I was sitting in a room the other day with a young adult, we were searching for additional algorithm learning materials. They searched in Google, and accept the cookies. They clicked on a website, and accepted those cookies too. They then started entering their email address to access another service. I was completely taken aback.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
I am in my mid forties, been working as a professional software developer for over 20 years.
I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.
What “dark pattern cookie trick” are you worried about? I just can’t come up with a scenario where it will actually harm me in any way. All the examples I have heard are either completely implausible, don’t actually seem that bad to me, or are things that are trivially easy to do even without any cookies.
Now, I am not going around giving my real email out to random sites, though, although even that doesn’t strike me as particularly dangerous. I already get infinite spam, and I am sure there are millions of other ways to get my email address… it is supposed to be something you give out, after all.
I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive, but I just have not yet been convinced I should actually care.
First of all, if you don't practice any tracking limitation, you're almost certainly giving additional parties (directly or otherwise) access to your personal information. This is marketing data brokerage, this is the whole ballgame.
To your point about the actual harm, I've come to see it as a kind of ecological problem. Wasting energy and sending more trash to a landfill doesn't harm me individually, at least not immediately. But it does harm in aggregate, and it is probably directly related to other general harms, like overall health outcomes, efficiency, energy costs, etc.
No, accepting cookies by itself may not do much to me, but the broader surveillance and attention economy that relies on such apathy certainly has.
I think he is referring to how some have an "Accept cookies" and a cookie's settings, but to reject cookies you have to open a separate dialog box. I agree, and I think it is so wild that people would give their actual email to random sites.
I'm worried about my browsing to be tracked across the entire internet for the purposes of marketers to "enrich" my profile... just to sell me more and to sell that data to third-parties who can make all sorts of decisions based on a made up story about who I am, my preferences, my values and whatnot.
there's a reason I don't walk around naked either. it wouldn't hurt me, but I don't need that kind of exposure for no upside
I'm the same, (well, mid thirties, and over a decade) but I always click accept for cookies.
The only times I've stopped, or tried to deny it is with the recent thing I've seen from some sites that say "accept cookies or pay money". I think that is scummy, and against what these regulations require, so I'll usually just close the site in that case.
Oh and to address the point from the main article, I think I'm unfortunately beholden to more companies, but would strongly prefer to not verify my identity, because I have little to no trust in the companies to safeguard my actual personal data. (rather than inferred cookie tracking data, which they can have imo).
I would imagine it's the GDPR "ACCEPT ALL COOKIES" in big font and then in very small low contrast text "select some cookies" or "reject cookies" that they were describing.
> It is the young people that are growing up conditioned to press accept
It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy.
It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them.
The problem is, we haven't really created a safer world. We created an illusion of safety by taking away agency.
We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught.
Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety.
They'd just click it away every time, when my nephew got a gaming laptop he'd play mindcraft and the windows sticky keys popup would be firing constantly must have seen him dismiss it 15 times before I offered to show him how to get rid of it.
Growing up I had a "computing" class in high school. It's where I learned to type, but also learned the basics of using both macOS(9 at the time) and Windows.
It was also drilled into me that the default state of anything on the internet is to be untrusted and potentially harmful.
It also helped that you could actually tinker with things, and there were plenty of foot guns around to drill that lesson home.
Somewhere along the way that message got lost and didn't get communicated to the young ones, and I'm not even that old (38).
People are also struggling to think about what is computed or stored where or what different wireless interfaces do. Imagine what sort of data people enter into LLMs!
That's an exaggeration. Young people on average have grown up with drastically greater understanding of what a file is than any other generation that has come before them. They grew up using Chromebooks or laptops in school, constantly interacting with the local file systems, uploading files to Instagram and TikTok from the file systems on their smartphones, browsing their phones for files constantly. They know what a file is, they use & manage files more than any other generation prior.
No other prior generation comes close.
Compare them to people growing up in the 1980s. The average person at that time was overwhelmingly oblivious to computing very broadly, their grasp of a "file" as a concept would have been close to non-existent. That was just 40 years ago.
In the mid 1980s a mere 10% of US households had home computers. And that was a high mark globally, it was drastically lower in nearly every other country (closer to zero in eg China, India at that time). The number of people routinely using office PCs was still extremely low.
Today young people have a computer in their hand for hours each day, and they knowingly manage files throughout the day.
I use lights every day, but I know way less about electricity than my grandparents, two of whom who could remember when their town was electrified as children and who therefore treated it as the marvel it truly is. And also because we've worked out a ton of bugs in electricity and it often just works.
My kids will know way less about filesystems than I do, because I had to learn DOS commands to navigate around the operating system if I wanted to play computer games, which led to a lifelong interest in how computers actually work at a level they can (and, so far, do) happily ignore.
You don’t upload a “file” in a “folder” to TikTok. You upload a “video” from your “library”. Consumers have been conditioned to stop thinking about files especially when it comes to media since iTunes and the iPod in 2001.
> They grew up using Chromebooks … in school, constantly interacting with the local file systems
While it is possible to interact with the local file system on a school Chromebook, it’s certainly not the default. School interactions with Chromebooks seem to consist of logging with highly secure passwords like “strawberry” and using Google Docs. And playing games with heavy PvP components and paid DLC (paid by parents whose kids beg for it, not by schools) that call themselves “educational” because they interject math problems needed to use those juicy spells, make no effort whatsoever to teach anything, but produce a nicely formatted report correlating scores to numbered elements of the Common Core standards.
There may be some demographic groups located between people who were young during the 1980s and people who are young during the 2020s, time periods which are 40 years apart.
Maybe they do more intuitively think of things as virtual objects, but it seems like the issue is they don't have a deeper understanding of how the mechanisms behind the abstractions work and can easily get fooled into accepting terms they wouldn't if they properly understood.
> easily get fooled into accepting terms they wouldn't if they properly understood.
And easily get sold add-on services. How many people hit the 5GB iCloud limit for backups and just pay without stopping to think that it might be possible to do local backups to your computer and you don't really have to pay for extra storage?
Just hit them with the scary language "You are at risk of losing your photos forever if you don't pay!" because that concept of "Oh, photos are just files in a directory and I can copy those anywhere I want" doesn't exist. To many, those photos are part of the gallery app, not a separate file from it and since that app only runs on the phone, surely it must not be possible to copy them anywhere unless I pay for the storage.
> drastically greater understanding of what a file
No, they do not. First, simply using something does not mean you understand it at all. Secondly, because the devices they've become the most accustomed to work very hard to hide all those details from the user.
And yet, it's the generation that struggles the most with managing files on their work laptops and on SMB shares.
They know app silos, not file system hierarchy. Ask a teenager where a file is on their phone and the will tell you the name of an app. Ask them how to copy it somewhere else, and they'll use the share sheet and send it to another app.
To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions.
The only way to get, e. G., an attachment downloaded via Thunderbird to a PC or another app is the share dialogue. A user does not access to the isolated app storage by default on an unrooted Android phone. For better or worse the young user is actually making the right choice here for their platform.
(This is also why making a backup of an Android phone is a nightmare when you aren't using a first party option. ADB is sometimes able to bypass it)
True, it's all abstracted away and you don't even get access, but that's part of the problem. We (the industry) are teaching people that proprietary formats inside of app silos are the only way to store your data, making the default state being no control over your own stuff.
