Post
Age Verification isn't a technical problem to solve. If you think that, you're missing the point.
It's a social problem used by authoritarian governments as an excuse for population control and censorship.
It's a fundamental attack on free speech and democracy.
It must not be accommodated.
It must be stopped.
#MassSurveillance #AgeVerification #Privacy #Democracy #HumanRights
@Em0nM4stodon What happened to "never tell anyone your age on the Internet"?
@Em0nM4stodon
Correct, it's throwing the onus on the end user, whereas governments should be controlling the extremeties of social media, as in political bias, miss information and child porn
@Em0nM4stodon I disagree.
As a society, we have decided to age -gate some things. I, personally, think it's a good thing to slow down the pervasiveness of social media, as I think it's a good thing to slow down most addictive things.
@Em0nM4stodon What i hate about age checks in social media is that they say it's to protect children from the toxicity of social media.
How about governments try to actually regulate social media instead of outright banning children? Social media can be a good source of social integration and information ( being a queer child that lives with queerphobe parents, for instance, may only get queer support from people on the internet 😐 ). 1/2
@Azarilh Exactly. Social media should simply be safer and less addictive for everyone. Adults need it to be healthier as well, and teenagers need to socialize.
@Em0nM4stodon Plus... do adults not matter? Regulating social media would make it healthier for everyone, child or adult. 2/2
It is all about surveillance. Protecting children from serious harm on the Internet involves stopped malicious adults accessing child services, not stopping children accessing adult services.
@Em0nM4stodon the first person project could solve a lot of these things in a privacy preserving way - but it is a hard technical, social problem to solve. http://firstperson.network/ - I think we need the trust layer of the internet - but in a way that also solves privacy.
@Em0nM4stodon What do you think of age verification in bars before they give you the alcohol? Or age verification before they let you in a sex convention. /gen
@Azarilh Showing ID in person to another human is very different. It doesn't require to collect and keep a copy of it digitally, and therefore is an entirely different situation that isn't even comparable. It also doesn't gatekeep portals of information in the same way that digital age verification on the internet does.
@Em0nM4stodon What about an open source solution that doesn't collect anything, and it simply tells the website "yes" or "no"?
@Azarilh There would still be a need for this open-source app to collect "something" in order to answer this question. When I say it's not possible, I do not say this lightly. I have been researching this issue for a very long time.
@Em0nM4stodon I appreciate the genuine conversation, by the way. I understand it can be a touchy topic for some.
@Azarilh I do not have the time to review and speak about this specific product sadly. But in general, even if the token handed to the application requesting it is fully anonymized, the application collecting the initial data is still a potential attack vector and point of failure.
If it's proprietary, then it entirely relies on blind trust. If it's open source, then it must be fully audited regularly and built and reviewed with independent experts. But even if it was perfectly secure and private, the piece of ID showing the age must be uploaded somehow. Is the whole system secure? Where is this data stored? Does it get fully purged after or is the "deleted" information only flagged as deleted but kept in a database somewhere?
If all identifiable information is fully deleted, then what shows this token is reliably only used by an adult and not shared with a child? Where is this token stored? Can it be sold to others online? People have already done that with the supposedly secure and supposedly private World App. If identifiable information is kept to prevent this, then all the other problems mentioned above remain.
And regardless of all of this, having to upload an official ID, even in the imaginary scenario where we would magically have a perfectly privacy-preserving technology, gatekeeps the use of devices and access to information and communication from many people who, for various reasons, cannot have this official ID. It closes down the internet. We should never agree to that, let alone contribute to facilitating it. More information here: https://www.eff.org/issues/age-verification
@Em0nM4stodon@infosec.exchange @Azarilh@mastodon.social what are your thoughts on bad faith whining?
@0x4d6165 @Em0nM4stodon How is it bad faith? I am genuinely confused at why it's ok to have age checks in person but not online. The Internet might not be physical, but it's still real life with real people.
@Azarilh@mastodon.social because showing a bouncer your ID is very obviously different from sending a picture of your ID to some random company's database where it can be stolen or used by authoritarian governments???
@Em0nM4stodon At least in the Netherlands there is a privacy friendly solution. https://yivi.app/en/
@Em0nM4stodon all governments control their cattle. Even "democratic" countries have police, intelligence, counter-intelligence, secret services and prisons. Shocker.
