large systems, and were given the authority to do so.
Spivak · 10h ago
What are you talking about? The government gets to cheat and use the IRL ID verification they do already for licenses.
* You create your account as part of your license renewal and have a normal-ass login. As part of that your account is manually marked as being 18+ (or just your age) by the person behind the counter.
* The government publishes a few public certs which will be used to verify.
* Then you go to your account page and click the button to generate a certificate signed by one of the government's private keys. The cert is valid for say 7 days.
* You upload the cert to the website you want to access and the website validates it.
Done. You make it illegal to provide your tokens to minors like it's illegal to provide booze to minors. Good enough for government work. It's literally just an EV cert.
The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.
dylan604 · 10h ago
> The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.
every time a country wide ID comes up, people freak the fuck out about state's rights and it being a power grab. people are already freaking out about RealID. it will take a very authoritarian system to force this through, yet it's the supporters of that leader that are the most vocally against it.
Terr_ · 8h ago
I don't think we can really trust in all those years of stated preferences, now that the revealed ones are so different. They folks who often say "States' rights" have always been the most willing to violate them if it gets them what they want.
Meanwhile, the rest of us should have new fears of a National ID feature. Republicans in administrator-roles recently started corrupting federal databases, fraudulently marking living people as dead [0] in order to kill their accounts, while firing the people who pointed out it was flagrantly illegal.
It doesn't require any imagination for the same bad administrators to illegally disable National ID logins because you posted something that hurt the cult-leader's feelings. The feature cannot be made safe if the framework is still open to crooks.
Hard disagree. The Right Wing Noise Machine freaks out. That is not what people generally think. That’s what they’re TOLD to think, by people who have an agenda to sew discontent.
thfuran · 10h ago
When you say "license renewal", you're referring to a driver's license? Not everyone has one of those.
MBCook · 8h ago
The solution is easy. A government national ID.
The US refuses to do this, so we get a mess. Every state has different drivers license, Social Security numbers aren’t secure at this point, most people don’t have passports.
But if there was a true national ID, the government could provide APIs to verify those. Then these kind of things would be easy for the apps/sites.
All of that obviously ignores the problems in privacy from doing any of this in the first place, etc. i’m starting to think I’m on the side of our national ID given how much of a mess everything is with our current patchwork. But I certainly wouldn’t want to be giving it over to random sites.
We have sort of accidentally set up a system in which verifying someone’s age is a really really hard problem. If a credit card number or trying to use a photograph are the best tools we have it’s clear this doesn’t work.
sapphicsnail · 8h ago
I'd rather have a mess than allow the federal government to have more power over me. I'm trans and I would have to out myself every time I needed to show ID if I had to give up my state driver's license. I like not having to worry about getting harassed whenever I want to go to a bar.
MBCook · 8h ago
I hear you. I really do.
I like the idea of a way of verifying who you are (in that you’re a real person) and age (so you could prove ability to do 18/21+ things).
I see no reason why random companies/etc would need to know gender identity, name, etc.
None of that is relevant to buying alcohol. If they need something, e.g. name on a mortgage, then maybe it’s optionally provided, under my control. I don’t know.
I’m not seriously suggesting we do this. They were clear downsides before the last 10 years made all of them ridiculously clear.
It’s more I hate the current mess and wish something nicer existed. I think it’s fixable in the abstract. But even if we had a good idea for a better system I don’t know how we’d get there. Between sovereign citizen nuts one side who don’t think there should ever be any way to prove they ever existed, to people like you with very clear and good reasons for fearing changes it just seems impossible.
matthewdgreen · 3h ago
We already nearly have a national ID. That’s what RealID is clearly building towards. It helps to build a standardized and federated database of state ID cards that meet Federal guidelines. There’s an de-duplication system called SPEXS as well as a standard called Nlets that can be used to search the state databases. There’s a multi-state query (MSQ) that allows law enforcement to query all of the state databases and obtain a lot of the functionality that we get from a national ID. What’s missing from this is citizenship data, but ICE has a system called IAQ/IAR that can help with that. The recent “BBB” bill also tosses a lot of IT funding at DHS and ICE, which might lead to further expansions.
There’s also a system called mDL that allows you to obtain a digitally signed mobile driver’s license that can be used in your smartphone. This is only supported by a few states for now but it’s not hard to imagine this expanding to many more states in the near future, especially now that both Apple and Google are starting to support it. TL;DR we may not have a national ID, but it sure seems like pretty soon we’ll have an effective “national ID” that does most of the same stuff.
brendoelfrendo · 8h ago
This is one of my biggest issues with pretty much any ID verification legislation. If the Gov wants to enforce ID verification, it is incumbent on the Gov to bend over backwards to ensure that everyone impacted is given a free, secure ID. I refuse to accept any situation where someone is excluded from public participation because they can't afford or are otherwise unable to acquire an ID.
MBCook · 7h ago
I agree. It’s a problem we already have.
Drivers licenses are the de facto one today. You can also get an id card for those who can’t drive.
But it’s fully incumbent on you to do it. You have to arrange transportation to get it, have the free time, necessary documents, live close enough, etc.
That already causes problems for people, and is getting worse as voter ID laws get passed.
“Everyone gets an ID once you’ve figured out these riddles three and gone on a quest” is a stupid system.
Iulioh · 8h ago
If you are trying to find someone who did it, in Italy we have "IO" (bad name for SEO purposes but hey....) and that's basically it.
