I like the snide comment that implies the Australian government does not have a clue about the consequences of their policies, let alone any idea whatsoever how to verify age without government ID. The Australia politicians are the laughing stock of the world and that's a pretty competitive arena lately!
i just dont understand why pollies continue to try implement age and verification policies, and always try to use the "think of the children" argument.
Nobody wants it. It's a form of control on the internet that i would not desire. I don't care about preventing any harm, because the said harm doesn't get prevented in the first place, and new harm is placed on me!
Therefore, anyone in their right mind ought to completely oppose any sort of verification scheme on the internet. If you want verification, get the customer to pay a nominal amount via credit card - that is as far as it ought to be allowed to go. Any further, which includes demanding by law for verification, should not be allowed.
“I don’t want it” and “nobody wants it” are vastly different things, and in this case the latter is definitely not true.
There probably are/will be ways to do age verification fairly accurately, but they will be scary in other ways, and will certainly violate your privacy, at least during that process.
Larry Ellison has publicly stated that he wants to build an AI powered Chinese style surveillance state that monitors everyone so they never step out of line. He's not the only one.
I have a 14 year old daughter, it is was actually possible, I'd want it.
But, I know better than thousands of policy writers in the Australian government and know it's not actually possible without destroying the internet as we know it, so, I don't want it.
You can't use credit/debit cards, think of the children and the 0.001% of people in Australia without a card.
It is the parent's responsibility to look after their child. If they're using the internet unmonitored when young, the parent is at fault. This responsibility should not be forced upon the gov't which would have to add any draconian laws to prevent mishaps.
The parent remains in control of a child's electronics. While there's some privacy that a child ought to have, the parents still have the responsibility to monitor their child's online interactions (including with strangers in an encrypted messaging app). The parent doesn't need to be able to secretly decrypt it - they can just ask, and to impose the rule that the child tell the parent who these other people are. And occasionally audit it.
This relationship is not the same as a gov't with the citizenry.
Even if I don't necessarily agree with it, I can understand an argument for not allowing credit cards to suffice for this (not everyone has good enough credit to get a credit card - we shouldn't discriminate against the poor and all), but shouldn't every adult legally residing in Australia be able to open a bank account and get a debit card, even with bad credit?
Everyone with 100 points of id can open a bank account. If you have very bad credit, or even officially bankrupt, you can get a debit that does not let you spend more than you have, well mostly. But, that still leaves the newspaper commenters who have a friend of a friend who does not have 100 points of id or loses their card and bank details weekly.
No idea about Australia, but in Estonia (and I suppose most of the Europe?) children can get a debit card without much hassle. Maybe we could give them dedicated BIN numbers so that you could check for age this way, but I think it’s not worth the hassle.
The main problem is that you may not want the state to know how many porn sites you're accessing.
That's where you'd want an intermediary: you log in on porn site A => redirects to some intermediary which only needs to check your age => login from the state, get age, send user with verified token to porn site.
Porn site only knows your login and the fact you are an adult.
Intermediary knows someone needed to validate their age.
State knows this random no porn site wanted to check some claims about you.
I think this is one of those processes that the free market can’t solve unless you have extremely strict regulation.
As bad as it sounds, I also think a government funded partially public entity should provide this form of verification.
If you remove the need to profit to be sustainable for a company like this you remove the need for growth. And if you do that, you also remove the need to find sketchy ways to exploit the data.
The free market would likely go for a low friction solution. Require adult and all sites that allow anyone to upload content to add the RTA header. Make a law putting liability device/app makers to look for the RTA header and put the overall liability of enabling parental controls on the parents. App out of compliance could be pulled from the app store until compliant. Not perfect in any way but is trivial to implement. [1] Plenty of sites have already implemented it. [2] Privacy compliant, no data leakage, no sharing identities, no third parties.
Server operators just add one header, done. App and device developers would have to dig up some old code that can look for a header and check parental controls. Most kids are on phones and tablets. Complete mobile in two years as phase one. Desktops four years out as phase two. That may seem like a long time but this discussion has been ongoing since 2001 at least.
All the big tech companies have lobbyists. Have your lobbyists push for this and this could become a non issue in very little time.
In the TV space, there's been, for 30 years (and mandatory in all new TVs in the US for the past 25), the V-Chip [1], which was specifically designed to be able to let parents disable viewing of inappropriate content. So it's not like the government hasn't gone down this path before.
I suspect the issue is that the user-side voluntary disabling of access means that--like with the V-Chip--almost no one will go about doing it, and that for many of the people trying to push for porn site restrictions, the side effect of forcing porn sites to close down is actually a desirable effect.
