The problem is privacy activists and free speech activists (though there's some overlap between the two they aren't the same) oppose age verification by any means since it has the potential to infringe on both ever so slightly. Meanwhile age verification gates are being demanded and thrown up all over the Internet at a frightening pace. So we get only the maximal data collection solutions implemented by people who don't give a shit about privacy or free speech. And the mass surveillance cheerleaders egg them on.
If privacy and free speech activists understood that a proactive, privacy-preserving approach to age verification is the best outcome we'd be better off.
We should not accept the Overton window shifting here, and say "well, if we do it to ourselves, in a privacy-preserving way, that's less bad".
I think I already said that in my original post.
> We should not accept the Overton window shifting here
Great! Let's say you and I refuse to accept it. How do we keep Discord from demanding passports or selfies? How can we get France[1] or Finland[2] to roll back age restrictions on social media?
You'll never convince a majority of voters in democracies that nothing online should be age-restricted. These are the people that the enemies of anonymity and free speech are counting on to advance their agenda.
At the same time a majority of voters is currently quite content with the state of age verification for access to tobacco and alcohol. Both its strictness (or lack thereof) and privacy preservation (almost perfect).
I'm not saying my proposal is the one that should be adopted. I honestly don't care which idea gets picked and I don't want anything from it. But it's a virtual guarantee that in the absence of a competing good-enough, privacy-preserving implementation, only the most privacy-invasive idea will be implemented.
Build and promote alternatives that don't. Fight the political efforts trying to require it, and identify them as the attempts at control they are.
> How can we get France[1] or Finland[2] to roll back age restrictions on social media?
Host services elsewhere, and ignore claims that a country's laws extend beyond its borders. Support folks trying to fight such efforts politically, where possible.
How well has that worked? Social media and messaging apps have network effects.
> Host services elsewhere, ignore claims that a country's laws extend beyond its borders.
That doesn't help the French or the Finns. Unless they use a VPN. And access the fragmented, lightly-used alternative services from the IPs of the fewer and fewer countries that don't pass such laws.
Your vision leads to a world where the privacy-conscious 1% congregate in echo chambers on Mastodon instances hosted in international waters. Everyone else uploads their passport to FaceSnapTok.
That's not a real solution. It's a cope. That's my opinion and I have no illusions I've changed your mind about anything. I already alluded to that in my original post. Privacy activists think age verification is not a problem that needs to be solved. By maintaining that belief they're ceding ground to bad actors who will "solve" it in a maximally privacy-invading fashion. This will leave the vast majority of internet users worse off.
Correct. But more importantly, privacy activists understand that the "problem" governments are trying to solve with "age" verification is people having privacy.
This isn't something we can solve with purely technological solutions. It requires political action to defeat the attempted control, and pushing back on every instance of people trying to paint that attempted control as mere "age verification" and other "think of the children" takes.
The more we resist turning this into a state-sided solution which provides a service to private companies with a YES/NO age verification, the more likely your data is going to be given to botton-of-the-barrel third party private companies.
I'm genuinely curious what the argument is against state-run privacy focused age verification is here. We already protect real life adult spaces with IDs. You hand your ID to a random store clerk who scans it with a random device when you want to buy alcohol or cigarettes.
What makes these social media platforms special that they have entirely different rules?
I will say, if they came for small privately-hosted communities, I can understand the cause for alarm. But so far it appears to be limited to massive misinformation machines.
Or, as has always been my experience, gives it a cursory glance without scanning or recording it.
This can of course be done government by government, but that isn't scalable for a global company.
I wish I could edit my post because a lot of people had the same misconception when I first wrote it.
It’s not “slightly”. They’ll start with claiming to protect people under 18 from obviously problematic content — porn, grooming, etc.
It won’t stop there. The scope creep will extend to expressing or reading “incorrect” or “dangerous” views.
They’ll probably call some of it “hate speech”, but hate speech is whatever the people in power say it is; on X, “cisgender” is designated as a slur and gets your post censored.
The slippery slope fallacy is only a fallacy if the slope isn’t slippery — “think of the children” is a wedge bad actors are once again trying to use to open the floodgates of censorship.
They don’t even need to target adults; if you control what children can see and express, you have enormous control over all future generations of voters.
What are your thoughts on Apple's approach? You still have to provide your birthdate to apple. But after that, it only only ever shares your age range with other companies that request it, not your birthdate.
There is a stark difference between enabling choice or compelling it.
Somehow in the last 15 years, we have completely lost sight of agency-based ethics as a founding and fundamental principle of western liberalism.
This has been replaced with harm-based ethics. Harm has no fixed definition. There is no stopping rule — when will we have eradicated enough harm? It’s declared by fiat by whoever has the means to compel and coerce — and harm inherent in that enforcement are ignored.
Is it?
I don't think it is.
I truly don't believe that there's any possible way to verify someone's age without collecting ID from them.
But assuming it has to be a private solution, you could do the same thing but make it a non-profit. Then at least _new_ services you wish to use don't need to collect your ID.
Occasionally in my free time I have been tinkering with a certificate-based solution that could fulfill this sort of need for age verification. It’s not the most robust idea but it’s simple enough using most of what we already have. Creating a minimal protocol which doesn’t share actual identifying information nor metadata of the site you’re accessing is trivial. If I can make an 80% solution in less than 100 hours of my free time then some groups with more money and intelligence could propose a dead-simple and easy-to-adopt solution just as easily.