I'm surprised how little this issue has come up in the past, given how much many here are focused on privacy. This issue can be seen even today on YouTube. When I browse videos, I usually do so in FF's private browsing mode, primarily to prevent the recommendations from spilling over into my main account. However, videos marked as age-restricted cannot be viewed without logging into a Google account. Even yt-dlp couldn't download age-restricted videos without credentials when I last attempted it! (I hear there has since been a patch to fix this, but I have not tested it to see if it still works.) And apparently, EU users are sometimes required to upload their government ID to YouTube to prove they are over 18.
I get that privacy issues can be most sensitive to those under 18, but it's important to recognize that enforcing far stronger privacy restrictions alongside strong age-verification expectations (no more "are you 18+? yes/no" or "what is your birthday?" questions) can only come at the expense of anonymous browsing.
"... can only come at the expense of anonymous browsing."
False dichotomy.
(Also known as false dilemma, bogus dilemma, either-or fallacy, black-and-white fallacy.)[FN1]
If the website protects the privacy of all persons, not just those under 18, then there is no problem complying this law.
It's like the folks who claim the web cannot or would not exist unless advertising is permitted. It is a self-serving statement of an opinion. It has no evidentiary basis.
This false prediction, nonsense reasoning is probably accepted by generations that did not experience the internet before advertising was permitted, before online advertising became pervasive, and/or before online advertising was based on data collection and targeted. The fact is the internet and web did exist without advertising. There is no technical limitation that requires a website to collect data and/or serve ads.
Common retorts to such historical facts include such gems as
"I would never want to go back to 199x", or
"All the wonderful content of the web today would disappear."
1. Computers and networks are never going to return to 1990's prices and speeds. Speeds keep increasing and prices keep decreasing.
2. Who would have guessed, but today's commercial web content is actually being generated mostly by website users themselves rather than website operators. "Tech" companies operating high traffic websites have promoted their own "business", online advertising, to lure people into uploading to their websites without expecting payment in return. Like some sort of opaque lottery. This is why the web has become a cesspool of "clickbait" and garbage "content".
I find ridiculous having to login in YT (which i have no account nor will) to view “age restricted material” when you can watch hardcore porn just by clicking “I’m over 18 years old”
>> strong age-verification expectations [...] can only come at the expense of anonymous browsing
No, this is not true, there are numerous ways for a system to authenticate a user without the endpoint requesting the authentication knowing who the user is — or the system verifying the user knowing what endpoint system is requesting the authentication; only the user knows both who they are and the endpoint they want access to.
You want yt-dlp on the latest version since YouTube breaks/throttles quite often otherwise. Try yt-dlp --update. (You could also try a custom repository for your package manager, though the best solution in this case is a rolling release distribution.)
Really strange to me that given its obviously possible to securely verify someone’s age without requiring personally identifiable information at the endpoint requiring verification (or for the system verifying attributes to know the endpoint requesting verification) that anyone would even want that information flowing through their systems — unless they wanted the information for other reasons. To me, unless the prior technological features I just mentioned are baked into the law, this feels like it’s either intentional or laws are being crafted by people that have no clue what they’re doing.
More generally speaking, governments should start seeing the hoarding of data by itself and others as a national security threat, open source any government systems — and offer bounties for anyone able to maintain the objectives of a system while reducing the system’s access to sensitive data.
______________
* EDIT: 100% sure that it’s technically possible to have an endpoint anonymously verify age and a verification system to do so without knowing the endpoint requesting the verification, but unable to find technical explanation of how this might be done using existing technology; might be wrong, but believe it included a combination of differential privacy and zero knowledge proofs. Does anyone have a link to detailed explanation of how to implement such a system?
It's the last one. It's just very poorly drafted legislation that hasn't been thought through. this is our one party rule in action. With no meaningful opposition, laws are not scrutinized and unintended consequences never considered.
With IRMA it is easy to log in and make yourself known, by disclosing only relevant attributes of yourself. For instance, in order to watch a certain movie online, you prove that you are older than 16, and nothing else.
Simple questions: CD or vinyl? That will identify everyone old enough to remember. Then the classic: how do you tame a horse in minecraft, which identifies everyone under 18.
The Right Way to do this is to develop a standard for web pages to identify themselves as not suitable for children, and then build clients with a setting that locks out those pages (which could be disabled only with a passcode or some such security measure). Then it becomes the responsibility of parents to insure that the lockout is enabled no the devices their children have access to.
All things should be considered UNRATED (adult) by default.
Adults that want to should set a flag in the OS account, which should be passed along (or optionally also set as a child account) by browsing software. In child safe mode such software would then follow a set of local policy decisions and refuse to operate with content not declared child safe. Such an account feature might also forward the data to other accounts for review (parent, guardian, teacher, etc).
