You guys should know better, yet keep falling for the distraction every time. That’s exactly how they win.
Add better parental controls to devices, if Facebook sends my children porn on a phone that's "underage" than they get a big fat fine.
But I guess then there's no sending my ID to the world, think of the poor advertisers.
Legislation must call real experts before making any *technical* decisions.
Obviously, it's not about the children. It was never about the children. If I had my way every one of these people would be taken to a gulag, because they are evil, have evil intentions, and blatantly lie to further their evil goals. I am tired of the intolerant being tolerated, and by allowing this to fester we are headed for a much worse totalitarian dystopia.
All of these ID laws are going to make it more dangerous for kids online IMO.
“Hi I’m a Roblox moderator. Your account was reported for X and you’ve been temp banned. Come to platform Y to appeal. Start by submitting all your personal info and a selfie.”
And it’ll be completely normalized by big tech. Seriously. WTF are they thinking?
That makes this fight so annoying, we have to fight age identification, while at the same time also promoting privacy-preserving age verification for the case it happens anyway.
That will only very rarely happen. Do you actually know people that will just give you their phone so you can watch porn? For more than one minute? People are so addicted to their phones.
> it's not about the children
It's also about the children, but there surely are parties which use the process to further their own goals.
> I am tired of the intolerant being tolerated
That's not the right quote for this case.
They don't ask for it, they take it when you're busy or sleeping. Teens certainly weren't asking for Dad's VHS tapes or magazines when I was a kid. I suppose this problem is solveable, too, though. Mandatory biometric locks on every device capable of accessing the internet, why not?
> That's not the right quote for this case.
It is. These people are fascists. Their goal is to create a society where the government has a permanent record of everything every person is doing, monitored 24/7 so nobody can defy it. The point about tolerating intolerance is that by abiding such people, you allow them to create an intolerant society, thus it is prudent even in a tolerant society to be intolerant specifically towards those whose goal is intolerance.
How come being that corrupt pays off so well when you're a politician.
Also, the EPRS did not argue that they are a loophole that needs closing.
From the actual paper:
> Some argue that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well. In response, some VPN providers argue that they do not share information with third parties and state that their services are not intended for use by children in the first place.
The "some argue" is a link; it turns out that 'some' here is the Children's Commissioner for England, a post with, AIUI, only an advisory role in the UK, and obviously not even that in the EU.
It's just a pity they are destroying the internet while doing that. They should be attacking the companies making money from porn instead.
And by the way porn can damage your mind even after 18 so age verification is not a real solution anyway.
The plan is to replace the 99% with machines. It doesn't matter to the 1% if you survive their glorious, great filter.
The great filter is billionaires. It's a billionaire control problem, not a superintelligence control problem. You're livestock. There's a better ox and cart that just pulled down the gravel road.
Then leave the rest of the world out of domestic failed parenting nonsense. However, policy would still likely fail given the cruelty youthful ignorance often brings, and persistent 1:100 child psychopath occurrence rates. =3
The EU won't stop until it has access to all your data, all your messages, anything you read, save, send will be scrutinized by the the big great EU and it's little minions.
Hey, at least we get the freedom of movement right?
The EU was known to be a privacy rights nightmare for at least 10 years now.
People who believe they are addicted to porn view porn at approximately the same rate as other people: they just feel more guilty about it, due to being raised to believe that it is shameful.
One source on the topic: https://www.psychologytoday.com/us/blog/talking-apes/202207/...
""" At the same time, regulators are beginning to address VPN use directly in legislation. Utah recently became the first US state to enact a law explicitly targeting VPN use in online age verification. The state’s SB 73 defines a user’s location based on physical presence rather than apparent IP address, even if VPNs or proxy services are used to mask it.
The EPRS suggests VPN providers may face increasing scrutiny as the EU revises cybersecurity and online safety legislation, noting that future updates to the EU Cybersecurity Act could introduce child-safety requirements aimed at preventing VPN misuse to bypass legal protections. """
Most of the anti-privacy crap hasn't happened thanks to the EU. Particular countries and lobbying groups have been pushing this through the Commission and Council and most attempts have been rejected by the EP.
If we didn't have the EU, some countries would have long introduced this nonsense (like the UK). But in the EU that does not make much sense, since there is a single market, so you have to enforce it EU-wide.
The European Parliament + courts of justice/human rights are one of the last beacons of democracy/freedom worldwide that resist upcoming authoritarianism. We should support them and remind the Parliament over and over again that they should be continuing the good fight.
---
By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
Disclaimer first: I'm not trying to protect him and I'm not tied to him in any possible way. But since when constantly expressing your own opinion (that's what I assume given the age of the account; maybe I'm wrong, but this seems rather like a person than a bot) is a deliberately malicious activity (as implied by your "trying to sow dissent" expression)? If their opinion doesn't match yours, it doesn't mean that they're evil or something similar. It just means that your views are different.
Of course there is such a thing as EU wants X. The commission drafts laws and presents them to the MEPs who vote on them. The MEPs do not have the ability to propose their own laws. So all these bullshit laws that are voted on originate from the commission.
If I tell you that you can have a red balloon and you only choice is either to accept or reject the balloon, then you don't really have a choice do you? You can't say I want a blue balloon.
> Most of the anti-privacy crap hasn't happened thanks to the EU. Particular countries and lobbying groups have been pushing this through the Commission and Council and most attempts have been rejected by the EP.
Most attempts? And that should somehow reassure me?
Here is another law that was overturned after many years even though everyone knew it was illegal from the start: https://en.wikipedia.org/wiki/Data_Retention_Directive. It only took something like 8 years.
When Romania protested that this was illegal under their constitution, the EU sued them and forced them to spy on their own citizens. So thank you but no thank you.
> If we didn't have the EU, some countries would have long introduced this nonsense (like the UK). But in the EU that does not make much sense, since there is a single market, so you have to enforce it EU-wide.
On the contrary, if we did not have the EU then it would not be such a problem because the same people who are pushing for this crap would have to repeat the same process 27 times, one in each country and they would have to convince/bribe their way into each government. Instead they can now push this stuff through the commission and it gets voted on and if approved gets applied to 450M people in one go.
That is the definition of single point of failure if I have ever seen one.
> The European Parliament + courts of justice/human rights are one of the last beacons of democracy/freedom worldwide that resist upcoming authoritarianism. We should support them and remind the Parliament over and over again that they should be continuing the good fight.
Do we now have to resort to this sort of emotional arguments? The EU as a whole is 27 countries, the world has more than 200 countries today. Are you claiming that most of them are hell-hole under some sort of tyrannical government? You can't be serious.
This is my problem with the EU supporters these days, you guys are so quick to shove in everyone throats the amazing stuff that the EU supposedly does for us every day but as soon as someone complains, you revert to using the same tactics as populists with the US vs Them rhetoric, the emotional manipulative language and what not.
Also your last paragraph is in complete contradiction with your previous statement. Somehow the EU/European parliament is the last bastion of democracy/freedom but it stills wants to access my private messages and emails (for my own good of course), and now it wants to force VPNs to record identifying information of its users (for our own good again).
If what you say is true then we wouldn't be having this conversation because anyone who proposes this sort of law should have been ostracized and kicked out of the commission in no time. Yet here we are.
> By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
Ha, yes, you got me! I can see that when the push comes to shove it's easier to go for the subtle ad-hominem or character attacks.
God forbid someone in Europe could have any issues with the way things are going at the moment. Seems highly suspicious.
Should I send you a copy of my EU passports? Maybe that's whats going to be required in a few years time to post online if the all-mighty EU gets its way but I can understand if you want to start doing the policing early. After all we can never be too careful.
By the way, I love the new definition of democracy theses days: agree with us about everything or we will consider you a Chinese/Russian/Populist/evil (take your pick) troll.
Its perfectly fitting with the way the EU is trending down towards authoritarianism and subtle freedom of speech suppression.
It's not.
It's supported by, AIUI, multiple peer-reviewed studies now.
Just because you don't like the idea doesn't make the science any less valid.
In the past decade one of the favored arguments of ultra-right parties in EU was critisism of EU for lack of freedom. The same parties that are cooperating with and have support from dictatorships of China and Russia.
This is not a rant. I responded to OPs message point by point and simply expressed my opinion on these matters just like he did.
I also responded to OPs thinly veiled accusations that are completely unfounded and downright accusatory.
That will be quite noticeable. And tricky if it's face or fingerprint locked, something I see in all phones around me are. Daddy likes his privacy too.
For the rest: rant on, but it'll only reduce your audience. One thing we can learn from history: calling people fascists doesn't work.
If it's not clear, the point of calling fascism what it is, is not to convince the people who are being called fascists of anything. They cannot be convinced of anything, because they are fascists. The point is to highlight, to people who are already amenable but complacent, that a greater sense of urgency is needed. Our societies are currently sleepwalking into a dystopia that will make the Gestapo and KGB look like child's play. There will be no revolution, no liberation, no resistance if our governments are allowed the degree of control they're seeking. Once complete surveillance is established, communications are controlled, and freedom ceases to exist, it will be lost permanently this time.