Note taking apps are a prime example of this, using a proprietary localdb for notes, inside of app storage you can't access, forcing you to transact with your own data exclusively through the app (and whatever subscriptions or upcharges that come with it). We've trained out the idea that these could just be local text files in a directory you can access and do with what you want.
I've watched discussions around open file formats fade away into obscurity along with the rise of mobile, and now we have to fight on whether we should be so graciously allowed to install software on the devices we own or not.
Not everyone needs to be a computer science student, but some basic level of curiosity or education around how tech works should be required in school, at the very least a warning message of "Your data isn't safe if it's not under your control."
That's exactly the problem. Digital natives have, by and large, grown up with computing devices which try their best to be the opposite of general-purpose: their skills are siloed to the few apps they rely on, and e.g. files, keyboard shortcuts, the command prompt are not part of the "API" they learned.
I mean on iOS you do have a raw home storage path you can save arbitrary binary data stuff to, although Apple generally just has the option of "Save to Files"--but you have at least some basic folder structure there you can use and have full access to.
It's just not commonly used for the reason the other person mentioned (share buttons between apps that are file type aware)
> They know what a file is, they use & manage files more than any other generation prior.
Unfortunately, they don't.
They might have had a computer in their hand for hours each day, but they barely know anything about it. The ones who do tend to be those who grew up playing on PC, as opposed to console or mobile, because the latter - despite falling under the "digital natives" aegis - are really shockingly ignorant of even basic concepts.
That's also a stereotype. Gen Z (born 1997 to 2012) is roughly 2 billion people. Among them are the technorati, and the tech literate. The influencers and the influenced. It's fair to compare what was available to them growing up, vs yourself (I learned to program before there was Google), but it's hard to say things that are going to be universally true across that many humans that are interesting. Most of them will have two arms and two legs but will most be able to navigate /etc/systemd/user/? Can't say.
I remember when it first became widely known that the government could see your library checkouts. People protested. It was a big deal in my tiny town.
I don't even think it would be even a blip on the radar now.
It really is depressing how much ground we've given.
I was just talking about this the other day. This all happened right after 9/11(nevr 4get) and people were fucking PISSED that the patriot act wanted to look at people's library histories. It was a HUGE deal where I lived. Now? Nobody gives a shit and people will trade away their valuable privacy for an IQ test.
My local library is run by the county government, so of course the government can see the checkouts, they are the ones I check the book out from. But they restrict checkout information from others. For example, a parent can see the checkouts of their own children, but not after they turn 13.
Perhaps you're talking about subpoenas? Checking some other libraries I see SF Public Library has some discussion about that, but they delete books from your checkout history once they are returned. https://sfpl.org/about-us/confidentiality-and-usa-patriot-ac...
It's not just cookies, it's explicit consent to track you, and sell your browsing history to ~1500 spy companies around the world.
To the sibling comments: don't "accept the cookies" and then delete them.
- - -
I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Safari’s extension model could be really good by now, had they not stopped putting effort into it. You are able to define which extensions have access to which websites, and if that applies always or only in non-Private¹ mode. You can also easily allow an extension access for one day on one website.
But there are couple of things I find subpar:
You can’t import/export a list of website permissions. For a couple of extensions I’d like to say “you have access to every website, except this narrow list” and be able to edit that list and share it between extensions.
On iOS, the only way to explicitly deny website access in an extension’s permissions is to first allow it, then change the configuration to deny. This is bonkers. As per the example above, to allow an extension access to everything except a narrow list of websites is to first allow access to all of them.
Finally, these permissions do not sync between macOS and iOS, which increases the maintenance burden.
Not just the web. Last time I installed Backdrops on my phone (a nice wallpaper app), you would literally approve hundreds of uses of your data when you press Consent. Even if you choose to manage choices, 200 'legitimate interest' options are enabled by default. Even when you are a paying Pro user. Data used includes location data.
What makes it worse is that a substantial portion of users block web trackers through an adblocker. However on phones, unless you have a rooted phone or use some DNS-based blocker, all these analytics get uploaded without restraint.
Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Some browsers (e.g. Vanadium, Vivaldi) have a built-in adblocker, so you have to trust one party less.
They can always "access the network" in that the extension developer can push static updates for things like ad block lists or security updates.
It might be possible to have "read only" cross-tab access include automation APIs like keyboard + mouse, with user prompting to prevent data exfiltration.
> How would you implement ability to arbitrarily block any network connection on any website without giving an extension 100% access?
Browsers should provide a filtering option before they makes a request.
IMO a lot of no-brainer options are missing from personal computers. Like the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux). Browsers should provide the ability to inspect, and filter network access, run custom javascript on websites, etc.
We do sort of have that with the capabilities stuff (although I admit hardly anyone knows how to use it).
But the tricky part is that "reading files" is done all the time in ways you might not think of as "reading files". For example loading dynamic libraries involves reading files. Making network connections involves reading files (resolv.conf, hosts). Formatting text for a specific locale involves reading files. Working out the timezone involves reading files.
Even just echoing "hello" to the terminal involves reading files:
What would a safe extension model look like to you?
At some point, you have to implicitly trust someone unless you audit every line of code (or write it yourself) and build everything from source that you run.
This is a solved problem for at least ad blockers for over a decade on iOS. The ad blocking extension gives Safari a list of URLs and regex expressions to block
No, it's a solved problem for ad blockers, a very specific problem case that extensions have traditionally solved. But the entire concept of extensions is far greater than just "ad blockers", although that's the use case for which 99.9% of people have used them for.
I do this, more or less, although I am a bit older. It's not as if I enter my real name, address, or email at every opportunity, but there is really no perceptible feedback loop that would force one to contemplate the consequences. I visit my local news site and the first thing I see is a massive cookie banner which lists over a thousand third-party vendors and asks me to either "Accept all", or if I am being prudent, click adjacent button called "Choose" to go to another page, then manually untick dozens of tracker categories, and then click "Allow selection". Whatever I chose, it wouldn't have any tangible impact on my life. I simply do not care.
With uBlock Origin, you would not see such popups.
Also, it may not have an impact on your life, but it sure as hell has an impact on adtech guys' pockets.
Most doesn't event know what cookies too. In fact, most doesn't put extra thought into the things they are clicking/accepting on web.
Because of this, I found it odd that the regulation allows displaying the accept cookies button. Instead, it should be rejecting cookies by default and a separate flow to accept tracking cookies (e.g. via account settings page)
People around me (including engineers) all casually use things like Alexa, Google Home, Ring, Nest, Chrome, are always signed into Google, have all sorts of apps installed on their phones, and have no problems giving up their phone numbers to services for verification. It's crazy.
Accept the cookies and flush them out every time you close the browser. I think it would be naive anyway to assume that clicking no on a cookie banner would achieve much for your privacy.
So-called "cookie banners" usually ask for your consent to much more than optional tracking cookies. By accepting you might be giving your permission to e.g. track you through various fingerprinting methods, build a profile and share it with advertising partners.
