> If there were honest intent, then the regs would be beefing up the "Parental Controls" mechanisms present in every major OS
Not everyone knows they exist, and there's a huge install base of older and/or cheaper devices that may not be getting updates that could be strengthened like this.
> Not only does this mechanism require zero involvement of an unrelated third party
But what if we do want to regulate the behaviour of those third parties? We know they've been cognisant of the harms and addictive behaviours their stuff promotes (see internal Meta research), and in fact seem to have designed for that. If the controls are only at the consumer side, are we not likely to see an arms race where they continue to try to addict kids around the controls?
You're also assuming a level of technical sophistication on the part of parents, voters and politicians that would necessarily lead them to come to the same conclusions as yourself about solutions. This may simply not be present.
This is what I mean by "good arguments that won't land". We can talk about how solutions should work, whether solutions can possibly work, and even make strong arguments that regulation in this area is wrong in and of itself. Jumping straight to "they're all liars and only want to spy on me" makes the entire thing look like a group of fringe nutters unable to take onboard how people (particularly non-tech people) feel.
> Not everyone knows they exist...
"Oddly", the laws that demand you enter your birthday (and will eventually demand you scan your ID) seem to require OS producers to make it so that users will not be ignorant of these new features. [0] I wonder if it's possible to do the same thing for Parental Controls...?
> ...there's a huge install base of older and/or cheaper devices that may not be getting updates that could be strengthened like this.
They're not going to be getting updated to be compliant with any of the new state (or Federal) user-identification regs, so I don't see what good-faith reason you could have for bringing them up.
> But what if we do want to regulate the behaviour of those third parties?
You use law and regulation? You mention nothing in your subsequent paragraphs that a "Papers, Please!" mechanism will prevent that a "Beefed-up and difficult-to-bypass Parent Controls" mechanism will not.
[0] For example, AB1043 says (among other things)
> You use law and regulation?
I mean, 'papers please' mechanisms are a type of law and regulation, we're arguing over what sort of law and regulation should be used, no?
In Australia, platforms are being regulated, the regulation says they must not allow under 16s to have accounts. How they achieve this is up to them to a large extent. "Papers-please" then is their doing. It's certainly not the only way things can be done - see anonymous credentials, verifiable credentials and other such schemes that don't involve showing your identification documents to everyone that asks.
> You mention nothing in your subsequent paragraphs that a "Papers, Please!" mechanism will prevent that a "Beefed-up and difficult-to-bypass Parent Controls" mechanism will not.
An arms race to work around the controls, which seems likely to me unless there is some sort of regulation on the service providers.
But either way, look at this! We're discussing how things might work, rather than dismissing things out of hand and impugning each others' motives. Going to the "Papers please" governments and parents in those populations, saying "Look, we understand there is concern and we think there's a better way", or even "We understand the concern but here's why acting on it in any way is a bad idea" is a lot better than "You're all evil and probably stupid".
> I mean, 'papers please' mechanisms are a type of law and regulation...
Yes, they are. I still have no idea how laws of the form "You must honor the signals you get from Beefed-Up Parental Controls and we fine or jail you if you do not" fails to constrain the behavior of US-based businesses. You seem to have an understanding of how it won't, so do let me know what I'm missing?
> An arms race to work around the controls,
Whether the arms race is server-side or client-side is irrelevant. If anything, I'd expect a client-side implementation to be far more robust... if for no other reason than because the private company that is contracted to implement and run a server-side implementation will cut every corner to improve their profit margins.
> In Australia...
Speaking from a civil-liberties perspective, Australia has been a shithole for a long time now. They can very safely be ignored by US parents and US lawmakers.
> "You're all evil and probably stupid".
The people who are pushing for these "Papers Please!" regs are evil. The lawmakers (and parents) who aren't asking "Wait, what about the existing Parental Controls mechanisms built into every major OS?" are stupid and -if that stupidity is willful- also evil. Those are plain facts. One is not obligated to be all niceys to people who are invested in tearing yet another chunk out of the vial organs of civic life.
> "You must honor the signals you get from Beefed-Up Parental Controls and we fine or jail you if you do not"
> If anything, I'd expect a client-side implementation to be far more robust...
You're not really describing a client-side solution, you're describing legislation of something like the old Do Not Track header, which is a server-side solution, and fines for services which don't respect it. In such a situation I would expect 'smart' firms like Meta to start finding just-this-side-of-legal ways to get kids hooked on their services. But I suppose the same is likely to happen with server-side-verified blocks on kids using services, Meta can spin up new services that don't quite meet the definition and try to work around it. I guess this is orthoganal to the method of blocking kids.
> from a civil-liberties perspective Australia has been a shithole for a long time now. They can very safely be ignored by US parents and US lawmakers.
Even though what they are doing is less "Papers please" and more "Services must verify, how it's done is up to you", which seems lower down your evil scale than the US states you're up in arms about?
Interesting take.
But again, this is fine, it's an exchange of ideas. You don't seem to be against age verification in principle, you're acknowledging that people want something done. The article and many commenters here are immediately writing off everything in this area as effectively a distraction from full monitoring of everything everyone does on the net.
So while we may disagree entirely on how to go about effecting any sort of solution, and we may not (honestly I'm not entirely averse to the parental controls idea), you're not dismissing the problem out of hand, and in general I have no quarrel with you or your approach.
> Even though what they are doing is...
I suppose you missed the part where I said
This "You must present ID to use a computer" shit is relatively new.> You're not really describing a client-side solution, you're describing legislation of something like the old Do Not Track header, which is a server-side solution...
