Have a website and want the chance for kids to see it? Advertise in the headers that it's moderated and intended to be a given rating. Various indexers can pick that up. Complaints can be forward to relevant government agencies (E.G. for a US based website the FTC, false advertising), or as usual other agencies for harder crimes.

Parents can mark computer accounts as Child accounts and Browsers configured to follow a set of list filtering rules selected by the parent or current guardian (E.G. schools).

So again. Internet == Unrated Free Zone -- Child Mode == Allow List filtered content.

This is exactly the opposite of the way public spaces actually work, and the way that public spaces actually work is the very justification for laws like this in the first place! You've just taken their exact rationale and imagined a world that would lead that metaphor to the opposite conclusion.

In most of the real-life US, you can't put porn on a billboard, you can't sell it in a supermarket, and you can't wear it on a shirt. You can't go out naked in public, and you can't engage in public sexual activity.

If you do want to buy porn or go into a strip club, you have to show ID and go into a distinctly-not-public space behind closed doors, often without street-facing windows lest people in the public space be able to see inside.

The fact that this is how public spaces work is why these laws are written the way that they are—by analogy to real public spaces vs real adults-only spaces.

In most of Europe (spoiler: overgeneralization incoming) nobody would have an issue with a child walking alone through a city, going into a bar and ordering a coke. Nobody is going to stop them from taking public transit to a book store, and nothing is legally or physically preventing them from looking at a couple pages in the latest playboy issue in the magazine rack. Though the clerk might interfere out of his own judgement, and depending on the country they might check your age before selling it. You will however be asked for ID before being allowed in a strip club, brothel or casino, or before being sold a DVD of some action movie.

The action movie too? I’ve never seen that happen, and I’m certain I rented a whole bunch of age inappropriate DVD’s (or was it VCR’s?) back in the day. Maybe we were required to be ID’ed and the teenager behind the counter just gave zero fucks?

One time my parents got me in. They had made a deal with the owner that I'd be shielded by a parent from seeing anything in the store on my way to the small corner of "age appropriate" VHSs, so that I could pick out what I wanted and then I'd have to leave the store while my parents went to rent it, coz from the cashier's counter I'd see too much.

Of course today I understand but back then I was just like "WTF!, why not!?"

Funny to think about now. It was a tiny corner I could see and a huuuuuge store I wasn't allowed in.

Internet came out of military and academia and had a flat namespace. No consideraton whatsoever was given to the idea of a 'social model' for it. This was discussed way back in late '90s in a yahoo group that has since disappeared: social models for communication networks.

The widespread proliferation of attire bearing so-called "ahegao" faces demonstrates otherwise.

That’s not obscene and one can plausibly argue anyone who thinks it so has a dirty mind.

This is the attitude that led us to this problem in the first place.

>Would you allow an 8 year old to wander New York City unattended?

They're at much higher risk of being arrested/abducted by the police than they are anything else. This is a uniquely North American neurosis; this happens every day in every other nation. They take the subway to work/school or walk, like everyone else.

Also, what could possibly lead to that happening? Someone upset they were noisy? Or just that they dared show up at all?

Now imagine there was no parent at all...

As much as I kind of agree, I want to fight so much for open access to the internet because it was so useful to me as a child, thirsty for information and starving for nourishment.

I will say I think these laws are bonkers. Restrict what companies can do with child data, make it clear an account is a minors, that should be more than sufficient.

As a child of the 80s who benefited greatly from the Internet as a kid (repressive religious parents, and the Internet was a lifeline), I feel extremely conflicted.

On the one hand, I absolutely want to preserve the kind of benefit we received growing up. On the other, the Internet looks nothing like it did when I was a kid.

Porn on the Internet today isn’t like it was either.

This was actually on the front page recently [0], and while I'm no prude, I do think it's worth taking the trends in porn seriously when comparing the old Internet to the current day.

- [0] https://news.ycombinator.com/item?id=43196585

Now admittedly many of these things are unevenly enforced, but society absolutely does a lot in the physical world to make it appropriate for children.

> Long term, smoking rates have fallen 73% among adults, from 42.6% in 1965 to 11.6% in 2022.

> Long term, smoking rates have fallen 86% among youth, from 36.4% in 1997 to 3.8% in 2021.

I'd say that's better off, not just in childhood but with long term effects.

