You already have one. It’s called your payment provider.
My bank once sent me a letter to my address, to tell me that they did not know what my address was. So I’m not completely sure they are exactly on the ball.
Same for me my man. I hate the fact that anonymity on the internet will eventually fall before the end of this decade. The west is not that far away from the authoritarian regimes it claims to be fighting against
IMO steam does a reasonable job of age verification - if you’ve registered a credit card, you’re obviously old enough to have one.
I am a baby with an 800 credit score. I undersigned my parents home mortgage so they’d get a good rate. The bank knows I’m a reliable lender.
Googoogaagaa
I think I saw a movie about you
CEO Infant
But they still ask for my DoB when I open a store page for a horror game.
1/1/00 baby!
1/1/however far back the wheel scrolls before I click the year.
And it’s distressingly common for it to under-report my age - stupid march of time.
I was born back on jan 1st 1900
“Why don’t you just trust me that I was born January 1, 1900?”
Nice, same birthday
I’m born 1.1.1970
I changed to 2000 because it’s less scrolling.
Fucking ouch bro
The fact that 01/01/01 is old enough to rent a car without an issue now does make that date seem nice.
You can jump to the date in some menus by typing the number
Age verification wouldn’t be a problem if there was a service I trusted that could verify my age, generate an anonymous one way hash or public/private key pair that could verify my age, and then dispose of all information that would could tie me to that info, I’d be ok with it. The problem is there isn’t a group that I’d trust (well that would be willing to do it) and everyone wants to hoard information and create a central repository that will be broken into. It’s not that there is a possibility it could be, but a certainty that it would be. This isn’t really an unsolvable technical problem, but an unsolvable trust problem.
Age verification if intent was to make it not tied to real ID would be a system where you could go into any store and buy a card you can scratch off for a code to put in.
But, governments want to track and get rid of anonymous accounts. They don’t actually care about age requirements. They want a 1984 type control of citizens to know what they are thinking or at the very least scare off people from expressing thoughts like politicians should be held accountable for fear of current or future consequences from a government that may decide it is treasonous.
The EU actually was working on a system described above based on some sort of zero knowledge proof (so verification via your gov’t id, but without the verifying party being able to assert anything other than age > 18 or whatever data you want to verify)
So being able to get a token without even the government knowing?
Because if it’s the alternative of the government itself issuing the token and it being only the receiving site not knowing, but the government being able to link it back to you I wouldn’t be happy with that either.
I’d prefer it to be as trackable as knowing which specific alcohol bottle you bought. So other than showing ID to a store to get a random token nobody in theory would know who the token belongs to including the government.
I think that’s the idea of zero-knowledge proofs. Nobody ever knows anything about the other party. Monero uses them (among other things) to be truly anonymous.
YouTube’s can be broken and that’s the only one I cared about. I guess steam would be an issue if they tried it.
Pretty sure anything else I can easily just bail on.
Steam’s age verification is entering your credit card details.
youtube? how?
The photo verification works on videos, I took a selfie of a 4k video and it worked. Just used a guys video on yt where he was talking to the camera
Age verification is one thing, but I routinely verify my id online. Banking, insurance, taxes, various other government things, car registrations, some of the kids school stuff and so on. We have pretty decent infrastructure in place here in Finland and the entities I identify myself online already has my info anyways. I can use either my banking app or mobile verification to securely prove I am who I claim to be and the systems have roughly the same user experience than MFA tokens.
Each of those are roughly zero-knowledge, the website I log in receives just “User with login token xxx is IsoKiero with SSN 123456789” and the tokens expire after a while. Also there’s restrictions in place that my insurance company can’t just sell my data to whomever unless I opt-in for their “marketing” program (not going to happen) and even then there’s some limitations on how they can use the data.
The same system could be adopted to age verification, but that’s a whole another can of worms.
If you’ve put your real identity on your passport on some platforms and you’re going to use those platforms for purposes other than work, get ready to be a good and loyal dog.
