Parental controls are intentionally gimped. They do the bare minimum while providing more than enough wiggle room for a tech savvy teenager. To implement a robust parental control scheme you need network level filtration which isn't something the average parent will know anything about.
I disagree with that, because the teenager should be the parent's responsibility, regardless of how smart or savvy they are. Parents should be talking to their children, communicating what their and society's expectations are. If the parents are attempting to exert technical control over their children, by home router for example, there should be websites or computer shops they can go to. If the parents don't care or are not smart enough to keep up with their teenager, then no type of state mandated gimmick will either.
Teenagers, at that level of intelligence or are that determined, will find ways to circumvent whatever control mechanisms a parent or school is attempting to use. At some point, it is a matter of the teenager respecting their parents and rules. Same for if you told a teenager do not drink and drive. You can setup all kinds of technical barriers to block drunk teenagers from driving, but if they are that "smart", those committed to bad behavior or law breaking will find ways.
They would be a solution if almost all parents used them, but parents don't want to socially isolate their kids since a lot of "social" activity is now on social media. It's kind of a prisoner's dilemma.
There's not necessarily wrong. Despite the vapid and damaging nature of most popular online media, isolating a child from it might have even worse social consequences when their real-life peer groups discover that they're not on social media or that their parents have neutered their phone. Some kids would turn out fine after that. Others would be socially destroyed for life (maybe with the right therapy they could become well-adjusted, but high quality therapy is rare).
> They would be a solution if almost all parents used them
No, they are a solution for parents who want to use them, and that's all they should be. Their existence demonstrates that it's possible to handle this without regulation, other than the desire of some people to inflict their preferences onto other people's kids.
You haven't tried to use parental controls much have you? They are all terrible. They are insanely difficult to get set up properly and even when you do there are a lot of tradeoffs that come with it.
> even when you do there are a lot of tradeoffs that come with it
Absolutely, but those are nothing compared to the tradeoffs of putting attestation or identity verification (sometimes incorrectly described as "age" verification) on numerous sites and inflicting them on everyone.
And my whole point is that it's possible to do age verification in a privacy-preserving manner, and before complaining about the tradeoffs, you should get informed about what they are.
I'm well aware of those possibilities. The two biggest problems with them are that 1) they still apply to everyone, rather than only to those who opt into them and 2) governments and companies are in practice going to push for the versions that identify people and provide more information.
If you make it possible for governments to decide what content is "limited to adults", they can and will abuse that capability. "Porn" is the battle cry, to make it uncomfortable to argue against; often, other information the government wants to restrict becomes a target. The only way to prevent that is to deny the capability in the first place.
Yep, I think this would be a totally valid debate. But my frustration is that it's not there at all. We're at "people make it sound like it's technologically impossible, like the ChatControl for E2EE".
It feels like trying to debate about whether 5G is good or not, and the debate is stuck at people claiming that 5G boils your blood. There are valid reasons to oppose 5G, but if people choose to be so wrong that it sounds like bad faith, they surely won't convince me of anything.
I have yet to see a scheme that would robustly preserve privacy and freedom floated by any of the major efforts. I think the onus is on you to present a workable scheme, but even then I'm not going to support the major efforts which at present are malicious.
Having Privacy in the name doesn't mean it's actually privacy preserving. You can't just ignore attack vectors like collusion between signing entities and websites.
Did you read about how it works? Can you precisely describe an attack that defeats it, or are you just throwing names you've heard without actually knowing how Privacy Pass works? Sounds like the latter to me (yes, I read the RFC).
Your tone isn't appropriate. You don't get to assign reading. If you want to convince people of something then clearly state your case. In this instance that would mean outlining the technical argument.
That said, you've got blinders on. You're all over this comment section condescending to people about a particularly clever scheme without considering the various real world objections being raised. Not the least of which is that the vast majority of the tidalwave of legislation on the topic has zero to do with ZKPs.
> Not the least of which is that the vast majority of the tidalwave of legislation on the topic has zero to do with ZKPs.
