UK.gov to make adults give credit card details for access to Facebook or TikTok
theregister.comThis needs to be seen in the context of the political situation in the UK. Boris Johnson, the current PM, is currently on this 9th and last political live. During the strictest period of lockdown, when UK citizens where not able to say goodbye to loved ones dying in hospitals, several parties were organised at his residence . It is alleged he attended two of them himself and was photographed drinking beer. In attempt to rescue his political career, he has announced several "red meat" measures and this appears to be one of them.
Over the years several attempts have been made to introduce this. Just like past attempts it will face a heavy lobby from the adult content industry and social media companies. More importantly this government will likely not be around long enough to actually introduce it (the consensus is that Boris will be gone after the May local elections). It will almost certainly drop off the radar of a subsequent government as there are much bigger and more important issues to tackle after Covid.
In the unlikely event it will get introduced, it will be delayed for years. For past measures Ofcom, the media regulator, was asked to classify all adult websites to determine if they fall in a category that requires age verification, and as you can imagine, this can take a while. In addition age verification is only required for websites that allow users to upload content, not commercially sourced content. There are endless loopholes here, however, likely adult websites will just block user content from UK visitors. It is not like there is a shortage of commercial content. Of course VPN providers will do well out of this too.
It's good not to underestimate the situation though - few things are as dangerous as a desperate government. If they can start wars to divert attention, they can certainly force bad laws. This goes double in the UK, where the executive is effectively all-powerful in practice since the Blair reforms.
> few things are as dangerous as a desperate government. If they can start wars to divert attention, they can certainly force bad laws
To support this, see Turkey and Russia for current examples.
The usual dying government cycles between "we are now super nationalistic and everyone who doesn't join us are terrorists" and "but think about the children!!11" like clockwork.
The damage these cause lives much longer than the creators. It totally makes sense to tread with care.
The Royal Fam still screen every bill before it is proposed.
The Queen rubber stamps everything that comes from parliament - no screening happens, ever. Unfortunately.
Every bill is screened before it is debated. If it contains anything that may effect the royal family, personally, then they must consent before it is debated.
https://www.theguardian.com/uk-news/2021/feb/08/royals-vette...
The most worrying thing about the political situation in the UK is that it is years ahead of other countries. I can see similar madness happen in the future in some EU countries, the script already exists. I think a country like NL can be a target. I think it's really worth the effort to analyse what happen in the UK over recent years and how we can learn from it
The UK and Australia take it in turns. One will introduce a bill, get it slapped down, then the other country uses those learnings to tweak the bill until its within the Overton window... and then it's law.
>More importantly this government will likely not be around long enough to actually introduce it
Don't worry. The next one is going to introduce it. Doesn't matter which party gets into power - one thing stays the same: The government/state always expands in scope.
I honestly don't care if my politicians have parties during covid. that seems like a really weird thing to complain about.
I don't think anybody actually cares the politicians have a party. The average person cares that politicians didn't follow the rules they passed while enforcing / attempting to enforce the rules on the average Joe.
Right answer! This is about signalling more than it's about the actual health details and people (rightfully?) are unhappy because leaders who make rules should follow them (right....?)
Frankly I think our politicians deserve a break and should be able to have a party to blow off steam once in a while, and I tolerate fairly modest violations of the lockdown policy.
I think a lot of people in other professions were also working hard, deserved a break and wanted to blow off steam, are you advocating for them to be allowed to ignore the law set down during pandemic too?
How much harder is it going to be to convince the public to follow rules/guidelines if we announce that certain groups can ignore parts of them?
Do you live in the UK? We had harsh, cruel, extended lockdowns. Like - no talking to friends on the street lockdowns. For like months at a time. Johnson, who subjected us to this, was having house parties the whole time. Most Brits would push the creep in front of a bus at this point.
My perception is that that's a position that most people would find weird.
The politicians in the UK have just slapped the harshest restrictions on people's liberties since (I assume) the world wars, and then they completely ignored them themselves.
People weren't able to attend loved ones funerals, but the politicians where having parties in their offices.
I'm intrigued to find out why you don't think this is a bad thing?
I don't think it's a bad thing, because it is what I expected. (Edit: what I meant is that it confirmed my belief in how things work, and did not assert a need to reexamine my mental model of politicians) And if this revelation goes some way to shaking people out of the naivety and blind conformity that were needed to support lockdowns, then that is ultimately a good thing.
For democracy to survive, people must sharpen their political antennae.
