Age verification laws are unfortunately starting to come into affect around the world, this means that platforms are starting to request identification documents and facial scans from users.
In this video we break down how age verification systems work, where this additional verification will be required, why giving broad control to the government to decide whether certain content is sensitive is a major issue and how it’s a huge threat for your privacy even if you’re an adult.
Inaccuracy of age verification does cause its own problems, but I don’t think it is an issue we should focus attention on. This is easily rebutted by the pro age verification camp asserting “accuracy will improve.” Criticism of (in)accuracy is not a winning argument. Same for facial recognition technology.
Instead, I believe we should focus on the personal/cultural/social/political harms of age verification technology on the assumption it works perfectly (100% accurate and foolproof) but still causes more problems than it solves.
Further, I believe we should also consider these arguments with the possibility that “privacy-preserving” technologies (zero-knowledge proofs for instance) that never sends identity documents, face scans or other sensitive data may be adopted. There is an emerging “privacy technology” industry that is attempting to build “privacy-preserving” technologies. In that light, we should consider these “privacy-preserving” solutions may still leak information about people’s identities and activities (due to theoretical technological limitations, poor implementation or mis-assumption that age verification operators can be trusted), and adoption of these “privacy-preserving” solutions will be neither immediate nor universal and may remain niche.
Personally I believe websites/operators confirming adulthood by asking “Are you over 18? Yes / No” and by blurring NSFW content are sensible/proportionate measures that websites/services can adopt if they have not yet. While without doubt “privacy-preserving” solutions are better than having people upload IDs, I think age verification mandates that go beyond should not exist at all.
I think these points below could be considered, even if they cannot be pitched as winning arguments, and I’m sure others can think of more.
Human rights and civil liberties introduced by any form of age verification, particularly loss of privacy/anonymity and its consequences
Security risks of “non-privacy-preserving” age verification methods, particularly leakage of people’s IDs
“Protect the children” merely a pretext for more government power and control, particularly censorship
Risks of scope creep and abuse of age verification mandates
Flaws of the law/safety “both online and offline” argument, for instance flaws of the “it’s like showing ID at the liquor shop” analogy
Splintering of the global internet into jurisdictional boundaries, and complex cross-jurisdictional legal requirements/processes that websites/services must navigate
Exclusion of small website/service operators who cannot comply with age verification mandates, for instance servers of federated services like Mastodon and Peertube
Techno-solutionism: framing of age verification as the only viable solution
Framing and dis-empowerment of children, parents, schools and other guardians as irresponsible and incapable of taking care of themselves or their own children, instead of empowering them to do what they are supposed to do
Psychological/cultural normalization of permission culture, intrusive data collection and mass surveillance: routinely having your own face scanned or ID uploaded, requiring permission every time you visit websites, fearing every online interaction is logged/analyzed/aggregated/evaluated, etc.
The above is just my opinion though. I’m curious to hear what others think.
Other recent threads that discuss age verification.
Normal people know exactly zero about how technology works, especially things like zero knowledge proof systems.
Moral panic
Business opportunity via exploiting points 1 and 2
Just my opinion, but this is not going to go well for anyone. People who can’t stand the idea of being locked out of their walled gardens will comply immediately - early adopters who are not the typical early adopters of anything else. The bumps will be worked out on their backs, and as their data leaks.
The Moral Panic element means that the “iT’s fOr tHe cHilDrEn!!!” crowd will demonize anyone like EFF who provides any sort of warning whatsoever. The irony of which won’t be appreciated until 20 years from now young people ask us “WTF were you thinking?” like with leaded gasoline or teflon pans. “Well, most people weren’t.”
Scams are going to be the biggest problem, and scammers are already developing infrastructure to harvest the naive and unsuspecting. These systems are simply not designed to work with ID systems that aren’t already secured and 100% digital. If Estonia wanted to do this, then I would give it the time of day. It’s preposterous that I should show a hard copy document or submit to a facial scan and that should satisfy any sort of government compliance, both because it’s so easily faked by anyone creeping weird parts of the internet, and because the massive risk of identity theft is simply unacceptable.
Not to mention the fact that some sites will simply not be able to comply, or not have clever workarounds in mind, and will just fold up, like GamingOnLinux. Personally, I hope this site has workarounds in mind - like how I’ve posted about how my knees hurt and I’m starting to need reading glasses at my age. Find my subtle clues, algorithm!
We all have the responsibility to educate our friends and family now about the risks, and to think up clever workarounds to achieve minimum effort compliance.
Too bad nobody is talking about personal responsibility out in policy circles. Why can’t we normalize encouraging parents to talk to their kids and monitor their behavior? Instead of handing out tablets to their toddlers, they should ACTUALLY monitor their internet usage and promote responsible behaviors.
Underage persons will always find a way to circumvent restrictions. If parents actually talked to their children and encourage them to touch grass, maybe less will be stuck on social media, watch adult content excessively, or become radicalized on niche political forums.
Weeeeeeeee! Slippery slopes are fun. When the UK started their BS I was telling everyone like a crackpot that sites are gonna just say f it - make it worldwide. Now with the Roblox Trojan horse here in the US being used to push renewed age verification bills we are cooked.
Unfortunately it looks like the future at least for now so I’d def start making privacy moves. It’s gonna get worse before it gets better.
Most ironic part? None of it is gonna protect any kids who wanna see porn just adults who aren’t tech savvy any anything big brother wants to make it harder to see. And, as always, it will make some people somewhere a TON of money as a cottage “age verification industry” pops up. Always comes back to money and control in order to make more money. Gonna come full circle and we will end up back on IRC where we started in 94 to get away from prying eyes in the first place.