Mmm. No, there are three systems being described here.
1) "Beefed up Parental Controls", where all service-restriction information is entered and stored client-side and sent server-side as needed.
2) "Age Please!", where a "guardian account" associates the birthdate/year of one or more users to their respective accounts using the client device. This information is entered and stored client-side and is sent server-side as needed.
3) "Papers Please!" -which is what #2 will become-, where a user uses their client device to photograph their government-issued photo ID to be sent to a third-party and processed server-side.
Because we're talking about accessing an Internet-hosted service, your apparent confusion about the need to send some information to the services servers is -itself- confusing.
> You don't seem to be against age verification in principle...
I'm 100% against it. I'm 100% for guardian-controlled content-restriction policies. I'm also completely fine with a "How old is your cutie? What things do you want them to not see or do?" wizard that populates those policies with some defaults that the guardian can fine-tune if they wish to.
> It's not even about being "all niceys" it's about recognising that the concern people have is genuinely held, and addressing it.
An equally important skill is recognizing when those concerns are not genuinely held. Anyone who should know about "Parental Controls" and chooses "Papers Please!" or "Age Please!" is evil. Lawmakers and regulators pushing for this stuff are in this bucket. Anyone who -once introduced to the concept- claims to see no world in which "Parental Controls" can be beefed up and also claims that "Age Please!" or "Papers Please!" is the only viable option is -at minimum- unrecoverably stupid, and is probably also evil.
> I suppose you missed the part where I said
The part that I quoted? That would be quite a feat. Either way I think it's definitely a choice to entirely ignore what a country is doing in this area due to historical reasons, when the country you're interested in making changes to appears to be doing worse.
> Mmm. No, there are three systems being described here.
There are more than three options here. Here are more possibilities (already in use in some places) -
4. Service providers make an informed guess about who might be a kid, based on usage patterns and scanning the pictures they've uploaded.
5. Anonymous credentials systems, as described in the link in my first post that you responded to.
Neither of these is a 'papers please' solution.
> your apparent confusion about the need to send some information to the services servers is -itself- confusing.
So you're also implicitly ignoring solution 6, which a lot of people elsewhere in this thread are arguing for, which is parents using existing parental control systems built into their devices, which work 100% client side?
> I'm 100% for guardian-controlled content-restriction policies.
That's age verification of a sort by the guardian, enforced server-side. So no, you're not against these systems in principle, you're just proposing a solution that you find palatable.
> Anyone who should know about "Parental Controls" and chooses "Papers Please!" or "Age Please!" is evil.
Why? Parental controls at the moment are patchy, poorly understood and certainly don't operate in the way you're proposing they should in future. It's easy to see why people might declare that such schemes are inadequate.
I am finding it very funny that you are determined to put yourself in the category of "People Nursie disagrees with because they dismiss the entire thing as a conspiracy", even while you're not actually doing that, you're arguing in good faith and I applaud it!
> So you're also implicitly ignoring solution 6, which a lot of people elsewhere in this thread are arguing for, which is parents using existing parental control systems built into their devices, which work 100% client side?
I'm 100% fine with those, but people report that they're "insufficient" for vague reasons. That's why I suggest we beef them up. Also...
> Why? Parental controls at the moment are patchy, poorly understood and certainly don't operate in the way you're proposing they should in future.
you seem to agree with the reports I'm hearing. That's why I suggest beefing them up.
> The part that I quoted? That would be quite a feat.
One that you managed, somehow. Gratz.
> ...they dismiss the entire thing as a conspiracy
Unless you're using the "Two or more people get together to plan something" definition of the word "conspiracy" -which happens to neatly cover planning to go to lunch-, I don't consider this to be a conspiracy. [0]
> There are more than three options here.
I was only discussing three, and I'm sure we can come up with way more than five in total, but sure, let's go.
> 4. Service providers make an informed guess...
That's happening now and has been for a while now. We all see how willing the larger operators are to rely on their guesses rather than relying on the judgment of a third-party. Having said that... when last I checked, 4chan was one of the operators who are doing the noble thing in the face of all this hysteria. [1] It sure is something when 4chan is on the right side of an issue and the big guys aren't.
> 5. Anonymous credentials systems...
They're absolutely not going to be anonymous in practice. As I mentioned earlier:
> That's age verification of a sort by the guardian...Absolutely not. Do explain where the restricted account has either its age, documents that contain its user's age, or documents that can be used to look up its user's age entered into it. A helpful hint is to ask yourself how you'd distinguish between the content restrictions set for a precocious eleven-year-old and those set for an adult suffering from both PTSD and advanced dementia who needs to be protected from both scammers and graphic depictions of sex and violence.
[0] Yes, I read ahead to the end of the sentence I quoted. The statement to which this footnote is attached is included for completeness' sake.
[1] <https://www.bbc.com/news/articles/c624330lg1ko>
> Unless you're using the "Two or more people get together to plan something" definition of the word "conspiracy" -which happens to neatly cover planning to go to lunch-, I don't consider this to be a conspiracy.
Yes that's the entire point of this whole thread, congrats for getting there in the end.
You don't consider this a conspiracy.
People like the article author do, and in doing so they miss the mark on having any effect on the wider conversation because they aren't willing to even acknowledge the existence of the problem. You are actually engaging with the topic and putting forwards ideas and engaging with solutions. You have thoughts about how something might be made to work. You are not who I1 am complaining about.
(As an aside, why not actually try reading the link about anonymous credentials? It's very informative and it shows you what's possible even if you're too cynical to believe anyone would ever implement it)