The application has access to your entire home folder, isn't that enough information?

Nobody stops the government from sending goons to your door right now for a snarky comment. Some govts in fact do it today. It is also cheaper than ai rocket and more precise too

>Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.

This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?

>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".

Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.

Luckily it was archived: https://web.archive.org/web/20260313125244/https://old.reddi...

Also on the wayback machine: https://web.archive.org/web/20260313090844/https://www.reddi...

I am from EU, and contrary to age verification laws in general.

My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.

Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS

Even with ZKP this is still highly problematic, it create difficulty for undocumented people to access the web, create ton of phishing opportunity, reinforce censorship on most site (as they will now all need to be minor compliant or need age verification), reinforce the chilling effect and make the web even less crawlable/archivable (or you need to give a valid citizen ID to your crawler/archiver).

With no proof it will protect anyone from proven harm.

No, the way to go is the California way. The device owner (root user) can enter the age of the user. Restrictions are applied based on that. Nothing is verified.

Zero-knowledge proofs are unworkable for age verification because they can't prevent use of somebody else's credentials.

Though the EU is at large keeping it's composure with this. My only criticism towards the EU as an EU citizen is how slow and bureaucratic the EU is and that decisions that should be made on the fly are dragged on forever.

That said, government agencies have been doing a terrible job at keeping the private information of citizens safe. But it is nowhere nearly as bad as the US. My best childhood friend died in very questionable circumstances in 2009 in the US in very questionable circumstances. He had a US citizenship and we never really found out what had happened(to the point where we never really got any definitive proof that he had died). But that didn't stop me from trying and I was blown away by the fact that I could log into a US government website, register with a burner mail, pay 2 bucks with an anonymous gift credit/debit card and get a scanned copy of his death certificate in my email. And I didn't even have to provide his passport/id/anything. Just his name.

Point is, the US has been terrible at privacy for as long as I can remember. It is probably worse now with Facebook and Ellison holding TikTok.

You are missing the point. The real purpose is to control the Internet and free speech. They've been trying this for ages. Now the excuse is protecting children. Soon terrorism will be back. And don't forget aոtisеmіtism, too.

Not exactly a good moment for this particular caste of politicians/elites to pretend they care about children's well-being!

The way to go for this kind of thing is to not go for this kind of thing at all.

> Zero-knowledge proofs are the way to go for this type of thing,

The benefit of zero-knowledge proofs is that the hide information about the ID and who it belongs to.

That’s also a limitation for how useful they are as an ID check mechanism. At the extreme, it reduces to “this user has access to an ID of someone 18+”. If there is truly a zero-knowledge construction using cryptographic primitives then the obvious next step is for someone to create an ad-supported web site where you click a button and they generate a zero-knowledge token from their ID for you to use. Zero knowledge means it can’t be traced back to them. The entire system is defeated.

This always attracts the rebuttal of “there will always be abuse, so what?” but when abuse becomes 1-click and accessible to every child who can Google, it’s not a little bit of abuse. It’s just security theater.

So the real cryptographic ID implementations make compromises to try to prevent this abuse. You might be limited to 3 tokens at a time and you have to request them from a central government mechanism which can log requests for rate limiting purposes. That’s better but the zero-knowledge part is starting to be weakened and now your interactions with private services require an interaction with a government server.

It’s just not a simple problem that can be solved with cryptographic primitives while also achieving the actual ID goals of these laws.

Seeming as this affect everyone .. Is there anything like and Open Collective .. grassroots consortium, to put together strong sensible zero-knowledge proof based policy examples that could be given to law-makers instead of this shadowy surveillance Trojan horse nonsense?

Two billion in lobbying. And the conclusion is that regulation is the problem?

it's not about protecting children. that's only the PR.

once you get this you stop asking why the tech details are the way they are.

"how terrible EU regulation is"

Judges in other countries (Texas) found out this kind of law was a violation of the Free Speech.

Since when Free Speech do not apply to -16y old?

Made laws are made, then killed by courts later one.

Not sure what the Gruber thing is about. I guess I lack context. But on ZKP, I will agree but add this:

The only authority that can be trusted to do age verification is the government.

You know, those people who give you birth certificates, passports, SSNs, driver's licenses, etc.

The idea that parental supervision here is sufficient has been shown to be wholly inadequate. I'm sorry but that train has sailed. Age verification is coming. It's just a question of who does it and what form it takes.

Take Youtube, for example. I think it should work like this:

1. If you're not of sufficient age, you simply don't see comments. At all;

2. Minors shouldn't see ads. At all;

3. Videos deemed to have age-restricted content should be visible;

4. If you're not logged in, you're treated as an age-restricted user; and

5. Viewing via a VPN means you need age verification regardless of your country of origin.

It's not perfect. It doesn't have to be.

I believe CFAA talks about exceeding authorization, not just typing in things that are not true.

Did that link just get taken down?