That's not what I see. I mostly see people complaining about the fact that "if they verify my age, it fundamentally means that I have to give them my ID, and I don't want that". And whenever I mention that technically, there are ways to do age verification in a privacy-preserving manner, I get something like "you are so naive, nobody wants age verification, it's THEM (the all corrupt politicians who all have the exact same opinion) against US THE PEOPLE who need to fight for our freedom!
That is very frustrating to me, because
1. I believe that it is counter-productive to be technically wrong by saying "it is fundamentally not possible". Because if politicians genuinely listen to that, then ask a few cryptographers and get the answer "no actually it exists", then it seems only fair that those politicians will just dismiss the whole opposition by saying "oh right, they are just libertarians who don't want regulations and hide behind incorrect technical claims".
2. I believe that many, many people actually are in favour of age verification to protect their kids. And again, yelling at them saying "you understand nothing, this is not technically possible, and the politicians are all corrupt authoritarians anyway" is not constructive. Moreover, "normal" people don't give a shit about the privacy issues, so if they want age verification, they will just accept any technical solution. I would hope for technically savvy people to try to raise the privacy concerns and explain that if there MUST be age verification, AT LEAST it should be done in a privacy-preserving manner.
But yeah, let's keep yelling that it is fundamentally impossible, such that nobody even hears about the privacy-preserving solutions, until we have to either give our ID to random websites or stop using the Internet. Because what seems clear to me is that we are going towards age verification anyway, and there is zero constructive discussion about how to do that right.
> Because what seems clear to me is that we are going towards age verification anyway
This is one of the reasons you're getting a lot of arguments here. Every bit of energy spent saying "actually, check out this use of cryptography that lets you do this in a privacy-preserving way" is energy not spend saying "no, not under any circumstances" and fighting against it.
Which is ironic, because my whole point is "if you want to fight it, try to be credible". Every bit of energy spent saying "it's fundamentally not possible to do that, you would have to be stupid to consider it" is, IMHO, wasted.
Because what I read is "ok, this person is either not competent to talk about it, or arguing in bad faith, so I won't listen to them".
And to be very honest, I can't remember a good argument against "privacy-preserving age verification". It's mostly "hmm I don't like it, that should be the responsibility of the parents anyway".
The EFF has a valid point which is "such technology will leave people out who won't be able to access important services". I don't have a definitive stance on it, but that would be worth debating. I can't remember another argument from the EFF. Pretty sure they don't say "it's technically impossible to do".
Actually Soatok [1] starts by acknowledging it's possible, before going straight to their opinion: "we should not do it". Again, I think it's a debate worth having.
But I won't debate with people who either don't have a clue or downright lie about it, saying "it's not possible, period".
I'm not suggesting to say it's impossible. I'm suggesting to not help people make their bad ideas more palatable when the more palatable version is still unacceptable. When someone is trying to push a scheme that ties things to identity, don't help them make it better; destroy it.
> And to be very honest, I can't remember a good argument against "privacy-preserving age verification".
I gave you one in the other thread:
If you make it possible for governments to decide what content is "limited to adults", they can and will abuse that capability. "Porn" is the battle cry, to make it uncomfortable to argue against; often, other information the government wants to restrict becomes a target. The only way to prevent that is to deny the capability in the first place.
Here's another: Many people have successfully been productive members of many online communities (e.g. FOSS projects) while still under 18, and future generations should have the same opportunities we did.
> I'm suggesting to not help people make their bad ideas more palatable when the more palatable version is still unacceptable.
That's where we disagree, I guess. I feel like the more palatable version, in this case, is debatable. An important part of democracy is to recognise that others may have different opinions, and to be willing to engage in good faith. If the norm is to systematically lie, all you get is polarisation. And it is ironic to argue in favour of lying for your cause, but then to complain when the other side lies as well for theirs.
> I gave you one in the other thread
And I think it is debatable.
But more generally, if your opinion is that you should lie and yell to defend your ideas, that your government does not represent the people at all to the point where they would prevent teenagers from contributing to FOSS (is that a thing somewhere?), then I wonder if you actually live in a functioning democracy. I mean no offence here.