This indeed! 👆
@Em0nM4stodon The only technical problem to solve is to find ways to hack and sabotage surveillance systems.
@Em0nM4stodon
Hey parents, your kids are in danger! But don't worry about it. We'll take care of it for you.
All we need to do is just check their ages. It'll be just like getting ID'd in a shop. You remember that don't you? Nothing to worry about.
[quietly]
We'll just take a photo of your children and their ID, put them in a database, track their every movement, record who their friends are, what they think, their every hope, dream and aspiration.
[back to normal volume]
So don't you worry, your children are safe with us and our billionaire backers, whoops, I mean with us, just us. We'll take care of everything. You can get back to feeding your own dopamine addictions, we'll claim your children are safer now, and big tech will have their giant, totally not sinister databases of real world identities that surely aren't going to come back to bite us later. Anyway that'll be for a different government to deal with.
@Em0nM4stodon Hear hear!
I'm so tired of everyone like it's normal to upload official identification to every app and website. Without any proper background checks on those services!
This is literally how you get your identity stolen. So the exploitation isn't just happening at the panopticon level, these policies leave us all more vulnerable.
Even people who know better have to comply to function in this society. It's horrendous.
@Em0nM4stodon a trillion times yes, 100%
@Em0nM4stodon It is big tech that's pushing for age verification, not governments. It already knows everything about the adult population, all of the time. But digital IDs will allow it to harvest all of our children's data too, from birth. The digital safety of our children is the responsibility of their parents, not big tech or government. Parents need look up from their own phones occasionally and look deeply at what their children are doing.
@Em0nM4stodon And it's also a workaround for governments that are too coward to face platform owners and demand them not to use addictive and exploitative algorithms as their main business model.
@Em0nM4stodon
I agree. Besides using a VPN, are there ways to bollix up such a system?
@serfdeweb People need to contact their representatives and complain loudly about it.
These legislations need to be repealed and prevented.
The political class needs to hear that citizens reject surveillance firmly, and the focus should be instead on creating platforms that are less addictive, more privacy-respectful, and safer for everyone, including adults.
The time to fight is now.
@Em0nM4stodon - here's a tarot reading for you :)
Will efforts to educate people about the dangers of age verification bear any fruit?
https://taru.guru/shared_reading/1626/5f6f0285-6917-4e15-a911-d66f7cc61e18
@Em0nM4stodon it's kind of (also) a parenting problem?
Having a proper dialogue and clear rules for all technology usage, whether TV, Tablets, Games or Social media isn't a goal to aspire to, it's the minimum bar required for responsible usage.
Parents, should also be expected to lead by example.
@divVerent @Em0nM4stodon No there are not. This is a fundamental fact of mathematical logic. Given a proposed age verification system you can prove that it's either trivially bypassed (doesn't actually verify age) or violates key privacy properties.
Em's point is spot-on. If you think of this as a problem to be solved, you are going to be wrong and you are going to be a useful fool for fascists.
@dalias @divVerent @Em0nM4stodon Knowing how old someone is does not limit their speech nor their ability to vote (we verify age for that already, and for many other reasons). Age verification isn’t state censorship. I suppose it could be a way to limit anonymous speech. That isn’t a Right where I am from (nor is ‘free’ speech). I doubt anonymous speech is a Right anywhere.
I have no doubt it’s absolutely technically feasible in a way that infringes on no one’s privacy. Ultimately though, yes, it could be abused by bad actors. Like everything else in civilisation we need some balance of enforcement to deal with those people.
@edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.
You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.
@dalias @edwiebe @divVerent @Em0nM4stodon
while that's true, it is possible to make such an attestation without destroying privacy (see https://soatok.blog/2025/07/31/age-verification-doesnt-need-to-be-a-privacy-footgun/).
however, even if you do that, it'll still be morally wrong in most cases.
and also, corporations are deliberately not going for the private solution, and governments are shifting the blame to users. the Czech government recently admitted social media is already illegal for teens (due to privacy laws), but they want new laws anyway.
@Yuvalne @edwiebe @divVerent @Em0nM4stodon No, it is not possible. The ZPK bs is privacy-washing designed to bamboozle policy makers and privacy activists who don't understand math. Either it doesn't actually verify age (I can setup a proxy to hand out age proof verification tokens to anyone who wants them using my identity; I would absolutely do that if it were cryptographically safe) or something exposes to the token providing authority that I'm doing this and allows detection that someone else used my identity (thereby violating my privacy).