"Evil in the modern world is done neither by monsters not by bureaucrats, but by joiners. That evil originates in the neediness of lonely, alienated bourgeois people who live lives so devoid of higher meaning that they give themselves fully to movements" Helen Arendt after watching the Nazi trials.
I guess it boils down to how comfortable you are with hypocrisy and double standards.
What does your first point have to do with the second? Boris did a bad thing, so now everyone has to give Facebook their credit card? I don't get it.
Seems pretty clear to me. Boris did something that offended a certain segment, so he makes amends by creating the perception he is going to do something that segment approves of. At least that seems to be what is implied.
The noted point here is it likely won't happen, but the underlying goal of creating such perception may be achieved.
I thought it was implied that this was a distraction.
Gets people on both sides engaged and takes over the headlines and the hope is that it wipes partygate off the headlines and short term memory loss sets in and everyone forgets about partygate by election time.
Trump would just say something completely insane every other day to keep the headlines thrashing on nonsense to distract away from whatever else was going on.
Also think this is similar to the way that Klopp whines about the length of the grass after losses to keep media attention on what nonsense he's saying in pressers and off the performance of his players on the pitch.
I think it's more likely that Facebook is pushing this, as a means to get users to register their card info.
Well I'm not the one who made that assertion, I was just explaining what OP had wrote since the person above me didn't understand. I didn't mean to imply it was my opinion nor that it was likely.
Facebook still needs government's help to implement it, so there must be something in it for representatives if it's going to make it through. Seems doubtful Facebook can possibly pass a law on its own. And if Facebook wants to, they can easily require credit card without any law being passed; it's not illegal to require credit card to become a member of a website.
I'm pretty sure that it was the leader of the opposition who was photographed drinking beers with his colleagues during lockdown, and everyone seems to have bought the claim that was work related and therefore legal. Boris and his colleagues were drinking wine. The big reason that he's on his 9th and last political life is increasingly cynical attacks on him over the handling of Covid - for context, one of the most recent ones is accusing him of "wasting" billions of pounds on PPE because the government ended up buying more PPE than it actually ended up using and the price dropped since then. The consequences of undereestimating this or overestimating future availability are of course that doctors and nurses don't have the protection they need, and there were a bunch of earlier attacks on the government for not having a massive PPE stockpike (which would waste billions on PPE that'd just be thrown away). Even the nominally trusted and non-political BBC, which everyone thinks of as a government mouthpiece, ran with this and all the other attack lines, including stuff like lying about what South Korea had achieved with contact tracing to make the UK scheme sound like an expensive failure and Boris's bragging about it like lies. It's impossible to disentangle the anger over the parties from the misinformation people have been fed about the UK's Covid response; they seem closely intertwined in most people's thinking.
To give some further idea of how cynical all this is, the people who actually organised the supposed parties which are supposed to end Boris' career - the vast majority of which he doesn't even seem to have been involved in - are just scapegoats according to the media reporting, including the BBC. And at least one of the claimed parties Boris was involved was actually reported by a major newspaper the day after, back when lockdown was still on and people's relatives were still dying alone in hospital, and no-one seemed to conclude it was obviously an illegal party or even really care back then - and that was the one for Boris's birthday.
As to your first point, the police have completed an investigation into the beer in question and found no offence committed, so it's not the same as the 12 (IIRC) parties that happened at 10 downing street, currently under investigation by the met.
"if it was another..." is political fiction. The fact is that the leader of the opposition wasn't caught partying like a teenager on Ibiza on those days. We'll never know what would happen so lets not assume a different outcome by default.
In any case, this partygate looks to me like an excuse to push the dead weight out of the car when is not useful anymore.
If he were acting as a serious PM at the same time and taking smart actions, the event could be sold easily as 'diplomatic work', hanging up with the people that counts in the public interest and so, and nobody would bat an eye. Nobody. Is just that the videos are too damaging and that damage control train has passed yet.
> for context, one of the most recent ones is accusing him of "wasting" billions of pounds on PPE because the government ended up buying more PPE than it actually ended up using and the price dropped since then.
Ah, gotta love alternative takes on realities. Nah mate, the expensive PPE contracts went to friends and family of people in government. Ooh sure, these are just "cynical attacks" and in reality Boris and co are competent and non-corrupt people working so hard to serve the UK public.