It mostly works.
zahlman · 6h ago
My understanding has been that any form of national ID (beyond a passport) is a complete non-starter in US political discourse, and it's all handled at the state level. Not so?
Alifatisk · 12h ago
Tim Berners lee thought about this solidproject.org
immibis · 11h ago
Problem: the millisecond this system is rolled out, personal data will be attached to it, not least because I'm just going to generate unlimited 18+ tokens and sell them for $10 apiece
Larrikin · 11h ago
You don't need to identify the user, just be able to show that two tokens are the same user and invalidate, log out both users, and make them generate a new token. You can sell your license to kids today, but it doesn't scale and is a terrible idea to give a kid an ID to a place you frequent.
anon7000 · 12h ago
Oh no, then the government will know how old I am!! (/s)
wood_spirit · 12h ago
They will also know your habits and kinks etc.
tzs · 11h ago
It can be done in a way that prevents that.
Briefly, the government can give you a digital copy of your driver's license or passport or whatever that can be bound to a hardware security key you have. Most modern smartphones have a suitable security key built.
To verify your age for a site a zero-knowledge proof (ZKP) can be constructed for the site to prove that you have that document, it says your age is above the threshold needed for the site, and that you have the hardware key it is bound to, and you were able to unlock that hardware key. Nothing else is revealed to the site.
Note that once the government issues that digital ID bound to your security key they are out of the picture. They have no idea what you use that ID for or when you use it.
Google has released an open source library to help with this kind of system, discussed here [1].
I, for example, couldn’t add my driver’s license even if I wanted to.
skybrian · 6h ago
Yeah, it's more about the future. Maybe in a year or three, you'll be able to write a website that does age verification using a standard web API, without processing any identity documents yourself, and expect it to work.
And sometimes kids will put fake ID's on their phones, or borrow a phone, but that's not your problem.
Hamuko · 15h ago
EU is also gonna require companies to verify ages but there's a white label application that EU member states can use.
If I've understood it correctly, Pornhub can't see anything except that you've turned 18 (no names, no date of births, nothing) and your local government can't see that you've signed up for Pornhub using the app.
stavros · 13h ago
Yes, this is correct. As I understand it, the server asks the application some questions ("is the user above 18?" "are they a resident of country X?" or whatever), you confirm that you want to share the answer, and the application just gets "yes" or "no" to each question.
Xelbair · 11h ago
Yet it is still not a perfect solution. Arguably worse, for possible freedom of speech aspects, than current state.
Actually, they could release a platform quite easily that only delivers age verification, without anything else.
For example, our id's have a qr on it that contains some basic info. Why not provide a platform for age checks with that qr? Anyway, fuck them. Education goes a lot further than trying to force identity verification on private companies when there is no real life threat in play.
2OEH8eoCRo0 · 13h ago
Why should the govt provide a way to verify? They should fine companies that violate. Companies will figure how to comply because they don't want to be fined.
DaSHacka · 11h ago
Because then you get situations like OP and that happened with Tea?
vidarh · 11h ago
The problem is that said companies have no interest in doing more than the barest minimum to keep the details safe.
isoprophlex · 9h ago
"Open your mouth to verify your age"
Not that different from "Drink a verification can to continue". Hilariously dystopian.
beeflet · 8h ago
The best part is that this is going to work for about 5 days until someone develops a computer model of a face that can simulate the inside of the mouth. Then we have two problems!
On the other note, can one attach chrome devtools to any electron application?
jfyi · 7h ago
It was available with ctrl+shift+I for forever in their desktop client. It only changed in the last 2 years or so.
Pretty sure it's just a flag somewhere to re-enable.
Retr0id · 13h ago
On-device models are excellent for privacy, but they are fundamentally broken from a security perspective. Preventing people from spoofing the results would involve locking them out of their own devices, via DRM.
subscribed · 11h ago
Hardware attestation would be enough to clamp down on almost anything, ensuring the hardware and the os guarantee the outcome is not manipulated.
Not the broken anti-competitive Google play store integrity (which is passing for any handset not patched for the last 8 years but with Google buttplug in it, effectively nullifying assurances from the attestation), but a proper hw attestation.
Retr0id · 10h ago
You just described DRM
astrange · 6h ago
DRM mostly explicitly does /not/ function that way.
If you jailbreak an iPhone you can still use store apps and watch movies. You don't think that's just because Apple forgot about it, right? Or because the movie studios are merciful? They definitely aren't. It's because they think it'd be illegal to lock you out over it.
Retr0id · 5h ago
You are mistaken. DRM can work in a variety of ways but that is absolutely one of them.
Apple doesn't attestation as part of their DRM (afaik) because it wouldn't be very useful. An iOS jailbreak requires the kind of exploits that would break attestation anyway, so it adds little value.
Movie studios could require strong hardware attestation for playback, but in doing so they would limit the set of compatible devices. They are in fact a little merciful (if only because they care about their bottom line).
> It's because they think it'd be illegal to lock you out over it.
I wish.
astrange · 2h ago
One thing I've noticed is that when I post something here I know for a fact but that isn't common wisdom, nobody believes me.
> You are mistaken. DRM can work in a variety of ways but that is absolutely one of them.
Of course it can work that way. It's software, you can write whatever you want.
It doesn't though. If you prefer, they have chosen to believe this is what the law says because it's a good argument if some partner asks them to do it.