You're taking the metaphor a bit too literally.

Or maybe the metaphor is flawed?

GP says that public spaces are adult-only by default, the parent rightly points out this is nonsense: public spaces are Safe for Work (and for kids) by default, and you have to prove you're an adult to access the adult-only spaces. Which is exactly what laws like this are trying to do by analogy to the physical world.

It's not OP that's interpreting the metaphor too literally, the public-spaces metaphor is literally the main justification for these laws and GP doesn't understand how public spaces work.

The internet does have user agents, and for children the user agents are controlled by adults (and if the child has the cooperation of an adult, you already can't enforce age verification). So now you don't need anyone to prove their age in a way that has privacy implications and chilling effects because you can have the child's user agent notify the site that the user isn't an adult, rather than needing each adult having to prove who is. Which doesn't require any form of identification because it's just a flag the adult sets on the child's device. Therefore anything that does require identification is unnecessary and malicious.

Most adults would be put off by that as well, I’m not sure if this is indicative of public spaces.

That said, I agree that public spaces cannot possibly be adult only by default, as children have to traverse them.

No, but that just means NYC is a crappy place. I regularly see 8yr olds wandering Tokyo alone.

I would hope that the answer is yes.

This kind of reasoning (not to pick on the commenter above) is troubling. People blame cellphones and social media. But what are they going to do once they put down their cellphones, if not go out? Should they stare at the walls?

Interacting with strangers is a valuable experience. If we do not encourage children to interact with strangers, should we be surprised when they do not want to participate in civic activities as an adult?

I grew up on the uncensored internet, and it was fine, but I would not conflate the internet with a public space. From my experience the actions and content of the internet are very different from the real world.

https://www.404media.co/the-pornhub-empire-cbc-podcast/

- Kids should be in bed by 8.

- They shouldn't light fires in the back yard.

- They shouldn't run with knives.

If someone tried to use my support for those things as a basis for 24/7 surveillance of bedrooms, back yards and knife drawers, they'd be insane.

The anglosphere is so full of authoritarian people wanting to get into people's lives and even when arguing against surveillance you think there's an agreeable common goal we should all strive to. No. We don't.

Yes as long as they know to observe traffic and know how to use the subway.

Almost all child adductions are parental kidnappings. This "will nobody think of the children..." neurosis is just that, a neurosis.

At age 8 I was wandering in Munich unattended.

But okay, gotta admit, this is Germany we're talking about, so not many issues with hordes of mentally ill and/or homeless people doing anything from drugs to defecating on the sidewalk right next to big tech's offices [1].

[1] https://www.theguardian.com/commentisfree/2018/aug/18/san-fr...

I’m sure someone came along later to clean up but this was early morning. My point is let’s not pretend like Germany doesn’t have homelessness and people sleeping rough.

They generally are quite harmless though and not generally any threat to wandering children.

And this harms people how?

I know you meant this as a rhetorical question but honestly, the answer should be yes.

And if the city is too dangerous for kids to live in it now, then fix that.

Likewise for the internet. Kids are going to use it, we should make sure it’s designed around that.

That doesn’t mean we need surveillance like this though.

We don't randomly go around asking Papers Please! to everyone on the street.

I also recall walking a few miles to e.g. the mall, target, walmart, etc. without any adults when I was around 10. I'm not sure I'd characterize public spaces as adult oriented by default.

Only if you look too young (and for the bars it's only for certain beverages), so the affected population is only a small parts of the customers.

Live sex shows are illegal in most places in the US regardless of whether the audience is exclusively adults, so the motivation for these laws is apparently something other than preventing children from seeing them.

Wrt. privacy, the real issue is that the small step helps the big step not just symbolically. ID-based age-verification, even when used for good reasons, gives the state and government access to its people’s history of age-restricted content. If this government decides to, say, prosecute anyone who viewed/bought/consumed (inane) X, it’s far easier vs. a government that doesn’t have age-verification. Both governments face major opposition, but the latter government’s opposition is more effective, because the former’s has already shared their history.