Obviously, not all solutions have to be 100% solutions to problems. Indeed such solutions very rarely exist in the real world. But they do need to be less of a problem than the original problem, and the more invasive they are, the more you'd better expect they solve a serious problem as comprehensively as possible rather than barely addressing a trivial problem.
Many such cases, in fact! Which you of course don't know about. Because anti-prohibitionist narratives don't cause Number to Go Up.
What's safer: if you were to provide them with secure access to a substance that is risky only when used irresponsibly - or if they had to acquire it illegally off the street, and were to consume it in some sketchy environs away from your oversight?
On the other hand, setting boundaries meant to be crossed - such as a restriction on substance use that "they will violate anyway" - is parental betrayal, and risks bricking your child.
Also many such cases! Which you also "don't know" about. Because you prefer to consider unhappy people less-than-human, and parents are only happy to sweep their failures under the rug. Even if it means giving their child to the torturers.
From one sentence you wrote "as if it's obvious", I can see that your sense of ownership over your progeny trumps your concern for your children's safety.
A lot of resources go into subsidizing your unsustainable lifestyle, which you yourself only tolerate thanks to constantly impairing your cognition but perfectly legally.
Similarly, a lot of resources go into silencing and/or exterminating people like me; yet, last time I checked I was still kicking and spitting.
Both of these economic dynamics, ultimately, serve to perpetuate a multigenerational Ponzi scheme which treats humans as property. Notice people getting into debt younger and younger? Yeah, that.
Quoting an older post...
> In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario.
I do not (completely) agree with this. This seems like the very typical US-centric view of politics. A lot of members of the European Parliament are not corporate puppets and have ideals (even if they often do not align with mine). Why would the EU come with a ZKP-based verification reference app if they were sock puppets? The corporate sock-puppet politician would just push the narrative that age verification should be left to the market (which is probably what happens in the US, where most politicians are sock-puppets due campaign sponsoring, etc.).
You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements.
We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Also, in the case of the EU, they made a reference implementation of ZKP age verification and asked national governments to roll this out in their apps. One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart), so if national software development agencies use the reference implementation as-is, it shuts out competing systems. They should have used AOSP device attestation, which is also supported by GrapheneOS, etc. So, besides protesting age verification, I'm trying to get the message to politicians that how device attestation is done in the reference implementation is an issue. The thing that might help here is that sovereignty is also high on the agenda.
Without the population on your side, it's some insignificant minority's words vs. corporation's power determining where the lines get drawn by regulators. The people can put a leash on politicians who cave too hard to corporations by voting them out of office, but if they don't even understand the issue and have been conditioned to accept age verification, that will never happen.
> One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart)
I am confused as to why you suggest my view is US-centric, and then go on to acknowledge that the EU is currently in the midst of rolling out regulation that de facto enshrines the Google+Apple duopoly in law. The EU bureacracy seems to be just as captured by corporate interests as the US. At times, they put up a token protest against Apple/Google, but generally only insofar as to promote competing European corporate interests where applicable. The EU would certainly prefer to serve European corporations over American ones, but the European people don't seem to factor into the equation at any point.
No, they shouldn't have used any attestation. If they are using sound cryptosystem for their ZKPs, they don't need to care at all about what hardware and software I'm using.
Conspiratorial gibberish
Even on HN there is been a surge of users who instead of defending their arguments or positions on certain sensitive topics such as the EU prefer to simply smear the opposition.
I write about the EU a lot because I live there and I am especially interested in what the EU is doing regarding tech.
I am especially critical of policies that target my private life and it irks me to no end that some people will claim loud a and clear that I should simply be grateful for what the EU is doing when the EU's actions in a lot of matters that I care about have either been deceptive and/or completely went against the supposed principles that the EU is supposed to have.
It's disgusting that people run here, write utter complete lying bullshit and then you attack folks that say "hey, this is complete bullshit".
Be better.
I am not sure what you are trying to get at.
Are you implying that this new draft is not in any way related to the recent Chat Control proposal that wanted to intercept all encrypted messages on phones in the EU, this same proposal that has been debated many times here on HN?
If so, then I am sorry if you think this blatant lying. You must have not been paying attention nor have read the many drafts of this law.
This proposal of tightening regulations around messaging apps and VPNs is being pushed as part of the other pushes for digital identity, age verification and potentially linking online identities to your real identity.
This is not happening just around Europe. It's also happening in the UK, Australia and more and I disagree with everyone of them.
This is not a conspiracy theory, this is publicly documented information that has been reviewed by journalist of all sides and has been decried by many human rights organizations who rightfully see all these moves as wanting to remove fully or partially the anonymity that the internet has provided thus far while curtailing freedom of speech.
> It's disgusting that people run here, write utter complete lying bullshit and then you attack folks that say "hey, this is complete bullshit".
I haven't attacked anyone. I am not sure what you are talking about.
I was the one who was attacked ad-hominem by OP who casually hinted that I was either a troll, a bot or working for Russia or China when the truth is that I am simply a EU citizen who is dissatisfied with the way the EU has handled a lot of it's tech regulations and I am simply voicing my personal opinions on these matters just like anyone else does in these threads.
Maybe you don't share my opinions and that's fine, we don't have to be friends.
> Be better
I will interpret this comment as simply someone who sees himself in the right and looks down on everyone else as poor souls needing to be guided to the light. This is not Reddit, you can get off your high horse now.
One cannot talk about tech without talking inevitably of the second or third order effects that derive from it which is again almost inevitably linked to politics either in the US or elsewhere.
It isn't, it's not enshrined in law, de facto does a lot of work here. IANAL, but I'm pretty sure such a requirement will not hold up in court either. Besides that, the developers of the reference app have stated that national apps do not have to require strong integrity from Google Play Integrity. It seems like they took the standard platform path either because they did not have time the time or knowledge to do anything else.
At any rate, I'm optimistic that it won't require passing strong integrity in my country. Age verification will be added to our national ID app (DigiD), which does not require passing strong integrity, even if it is used for more security-critical applications than age attestation.
If you can curiously converse about politics while avoiding that, you're golden.
Admittedly that's a stretch for a good many.
It was proposed and pushed forward by member countries represented in other EU inatances. It seems obvious that governments of at least some member countries want this crap and try to get in implemented via EU. When it reached the instance that is more sensitive to public opinion, it was shot down.
This is why I tend to look more favorably on the EU than on any member state government.
The obvious solution is having the EU to be more representative. I dislike how entities like the EU Council and EU Commission are sometimes used to launder some countries' governments authoritarian intentions.
If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
Politicians lie to voters to get them to accept things they would otherwise not accept. That was literally central to the entire comment you were replying to. "But the children" and "But national security" are essentially a free pass to enact any legislation a dishonest politician wants with support from a population that cannot stay fully informed on the nuances of the incredibly complex modern world.
> If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
I feel like I could gesture broadly at everything. As noted, people will support something when lied to, but even without public support it's obvious that this happens. Off the top of my head, Trump's corporate tax cuts in 2017 might be one of the most clearcut examples of something that benefitted corporations over individuals, was lobbied for by corporations, and was high profile enough to have public polling while being so blatantly unjustifiable that said polling demonstrated the public was clearly against it.
The 2017 tax cut law was extremely popular among republican voters, so I think that goes towards what I am saying.
This simple policy then goes on to silence most individual publisher(/self-media) and consolidated the industry into the hands of the few, with no opportunity left for smaller entrepreneurs. This is arguably much worse than allowing children to watch porn online, because this will for sure effect people's whole life in a negative way.
Also, if EU really wants "VPN services to be restricted to adults only", they should just fine the children who uses it, or their parent for allowing it to happen. The same way you fine drivers for traffic violation, but not the road.
And if EU still think that's not enough, maybe they should just cut the cable, like what North Korea did.
1. First, year ~2015 legal framework was created under disguise of banning pirated media(specifically torrents.ru)(legislative push). State-wide DNS ban introduced. Very easy to circumvent via quering 8.8.8.8
2. Then, having legal basis, govt included extra stuff in banned list(casinos, terrorist orgs, etc)(executive push). IP bans introduced, applied very carefully.
3. Legal expanded allowing govt to ban specific media on very vague criterias(legislative push). IP blocks tried on some large websites. DPI hardware mandated to be installed by ISPs to filter by HTTPS SNI(executive push).
4. At ~2019 Roskomnadzor(RKN) created, special govt entity which enforces bans without court orders(legislative push).
5. ~2021 sites become banned if they are not filtering content by Russian laws by request of RKN(executive push). VPN services were obligated to also DPI-filter traffic(legislative push).
6. ~2023 Crackdown on VPN started(executive push). Popular commercial services were IP-banned, OpenVPN and IPSec connections selectively degraded by DPI.
7. ~2025 Heavy VPN filtering(vless, wireguard, etc) introduced(executive push). Performance of certain sites were degraded(youtube, twitter, etc).