Similarly you can get banned from the eShop if you jailbreak your Nintendo Switch, but they don't stop you from using physical games. They could do that if they wanted to. Or rather, they could make you have to work around it.
hhh · 13h ago
I understand, and think that there’s an acceptance criteria for some level of fraud tbh.
FergusArgyll · 6h ago
Paging @patio11
immibis · 11h ago
You're treating this as a computer security problem when it's actually a political problem. It doesn't have to work to be mandated. It doesn't even have to work, for everyone to get a pat on the back and a raise for implementing it. Keeping minors away from porn isn't the point, the point is more like to scare people about being surveilled so they voluntarily won't watch it.
Der_Einzige · 10h ago
That's the point!
We want a broken and easily bypassable system that only exists to make do-gooders think they did good.
edm0nd · 19h ago
I think this is the correct way too.
Some of the age verification systems that use digital ids (mDLs) do the same thing but people freak out about how they work because I think they misunderstand the tech.
They system basically asks the mDL via an api call "is this user above the age of 18/21" and the app only responds with a yes or no. It doesn't pass the users fulls details over or anything like that.
MattPalmer1086 · 18h ago
Do these systems prevent linkability or allow the use of pseudonyms?
As in, if I repeatedly ask for age verification to the same service, does it know:
1) the identity of the user making the request, and
2) whether repeated requests comes from the same user (even if they don't know who it is?)
rumblefrog · 19h ago
Could you point to the source of the on-device model? Moreso for curiosity.
michaelt · 19h ago
No, but I can tell you that the moment you open the browser console, it stops scanning and marks the scan as failed.
> Identity documents are deleted after a user’s age group is confirmed, and the video selfies used for facial age estimation never leaves their device.
phendrenad2 · 9h ago
There's a lot of hype around age verification by letting AI look at the user's face. But everyone has met someone who was 28 and looked 16, or vice versa. It's not exactly uncommon. A few genes go wrong and you get some weird facial features that throws off our perception of age. Guess what? Our brains are just neural nets trained on data. So AI will fail in exactly the same way.
Ironic that this comes at a time when AI-generated pictures are getting better and better.
Personally, I will never use Discord and they just gave me another reason not to.
silisili · 19h ago
Maybe I'm old. Well, no, I am relatively old.
Either way, when I see a person or business advertise a Discord link, I immediately think of either as immature.
I miss the days of forums, and wish something like them could thrive again instead of rather private, but importantly ephemeral chats.
michaelt · 17h ago
> I miss the days of forums, and wish something like them could thrive again instead of rather private, but importantly ephemeral chats.
Open source projects have long had ephemeral chats, private to the people in the chat at that moment - it just used to be called IRC.
foresto · 9h ago
And they have also long had places for collecting persistent, searchable information alongside their IRC presence; usually public bug trackers and/or forums.
It has become all too common for a project to offer only Discord, which not only makes all community-collected information more or less ephemeral, but also locks it away behind some corporation's ever-changing terms and conditions, some of which are onerous.
GP's complaint is not that ephemeral chats exist, but rather that there is often nothing else.
macintux · 11h ago
Except there were open, archival solutions for IRC for projects to take advantage of. Are there any for Discord?
soulofmischief · 12h ago
I've been hired and have hired people through the Discord community. It's no different than Hacker News in this respect, where I've done the same. Professionalism is orthogonal, though I will agree that ephemeral chats have serious drawbacks for project-oriented communities.
hofrogs · 10h ago
You can read HN without an account, and making an account doesn't require providing a phone number. (Discord in some cases locks you out of an account entirely if it thinks that you are "suspicious" until you provide a one-time sms code from a phone # that satisfies them)
ekianjo · 19h ago
its seems even more self defeating when its a FOSS project whose only way to connect with the community is a Discord space.
DecoySalamander · 18h ago
If this story reflects poorly on anyone, it's on Britain, not Discord.
subscribed · 10h ago
Could me MUCH, MUCH worse, they could use Epic's service like Bluesky does.
This Epic, which famously had to pay half of billion USD settlement when they got caught for law breaking (collecting personal data without consent. Clearly against the law, because they knew they're collecting details of children) : https://www.exterro.com/resources/blog/data-privacy-alert-ft...
nottorp · 20h ago
The one good thing about the stupid age verification is it stimulates thinking outside the box in kids :)
IshKebab · 10h ago
Not really - only one kid has to think outside the box. They others just copy.
zahlman · 2h ago
I can't recall ever being asked by Discord for any kind of age verification. Can't people get around this by just claiming to live somewhere other than the UK?
pacifika · 19h ago
Several articles say that Ofcom has said platforms must not host, share, or permit content encouraging the use of VPNs to bypass age checks, adding that parents should be aware of how VPNs can be used to bypass the Act.
makerofthings · 18h ago
All those parents that couldn’t use parental controls to limit what their children see in a browser are not suddenly going to start policing VPNs. This is terrible legislation wrapped in terrible advice.
IshKebab · 10h ago
Yeah the funniest thing is that Ofcom said:
> Concerned parents, it said, should block or control VPN usage.