Yup I remember the V-Chip. That was similar but just different enough that it made more sense that it never took off. That would have required adding a module to all televisions that would incur cost and would have also changed which entities in the television industry had control over their content. That industry has always been plagued by layers of bureaucracy.
The internet on the other than has let website operators have more freedom to govern themselves with some exceptions. I think in this case implementing RTA headers while it would have some cost it is leveraging existing code, web and load balancing platforms and just bringing back header checks in applications which many apps already know how to do and then calling the parental checks that also already exist in many devices and in some cases the UI is just hidden.
Exactly, have sites merely disclose rough categorizations, move the decision-smarts to devices, and put control in the hands of the owners of those devices.
This places a majority of the cost of implementation on the people who actually want to use it, avoids a creepy Orwellian surveillance system, and enforcement is moved into a physical immediate reality that the average parents can see and monitor.
It also means you don't need to worry about visitors who are unmarried under the age of 16 years and three full moons who may not see unclad ankles in Elbonia.
This seems like an elegant approach. Why hasn’t it gained as much traction as these third-party-ID kinds of approaches?
Is it just the lack of an organized constituency? Resistance from device manufacturers/store operators? Too much control situated with individual families, so the absolutist political voices feel like it’s not pure enough? Or do they figure it’s too easy for a clever kid to bypass?
A bit of all of the above. Third party solutions mean some orgs and politicians can slurp up data and provide it to other third parties for kick-backs. Both RTA and third party can be bypassed and in fact would lead to more teens getting into credit card fraud and potentially giving them a criminal background before their careers even get started whereas bypassing RTA would not create yet more criminals. Gotta feed the prison industrial complex. Small children the original intended focal point would not be bypassing RTA thus giving good parents time to educate them on risks of websites and the people participating on them. Third party tracking allows people against porn to identify what kinks people are into much like Epstein lured people into compromising positions to blackmail them. Even if that is not their intention their sites will be hacked to acquire and sell that information for that purpose. With the RTA header none of this is possible.
Until big porn companies, social media companies or any companies use lobbyists to implement RTA it just won't happen. I bring it up when this topic comes up quarterly year over year. I've beaten the dead horse so many times the dust has evaporated. It's rather silly now since the original RTA header was the ICRA PICS header much more complex to implement. Adding a single simple header and looking for a header is trivial which means the obstacles are entirely human made and artificial. Perhaps when governments start creating more expensive laws and penalties around user contributed content things may change.
That works great, so long as you don't have any malicious actors interested in the treasure trove of data you've amassed.
It's kind of like how in physical systems, if you kill all the predators in a few square km it leaves a void where any predator capable of evading your traps is able to prosper far more than you could have imagined, requiring intense efforts to actually secure whatever it is you were protecting.
If you create an environment that's attractive to predators (giant pools of interconnected, personal data and a system designed around access to that data being equivalent to being the person in question), so long as there are predators you can expect them to infiltrate that system unless you apply extremely costly countermeasures.
Rather than in-housing the identity verification (and allowing DOGE et all to slurp that up), I'd rather ban that sort of thing altogether and take out the private sector alternatives at the same time.
If we really think that's not possible, a centralized implementation is usually preferable (e.g., why do I need to provide more information and photos to id.me than I ever did to the IRS when all I'm trying to do is access my tax data, and why do the new terms of service strongly suggest that my personal information is being used for reasons far beyond identity verification). I don't think that's required for most of the identity-related concerns I've seen the last few years though.
100% agree. And I don't know why it is not a thing already. It's NOT a hard problem to solve. Submit the user given data to a government platform and this platform can then validate with NFC + government ID that it is indeed the correct person.
It'd be such a boon for any age verification legislature in the future.
In Germany in fact we have Postident, which works fine, but is a bloated and unintuitive process and only makes sense for higher-margin and higher risk verification purposes, like opening a Bank Account.
The free market isn't going to solve it, because frankly it isn't a real problem and therefore cannot be solved. It is a neuroticism on a societal level to live in fear of minors accessing 'forbidden content' that we have experimentally proven isn't really all that bad for them anyway. But it is socially unacceptable to state that the emperor is buck naked.
No. Sites shouldn't have to ID everyone that uses them. The internet shouldn't be turned into a nursery for children just because parents don't want to do their job and supervise their children while they're on the internet. If you want a curated internet that is child-appropriate, then you create your own private internet. You don't force the rest of the world to censor itself.
Just like the free market figured out cybersecurity?