@dalias @divVerent @Em0nM4stodon
If you're suggesting every jurisdiction should allow unrestricted access to everything because some jurisdictions are authoritarian then I disagree.
@edwiebe @dalias @divVerent I recommend watching this short video to understand better how the data we collect now can have a great impact on a government that turns authoritarian later: https://infosec.exchange/@Em0nM4stodon/116031435192287968
@edwiebe@mstdn.ca @dalias@hachyderm.io @Em0nM4stodon@infosec.exchange From what I understand, active verification does necessarily invade privacy.
But active verification is not necessary.
A mere social media ban under age X, if necessary, could simply be passed as a law, making the parents responsible for ensuring their children follow it. There already are existing laws of this kind for other areas of life. And as parents are responsible for supervising their children, they definitively can also be responsible here.
The opposite is true as well - while the child is supervised by their parents, such restrictions should not apply.
To support the ban, I still think it'd be useful to have an (optional at parents' discretion) software solution. Sure one could go all allowlist using e.g. Google Family Link, but I'd prefer if sites specified their purpose (and also some other properties, e.g. the severity of various kinds of NSFW content, potentially even at multiple levels of which the client can then pick one and specify in a header) for such software to use. That's trivial to do, it's just one file to be placed in the web server's root and it'll work. Could store it in DNS instead, whatever, don't care.
Furthermore, while at it, we could combine this with a technical solution for COPPA and other regulations that ban tracking and surveilling children online. Namely, revive Do-Not-Track, and have aforementioned software automatically set the header for minors.
But, I hear Big Tech say, then what if adults set the header too?
Then you don't effing track them either.
But... what if everyone sets it?
Then the people have spoken.
Age verification doesn't take away anyone's Rights.
Maybe we don't need it. Maybe we do. That's a different discussion.
@edwiebe @divVerent @Em0nM4stodon @dalias It takes away all kinds of rights that you don't even realize you depend on
Like the right to live an unmonitored life
Maybe you *think* you don't have anything to hide.
Maybe you *think* you don't have anything that somebody with power over you wants
If you value anything in your life, you absolutely are relying on a right to privacy to protect it
@dalias@hachyderm.io @Em0nM4stodon@infosec.exchange My approach is actually one of the former category - "trivially" bypassable.
By making the parents responsible. They can set up youth protection software on the device on their children's devices if they feel they need to. Just like now.
The only technical thing I'd ask for is that social networks describe themselves in some form of XML file, and that they respect a Do-Not-Track-like header.
All else is on the client software. Which the parents may or may not install. And if the kids are old enough to have the kind of money to buy their own phone and pay for their own internet connection, they can of course trivially bypass it and I don't care.
And sorry for being a fascist. I don't want platforms like Roblox, TikTok and X to keep harming children. Honestly, I'd rather have them banned entirely (and also every single short video platform or platform feature). But as that's not gonna happen, let's keep at least children out of there. Or else we'll be raising more fascists.
@divVerent You said the solution to your actual problem right there: ban these abusive platforms entirely. Or at least regulate them into not being able to do the really harmful things they do - to people of all ages. None of that has anything to do with policing children or policing whether users are adults.
@dalias@hachyderm.io But that's not gonna happen.
So next I at least don't want children to be confronted with this abuse.
The absolute minimum demand for technical changes to the internet I have is getting Do-Not-Track back. When set, platforms still must operate to its full extent but not perform any user behavior analysis for purposes such as content recommendation or targeted advertisement (they still should be allowed to track for abuse prevention but they must take and disclosure measures that such data is not used for any other purpose, not even used as training data for future AI models).
@divVerent If you don't want them confronted with this, but it still exists, all you're doing is setting them up not to be equipped to deal with it once they do. And either way they're still stuck living in a world ruled by adults whose brains are rotted on this stuff. I get that this is all very unpleasant and people want an easy solution, but there is none short of attacking the root problem.
If you think hiding it from children (not with trojan internet passport schemes, which are a non starter, but as a parent or whatever) is best, you do you. I think educating and conveying values to them so that they can see the rot for what it is and be ready to protect themselves and fight it is probably better.
Any technology is generally insufficient when it comes to resolve social deficits.