Hilarious. I wonder if they realised...
ndsipa_pomu · 14h ago
That annoys me as the VPN isn't necessarily bypassing the age check, but instead is allowing the person to pretend that they don't live in a country with stupid laws. I mean, Ofcom might as well warn parents about cheap holiday websites that encourage people to bypass the age checks by flying to a sane country.
immibis · 11h ago
Yes? I expect that "take a weekend to France to bypass age verification" and "subscribe to NordVPN to bypass age verification" are both legal while "take a weekend to France to see the Eiffel tower" and "use NordVPN to increase your security" are both legal.
Did you never wonder why VPN ads don't really list any actual use cases, yet they're wildly popular? If you know what you need it for, the ad doesn't have to tell you - just has to tell you which company to give your money to.
jrockway · 11h ago
VPN ads do list actual use cases. The most popular one I've heard is geolocation-based pricing on airline tickets.
(I still don't really know what people are actually using VPNs for.)
immibis · 24m ago
Torrenting; multi-accounting.
hofrogs · 10h ago
For instance, VPNs are popular in Russia, people use them to access YouTube, Instagram and other platforms banned by the regime.
IshKebab · 10h ago
VPN ads talk about bypassing streaming region locks all the time.
dylan604 · 21h ago
If it works for video game characters, why not just any random actor? There's going to be plenty of footage available of them in various positions to get around the can't use just one image "security" feature.
ethan_smith · 15h ago
The fundamental issue is that these verification models are trained on datasets containing fictional characters and celebrities, so they're essentially being asked to distinguish between inputs that were part of their own training distribution.
dylan604 · 14h ago
Yet TFA shows the character used to beat the verification is a game character based on the likeness of an actor famous for the role he pays the game character is based. So you’re saying what, that the system isn’t aware it was trained on this person, the training isn’t looking that person is known to the training, or the system just doesn’t work as advertised?
avodonosov · 20h ago
Who can think submitting biometrics online is in user's interest?
mgaunard · 18h ago
I've seen formerly free content platforms now require a payment of 2 GBP to prove your age.
Ridiculous.
johnisgood · 10h ago
Pocket change. :D
And yeah, absurd.
2OEH8eoCRo0 · 13h ago
Something that's occurred to me is that we are already deanonymized and tracked everywhere online but most people are fine with it because it's done secretly and transparently (you don't notice). Age verification w/ something like a license online brings the issue front and center. It's not hidden that you are not anonymous online and people freak out.
can16358p · 20h ago
Am I the only one who sees website appear for a split second and become completely blank white?
(iOS Safari)
Okay turning off content blockers did the trick. AdGuard was blocking the whole site for some reason.
jimbobthemighty · 19h ago
No - on a chromebook as well
codedokode · 20h ago
Age verification should be made on OS or firmware level when buying a device. And not by sending your passport scan to random companies with dubious data collection practices.
A law must mandate that an "adult" version of OS (or device) may be sold only to adult users. It is not difficult for Microsoft/Apple to implement this yet they do not want to for some reason.
This would allow more reliable age verification, without revealing identity of account owners. Well, maybe the govt wants exactly the opposite.
herbst · 20h ago
I can tell how this would be implemented. Microsoft rolls their own awkward standard nobody asked for. Other major companies try to use a somewhat common standard.
The Industrie enforces new rules and suddenly it costs $150000 and has awkward requirements to get your OS certified adult.
For the years to come only the most recent windows versions and customer devices like phones will work. No Linux will pay to get a standard they haven't asked for. Embed devices will stop working as more and more stuff gets simply flagged "adult only"
Just don't ... :)
Edit:// see Silverlight, or why it took years until something like Netflix was even legally technically possible
immibis · 2h ago
I think they'll just send X-Is-Over18: Yes. Nobody actually cares about this issue enough to invest money in it - just enough to get certain stupid politicians off their backs. There will be third party browsers that always send the header, and they'll be banned from the app store upon discovery, and if they get famous enough their creators will be sent to jail, just like Tornado Cash.
valenterry · 19h ago
Listen to that guy!
valenterry · 19h ago
Oh god no. We need to absolutely stop making OSs more restrictive than they already are. There are better solutions.
snerbles · 18h ago
The California legislature is already working on forcing operating systems to attest the age of the user at the account level. See the recent gut-and-amend of AB1043 [0], which was a privacy bill [1] just a few months ago:
> This bill would require, among other things related to age verification on the internet, a covered manufacturer to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the sole purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would define “covered manufacturer” to mean a person who is a manufacturer of a device, an operating system for a device, or a covered application store. The bill would require a developer to request a signal with respect to a particular user from a covered manufacturer when that user requests to download an application.
> This bill would punish noncompliance with a civil penalty to be enforced by the Attorney General, as prescribed.
I’ve often talked about in private settings about how running open source OSes and DRM-free setups would likely become illegal in the future. With every passing day this vision seems closer to reality.
subscribed · 9h ago
"you must be a terrorist or a child abuser if you're so afraid of security... Unhackable phone? What are you hiding? "
Add several big TV shows, op-eds in national press and it'll start shifting even without the laws.
My money is on the UK leading the charge.
LocalH · 10h ago
The slowly boiled death of general-purpose computing
beeflet · 8h ago
A slow-boiled GNU with a hardened kernel, and a side of salted hashes please
codedokode · 11h ago
First, there are too many brackets, second, I think the age should be set by a store, not by the user because obviously all kids will state that they are over 18.
immibis · 2h ago
So cat ~/.user_age ?
codedokode · 11h ago
Uploading your passport to a random company is a worse solution, and it is being rolled out now.