It ain't a magic wand that fixes all problems, buddy. Some problems just aren't possible to fix without making changes that sacrifice values core to the economy and of our culture.
Allow websites to Opt IN to claiming to be safe for an age / having a given content, and allow indexes to create an allow list of sites that have opted in.
Any site operating in bad faith should be subject to false advertising enforcement, or if clearly aimed at nefarious activities that sort of crime.
User generated content is "Unrated" until moderated.
Nobody wants kids on the internet (well, most people), but the devil is in the details. I hate the idea I’m expected to provide proof of id to these companies. If poorly implemented, which it will be, then they could use that to correlate advertising to me even when I use a whole suite of tools to prevent it.
What if Google, Apple, and Microsoft had "kid mode" versions of their OS which is what is enabled by default for any under 18 buying a device and normal mode had to be enabled at point of sale with ID verification?
In kid mode, it could only go to kid sites and run kid apps. If a parent ignores all proper advice and enables normal mode on their kids device, then that's on them (or lock them up, idk).
The main advantage is that the id check only has to happen once, in person, and it leaves most of the responsibilities on the parent who should have a vested interest in raising their kid rather than a corporation who wouldn't.
I don’t think kids usually go buy their own devices though, so really this needs to be handled on device setup, which I believe apple phones, at least, already do now. The ID check seems wrong then; if the parent wants to allow their kid to use the device unrestricted then that’s their right.
I like the snide comment that implies the Australian government does not have a clue about the consequences of their policies, let alone any idea whatsoever how to verify age without government ID. The Australia politicians are the laughing stock of the world and that's a pretty competitive arena lately!
i just dont understand why pollies continue to try implement age and verification policies, and always try to use the "think of the children" argument.
Nobody wants it. It's a form of control on the internet that i would not desire. I don't care about preventing any harm, because the said harm doesn't get prevented in the first place, and new harm is placed on me!
Therefore, anyone in their right mind ought to completely oppose any sort of verification scheme on the internet. If you want verification, get the customer to pay a nominal amount via credit card - that is as far as it ought to be allowed to go. Any further, which includes demanding by law for verification, should not be allowed.
“I don’t want it” and “nobody wants it” are vastly different things, and in this case the latter is definitely not true.
There probably are/will be ways to do age verification fairly accurately, but they will be scary in other ways, and will certainly violate your privacy, at least during that process.
Larry Ellison has publicly stated that he wants to build an AI powered Chinese style surveillance state that monitors everyone so they never step out of line. He's not the only one.
I have a 14 year old daughter, it is was actually possible, I'd want it.
But, I know better than thousands of policy writers in the Australian government and know it's not actually possible without destroying the internet as we know it, so, I don't want it.
You can't use credit/debit cards, think of the children and the 0.001% of people in Australia without a card.
It is the parent's responsibility to look after their child. If they're using the internet unmonitored when young, the parent is at fault. This responsibility should not be forced upon the gov't which would have to add any draconian laws to prevent mishaps.
You're saying everything is fine, the parent just needs to spend 24/7 looking over the child's shoulder?
This argument will only work when they get rid of encrypted and one-time messages in apps.
Otherwise it's completely impossible for a parent to monitor their kid.
It's quite something to tell a parent: It's your job to monitor your kid, but also we're going to block your ability to do so.
The parent remains in control of a child's electronics. While there's some privacy that a child ought to have, the parents still have the responsibility to monitor their child's online interactions (including with strangers in an encrypted messaging app). The parent doesn't need to be able to secretly decrypt it - they can just ask, and to impose the rule that the child tell the parent who these other people are. And occasionally audit it.
This relationship is not the same as a gov't with the citizenry.
Did you ignore the "one-time messages" part of my post?
Or that you can delete messages?
Apps these days are ultra privacy focused. It's not actually possible to monitor kids. It's just not.
Even if I don't necessarily agree with it, I can understand an argument for not allowing credit cards to suffice for this (not everyone has good enough credit to get a credit card - we shouldn't discriminate against the poor and all), but shouldn't every adult legally residing in Australia be able to open a bank account and get a debit card, even with bad credit?
Everyone with 100 points of id can open a bank account. If you have very bad credit, or even officially bankrupt, you can get a debit that does not let you spend more than you have, well mostly. But, that still leaves the newspaper commenters who have a friend of a friend who does not have 100 points of id or loses their card and bank details weekly.
No idea about Australia, but in Estonia (and I suppose most of the Europe?) children can get a debit card without much hassle. Maybe we could give them dedicated BIN numbers so that you could check for age this way, but I think it’s not worth the hassle.
How is this not solved yet?
A government API. It gives claims. Such as user x is an adult.