BTW I live in Turkiye where the government banned ALL the adult websites around 2008. Even as an adult you can't access them. This year they are banning VPNs, introduce age controls and ID verification COORDINATED with the rest of the world. Also banning some games, control social media, and basically make it legal to control and track everyone on the internet. What a coincidence that similar attempts are simultaneous in many independent countries.
And no, children have not been really protected in Turkiye since 2008.
Others look at this recipe and can't help but notice its effectiveness. Eventually nobody is beneath pulling this kind of logic, even if they were the ones crucifying it just a few short years ago. The weaker the leader, the more likely that that they forget where they wrote down those principles of theirs and resort to this crap.
Indeed I do not remember this, nor can I find corroborating evidence that there was much of an effort to justify the requirement to the public at all. As far as I can tell, the government simply decided that they needed more control over the internet, so they made a law to give themselves more control over the internet. https://www.gov.cn/gongbao/content/2000/content_60531.htm It has no special provisions limited to children that only later got extended to adults. (Meanwhile, restrictions on how long children may play games continue to only apply to children, AFAIK.)
If they want to protect children, shouldn't they sterilize everyone?
Every child born, regardless of wealth will inevitably suffer injury, illness, and psychological setbacks. Therefore, the best way to protect them would be not allowing people to have children.
By the way, not having children is also more eco-friendly, because an infinite series simply converges.
I wonder if I’ll see this ridiculous scene in my lifetime.
This one isn't actually accurate. Younger people have longer time horizons (i.e. aren't expecting to be dead as soon) and are therefore more likely to support policies like electrifying transportation and generating power from lower CO2 sources, and policies get enacted when they have majority support, so causing the population to skew older by reducing the number of children is ecologically very bad.
These measures taken by the EU and other government entities has always been about surveillance, censorship, control, and eliminating freedom of speech and association. People need to keep calling out this continual deception and attempt to erode freedoms.
"Rules for thee but not for me."
Of course, by using tax payers money.
And there you have it, the actual reason for this.
I'll make a similar comment I made on another thread: we saw a thread with many upvotes hating on the cyber-libertarians... We all know the EU institutions are ran by cyber-libertarians and that it's cyber-libertarians making such research and decisions right?
Pick your fight brothers. I don't think spending your time hating on the three John Galts of this world is a worthy fight. You may even turn out to be more morally aligned with the John Galt of this world than with the people running the EU institutions (and North Korea).
Eh - my new car has an EU mandated speed limiter in it that takes over the cruise control. It uses a combination of GPS and vision to determine what speed limit to apply. Only slammed the breaks on on the motorway to drop from 120 to 80 KM/h erroneously 4 times in one journey last week.
Much like the oft maligned Google PM that releases/deprecates another chat product to get their promotion, some commissioner somewhere in Brussels managed to make the world a better place with this too.
It has the ring of BS. Why would an authoritarian government in a country with no free press or free elections feel any need to justify a speech regulation with a fig leaf? They openly restrict speech.
I think you’re full of it.
People don't remember because it didn't happen and the license wasn't about protecting the children. But it's so convenient to just blantantly lie on the internet nowadays, isn't it?
Just like the title of this article blatantly lies about "EU" doing something.
> China had no such legislation until 1997. That year, China's sole legislative body – the National People's Congress (NPC) – passed CL97, a law that deals with cyber crimes, which it divided into two broad categories: crimes that target computer networks, and crimes carried out over computer networks. Behavior illegal under the latter category includes, among many things, the dissemination of pornographic material, and the usurping of "state secrets."
I would like you to make that argument.
Governments getting involved absolutely, unequivocally will be used to clamp down on the free exchange of ideas.
You're the one that needs to argue the presence of harm, given you're the one arguing we need to create a surveillance dragnet to shield certain age groups of humans from witnessing how their species procreates.
The default state is that humans procreate via sexual reproduction. You need to argue why we need to take action to hide this, especially given we let children witness other far more brutal activities from the human species like violence.
The EP paper appears to be highlighting the existence of a debate regarding VPN.
Relevant quote:
"Some argue that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well. In response, some VPN providers argue that they do not share information with third parties and state that their services are not intended for use by children in the first place. The Children's Commissioner for England has called for VPNs to be restricted to adult use only.
While privacy advocates argue that imposing age-verification requirements on VPNs would pose significant risk to anonymity and date protection, child-safety campaigners claim that their widespread use by minors requires a regulatory response. Pornhub and other large pornography platforms have reportedly lost web traffic following the enforcement of age-verification rules in the UK, while VPN apps have reached the top of download rankings."
Of course I'm not saying the EU won't regulate VPNs, but nowhere in this paper is "the EU" stating that VPNs need closing.
Yep... and to make it worse, nobody is trying to push them towards looking at privacy-preserving age verification: instead technologists try to convince them that they just shouldn't regulate anything. Which... may not work so well.
It isn't just governments.
This is also quietly being backed by some big corporations with money .
> big corporations with money
Is there a notable difference between these two in most places? There _should_ be but in practice it feels like more and more places function closer to an oligarchy than whatever form of “democracy” they espouse to practice.
Not one policy maker has ever seemingly cared about this. But VPNs! That'll fix the budget and demographic crises of European nations, for sure.
I'm curious to see how the EU will maneuver it's new long-term financial plan when none of the members can even pay the membership fee soon.
Mandatory age verification online is a blight imho. It should be outlawed.
Why is age verification connected with identity verification?
I understand why the former is not possible with the latter, but my question is -
Whichever entity is responsible for the verification can just pass on the age verification confirmation without passing through any of the other details, right?
Am I mistaken here? Because if this was possible, I could still go ahead with using the VPN.
Please stop thinking about the kids on the internet. But here's a brief list of things you must work on with higher urgency:
- taxing more large corporations,
- taxing more ultra-rich people,
- funding EU-made (open source) tech and infrastructure,
- let parents spend more time with their kids so they can actually protect their offspring and keep them safe from predators, more than any stupid law you think you can devise can do,
- more trains.
[1] German men must ask the army for permission to leave country - https://www.dailymail.com/news/article-15706287/German-men-a...
please abolish yourselves. You are worse than cancer.
“Don’t look at this scary monster, look at my pet issue scary monster instead!”
> A loophole that needs closing
[Some argue] that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well.
https://www.europarl.europa.eu/thinktank/en/document/EPRS_AT...
There should be a standardized government ID service/API that allows a person to let it disclose their age (or other user selected information) to a requesting site/service. That's all that is needed if the government ID service has appropriate 2FA and security.
Both the request and the response can be appropriately anonymized so that the government doesn't know the site, and the site doesn't know the person's identity.
Why isn't this a thing yet? As far as I know, no one has proposed it.
Feels like its state vs man nowdays, worldwide. Don't let them mislead you.
Beyond that I fully believe there are intelligence agencies, advertising agencies, military interests, IP control interests etc that are all working very diligently and in more targeted ways to each achieve their goals better by pushing for specific measures and helping to amplify moral panics to build the necessary political capital.
Basically if you want to do any sort of remote work, I'm not saying you're necessarily using one right now, but the odds are good. Possibly the politician's own IT back-end might have ... opinions... on the ability of the executive to overly check the legislative too.
Now there is a time politicians control what websites we can access.
Reporting on the EU tends to be quite bad, because people often don't really understand what it is or how it works (in particular there's a tendency to conflate what the commission wants to do with EU policy), but this is unusually careless reporting.
They need a referendum since it affects people's security and well being.
EU is a tyrrant.
I'm not as bearish on all this as most people here. I don't see much use for age restriction, except maybe keeping preteens off social media. That said, the proposed verification tech is very private, as far as I can tell. My review was cursory, though. Also, each EU member is free to use a different technical solution. Of course they're free to not make age verification obligatory at all. This programme is meant to be a strong default legislative and technical framework: it can't make EU members do something.
As VPNs usually cost some money, which is already a barrier for minors.
VPN for the VPN with a back-up VPN for the VPN's VPN.
There is billions of research going into making children addicted through the window of their phone screen to watch apps, and now with AI this is getting even more dangerous.
It's not only children, also many elderly people are targeted. They are very lonely and then develop a Claude addiction.
People pointed that out quite a while ago already. Age sniffing is a joint attack on the freedoms of people, which explains why these lobbyists also try to abolish VPNs. Their vision for the world wide web is one of authorization. Ultimately they will fail, but a few get rich here in the process.
It reminds me the Mullvad pub campaign: https://mullvad.net/en/and-then/uk
no, they want to pretend this is the issue, so that pervasive monitoring or permission and/or deanonymization is normalized. It is to serve the state apparatus, rather than any actual protection.
Kids don't have money and hardly ever manage to do crime without getting caught so they're profoundly uninteresting to surveil in this way, but adults are and here the interests of the state and corporations converge so they'll make a push for tyranny.
But how to make people accept it? Tell them they want to expose kids to gruesome tentacle porn, or else they'd support this. Few adults are willing to admit they even look at porn, let alone argue that this is an important activity that needs to be protected, which it is.