PartiallyTyped · 20h ago
Denmark does it by sending you to a government-owned website, which then uses two factor authentication and responds back verifying one’s identity.
I don’t understand why other countries can’t do the same.
maccard · 18h ago
The UK doesn’t have any form of identity that can be used like this. There’s a very very vocal group of people who oppose the idea to the point that it hasn’t gained traction.
zarzavat · 12h ago
There's three groups:
First, a vocal minority of security freaks lead by Tony Blair who think that forcing everybody to carry ID cards around is a proportionate way to protect Britain from terrorists, illegal immigrants and other foes.
Second, a large proportion of the country who think that the introduction of optional ID cards is a slippery slope towards the first group getting what they want.
Third, another large proportion of people who think that the risk of the first group getting what they want is overblown, or else think that the convenience of being able to prove identity more easily outweighs the inconvenience of having to carry an ID card around everywhere.
In the great ID card battle of the late-00s, the second group won decisively and politicians have been too scared to take up the issue ever since. Except for Blair, but having the face of your political campaign be a war criminal is of negative value to that cause.
subscribed · 9h ago
Voter ID rears its ugly head.
It's compulsory now so it's doable. Especially since voter registers are available to certain companies* regardless of the voters' consent.
*eg political parties, credit bureaus.
ndsipa_pomu · 14h ago
I wouldn't describe myself as a very very vocal person, but I'm not a fan of the UK introducing identity cards as it would almost certainly be misused by the government and the data would be leaked as the UK government is utterly incompetent (when it comes to computers).
Jigsy · 12h ago
Yeah. They left unencrypted child (benefits?) information on a train once.
codedokode · 11h ago
This is a first step to shutting down anonymous accounts - here in Russia for example the account must be linked at least to a phone number or to a government ID and I see no reason why other governments don't want to do the same.
immibis · 2h ago
In Germany it's not the case, but in Germany they have to store your IP address, and your IP address records are linked to your passport. It is illegal to get an Internet connection without a responsible party. The person who provides their passport is liable for all misuse no matter who did it. Public wifi was effectively illegal in Germany until recently due to this rule, until a special exception was made for public wifi but the rule is otherwise still in place.
Yeul · 19h ago
The Netherlands has this system but it is ripe for abuse. We still have a few Christ clowns and there's a big fascist party at the moment.
How about we don't make lists of people visiting porn sites? How about we accept that children are part of society and not try to put them in little cages like songbirds?
npteljes · 12h ago
Children are part of society, but adults need to have their space to do their adult things, some of which are actually hurting children. The "little cages" are actually supposed to aid a healthy mental development.
But whatever age-verification solution I have seen so far sucked, really badly. And I can't believe people promote something like a government based age check. People need their privacy.
Etheryte · 19h ago
Tangential discussion, one thing I like a lot about the Netherlands is that it's not common to flaunt wealth, at least not as much as in some other countries. For all their other flaws, isn't this something that comes from the protestants? Or is there a different historical background here?
Barrin92 · 12h ago
>How about we accept that children are part of society and not try to put them in little cages like songbirds?
It's the correct idea but the way it should be done is by coming to a democratic consensus that helicopter parenting is bad, not by attempting to hobble the infrastructure of government. If only for the practical reason that it'll simply be outsourced and privatized. In US states where the police can't scan license plates, there's a private industry doing that and then selling the data back to the police. The same result but now you pay a premium.
Lee Kuan Yew was fond of making this point. Weak "horizontal" administrations will creep in ways that are more opaque and without checks than strong "vertical" ones.
immibis · 2h ago
One reason that's better is that private companies aren't backed by the force of law the same way police are. I don't think it's a felony to prevent some random company's spy camera from seeing your license plate but it is illegal to prevent the police from seeing it. (Of course it's illegal to generally obscure it so there's some implementation details to be worked out there)
PartiallyTyped · 12h ago
I am fairly certain it can be done in a zero-knowledge way, but regardless, parents should be taking care of this.
crooked-v · 19h ago
The US in particular doesn't have a national identity system in the first place because the Republican party has opposed the concept for a long timr for various reasons both ideological ("mark of the beast" claims are less of a thing these days but have been made in the past) and political (having a patchwork of systems makes voter suppression and stochastic disenfranchisement of undesireables easier). Without that, any kind of unified verification system is very unlikely to happen.
uamgeoalsk · 19h ago
It's worth being careful with broad characterizations like this. Attributing complex policy opposition to fringe beliefs or bad faith motives oversimplifies the issue and shuts down good faith discussion. Whatever one’s views, that kind of framing isn’t helpful.
dpkirchner · 10h ago
But in this case it's absolutely true -- I've yet to see any other reason for Republicans to be opposed to national IDs. Have you?
astrange · 6h ago
The funny thing is voter suppression doesn't actually help either party consistently over time. Right now the marginal voter is Republican, and so are all the "low-information" voters (this is the polite term politics people use for, you know.)
So voter ID laws would make them lose every election. But of course, that's not permanent either.
HelloMcFly · 5h ago
Would Passports not be considered a "national identity system"?
In Westminster systems you can kick out the government all you want and often do. The point of the constitutional monarchy is to separate the people you "shouldn't criticize" from the people who actually have any power.
The reason they're doing this is that British people hate themselves, hate their children, and the purpose of the country is to take everyone's money and give it to pensioners.
> A man who was arrested by police in England for asking who elected King Charles III says he’s worried that his arrest could have a “chilling effect” on freedom of expression in the country.