Because in some legal systems you're required to ask. You're also required to follow fairly specific rules relates to the user's selection and data, though I can't imagine enforcement keeps up with websites breaking those laws.
How so? The law doesn't require cookie banners.
However, you could argue that tracking/advertisement cookies should have been banned completely and that the law is flawed in that it allows for tracking given user "consent".
I doubt the average person even reads those. They are just "the thing you must click to get on with things". How many of those does a person even see in a day across all software and websites wanting to pop up with some garbage you do not care about?
> It is the young people that are growing up conditioned to press accept
There is a similar story with Ford and how they build pavement everywhere and taught the young population that roads are for cars. Now we have to drive for 10 minutes to get from one shop on the plaza to another shop on the different plaza.
It was the bikes who fought for pavement everywhere. Cars took it all over. Mud is annoying to walk it, but otherwise humans handle bare dirt just fine.
That all random game and messaging sites now wants my kids' passport uploaded to some random 'id verification company' is madness.
But now instead, my 11 year old's Roblox thinks she is 18 because she wore glasses in their age verification webcam tool. And it can't be changed unless she uploads a passport, which I will never allow.
Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
Does it even actually matter what you do? How many lawsuits/investigations have there been in the last decade revealing that some company or another that swore up and down was following privacy laws, protecting your data, and not selling it actually were. I'm at the point where I figure anyone who wants to track me is, and any privacy pop-ups or the like are just for show.
People are getting brainwashed into giving away information on the web and real life.
In the US it's not rare to link accounts through phone numbers that are required in web forms and store memberships.
In Chile they started asking for your National Id with so many stupid pretexts that people got conditioned into just giving it away. It wasn't like this 10yrs ago. I'd rather have membership numbers.
It's technically public information, so collecting Ids is legal, but it's also a universal primary key within the country that allows merging any user-related table you run into.
Retail says it's just to associate it with receipts in case you need that later, but I'd rather just get a photo of the printed receipt for later than rely on them to find my receipt. Supermarkets, Drug stores, and petrol stations tie it to (possible) discounts or points at check-out, which is price discrimination and it's illegal, but we are in our way to get surge pricing as soon as the new US bootlicker president begins his period next week.
It's been done for about a generation or two, and that's what people don't seem to realize.
In the early aughts I was sitting in on privacy discussions that reluctantly acknowledged that regardless of what we do online, surveys showed you could offer someone at the mall a free Snickers and they'd fill out the whole form.
The perceived cost to the individual of divulging their personal data is near zero; dangling nearly any incentive in front of them will induce them to let it go. And that's not a new phenomenon.
The fact that you think declining the cookies gets you privacy is the real grift. The fact that you think you're safe from tracking because of a cookie banner
I've been saying this for years. GDPR and Cookie Law were created for big corporations to legitimise data trade where before it was grey area. Now they get consent as people blindly click accept and they can make money. It was never about privacy.
I'm pretty old and was the same as you for about five years, but now I just tick anything, much like the young adults. If they want my info, they can have it. I've not heard a convincing explanation why I, personally, should care
I'm fine with providing my identity for online banking and other finance platforms for legal & taxation purposes.
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
The problem is those self-same authoritarian strongmen are very successfully using sockpuppeting to change national discourses in ways that benefit them and are detrimental to the targeted countries. Hybrid war is real and has been ongoing for more than a decade. LLMs make it way more cost effective.
Being able to limit the influence of external bad actors is the main goal of ID verification. Age verification is a useful side effect that makes it easier to sell to the general public.
Big Tech has had at least a decade to fix this, did nothing of note, and is all out of ideas. Privacy advocates had the same time to figure out a "least bad" technical solution, but got so obsessed with railing against it happening at all, that nothing got any traction.
So governments are here to legislate, for better or worse. They know it's a trade-off between being undermined by external forces vs. the systems being abused by future governments, but their take is that a future authoritarian government will end up implementing something similar anyway.
Do you truly believe that ID "verification" will do anything in a world where IDs are leaked by the tens of thousands to the millions?
You are shifting the onus on to the platforms, when the problem is pretty simple; with a few exceptions, we've failed as a species to learn how to think.
Also do you think that the TLAs don't know who the bots most likely are with all the surveillance data they're gathering? That the NSA doesn't have detailed telemetry of the surveillance ops??
Let me ask you the question, what have they done about it? And why not?
I would say the time to buy mesh networking equipment is now. But it's not like I'm capable of defending the transmitter. So when they come for the VPNs, the VPSs, and encryption, I guess I'll just be out of luck.
(Out of luck = resigned to zero digital privacy. No matter I follow the law and “have nothing to hide” of course.)
Perhaps people will pass flash drives like North Korea or Cuba?
People trade away longevity for short term convenience. Then when that convenience is shown to be bad/unhealthy people refuse to give up that convenience.
So many aspects of our lives are like this now. People just accept defeat cuz it would mean giving up one click ordering or free return shipping or they might have to look at labels to avoid bad companies.
Honestly I think these age verification laws are blunt instruments responding to the decade of avoided moderation the big platforms have managed to pull off.
I've run ad blockers for years now, but I'm still trying to forget those disgusting zit popping pictures that trended in ads for a while. Or those incredibly stupid life hack shorts, like the one where someone tied a cord around a mug and the hack to get it loose was smashing the cup... that crap made me despair for humanity as much as the Gaza genocide.
But google and facebook convinced the legislators that it would be impossible to keep that chum away from kids on their platform, so the legislators are going with the next option: banning the kids from the platforms.
I won't do it for any of them. I've got an endless selection of things competing for my time and attention and I'll be happy to find another one where needed.
Stop making your kids my problem! We have everything to hide. It is called personal identity. All data online managed by companies will always be misused, lost to scammers, blamed back to you for something you never did, and hunt you down.
One thing people underestimate is how brittle digital identity actually is in the UK.
There isnt a single identity. Theres a loose federation of databases (banks, CRAs, telecoms, electoral roll, etc.).
There are multiple operational definitions of "name": legal name, common name, known-as name, card name, account display name. None is universally canonical. Theres no statutory hierarchy that forces institutions to agree on precedence.
In the absence of a mandatory national ID, identification relies on matching across name, date of birth, and address history, which are inconsistently collected. Fuzziness is necessary for coverage, but it introduces brittleness. If a variant isnt explicitly linked as an alias, automated online checks can fail because the matching rules dont explore every permutation.
Even within a single dataset the problem doesnt disappear. Large systems such as the NHS have documented identification errors involving patients with identical names, twins at the same address, or demographic overlaps. Unique identifiers help, but operational workflows still depend on humans entering and reconciling imperfect data.
This is exactly what I am feeling (the title, didn't read). I can't see why I would give a copy of my official id card or a picture of my face to a basic service on the Internet. Seriously ? They do not deserve it. Even my phone number is too much but well Google has it now.
The age verification proposal of the EU tries to do that, the government knows you used age verification (and I think the rough number of times you used it), but they don't know when or where you used it.
I can't imagine countries with such strict speech laws, for example, would be willing to build a system that is technically incapable of linking the person visiting a sire and the site requesting verification.
This proposal may have been updated since I read it previously, so I could be wrong now, but it didn't read as a true zero-knowledge proof as key steps in the flow still required a level of trusting the government as the central authority to do the right thing and not track requests, both today and in the future.