Last two times they tried to push other censorship/tracking laws (claiming as always "we have to, EU is making us") there were mass protests in every city and town.
In my own town of 5k people there were several hundred (500 people at least, probably more). And the previous govt backed down.
This topic seems to be coming back everytime certain countries (Denmark etc) hold the rotating EU presidency. Our current PM is certainly in the same EU clique that wants to push this so much, but it's an extremely unpopular position and he is already leading a weak minority coalition govt. It wouldn't take much to topple him, so he will not do anything like that (unless he is convicted people are distracted with some crisis, but that is where normal people come in. To keep watching what is being smuggled in).
I wonder why do voters in those countries that propose these laws tend to allow this to happen again and again.
That, and the lack of real issues to solve.
Did you grow up with free streaming platforms? Pretty sure many adolescents were accessing porn before those, though it was slightly less accessible.
I personally don't have a definitive opinion about porn (I feel like young kids obviously shouldn't have access to it, but it shouldn't be illegal to adults, but I don't know where the limit should be), but I feel like making it harder for kids to access social media makes sense.
You are right at pointing out that the paper is overall presenting the subject in a balanced manner, unfortunately it seems a bad choice was made when it came to that specific sentence, that gives a venue for it to be fed in the outrage machine.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
For this "story" to gain legs, someone must have pulled that sentence out of content without mentioning the source and then added some misleading context for the outrage.
Bombing children is OK and we happily produce and deliver all the weapons needed for that.
Patterns of an ill society.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
Usually things like these are qualified like "the Department of Defense of the USA stated X".
> Of course I'm not saying the EU won't regulate VPNs
The word choice is quite revealing. You write "regulate VPNs". To me this is not "regulation" at all - it is restriction or factually forbidding it. It is newspeak language here if we dampen it via nicer-sounding words. It also distracts from the main question: why the sudden attack by EU lobbyists against VPNs?
Live sports, they’re already assaulting internet infrastructure in various EU member states (eg. La Liga forcing Spanish ISPs to block cloudflare IPs during matches). With this in mind it seems less a case of surveillance state and more a case of corporate state capture.
Parents should learn how to be parents; the government shouldn't force companies to do parenting instead.
Social media companies (e.g. Meta, Snap) are the first that should provide that but they don't.
Regulate the poison first, not the access to it. All this age verification nonsense is an admission that some platforms knowingly harm their users. And instead of fixing the issue by cracking down on the proverbial crack, governments make everybody's life worse.
I remain hopeful that one day, humans will regard the online advertising companies with the same scorn we do the tobacco industry and may they be ashamed and disgusted at our inaction.
(Not to mention all the other consent age laws.)
That said, VPN is a national security issue, children are only a pretext.
https://taxsummaries.pwc.com/ireland/corporate/tax-credits-a...
In case anyone wonders: this means the FANG companies don't pay tax in Ireland if they hire enough people in Ireland, which has famously high income tax. It is, in other words, effectively a massive tax increase on the employees while actually reducing total tax income in the EU compared to the "double dutch sandwich".
Note that Ireland signed at least 2 international treaties that they weren't going to do this (OECD minimum tax treaty, EU tax treaty). Of course, there are no consequences to this.
The response to is that EU is exploring company-tax-per-transaction which is so incredibly bad in the massive administrative burden it will generate. It's not final, but it will mean that for every transaction done companies will have to keep (PER transaction) pieces (plural) of evidence for what country they happened in. Every single transaction.
https://joint-research-centre.ec.europa.eu/projects-and-acti...
When I was a kid, child programming and commercials were heavily scrutinized. Now any kid can access porn, violence, and scams on the internet. That's a blight. Not age verification.
Before Internet they used paper.
Maybe porn and violence is making today's teenager behave better than those 30 years ago after all!
> The report highlights emerging approaches, such as “double-blind” verification systems used in France, where websites receive only confirmation that a user meets age requirements without learning the user's identity, while the verification provider does not see which websites the user visits.
With the EU's current approach, disconnecting the two is the exact point. There is no third party, the government ID you already have can be used to verify your age directly with an online service.
At least most complaints I see here are assuming that age verification means tracking.
Too bad, there could be interesting discussions about privacy-preserving age verification, if people just bothered getting informed before complaining.
There's no issuing party to collude with to deanonymize users, no hard requirement on owning a Google- or Apple-vetted smartphone, and generally no way to identify me besides my choice of random numbers.
You move past that, and people rightfully tell you that your scheme outright breaks privacy, or that it makes too many assumptions or is too complex to easily verify it actually preserves privacy.
The EU digital wallet framework is built around those, and your suggested scenario is a first class citizen.
It is now moving from the academic/research world, to the political field, and feedback/pressure from both commercial groups and political agendas is muddling the field.
Here are some links to canonical docs, you can easily find high quality videos that explain this is shorter/simpler terms to get a grasp of it.
https://www.w3.org/TR/did-1.0/
https://www.w3.org/TR/vc-data-model-2.0/
A note: it’s one of the healthy byproducts of the blockchain age, don’t get sidetracked by some hyped videos from crypto bros.
In theory, every EU state will have to support this soon so users can use it to verify age privately online. Still work to do to roll this out for real, but the technological part is very much already happening and I think the rollout plan is committed.
[0] https://www.personalausweisportal.de/Webs/PA/EN/government/t..., https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/El...
My German isn't that great, but I can't find any sources that state that the German eID can use ZKPs directly. From what I can tell, it uses basic signatures, and the new/upcoming wallet app will take care of ZKP generation. But maybe I'm missing a source in German?
Yes that's how it's done in France for instance, and generally how it's being discussed in the EU.
Most European country already have one, some are still testing theirs. They're required by the EU to make one accessible to their citizens by the end of this year, in the context of the eID project [0].
[0] https://commission.europa.eu/topics/digital-economy-and-soci...
You're kidding right?
In Russia we have gosuslugi.ru (state services), which nowadays requires 2FA and hasn't been compromised in any major way so far.
Among other things they provide a way for a third party to use it as identification service and a user chooses which data about himself he wants to share. No anonymity, though, and I don't see how it can be implemented so that the verification provider doesn't know which service is requiring age verification.
Unfortunately, now that it comes to the news cycle, it’s easy to get outraged around misleading headlines.
I encourage you to invest time in researching what the EU has done in the past decade around digital identities and their framing around privacy questions on this. I hope you will find, as I do, that it moved the needle in t he right direction.
This is not a misleading headline, this is a document from the European Parliamentary Research Service that calls out VPNs as a technology that may need to be moderated in order to enforce restrictions such as age verification.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
As you are calling me out - specifically answer how restricting access to VPNs would benefit the freedom of thought, communication, and information within Europe, and not be something that - together with other measures - can help facilitate digital fascism.
For everything that's wrong in society the answer seems to be more and more regulations. The negative effects (such as the lack of European AI companies) are then waved away (it's because Europe spends their money on American AI instead of investing in EU AI).
It's honestly scary.
US, from its biggest companies to the whole of Silicon Valley culture has done the exact opposite.
Within the EU, multiple attempts at pushing changes in opposition to this have been proposed, debated, voted on (and rejected), as democracies do.
Not perfect, but when you come down to laws, EU bureaucrats gave EU citizens article 8, US gave them the CLOUD act.
If 51% of people want to do something wrong, they should do it to themselves and leave the other 49% alone. Democracy is not an excuse for doing the wrong thing and going "oh well, guess people want it".
GDPR does not protect you from governments snooping on you. The same way it does not stop governments from collecting data on you: https://en.wikipedia.org/wiki/Data_Retention_Directive
It sometimes even forces governments to collect more data on their own citizens like in Romania.
The only difference between the US and the EU is that the EU has somehow managed to convince a bunch of useful idiots (not saying that you are part of it) that it is better than the US when in reality its the same shit just with a different color and smell.
It can also mean that disabled parents won't have to bring to life disabled children, which is a great relief.
And no, this money couldn't be used to improve the life of families.
Showers will nanny, sleeping with the parent. What next?
But I applaud your only mildly extreme idea, builds on the insanity of these lying tools well.
I'm quite sure that if you asked parents, they would rather have the playground than the surveillance.
But proper curial oversight stopped with the Lugovoi law in 2013, after which RKN could block directly based on orders from the General Prosecutor's office.
So supporting policies, "that somebody should do something" sure, also my generation thinks like this and the older one. But supporting policies that also actually affect themself, different story.
Because there is also the effect of doomerism. If the world is doomed anyway, then I can at least enjoy my vacation while I am still alive.
Probably because air travel is something like 2% of CO2 emissions, driving long distances also emits CO2 so the actual reduction is more like 1%, and people understand what a cost/benefit ratio is.
Meanwhile they're significantly more likely to do things like buy an electric car or hybrid or install rooftop solar, which makes a much larger actual difference.
> But supporting policies that also actually affect themself, different story.
Who is more likely to support voting to fund car chargers, working people who are tired of buying gas or retirees who want to use that money to increase government retirement benefits?