One thing the article doesn’t state but implies, that I don’t agree with, is: the slippery slope is still a fallacy, when a government first decides to age-gate reasonable X (e.g. porn) then unreasonable Y (e.g. history books). Because said government will receive almost as much opposition and people doing work-arounds for Y, as if they went straight to age-gating Y; although not exactly as much, I generally assume (and hope) the difference doesn't outweigh the benefits of "stepping towards the middle". In the article, X is porn, and Y is facial cream, dating apps, and diet pills. But these things arguably should be age-gated; and even the article’s talking points are not that these are OK for children, but that gating them gives the government data on more people (which is a real slippery-slope, not a fallacy, as explained in the above paragraph), specifically people who don’t watch porn (perhaps some of the readers don’t mind porn viewers being monitored because they aren’t one of them). If states were to actually start age-gating history books, I guarantee there would be serious opposition, including from people who are completely fine with age-gating porn.

It would absolutely be possible to implement that stuff in a fully privacy-preserving way, with nothing but basic cryptography, and the government could absolutely enforce that implementation.

Nobody is actually interested in promoting that though, the anti-big-tech crowd just wants verification no matter what, and the pro-privacy crowd just wants something to get angry about. Nobody is looking for a reasonable compromise here.

What are some implementation(s)?

Different implementations vary in effectiveness. Anyone can give a minor access to their device, or a minor can steal their device. So in order to prevent access then, you'd need something like constant face monitoring (via a local model, possible to do anonymously, but expensive and fallible), or legal threats (impossible to do anonymously, because you must track the adult who gave their kid access; and many people are dumb with technology even when it matters, so you either have to fine or jail many people or selectively enforce).

The easiest implementation I can think, which I'd recommend, is to make locked-down kid devices, require ID or even just a credit card (18+) to purchase a normal device, put the burden on adults to not share their device with kids, and only police merchants (for selling normal devices without ID) and websites (for serving adult content without blocking kid devices). Like what we do with alcohol, except not even trying to police people for sharing, because it would be ineffective and messy. Like alcohol, many kids will get access anyways, although less than now.

I like this approach because, IMO importantly, kids who don't try to see adult content will be far less likely to, and parents who try to restrict their kids from adult content will be far more successful. I don't think you can stop determined kids with neglectful parents without drawbacks.

Yeah, it seems like it would not be as much of a problem if you were able to have assurances that your data isn't being held onto. If I give my ID to a bouncer at a strip club, he isn't able to scan it and put it into a digital file. He just looks at it*, goes "yep this guy is of age", and gives it back. If we ensured a similar data flow for the Internet, then it wouldn't be nearly as much of a privacy issue.

*These days I doubt I would even get carded as well. Getting older and all that. IDK how you could implement a similar check for the Internet though.

Minors don't seem to have much of a problem, though?

There are ways to do this which are less bad, but there is no way to do it "in a fully privacy-preserving way" without also making it fully ineffective, because if there is no way to prove who someone is then there is no way to catch anyone providing false age verification as a service to minors. But if there a way to prove that, you've demonstrated the existence of a privacy failure because you could then use the same mechanism to determine what someone is looking at.

Almost anything is possible, but even in this case it was never inevitable or inherently true that age verification for X meant age verification for Y. Which means the value - if any - for a slippery slope argument is "consider the possibilities X might open up"

That said, I understand where the EFF is coming from. Data collection and "sharing" is rampant these days. Any meaningful form of age verification opens up the potential for abuse. What I don't understand is their failure to address how to handle restricted goods.

Also, neither deductive nor informal fallacies mean that the conclusion of an argument is wrong, in any case, so the conclusion of an argument being right does not disprove (or even provide strong counterevidence) that the argument contained a fallacy. Fallacies are about whether and to what degree a conclusion is supported by the reasoning (and evidence, in the case of informal fallacies) offered to support it, not about whether or not it is true.

That isn't a fallacy at all, it's just an argument that requires you to establish its premises, like all sound arguments. People call it a fallacy as a pejorative when they want to dismiss the legitimate concern and shut down the debate even in the cases where the premise is correct.

Rhetorical arguments are more important than ever in the age of AI, because AI is our attempt to simulate that. Probabilistic AI mimics rhetoric (inexpertly). It uses past knowledge to predict future behavior (rather, just the next token) based on probability.

To be clear - I'm not arguing that logical argument aren't important; I am a logical person, and prefer logical arguments to rhetorical ones. I prefer the certainty. I still recognize the need for rhetoric. Not everything is certain, and you have to make decisions based on probabilities and unknowns.