User logs in first, authorises an app to get a specific claim a specific period or amount of times, User logs in to the app, app calls the API.
There is no need for IDs or credit cards or any of the sort.
The EU has already solved this years ago?
The main problem is that you may not want the state to know how many porn sites you're accessing.
That's where you'd want an intermediary: you log in on porn site A => redirects to some intermediary which only needs to check your age => login from the state, get age, send user with verified token to porn site.
Porn site only knows your login and the fact you are an adult.
Intermediary knows someone needed to validate their age.
State knows this random no porn site wanted to check some claims about you.
Did they? Why have I not heard of the EU solution?
I think this is one of those processes that the free market can’t solve unless you have extremely strict regulation. As bad as it sounds, I also think a government funded partially public entity should provide this form of verification. If you remove the need to profit to be sustainable for a company like this you remove the need for growth. And if you do that, you also remove the need to find sketchy ways to exploit the data.
The free market would likely go for a low friction solution. Require adult and all sites that allow anyone to upload content to add the RTA header. Make a law putting liability device/app makers to look for the RTA header and put the overall liability of enabling parental controls on the parents. App out of compliance could be pulled from the app store until compliant. Not perfect in any way but is trivial to implement. [1] Plenty of sites have already implemented it. [2] Privacy compliant, no data leakage, no sharing identities, no third parties.
Server operators just add one header, done. App and device developers would have to dig up some old code that can look for a header and check parental controls. Most kids are on phones and tablets. Complete mobile in two years as phase one. Desktops four years out as phase two. That may seem like a long time but this discussion has been ongoing since 2001 at least.
All the big tech companies have lobbyists. Have your lobbyists push for this and this could become a non issue in very little time.
[1] - https://www.rtalabel.org/index.php?content=howtofaq#response...
[2] - https://www.shodan.io/search?query=RTA-5042-1996-1400-1577-R...
In the TV space, there's been, for 30 years (and mandatory in all new TVs in the US for the past 25), the V-Chip [1], which was specifically designed to be able to let parents disable viewing of inappropriate content. So it's not like the government hasn't gone down this path before.
I suspect the issue is that the user-side voluntary disabling of access means that--like with the V-Chip--almost no one will go about doing it, and that for many of the people trying to push for porn site restrictions, the side effect of forcing porn sites to close down is actually a desirable effect.
[1] https://en.wikipedia.org/wiki/V-chip
Yup I remember the V-Chip. That was similar but just different enough that it made more sense that it never took off. That would have required adding a module to all televisions that would incur cost and would have also changed which entities in the television industry had control over their content. That industry has always been plagued by layers of bureaucracy.
The internet on the other than has let website operators have more freedom to govern themselves with some exceptions. I think in this case implementing RTA headers while it would have some cost it is leveraging existing code, web and load balancing platforms and just bringing back header checks in applications which many apps already know how to do and then calling the parental checks that also already exist in many devices and in some cases the UI is just hidden.
They had this: https://en.wikipedia.org/wiki/Platform_for_Internet_Content_...
But it was bashed as a "censoring system", and now we have nothing.
Exactly, have sites merely disclose rough categorizations, move the decision-smarts to devices, and put control in the hands of the owners of those devices.
This places a majority of the cost of implementation on the people who actually want to use it, avoids a creepy Orwellian surveillance system, and enforcement is moved into a physical immediate reality that the average parents can see and monitor.
It also means you don't need to worry about visitors who are unmarried under the age of 16 years and three full moons who may not see unclad ankles in Elbonia.
This seems like an elegant approach. Why hasn’t it gained as much traction as these third-party-ID kinds of approaches?
Is it just the lack of an organized constituency? Resistance from device manufacturers/store operators? Too much control situated with individual families, so the absolutist political voices feel like it’s not pure enough? Or do they figure it’s too easy for a clever kid to bypass?
A bit of all of the above. Third party solutions mean some orgs and politicians can slurp up data and provide it to other third parties for kick-backs. Both RTA and third party can be bypassed and in fact would lead to more teens getting into credit card fraud and potentially giving them a criminal background before their careers even get started whereas bypassing RTA would not create yet more criminals. Gotta feed the prison industrial complex. Small children the original intended focal point would not be bypassing RTA thus giving good parents time to educate them on risks of websites and the people participating on them. Third party tracking allows people against porn to identify what kinks people are into much like Epstein lured people into compromising positions to blackmail them. Even if that is not their intention their sites will be hacked to acquire and sell that information for that purpose. With the RTA header none of this is possible.