Fidelity, Banks, Coinbase (before I got out of cryptocurrency entirely).
But, basically, only when government regulation does (or SHOULD) impose KYC requirements.
Age and ID verification might be good in a very few cases, but it should definitely be a deviation from the norm.
Tax filing?
IRS should already know what I owe and not worry about who logs on to pay it.
Oh yeah, the states is like that right… I meant for filing and claming tax benefits.
A few years ago the IRS website wanted me to take a “video selfie” using a webcam to log in to access my tax stuff. I said Fuck That and ended the session. Finished my taxes through a 3rd party vendor instead.
There is no way the states is a real place. That’s beyond crooked and clearly trying to push people into using a 3rd party product.
Personally I’ve found online banking, medical and travel services rather hard to resist.
Those new mobile phone things the kids are using also have biometrics and internets and look pretty handy to have around.
Trying a service and scanned my ID. We will see
Which cleanup tool do you use, I’ve got 10 things flashing hundreds of dollars in subscriptions I’m fairly certain someone got access to all my accounts after the last person I called asked to do a screen share when he sent me a text saying all my photos would be deleted!?
I don’t use a cleanup tool I am in Europe and avoid american services like the plague. I got my identity stollen once by an employee of SFR which registered many accounts. Sinces these accounts had my ID I contacted the operator to change cut them and allowed full access to the logs to the police. Was solved really quick.
I ordered some alcohol online because I couldn’t find the brand of rum I was looking for locally. They did some age verification before I could order, same that I could have encountered in a grocery store.
Of course they just got sent a token and not a photo id which changes the calculus some. I’m against trusting random websites with personal information, not an age block on its own.
I do think each Nation does need some form of online verification.
It’s pretty clear what kind of damage malicious actors can do by posing as a Nations citizens online, especially en masse and orchestrated. This problem is going to continue to get worse with the rise of LLMs.
The solution is better media literacy, better education, yatta yatta but that straight up ain’t happen, and certainly not at the scale needed to circumvent that kind of damage.
What other solutions do we have other than Nation wide online verification systems?
Seriously. We need a functional government and world leaders who can manage id systems and verification with privacy and security in mind, and act reasonably in the public’s interest, just like they do for driver’s licenses, voting, taxes, etc.
looks outside
Oh no
You need to trust your government or trust it to not turn evil to be willing to see them take on the task of knowing every single online account you use. And hope whoever comes into power doesn’t find comments you made in a past a threat that it wasn’t before. Like something as benign as the belief politicians should be held accountable could be flagged as treasonous for daring to question the government’s credibility.
Which is the real goal of online verification. Police citizens and eventually kill off or curb sharing of thoughts and ideas for fear of current or future retaliation depending on who comes into power. Automated flagging of potential abnormals based on profiles generated from linked citizen online accounts is the end game.
The idea that this would help stop malicious foreign actors itself seems like yet another false belief that this type of system would be used for the good of citizens as opposed to tracking and move towards Big Brother.
You need to trust your government or trust it to not turn evil
that requires trusting my neighbors not to turn evil, or rather >20% evil (since all it took to elect Krasnov was 20% of the population voting for him) and I have lived in places that were >60% evil, so…
I don’t think it needs to be government based, I don’t see why it can’t be Independent.
I don’t see why the independent entity can’t work through the local DMV systems for verification.
You can cry “Oh, but then you’re trusting a corporation with your data” and like, first off, it can be a non-profit. Also, what are you doing with your ISP? The browser you use? The websites you visit? Every step of the way you’re trusting some corporation with your data - there’s no getting away from that.
When something used to not be required shifts to now being asked of by even nonessential sites to more easily link to an actual ID I’m not as open to just handing it over as you are.
Your line of thinking falls along the lines of people who chose to verify with discord, so nothing is really an issue to you. So trying to convince people like me to fall into your line of thinking is going to take more effort.