Keir Starmer is "the government" if you want someone. And he's at 27% popularity.
The king's literal job is to not be the government. He gets to be the emotional symbol of the country and be treated with respect in exchange for promising to never actually do anything.
Most of them pretend the monarch is allowed to do things (as long as the government tells them what to do first), but in Japan and Sweden they don't even have that power. The emperor of Japan is basically just a prisoner we (the US, who wrote their constitution) keep in a palace for fun. They seem to like this and have taken to being the most boring family possible; the current emperor's official hobby is "water" and he stopped playing the violin because he thought it was too interesting.
As for why the UK still has lese majeste, beats me.
In the old days the put the porno mags on the top shelf so kids couldn't read them. That was hackable too but it didn't matter much.
Not saying it’s good or bad. Just that it’s intentional.
https://en.wikipedia.org/wiki/BankID
Need to buy "toys", vape products, alcohol... anything adult online?
There's a 3rd party web app (you rightfully don't trust) as an age check in the shopping cart / user account of any of these adult shops, and this has multiple ways of verifying your age - and one of them is the bank's api, you pick it, your bank's identity sharing page loads, you log in, it shows exactly what information will be shared in a bullet point list, you tap OK, immediately a request like "this app wants to know your age, please verify" pops up in your smart banking app on your phone, you tap ok, fingerprint scan, DONE.
Problem solved. The 3rd party app knows just what it needs to. All of this takes maybe a minute and your personal info is perfectly safe (unless you don't trust your bank at which point you have bigger problems to worry about...)
Two of the well-used solutions to identity in the U.S. are login.gov (government-managed) and id.me (private, but used by government). Basically to get setup, at some point you have to have physical presence to get an actual government-approved physical ID, which can still be a barrier to some, but it doesn’t require a bank account.
Just don’t implement your own like Discourse and Tea.app.
FWIW discord did not implement their own (sensibly), but since the british government does not provide this service it basically mandates possibly dodgy middlemen.
My understanding is that discord uses (contracted?) https://www.k-id.com/
This right here. Just look at what happened with visa/mastercard this week, private institutions can and will cave to special interest groups advocating to block access to legal content.
Another victim of auto-correct!
There is no centralized ID number, the closest is your social security number but this is basically only outbound for PAYE tax and haphazardly correlated to your pension payments in late life.
Everything operates on a “trust system” where you often present paper (!) with whatever address you claim to be living at as proof you are real (e.g. opening bank accounts).
Passport loss is rectified by seeking out “professionals” with government-approved occupations that are not related to you that can vouch you are actually the person you are trying to replace a passport for.
The entire thing is a mess and living in digital-identity-native Europe is a dream come true that you should be extremely thankful for.
It's not that it was hard to fake before if you wanted to, but when you can just get a real PDF as a starting point, and edit it slightly it's just theatre.
Until you find out that due to a cock up years ago the National Insurance numbers are not guaranteed to be unique, and you realize that somehow the best proof of identity British people have is a humble driving licence because DVLA is at least somewhat competent.
https://en.m.wikipedia.org/wiki/EIDAS
Having to use passports or poor solutions like face scanning isn't good enough. I guess the reason they don't do this is because they fear the cost, anything governments price up these days seems to be in the billion range. So the politicians who don't understand how cheap it is to build software assume it's way out of their price range.
It is literally illegal to slap a few lines of glue code and say “there’s your age verification, look how cheap it is.” The public would be happy about saving money right up until there’s a massive privacy breach and all the ways you cut corners are exposed.
I don’t know if leaving the standards unspecified is the right thing to do (it’s probably not), but don’t pretend like a government verified solution could ever be cheap when dealing with citizens’ identities.
The idea that a small group of people can't produce something that can scale to millions of people is just false.
It also wouldn't just be cheaper; it would be better. The "government" way of doing things would be far more likely to be broken glue code with privacy issues because all those committee meetings and bottom of the barrel contractor selection don't produce better end results
Large technological companies are unable to pull this off either, it’s unrealistic to expect it from a government.
No. Regards, Palantir, Microsoft, HP (and other government providers)
Then a small team of highly skilled engineers from Google/Facebook etc were brought in to fix it. They stabilized and relaunched the system in weeks at a fraction of the original cost. It showed that the problem wasn't the complexity or the standards, it was how the project was managed and who was building it.
The major advantage of bringing in the engineers (only one ex-googler, most were oracle and redhat, again IIRC) was that they were all already bigwigs and knew how to take ownership of large systems, and were given the authority to do so.
* You create your account as part of your license renewal and have a normal-ass login. As part of that your account is manually marked as being 18+ (or just your age) by the person behind the counter.
* The government publishes a few public certs which will be used to verify.
* Then you go to your account page and click the button to generate a certificate signed by one of the government's private keys. The cert is valid for say 7 days.
* You upload the cert to the website you want to access and the website validates it.
Done. You make it illegal to provide your tokens to minors like it's illegal to provide booze to minors. Good enough for government work. It's literally just an EV cert.
The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.
every time a country wide ID comes up, people freak the fuck out about state's rights and it being a power grab. people are already freaking out about RealID. it will take a very authoritarian system to force this through, yet it's the supporters of that leader that are the most vocally against it.