Until big porn companies, social media companies or any companies use lobbyists to implement RTA it just won't happen. I bring it up when this topic comes up quarterly year over year. I've beaten the dead horse so many times the dust has evaporated. It's rather silly now since the original RTA header was the ICRA PICS header much more complex to implement. Adding a single simple header and looking for a header is trivial which means the obstacles are entirely human made and artificial. Perhaps when governments start creating more expensive laws and penalties around user contributed content things may change.
That works great, so long as you don't have any malicious actors interested in the treasure trove of data you've amassed.
It's kind of like how in physical systems, if you kill all the predators in a few square km it leaves a void where any predator capable of evading your traps is able to prosper far more than you could have imagined, requiring intense efforts to actually secure whatever it is you were protecting.
If you create an environment that's attractive to predators (giant pools of interconnected, personal data and a system designed around access to that data being equivalent to being the person in question), so long as there are predators you can expect them to infiltrate that system unless you apply extremely costly countermeasures.
Rather than in-housing the identity verification (and allowing DOGE et all to slurp that up), I'd rather ban that sort of thing altogether and take out the private sector alternatives at the same time.
If we really think that's not possible, a centralized implementation is usually preferable (e.g., why do I need to provide more information and photos to id.me than I ever did to the IRS when all I'm trying to do is access my tax data, and why do the new terms of service strongly suggest that my personal information is being used for reasons far beyond identity verification). I don't think that's required for most of the identity-related concerns I've seen the last few years though.
>I think this is one of those processes that the free market can’t solve unless you have extremely strict regulation.
The free market solves it by not doing it.
and that is the correct solution. Verification is not required on the internet.
100% agree. And I don't know why it is not a thing already. It's NOT a hard problem to solve. Submit the user given data to a government platform and this platform can then validate with NFC + government ID that it is indeed the correct person.
It'd be such a boon for any age verification legislature in the future.
Might be a way to give the post office something useful to do. They already have offices everywhere.
In Germany in fact we have Postident, which works fine, but is a bloated and unintuitive process and only makes sense for higher-margin and higher risk verification purposes, like opening a Bank Account.
Isn’t that what the DMV is in the US?
The free market isn't going to solve it, because frankly it isn't a real problem and therefore cannot be solved. It is a neuroticism on a societal level to live in fear of minors accessing 'forbidden content' that we have experimentally proven isn't really all that bad for them anyway. But it is socially unacceptable to state that the emperor is buck naked.
We aren't anon on the web and we need to get over it.
Fine sites that allow minors to view porn and the free market will figure out age verification real quick.
Why isn't your name in your profile here or why aren't you easily identified if that's the case? You're not all that identifiable here.
No. Sites shouldn't have to ID everyone that uses them. The internet shouldn't be turned into a nursery for children just because parents don't want to do their job and supervise their children while they're on the internet. If you want a curated internet that is child-appropriate, then you create your own private internet. You don't force the rest of the world to censor itself.
We should be though.
Also, what is porn and who gets to define what porn is?
Just like the free market figured out cybersecurity?
It ain't a magic wand that fixes all problems, buddy. Some problems just aren't possible to fix without making changes that sacrifice values core to the economy and of our culture.
[dead]
[flagged]
The Internet should be for Adults.
Do NOT allow children onto the full Internet.
Allow websites to Opt IN to claiming to be safe for an age / having a given content, and allow indexes to create an allow list of sites that have opted in.
Any site operating in bad faith should be subject to false advertising enforcement, or if clearly aimed at nefarious activities that sort of crime.
User generated content is "Unrated" until moderated.
Nobody wants kids on the internet (well, most people), but the devil is in the details. I hate the idea I’m expected to provide proof of id to these companies. If poorly implemented, which it will be, then they could use that to correlate advertising to me even when I use a whole suite of tools to prevent it.
What if Google, Apple, and Microsoft had "kid mode" versions of their OS which is what is enabled by default for any under 18 buying a device and normal mode had to be enabled at point of sale with ID verification?
In kid mode, it could only go to kid sites and run kid apps. If a parent ignores all proper advice and enables normal mode on their kids device, then that's on them (or lock them up, idk).
The main advantage is that the id check only has to happen once, in person, and it leaves most of the responsibilities on the parent who should have a vested interest in raising their kid rather than a corporation who wouldn't.
I don’t think kids usually go buy their own devices though, so really this needs to be handled on device setup, which I believe apple phones, at least, already do now. The ID check seems wrong then; if the parent wants to allow their kid to use the device unrestricted then that’s their right.
Or they can leak your details like Equifax. Then someone goes and gets loans under your name.