We're all going to have to use service accounts created on Windows Server 2003 or RHEL 4, otherwise they won't be old enough and will require manual login from an of-age administrator

In the CA bill, "User" means child. It's pretty clear that non-human users aren't covered and don't have to participate. E.g. the API can return N/A or any other value for non-humans. If there is a way to make the API applicable only to human children users, then it doesn't even need to be callable for other entities. E.g. on android, each app gets its own uid, so the unix user doesn't correspond to a child, so the API will instead (probably) be associated with another entity (e.g. their Google account, an android profile, or an android (non-unix) user)

Honestly what I hope is that if these bills pass, sysadmins just turn off any server that doesn't have attestation and go off to the beach to collect shells.

I wonder what made them do it. The conspiracy theorists are really going to enjoy this.

I probably don't have all the info on the various laws across the US and EU that are being pushed, but I'm confused why Linux distros don't just update their licensing and add a notice on the installation screen that it is illegal to run their OS in places where these laws exist?

Heck, Linus Torvalds should just add an amendment to the next release of the Linux Kernel that makes it illegal to use in any jurisdiction that requires age verification laws.

This would obviously cause such a massive disruption (especially in California) that the age laws would have to be rolled back immediately.

This seems like a no-brainer to me but I am admittedly ignorant on this situation. I'm sure there's a good reason why this isn't happening if anyone cares to explain.

> should turn itself off

If this was somehow introduced without anyone noticing and deployed, imagine the damage it would cause.

If we're fantasizing here, I like to imagine two major OS makers trying to comply these laws, fail miserably, and let FOSS OSes and kernels more recognition in the desktop market.

Honestly, like the Left-pad incident [1], getting things to go suddenly dark is extremely effective at getting people to drop everything else to fix an issue.

Ideally, getting these servers to auto turn off the day this goes into effect ("In compliance with this new law, Linux is now temporarily unusable. Please <call to action>.") would be glorious for getting the bill staved off, or killed.

It would hurt some productivity, but that is a risk these lawmakers taking donations are probably willing to make.

1 - https://en.wikipedia.org/wiki/Npm_left-pad_incident

Someone would just submit a patch overriding this

Microsoft would love that.

Obviously not a serious proposal, but I do like the alt mentioned below:

Update the terms to indicate that you can do what you want, but this OS is probably not compliant with states run by evil dipshits.

The wayback machine got it: https://web.archive.org/web/20260313090844/https://www.reddi...

that goes against the goals of the professional media organizations.

Which is strange, because it is widely known a large amount of their advertising revenue comes from fake accounts.

AI companies are also donating tens of millions to these PACs and others that are promoting age verification laws, it lets them sell AI content rating systems using their models.

I’m curious why Meta would benefit. Meta seems wholly unnecessary, the verification can be done at the OS level, completely in the hands of Apple/Alphabet and maybe Microsoft.

If anything, Meta’s utility would seem to shrink if the OS handles proof of being a real person.

This was the thing the saws-all (or whatever it was called, the brake that stops you from cutting your fingers off with the table saw) tried, right? I don't know if it succeeded but the idea was a government mandate for an otherwise good idea. Everyone then pays more.

Knowing what we know about the current environment, each company is going to start selling everything they know about you to anybody who's willing to pay. Enforcing privacy is hard not because it's not possible, but companies have greater financial incentives to just breach your privacy to track and manipulate us.

Christ on a crutch, had they donated $25k or something you'd figure it was just a rounding error, but why this much from a company that isn't profitable? This is doing nothing to disabuse me of my theory 90% of "Startup Culture" is just an excuse for rich people to move money around. "Need to get your stoned mope of a C student a head-start on a resume that will let him stay gainfully employed? Well, I just brokered a VC deal for these kids that want to throw micro-concerts in parking spaces, we'll get your boy in as Senior Music Programmer."

Download the source code and ISOs of distros without age gating and put them on durable media. Tell your friends about the issue and its implications (legislating how an OS works is a huge deal, is likely unconstitutional, and opens up the door to all kinds of future abusive laws). Find like minded people so if the worst happens you will have mutual support and can work together on circumvention of any future restrictions. Work on your C skills.

That is the most serious thing you can do, and the most effective.

Do you know how democracy works? There are these people called representatives. They are hired by you. They pass laws. They only get to continue having a job if people like you vote for them. When you tell them "I don't like the law you are passing", they are hearing "the people who hire me are angry with me". The more people that are angry at what they're doing, the more their job is at risk.

They do what the lobbyists say because somebody else is doing the work, and they get paid (by the lobbyist). But they won't have a job to get paid for if the voters don't vote for them again. So your entire defense against tyranny and bad laws is you speaking out. If you never talk to your reps (or vote), you're telling them you don't care what kind of government it is, and they really will do whatever they want.

You have to tell them how you feel, along with all the rest of us. That's the only power we have.

In addition to that, tell everyone you know. Your friends, family, coworkers, the dude running the local gas station. Explain to them why government-mandated surveillance of everything they do on a computer is a bad idea. Ask them to talk to their reps.

Do your homework, vote, and help inform other people so they vote too.

Isn't eIDAS the same technology stack that would put the government in total control of what websites you can view & what ones you can't?

https://en.wikipedia.org/wiki/Qualified_website_authenticati...

> Just another reminder of how we need to protect what we have in the EU (not a guarantee, but at least a chance of fair dealing and a sustained commitment to civic values).