Meanwhile, the rest of us should have new fears of a National ID feature. Republicans in administrator-roles recently started corrupting federal databases, fraudulently marking living people as dead [0] in order to kill their accounts, while firing the people who pointed out it was flagrantly illegal.
It doesn't require any imagination for the same bad administrators to illegally disable National ID logins because you posted something that hurt the cult-leader's feelings. The feature cannot be made safe if the framework is still open to crooks.
[0] https://www.cbpp.org/blog/trump-and-doge-claim-power-to-fals...
The US refuses to do this, so we get a mess. Every state has different drivers license, Social Security numbers aren’t secure at this point, most people don’t have passports.
But if there was a true national ID, the government could provide APIs to verify those. Then these kind of things would be easy for the apps/sites.
All of that obviously ignores the problems in privacy from doing any of this in the first place, etc. i’m starting to think I’m on the side of our national ID given how much of a mess everything is with our current patchwork. But I certainly wouldn’t want to be giving it over to random sites.
We have sort of accidentally set up a system in which verifying someone’s age is a really really hard problem. If a credit card number or trying to use a photograph are the best tools we have it’s clear this doesn’t work.
I like the idea of a way of verifying who you are (in that you’re a real person) and age (so you could prove ability to do 18/21+ things).
I see no reason why random companies/etc would need to know gender identity, name, etc.
None of that is relevant to buying alcohol. If they need something, e.g. name on a mortgage, then maybe it’s optionally provided, under my control. I don’t know.
I’m not seriously suggesting we do this. They were clear downsides before the last 10 years made all of them ridiculously clear.
It’s more I hate the current mess and wish something nicer existed. I think it’s fixable in the abstract. But even if we had a good idea for a better system I don’t know how we’d get there. Between sovereign citizen nuts one side who don’t think there should ever be any way to prove they ever existed, to people like you with very clear and good reasons for fearing changes it just seems impossible.
There’s also a system called mDL that allows you to obtain a digitally signed mobile driver’s license that can be used in your smartphone. This is only supported by a few states for now but it’s not hard to imagine this expanding to many more states in the near future, especially now that both Apple and Google are starting to support it. TL;DR we may not have a national ID, but it sure seems like pretty soon we’ll have an effective “national ID” that does most of the same stuff.
Drivers licenses are the de facto one today. You can also get an id card for those who can’t drive.
But it’s fully incumbent on you to do it. You have to arrange transportation to get it, have the free time, necessary documents, live close enough, etc.
That already causes problems for people, and is getting worse as voter ID laws get passed.
“Everyone gets an ID once you’ve figured out these riddles three and gone on a quest” is a stupid system.
It mostly works.
Briefly, the government can give you a digital copy of your driver's license or passport or whatever that can be bound to a hardware security key you have. Most modern smartphones have a suitable security key built.
To verify your age for a site a zero-knowledge proof (ZKP) can be constructed for the site to prove that you have that document, it says your age is above the threshold needed for the site, and that you have the hardware key it is bound to, and you were able to unlock that hardware key. Nothing else is revealed to the site.
Note that once the government issues that digital ID bound to your security key they are out of the picture. They have no idea what you use that ID for or when you use it.
Google has released an open source library to help with this kind of system, discussed here [1].
[1] https://news.ycombinator.com/item?id=44457390
Breaking any security key weakens the whole system
Eh, at least until they require all sites to ensure all posts and pictures are signed by a valid digital ID. You know, to prevent terrorism.
Here’s Google’s doc:
https://developers.google.com/wallet/identity/verify/accepti...
Looks like it will support zero knowledge proofs?
I, for example, couldn’t add my driver’s license even if I wanted to.
And sometimes kids will put fake ID's on their phones, or borrow a phone, but that's not your problem.
https://ageverification.dev/
If I've understood it correctly, Pornhub can't see anything except that you've turned 18 (no names, no date of births, nothing) and your local government can't see that you've signed up for Pornhub using the app.
https://www.eff.org/deeplinks/2025/04/age-verification-europ...
For example, our id's have a qr on it that contains some basic info. Why not provide a platform for age checks with that qr? Anyway, fuck them. Education goes a lot further than trying to force identity verification on private companies when there is no real life threat in play.
Not that different from "Drink a verification can to continue". Hilariously dystopian.
I hope they just improve that performance, rather than see this and back out of it entirely and require ID checks.
And that's why it's been bypassed already
https://x.com/Pirat_Nation/status/1949036664132657225
On the other note, can one attach chrome devtools to any electron application?
Pretty sure it's just a flag somewhere to re-enable.
Not the broken anti-competitive Google play store integrity (which is passing for any handset not patched for the last 8 years but with Google buttplug in it, effectively nullifying assurances from the attestation), but a proper hw attestation.
If you jailbreak an iPhone you can still use store apps and watch movies. You don't think that's just because Apple forgot about it, right? Or because the movie studios are merciful? They definitely aren't. It's because they think it'd be illegal to lock you out over it.
Apple doesn't attestation as part of their DRM (afaik) because it wouldn't be very useful. An iOS jailbreak requires the kind of exploits that would break attestation anyway, so it adds little value.
Movie studios could require strong hardware attestation for playback, but in doing so they would limit the set of compatible devices. They are in fact a little merciful (if only because they care about their bottom line).
> It's because they think it'd be illegal to lock you out over it.
I wish.
> You are mistaken. DRM can work in a variety of ways but that is absolutely one of them.
Of course it can work that way. It's software, you can write whatever you want.
