If that’s true, I think the law is fine. There are good solutions for anonymous disclosure of information about you, the most mature being Verifiable Credentials, which is an open standard: https://en.wikipedia.org/wiki/Verifiable_credentials
You can disclose just a subset of a credential, and that can be a derived value (eg age bracket instead of date of birth), and a derived key is used so that its cryptographically impossible to track you. I wish more people discussed using that, but I suspect that it’s a bit too secure for their real intentions.
In general, any proposal to use government ID for "age verification" over the internet is going to end in someone using it for mass surveillance, and it's probably not wrong to suspect that as the intention to begin with.
There is no benefit in doing that because parents already know how old their kid is. They don't need the government to certify it to them, and then they can configure the kid's device not to display adult content.
Involving government ID is pointless because the parent, along with the large majority of the general population, has an adult ID, and therefore has the ability to configure the kid's device to display adult content or not even in the presence of an ID requirement if that's what they want to do. At which point an ID requirement is nothing but a footgun to "accidentally" compromise everyone's privacy. Unless that was the point.
I don't know what the proposal for doing this in the US looks like, but the alternative I mentioned with Verifiable Presentations being used was designed to strictly prevent tracking, hence it's useless for mass surveillance. I would love to engage on discussions about the technical side of it and how the EU is currently developing its own identification system based on that, but this thread seems to be purely about politics unfortunately.
And those are better than the ones that do involve ID, which also exist, but not as good as the thing where the service tells your device the rating of the content instead of the user telling the service their age.
How would that work when the service has mixed content? You'd have to go to kids.facebook.com to get the child-friendly version? With a client-sent signal they can just filter it, the same way Accept-Language can automatically translate the UI.
Agreed. Which is why I think the OS level is dumb. Kids can just live boot or launch a vm or keylog their parents' account.
If it's windows, they can just live boot into the OS and get access to pretty much all the files anyway, if the parent didn't encrypt things.
My point is, if the implementation is trivial to bypass, why do we need this legislation? Just let the parents use the existing tools we have and parent.
Elements that contain adult content are tagged and then the user agent doesn't display them.
This also has the extremely useful benefit of making you aware that something is being censored, because then it has a censorship box in place of the content. Whenever censorship is happening it should be flagrantly conspicuous rather than invisible.
It doesn't even need to be that complicated. OS asks you your birthday at setup time. Stores it. Later, an app asks whether the user falls into one of the following brackets:
A) under 13 years of age, or B) at least 13 years of age and under 16 years of age, or C) at least 16 years of age and under 18 years of age or D) at least 18 years of age.
that's it. The OS can decide how it wants to implement that, but personally I'd literally just do get_age_bracket_enum(now() - get_user_birthday());
I think the uproar comes because the well is already poisoned. People are already trained to respond with an outburst of anger to any law that mentions the age of the user, and will find excuses to rationalize that outburst, even when the law isn't that bad.
I mean, "compelled speech"? Really? That's people's argument? This is about as bad as the government compelling you to write a copyright notice.
Compelled speech is bad and it’s something we don’t do, at all. All kinds of bad things come with compelled speech. Mandatory loyalty oaths, erosion of the fifth amendment, compelled work to weaken encryption, etc.
The well should be poisoned. The whole idea is poison.
I don’t oppose limited regulation of messaging regarding products that are for sale, as long as they are aimed at ensuring that buyers have full and correct information about what they’re buying. Also some limited safety regulation on products, but I do think you should be allowed to buy/sell “unsafe” things if you really want to (if properly labeled).
Regulation of products for sale is in line with the commerce clause. (I also think federal regulations on this should comply with the 10th amendment and not apply to local-only products. Wickard v. Filburn was a poor decision.)
The boundary between what is speech and commerce can be fuzzy, but if something is free and provides no profit to its maker then it’s obviously not commerce.
You can disclose just a subset of a credential, and that can be a derived value (eg age bracket instead of date of birth), and a derived key is used so that its cryptographically impossible to track you. I wish more people discussed using that, but I suspect that it’s a bit too secure for their real intentions.