This is exactly the kind of government overreach people like me have been screaming about since, in my case, the 1990s.
“I told you so” just doesn’t feel so good when what’s happening is nothing less than the entirety of human freedom and liberty is being eroded before our very eyes, and those who disagree with it get labeled as kooks, and accused of hating whatever “oppressed group” of the day is in vogue.
SeductiveTortoise@piefed.social 2 days ago
Government sets up page to verify age. You head to it, no referrer. Age check happens by trusted entity (your government, not some sketchy big tech ass), they create a signed cert with a short lifespan to prevent your kid using the one you created yesterday and without the knowledge which service it is for. It does not contain a reference to your identity. You share that cert with the service you want to use, they verify the signature, your age, save the passing and everyone is happy. Your government doesn't know that you're into ladies with big booties, the big booty service doesn't know your identity and you wank along in private.
But oh no, that wouldn't work because think of the... I have no clue.
bulwark@lemmy.world 2 days ago
That sounds like a very functional and rational solution to the problem of age verification. But age verification isn’t the ultimate goal, it’s mass surveillance, which your solution doesn’t work for.
floofloof@lemmy.ca 2 days ago
The fact that they haven’t gone for this approach that delivers age verification without disclosing ID, when it’s a common and well known pattern in IT services, very strongly suggests that age verification was never the goal. The goal is to associate your real identity with all the information data brokers have on you, and make that available to state security services and law enforcement. And to do this they will make it impossible to use the internet until they have your ID.
MunkysUnkEnz0@lemmy.world 1 day ago
Don’t forget censorship.
noxypaws@pawb.social 1 day ago
what exactly is the problem, though?
infinitesunrise@slrpnk.net 2 days ago
Because it’s not actually about age verification, it’s about totalizing surveillance of everyone.
General_Effort@lemmy.world 1 day ago
The problem is that meat-space logic is applied to the cyberspace (as it might have been said in the 90ies).
You go into a store and the clerk sees you and knows your age. If it’s borderline, then they ask for ID. They are applying that thinking to internet services. And so are you. You are just trying to figure out a better way to ask for ID.
The UK doesn’t have a system of mandatory national ID. Brits feel that that is totalitarian. So obviously, they do not use the scheme you propose. It’s not their meat-space logic.
Where this falls down is that no ordinary Mastodon instance can comply with the regulations of the close to 200 hundred countries in the world. Of course, just like 4chan, many wouldn’t want to out of principle.
The only way to make this work is to introduce another meat-space thing: Border posts. You need a Great Firewall of the [Local Nation]. At physical border posts, guards check if goods comply with local regulations. We need virtual border posts to check if data is imported and exported in compliance with local regulations.
Such a thing, a virtual Schengen border, was briefly considered in the EU about 15 years ago. It went nowhere at the time. But if you look at EU regulations, you can see that the foundations are already laid, most obviously with the GDPR but also the DSM, DMA, DSA, CRA, …
Eventually, the border will be closed to protect our values; to enforce our laws. We will lock out those American and Chinese Big Tech companies that steal our data. We will only allow their European branches and strictly monitor their communications abroad. We will be taking back control, as the Brexiteers sloganized it. Freedom is just another word for having to ask the government for permission when you enter a country. And increasingly, it is another word for having to ask permission for how you use your own computer.
It won’t be some shady backroom deal. Look here. People in this community love these regulations. Europeans here are happy to tell US companies to “FO if they don’t want to follow our laws”. Well, the Great Firewall of Europe is how you do that.
tabular@lemmy.world 1 day ago
Bold of you to assume a government entity is trusted. In the UK we have a large misrepresentative error due to our voting system.
SeductiveTortoise@piefed.social 1 day ago
Depends in what part you trust. I trust them with my ID, I wouldn't trust a random website. They know it anyway as they made it.
just_an_average_joe@lemmy.dbzer0.com 1 day ago
How about people parent their children?
I believe the issue is that parents themselves are overworked from their job and have no energy to be a parent, because in our society, it is more successful to be a worker than to be a parent.
(Sorry for turning it into a critique of capitalism, I just can’t help it these days)
SeductiveTortoise@piefed.social 1 day ago
I'm with you on this one, but that's easy to say for me. I'm in IT anyway. I just have a hard time imagining how my sister for example would set this up for her kids.
brachiosaurus@mander.xyz 1 day ago
It was never about the kids.
en.wikipedia.org/…/2010s_global_surveillance_disc…
Humanius@lemmy.world 16 hours ago
Funnily enough that is roughly the implementation the EU seems to be working on.
…ec.europa.eu/…/eu-age-verification
SeductiveTortoise@piefed.social 13 hours ago
I think I have to specify what I mean by trusted. I do not trust them with my browser history, but I do trust them handling my government-issued identity. I do however not trust a company with that identity because I know they will definitely use it for their own good. What I want is the complete and absolute separation of information. Everyone knows exactly what they need to know, not a byte more. I'm still not convinced we desperately need the possibility to identify us for every fucking service though. Keeping kids from accessing porn should be the task of the parent. Keeping kids out of porn, yes indeed, we all need to tackle that problem.
starman2112@sh.itjust.works 1 day ago
You sell that cert to a local kid for $50
You generate another cert to sell to a local kid tomorrow
???
Profit
SeductiveTortoise@piefed.social 1 day ago
And your solution is...?
TechnoCat@lemmy.ml 2 days ago
I think this starts to not work when you start to include other states that want to do this, other countries, cities, counties, etc… How many trusted authorities should there be and how do you prevent them from being compromised and exploited to falsely verify people? How do you prevent valid certs from being sold?