The EU has more freedom of speech than the US, the US has just a different way of punishment.
It’s much easier in the US to lose your job for what you say as in the EU and in the US the consequences of losing your job are more severe if you don’t have enough money so you can afford to lose it.
US freedom of speech comes with a price tag that puts the censor inside your brain.
See eg. BBS+[1]. Proofs that preserve anonymity are generated locally and neither the verifier nor issuer can determine the user based on these (in scenarios of non PII signals like age thresholds), while still allowing the verifier to validate it's issuer approved.
Steam thinks I was born Jan 1, 1970. Not that I needed to lie when I did my age verification back 15 years ago, I just randomly scrolled the year down and selected one.
As the years have marched on, though, that "birthdate" becomes significantly closer to my real birthday.
Only when chatting in a large channel at work, did I realise nearly 1/3 of the people there also set theirs as 1/1/1970. Which I presume is the first date that phisers will try to enter to reset people's accounts.
I am fully aware that my standard fake birthday is now used by me in some many places, that I have started to have a fake fake birhday. I should really just randomise and store it in my password manager.
But obviously the context of this OP story ruins all that.
When you're 10, a year is a long time, when you're 60 it is not. There's an implicit "relatively" here, which is unusual but not unknown in English. Almost poetic, I like it.
Thanks now I understand. I am "only" 26, but I remember being 20 like yesterday. I can't believe I'm on the second half of the way to 50. COVID lockdowns and responsibilities didn't help.
I feel time has gone faster since I got a job, if that makes sense. Every day yearning for it to be 5o clock so I can check out, every week yearning for the weekend, every month yearning for the last day to get paid. Doing this is just asking for time to be over sooner.
When a 10-year-old registers for an adult website, they pretend they're 100 years old. Their age is 90 years different from the stated birthday. Eighty years later, the birth date is just as far off—but the implied age is now only 10 years off.
I live in China, where every mobile game requires age verification. Teenagers can play for up to 1.5h/d on weekends. But as far as I can see, some parents will assist their children to unlock more time on purpose.
More like the state (at least in places like USA) cracked down on children roaming freely so now people hide their kids inside playing video games so a Karen doesn't call CPS when mommy has other things to do all day besides play helicopter parent staring down at their kid all day.
Neglect laws are written too broadly, giving too much discretion to CPS to decide what constitutes neglect or inadequate supervision. There have been a couple cases IIRC in Florida where parents were arrested for letting their kids walk/play in parks alone, albeit these were very young children.
Outside of that, there's increased traffic and the US as a whole is way too car centric. Suburbs are horribly designed, and we prioritize moving cars instead of moving people, and any kind of infrastructure design that might slow down traffic, reduce the need to drive, or mildly inconvenience a driver gets shot down.
There is a very real danger of getting killed by a distracted idiot in a car, and that risk is much higher today. I commute on I5 every day for work and every single day I see multiple people, going 80MPH watching tiktoks on their phone on the dash mount, or obviously looking down texting. I can't blame anyone for not wanting their kids running around the neighborhood when we can't even be responsible enough to pay attention when we are driving 2 ton death machines.
I'm sorry, the "Karen" drove onto your private road to interrogate your kid?
These things don't happen on a liberal/conservative axis in my experience.
I've lived all over the place, though not as much with kids, and have had none of these issues (including having mixed race kids who look much more like their other parent than me).
You really need to look at why you're living where you do.
The problem for me is not services where the content is online, you can just avoid those, but cases where access to scarce real resources is controlled through online verification. E.g. renting recording studios, background checks for job applications, things like this. Often there is no route that does not go through a third-party verification service.
I gave a bunch of details of my personal history to a verification service thinking naively that it would be used to prove I was me.
Instead, they didn't know much about me apparently and just stored what I told them.
Then it appears they were hacked because some completely unrelated release of stolen data included all my data, specifically all that data I had provided to that service, that one time.
The Verification Service is the honeypot for your private information. Arg.
I don't understand how can you be intelligent, maybe even have a hacker mindset, write about tech, yet unable to get through simple verification process with a fake ID?
That's kind of undermining everything you write about. Is it even worth reading thoughts of someone who cannot open a digital equivalent of child proof container?
I'm of the same mind as the author. I can't think of a single online service that would be worth the risk of exposing myself to age or identity verification.
I've said it before, and I'll say it again: The standard should be that devices ask whether the user is a minor during setup, and make that available as an is_minor boolean to all apps and websites. Children's devices are almost always set up by parents, and the setting can be protected by a parental PIN code. This method is effective while being completely private and local.
Though I can't take credit for the idea. It was proposed by the European Democratic Party.[0]
And you shouldn’t verify. Many companies offering these identity verification services have ties to the intelligence networks of a country that shall not be named (similar to most VPN services that are supposedly there to protect your anonymity).
There are some services where it makes sense. E.g., submitting taxes with the government, logging into the banking website. Apart from that kind of service, yes I don't think I would want my identity or age verified on more or less any website.
I mean, if you live in a country where the state will delegate ID verification to a creepy company instead of having that as an in house capability you have more pressing structural issues to deal with.
Ha! You are concerned about the privacy aspects of IDs but you want me to list what authentication services I use for you? That's too funny to help out with :p
I have a date I use that's incorrect, but consistent so I can remember it if I need to, that I use for age verification for anything that doesn't truly need an accurate birthdate (example, age verification to view games on Steam).
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
When thinking about verifying your identity with a service, you have to ask yourself "what will be the impact to me if everything this service knows about me, every click I've made, everything I've watched/read/uploaded is posted publicly on the internet, attached to my full name, address and photo?". Because those are the very real stakes; if you verify with enough services, this will happen to you.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
How true this is probably varies a whole lot from person to person.
Very few of the things you list are things that I do primarily online (even during the pandemic), and none of those are things that I can only do online.
Related: this[1] current article/thread about privacy-preserving age verification.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
yeah, but wait till you have to id yourself to use online governments service, or do a one hour drive to meet in person with officials. and then if you have to do this four times. i gave up and submited my face to save 8+ hours and inevitably most of people will do the same...
This stuff worries me as one needs to be a hard target when they reach their 80 and 90’s. People do not need personal info out there in the public domain.
I will never tell my real age if possible. I especially love free forms for entry, because then I can be born in the 1800s. Surprisingly few services have an issue with that.
The problem for me is that the reason this is needed is that kids are permanently online, completely unprepared for the wild west that is the internet and increasingly effectively raised by the internet.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
Google didn't do anything wrong, they lost their Yahoo and it was the only way they had of verifying their older Gmail. What do you expect, when you don't have access to your recovery method, and it's a free service so it's not like you can prove ownership of a credit card previously used for billing or something? And especially since that was presumably from before the days when Gmail required a phone number, so your recovery e-mail was the only mechanism, and things like 2FA authentication codes didn't exist.
Could be worse. OpenAI is asking for ID verification to use Codex 5.3, through Persona, which was just exposed as doing extremely dodgy surveillance stuff.
I encountered my first run-in with an age verification prompt when I went to authenticate into the Claude iOS app. It asked me to use me iOS/iCloud account to confirm myage. It was quick and seamless enough, but even though I'm aware of this trend, it struck me as a bit jarring.