I think corporate compliance is going to mean as much for commercial platforms, fortunately there is good forum software like this one, so maybe a return to on-topic bulletin boards? To some extent I think that might be possible, of course the internet is a larger place than it used to in the 90s and so on.
Fortunately we do still have chat platforms that are decentralized like Matrix, so even if matrix.org in the UK does something, like this, it won’t force every server to do the same. What will be interesting is if the UK then produces a piece of legislation that says you can’t communicate with any network which also doesn’t do verification, (like how would a service operator even know that) but I think that simply will be not feasible to police due to resources, imagine that for things like email .
I think a lot will simply cave and provide their details as they’ve been brainwashed by years of “real name policy” being “acceptable” by companies like Facebook who want your data for advertising purposes.
What can be certain is big tech is not going to “step in” and save us, that is not within their interests really anyway.
In terms of parents taking a greater role in what their children see online, I think that’s doubtful. A lot either do not care and also don’t care for this legislation or are already taking the steps they feel are necessary. I also think a lot simply are too busy with real world problems such as cost of living issues etc to have the luxury to be spending a lot of time on this.
So, are we dealing with this sht just because parents failed on taking care of their children and now governments have to fill the gap? I find it pathetic.
I actually don’t think it’s parents at all, they’re simply too busy with other things. I think it’s two things actually:
Governments trying to find a useful scapegoat for extra spying apparatus. Law enforcement and intelligence agencies have bureaucrats which perceive any technical regard to privacy as a hindrance making their work more difficult with little concern for privacy protections or benefits. For example you never see them arguing that companies should be more responsible for data breaches, or the data they lose to hackers, eg harsher penalties for the loss of that data, except perhaps in the EU.
As a result it would appear there’s a coordinated effort and they all take turns being the next one to push the envelope with regard to spying laws, eg:
Investigatory Powers Act 2016, (UK),
Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
Assistance and Access Bill 2018 (Australia).
Investigatory Powers (Amendment) Act 2024 (this one includes a lot of what is in the Assistance and Access Bill such as TCN “Technical capability notice”)
Child Sexual Abuse Regulation (CSAR) - (not even trying to hide it with this one. Oh you’re against CSAR? “You must be supportive of child sexual abuse then.” is 100% the narrative these populist politicians are trying to create.
etc.
Once one of the countries implements a law like this, you watch them all jump on the same bandwagon. It comes lock-step with accusing any adversary opinions of being pro “helping the criminals”. Therefore due to politics being highly populist in today’s world it would seem nobody (politician) is willing to stand and say that it is bad even if there are a thousand very easy talking points as to why.
Companies who want to have useful identifiers to track users, to satisfy advertising industry. I think this goes hand in hand with enshitification is really a trend which is the result of the constant pursuit of infinite growth in business. Advertisers want to always make more and so do the companies with a product. They have a captive audience that are addicted and simply won’t leave in significant enough numbers no matter how bad it gets.
It’s a bit of all of the above. Not so much scapegoat, but this is a moral panic hyped up such that it seems unconscionable to even question it, as you rightly note.
The only redeeming part is that it’s really focused on large walled garden sites. All us folks out on the fringes are going to end up like the folks on the reservation from Brave New World.
Parents are very much part of the problem. One, they want schools to do everything for them. Two, they aren’t even educated about these things in the first place.
My bare bones attacking the logic with which the nation states are going about this is - not my children, not my responsibility, and not a reason to give up my freedoms for any “benefit”. The obvious response to this is “so you don’t want to save kids and want them to get hurt?”. Again a failed logical fallacy because not wanting one thing doesn’t mean wanting the opposite by default either.
This entire thing is coming down to critical thinking skills of the populous, or lack thereof. Also the monumental ineptitude and illiteracy of the politicians pushing this or whomever more powerful is behind this onslaught against internet freedoms.
–
Don’t be sheep people: the goal is surveillance. Plain and simple. Fight now before freedom ends forever. The West is in reckoning and don’t realize how well they have had it compared to the rest of the world and learning this the hard way is not going to be pretty.
For once I actually agree with 4chan on something, what a whacky world.
Ofcom has previously said the Online Safety Act only requires services to take action to protect users based in the UK.
With all seriousness though this is exactly how laws like this should be treated, refuse to do business in the UK market and remove services from them.
The reason is because otherwise every other country will ask for “special treatment” regarding users of their country. It becomes a nightmare of compliance to run a website with many countries all wanting their citizen’s private information retained, and analyzed.
The UK is a fairly small country, what if a large country like China or India wanted this? Even outsourcing the processing/analysis of that data for age verification purposes would likely have enormous costs to a site which runs off donations essentially.
Not sure about Japan, but these kind of systems have been in place in South Korea for decades at this point. You don’t only need to verify your age, you also need to verify your identity when you register on all larger Internet portals, forums, etc. (which is defined by the number of users), and the system confirms that you are who you are by connecting your phone number with your national ID (which are all stored in a database administered by the government).
This applies to both Korean citizens and also foreigners residing in South Korea, so basically the reality is that you cannot anonymously participate in any activity on the Internet there (unless you just view sites without registering anywhere ). In addition to that, you also cannot do anything without a valid phone number that is tied to your real identity.
.
Thank you so much for making this and bringing more attention to this very important issue!
). In addition to that, you also cannot do anything without a valid phone number that is tied to your real identity.