THEN, the enforcement, sites which incorrectly claim to be a given rating should get hit with the charges that enables.
That would be reasonable and easily workable, but...
...daunting for millions of parents, who'd imagine (often rightly) that their kids, aided by friends & on-line instructions & such, would all-to-easily bypass the parental controls.
...dis-empowering for politicians lusting after attention & votes, who think that moral panics and big-government-control-freak "solutions" are their best friends.
No, the right way to do this is to stop trying to use legislation to do the jobs of parents. Stop expecting the world to nerf itself so you can be a lazier parent.
Google provides two alternatives for age verification, a credit card payment and sending an electronic copy of a valid government issued ID.
This explanation seems to be quite terse, "If you use a credit card, any temporary authorization will be fully refunded. If you use an ID, Google will delete the image after verifying your age."
Both methods would require me to provide them (or some other entity) new personal data. In the case of credit card payment, credit card number (and thus what bank I am using, maybe also what kind of card I have) and my home address.
My government issued ID has also other information like a photo of me, my signature, social security number, all my given names and card number. I wonder if they would accept an electronic copy that would have all those covered.
"The law also mandates that businesses make it obvious to children when they are being monitored or location-tracked (by a parent, guardian, or any other consumer)"
This just horrifies me. Silicon valley companies have already made it incredibly hard to parent children, with things like disappearing photos, and locked down phones given even to young children.
Like I get 16 years and up needing stuff like that, but younger than that? Parents should be able to see what's going on their kids life. These days 90% of their life is in the phone, which is the one place blocked from parents.
In the past children had a limited circle of people in contact with them, and for the most part parents knew who was talking to their children. These days? It's the entire world who has access.
If you live in a state, that allows ballot measures, then get involved. Looking at whats happening in legislature in the US it is unlikely they will produce anything with sensible approach to privacy.
California had couple of iterations of CCPA and so far it is not looking that good either, but worth trying.
What I don't like about these news is how abstract they are. Sure, it could lead to age information leaking but my imagination isn't working to figure out how that would impact me in a concrete way. Anyone could share possible bad outcomes?
It forces internet usage to be attached to real identities, in order to make sure your not breaking the laws with children, and all the bad, bad consequences that can come from that.
And if you don't see how that can be an issue, you have lived a blessed life where you or your family & friends were not prosecuted by violent authoritarian governments arms, that exist in liberal democracies today or discriminated against for minority attribute X, both of which exist even in Scandinavia today.
Maybe we should just parent better. Seriously. If your kid is so young that they can’t figure out if they should or shouldn’t be watching a particular YouTube video on their own, they shouldn’t be on YouTube to begin with.
Kyc can easily be done with provable privacy, but that’s now how it’ll be implemented because SV and the people that work there do not value consent nor privacy.
This bill accomplishes nothing for the children, but (much like the GDPR) imposes onerous recordskeeping on site owners, which just serves to keep the bar to entry high. Great news for MAANGA! Bad news for startups.
[+] [-] LegionMammal978|3 years ago|reply
I get that privacy issues can be most sensitive to those under 18, but it's important to recognize that enforcing far stronger privacy restrictions alongside strong age-verification expectations (no more "are you 18+? yes/no" or "what is your birthday?" questions) can only come at the expense of anonymous browsing.
[+] [-] kybernetyk|3 years ago|reply
https://greasyfork.org/en/scripts/423851-simple-youtube-age-...
Works fine for me on FireFox + Greasemonkey
[+] [-] 1vuio0pswjnm7|3 years ago|reply
False dichotomy.
(Also known as false dilemma, bogus dilemma, either-or fallacy, black-and-white fallacy.)[FN1]
If the website protects the privacy of all persons, not just those under 18, then there is no problem complying this law.
It's like the folks who claim the web cannot or would not exist unless advertising is permitted. It is a self-serving statement of an opinion. It has no evidentiary basis.
This false prediction, nonsense reasoning is probably accepted by generations that did not experience the internet before advertising was permitted, before online advertising became pervasive, and/or before online advertising was based on data collection and targeted. The fact is the internet and web did exist without advertising. There is no technical limitation that requires a website to collect data and/or serve ads.
Common retorts to such historical facts include such gems as
"I would never want to go back to 199x", or
"All the wonderful content of the web today would disappear."
1. Computers and networks are never going to return to 1990's prices and speeds. Speeds keep increasing and prices keep decreasing.
2. Who would have guessed, but today's commercial web content is actually being generated mostly by website users themselves rather than website operators. "Tech" companies operating high traffic websites have promoted their own "business", online advertising, to lure people into uploading to their websites without expecting payment in return. Like some sort of opaque lottery. This is why the web has become a cesspool of "clickbait" and garbage "content".