No, it's in the fine print of some (though not all) of the media reporting - most of the "wasted" billions that made the news headlines in the UK was from the decrease in the market price of the stockpile: https://www.bbc.co.uk/news/uk-60176283 The next highest was items "unusable in the NHS", which is to say they're functional PPE but don't meet normal NHS standards - most countries ended up intentionally buying a lot of this because medical PPE was in massive short supply and there were similar non-medical items that were a lot better than nothing.
Really, the UK PPE acquistion was unremarkable aside from its speed - the government ended up buying PPE from basically everyone who could sell it to them, just like every other government that was taking Covid seriously. Some of those contracts inevitably went to friends of people in government (they're the party of big business after all) but there's no evidence that played any role in them being awarded the contracts, those people weren't the ones deciding who to award the contracts to, and those contracts don't seem to have fared any worse than any of the other PPE contracts. The speed was also impossible to disentangle from the perception of corruption, a lot of which came from not putting the contracts out to bid as usual.
(There was a really weird - and as it turns out probably illegal - VIP fast lane where people who got referred via an MPs got priority for being evaluated for PPE contracts. The weird thing is that the effective criteria to get onto the fast lane just seem to have been phoning or emailing your MP and pestering them, and that the politicians doing the referrals don't seem to have known about the fast lane. The one friend and donor of a senior member of government who got on the fast lane was also somehow referred by someone else entirely...)
Johnson will go down as one of the worst PM's in UK's history.
Under his leadership UK suffered immense damage and he dragged down political standards to an almost Trumpian level.
The PPE that was sourced was unusable and the deals were handed out to some Tory mates. Where was the due-diligence?
The police looked into Steir Karmer's beer case and concluded he didn't break the laws.
Compare that to the Tory's multiple parties.
The PM is under criminal investigation for crying out loud.
Why didn't he stop those parties he was at. As the leader he could have easily said this is not on and needs to be stopped now. He sets the tone.
He's a disgrace to the UK and can't lead. He's a lying narcissist who only cares about what's good for him. It's all about 'winning' and not actually thinking about how to improve the lives of people living in the UK.
The Johnson administration is a joke and needs to be replaced asap.
> I'm pretty sure that it was the leader of the opposition who was photographed drinking beers with his colleagues during lockdown, and everyone seems to have bought the claim that was work related and therefore legal.
Both were photographed with beer.
This is the photo of Keir Starmer: https://metro.co.uk/2022/02/07/keir-starmer-cleared-of-lockd...
The photo of Johnson is not AFAIK in public circulation; the police have it as part of the evidence they are currently investigating, in particular that this was part of his unlawful birthday celebration with his coworkers.
The picture in this article is not, I think, of this incident: https://www.theguardian.com/politics/2022/feb/04/police-have...
Starmer was having some drinks after a long day with his coworkers in the office - all was completely above board and vetted by the met police. This was a story thrown out by conservative outlets in a desperate attempt to distract from the real scandals of Boris going to full on Christmas parties that were prohibited under the laws his own government passed.
This is a good summary of the UK's Prime Minister's character.
Jonathan Pie: 'Boris Johnson Is a Liar' | NYT Opinion
People don’t realize how invasive the UK govt is when it comes to internet monitoring.
Today if you try to access adult content on a UK mobile device you get blocked by age verification. You have to call your mobile provider and prove your age (it’s a once-per-contract thing). One of the ways you can prove your age is with a credit card. But I imagine it’s a large deterrent because not many people want to call Vodafone and ask permission to look at pornography. They’d probably just rather get a VPN.
But I imagine it’s a large deterrent because not many people want to call Vodafone and ask permission to look at pornography.
True, and particularly galling when the content you want to look at is not porn but (say) the internet archive or opinion sites that weenies in the provider have deemed offensive.
I've had this happen when wanting to view US News Sites in the UK. Yes, they may well show photos of violence and wars. Sadly, this is still valid news.
But the verification process wanted my Driving License number, which I gave repeatedly, but which it never accepted.
I scrapped that mobile contract ("Three") as useless.
TIL why the internet archive wouldn’t load for me sometimes. I am so grateful for having being protected from the evils of the internet.
> not many people want to call Vodafone
No need to call, it's a switch in their app or website. It's the same for pretty much any provider.
The annoying part is that the switch tends to reset fairly often.
I’ve come to the realization I really should be using a VPN, for so many reasons. I really know nothing much them - any recommendations?
Mullvad seems to be the most popular recommendation on HN nowadays. A couple recent threads:
https://news.ycombinator.com/item?id=28551960
https://news.ycombinator.com/item?id=29903695
I've been using them for a while, very happy with it so far. Stable connection and high speeds - good enough that I often forget I have it on - and a nice selection of locations.
