- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
You must log in or # to comment.
This has nothing to do with protecting children
It will help the pedophile class and Israeli backed oligarchs mass surveil us more effectively
https://video.twimg.com/amplify_video/2044718576485953536/vid/avc1/996x2160/hyLmEHaGr6DltAA6.mp4
Apparently it’s already exposing sensitive user data and can be bypassed.
Wrong. This is to violate everyone’s rights and target children. This is fucking abhorrent and needs to be stopped.
The pedophile class is tightening the noose
Fucking cunts won’t stop. Next, it’s gonna be chat control 3.0 again.
Who do we need to send to the guillotine?
The victors of WW2.
Liberals. It’s systemic like it has always been. As cathartic as it is to remember the French Revolution, it’s not like it worked and ended stratification and imperialism. Liberalism will always seek as much control as possible, and the internet has proven to be a huge fucking problem exactly because it is so impossible to control.
Lies
OK lib.
Found the cave man
Exactly. Centrism, and the very idea that there is “moderation” to be sought between progressive ideals and back-assward conservatism, is a fucking plague. We all suffer because people don’t want to seem “extreme” and I’m fucking tired of it. We have to commit to being progressive and admit that all centrism has ever done is seek validation for and to normalize right-wing viewpoints long enough that we stop paying attention.
Only siths deal in absolutes.
Ok?
I’m also not talking about absolutes, unless you’re participating in relativistic politics that only care about ideologies in reference to other ideologies and is a practice used by people too stupid to form their own opinions about platforms they’ve actually looked into.
It was a quote from the star wars prequels
We all know that, it just doesn’t really fit here.
If they are so dead set on protecting children, I suggest starting with:
Gaza Strip and the West Bank (Palestine) Ukraine Sudan Myanmar Democratic Republic of the Congo (DRC) Syria Yemen Ethiopia Afghanistan Haiti Niger Mali Burkina Faso
Zuks wallet will do just fine in the mean time
Can we stop pretend they give a single fuck about kids?
Edit: poor choice of words. Thats the only thing they give kids.
What a relief that would be. “We are compromising your personal rights with protecting children as a cover, children safety has nothing to do with it, in fact we don’t give a single fuck about anything but revenue. It sounds better to save children than revenue”
I get my porn from illegal download sites that aren’t interested in age-verification.
Like all Prohibition Policies, this is only going to push people toward more illegal outlets, which demonstrate more morality than the legal ones.
Or, as is the case with a lot of sex work, push people into more dangerous situations.
If this is not the most crooked EU Comission ever, it’s a pretty close second.
Parents should protect children online.
I largely agree with you.
But please can you tell me how you believe this differs from age-gating the purchase of cigarettes, lottery tickets, age restricted cinema tickets, alcohol, firearms and so many other things we already have age-gating on?
Edit: I’d love any one of the downvoters to comment and actually explain what I’ve said that’s so atrocious? We DO age gate many things in society and many, I dare say most, would not want cigarettes to be available to a 13 year old. So what is it about online that makes it so different? If we CAN make age checks online anonymous (and indeed the EU standard downright requires it) why don’t we want this online?
How many of your rights are you willing to give up so little Timmy doesn’t search titties on Google.
I don’t have to give up any rights for age gating to work anonymously and properly. Neither do you.
Explain basically every privacy, cyber security and child safety organization saying this is a bad idea, then.
I’d love to engage in this. Before we do that, please can we be clear if we are talking about the EU system, or the USA-proposed OS-based system? Given they are now the same, the reactions to these two systems have also not been the same.
Both. There’s a difference between showing some clerk your ID compared to uploading it to the internet. It’s not a question of if it being hacked. It will be. Denial of this is dangerous. If you don’t see this as important, you’re desensitized by the sheer number of yearly cyber attacks.
And that’s only the start. Children will only be marginalized. Protected groups will be increasingly threatened. Take your pick on whatever organization you want to look at, and they’ll say this doesn’t help anyone, except maybe foreign adversaries and hacking groups. What happens when the next government comes along and decides to make a more US kind of implementation? The point is, that we should not make this the precedent. Ever. Kick it while it’s down.