I use multiple "real" identities so I don't have my real name associated with certain open source projects that involve sensitive things like cryptography etc. This is a huge concern of mine.
I have multiple “real identities”, diagnosed due to trauma. We each want to have our own spaces of interest and experience online.
As a matter of mental health, we really cannot have these overlapping for many reasons, prime among them is that if one part of me becomes aware of another while they’re doing their thing, a
mental “table join” can happen and disturbing memories can be shared which is incredibly destabilizing to the system.
As a wireframe example my programming alter cannot be exposed to the alter who browses cptsd forums or they remember things that cause them to dip from the headspace and we lose their knowledge.
We can’t try to pretend we don’t exist and pretend to be one person either, we did that for years and we ended up having a breakdown and went into a fugue state and moved across country leaving everything behind.
This law would destroy our productivity and contribution to economy or whatever corporacrats care about.
We’ve had age verification for decades. It just depends on specifically what is being verified. Congress passed Children’s Online Privacy Protection Act back in 1998, that basically made it extremely tedious for websites to serve children under 13 years of age. How did everyone manage this in the early 2000s? Every child simply lied to the website with an incorrect birthdate. Now that was before real name policy was instituted by social networks and it was also common for people to provide a false name to websites. This approach of “asking the user for a birthdate and accepting it as true” is the only age verification method that’s sane.
See, I think, you're not supposed to continue using those services as before. They want them all gone, and so-called age verification is a means to chase away users that are less dedicated.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
People don't like these checks. Ok. But. Parents worry about their kids being exposed to porn and social media. They want someone to do something about it. That political force is real, and someone is going to take advantage of it. What tools can they ask for if not these checks everyone agrees they hate? That's what I hope for in these types of comment threads.
Age and identity verification can and should be done at the country level.
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
I don't like the idea that media services are required to report back to the government that I'm accessing them - I think that is an issue many would have with such a system
I also don't understand any of this kerfuffle. I think it mostly stems from third world countries, like the USA, where no one has a real ID; for those luddites it's "driver's license", or "electricity bill", or "birth certificate" or something to that effect.
Functioning countries have cryptographically secure government-issued ids. Those cards have a cryptographic computer chip. A crazy innovation that makes your nose bleed if you look at it funny. You stick the ID card with a secure chip in a card reader and open bank accounts, sign any document as if in person, even vote. It's free, by the way. It's a pact with the devil, really, or unadulterated communism. In the banana republic of the USA you go around showing your driver's license or uploading selfies to fakebook. So modern. So untraceable. So unspoofable. Go team USA. It's like the rest of us are here sitting by the track while the handicapped team is still three laps away, still figuring out where the finish line is. All in the name of Freedom(TM) of course.
Verifying age: 1- use ID card in reader, challenge is received from website, challenge answered, the website checks with the ID database about that particular challenge/response pair. The website gets a positive match, they don't know anything about you, not even your age. Done. Don't forget to drown three rabbits in goat blood or the authentication will not work.
Honestly seems like the moral panic of the day. I was just reading about some “red vs blue” school meme in London which led to a lot of hand wringing and parents keeping their kids at home. The kicker? There was no actually school battles, it was a viral meme (mostly consumed by adults) and the kids just thought it was a joke.
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
The most relevant question to answer for your jurisdiction is "What is the penalty for lying?"
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
It really does matter. The Ellison family will now control untold amounts of media across all formats. Digital ID run through Israel, as they current are, is very unlikely to get the critical news stories and algorithmic support that Real ID opposition had.
Why would that be? Cui bono. The interests of the largest media aggregation in history align with the interests of the tech stack purveyors, which aligns with the interests of the panopticon lovers.
You may be dismissive all you wish, but Jewishness is an underlying driver just like Wahabbiness, Drunkeness, etc. It relates to an alignment of interests.
Therefore, the best way to avoid the 15 minute city remote control car programmable money digital prison future for our progeny is to avoid those aligned tech stacks.
It is very difficult to do that. The preservation of diversity is thus most important. Fractionating Discord customer base, fractionating gaming service customer bases, etc.
By pointing out the facts I do, which you dismiss sarcastically, others may decide to review a non aligned source in addition to the Ellison media Farm/Linux/Cloud aligned arms.
I also wish it were not true. I was a Hannah Arendt, Philo, and Jospehus fan. The digital prison wanters are the digital prison wanters unfortunately. Alas, the numbers speak for themselves.
I also specifically pointed out India. It is they who are going for the the tech stacks via strategic attempts to shift the learning curves so that only full time employees can keep up with open source technologies and so that all data sits on their systems instead of yours.
They will blend in some place in Zion using AI so they do not have to honor the GPL inputs, and using Indian contractors the Israelis will analyse the ID and app and tech usages of every person the planet. So that laws will be tailor made for the region they want to control with systems programmed to enable it.
I am not justifying myself to you, merely pointing out the plot points for the AI summary fans.
We must avoid globalized Digital IDs at all costs. How big a digital ID one accepts may vary.
Essentially any digital ID that enables life critical functions that could be done before without a tech stack must be shunned. E.g. if you can use the digital ID to sign up for water and sewer in an apartment or travel, do not get it.
At least in the USA one could make the argument that it was the Real ID refuseniks 2005-2020 that saved us from a full Covidian tyranny that would have worked if they could have simply checked a single digital source for the employment, shopping, and injection compliance records. 30 percent lacking that scannable barcode saved America's bacon.
Likewise for Digital ID and the computers. We have a duty to be refuseniks.
Australia might repeal their own horrific law if enough people simply give up social media while doing their life business the hard way. It doesn't take a huge number. Freedom might resurface there. It is a long battle. The battle is made much easier by knowing who is who.
The question is "Cui bono?"
E.g. Indians, Israelis, Brazilians, etc. Some want castes. Some want panopticons. Some want carnivals.
I would gladly blame Brazilians if many of them were working together on a digital carnivale for the whole planet
Enforcing laws against porn companies distributing porn to minors seems reasonable. It's already illegal many places, such as the US. It is then their responsibility to gate by age. It has always worked this way for liquor stores or basically anything else age-gated, including some online services like poker. If you dont want to provide age verification you don't have to.
There is a difference between a liquor store checking your ID, and a liquor store scanning your ID, appending it to a record of your purchase, and uploading it to a service to be processed by third parties (such as insurance companies, perhaps).
(In the US, the latter occurs more often than you may expect.)
When I buy liquor (well, I don't drink anymore, so THC seltzers), the liquor company isn't saving my ID to my profile and then following me around everywhere I go for the rest of my life shouting "This is MALFIST, he's 42! He buys alcohol! He also visited X Y and Z last week and had interests in A, B and C. He's annual income is six figures and buys expensive bourbon."
Not yet anyway. But there's nothing much stopping Google to offer a "verification" service to "help combat fake IDs" using a web connected camera at the till.
You can absolutely buy for instance tobacco, cannabis by the pound ("CBD" but actually ~20+% THC[a]), explosives(tannerite), alcohol (wine), and guns (black powder, or perfectly functional cartridge pre-1898) completely legally online without ID check. It's really not a problem, which is why most people probably haven't heard of it being one or even realize all can legally be bought online without ID.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.