They even accept cash! Each account is just an ID so you can mail your account number and some money to them and payment will be processed.
Mozilla VPN also uses Mullvad's servers behind the scenes.
Open VPN on Digital Ocean Marketplace: https://marketplace.digitalocean.com/apps/openvpn-access-ser...
Vultr ( Cheapest $2.5/Month): https://www.vultr.com/marketplace/apps/openvpn Linode: https://www.linode.com/marketplace/apps/linode/openvpn/ Hetzern, or any other cheap VPS provider as your are not storing any data on it anyways so even it dies or corrupts it shouldn't be a problem.
Open VPN has a clients for every major platform: https://openvpn.net/vpn-client/
Make sure do your research about Open VPN and VPS before using any of it.
At this point one must assume that all traffic is monitored and stored, maybe it is or maybe it is not, but assume so. At least all metadata is stored for some time.
Using a VPN moves the point where this occurs and may obfuscate some things, but also realize that many VPNs are probably in some form associated with nation-states and therefore makes their job easier.
It depends on what your threat model is.
For example, my VPN is based in Thailand. For various legal reasons, it's very unlikely anything obtained by a nation-state actor in Thailand will be used for trivial stuff like, say, enforcing copyright legislation against individual consumers. Defense lawyers / barristers would have a field day. If you are planning terrorist acts, on the other hand...
I’ve been using Proton VPN with no major issues. Would be interesting to know what others here think of them.
Depending on your reasons, a seedbox that comes with built in vpn capabilities out of the box could be an option.
I pay €5/month to ultracc for a server I can torrent with. It just happens to come with a vpn installed as a bonus.
Mullvad is the same cost for just a vpn. I'm sure it's better in many ways that people will list below but for the purposes of getting around government internet blocks where you're not then expecting g men to kick in your door for getting around them, openvpn installed on whatever random server works fine.
To those in this thread saying it's just a toggle, have you actually tried the toggle? On giffgaff, for example, if you press the toggle it then asks you for your Driving License or Passport.
Porn and gambling (and possibly more - we filter and block 18+ sites, as classified by the BBFC British Board of Film Classification) is blocked on mobile data connections - as far as I can recall this has been the situation since the turn of the century.
In effect, this proposal already exists for mobile data connections. Add this to what is enabled by the snoopers charter, and the use of this information accross governement and it is a pretty grim state.
This triggered for me when trying to download a podcast from Hardcore Gaming 101. The detection is clearly very accurate and good. I had no shame disabling it.
This is not true – AFAIK literally every major mobile provide offers this as a simple on-off toggle in their app or on their account management site.
In my case I had to call. Maybe because I am not on a contract.
What is so wrong about watching porn?
I accidentally saw some pornography when I wasn't sexually active. I had no clue what was I looking at. I found it to be disgusting, like those extreme cancer photos, and didn't watch it again until many years later.
This isn’t quite right. The age verification is enforced on mobile networks, not devices.
I have a gut feeling this is a lead balloon, meant to be shot down so that other stuff can pass untouched. This type of bill is typically full of horrible little clauses that would never clear Parliament on their own, but if you bag enough of them together, pushing them all at the same time, eventually some will make it through.
I think you mean Lead Zeppelin...
uhm, no...? https://wordhistories.net/2021/09/20/lead-balloon/
It's a common idiom in political discourse. Or was this a bad joke?
The band Led Zeppelin is called that because keith moon(iirc) from the who said forming the supergroup "would work as well as a lead Zeppelin".
It was a historical joke :)
the band chose the name Led Zepplin as a pun on the phrase lead balloon.
That would be Led Zeppelin...
There was a thread about this yesterday [0], this is almost certainly not going to happen. I think based on the number of times they have tried to legislate for this, most recently in 2019, I would put the odds of it happening (even in a hamstrung way) at less than 10%.
Big company’s (Facebook, etc) will lobby against it, they will argue about what the threshold of requirement is. Then there is the logistics, privacy, security and cost factors. Not going to happen.
I believe this is all about making it look like politicians are doing “something” without actually doing anything.
The fact they keep trying despite repeatedly being humiliated by market realities, though, indicates the lobbying pressure by pro-censorship groups is quite high. This is bound to produce something eventually.