It doesn't though. If you prefer, they have chosen to believe this is what the law says because it's a good argument if some partner asks them to do it.
Similarly you can get banned from the eShop if you jailbreak your Nintendo Switch, but they don't stop you from using physical games. They could do that if they wanted to. Or rather, they could make you have to work around it.
We want a broken and easily bypassable system that only exists to make do-gooders think they did good.
Some of the age verification systems that use digital ids (mDLs) do the same thing but people freak out about how they work because I think they misunderstand the tech.
They system basically asks the mDL via an api call "is this user above the age of 18/21" and the app only responds with a yes or no. It doesn't pass the users fulls details over or anything like that.
As in, if I repeatedly ask for age verification to the same service, does it know:
1) the identity of the user making the request, and 2) whether repeated requests comes from the same user (even if they don't know who it is?)
The vendor is https://www.k-id.com in Discord's case
> Identity documents are deleted after a user’s age group is confirmed, and the video selfies used for facial age estimation never leaves their device.
Personally, I will never use Discord and they just gave me another reason not to.
Either way, when I see a person or business advertise a Discord link, I immediately think of either as immature.
I miss the days of forums, and wish something like them could thrive again instead of rather private, but importantly ephemeral chats.
Open source projects have long had ephemeral chats, private to the people in the chat at that moment - it just used to be called IRC.
It has become all too common for a project to offer only Discord, which not only makes all community-collected information more or less ephemeral, but also locks it away behind some corporation's ever-changing terms and conditions, some of which are onerous.
GP's complaint is not that ephemeral chats exist, but rather that there is often nothing else.
This Epic, which famously had to pay half of billion USD settlement when they got caught for law breaking (collecting personal data without consent. Clearly against the law, because they knew they're collecting details of children) : https://www.exterro.com/resources/blog/data-privacy-alert-ft...
> Concerned parents, it said, should block or control VPN usage.
Hilarious. I wonder if they realised...
Did you never wonder why VPN ads don't really list any actual use cases, yet they're wildly popular? If you know what you need it for, the ad doesn't have to tell you - just has to tell you which company to give your money to.
(I still don't really know what people are actually using VPNs for.)
Ridiculous.
And yeah, absurd.
(iOS Safari)
Okay turning off content blockers did the trick. AdGuard was blocking the whole site for some reason.
A law must mandate that an "adult" version of OS (or device) may be sold only to adult users. It is not difficult for Microsoft/Apple to implement this yet they do not want to for some reason.
This would allow more reliable age verification, without revealing identity of account owners. Well, maybe the govt wants exactly the opposite.
The Industrie enforces new rules and suddenly it costs $150000 and has awkward requirements to get your OS certified adult.
For the years to come only the most recent windows versions and customer devices like phones will work. No Linux will pay to get a standard they haven't asked for. Embed devices will stop working as more and more stuff gets simply flagged "adult only"
Just don't ... :)
Edit:// see Silverlight, or why it took years until something like Netflix was even legally technically possible
> This bill would require, among other things related to age verification on the internet, a covered manufacturer to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the sole purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would define “covered manufacturer” to mean a person who is a manufacturer of a device, an operating system for a device, or a covered application store. The bill would require a developer to request a signal with respect to a particular user from a covered manufacturer when that user requests to download an application.
> This bill would punish noncompliance with a civil penalty to be enforced by the Attorney General, as prescribed.
[0] https://legiscan.com/CA/text/AB1043/2025 [1] https://legiscan.com/CA/text/AB1043/id/3134744
If you want to know more about this lovely bait-and-switch tactic used by the Golden State's legislature, see here: https://californiaglobe.com/uncategorized/gut-and-amend-bill...
Add several big TV shows, op-eds in national press and it'll start shifting even without the laws.
My money is on the UK leading the charge.
I don’t understand why other countries can’t do the same.
First, a vocal minority of security freaks lead by Tony Blair who think that forcing everybody to carry ID cards around is a proportionate way to protect Britain from terrorists, illegal immigrants and other foes.
Second, a large proportion of the country who think that the introduction of optional ID cards is a slippery slope towards the first group getting what they want.
Third, another large proportion of people who think that the risk of the first group getting what they want is overblown, or else think that the convenience of being able to prove identity more easily outweighs the inconvenience of having to carry an ID card around everywhere.
In the great ID card battle of the late-00s, the second group won decisively and politicians have been too scared to take up the issue ever since. Except for Blair, but having the face of your political campaign be a war criminal is of negative value to that cause.
It's compulsory now so it's doable. Especially since voter registers are available to certain companies* regardless of the voters' consent.
*eg political parties, credit bureaus.
How about we don't make lists of people visiting porn sites? How about we accept that children are part of society and not try to put them in little cages like songbirds?
But whatever age-verification solution I have seen so far sucked, really badly. And I can't believe people promote something like a government based age check. People need their privacy.
It's the correct idea but the way it should be done is by coming to a democratic consensus that helicopter parenting is bad, not by attempting to hobble the infrastructure of government. If only for the practical reason that it'll simply be outsourced and privatized. In US states where the police can't scan license plates, there's a private industry doing that and then selling the data back to the police. The same result but now you pay a premium.
Lee Kuan Yew was fond of making this point. Weak "horizontal" administrations will creep in ways that are more opaque and without checks than strong "vertical" ones.
So voter ID laws would make them lose every election. But of course, that's not permanent either.