Ok, but for what it’s worth, I’m only trying to defend the EU proposal. This discussion was about the EU proposal, from the very first OP. The US proposal, such as I understand it (I haven’t looked into it that much, since I don’t live there), seems a huge privacy risk that plays into the hands of corporations. No thanks.
In the EU system, you start with a verifiable online identity system. These differ from country to country but all perform the same task: They allow you to prove who you are.
So you go to an online portal and you log in, as you. This system issues you a set of tokens, which does not hold your PII. They solely say “This person is over 18”. If you want a token to say “this person is over 13”, you need a different token. A token is a number that has been signed by the issuing authority in a way that can only be done by the issuing authority. You store these tokens, encrypted, in your age verification app.
Now IF the issuing authority stored “I issued token X to person Y” we would have a huge problem. They don’t. All they do is store “this token was issued”. If they chose to store that a specific token was issued to a specific person, they could track what sites you used the tokens at. So you have to trust your state here, just like you have to trust them not to access your phone records, or your credit card transactions or which mobile mast your phone logs on to.
You proceed to a site that requires an age gate. You are presented with QR code, which you scan with your age verification app (the one that stores the age verification tokens). This QR code contains a URL that holds the verification attempt ID (created by the gater) and your app now connects to this URL (be advised this URL is not the URL of the gater, but of a third party gating service) and sends one of your verification tokens. The third party verification service checks this with the issuing authority and confirms it is a valid token, then retires it if it is. The third party service now calls to the gater and says “this verification attempt has indeed proven their age”.
The gater then lets you proceed.
Throughout this attempt the only place that can be hacked to reveal your PII would be the issuing authority - no other services knows anything about you. What a hacker would have to do is insert code that captures the issuing of tokens and somehow grabs your PII at tha time. But what’s important to understand is that the issuing service also doesn’t know who you are, because they don’t store all your PII when they issue your tokens - they just have the required information about you from the identity service you used to log in (chiefly your age). So even if a hacker got in here, they couldn’t grab who you were, merely when you were born).
Many security experts have analysed this flow and supported it. I myself cannot see what a hacker could really do here. So, in this case, specifically for the EU system, which this post was about, I am willing to accept that the advantages of not having minors access tobacco, alcohol or age gated media far outweighs the privacy risks.
I don’t believe this is an honest question. They aren’t age-gating, they’re checking IDs of everyone so they know exactly who is saying everything online, and can easily persecute opposing viewpoints. The excuse is kids, they don’t give a shit about kids.
Where have you read that this is about checking everyone’s ID?
They are specifically building an anonymous system for verifying age required to buy to products and access media that we already check ID for (not anonymously, but distributed) in physical stores.
Most countries don’t have age gates for accessing social media and, under the EU system proposed for the EU, if they did, this system is exactly providing a method of verifying a user’s age without knowing who the user is. So it’s literally the opposite of what you claim it to be.
Lmao. Anonymous system my ass. You trust the government to do that? And pray tell how the government is going to implement id verification on os? It’s such a stupid idea. How are you even going to enforce that? And even if it gets implemented, what’s stopping a kid from using an adult’s device to bypass it?
The EU age verification system, of which I’m talking and of which the OP was about, is not baked into the OS. That might be the case in the US. I’m lucky I don’t live there. And this discussion here is about the EU system, not the US one.
Your ISP has a record over every single website you’ve visited and your payment provider knows 99% of all purchases you’ve made and your phone knows where you’ve been at all times. Your threshold for having to trust that laws prevent wanton use of all this information doesn’t shift with anonymous age gating.
Frankly the concerns you display in the post reveal to me that you’ve not spent a great detail looking into what’s actually being proposed.
Why doesn’t EU investigate criminals and pedos with questionable search queries and website history? The corpos have the data of every individual. It was never about protecting the children in the first place. Otherwise they’d be solving the root of the problem instead of using such half measures.
You don’t need to show ID to enter the store just because they sell cigarettes at the front counter. The staff person checking the OD at the front counter isn’t memorizing the information on the ID and using it to track every other purchase you make in the store, or to piece together what you’re doing once you leave the store.