Are they being humiliated though? Feels like they get lots of press when announcing this kind of stuff which sits well with some target part of the electorate, then when the whole thing gets abandoned it happens with almost no attention. The current government seems to be well aware that most of the time announcing a policy has a much higher ROI than actually implementing one (cf all the times pre-existing spending commitments get recycled in new announcements)
But you can only perform this act so much before it wears out and backfires. See for example the recent defections of "red wall" Tory MPs after the announcements you mention - they know the situation is becoming indefensible in the eyes of their electorate, since they keep promising money which then fails to materialize.
Have they reached this point with the "online moral-indignation brigade" yet? Maybe not, but it's been 5 years since the Snoopers' Charter, I don't know how many since the porn-blocking promises and about 13 since the first pledges in this area by a Conservative party, with no significant progress to show for it. That's a lot of time even in political terms.
> announcing this kind of stuff which sits well with some target part of the electorate
I really dont see anyone in the electorate clamouring for any of this stuff. Announcing the same policy being told it is a shit idea and announcing it again 6 months later is much harder to sell than the recycled spending (which they tend to just lie and say it is in addition to the last lot they announced anyway). That said, the electorate dont actually care much (unless it is a penny off the price of a pint or something) so it is hardly a humiliation when these ideas go nowhere and it makes the government look busy.
I can only assume that the driver is the security services, or just recycling past homework to look busy. As noted in many other comments they try all sorts of seemingly stupid ideas in this space - banning all encryption has failed countless times, adult verification is already a thing on mobile networks, and logging every online activity has slipped through and passed.
If you say you're going to do this often enough, and keep getting thwarted for whatever reason, eventually you won't have much credibility with anyone.
Unless your constituents want this. In the US, humiliation from other districts doesn't mean anything as long as you keep being voted in.
It happened in the EU. Why wouldn't it happen in the UK?
What happened in the EU? You don't need a credit card to access porn or Facebook in the EU.
You need a credit card to watch age-restricted videos on YouTube.
Sorry, which videos? I mean it really, I'm from EU and have never found one. To watch some videos I have to login but have never ever asked me for a credit card that I recall. I'd like to know.
https://www.youtube.com/watch?v=c0LBi1MHoaU is age restricted :)
Blaming the EU is a common escape strategy, but I don't believe it in the slightest. Mind, I wouldn't believe anything coming out of the modern Google except "we want to make tracking you easier so we can sell more expensive ads".
Edit: if the evil EU "forced" them to require a credit card or my ID to watch Samuel L Jackson saying "motherfucker", why hasn't the same evil EU forced them to make it easy to opt out of all tracking?
Wow.Thank you. I have not found one of these before. Only some that asked me to log in but no one with these restrictions , even if I used Google pay in the past, many years ago, is asking me for a credit card after logging in.
Example: https://www.youtube.com/watch?v=o5GDrJEGkVk
I suppose if you have verified your age in the past (for example if you bought something from the play store?) then you can watch the video freely. Try and watch it while logged off.
Thank you. I have not found one of these before. Only some that asked me to log in but no one with these restrictions , even if I used Google pay in the past, many years ago, is asking me for a credit card after logging in.
It's a Google thing, in some cases ( probably A/B testing), and it has nothing to do with the EU.
No, it's not a Google thing. It was mandated by the EU. https://blog.youtube/news-and-events/using-technology-more-c...
It should be noted that this is also the case in the UK today.
is this true? did not know this…
Absolutely not.
Google's support page says otherwise
https://support.google.com/youtube/answer/10070779?hl=en-GB#...
This says ...or a valid id.... ,which is a lot more common than a credit card.
Credit cards in the EU are not very prominent as a payment method, mostly for paying USA companies.
This is basically the same as the UK proposal which the Register article is talking about - that's also credit card or valid ID, they just chose to focus on the credit card part in the article.
When I said credit card I thought it was obvious I meant that debit cards are also acceptable. Turns out it wasn't!
Even if you include debit cards, you're still wrong.
You don't need anything. At all. According to Google, in case they suspect you might be lying about your age, they _might_ require age verification. This can be done with a credit card or an ID card.
So no, you don't need a credit card to watch age-restricted videos. You don't need a debit card either. You probably don't even need an ID card or anything at all.
You don't need to be of legal age to get a debit card, but you do for a credit card, hence why credit cards are often used as age verification.
A valid ID or credit card. So you don't need a credit card.
I think the age restrictions are bullshit as well, try this userscript: https://github.com/zerodytrash/Simple-YouTube-Age-Restrictio...
One particular bit that tickles me about this is the mandatory credit card checks for age verification on porn sites.
Yesterday’s obvious attempt at fraud is tomorrow’s legal obligation, and the fraudsters are going to love it.