> Because there is also the effect of doomerism.
Doomerism itself comes from being in the minority.
Just because I don’t believe in voluntary action doesn’t mean I wouldn’t accept society-wide policy. I want impactful societal action, not self-harm disguised as feelgood ecohobbies.
This problem can only be solved by coordinated government intervention.
It isn't a stretch to imagine that a small business owner literally doesn't have enough time in their life to maintain their own health and run their business. There are some pretty grim stories out there, I can tell one based on a friend of mine who was working ... I think 70 hour weeks. Sounded rough. It isn't actually crazy to say they may not have an hour free to figure out what form they need to fill out and where to file it, or that they'd be too sleep deprived to get it right. Assuming that this thing is the only thing they need to disclose and there aren't any other pieces of paperwork that need filing (which we all know there will be).
Sure if they have to they'll probably figure it out in most cases, maybe it is trivial. But the businesses where a straw broke the camel's back don't exist any more to point at as evidence. It is hard to know.
[0] https://www.grumpy-economist.com/p/the-cost-of-regulation
Registering a phone number with the official company registry is sure to get you a scam call within the hour. People will come up to your house later to sell you power contracts you don't need, phone numbers you never wanted, and they will lie through their teeth to forge your signature if you don't agree. If you're unlucky, you'll be fighting a handful of scam companies in court within the first year, charging you thousands every month, because B2B contracts don't have the kind of protections customers have.
The only way to live a somewhat safe life as a small business owner is to have a dedicated phone number you never answer and a dedicated post office address where nobody lives.
These kinds of requirements made a lot of sense thirty years ago, but nowadays, with billions of people able to abuse every bit of information you publish instantly from anywhere while you're asleep, it makes a lot less sense.
In theory this documentation can be used to prevent scams and crimes, but actual enforcement of people's identities has become a problem, and the criminals have plenty of unsuspecting family members, homeless people, or mentally handicapped adults they can pressure into signing papers.
Basically, you have no privacy if you start a small business under these kinds of rules.
In my view, it lends more authority to that statement over the other citations in that chapter.
I am inclined to take this as a honest editorial mistake: adding a ? at the end would have been the right choice.
I might be a bit lost on what you/we mean by context. For me, it’s the original pdf from the EU, no quotes.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
That does not, of course, mean that age verification laws are the appropriate solution. You could even argue that it's not a problem that kids have access to all this stuff (though I don't think I would agree with that). But you can't just hand wave it away by saying "we looked at porn on paper when we were kids". The situations are not at all the same.
Encryption is too complex to easily verify it actually protects your data. Still you use it all the time without even knowing it.
Looks like I was wrong and it's not actually ZKP, just regular PKI. What I meant was that no other details are disclosed.
This is the foundational tool for 450 million EU citizens, so I think is very important.
We likely have different interests.
You can debate whether setting up such a system for things like social media is a necessity or desired in the first place, but being able to show someone a QR code that verifies my name and age without exposing all kinds of other details about me is extremely useful.
And then in a completely democratic mannner, Europeans said "that's who we want leading us".
No, it wasn't. She was chosen by a group of country leaders during a closed doors voting.
If it's democratic at all, it's very tangential.
If your argument in favor of that is that watching porn isn't harmful to children, then I don't understand what all that superfluous waffling about china is doing in there.
Surely someone claiming it's arguable should be willing to make that argument.
For me it's not that it's reproduction. Film that shows sex is not an issue as I see it and I don't know anyone that has developed serious addictions to sex in Hollywood film. However I know several people, family members included, that have absolutely obliterated their childhoods and early adult years by becoming addicted to porn. They were groomed by adults online from a young age and, although their parents tried to stop it, kids are sneakier and they got around it, exposing themselves to some truly dark things. It is not easy for families to recover from having dealt with a child with serious addiction issues.
I think it's pretty silly to argue that systemic protections are ineffective and overreach whereas the efforts of one or two parents should be enough and are the correct level of enforcement for the protection of children. The parents of the people I know went to extremes to protect their children and they were mostly unsuccessful.
Combination of abuse and unfettered access to drinks/drugs/Internet is way worse than either one alone. At the same time I think the issue of bad parenting is a) not one people talk about out loud because of stigma (we can attack tech CEOs all day for pushing addictive products but anyone can become a parent and none of them will stand to be called the "bad" one) and b) not amenable to much change save for a global in-house surveillance panopticon. Yes we can choose to place trust in parents to protect children from Instagram and PornHub, but consider that some parents just... won't. Neither can we force them to. What then?
Upd: are they able to use VPN when the Internet is in so-called "white-list mode" where only certain websites are available?
You can attribute it to George Washington or Louis XIV with the same level of verifiability/veracity.
E.g. the problem of social media is not that kid access information. It's more that kids get harassed by other kids.
.
Also, yea, no anonymity is the problem. Why would you want your government to be able to track every single website you've ever visited -- especially considering we're talking about an autocratic regime?
I'm astonished at the naivety on display on a community called "Hacker news."
The state services are required to assist intelligence and law enforcement in lawful investigations, the intelligence don't need to compromise anything.
>Why would you want your government to be able to track every single website you've ever visited
I don't want anyone to track every single website I visited.
>considering we're talking about an autocratic regime
Glad you see the EU for what it is.
The problem is that verifying age requires disclosing your identity and the fact that you use a certain service. Whoever is the provider of such verification, it learns too much about you.
Is the state a worse choice for that than a commercial entity that has fewer resources to secure itself against hacking and might even sell the data itself?
I would rather not have age verification at all and glad there is no such thing in Russia (yet?).
If only being associated with pedophilia and nazis was still something that had to be avoided because it would be career ending otherwise.
If this actually works then it should work in both directions, right?
Example: Many websites are malicious or adversarial, therefore anything enabling a service to discern whether the user is a vulnerable child is a boon to website-operating pedos and needs to be eliminated. The law should inhibit predatory services from being able to discern the user's age, to protect the children.
Because porn is the most taboo things in public, even if a lot of people use it at home. Nobody will come and defend liberal porn access because then everyone will call you a gooner or a pedo. It'll probably be the end of your political debate.
Which means porn access can be weaponized without any political opposition. It's the perfect scapegoat to remove online anonymity disguised as "age verification".
I did catch my son watching porn when he was 13. We talked about it, I blocked some stuff at my router (hardly comprehensive, but mostly to make it easy to avoid the thing he was watching), and then stopped worrying about it. He's 17 now. I'm sure he knows how to find it if he wants it, but I also trust he's able to interpret it responsibly. He seems like a well-adjusted kid. I worry more about his gaming addiction, but it doesn't seem to be interfering with school anymore.
re: gaming addiction - my parents were obsessed with me being "addicted". Now, as an adult, I don't care about games anymore. Everything I have I owe to computer skills and English. What my parents didn't want to see (or couldn't?) was that at the time games were the only interesting thing to do. We were glued to the screens mostly because everything else sucked.
It's a cultural thing
What a fucking tragedy.
I'm sorry you have to live in such a socialist hellscape.
Should everyone in the world then be able to have access to the information I mentioned just because you work for someone?
> How come tax loopholes aren't as scrutinized?
And with mobile capital, like multinationals, they can.
Ireland violated international treaties, multiple, to do this. Oh and they call it a huge success (despite that this will obviously suddenly crash and burn when other countries either block it or give better deals).
Oh and it cements the power of American multinationals over local EU companies, when the Irish government publicly and loudly claims they intend the opposite, and for reasons I don't understand, people seem to actually believe them.
No matter what you (as population) say it will get implemented. If you don't, then they will put sanctions on Poland, withdraw financial partnerships, etc. Like with migrants, they are going to be sent there, even if Polish people vote against.
No matter if you are in favor or against, raising the topic will just make you socially be isolated or even legally punished in some places.
Sad for democracy and free speech.
EDIT: clarified about migrant policy and the decision of countries to choose or not
But there is a problem with kids today having pretty easy access to all kinds of nasty shit on internet, and it isnt like it was in 90s and 00s. 10 year olds on social media is fucked. I dont really care for blocking internet on anything, yet it does appear that simple age verification is necessary for access to certain services.
most people are just super mad that they wont be able to watch porn or their favourite show thats on netflix or whatever. BUt thats not what the article was about. Read a little bit. Comparing EU to fucking Russia is insane here.
https://en.wikipedia.org/wiki/1938_expulsion_of_Polish_Jews_...
https://en.wikipedia.org/wiki/Emigration_of_Jews_from_Nazi_G...
To the EU regulators: we don't need another Stasi, we already have Google and Meta to worry about, thank you.
Also, to regulate in my native language is just a nice way to say the f word, if this conversation is about porn.
It was still the job of the parents to set the bed times etc, but at least this was something the parents could actually control.
And for pay-per-view stations with actual heavily violent or pornographic content: Yes, they were absolutely age-gated, usually via a PIN.
Im contrast, the internet is default-permit: Everyone can access everything, unless the device is specifically set up to block it. Setting up such a block has the risk of causing massive drama with your kids, and they fill probably quickly find ways to circumvent it anyway.