What “dark pattern cookie trick” are you worried about? I just can’t come up with a scenario where it will actually harm me in any way. All the examples I have heard are either completely implausible, don’t actually seem that bad to me, or are things that are trivially easy to do even without any cookies.
Now, I am not going around giving my real email out to random sites, though, although even that doesn’t strike me as particularly dangerous. I already get infinite spam, and I am sure there are millions of other ways to get my email address… it is supposed to be something you give out, after all.
I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive, but I just have not yet been convinced I should actually care.
To your point about the actual harm, I've come to see it as a kind of ecological problem. Wasting energy and sending more trash to a landfill doesn't harm me individually, at least not immediately. But it does harm in aggregate, and it is probably directly related to other general harms, like overall health outcomes, efficiency, energy costs, etc.
No, accepting cookies by itself may not do much to me, but the broader surveillance and attention economy that relies on such apathy certainly has.
there's a reason I don't walk around naked either. it wouldn't hurt me, but I don't need that kind of exposure for no upside
The only times I've stopped, or tried to deny it is with the recent thing I've seen from some sites that say "accept cookies or pay money". I think that is scummy, and against what these regulations require, so I'll usually just close the site in that case.
Oh and to address the point from the main article, I think I'm unfortunately beholden to more companies, but would strongly prefer to not verify my identity, because I have little to no trust in the companies to safeguard my actual personal data. (rather than inferred cookie tracking data, which they can have imo).
It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy.
It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them.
> It's not hard to see why though. They grew up with app stores & locked down devices.
When we create a safer world, people’s defense mechanisms naturally atrophy or are never developed in the first place.
We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught.
Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety.
It was also drilled into me that the default state of anything on the internet is to be untrusted and potentially harmful.
It also helped that you could actually tinker with things, and there were plenty of foot guns around to drill that lesson home.
Somewhere along the way that message got lost and didn't get communicated to the young ones, and I'm not even that old (38).
I think almost every Android user has thise concepts.
But on the trustworthy web assumption, I agree. The only effective remedy is a personal calamity.
No other prior generation comes close.
Compare them to people growing up in the 1980s. The average person at that time was overwhelmingly oblivious to computing very broadly, their grasp of a "file" as a concept would have been close to non-existent. That was just 40 years ago.
In the mid 1980s a mere 10% of US households had home computers. And that was a high mark globally, it was drastically lower in nearly every other country (closer to zero in eg China, India at that time). The number of people routinely using office PCs was still extremely low.
Today young people have a computer in their hand for hours each day, and they knowingly manage files throughout the day.
My kids will know way less about filesystems than I do, because I had to learn DOS commands to navigate around the operating system if I wanted to play computer games, which led to a lifelong interest in how computers actually work at a level they can (and, so far, do) happily ignore.
As a non-Apple user, this is not something that happened to me. I literally have a "Files" app on my Android phone and my laptop/desktop.
Yes there has been a Files app on iOS devices for well over a decade
https://www.youtube.com/watch?v=tnPAhVxsPHE
While it is possible to interact with the local file system on a school Chromebook, it’s certainly not the default. School interactions with Chromebooks seem to consist of logging with highly secure passwords like “strawberry” and using Google Docs. And playing games with heavy PvP components and paid DLC (paid by parents whose kids beg for it, not by schools) that call themselves “educational” because they interject math problems needed to use those juicy spells, make no effort whatsoever to teach anything, but produce a nicely formatted report correlating scores to numbered elements of the Common Core standards.
And easily get sold add-on services. How many people hit the 5GB iCloud limit for backups and just pay without stopping to think that it might be possible to do local backups to your computer and you don't really have to pay for extra storage?
Just hit them with the scary language "You are at risk of losing your photos forever if you don't pay!" because that concept of "Oh, photos are just files in a directory and I can copy those anywhere I want" doesn't exist. To many, those photos are part of the gallery app, not a separate file from it and since that app only runs on the phone, surely it must not be possible to copy them anywhere unless I pay for the storage.
No, they do not. First, simply using something does not mean you understand it at all. Secondly, because the devices they've become the most accustomed to work very hard to hide all those details from the user.
They know app silos, not file system hierarchy. Ask a teenager where a file is on their phone and the will tell you the name of an app. Ask them how to copy it somewhere else, and they'll use the share sheet and send it to another app.
High adoption doesn't equate to high literacy.
To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions.
The only way to get, e. G., an attachment downloaded via Thunderbird to a PC or another app is the share dialogue. A user does not access to the isolated app storage by default on an unrooted Android phone. For better or worse the young user is actually making the right choice here for their platform.
(This is also why making a backup of an Android phone is a nightmare when you aren't using a first party option. ADB is sometimes able to bypass it)
Note taking apps are a prime example of this, using a proprietary localdb for notes, inside of app storage you can't access, forcing you to transact with your own data exclusively through the app (and whatever subscriptions or upcharges that come with it). We've trained out the idea that these could just be local text files in a directory you can access and do with what you want.
I've watched discussions around open file formats fade away into obscurity along with the rise of mobile, and now we have to fight on whether we should be so graciously allowed to install software on the devices we own or not.
Not everyone needs to be a computer science student, but some basic level of curiosity or education around how tech works should be required in school, at the very least a warning message of "Your data isn't safe if it's not under your control."
That's exactly the point!
The file system is hidden from modern users. Kids brought up on this now have no idea or concept of where their data resides.
It's just not commonly used for the reason the other person mentioned (share buttons between apps that are file type aware)
Unfortunately, they don't.
They might have had a computer in their hand for hours each day, but they barely know anything about it. The ones who do tend to be those who grew up playing on PC, as opposed to console or mobile, because the latter - despite falling under the "digital natives" aegis - are really shockingly ignorant of even basic concepts.
I don't even think it would be even a blip on the radar now.
It really is depressing how much ground we've given.
My local library is run by the county government, so of course the government can see the checkouts, they are the ones I check the book out from. But they restrict checkout information from others. For example, a parent can see the checkouts of their own children, but not after they turn 13.
Perhaps you're talking about subpoenas? Checking some other libraries I see SF Public Library has some discussion about that, but they delete books from your checkout history once they are returned. https://sfpl.org/about-us/confidentiality-and-usa-patriot-ac...
To the sibling comments: don't "accept the cookies" and then delete them.
- - -
I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
We need a browser with a safe extension model.
But there are couple of things I find subpar:
You can’t import/export a list of website permissions. For a couple of extensions I’d like to say “you have access to every website, except this narrow list” and be able to edit that list and share it between extensions.
On iOS, the only way to explicitly deny website access in an extension’s permissions is to first allow it, then change the configuration to deny. This is bonkers. As per the example above, to allow an extension access to everything except a narrow list of websites is to first allow access to all of them.
Finally, these permissions do not sync between macOS and iOS, which increases the maintenance burden.
¹ Private being the equivalent to incognito.
What makes it worse is that a substantial portion of users block web trackers through an adblocker. However on phones, unless you have a rooted phone or use some DNS-based blocker, all these analytics get uploaded without restraint.
Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Some browsers (e.g. Vanadium, Vivaldi) have a built-in adblocker, so you have to trust one party less.
- Read-only access to cross-tab web site content
- Ability to modify web site content
- Ability to access the network
They can always "access the network" in that the extension developer can push static updates for things like ad block lists or security updates.
It might be possible to have "read only" cross-tab access include automation APIs like keyboard + mouse, with user prompting to prevent data exfiltration.
Browsers should provide a filtering option before they makes a request.
IMO a lot of no-brainer options are missing from personal computers. Like the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux). Browsers should provide the ability to inspect, and filter network access, run custom javascript on websites, etc.
But the tricky part is that "reading files" is done all the time in ways you might not think of as "reading files". For example loading dynamic libraries involves reading files. Making network connections involves reading files (resolv.conf, hosts). Formatting text for a specific locale involves reading files. Working out the timezone involves reading files.
Even just echoing "hello" to the terminal involves reading files:
Bubblewrap allows you to do that on Linux.
But the browser also has 100% access to all of the websites. The browser is software that works for you. You control the browser.
Who but yourself do you imagine controls your extensions?
Oh really? Then why do my browsers keep moving things?
At some point, you have to implicitly trust someone unless you audit every line of code (or write it yourself) and build everything from source that you run.
But there are other uses cases, like cloud2butt.
Because of this, I found it odd that the regulation allows displaying the accept cookies button. Instead, it should be rejecting cookies by default and a separate flow to accept tracking cookies (e.g. via account settings page)
It’s naive to think that cookies are the only tool used for tracking, but they are the most powerful tool for web based tracking.
Sorry mate, the GDPR is there for a bloody good reason; and legit companies obey the law.
But at least we have cookie banners everywhere.
That being said, it was very early regulation in this field, and more recent approaches are already better, e.g., GDPR, DMA.
Accept everything, the end the session.
That said even with throwaway relay emails I don't sign up to much
There is a similar story with Ford and how they build pavement everywhere and taught the young population that roads are for cars. Now we have to drive for 10 minutes to get from one shop on the plaza to another shop on the different plaza.
But now instead, my 11 year old's Roblox thinks she is 18 because she wore glasses in their age verification webcam tool. And it can't be changed unless she uploads a passport, which I will never allow.
Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
In the US it's not rare to link accounts through phone numbers that are required in web forms and store memberships.
In Chile they started asking for your National Id with so many stupid pretexts that people got conditioned into just giving it away. It wasn't like this 10yrs ago. I'd rather have membership numbers.
It's technically public information, so collecting Ids is legal, but it's also a universal primary key within the country that allows merging any user-related table you run into.
Retail says it's just to associate it with receipts in case you need that later, but I'd rather just get a photo of the printed receipt for later than rely on them to find my receipt. Supermarkets, Drug stores, and petrol stations tie it to (possible) discounts or points at check-out, which is price discrimination and it's illegal, but we are in our way to get surge pricing as soon as the new US bootlicker president begins his period next week.
In the early aughts I was sitting in on privacy discussions that reluctantly acknowledged that regardless of what we do online, surveys showed you could offer someone at the mall a free Snickers and they'd fill out the whole form.
The perceived cost to the individual of divulging their personal data is near zero; dangling nearly any incentive in front of them will induce them to let it go. And that's not a new phenomenon.
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
Being able to limit the influence of external bad actors is the main goal of ID verification. Age verification is a useful side effect that makes it easier to sell to the general public.
Big Tech has had at least a decade to fix this, did nothing of note, and is all out of ideas. Privacy advocates had the same time to figure out a "least bad" technical solution, but got so obsessed with railing against it happening at all, that nothing got any traction.
So governments are here to legislate, for better or worse. They know it's a trade-off between being undermined by external forces vs. the systems being abused by future governments, but their take is that a future authoritarian government will end up implementing something similar anyway.
You are shifting the onus on to the platforms, when the problem is pretty simple; with a few exceptions, we've failed as a species to learn how to think.
Also do you think that the TLAs don't know who the bots most likely are with all the surveillance data they're gathering? That the NSA doesn't have detailed telemetry of the surveillance ops??
Let me ask you the question, what have they done about it? And why not?
I would say the time to buy mesh networking equipment is now. But it's not like I'm capable of defending the transmitter. So when they come for the VPNs, the VPSs, and encryption, I guess I'll just be out of luck.
(Out of luck = resigned to zero digital privacy. No matter I follow the law and “have nothing to hide” of course.)
Perhaps people will pass flash drives like North Korea or Cuba?
So many aspects of our lives are like this now. People just accept defeat cuz it would mean giving up one click ordering or free return shipping or they might have to look at labels to avoid bad companies.
I've run ad blockers for years now, but I'm still trying to forget those disgusting zit popping pictures that trended in ads for a while. Or those incredibly stupid life hack shorts, like the one where someone tied a cord around a mug and the hack to get it loose was smashing the cup... that crap made me despair for humanity as much as the Gaza genocide.
But google and facebook convinced the legislators that it would be impossible to keep that chum away from kids on their platform, so the legislators are going with the next option: banning the kids from the platforms.
There isnt a single identity. Theres a loose federation of databases (banks, CRAs, telecoms, electoral roll, etc.).
There are multiple operational definitions of "name": legal name, common name, known-as name, card name, account display name. None is universally canonical. Theres no statutory hierarchy that forces institutions to agree on precedence.
In the absence of a mandatory national ID, identification relies on matching across name, date of birth, and address history, which are inconsistently collected. Fuzziness is necessary for coverage, but it introduces brittleness. If a variant isnt explicitly linked as an alias, automated online checks can fail because the matching rules dont explore every permutation.
Even within a single dataset the problem doesnt disappear. Large systems such as the NHS have documented identification errors involving patients with identical names, twins at the same address, or demographic overlaps. Unique identifiers help, but operational workflows still depend on humans entering and reconciling imperfect data.
https://digital.nhs.uk/services/personal-demographics-servic...
https://github.com/moj-analytical-services/splink.
I'll stand by my opinion that deeply integrating the internet into our daily lives instead of keeping as a "place you go" was a huge mistake.
I'd be curious how that might work as I haven't yet seen a zero-trust age verification system.
https://ageverification.dev/av-doc-technical-specification/d...
This proposal may have been updated since I read it previously, so I could be wrong now, but it didn't read as a true zero-knowledge proof as key steps in the flow still required a level of trusting the government as the central authority to do the right thing and not track requests, both today and in the future.
It’s much easier in the US to lose your job for what you say as in the EU and in the US the consequences of losing your job are more severe if you don’t have enough money so you can afford to lose it.
US freedom of speech comes with a price tag that puts the censor inside your brain.
[1] https://news.ycombinator.com/item?id=47231456
As the years have marched on, though, that "birthdate" becomes significantly closer to my real birthday.
I am fully aware that my standard fake birthday is now used by me in some many places, that I have started to have a fake fake birhday. I should really just randomise and store it in my password manager.
But obviously the context of this OP story ruins all that.
I understand there's a clever phrasing here but I didn't get it. English is only my second language.
I feel time has gone faster since I got a job, if that makes sense. Every day yearning for it to be 5o clock so I can check out, every week yearning for the weekend, every month yearning for the last day to get paid. Doing this is just asking for time to be over sooner.