Indeed. You can tell a historically bad technical measure by the following phrase being repeated forever: ”we will never ask you for…”. I await this for credit cards.
Keeping credit card details will expose private companies to the requirements of PCI to store them. It's against those rules for private companies to keep the cardholder information connected to the card details like the PAN. The PANs aren't even allowed to be stored unencrypted and access to them is subject to PCI as well.
Plus it means that people that don't have those forms of identification will be restricted from using the internet. Libraries won't be able to offer a lot of services, the "unintended side effects" are enormous.
But never put it past this particular British government from establishing the very best in footguns.
Sure, let's give even more personal information to Big-Tech.
What could possibly go wrong... I don't expect Facebook or TikTok to oppose this very much, having credit cards on file is conveniently closer to making more money.
I'm not so sure. I think Facebook might oppose it on the grounds that there are large numbers of people on the cusp who may just abandon Facebook if they have to give their credit card details. Facebook is already haemorrhaging users, I don't think they will want any friction that may lose them more.
And they struggle enough as it is to attract younger users, credit card checks would completely kill the demographic for them.
There must be plenty of not-so-young people who don't have a credit card or passport.
Edit: the article says "Adults would be forced to enter personal information like passport or credit card details", so I guess other forms of ID with a date of birth would be accepted.
The government already have a GOV.UK Verify programme for identity assurance that they want to be funded by the private sector. They'll presumably just encourage people to use one of those private operators (currently Digidentity and Post Office) and maybe it'll encourage more operators to spring up.
See https://www.gov.uk/government/publications/introducing-govuk...
They screwed up that for me. I registered, worked with it for a few months (via Expedia, iirc), then they just said "sorry, we're disabling this for you" - probably because of Brexit, but who knows. Can I recover my account somehow? Who knows, I couldn't be arsed and just let my accountant do things for me.
Sorry for the late reply, but depending upon timing it might be because Experian dropped out of the programme.
> having credit cards on file is conveniently closer to making more money
It will be a drastic change to pivot the company from one where the customer is the product to the customer.
Credit card input also introduces friction and bounce rate of user signup. This would hurt Facebook's user growth and MAU KPIs
Facebook's customers are advertisers, not users.
You're right. I've been in the weeds analyzing the finances of tech companies where the users of the apps are actual customers, and the term 'user' weren't as nice
People already make accounts with phone numbers, I suspect credit cards won't be different.
The number of active credit card holders in the UK is somewhere in the 35 million range. The number of adults is somewhere over 56 million. There is quite a mismatch there. Unlike the US, owning a credit card is not standard for most people in the world.
People tend to get them for online shopping abroad, and for travels out of their currency zone as a back up.
It's credit card OR id though. People like Experian are already offering age verification systems that check passports, driving licences etc. The government also have their own GOV.UK Verify programme which has multiple providers which prove identity and thus age.
If you can login to your government tax account, or apply for a DBS, you'll be able to prove your identity.
I don’t know if a debit card counts, because they are 16+. Many of us took a while to move onto credit cards but still had access to cashless, online and overseas payment.
> I don’t know if a debit card counts, because they are 16+.
11+ with parental permission. I had one around that age.
It's a bit easier to memorize a phone number than a credit card number.
This feels like it could be resolved by technology.
I am happy to identify myself to government entity A to prove my age, but I don't want A to know what sites I visit.
I want to visit site B, but I don't want to identify myself.
Is there no API that will allow B to verify my age via A, without A finding out what site B is, and without B finding out anything more than my age bracket?
OAuth 2.0 resolves this. The government can be in control of maintaining citizens' identities and citizens can likewise request claims from the government's auth server regarding their age or any other matter.
That claim as a signed message can be provided to third-party services which need only validate the signed message using the public key associated with the secret key that signed the claim message.
I don't think oauth 2 would give the required privacy protection.
How would the flow go? Click on an age verification link on a site. It redirects to the gov site, where you authenticate and it returns a signed claim.
Now the government knows what sites you are visiting. Not something I suspect most people will want when accessing porn sites...
I refreshed my understanding of OAuth 2.0 and sure, its typical flows which are meant for convenience do not offer the level of privacy protection as you mention. But if we replace that convenience with some effort from the user, we can get the privacy protection as well.
The flow can be as follows:
The user authenticates itself via government's site and is presented with a page which lets them create government-signed messages using claims provided by the government.
The concerned site can generate a random string during their registration/verification process which they expect to be part of the signed message that the user is to provide them.