Palantir is a corporation and independent entity after all. And non profit isn’t some bullet proof protection.
I don’t think nonessential sites should have some kind of ID verification, but I do think there needs to be some spaces where IDs are verified.
If we can’t trust the government, and we can’t trust independent entities, and there are actual government entities around the world are pouring resources into both misinformation campaigns and LLMs to use against the populace, what options do we have?
Why can’t we trust The Linux Foundation (for example) with tie ins to government verification systems to socialize on closed box social websites where we know the individuals we’re socializing with are actual people of the Nation?
My point is that we as a society, and each Nation for it’s own security and health, needs to form some kind of plan to fight both non-citizens posing as legitimate citizens and the rise of LLMs doing the same. For the U.S. I’d argue it’s National Security; there’s pretty clear interference from external sources influencing the populace that don’t make it obvious. How do we do that in a non-intrusive way?
I think the line of thinking that the internet needs to stay private, anonymous, and open is old and narrow-minded. It’s no longer the 90s. We don’t live in a utopia. And corporations aren’t the only entities online trying to influence readers/users. If we can’t feasibly educate a Nations populace on media literacy then there needs to be other protections in place.
Marketing used to be able to target a specific area of populace that would be most likely to fall for their ads or influence, but now it’s being compiled into LLMs which are much faster. This is a threat that is just going to continue to grow until it’s a complete shitshow. We all already have very little privacy out the gate (assuming average level of tech knowledge or whatever).
I’m hoping in the next ~10 years this problem gets solved. I don’t know how, I don’t care how, but the easiest solution is to have some sites use a trustable verification system. I don’t think we can feasibly trust any government with this kind of solution, so the next best thing is an independent entity that chooses not to work with said government since ya know, they’re independent. Obviously I’m not suggesting trusting Planitir or whatever because they do have strong ties to government entities.
The US government asked for subpoenas of users from reddit. You really trust that ID verification is being pushed to help combat misinformation campaigns? Have you looked at the tech bros that were right next to the US president and all the stock manipulation and financial deals being done? A billionaire created their own private agency with doge with zero consequences.
You seem to be operating on the logic of completely ignoring what is going on in the world to still believe any of these changes are for the good of the people as opposed to control. And to be asking for it when you see who is in charge of the US is really wild.
It seems real strange that you cling to the hope that ID verification requirements is going to lead to changes you wish it would when current events suggest the opposite with the US government themselves spreading AI generated misinformation. And that convinces you to hand over more stuff because you are imagining how you would use it while ignoring how the government likely plans to use it based on current events?
I’m hoping in the next ~10 years this problem gets solved. I don’t know how, I don’t care how.
That’s the gist of my take.
I think misinformation campaigns by BFAs and botnets are going to be an absolute nightmare for every society worldwide within the next ~10 years. Let’s be clear - it’s absolutely a part of international cyber warfare. This will of course affect the Democratic societies first and hit them the hardest due to politics.
IMO Nations worldwide are already behind the curve and I think the U.S. is a prime example of how misinformation campaigns can be used to quickly sow distrust in leadership, promote division, and start movements. You could argue that U.S. has been headed this way for years, but it’s been a swift change of guard when compared to the past few decades. I think each Nation is already dealing with this kind of cyber warfare but again, are behind the game due to slow politics, slow policies, and lack of policies on tech.
I understand your concerns, but you also don’t have any solutions. Maybe you don’t think that misinformation and botnets through LLMs online are a problem? Maybe you think the majority of society is educated enough to distinguish misinformation or detect LLMs/bots?
You seem to be taking your position based on how you’d like to see ID verification implementand using that as an argument for it. While I see your argument and it doesn’t make sense because it doesn’t reflect the reality of how governments and corporations are using it.
It’s like you just assume governments and corporations will do what you hope and making statements off that. As if you are the supreme ruler or something where they are going to be guided by your vision. As though you just woke up and thought this could be used to combat LLMs and without any care about whether the government or corporations would do with that info collection just assuming that is what they will do because that’s the idea you are fixated on.