This is why I find the "it's the parent's responsibility" calls so hypocritical: The whole idea behind the internet is to make it as hard as possible to block things. But suddenly we expect the parents to do exactly that? How?
(All that independent of the point that the current push for age verification really seems like a disguised push for control. But that doesn't mean there isn't a real problem. Both things can be true at the same time)
You sure about that? )))
> Source: I’m a parent. My kids haven’t seen porn and can’t access the internet.
Are they above the age of 16? Because then you're either Amish or out of touch.
The argument kicks in at a slightly deep level. Age verification is unrelated to allowing children to watch porn. Someone needs to make an argument showing that age verification would lead to blocking porn, and that argument seems to be impossible to make (age verification is a much lighter standard than the bans on torrent websites, for example, and torrenting is still as easy as it ever was). To block kids viewing porn there'd need to be a - probably global - system of censorship that exerts total control over what people can POST and GET on the internet. The likes of which we have not yet seen and would likely have catastrophically negative political consequences.
I hope you can see how that argument is not compelling.
There is absolutely no need for new technology to track people, it's there already.
Also I feel like a big reason for age verification is social media. Many countries are trying to prevent kids from accessing social media (because we know it's bad for them), and age verification is the way to do that.
Badly implemented, age verification is bad. But there are ways to implement it in a privacy-preserving manner, which wouldn't make the current state of surveillance capitalism worse.
But the current push from all sides to provide id for everything and remote attestation through Google and apple will make the alternatives very hard to use as it basically cuts such people from the economy altogether.
And corporations are having issues discerning bots from people without making access to their services a fuss or dependent on possibly idealistic and troublesome open source projects, like Anubis.
It's truly, absolutely, not about "age verification". If it were about protecting kids from harm they'd take money from corporations post factum that are offending. Instead they're preparing to spend a lot of money. You could also look at who is heavily lobbying for this, you'll find it is fascist tech oligarchs from the US. They couldn't care less about kids except for obscene or profitable purposes. It would be weird for them to be cosy with epsteinian networks of power and at the same time be mindful about the wellbeing of children.
You vastly underestimate the current state of surveillance capitalism.
> You could also look at who is heavily lobbying for this, you'll find it is fascist tech oligarchs from the US.
Go in the street, and ask a bunch of random people: "If there was a way to prevent kids from accessing stuff that is bad for them, and it had no downsides. Would you want it?". I'm absolutely certain that not only fascists will say they would want it.
1. Context is “EU digital identity”. For a decade EU asked researcher how to have a way to verify age only, without extra data leaking. They have a working solution, and it’s the one rolling out to EU citizens.
2. This document talks about VPNs because they have been bought up recently as “how to skip age verification tools”. It is a legitimate concern. Every EU citizen has/will-have a privacy safe wallet to prove age, users from other nations will not, EU minors can just VPN to nation X, and skip age verification.
3. The org producing this doc outlines that yeah, the above is true. It’s actually a balanced doc. Each of us would have written a different one, sure. I likely would have liked “yours” better, since I think we feel we share common values. I’m just saying i don’t thing it is misrepresenting reality. The doc targets eu legislators, likely not tech savvy.
This is not about restricting access to VPNs, this is about outlining that they exists, that they have an impact on solutions proposed for age-verification. Did it not exists, it would reinforce that eu votes on shot without having any grasp on what is at stake.
I actually agree with you: I see civic liberties under attack way too often (and try to contribute as much as possible to upholding them).
But by large, the EU has done a good job at upholding those freedoms. Repeated attacks on those freedoms have been rejected when it was time to vote (in the EU parliament!!!). This makes me confident in the process.
Yes, of course, we can always have “better”, but at some point calling out as fascists some legislators trying to understand what’s the relationship between VPNs and age verification seems to me as the opposite of wanting them to be better educated.
To precisely answer the “restrict access to VPNs”, no of course that’s not “good”. But I like the fact that EU legislator get to read that document, instead/on-top of some partisan mumbo jumbo from whatever news outlet.
This is not hyperbole - Android will be locked down in only 115 days [0]. Further, in order to enforce such an age verification mechanism, you will end up requiring all software to either account for why it would not need to be integrated, or integrate with such a government mandated mechanism. This introduces accounting, surveillance, and approvals for every possible use-case. How would an online forum dedicated to discussing political topics survive? They would have to prove that they are complying with such measures that increase the barrier to operate and ensures that any forum or other arena of interaction would have to be accountable and justify how they are verifying interactions within the bounds of these laws and mechanisms.
Further - beyond locking down devices you would clearly need to lock down networks and communication in order to enforce such restrictions - which leads to deeper and broader filtering / scanning / monitoring - and preventing workarounds such as VPNs to ensure that all thoughts and actions are within these government set bounds.
Further - it is essential to realize that the outcome of this is not the best case of a single measure - the outcome in many cases will be the combination of measures taken by many different governments across the globe that each cut away certain freedoms.
Again - this is not only about age verification or digital wallets - it is the continuous pattern shown clearly through a range of actions made over time by the EU to introduce client-side scanning, age verification mechanisms, locking down devices. It's not all in place yet, but it is certainly being aggressively worked towards. All of these mechanisms will directly facilitate digital fascism as it will literally become illegal to effectively read, think, communicate without it being inside the remaining allowed bubble set by the government.
Another post on the front page of HN just now is about France seeking to dismantle end-to-end encryption. It is then not about the best possible view of a single measure in isolation, it is that these measures will lock in digital fascism broadly unless you are able to see what they facilitate when combined.
[0] https://keepandroidopen.org/en/
[1] https://reclaimthenet.org/france-moves-to-break-encrypted-me...
Android being locked down is the worst case scenario: private companies makes rules, an update is pushed, no platform for discourse. It's also the standard business practice when you let companies implement solutions to "privacy problems": put some privacy preserving lipstick on a fredeom restricting measure.... Specifically: we (google et al) need to verify apps so that we don't let them to do bad things to you, like stealing your data and ... sell it in the very same predatory data ecosystem that we have built and that we sustain for profit.
On the other hand, the EU sees that a law has been mocked on the internet since day zero (you must be of legal age to watch porn), in due time (30 years?) this has an impact on society, and shit needs to happen because yes, this is how laws work sometimes: they limit freedoms. They have learnt from GDPR that delegating the implementation of laws to businesses is bad: they defang it and/or twist it so that the concrete result fits business needs rather than the principles established by law (as per above example: gdpr, ads). So, the EU finds its own tech solution, puts down privacy as a core value, ships down a EU wallet and says "this is the reference implementation".
I like this! It's not "perfect", but i prefer this 1000 times over "let Google verify my age".
It seems to me that the EU has done an excellent job: now that society (including actors in bad faith) is saying "we need to protect the kids", we can say yeah ok, here is the good way to do it. They actually thought about this years ago.
Now THIS SPECIFIC document is .... ok!!! Because it is NOT to be read in isolation, but within the context (my framing) of EU actually giving me laws and tools protecting me. Over decades. And I have seen plenty of attempts at breaking those, and plenty of EU votes bouncing back those attemps.
Overall, there are 2 possibilities (aka tradeoffs on better vs good) when freedoms are attacked. One (yours, as a understand it) is to say "this (VPNs, e2e, ...) is outside of the Overton window, just bringing this up is unacceptable/fascist". You have good reason to defend this approach, and it's ALSO thanks to you and other activists (hope this does not mischaracterize you) denouncing and rallying around these issues, shouting "fascists", that we got them revoked.
The other one (mine? maybe?) is to craft a response that exposes the faults at play, naming and shaming business interests trying to hijack age verification to provide them with business advantages (example in this case: internet in Spain "stops working" when there's a La Liga game, etc, I'm sure you know what i'm talking about).
The willingness to rebuke these attacks in debates can be a slippery slope (opening the window). And yet, in present times politicians wear "being shouted 'fascist' at" as a badge of honour and they manage to translate that into votes. There is a correlation that I see between "good" (argumentative discussing to convince) and "better" ("this is just not going to happen and we should not even discuss this because we have no room for fascism here"). Both are valid, going back to the beginnning we disagree on which to employ in this specific case.
All the above is about "framing", meaning a meta-answer over discourse. Also, let me be clear that I am not seeing you, or activists in general, as "mob shouting" by conflating that with lack of critical thinking, or ability to expose that. I have recognized that your position has value, but let me be clear on that :D
Now to tech details.
Locking down network is impossible as long as decentralization is possible. You ban VPNs? People start using TOR. They don't know and care, but in order to watch porn or sports, now they have better privacy protection across many other dimensions. To gain usage, interfaces becomes simpler. VPNs went from being a business tool to being a consumer tool precisely because companies started enforcing arbitrary rules. In order to get there you need to be easy to use, which makes their usage explodes, etc. Constraints, scarcity, or urgent needs drive innovation, so i don not see autoritative pushes vs tech-for-freedom as a zero sum game (probably an even better description of why we disagree?). Since businesses belong to the fabric of society, sometimes business rules goes into laws. And sometimes whatever a government thinks is ok goes down there, principles be damned. And yes occasionaly you get the guy that needs to go to jail, Prometheus-style. Clearly, Zimmermann. Arguably, Snowden. Provocatively, Kim DotCom. So yes, banning VPNs is bad, but isn't it true that we have this problem because everyone can just flip on a VPN at any given moment? Is this not a manifestation of a right that we have "acquired", in some sense?