I mean, your argument is pretty much "We should remove all laws, because laws come from the government, and the government will abuse that capability. They will make schools illegal, and future generations should have the same opportunities we did".
My point, again, is that in a functioning democracy, we should strive to debate in good faith.
You are replying to my comment in which I said "I'm not suggesting to say it's impossible.", and yet you are continuing to claim I am arguing for lying. I am not arguing for lying; stop claiming that. I am arguing for not always helping your opponent make their bad idea better. Steelmanning is a helpful strategy in collaborative discourse, when you share common goals and are looking to work together to find the best way to get there. Not all politics is collaborative discourse.
I am not saying that you lie. I am saying that I have been defending, on HN, that it is possible. And more often than not I get dismissed by comments that insist on saying it's impossible.
> I am arguing for not always helping your opponent make their bad idea better
I am not sure what you mean by that. So when people generally lie by saying "I am a technical person, believe me I know, it is technically impossible", I should... what? Say "yeah that is right, believe him"? Or just say nothing, because letting them lie is the way to "not help the opponent"?
Also you assume that age verification is a fundamentally bad idea. A lot of the arguments against any regulation is "it is a step towards authoritarianism". And I disagree with that: removing all regulations is a bad idea, we need some amount of that. The right amount of the right regulations is a balancing act.
I strongly feel like I have a fundamentally different approach from many of the comments I read, and people don't like that: I don't fight for my opinion to win. I fight for society to take an informed decision. If there is a vote where the average voter is correctly informed and the vote goes against my preference, then it is a functioning democracy. I may be frustrated of course, but it means that I am in the minority, and it makes sense to follow the preference of the majority.
People should not win because they make more noise, or because they have a better strategy, or because they lie. The goal is to represent the majority of the people, and for that, the people need to be informed. When both sides systematically lie, then the people cannot believe anybody anymore. And the result of that is polarisation, as we see it.
>> I am arguing for not always helping your opponent make their bad idea better
> I am not sure what you mean by that.
By "opponent" here I mean a politician who is arguing for an age+identity verification system. Telling them "actually you can do that without checking identity" is making their argument better. (There was a time I thought that it might help because then you can see who goes mask off and actually clearly wants identity verification for its own sake, but in general politicians never get pinned down and forced to answer hard questions about their positions like that anymore.) "That's a bad idea, age and identity verification are both bad" is better.
The thing is, the EU age verification initiative does explicitly talk about privacy. The first paragraph here mentions it: https://ageverification.dev/.
But most comments explicitly criticise the EU, saying it is authoritarian and has an agenda. What then? Did they all keep the mask for too long and ended up with an actually privacy-preserving technical solution on their website "by mistake"?
Parental controls can set browsers in "child mode" where the browser sends an "I am a child" header to the server and social networks etc. need to honour it. This has existed for twelve years already: https://blog.mozilla.org/netpolicy/2014/07/22/prefersafe-mak... . It can probably be amended with a more granular set of levels, but that would be the best way forward.
The problem of "parents are negligent" is also solved by existing laws which have fines for parents who are negligent towards their children, and governments absolutely love collecting fines, so all the incentives are properly aligned.
And it's possible to do age verification in a privacy-preserving manner. I'm tired of repeating it, people should get informed before they complain.
We could totally discuss whether or not privacy-preserving age verification is a good thing. But we can't, because most people can't be arsed to read about what age verification implies, and complain about something that is fundamentally wrong (i.e. that they would have to surrender their anonymity).
How about we just ban entirely the harmful social media that we would need to attach all our IDs to our internet activity in order to protect the children? Very strange that that's not part of the discussion!
Joe can walk into an Apple store (or wherever they purchased the device) and ask them to enable parental controls on it. We have people whose job it is to service computers and phones, they have been around for more than half a century. I am pretty sure most Joes don't service their cars either, yet they keep them road legal by visiting trained mechanics.