FN1. https://en.wikipedia.org/wiki/False_dilemma
[+] [-] neuralRiot|3 years ago|reply
[+] [-] O__________O|3 years ago|reply
No, this is not true, there are numerous ways for a system to authenticate a user without the endpoint requesting the authentication knowing who the user is — or the system verifying the user knowing what endpoint system is requesting the authentication; only the user knows both who they are and the endpoint they want access to.
[+] [-] btdmaster|3 years ago|reply
[+] [-] ng12|3 years ago|reply
[+] [-] dheera|3 years ago|reply
Only the government should need real IDs.
For example, if I am actually over 18 and intend to watch a video intended for over 18, I should be able to use a fake ID for it.
[+] [-] O__________O|3 years ago|reply
More generally speaking, governments should start seeing the hoarding of data by itself and others as a national security threat, open source any government systems — and offer bounties for anyone able to maintain the objectives of a system while reducing the system’s access to sensitive data.
______________
* EDIT: 100% sure that it’s technically possible to have an endpoint anonymously verify age and a verification system to do so without knowing the endpoint requesting the verification, but unable to find technical explanation of how this might be done using existing technology; might be wrong, but believe it included a combination of differential privacy and zero knowledge proofs. Does anyone have a link to detailed explanation of how to implement such a system?
[+] [-] readams|3 years ago|reply
[+] [-] erwinmatijsen|3 years ago|reply
With IRMA it is easy to log in and make yourself known, by disclosing only relevant attributes of yourself. For instance, in order to watch a certain movie online, you prove that you are older than 16, and nothing else.
Their docs[2] are pretty good.
[1] https://irma.app/?lang=en [2] https://irma.app/docs/what-is-irma/
[+] [-] sandworm101|3 years ago|reply
[+] [-] lisper|3 years ago|reply
[+] [-] mjevans|3 years ago|reply
All things should be considered UNRATED (adult) by default.
Adults that want to should set a flag in the OS account, which should be passed along (or optionally also set as a child account) by browsing software. In child safe mode such software would then follow a set of local policy decisions and refuse to operate with content not declared child safe. Such an account feature might also forward the data to other accounts for review (parent, guardian, teacher, etc).
THEN, the enforcement, sites which incorrectly claim to be a given rating should get hit with the charges that enables.
[+] [-] bell-cot|3 years ago|reply
...daunting for millions of parents, who'd imagine (often rightly) that their kids, aided by friends & on-line instructions & such, would all-to-easily bypass the parental controls.
...dis-empowering for politicians lusting after attention & votes, who think that moral panics and big-government-control-freak "solutions" are their best friends.
[+] [-] EarlKing|3 years ago|reply
[+] [-] deathgripsss|3 years ago|reply
[+] [-] kybernetyk|3 years ago|reply
[+] [-] jjluoma|3 years ago|reply
This explanation seems to be quite terse, "If you use a credit card, any temporary authorization will be fully refunded. If you use an ID, Google will delete the image after verifying your age."
Both methods would require me to provide them (or some other entity) new personal data. In the case of credit card payment, credit card number (and thus what bank I am using, maybe also what kind of card I have) and my home address.
My government issued ID has also other information like a photo of me, my signature, social security number, all my given names and card number. I wonder if they would accept an electronic copy that would have all those covered.
[+] [-] cscurmudgeon|3 years ago|reply
https://www.nytimes.com/2021/11/09/opinion/democrats-blue-st...
[+] [-] ars|3 years ago|reply
This just horrifies me. Silicon valley companies have already made it incredibly hard to parent children, with things like disappearing photos, and locked down phones given even to young children.
Like I get 16 years and up needing stuff like that, but younger than that? Parents should be able to see what's going on their kids life. These days 90% of their life is in the phone, which is the one place blocked from parents.
In the past children had a limited circle of people in contact with them, and for the most part parents knew who was talking to their children. These days? It's the entire world who has access.
[+] [-] YeBanKo|3 years ago|reply
California had couple of iterations of CCPA and so far it is not looking that good either, but worth trying.
[+] [-] gtirloni|3 years ago|reply
[+] [-] novok|3 years ago|reply
And if you don't see how that can be an issue, you have lived a blessed life where you or your family & friends were not prosecuted by violent authoritarian governments arms, that exist in liberal democracies today or discriminated against for minority attribute X, both of which exist even in Scandinavia today.
[+] [-] THENATHE|3 years ago|reply
[+] [-] exabrial|3 years ago|reply
[+] [-] sul_tasto|3 years ago|reply
[+] [-] phendrenad2|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] mintaka5|3 years ago|reply
[deleted]