That’s the impression I’m getting from what I’ve read. You have failed to convince me that what you wish will happen will be to the benefit you hope it will be.
This is a bad take. All of it.
Cool, thanks for the notes, alternatives, and ideas. Critical thinking on full display here.
Guess we’ll just have to keep dealing with the weaponization of misinformation in the rise of LLMs all on our own.
I’m sure the undereducated will be just fine and utopia is just around the corner.
I promise you’ll be ok if you think about it for just a little bit longer.
The problem with “age” verification is that politicians are confusing it with identity verification.
I should not have to prove my name and other biometrics to prove age.
Age verification is the fascist way to get people to identify themselves and their online activity. Almost every state that has some sort of age verification law has zero method to actually verify age. No digital ID service, no way to share a credential for verification.
They want people to upload an ID.
This isn’t about keeping children safe and it never is. It’s about identifying critics of the government.
I hate to point out the obvious, but they didn’t accidentally confuse the two…
It is possible to build an age verification system, where you use your actual ID with a cryptographic process without any personal data. The technology has existed for decades now.
problems with that:
- how do you verify that it works the way they say it works
- how do you make yourself heard when it doesn’t
so far the only answer I am aware of for these questions is “you don’t”
The additional problem with that is straight up discrimination. We’re replacing a predatory system with another discriminatory system. It is essentially another path that leads to the same thing. Fighting fascism with fascism.
Public key cryptography and signatures are common technologies nowadays.
you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.
how do you verify that it works the way they say it works
Open source -> you look at the code
how do you make yourself heard when it doesn’t
In proper domcratic counties that is what law is for.
What I want to say with this: it is technically possible to make it proper. There is a interest not to do it properly.
how do you verify that it works the way they say it works
Open source -> you look at the code
a source code repository on github does not have any guarantees that they are distributing the software built from exactly that source code.
but even worse, almost all such apps are closed source. and you have no chance to verify what runs on the server in either case.
how do you make yourself heard when it doesn’t
In proper domcratic counties that is what law is for.
is this “law” thing you mentioned able to make your thoughts appear telepathically in the minds of millions of others, without a channel like the internet?
are you going to post to facebook with your discovery and hope millions will see it and agree with you?
or are you going to grab a big board and a megaphone and go to the town square about the problem?
this is probably the more effective way, but you’ll be called obnoxious, especially by those who have no idea about the tech they useWhat I want to say with this: it is technically possible to make it proper.
There seems to be a interest not to do it properly.
Force the building of a light “honour based” age verification system (just enter your birthday, we trust you not to lie to us), then as more comply add more requirements to it til all accounts are linked and they know when you shit
I am actually not fundamentally against the idea of age verification for some things online. We have many things with age restrictions in real life, for various reasons, it kind of makes sense to have it online as well for some things.
but…it has to be done with zero-knowledge proof so we limit the amount of private data exposed to the absolute bare minimum.
Nym did some work on a zero knowledge verification system:
https://constructiveproof.com/posts/2020-03-24-nym-credentials-overview/
Whenever this comes up, this style of zero-knowledge proof/blind signature thing gets suggested. But the problem is that those only work if people care about keeping their private keys secret. It works to secure eg. “I own $1” but “I’m over 18” is less important to people and it won’t be hard for kids to get their hands on a valid anonymous signing key on the web. Because the verification is anonymous and not trackable, many kids can share the same one too, so it only takes one adult key to leak for everyone to use. It’s one of the reasons they push biometrics that at least appears to need a real human. Requiring ID has a lot of the same issues on top of being a privacy nightmare.
I’m starting to think that actual age verification is technically impossible.
that is less of a problem when the private key is not too easy to export, and when each private key has ratelimits for how often can they be used
Those things come with a big convenience and implementation trade-off that slows adoption.