In this context the EU has done, and is still doing the "good" thing: the EU wallet has not been assigned a budget and shipped over for development to Accenture or Oracle or any other private business. It has been given to open source researchers, and it leverages lessons learnt while building decentralized solutions. While "everyone" was busy scamming users with ICOs, the EU has taken an interest on Zero Knowledge Proofs. And EU bureaucrats have talked to nerds to understand if there is a way to have age verification and preserve privacy and make all the things that me (and you want). Because, EU has been a global pioneer in elevating data protection to constitutional/human-rights status. Data protection worldwide, in the past decades, rests on me and you worrying and "fighting between each others", but mostly on the EU listening to us and being a global pioneer in elevating data privacy to constitutional/human-rights status, via Article 8.
To flip you statement: the outcome of this is not the worst case of a single measure - the outcome in many cases will be the combination of measures taken by most forward looking governments across the globe that each protect certain freedoms.
sorry for the wall of text, i hope it was worth your time
Maybe some want more control, but most certainly not everybody.
> so that pervasive monitoring
If you haven't gotten the memo, pervasive monitoring already exists. To sell ads.
> or permission and/or deanonymization is normalized
For age verification, it's possible to do it in a privacy-preserving manner. Now people spend their time complaining about the idea and claiming that all who disagree are extremists, so it doesn't help. But we could instead try to push for privacy-preserving age verification.
This topic is just unfavorable with this community... for good reasons.
Those who want less regulation are not hackers, but rich and powerful assholes.
it'd be so easy to do, and would immediately make obsolete any measures taken digitally to preserve privacy
Is this an alien concept to you?
The rise of authoritarianism? Inequality? Revival of geopolitical "realism"? Decrease in empathy and holistic thinking? Increasing willingness of the general population to engage in political adventurism? Accelerating resource consumption (and decelerating resource stocks).
And if you consider none of those "real" problems, I know some people seem to have forgotten about it, but what about climate change? Given the half-life of CO2 and methane, that's a problem as "real" as they get.
Because nobody wants to limit the big corporations polluting the world and exploiting the population, tackle climate change with more than some hollow measures. Because people will be annoyed when it affects them and that means political suicide.
So they manufacture other problems, ones they can control and point the blame to groups that have little voting power.
I care about far more than privacy. These matters are about societal stability, the panopticon, societal robustness in cases of downturns or wars, the ability to counter the mass control capabilities of artificial intelligence - and much more.
> Android being locked down is the worst case scenario: private companies makes rules, an update is pushed, no platform for discourse.
Personally I'm blaming the lock-down on Android just as much on governments as I do Google, because I believe that they have failed greatly at finding ways to interact with modern technology. Instead of heaping ever more complicated requirements on the platform providers and issuing arbitrary fines, they could likely achieve much more by doing less - e.g. by saying "anyone must be allowed to run the software they want on the device that they own" and "when a person pays for a device they own the device" (I believe there are many other answers to this question that would scale far better than current approaches). Fundamentally, a big part of the problem is the many responsibilities and goals of the government where some of them run counter to allowing such freedoms.
> I like this! It's not "perfect", but i prefer this 1000 times over "let Google verify my age".
Personally I think this should be solved to a satisfactory degree by simply requiring anyone that wants to provide access to content that by law is age restricted to simply advertise this with headers similar to CORS that browsers must respect, such that the configuration of the browser blocks access to those not of age. It is then the responsibility of the parents to configure the devices of their children such that they cannot access age restricted content. It makes perfect sense to have a "child mode" for browsers and operating systems, where the person configuring the setup makes this determination without involving centrally approved systems. To the degree that such a solution would have workarounds I'm absolutely not convinced that the detriments of this is worth the additional costs on restricting the freedom of citizens.
> Now to tech details. Locking down network is impossible as long as decentralization is possible.
This is a plain incorrect view at scale. If the EU decides to either ban E2EE/require client-side scanning/require backdoors, then all major chat applications will have to adhere to this, and it will no longer be practical or possible to have an application like Signal installed on your phone. This means that when being investigated by the police, or e.g. when traveling and being searched, you will be breaking the law by having such an application and will by default be a criminal. The magical part of digital fascism is exactly that it is very effectively enforceable at scale. If you require all computers to only run software that is approved by the government, and you outlaw software that allow unsurveilled communication, then digital fascism allows you to enforce this to a previously unseen degree, exactly because you can prevent any computer from being allowed to run it.
These are quantum differences - not differences of better vs worse. They are also differences of societal and technological lock-in - as once you give up the ability to communicate freely you may never get it back. Right now; Tor, VPNs, Signal, are all legal to use within the EU. However, if you make them illegal and you enforce computers, operating systems, and networks to disallow them, then it becomes far more difficult for anyone to work outside the allowed bounds, both due to technical difficulty as well as criminal liability. This is digital fascism.
They’d just get an older sibling, or stranger to buy it. Or they’d have a fake ID. Or they’d just steal it from a family member.
But you know which kids did this the least? It was the ones where their parents / guardians took their responsibilities as a guardian properly.
Doesn't mean that it's equivalent to giving them free access to those consumables.
> But you know which kids did this the least?
Source?
Why do people on HN always need to look at things as a Boolean state? It’s entirely reasonable to have some preventative measures but acknowledging that there are ways to circumvent them and accept that as a reasonable conclusion.
Things don’t need to be “all or nothing” ;)
> Source?
I grew up pre-WWW. Literally lived and breathed the points I’m making.
But don’t just take my word on this. Ask anyone of a certain age and they’ll tell you the same: they either tried cigarettes or knew lots of kids in school who smoked under the age of 16. They had access to alcohol under the age of 18. And pornographic content was easy to get hold of under the age of 18.
The age at which they gained access and the frequency of the usage depended greatly on their upbringing.
What "national security" implications are there with VPNs?
"Foreign agents" communicating in an untraceable way.
All internet communication is wiretapped by default unless you use a VPN to a rival jurisdiction. (Where it's also wiretapped, but presumably the interplay of state actor interests comes up in the "foreign agent"'s favor.)
Clearly, Big Government can't see what you or your company are doing and that's a problem for them.
No.
:/
https://www.ipsos.com/en-uk/britons-back-online-safety-acts-...
>Almost seven in ten (69%) support age verification checks on platforms that may host content related to suicide, self-harm, eating disorders, and pornography.
Sometimes the majority is going to make a decision that you do not like, oh well, that is the cost of living in a democracy. People in "terminally online" spaces like HN vastly underestimate the popularity of these laws.
>>eating disorders
I'm genuinely sorry, but... wait, what? Okay, suicide, somewhat understandable (although some forums where people just share their feelings are endangered by this). Same applies to self-harm. Pornography - well, at least I can understand the motive/justification, although I don't welcome such intrusions in personal privacy. But eating disorders? What? I'm sorry, WHAT? Where's the reasons behind this? Any adequate justification? I apologize, again, maybe I don't understand the thing, but how eating disorders ended up in the same line as suicide, self-harm, pornography and similar?
I completely disagree with you, but at least we clearly know why.
We need to avoid this becoming "60% of people should be stopped because 40% disagrees with them". Alas, constitutions have the purpose of defending core values. Separation of powers lets judges strike down gov bills and laws.
We have check and balances. Diverging from them as an emergency measure for the "right" reason only makes it exploitable after the next election, if parties swap.
"Being a hacker" does not mean "being stuck in the 80s", IMO. If TooBigTech cryptographically controls everything, it becomes harder to hack. Are you aware that the biggest restriction against jailbreaking stuff is that it was made super illegal... because it helps corporations?
You should ask the DIY diabetes community what they think of FDA regulations preventing modifications of medical devices.
Being reductive about this stuff is not a helpful framing.
Ah yes, so that's why Meta et al are the main ones behind pushes for more "think of the children" ID verification/attestation regulations.
For Meta, it's better to have age verification than to downright ban social media.
Do you understand now? Or will you only understand when you get fired from your job and they won't tell you the reason?
Thank you for bringing an argument.
I want to start by tackling your argument head on. What if it's not though. What if it's implemented by attestation and signatures rooted at your local national government? Nobody will be able to tie whatever you watch or write to your identity, because they won't have it. To my understanding, that's what's proposed here, and that won't feasibly lead to any of the spooky consequences you're predicting.
There's another leg to it also. "anything you read or write or watch or say will be tied to your identity" is already true right now. Google is already, at this second, tracking my every move online and using it against me in a targeted advertisement campaign to change my spending habits, but my political affiliations too. If you're truly afraid of that outcome, I believe there are much more prescient and immediate things you should oppose than this.
