Age verification laws are unfortunately starting to come into affect around the world, this means that platforms are starting to request identification documents and facial scans from users.
In this video we break down how age verification systems work, where this additional verification will be required, why giving broad control to the government to decide whether certain content is sensitive is a major issue and how it’s a huge threat for your privacy even if you’re an adult.
Inaccuracy of age verification does cause its own problems, but I don’t think it is an issue we should focus attention on. This is easily rebutted by the pro age verification camp asserting “accuracy will improve.” Criticism of (in)accuracy is not a winning argument. Same for facial recognition technology.
Instead, I believe we should focus on the personal/cultural/social/political harms of age verification technology on the assumption it works perfectly (100% accurate and foolproof) but still causes more problems than it solves.
Further, I believe we should also consider these arguments with the possibility that “privacy-preserving” technologies (zero-knowledge proofs for instance) that never sends identity documents, face scans or other sensitive data may be adopted. There is an emerging “privacy technology” industry that is attempting to build “privacy-preserving” technologies. In that light, we should consider these “privacy-preserving” solutions may still leak information about people’s identities and activities (due to theoretical technological limitations, poor implementation or mis-assumption that age verification operators can be trusted), and adoption of these “privacy-preserving” solutions will be neither immediate nor universal and may remain niche.
Personally I believe websites/operators confirming adulthood by asking “Are you over 18? Yes / No” and by blurring NSFW content are sensible/proportionate measures that websites/services can adopt if they have not yet. While without doubt “privacy-preserving” solutions are better than having people upload IDs, I think age verification mandates that go beyond should not exist at all.
I think these points below could be considered, even if they cannot be pitched as winning arguments, and I’m sure others can think of more.
Human rights and civil liberties introduced by any form of age verification, particularly loss of privacy/anonymity and its consequences
Security risks of “non-privacy-preserving” age verification methods, particularly leakage of people’s IDs
“Protect the children” merely a pretext for more government power and control, particularly censorship
Risks of scope creep and abuse of age verification mandates
Flaws of the law/safety “both online and offline” argument, for instance flaws of the “it’s like showing ID at the liquor shop” analogy
Splintering of the global internet into jurisdictional boundaries, and complex cross-jurisdictional legal requirements/processes that websites/services must navigate
Exclusion of small website/service operators who cannot comply with age verification mandates, for instance servers of federated services like Mastodon and Peertube
Techno-solutionism: framing of age verification as the only viable solution
Framing and dis-empowerment of children, parents, schools and other guardians as irresponsible and incapable of taking care of themselves or their own children, instead of empowering them to do what they are supposed to do
Psychological/cultural normalization of permission culture, intrusive data collection and mass surveillance: routinely having your own face scanned or ID uploaded, requiring permission every time you visit websites, fearing every online interaction is logged/analyzed/aggregated/evaluated, etc.
The above is just my opinion though. I’m curious to hear what others think.
Other recent threads that discuss age verification.
Normal people know exactly zero about how technology works, especially things like zero knowledge proof systems.
Moral panic
Business opportunity via exploiting points 1 and 2
Just my opinion, but this is not going to go well for anyone. People who can’t stand the idea of being locked out of their walled gardens will comply immediately - early adopters who are not the typical early adopters of anything else. The bumps will be worked out on their backs, and as their data leaks.
The Moral Panic element means that the “iT’s fOr tHe cHilDrEn!!!” crowd will demonize anyone like EFF who provides any sort of warning whatsoever. The irony of which won’t be appreciated until 20 years from now young people ask us “WTF were you thinking?” like with leaded gasoline or teflon pans. “Well, most people weren’t.”
Scams are going to be the biggest problem, and scammers are already developing infrastructure to harvest the naive and unsuspecting. These systems are simply not designed to work with ID systems that aren’t already secured and 100% digital. If Estonia wanted to do this, then I would give it the time of day. It’s preposterous that I should show a hard copy document or submit to a facial scan and that should satisfy any sort of government compliance, both because it’s so easily faked by anyone creeping weird parts of the internet, and because the massive risk of identity theft is simply unacceptable.
Not to mention the fact that some sites will simply not be able to comply, or not have clever workarounds in mind, and will just fold up, like GamingOnLinux. Personally, I hope this site has workarounds in mind - like how I’ve posted about how my knees hurt and I’m starting to need reading glasses at my age. Find my subtle clues, algorithm!
We all have the responsibility to educate our friends and family now about the risks, and to think up clever workarounds to achieve minimum effort compliance.