I suppose idea is that Chinese women will stay at home with the child so the state doesn't have to provide any help?
Outside of that, there's increased traffic and the US as a whole is way too car centric. Suburbs are horribly designed, and we prioritize moving cars instead of moving people, and any kind of infrastructure design that might slow down traffic, reduce the need to drive, or mildly inconvenience a driver gets shot down.
There is a very real danger of getting killed by a distracted idiot in a car, and that risk is much higher today. I commute on I5 every day for work and every single day I see multiple people, going 80MPH watching tiktoks on their phone on the dash mount, or obviously looking down texting. I can't blame anyone for not wanting their kids running around the neighborhood when we can't even be responsible enough to pay attention when we are driving 2 ton death machines.
None of those are true in my area, and how did the "Karen" even get to your child on your private road?
These things don't happen on a liberal/conservative axis in my experience.
I've lived all over the place, though not as much with kids, and have had none of these issues (including having mixed race kids who look much more like their other parent than me).
You really need to look at why you're living where you do.
It really was an extraordinary story without any extraordinary evidence.
Instead, they didn't know much about me apparently and just stored what I told them.
Then it appears they were hacked because some completely unrelated release of stolen data included all my data, specifically all that data I had provided to that service, that one time.
The Verification Service is the honeypot for your private information. Arg.
So much for the 'verification'
I don't understand how can you be intelligent, maybe even have a hacker mindset, write about tech, yet unable to get through simple verification process with a fake ID?
That's kind of undermining everything you write about. Is it even worth reading thoughts of someone who cannot open a digital equivalent of child proof container?
The UK government has approved 7 age verification methods. Not one of them meets that standard.
That's not an accident.
https://www.ofcom.org.uk/online-safety/protecting-children/a...
Though I can't take credit for the idea. It was proposed by the European Democratic Party.[0]
[0] https://democrats.eu/wp-content/uploads/2025/12/Protecting-C...
and remember its like ratchet. there might be 99% of services that use inhouse face id, and its enough to have only one to leak your data.
My data point is persona.
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
(“what will be the impact to me”)
> And… the answer is “none”.
> At least, none that I can think of at the moment.
Think back to the recent pandemic.
Work? Online. School? Online. Recreational activities? Online. Talking to loved ones you don’t live with? Online. Birthday party? Online. Nonfood shopping? Online. Banking? Paying taxes and bills? Online. Job interview? Doctors appointment? Online. Dating? You guessed it, online.
The internet’s a big thing these days.
Very few of the things you list are things that I do primarily online (even during the pandemic), and none of those are things that I can only do online.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
[1] https://news.ycombinator.com/item?id=47229953
The question I'd ask myself is; who would _I_ trust to implement privacy preserving verification?
The only answer I can come up with right now is; myself. I would trust myself.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
Banking, taxes, treasurydirect, linkedin, docusign, online filing,
Right now all those are tied to my gmail account.
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
It's honestly a reason why I don't use the service.
As a matter of mental health, we really cannot have these overlapping for many reasons, prime among them is that if one part of me becomes aware of another while they’re doing their thing, a mental “table join” can happen and disturbing memories can be shared which is incredibly destabilizing to the system.
As a wireframe example my programming alter cannot be exposed to the alter who browses cptsd forums or they remember things that cause them to dip from the headspace and we lose their knowledge.
We can’t try to pretend we don’t exist and pretend to be one person either, we did that for years and we ended up having a breakdown and went into a fugue state and moved across country leaving everything behind.
This law would destroy our productivity and contribution to economy or whatever corporacrats care about.
Some company or, hell, the gov't setup a proxy service that whitelists the internet and have your kid use that. Do your fucking job.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
Someone, anyone, but themselves.
Offline there is a reason for that, online are enough countries where it breaks the law if you sell without verification at least for NC-17 titles
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
I don't understand how this is even an issue.
Functioning countries have cryptographically secure government-issued ids. Those cards have a cryptographic computer chip. A crazy innovation that makes your nose bleed if you look at it funny. You stick the ID card with a secure chip in a card reader and open bank accounts, sign any document as if in person, even vote. It's free, by the way. It's a pact with the devil, really, or unadulterated communism. In the banana republic of the USA you go around showing your driver's license or uploading selfies to fakebook. So modern. So untraceable. So unspoofable. Go team USA. It's like the rest of us are here sitting by the track while the handicapped team is still three laps away, still figuring out where the finish line is. All in the name of Freedom(TM) of course.
Verifying age: 1- use ID card in reader, challenge is received from website, challenge answered, the website checks with the ID database about that particular challenge/response pair. The website gets a positive match, they don't know anything about you, not even your age. Done. Don't forget to drown three rabbits in goat blood or the authentication will not work.
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
1 - 1 - 1970 is always mine - Unix zero
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
Why would that be? Cui bono. The interests of the largest media aggregation in history align with the interests of the tech stack purveyors, which aligns with the interests of the panopticon lovers.
You may be dismissive all you wish, but Jewishness is an underlying driver just like Wahabbiness, Drunkeness, etc. It relates to an alignment of interests.
Therefore, the best way to avoid the 15 minute city remote control car programmable money digital prison future for our progeny is to avoid those aligned tech stacks.
It is very difficult to do that. The preservation of diversity is thus most important. Fractionating Discord customer base, fractionating gaming service customer bases, etc.
By pointing out the facts I do, which you dismiss sarcastically, others may decide to review a non aligned source in addition to the Ellison media Farm/Linux/Cloud aligned arms.
I also specifically pointed out India. It is they who are going for the the tech stacks via strategic attempts to shift the learning curves so that only full time employees can keep up with open source technologies and so that all data sits on their systems instead of yours.
They will blend in some place in Zion using AI so they do not have to honor the GPL inputs, and using Indian contractors the Israelis will analyse the ID and app and tech usages of every person the planet. So that laws will be tailor made for the region they want to control with systems programmed to enable it.
I am not justifying myself to you, merely pointing out the plot points for the AI summary fans.
We must avoid globalized Digital IDs at all costs. How big a digital ID one accepts may vary.
Essentially any digital ID that enables life critical functions that could be done before without a tech stack must be shunned. E.g. if you can use the digital ID to sign up for water and sewer in an apartment or travel, do not get it.
At least in the USA one could make the argument that it was the Real ID refuseniks 2005-2020 that saved us from a full Covidian tyranny that would have worked if they could have simply checked a single digital source for the employment, shopping, and injection compliance records. 30 percent lacking that scannable barcode saved America's bacon.
Likewise for Digital ID and the computers. We have a duty to be refuseniks.
Australia might repeal their own horrific law if enough people simply give up social media while doing their life business the hard way. It doesn't take a huge number. Freedom might resurface there. It is a long battle. The battle is made much easier by knowing who is who.
The question is "Cui bono?"
E.g. Indians, Israelis, Brazilians, etc. Some want castes. Some want panopticons. Some want carnivals.
I would gladly blame Brazilians if many of them were working together on a digital carnivale for the whole planet
(In the US, the latter occurs more often than you may expect.)
I'm in the UK, I'm normally connected through a VPN these days.