Apparently you haven't figured out yet that these two are partners. The government restrictions are needed in order to allow other players to perform correlation tracking and deducing your identity.
> Nobody will be able to tie whatever you watch or write to your identity, because they won't have it.
This is untrue in the light of what I said above. The proposed scheme lacks any proof of immunity against tracking and deducing identity. I haven't seen anything like a proof being discussed, while an honestly implemented scheme would require a long and well publicized discussion of the means of protection - to make sure it cannot be abused for political reasons.
The lack of such a discussion is actually a proof that the purpose of the proposed scheme is precisely abuse.
We can oppose more than one thing at a time. All of these privacy invading measures should be opposed as strongly as possible. Companies like Google should be broken up by the government, the parts should not be allowed to collude with each other, and there should be laws preventing the kind of data collection they do without full transparency, user control, and ownership.
That's wishful thinking. The site would log that they sent you to verify your ID with your IP and a timestamp. The proxy server would get your identity with your IP and timestamp. Those two can can be linked. The government would know exactly who you are while also knowing where you came from and when.
Either the government would monitor the proxy or they'd just be running the proxy themselves or forcibly taking it over Room 641A style to log everything going in and out.
There is zero way to verify your identity to a website without trusting some third party with that information. There's no one in the US who is trustworthy enough or immune from being controlled by the US government so you'll always be vulnerable to having your identify exposed and it being used against you.
The best suggestion I've heard so far was scratch off cards that could be purchased anywhere in person, with cash, after presenting ID. The ID isn't logged or scanned, just manually checked by the wage slave at the counter. Even that isn't without challenges though since the cards would have codes that would likely be traceable to batches and where they were distributed to/purchased from which means that information can be checked against surveillance/facial ID/flock cameras to find out who bought them, and they can also be resold/shared online/exchanged/stolen/generated/given to others which means they won't be very effective at identifying individuals or keeping kids from seeing adult content.
The truth is that the entire point of these age verification laws is deanonymization, censorship, and control. Any theoretical scheme we might come up with that wouldn't allow for abuses will never be implemented for that reason.
I totally agree. That can be used as an argument in favour of age verification, though.
Parents cannot be responsible for what other children can do.
If all the children use social media, good luck preventing your kid from participating. "It's okay, just be completely disconnected from everything they share between each other, it's not important to socialise, you can make friends when you are old".
The problem with social media is that it's not okay for one kid to be disconnected. What we want as a society is to prevent them all, so that they are all in the same situation.
To clarify my point: I'm not saying that eating disorders don't harm one's body, but that's a mental health condition.
If it's informational then that doesn't sound like something that needs an age check. If it's encouragement then the encouragement related to an eating disorder is generally encouraging the self-harm behaviors, not (just) encouraging the mental aspect. And a site encouraging depression, if that actually exists and works?, sounds like it goes with the rest of the list too.
> If it's informational then that doesn't sound like something that needs an age check.
That is actually the main problem with all that. Because, as far as I know, some informational websites and forums were legally challenged (sorry if I'm expressing this in a wrong way) because they were hosting content "related to self-harm". Does informational content encourage self-harm behaviours, is it dangerous and should it be brought down? Well, I'm not a doctor and I can't really say, but... I hope you get my point.
---
> And a site encouraging depression, if that actually exists and works?
There's a lot of such websites. They're called "news websites" (joke intended)
It is possible to do age verification in a privacy-preserving manner. So... you're wrong here.
The only privacy-preserving (effective) age verification is asking user if they are over 18 and requiring that they answer truthfully under penalty of perjury. Then prosecute the kids who claim they are over 18. For reason or another no one seems to be pushing for that option.
Do you have kids growing up with social media?
My experience is that parents with kids growing up with social media generally care about whether or not social media are bad for their kids. And generally, parents try to give kids a smartphone and access to social media as late as possible, generally when "everybody else has it" and it feels like it becomes counter-productive to make an outlier out of your kid.
I wouldn't say nobody cares. If anything, I think most parents would care a lot more about limiting access to social media than about privacy. It's pretty obvious that nobody gives a shit about privacy.
And then we could maybe have a constructive debate about whether or not we as a society want that technology. That would be more interesting than "if I keep yelling that it's fundamentally stupid, maybe people on the other side will start believing it".
Well it exists in Privacy Pass, which is deployed in production. And there are countries that are currently actively looking into privacy-preserving age verification. I don't think that "I keep saying that age verification fundamentally leaks your ID, which is wrong, but it's still valid because nobody will notice" is a good argument.
> The only privacy-preserving (effective) age verification is asking user if they are over 18 and requiring that they answer truthfully under penalty of perjury.
I disagree, I think that there could be a sane debate around ZK age verification, if we could elevate it to that.
Our kids have access to social media, but we also know what they have access to because we check their phones periodically.
This is a far better approach than an “all or nothing” approach because we are giving the kids the freedom to learn how to use these tools maturely. But without removing any safety nets for if/when our kids (or any other kids in their social circles) fail to use such tools responsibly.
That’s called “parenting”.
Censoring access to tools, either via government regulations or over zealous parenting, doesn’t teach children anything. Whereas allowing kids to learn to use the tools but being around to support and help them grow when mistakes are made, is precisely what responsible parents should be doing.
And that’s the same approach you should take with learning anything as a child. You give them guidance and allow them to make mistakes but be there to support them. Kids don’t learn to ride a bike from telling them “bikes are dangerous” then suddenly when they’re 16 handing them a bike and telling them to ride it to colleague. So why are you treating social media like that?
I am not, so either you don't understand my opinion, or you manipulate it because it's convenient.
I am not, AT ALL, saying that we should make bikes illegal to kids. But some things make sense to me: we should not sell cigarettes or alcohol to kids. "Go ahead my son, you're 13, you should make your own mistakes: try smoking for a month like your friends, and then I'll explain to you why it is a bad idea" is not how I apprehend "parenting".
I am actually saying that it is nuanced, and that it is difficult to know where to put the limit. Should cocaine be allowed to kids? Cannabis? Cigarettes? Social media? Bikes? Chocolate?
> So why are you treating social media like that?
Maybe you think that social media are like bikes, and that's your right. I think they are closer to drugs. Maybe you think everything should be legal (drugs, killing, ...) and that "parenting" is the solution to all, I don't.
Like cigarettes, the message is "you should never do it, but when you'll get older it will be your choice to do that stupid shit". That is obviously not how I treat bikes.
No, I'm talking about cryptography. That is, maths.
When I say that it is possible to encrypt a message in a way that only the receiver can read it, and the server relaying it cannot, it is not an opinion. I am stating a fact. Zero knowledge proofs are maths, too.
> What do you mean by "it is possible"?
I mean that there are maths that do exist that enable it. There is code that is already written that does it every day. It does exist.
But nobody can be arsed to spend a few minutes getting informed before complaining. It's not just cryptography: people who are very vocal against 5G usually believe that "it boils your blood" or some variant of it, people who are very vocal against vaccination usually have absolutely no idea how it works, that's just how it is. It is frustrating, I guess I just have to accept it.
Saying "it's not possible to do age verification in a privacy-preserving manner" is like saying "it's not possible to deploy 5G in a way that doesn't burn people": it is at best uninformed, possibly just manipulative. Sure, it's possible to burn someone with a strong enough radio signal. But the fact remains that it is possible to deploy 5G in a way that does not burn people, and 5G is nothing special in that regard (it's just "electromagnetic waves", which is a well-known physics concept).
There would be a sane debate to have around 5G (e.g. ultra-consumerism or whatever), but I have never, EVER heard it. The 5G debate is "uninformed people claiming it boils your blood" versus people who find it useful and rightly don't believe the bullshit claims of the first group.
The age verification debate is "uninformed people claiming that it is impossible" versus people who find it useful, and can rightly dismiss the claims of the first group, because really, it is possible.
Nobody says "we ban it for children and then expect them to use it responsibly". Just like for cigarettes. It's never responsible to smoke, it's just that we as a society choose to let adults stink and ruin their health if they want to. But for kids, we a society believe that they are vulnerable and may smoke without realising how stupid and unhealthy it is, so we want to protect them until they reach an age where it becomes harder to justify preventing people from taking those stupid decisions.
For social media it's exactly the same: the goal is to protect the children while they are vulnerable, until they reach an age where it becomes harder to justify. Not that many (most?) adults are wasting a big part of their life swiping utterly stupid stuff on their smartphone, but banning social media for adults is a completely different discussion.
The thing is, if a kid is the only one in their class to not have a smartphone or to not have access to social media, they are in an uncomfortable situation and that puts pressure on the parents to give them access to those, so that they can conform. A big part of being a kid is to conform: being an outlier is a risk. One reason for age verification is to prevent enough kids to access social media, such that "the norm" is suddenly not to have access to social media anymore.
You can disagree with that, but at least you could acknowledge the argument instead of going around it and talking like if there was absolutely no way a sane person could imagine that banning social media for kids could ever be constructive.