If it’s hard to export for technical reasons (eg. Needs to be in a tpm) then that adds hardware requirements and complexity and makes it difficult to log in on other devices. If it’s a software thing, then it’s rippable. Either way “install our government app to watch porn” is not an enticing prospect for people.
Aggressive rate limiting is also frustrating if you want to log into multiple things and it keeps blocking you because you’re using your key too fast, but if it’s not aggressive then it likely won’t be effective unless all the kids sharing a key are trying to use it at once.
If it’s a temporary thing where you have to auth with the government to get a fresh signing key that expires, you have the issue of having to sign into the government when you want 18+ content which is super uncomfortable.
I can see it being a browser-based thing set up a bit like video DRM but that would still need to talk to a government server each time for a temp key (like how licence servers work) and you’d need to be logged into their systems. It might still be the best option but it does still leak “X person wants to access 18+ content right now” to the government.
I’m really interested in seeing a technical/cryptographic solution that actually works but so far I haven’t really and I’m starting to doubt that it’s possible.
Zero-knowledge proofs are a good concept. They’ve been possible for a long, long time, and allow age check without surveillance.
So why are they not being used? Because age check is just a cover. These people want to do surveillance, not protect kids.
So it’s a good counter. Want age check? Do it like this. Oh, you don’t want it that way? Why not, pray?
Whether it works (it has, previously) or not (as with the current bullshit from the US), it does bring to the public debate that this is unnecessary surveillance.
There’s also precedent you can point to. Germany has implemented a reasonable system of digital identification and (seperable) condition confirmation (age gate).
Maybe in alternate timeline where tech companies have historically acted ethically.
In this timeline where each new company and/or ceo is more slimey than the last, I know that any type of identification will be mismanaged at best or used maliciously at worst
All trust is gone between these companies.
There is already age verification. It’s called an internet service provider bill.
Best our corporate dictatorships can offer is requiring you to surgically implant a microchip into your brainstem. Everyone without the chip will be classified as woke, and cleansed by the AI killbots on judgement day.
All heil skkkynet.
Or — just make it easier for parents to install filters for their kids??
It’s already easy as fuck. Most parents just don’t bother. The mandates should be on ISPs and cell carriers to provide network-level filtering. I filter adult sites on my home network and there’s no getting around that without cracking the password on the service or factory resetting the gateway.
I also want zero knowledge personhood/Nationality verification for social media. Maybe with age too. I want to know where the accounts come from and whether they are a bot or not.
It can be optional, as long as I get a filter to remove all non-verified people.
Plenty of companies you already deal with already know who you are, thus how old you are. Cell carriers, ISPs, banks, stock brokerages, utility companies, and so on. It would be much more secure, done properly, for a service like this to provide a simple “yes/no” answer to the age question.
That would resemble a zero-knowledge solution yes
How old are you ? If i may ask.
Old enough
deleted by creator
Well your fundamentally wrong enjoy your safe little cage bird, perhaps your master will lift the sheet today.
Your point of view: We have so many fascists in reality, why couldn’t we tolerate some fascism on the internet?
Do you also think age restrictions in real life is fascism?
Some of them are.
Care to elaborate which you think are fascist?
Regarding age verification I think that things we generally don’t allow kids access to in real life could make sense to age restrict online as well. Something like gambling comes to mind, and I wouldn’t personally consider it a fascist action to limit access to that.
Edit: again, under the prerequisite of properly implemented zero-knowledge proof so the site only knows if you’re old enough but not actual age, name or anything.
The definition of fascism is trivial: only one ideology is permitted (no matter what that ideology is exactly), anything else is forbidden.
So any forced limitations without objectively obvious/proven reasons that are welcome by community is fascism. As simple as that.
Limitations of theft and killings are not fascism because most people are against those activities. Limitations on education access is fascism because most people welcome education.
Those who have different opinions can impose their own private limitations in the non-fascist community. Like age restrictions for this or that activity.
The definition of fascism is trivial
made up definition