SeductiveTortoise@piefed.social 2 days ago
I can only verify with my own government. The rest I don't know. But shut up, that's how it works! /s
To be honest, I have no clue. But dropping my pants to write a mail isn't what I want to do.
homoludens@feddit.org 1 day ago
Sold by whom? The created cert can be time limited and single use, so the service couldn’t really sell them. You could rate limit how many certs users can create and obviously make it illegal to share them in order to deter people from using them. That’s not enough to prevent it completetly, but should be an improvement for the use cases I hear the most about: social media (because it reduces the network effect) and porn (because kids will at least know that they’re doing some real shady shit).
commie@lemmy.dbzer0.com 2 days ago
but they know who they issued it to, and can secretly subpoena your data from your instance.
no thank you.
homoludens@feddit.org 1 day ago
They can only subpoena your data if it is stored. Make the code open source (by law) and only store the cert, no connection to the user.
jim3692@discuss.online 2 days ago
They (the govt) would know that they issued a certificate to ex. lemmy.dbzer0.com
They can’t know that the certificate is issued to conmie
Unless, of course, the instance logs the age certificate used by each user
And also, unless the govt’s age verification service logs the certificate issued by each citizen
doughless@lemmy.world 2 days ago
The service provider could even generate a certificate request that the age verification entity signs (again, with no identifying information, other than “I need an age verification signature, please”). That certificate would only be valid for that specific service provider and can’t be re-used.
LifeInMultipleChoice@lemmy.world 2 days ago
I give it 2 years till Netflix requires you to have an ID every time you open the app because it has rated R movies.
This is the same principle. The account holder agreement should make the account holder responsible for the use of the service.
The government shouldn’t be parenting our minors, their guardians should be.
Otherswise we should put digital locks on every beer bottle, pack of cigarettes, blunt raps, car door, etc. That requires you to scan your ID before every use.
“Kids shouldn’t be driving cars, it isn’t safe!” Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
And the car is far more deadly than them seeing someone naked.
mic_check_one_two@lemmy.dbzer0.com 2 days ago
Ideally, it would be handled directly on the hardware. Allow people to verify their age once, using a government-run site. Then that user is now verified. Any time an age gate needs to happen, the site initiates a secure handshake with the device, and asks the device if the current user is old enough. The device responds with a simple yes/no using that secure protocol. Parents can verify their accounts/devices, while child accounts/devices are left unverified.
Government doesn’t know what you’re watching, people don’t need to spam an underfunded government site with requests every day, and age gates are able to happen entirely in the background without any additional effort on the user’s side. Adults get to watch porn without needing to verify every time, while kids automatically get a “you’re not age-verified” wall. And kids can’t MITM the age check, due to the secure handshake.
Zwuzelmaus@feddit.org 2 days ago
Sorry, not sufficient.
Not secure.
" I certify that somebody is >18, but I don’t say who - just somebody "
This is an open invitation to fraud. You are going to create at least a black market for these certificates, since they are anonymous but valid.
And I’m sure some real fraudsters have even stronger ideas than I have.
iopq@lemmy.world 2 days ago
What stops non-anonymous certificates from being sold?
If John Doe views way too much porn, then you expect the site to shut him down? They have no ability to track other site usage. The authorities have to block him after the 10,000th download.
At that point, why does the site need to know? Either the government blocks someone’s ID or they don’t
homoludens@feddit.org 1 day ago
Making the certs short-lived (a few minutes) and single use and having a rate limit for users could make it difficult enough with serious risks (if you make it a crime) for little profit (I doubt many kids will pay serious amounts of money to watch porn; definetly not drug-scale amounts of money).
GreenShimada@lemmy.world 1 day ago
It bothers me so much that a ZKP system is entirely possible, and no one will just do the first step of setting that up.
sunbeam60@lemmy.ml 1 day ago
Eh, Denmark is. They are building exactly a ZKP system.
Britain has chosen to not make this a legal requirement so it is possible to tie back age verification with who verified. That makes it a lot more suspect.
rozodru@piefed.social 1 day ago
meh just do what Amazon does "Hey if you're student you can get Amazon Prime for $5! how old are you?"
me: "I'm 20."
Amazon: "Ok here's your cheap prime!"
/me groans getting out of the chair cause I'm in my 40s
Point being just slap up an unverified age gate and be done with it. Really, truthfully, whose going to actually check? who even cares to check? it's all just a dog and pony show to please the conservative and "think of the children" religious nut jobs who have no idea how any of this shit works anyways. Just spend 2 minutes whipping up a site with a centered div that has a drop down menu asking "how old are you?" less than 18 send it to a "no internet for you page" greater than 18 "go look at porn" page.
Doesn't take a rocket scientist to know what's REALLY happening that they're requiring scanned IDs or faces or what have you. and no company in their right mind is going to fight this as it's free and easy data collection. Bluesky doesn't give a flying fuck as they're just going to end up selling the data they collect.
ItsGhost@sh.itjust.works 1 day ago
Because think of the shareholders, I’m waiting to see which politicians spouses own controlling shares in the verification companies…
SeductiveTortoise@piefed.social 1 day ago
That's the reason I don't want that for profit. What could it cost in additional taxes? 5 cents?
fodor@lemmy.zip 1 day ago
Right, except for the part where you get verified and nobody can do that except you. Oh, and the part where your kids don’t steal a copy. Or a copy of someone else’s verification. And the part where it actually doesn’t contain references to your real identity; easy to fuck that one up, right… Hmm, that actually means the whole thing wouldn’t work.