As of this week, half of the states in the U.S. are under restrictive age verification laws that require adults to hand over their biometric and personal identification to access legal porn.
Missouri became the 25th state to enact its own age verification law on Sunday. As it’s done in multiple other states, Pornhub and its network of sister sites—some of the largest adult content platforms in the world—pulled service in Missouri, replacing their homepages with a video of performer Cherie DeVille speaking about the privacy risks and chilling effects of age verification.
Archive: http://archive.today/uZB13
I’m not against proper age verifications as such, it would be like carding people in a store or a bar. But I just haven’t seen an implementation of it that isn’t prone to being a privacy nightmare and surveillance state shit.
I know there’s some systems that generate a token that verify that you are 18 and you give that to the site, so neither side directly meet so to say. The site knows only that you have a valid token for being 18 and the app or service you use to generate the token knows just that you wanted to token for something. I think Spain was figuring out a system like that.
Clearly, no-one involved in making these laws has ever heard of OAuth. Not every single site needs to manage your identity / credentials. The government already has this info, they can be the identity provider and use OAuth to grant access to age-gated resources without giving any personal data to the platform. Someone mentioned id.me, and I’m pretty sure that’s how that platform works, though they’re a private entity if I understand their site correctly.
I know most politicians are comically tech-illiterate, but it’s so frustrating to see them constantly implement terrible solutions to already solved problems without asking a single expert who knows how this shit works.
That being said, California passed a bill with a not perfect, but better approach. User age is configured on the OS level when a user account is set up, and then it will tell platforms what age category the user belongs to, and nothing more:
I think iOS already does this, actually.
The CA bill is also dystopian nightmare fuel… The US isn’t going to build an enormous firewall like other countries have, we are just going to pass a bunch of stupid laws and threaten companies to block our citizens from access instead. Put the burden of building the wall on someone else, the modern American Way™!
An entire generation of fuck-wad parents that just gave their kid a tablet and zero supervision instead of actually raising them are now using their failings as an excuse to control the population; control their devices, control their habits, control their knowledge, and control their thoughts.
The bill I mentioned actually relies on parents configuring their kid’s devices. The system it describes just gives online (and even offline) platforms a standardized way of asking the OS what age category a user is as defined at account setup–hardly “dystopian nightmare fuel”…
This isn’t going to stop unsupervised children, which is it’s own problem that technology doesn’t (and probably can’t) solve.
It requires every Operating System and “App Store” to know the user’s age. It requires every piece of software installed to receive the age-range token. It could be catastrophically bad for the open source community - the bill does nothing to define how these tokens are communicated and received. The largest players in the industry can use their market share to exert control over how it happens and bully anyone that doesn’t get on board. For example, Google could tie it to the Play Integrity/Services and effectively kill 3rd party roms and possibly even open source app stores like fdroid, or all side-loading entirely if it was tied into the Play Store enough.
The bill isn’t specifically a privacy dystopian nightmare, but it is still a dystopian nightmare. We need the government and mega-corps to have less influence and control over our devices, this gives them more.
While true, a government IDP would still be able to track what sites you’re using your tokens at, which is not great.
Agreed, but you’d think they would prefer that. The way it is now, they have no way of knowing which platforms have your government IDs.
Though, let’s be real, all they need to do is pay a data broker for the tracking data that’s already being collected everywhere.
I wonder how different Linux distros are going to implement this
By creating a plaintext dotfile in $HOME, I’d reckon. Minimum effort, gets the job done. Users can lie when setting up the account so protecting the file against tampering is pointless.
But more likely, not a single distro will implement anything by default because it doesn’t make sense to change your internationally-distributed OS because one state in one country passed a stupid law.
the easiest thing would be making the internet as a whole 18+.
under 18 would be restricted to a firewalled version and age info would be part of the cellphone or internet plan. on a family plan…? under 18s get a firewalled plan. home internet? have a family and home internet? owner of the service gets a pin to disable the firewall. when everyone in the house hold is over 18, the service is unlocked.
the truth is that none of this is actually about porn or kids, its about the new world lifestyle of surveillance state getting a foot in the door. thats why all this bullshit aligns with other aspect of modern political and business tech agendas
Also the fact no companies are ever held liable for losing all your personal info, I sure as hell don’t trust this, it can backfire at all.
Incompetence is one big reason why current style systems are just a no-go for me.
Same.
When you are carded at a club the staff doesn’t scan your card and keep it on file. They simply look at it and return it.
As someone who worked similar jobs and would have had to look at tons of IDs every day I can assure, I dont have the time or interest in remembering all of them.
That’s really what the whole rest of my reply was about. We need a system more like carding and less like giving them copy of your passport.
The UK experienced a major data breach with all their government info from their ID checks not long after the law kicked in. How many fucking data breaches do we need before people catch on?
Exactly. Just have a system that has basically no other info than “they had a valid token showing they’re 18”. Nobody does anything with that info if there’s a data breach.
I think people don’t realize just how dangerous this shit is until they have been affected in some noticeable way, and even then they will not link just how the incredible amount of surveillance they are under every day is the cause of it.
I worked in tech support for 7 years, and one thing that will never cease to astonish me is how tech illiterate people are. Do you have any idea how many people called me and demanded that I make modifications to their account and refused to tell me any verifying information? While some might have been malicious actors , most aren’t. Most of them were genuinely expecting me to do everything for them and they wouldn’t even tell me what their name is. They fully expected that somehow we would already know they are just from them calling…
Some of them called me on a number not recognized by the system but they fully expected me to pull up their account (fucking how?) Without any information at all.
When you have worked in this field long enough you will know why there is so little effective opposition to all this shit. It is not just because they dont give a damn if we are literally in a 1984 scenario with active cameras and microphones in people’s homes, but they just dont understand what that really means. Even younger people who grew up with these devices from early childhood don’t fully understand just how much they are being observed. If anything Gen Z and Gen Alpha are more fucked since they are the first generation of people whom the algorithms and data brokers have had some profile on since early childhood.
As an elder millennial who grew up in a techie family with computers from childhood. I am fortunate in that they have nothing on me from early childhood to teen years. By the time I hit 20 the internet was still too chaotic and underdeveloped and algorithms weren’t the norm yet (and I was never a Google guy to begin with). But people born within the last 10 years can’t have that privilege.
The US government already uses a clearing house service, id.me, for it’s own verification systems. Why is this not used for this purpose as well instead of forcing the site owners to collect and protect that data? It’s stupid and unnecessary. There is literally already a system in place that they aren’t even considering using.