The user enters that random string on government's site and checks/selects the age claim for it to be included in the signed message. The government adds timestamp to it and a key id based on the private key which it used to sign the message.
The user posts the signed message on the concerned site during the registration/verification process. The site uses the government's well-known address to fetch the public key associated with the key id (mentioned in the signed message). It then uses the public key to verify the signed message alongside checking the timestamp for recency and presence of the exact random string in the signed message. Ultimately checking the age claim.
So now, instead of providing credit card details, the signed message was provided by the user which the concerned site can validate on its own without the government knowing.
Well, that technically works, but it's unusable. And you would have to do that for every site that requires age verification.
It's not really oauth 2 either, even though it re-uses bits of it. There is no "flow"!
A FOSS browser extension developed and maintained by a non-profit organization, vetted/audited by other trusted third party entities can facilitate convenience in this flow, bringing the overall experience closer to a desirable state.
The websites which are to be restricted by government-imposed legalities can expose the claims they need during their registration/verification process and the browser extension can automatically retrieve those claims alongside other details as mentioned previously, and can auto-fill on the website for the user.
Since this extension acts as the intermediary client, it knows the parties involved but it preserves user's privacy accordingly due to its vetted nature and as a FOSS application.
Of course, there will be concerns regarding pushing people to use such things but if legality can force people to give out their credit card details on certain websites, then it can also push for such user-focused convenience ways to enforce the legal matters. Whether it will really happen is not in our power but technically it is a resolvable matter as put forth by the original comment.
There are privacy preserving technologies that can do this.
See the work of Jan Camenisch for example: https://jan.camenisch.org
But I doubt anything so well thought out would be implemented for this. Current government suggestions are credit card checks, checking identity against government passport records, or your mobile phone service provider.
I don't even understand the mobile phone one. My son has a mobile phone, but I'm the account holder according to the phone company. He's too young to enter into contracts for a start!
This might be a more helpful link: https://en.m.wikipedia.org/wiki/Direct_Anonymous_Attestation
I'd suggest his other work on IdentityMixer is more relevant here.
https://hyperledger-fabric.readthedocs.io/en/release-1.3/ide...
DAA solves a different problem.
I suppose this would be a very neat usage of Zero-Knowledge Proofs.
If I can prove User is over 18 to App, without giving away who User is to App - that seems quite valuable. An "Ali Baba cave" for identity. (https://pages.cs.wisc.edu/~mkowalcz/628.pdf)
I believe they're talking about doing that, but contracting out to approved 3rd parties instead of the government for age verification. I still don't trust them to do it securely, and I worry deeply about the chilling effect it will have on the internet as a whole.
Pretty sure that’s already on its way. One way we avoid giving card details to untrustworthy sites is to use a third party verification service. Suspect that this is well enough known that the headline should be construed as clickbait.
How quickly people forget...
This is resolvable by technology only if your plan is to replace Chris Philp by OpenAI powered bill generator.
Oh no they’re not.
People will start buying shitty VPNs advertised on prime time TV instead and entirely side step the issue but create two more at the same time.
Think we need a new national anthem now along the lines of https://youtu.be/P1CyPjQQTAM
I would rather give facebook my credit card info than a shitty VPN my credit card info and my money.
Use code shittyVPN for 95% off our Best VPN in the World service for life.
Some people might, most won’t. Most under-18s certainly won’t.
Most people, under-18s or not, will download whatever comes first when looking for "free vpn" on the app store.
> and potentially any other platform where users can post their own content
So... the internet?
Easy solution … give up Facebook and TikTok and all the other social media addictions like a sane and healthy person. Social media is essentially the tobacco of today; a toxic, destructive, addictive force.
As with tobacco, giving it up is not as easy as saying it.
We can do without it if it was just switched off, but everyone else who is using it, is itself a reason to be part of it.
Is there really a lot of porn on those platforms? I would have expected porn to be forbidden by the content policies of any big service with user generated content, it's probably the easiest kind of abuse to automatically detect, and it's something the services are very motivated to keep out since they can't sell ads on that content. I have never heard of either of those platforms as having a reputation for hosting porn.
They are also talking about doing it for Reddit, which makes me really sad.
There is no “talking about doing it for Reddit” here. Targeting a measure like this at specific companies is all sorts of gross, it has to be a case of what’s good for the goose is good for the gander.
There’s no reasonable definition of who should and shouldn’t be affected by this where Facebook has to comply but Reddit doesn’t.