Incorrect. Slippery slope is an informal fallacy, which applies to arguments based on evidence not logical relations under certainty. But it is a component of the slippery slope fallacy that the implicit premise (that the precondition that is the subject of the argument is likely to lead to the result that is the endpoint of the slippery slope) is inadequately justified, not merely that a slope from the precondition to the endpoint is presented.

Why would we want to keep minors safe from "harmful chemicals" but not adults? If skin cream products with Vitamin A or alpha hydroxy acids are harmful, and I'm entirely unconvinced they are (at reasonable concentrations), lets just get rid of them.

My understanding is they’re harmful if misused.

Is this about the chance about being inadvertedly misused to the point they’re harmful.

I dunno, by all means, don’t sell them to kids, but should we really forbid a 15 year old unless they can show some form of ID? They’re not any more likely to do something dumb with it than an 18 year old.

If they contain known substances that cause cancer or birth defects*. There are plenty of substances that can harm you that aren't subject to requiring P65 warnings.

Don't worry, they still can poison the water you use:

https://www.cbsnews.com/news/supreme-court-epa-san-francisco...

[0]https://en.wikipedia.org/wiki/Verifiable_credentials

Lately, a new law just passed to force porn websites to check the age of visitors. I would have been fine with an authentication going through France Connect:

- the gov knows which website you went to, just like your DNS provider would, but it doesn't which content - and the website knows which content you've watched but not who's watching.

Best of both worlds!

But no, we have to send a copy of our ID card to the website, which is INSANE because the website knows WHO you are and WHAT you're watching.

No personal information is shared.

While I do not aggree with pervasive age restrictions, this is a nice technical solution to privacy preserving age verification

You'd know the state they're a legal resident of as they use state-specific keys used for signatures.

If the request allows checking arbitrary ages like Apple's, then you can get their age with a handful of requests. If one has to verify every visit, then you can get exact birthdate eventually.

If the one verifying has to pass data to the verifier site or the request to the verifier has any site/app/company-specific IDs (again, Apple), then you're leaking what you're visiting to the verifier.

And not to beat a dead horse, but as long as there are jurisdictions that don't require age verification in the world, children can easily use a free VPN or proxy to avoid checks altogether at which point, one has to ask, why do it at all?

It seems like this line of thinking would lead you to ask the same question of literally any law, wouldn't it?

Laws often don't rely on being 100%. Even though there is a law saying people need to wear a seat belt, they can just not wear it! So what's the point, &c, &c?

The correct flow for preserving anonymity is: the requesting party issues a challenge token to the user -- the token header describes the type of request (>=18yo?) and the token body is completely random(). The user then takes this token and has the challenge verified (signed) on their side, the signed token is then returned to the requester.

This way the state never knows the identity of the challenge issuer.

() Note that this scheme requires good faith on the part of the challenge issuer that the token body is actually random, although it would seem that a simple DH-key mechanism would patch this vulnerability.

There’s a video halfway down this page showing the process in Apple Wallet: https://learn.wallet.apple/id/ (notice “Age Over 21”)

With an eID card, if it's just saying "yes, this person is old enough" then any teen can swipe a device with an eID card and start using it.

If the only porn requires this, then the third party has a record of every single person who wants to view porn.

And the precision of one year is way too low.

If only this hadn't come out of the blue, maybe there'd be someone out there, right now, who could make it so that your identity traveled with you everywhere across the internet, an authentic digital fingerprint and passport so invisible that you can't even see or access it to keep people from having to prove themselves over and over and over again.

What a solution in search of a problem that would have been!

Right?

All of a sudden, the internet is incapable of tracking me with that much fidelity. They don't know how old I am. Discord knows how old I am. I never told them my birthday.

This gets a big "hrrrrrrr. Durrrrrrr." From me.

/s/s

parents should be able to access a (password protected) setting in any browser that can exclude some types of websites (like porn).

governments should be free to go after any website not respecting that setting.

but forcing the age-verification onto websites is just moronic.

Agree.

> parents should be able to access a (password protected) setting in any browser that can exclude some types of websites (like porn).

How would this work? Who's going to set up the taxonomy / classification tree for every domain/site on the internet just so a guardian can say "yes to drugs, no to porn, no to news, no to weapons..."?