Locking individual content behind age verification (and it entirely depends on how they are handling the age verification), is different than a blanket identification check to use the platform at all. Age verification is used to prevent children from buying cigarettes from a store while under aged, but it’s up to parents to prevent them from getting cigarettes other ways.
But let’s separate the technical/privacy discussion of age gating from the discussion about age gating social media platforms.
If I go to a Scottish distillery website and buys chocolate, they are not going to age gate me. If I buy whisky they will. That’s not age gating at the door, that’s age gating for a specific product that we, our democratic society, have decided, through democratic means, should not be available to minors.
Regulating social media age gating is a different discussion altogether. The discussion is about whether we want to be able to anonymously check (again, the EU standard requires anonymity) someone’s age online.
Stop moving the goal posts. Also, no one has convincingly shown they can do that anonymously, but lots have shown they CAN’T. You can’t divorce the privacy implications because they are intrinsically linked right now and there is no evidence supporting the ability to unlink them.
Which goal posts have I moved?
The architecture for Zero Knowledge Proofs is not novel and well understood.
You prove your identity to the issuer of tokens. They issue you a set of signed tokens that only they could have signed. You issue one of these tokens and a nullifier to a location that needs to verify your age. The verifying location checks the signature and lets you in. They return the nullifier to the token issuer.
The issuer can OF COURSE verify that you’ve used your tokens if they store the tokens they issue. You do have to trust your government for this system to work. But you already trust your government not to mass-surveil you through your ISP, mobile phone provider and credit card spend. This doesn’t increase your defend surface.
You dont have your id printed on every cigarette. The government doesnt dilute the alcohol with unique radiomarkers to track your piss (yet). Firearms tracking is nowhere near this comprehensive or invasive anywhere in the world. Not even on military ranges. Cinema tickets? Really?
Qnd as pointed elsewhere: you font need to show ID if youre just buyong pink monster vegan jerky condoms and new usb cable for your fav sex toy.
But have you read the EU standard? Anonymity is a requirement. There is no tracking. The age check does not refer back to you. Indeed, it cannot.
You can of course believe that the legal requirements aren’t adhered to and that the state is actually lying, but if you believe that the state already has a million ways to track you, including 99.9999% of us who carry our phones around with us and pay with credit cards in physical stores.
It can’t be anonymous if you need a google or apple account to use. I’m not concerned about what the government tracks (well, not in this context at least), I’m concerned about who and what they’re working with to do the tracking. If the app verifies me as an adult but I couldn’t use the app without google butting in, google now has yet another data point in a secret ad profile that the government should be putting a stop to, not helping them build up. It’d be like announcing a plan to stop illegal drug usage by partnering with the cartel.
If they wanted a government-sponsored age verification sort of thing, it should’ve been an app whose only job was to type in a code you got from going in person to some government body and verifying in person. Town office, DMV, somewhere like that.
More fundamentally, though, “protecting the children” shouldn’t go anywhere near anything that can be used for identity theft. Showing my ID to the cashier at the cigarette shop is significantly safer than showing it to any business on the internet, because sharing a high-quality picture of something is giving them a copy. The cashier gets to see it, but it never leaves my sight and isn’t recorded in any way except probably some dodgy security camera where you can’t read it anyway.
Ok, so it’s about Google and Apple accounts.
When you say “Google butting in” can you be more specific about what it is you believe Google tracks in an app they haven’t made themselves but only ingested in their store? Is it your belief that Google tracks all app interactions even in apps without firebase or Google Ads SDK?
Honestly, I don’t know exactly what google can or can’t track if the app developer doesn’t specifically enable them. I don’t have specific evidence that they’ll even be able to tell if the user was verified or not
What I do know is they have repeatedly shown that they’re happy to hide or lie about what and how they track people, and more broadly about their business as a whole.
Again I cite the drug analogy. Google is in the business of tracking people and harvesting data for ads. It’s like inviting the cartel to the DARE program and expecting everything to go swimmingly.