The reasonable basis is that Facebook have consistently shown themselves to be a bad actor. I'm not arguing that age checks are a good thing, just that I don't see a reason why the law can't explicitly target companies that are detrimental to society. You might then argue Reddit should also be included for similar reasons.
I would suggest this is generally better than an attempt to codify in law some kind of definition of what companies should be covered.
In pre-Brexit Britain we were promised less friction on the internet because we wouldn't have to accept cookies [1].
Who would have thought there would be more friction for just about every part of British life? /s
[1] https://preprod.metro.co.uk/2021/08/27/no-more-cookie-pop-up...
I get your dislike of Brexit (and such sentiments get votes on HN) but this isn’t ‘friction because of Brexit’ - a post Brexit government could choose to not do this at all, or choose to implement something better.
It’s just an implementation of a crappy idea by a crappy government.
Setting aside Brexit itself, the government currently in power were elected partly on promises to cut such friction, not increase it.
But yeah, it's a crappy, incompetent government who are currently announcing all kinds of badly thought out populist ideas to distract attention from the trouble their leader is in.
Hah the irony of clicking that link!
Age verification is to Tories as abortion is to Republicans.
I would rather my passport number to be honest.
Oi, you got a loicense for that smut?
I don’t care for porn as the motivator, but social media should be absolutely unavailable to children.
I don’t know.
Wireless radio (it will mean mothers no longer sing to their children), various genres of music over the years (will harm development of children), newspapers (in the 30s there was an obsession with young men reading newspapers rather than talking to their colleagues or family, like a mobile phone concern but in the 30s - if you Google this story you can find some impressive pictures of lines of men waiting at a bus stop and every single one is reading a newspaper).
It wouldn’t surprise me if kids are better adjusted to social media than adults. The kids don’t need to go through a readjustment period of trying to convert their expectations to the new reality.
Kids will still bully each other with or without social media. There will Still exist dangers which can’t be controlled without active parenting and an attentive society.
I see the attraction of banning social media below a certain age but i can’t help think that open discussion with kids would be far more effective.
Young victims of schoolyard bullying could in the past retreat to safe spaces - a friend’s house, a favorite art or music teacher’s classroom, the computer club. Today, the bullies are posting cruel messages and media about you in huge group chats and creating fake social media accounts under your name to embarrass you. The abuse follows them into their bedrooms. There’s literally nowhere for them to go to hide. This is why tween suicide rates are skyrocketing, especially for girls.
>> Young victims of schoolyard bullying could in the past retreat to safe spaces
I don't think you meant it this way but what you're saying there is that victims of bullying who have been physically harmed in school yards could have just retreated to a safe space and avoided it. Clearly that's not true. I don't think you meant that but the words you've used are clearly wrong.
The one advantage of social media is that it does have an off button, in a way that the bully screaming in your face in the lunch hall queue does not.
>> This is why tween suicide rates are skyrocketing
I'm sure it's a contributing factor but this is just a statement we can't back up other than with faith that we think we understand what's happening. The truth is we don't fully understand.
>> to embarrass you
It is definitely a viable medium for bullys to harm victims. What i'm getting at is the problem is the bullying rather than the medium. If you play whackamole with all the ways a person can persecute another, you'll never solve it.
We don’t need to guess. It’s been well studied and reviewed. Social media is extremely harmful for children, and especially young girls.
It’s also extremely harmful for adults, but adults can make their own decisions.
This would be amazing in the US
Thankfully, there is 0% chance of this happening in America.
For Facebook or TikTok it's a sensible move because they are social networks trying to connect natural persons. Not just child protection as mentioned in the article but ecommerce scams, misinformation, catfishing or botting would be cut down if you could verify that the online identity represents who it claims it does.
It would be good though if there is some identity standard across platforms rather than the existing patchwork solutions that exclude people without say, credit cards. Digital ID systems like in South Korea or Taiwan seem good because they're uniform across the country and comparable to national ids.
What you are suggesting wouldn't help improve those situations, and in fact will likely make them worse. Governments and companies have been historically bad at protecting information. Companies will see it as an opportunity, governments will abuse it and the user will end up just having more information online for people to use against them. So called misinformation will change in definition to only support government-approved talking points. Before you know it, disagreeing with your government and pointing out lies will just cause them to say they have a reason now to use the information you provided to go after you and try to ruin your life. Employees and government agents will now have a plethora of more data to do lookups on their exes, enemies, etc. It is bad all around.
That's a slippery slope argument if I've ever seen one.