Or if that's not the implementation, how would an arbitrary site signal to the browser what the age limit is? Once you move beyond a binary "require parent consent for $domain" flag, you're quickly approaching traditional parental control software.

I know I'm not the only one one this site that made a bit of spare $ back in the day helping kids at school go _around_ overbearing parental controls.

> I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description ["hard-core pornography"], and perhaps I could never succeed in intelligibly doing so. But I know it when I see it, and the motion picture involved in this case is not that.

0: https://en.wikipedia.org/wiki/I_know_it_when_I_see_it

This isn't really an answer, but the same problem exists with current age verification laws. I think the main difference with traditional parental control software is that the burden would be on the site maintainer to accurately report the appropriateness of their content. If not, they would be legally liable. Of course this introduces the problem that foreign entities not subject to the law are effectively exempt from the requirement.

What would reddit.com do?

> If not, they would be legally liable.

We already have CDA/230.

> Of course this introduces the problem that foreign entities not subject to the law are effectively exempt from the requirement.

And so this whole endeavor was just defeated with free trial to any of the _many_ VPN services out there. Even a genuinely incurious person will eventually trip over a free/cheap VPN offer just browsing youtube.

"have" is a bit ambiguous here. I assume you actually mean "have the government require"?

in other words, if I develop a browser, I could be fined or thrown in jail for not implementing your "default to blocking anything unlabeled" strategy?

since implementing a browser is a vast undertaking, what about if I maintained a fork of Chromium or Firefox that simply disabled that check?

we had this exact same debate 20ish years ago [0] except it was about the specter of TV piracy and file-sharing. the proposed solution was the same, though - require software that could be used for piracy to incorporate a specific check, and make it illegal to distribute software without that check. it was a terrible idea then, and remains a terrible idea now.

0: https://en.wikipedia.org/wiki/Broadcast_flag

We already have CDA/230

This doesn't solve the case for entities not subject to this law. They can just label their content as totally safe and not have to worry about penalties.

if it's illegal to show porn to minors, all a website should have to do to comply with the law is to send a header saying "this is porn" and leave it up to the browser to decide whether or not the human using the browser can see it or not.

I would think adblock lists are a pretty good example of similar efforts (that is, people classifying large amounts of random sites), so I don't think that would be impossible.

Such things don't need to be perfect, either - just good enough.

(I don't agree with age verification efforts or even parental control software; just pointing out it's not impossible)

Ok, what bucket(s) does reddit fall into?

> Such things don't need to be perfect, either - just good enough.

I think we disagree about how "good" this effort will be given that it's a supremely subjective task. Your porn is my sexual education and wellness material...

And if it's going to be down to individual parents to make the most appropriate choice for their kids, this whole thing is just regular parenting but with extra steps.

Well probably various. What is your point?

> it's a supremely subjective task

Yes, but this is beside my point. It can be good enough to meet people's subjective needs. All I meant was, solutions like this don't need to perfectly categorize every single site on the Internet to be good enough to be useful, for those who think such things are useful.

Pornhub knows they do not want to have trouble so they will respect the browser setting and not serve minors. There could be an institution that can receive complains about websites not using this API and those wbsites can be blocked from the country and fined if possible until they implement the API.

We need all mobile and desktop OSes to make it easy for parents to setup accounts for their children, the church could also educated the people instead of just complaining.

It is not perfect, soem clever kid can find a way to reset the BIOS/UEFI and install Ubuntu with a fake age on his PC , but most parents can feel safe and we would not have to show our ID card to Pornhub or even Steam because some game shows nipples and nipples are more dangerous in USA then nazi propaganda.

How about don’t give your children devices until they’re old enough for them. The kids of the rich are already mostly device free. Attention spans and eye contact shouldn’t be a privilege.

I had access to a computer since 14, my bother since 10, we are both OK.

My solution is to protect us the normal people from the extremists that want the government to protect their children, this solution is making the parent responsible if their children get access to bad websites or apps. But as I said is not 100% perfect.

But I agree that you should not give your child a device and at teh same time demand the government to do your job for you.

Benefits:

1. Orwellian abuse: No creepy-ass super-abuseable government panopticon knowing every goddamn service you've ever made an account on, with the ability to arbitrarily revoke them and/or block new ones.