If they want their age verification app to actually be anonymous, they shouldn’t force people to use a tracking service to use it. The app specifically won’t be functional on degoogled android phones and won’t be offered on desktop computers. Maybe Google can’t spy on anything going on in the app, but even so, they could correlate “used verification app, roblox usage went up” or “used verification app, continued to use Tinder, concluded adult, ignoring ‘do not track’ preference as it doesn’t violate laws about tracking minors”.
It’s true that a minority of users have taken the steps where this inferred information would be particularly helpful to google, but not having the option to opt out is going to get harder and harder, and this service doesn’t provide enough good to give the information cartel that is Google any more information, even inferred, in my opinion.
So you’re not sure what Google can and can’t track and you have no evidence, and the specification for the system is available online, which you seemingly haven’t read, but you’re just generally “worried” without citing specific evidence.
When you go to purchase those things in person, you present your ID, but then it is given back. They do not keep your ID. They do not get to make a copy of it’s information for them to store and sell and track you with. It is presented at that particular moment, and then control of it is returned to you.
That is not the case with these digital ID requirements. With these digital ID requirements, they absolutely make and keep a copy. They absolutely use the information from that copy to track you and sell your data on to others. They use it to build a profile on you about your behaviours and purchases etc which will absolutely be used to tighten the noose of control. And we’ve already seen, over and over and over again that pretty much every time they claim they aren’t doing those things, they absolutely still are. Even if they weren’t, they’ve also repeatedly demonstrated a complete and utter inability to secure that data from third parties accessing it too.
It is completely different and enormously more invasive than presenting your ID in person.
Most of what you’ve said is blatantly not true. Google (let’s use them instead of Apple here) can of course track your app use if the app uses Firebase or the Adds SDK - which clearly a verification should never do.
But Google doesn’t have the ability to see what you do inside of an app that aren’t voluntarily sending telemetry to Google. If you have proof that they do, please present it.
@sunbeam60 @Squizzy forr me the issue is mass survilance… Gate keeping cigarretes dont record the number of times a kid or a adult tried to but cigarretes
Those are physical things you purchase in real life.
A cinema screening is not a physical good. Yet we still age gate it.
How do you attend the cinema?
I don’t use apps from official software installation sources. I will boycott any site or service that asks me for unnecessary information.
still 99% of ppl especially youngsters use this bullshit social media and will fall for this spy company
Until you can’t because they will deploy this absolutely everywhere to “protect the children” from whatever real or imaginary threat.
It will be banking that is used as the wedge for this. You’ll have to use an approved device / OS / App to get access to the banking system. To protect the children.
I use the bank web site, with a hardware TAN generator. If no bank offers that option you can use a dedicated device that is used just for that. My bank’s app works on Graphene OS though.
I can use a phone to do business with my bank, dumb phone -> call number -> do banking, then again, I can also send up to $3k with no fee
We can always self-host. We’re using such a resource right now. Of course they can start blocking and persecuting, like they’re doing in Russia right now. At which point you should start learning about fpv drones as a hobby, particularly the fiber-optic kind.
It’s for the CHILDREN, you COMMIE!
The motives are irrelevant. This will destroy the internet as we know it and disempower citizens. I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset, finally demanding to be able to know and track what we do online, everywhere we do it. This is about protecting their ability to rule, not children from harm.
I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset
LLMs are here to enrich the rich, not to “empower the individual”. They require ridiculously expensive computing power, which makes them impractical or even impossible to self-host (with data centers buying up the market, the required hardware becomes unaffordable to the individual). Now you’re at the mercy of renting out the compute from the oligarchs and their companies, and you’re also relying on their censored and biased models (see Grok and his “Mecha-Hitler” antics if you want a taste of the future). Please don’t expect that to empower you, or anyone else. It can’t, and even if it could, it wouldn’t be available to you.
Unless we democratise LLMs, they’ll just become yet another tool of enslavement in the clutches of the Epstein class.
It could greatly boost the use of decentralized apps. Which will ultimately give people more power than they have right now. So in the long run, it might have some positive side effects.