What you have in the EU is this: https://noyb.eu/en/project/dpa/dpc-ireland

> Now that the mask has fully fallen, we have to take every step possible to root out American influence.

You have literal rogue states in your union that neutralize the entirety of it, as the above shows. It's a joke. The EU is a joke. A single country is enough to mean US tech can do whatever it wants, similarly a single other country is enough to mean Russia can largely do what it wants.

The others are of course in on it too. Which is why for all the empty EU talk on US big tech you've never heard them talk about the Irish DPA and what they all enable. Strange right? Would think that this would be a priority. But it shows that even if the rest weren't in on it, just one country would be enough. And it could even be a tiny place like Luxembourg.

Laws and regulations aren't worth the paper they're written on if they're not enforced. The current ones aren't enforced at all, why would any new ones be? Did you know that there was a long period where hosting European citizens' PII on US-controlled servers (like Amazon instances in Europe) was illegal, after the "Privacy Shield" was deemed unlawful? No one cared. Did you know that this is currently the case again, because the thing that replaced it has once again had its basis ripped out from under it by Trump? Once again, no one cares, and indeed EU governments and corporations are _still_ making migrations _to_ US clouds.

Not that it matters, within a few years RN will be running France and AfD will be running Germany and you don't have to pretend any more as the "mask will have fallen" just as much.

When a megacorp funds a network of non-profits to lobby a bunch of politicians, draft legislation, and tell them to take it to committee, that can happen without much visibility, especially when it's been orchestrated at the state level, as this has. Where does any of this show up until there's a vote called on it? There's no open debate. No working "across the aisle" to address concerns. There's nothing left of the legislative process that started this country, or, indeed, any Western representative democracy. So someone has to be watching, see something on an agenda that raises the hairs on their necks, figure out what it is, and if there's a story there, and they're not going to get any help from anyone because everyone involved knows how the public is going to feel about it. And then, as the article indicates, even a place like Reddit is going to astroturf the effort to get the story out. (Which I've been trying to point out for YEARS, but which -- surprise, surprise! -- gets supressed.)

Mainstream media is largely captured by the same monied interests as discussed in the reddit post. Although the poster does mention an article from Bloomberg as evidence, most of their sources are local outlets or tech-focused. https://github.com/upper-up/meta-lobbying-and-other-findings...

27 years against software patents in the EU, feeling the same unfortunately.

But sometimes very few people can make a difference.

i felt that.

Because they’re not really trying to protect kids.

Do you have a child? Because I think the device makers haven't really done a good job, there are just too many workarounds.

I think this is also a way of getting ahead of any “ban social media for teens and preteens” bills that might pop up in the US. They do not want repeats of Australia! By adding age verification into the operating system they can deflect responsibility but also respond to legislators with a scalpel rather than getting sledge-hammered.

I want age verification but not at the OS level.

https://web.archive.org/web/20260313125244/https://old.reddi...

They linked to this GitHub project: https://github.com/upper-up/meta-lobbying-and-other-findings

Also curious why it would be removed.

Time and time again it amazes me how incredibly cheap lobbied politicians are. They may be earning big sums for an individual, but if you go full corruption[1] to sell out a state or a country - sell it for a fair price.

I remember from peak net neutrality discussions during trump 1 maybe around 2017-2018 ant saw an article on theverge.com (that cannot find now) and biggest sum to individual politician was around $200k, when median values were much much lower.

Politicians are selling tens of billions of dollars (if not hundreds of billions) worth of revenue to ISPs for couple or dozen million. Literally 1000x return on investment (if successful).

I remember local politician (I am not from US) got caught taking 100k bribe from a company for helping with alleged highway construction procurement. Project was valued ~1B - 10 000x return on investment (if they wouldn't have been caught).

[1] I am sorry, not "corruption", but "lobbying".

We should ask ourselves why we continue to participate and perpetuate economic systems that result in levels of inequality so vast that they threaten control of our democracy.

> I don't understand why nobody in the comments is freaked out about this.

Because it's hopeless? It's been proven time and time again there's nothing the average person can do to fight this sort of thing.

It's just better to sit back and watch as everything gets ruined.

To me it feels that the age verfication (adult de-anonymisation) push, at least in Europe, is coming more from the increasingly-authoritarian left as a reaction to the rise of the online right and Musk's Twitter.

(Maybe some unspoken element of concern over social media bots, too - as they evolve from spamming copy+pasted comments to being near-indistinguisable from actual human accounts?)

Heritage has been laying waste to America my whole life. They basically planned all of Reagan's legislative agenda, too, just like Project 2025 is doing today. In very real ways, they and their vision are America (a system is what it does, not what it says it does).

That's what Washington and Brussels are about: lobbying capitals and buying influence over how laws are made.

Your take in this entire ends up with you blaming Bill Gates like some MAGA tinhat? The GOP are literally the cabal of pedophilic, privacy ending, freedom crushing elites you’re looking for and this is somehow your perspective?

It is interesting isn't it? Most of Europe has better internet access than the US for similar reasons: sensible regulation led to high competition.