9mo ago

EFF to New York: Age Verification Threatens Everyone's Speech and Privacy

www.eff.org EFF to New York: Age Verification Threatens Everyone's Speech and Privacy

Young people have a right to speak and access information online. Legislatures should remember that protecting kids' online safety shouldn't require sweeping online surveillance and censorship.EFF reminded the New York Attorney General of this important fact in comments responding to the state's...

Privacy @programming.dev

www.eff.org /deeplinks/2024/10/eff-new-york-age-verification-threatens-everyones-speech-and-privacy

50 0

8 comments

When I hear about "device-based verification" what comes to mind is a device that can be put into some kind of child safety mode, by parents who want to give their children phones or whatever. The device then "knows" whether or not its user is a child without any kind of biometrics or identification.
It has some problems and could case a lot of harm if it's badly designed, but it's the only method that seems close to workable in any conceivable form. Why is it never even talked about in these discussions?
- I thought the same until someone shared some additional insights with me.
  So basically for device verification to work, you have to prove to someone that you're an adult, typically by linking your real ID. The problem comes from when you log in to a porn website and they try to determine you're an adult by reaching out to that trusted 3rd party. Now even though the porn site doesn't know who you are, only that you're an adult, the 'trusted verifier' does know that you've visited the porn website. This makes that organization a huge security risk as it directly links your identity to visiting controversial websites.
  Who would you really trust with that info? Corporation or government, both have major risks to collecting that info. What happens when FL bans porn and starts targeting people they know have accessed it via this database? What happens when LGBT info is labeled 'adult only' and requires this tech to access, creating a database of potential 'undesirables'?
  Once it's created it's absolutely positive that the data will be hacked and that the government will use this mechanism to target at risk groups.
  The difference between this and in person ID checks is one of data persistence. Bars and such things just look at your ID, but don't typically log it in a database. Compiling a persistent database of every 'adults only' only action is just too risky.
  
  The "you'd have to prove to someone that you're an adult" is where we disagree. I was talking about parents setting a "user is a child" flag on the devices they let their kids use. They already know who their children are, no proof is necessary. The device can then send an http header to websites for example indicating that it's a child user. That part could be mandated and standardized by law. It's 99% of the problems solved (in legal theory; obviously not every website and app in the world will choose to participate in any of these schemes) with 1% of the dangers.
  So long as they don't go overboard with misguided efforts to make it impossible for children to defeat the thing, it seems fine. It's dismaying that all the proposals end up with all these ridiculously dysfunctional ideas instead.

Can we just have good parents that care about their kids and know how the internet really is outside of the big tech bubble?
- Hell no. Educating parents is unprofitable. /s

8 comments