2. Costs: The majority of the costs of creating and maintaining the system fall upon the people who actually use it and want it to exist, rather than a bunch of other adults across the globe.

3. Parent focus: Most enforcement exists in a physical realm where parents/guardians at least have a chance of understanding, monitoring, and managing it. "Little Timmy is using Daddy's phone" can be determined instantly at a glance.

4. Exceptions: If the child has some health-class homework and can't access the right Wikipedia pages anymore, the parent can easily grant exceptions and revoke them.

5. If someone's religion says that unclad ankles are smut, then their church can create their own site-rating-site and adherents configure their family's devices to it.

As always, parenting starts and stops with the parent. The internet should be open and if the child sees something that upsets them (or makes them question one of their assumptions), it's the parent's responsibility to cultivate an environment where the child feels comfortable talking about it with them.

It's about the only place it might have the intended effect anyway, and has the advantage of not enabling mass surveillance.

The data already exists, it's what bars use to scan IDs with handheld readers IIRC.

Sorta, yeah.

But the reason that works is because there's a human guarding the door that can assert that the hand presenting the ID is attached to a face that looks just like the one on the ID.

Otherwise a very smart 17 year old would just get their hands on the UUID or whatever for literally any ID that belongs to somebody that's 18+. Within _hours_ of this type of system going into effect, you'd have the age/id version of bugmenot.com

You rarely need anything approaching %100 compliance in order to have an effective policy, so if anything you're advocating for its effectiveness when you suggest the only people that would be in violation are the rare precocious kid.

On the internet, one smart 17 year old sets up im-old.lol and then every kid everywhere has a one-click age verification bypass and the service is run by an anon on a server outside the jurisdiction.

Sarcastically, yes :).

It's a reference to the "you must be over 18/21 to enter this porn/alcohol site" banners. Even a "smart" 17 year old will figure the banner out.

Operator: "let me take a look sir. It's probably a bug. It's definitely not the censorship metrics opaquely changing behind the scenes, sir."

One of the biggest problems that grows with each generation, is how do you get the youth to actually engage in constructive development of real skills? How do you get them to be interested in something that will be useful for society down the line? Quietly looking the other way while a statistical minority breaks some of the safety-rails of society basically solves that problem. Breaking the rules is cool. You're basically exploiting the rebellious nature of the youth to trick them into learning useful skillsets. So long as the hurdles to circumvent the rules remain reasonably involved to overcome, and the secret intention remains unspoken, you basically double up the rewards of the rules.

Moving the verification to sites also isn't going you any good, as the site owners could just move to more liberal countries.

You want a mandated block of government code in every browser?

You really see a world where such a law is passed and such browsers aren’t outlawed?

The other way to limit access to such browsers is penalties for users of those browsers. But that feels even less likely. Even if such a law were on the books, how would it be enforced? Either someone would have to report someone using an "illegal" browser or perhaps some method of fingerprinting that is somehow tied back to the actual user. Both of these seem far-fetched to me.

So perhaps such browsers would be outlawed, but I'm not sure it would practically do much.

So why are you for it if the solution isn't valid?

having a checkbox that corresponds to info passed with the HTTP requests is hardly something that requires a library or more than a few lines of code

Legal age verification in the browser means legislated code. Not line by line, necessarily, but state code in the browser.

When the CDA's porn provisions were struck down, the sort of industry argument was that they'd use the PICS site ratings and the content could be blocked in proxy/client side. This made a lot of sense in the context of the V-chip mandates of the 90's. AFAIK browsers stopped supporting this a long time back.

A child could borrow an adult's card, but then the items would be shipped to that adult's address which could make it hard for the child to get them without that adult noticing, and the purchase should show up on the next credit card statement further increasing the chances the adult will notice if the child is surreptitiously using the adult's credit card.

Maybe even require the listing on the credit card statement to have a prominent annotation stating that there were purchases of age restricted products that month.

This wouldn't stop all such purchases, but it should make it harder and it should make it easier for parents to find out that it is happening.

No method of age verification is entirely actuate. It seem a hardline stance that we can't think up a process that would allow for a reasonable level of accuracy with privacy. It could literally be drawing a usb token from a bucket full of them after a human at the DMV visually checks your license.

[1]: https://www.independent.co.uk/news/uk/home-news/porn-passes-...