Cracking down on decetralized apps will be the next logical step
How would they do such a thing? Require every open port on every internet connected device to be registered? Disallow https and implement full scale layer 7 scanning?
No, they will expand the mandates for providers to filter traffic. Everything ultimately goes through a handful of big ISP companies, so they will just make them comply with the filtration. It will not work great, even simple DPI is resource intensive, but when an ISP is ultimately at fault, they will have to find a way. And ultimately it doesn’t have to work all the time forever, it just need to degrade services enough so most people find it inconvenient to use. As a tool of control, it needs to prevent unwanted communication to be easy, this will ensure only the nerds will do it, and nobody cares about handful of nerds.
They don’t have to invent anything, that’s exactly how it works already in every country that controls their population and the internet in their country. It took Russia 8 years to transition from completely free unobstructed internet to everything being unavailable and everyone being used to it. Europe is way more capable technically, it will take most of the countries less.
The internet as we know it is a playground for billionaires to get richer. Good riddance.
And the new internet that is on the horizon will be the definitive establishment of these same billionaires as feudal lords.
Unlike most other age verification system, this doesn’t reveal any other personal information but your age. No credit card number, no personal id.
So I’m curious how you get to your conclusion?
In order to make sure that the age a person provided is real, the system will gather all that information anyway. I don’t know what you mean by “reveal”, but it will gather it. And that’s the main building block of the problem.
That system is basically the government. They already know.
No, that’s an app on your phone. That accumulates a ton of data in a way that didn’t exist before. The government knows I exist. Now it knows every website I’m visiting, and my identity on those sites. Now the new politician in my country decides to be a little bit more corrupt, and asks the app maintainer “hey, can you gather IDs and home addresses of all the people who criticized genocide online last couple of years, I would like to execute them publicly”, and they can do it with basically one sql equerry. The only defense against that will be “but that’s illegal, there are laws against that!”, which is shit defense nowadays.
Yes, all of that happens. That is a valid worry. Which is why they tried to avoid it.
Did you see how much they did to avoid this? Do you see a flaw in their solution?
Yes, the flaw in their solution is that they require the government ID to access the internet now. That’s the flaw.
I’m sorry, but have you read the technical documentation? The design is intentional created this way to avoid tracking.
You are issued a set of ZKP tokens that you hand back to websites. They cannot correlate these tokens back to you, nor can the operator of the system.
Now they could lie, of course, and violate the design (but being open source that’s a little harder), but if the government wanted to secretly track you, much more precise tools exist for this already.
That’s the stupid part, it doesn’t matter what it will look like at the beginning. It might be the best written documentation now, they can even implement the app correctly. The thing is, the jump from “people can use the internet” to “in order to access the internet you need to provide your government ID to your smartphone” is a big jump, one that can cost a politician career. The jump from “you need to use version 1.4.412 of the govenment id checker” to “you need to use version 2.0 of the Government Id Checker Plus” is minuscule. That’s where you introduce a persistent database of the tokens, somewhere on page 5 of the changelog. And only nerds care about that and nobody listens to them.
It’s so fucking easy, Russia did this exact gambit in 2017, Kazakhstan couple of years before.Ok, so it’s the slippery slope fallacy.
But that slippery slope, which it sounds like you believe us to be on, also applies to phone location tracking, credit cards payments, mobile phone train tickets, smart homes, smart cars, home CCTV etc etc.
Do you leave your phone at home, always pay with cash, don’t use any apps? Most people do these things on the basis that the government doesn’t wantonly have access to what we’ve bought online. Why is age gating so different?
At last a piece of code free of any flaw, any exploit, invulnerable to any known or unknown attack method!
Of course things can break and something might be able to refer back to you, until it gets fixed.
But if your argument is that “the standard is fine, but something might not quite work”, then the same argument applies to your phone’s location tracking, your debit/credit payments etc. The vast majority of us happily use systems on the basis that they are secure, until they’re not, and then things get fixed.
Your argument has to apply evenly.
Extrapolating from US decisions, like I would have done
Nnnnnoooooooooo
Et tu, Bruté?
