Localized age checks ARE a good system and are something that should have been in the OS for decades. It is the basis for being able to make “child accounts” and is a genuine requirement for Linux to be a meaningful option for “normal people”. And having a protocol for software/websites to request that is a very good system to build on that.
We talk about how the problem of kids getting exposed to horrendous shit is a problem of “bad parenting”. This is the tool you provide to allow parents some control.
The issue is not the age check. The issue is verification. To my understanding, the California legislature explicitly does NOT require a third party. So it is literally just you saying “Sure, whatever. I was born in 1901. Now load the Maya Woulfe video faster”. And yes, this is a step towards that. But so is having network access or user accounts at all.
Even if we say I agree with this, why even ask for a specific year? Separate into child and adult, and let the super user make that change when asked.
In theory I’m not opposed to it existing as an option, but I do not like it being mandatory at all. Websites and applications should never be allowed to know any PII without explicit consent.
Even if we say I agree with this, why even ask for a specific year? Separate into child and adult, and let the super user make that change when asked.
Different countries (actually different regions within said countries) have different laws related to what “kids” can and can’t see and what age defines a “kid”. How much that matters is up to you. But it provides an automated check that ALSO avoids having to say “Hey mom? I just turned 18 and for no reason whatsoever it would be great if you could switch my account to an adult. Also make sure to knock and don’t look too closely at my laundry basket ever again”.
Websites and applications should never be allowed to know any PII without explicit consent.
And what do you think you are providing every time you tick “Yes, I am 18 years or older” or “Yes, I was born in 1920 or whatever the first option is now”?
That’s there point, with this websites will just know the users age, before it was the users choice: “are you 18 or over?” But now it will be: “I know you’re 37.567 years old” user has no idea. Maybe we should add religion and skin color too
"You have selected ‘Caucasian Christian’. Permanent light mode has been activated and you can no longer look up porn on Sunday.
You have selected “Arabic Muslim”, sensor access has automatically been granted to determine when you are facing Mecca. If you have too many friendly fire incidents in CoD, the US will deploy reaper drones to your IRL GPS location.
On a more serious note:
There’s been a lot of talk about protecting kids, but none about protecting grandma from scams and AI misinformation if her systemd age field indicates she’s 65 or older. Why is that? Is it because kids don’t have rights, so who cares if by protecting them we prevent them from developing a shred of digital literacy? Or is it because the over 65’s can vote and kids can’t?
The idea of storing age in the OS is that end programs don’t actually access it directly. They get age ranges, like child/adult, not the actual birthdate. In theory, it’s much more private than uploading your id and photo to every random website/app that you use.
there is no such thing as privacy when sharing private information, that’s accessible remotely.
leaks can and will occur. but more importantly this will be used to create digital associations between inviduals and Their online presence, just like all the other digital identity laws have.
it protects no one, as getting around it is easy as lying. while intentionally harming adults that comply out of necessity.
there is a reason people are jumping ship from privacy invading services already…
the solution is holding parents (and the child) responsible for the action of their childrens actions and not trying to create industry wide privacy invasion for bad actors to use. what’s next, gold stars for Linux users to wear?
Cookies already exist and there is countless leakage (both intentional and unintentional…). Like most things, you are not as private and protected as you seem to think you are. Just because a website is asking you to tell it (which is mostly for compliance, not knowledge) doesn’t mean they already know that you said you were 250 years old but your shopping habits suggest you are actually in your 20s and live in Detroit and really enjoy pegging.
Maybe we should add religion and skin color too
To my knowledge, very few nations tie laws or access to that slippery slope fallacy. And parents generally have those same traits (at least while the kid is living with them). So I am not seeing much benefit from this?
And if/when we reach the point where that is the case? Uhm… I don’t think companies and software will be given anywhere near as much freedom to say “Sure, we’ll comply so that we can be eligible for these contracts” or “No, we won’t comply so that we can market ourselves as protecting people”
That doesn’t seem like a great argument for doing something that further reduces privacy and protection.
The point is that, without third party verification (which I am vehemently opposed to), it changes absolutely nothing. So it is just people whining about “freedoms” they don’t even have.
And… there actually are arguments that it is good to tear down the security/privacy theatre so that people can make informed decisions and understand their actual exposure and risks.
A good example of this is that I am REALLY happy that we, as a society, have seen a drastic shift between calling things “Private Messages” and instead calling them “Direct Messages”. The former implies that only you and the recipient can see them. The latter does away with that and people rapidly learn (and communicate) that site owners and often mods can see everything you send along those avenues.
Privacy is a human right and I have a choice to who an d which third party collects my data.
My own computer with software I build myself doesn’t need mandated age gates.
This is being baked in because of US law. I wouldn’t be surprised if the US made some federal laws requiring your religion in the near future.
And that is why it is a slippery slope fallacy. Eventually, superpowers are going to want to have access to your machines (they already do, but mostly in isolated cases). So any kind of data storage and overrides should be destroyed. So let’s go shred our hard drives and remove the concept of sudo/root access?
Also, I will just add on that it is more than just the US that is increasingly pushing for age verification.
People can run secure systems that share minimal info. This requires all systems to store and share specific info. So you’re making it illegal to have a private system. Sure most people don’t, but now you’re making it illegal. You think that’s okay because we don’t have good privacy laws right now? You want to give up?
People can run secure systems that share minimal info.
And those generally aren’t the machines you want to connect to the internet and use for all your everyday browsing.
This requires all systems to store and share specific info.
Specific, unverified, info. That you are already sharing in most of the situations where it is being asked for.
So you’re making it illegal to have a private system. Sure most people don’t, but now you’re making it illegal.
A lot of things are illegal. Without the third party verification requirement, you are perfectly fine to hardcode that to say you were born on June 9th, 1969 by default. And that complies with the California legislation (last I read through it).
You think that’s okay because we don’t have good privacy laws right now? You want to give up?
No. I want people to actually understand what is going on so that they can actually protect themselves.
I completely agree with this. treat it like a privilege level. it’s that simple. it doesn’t need to define “age”, it can just define what a account cannot access.
this is all a slippery slope, and a terrible one at that. gates protect no one and just tech people to learn to get around them…
Yeah, to be completely honest, the one place where you actually could trust this kind of information is on your own local (and ideally libre-oriented) OS, never leaving your device and instead obfuscated through an API that’s exposed to whatever services need to do an age check, with the potential for additional security impositions or other concessions from data requesters due to the leverage of still having your data controlled by you. This is the bonus FOSS part where we get a say on how we want our data to be exposed on our libre systems. Other users aren’t so lucky and don’t get to have any voice on how this implementation happens, so we should probably participate in the discourse for those PRs rather than condemn them point blank.
However this is not entirely true either, for two reasons.
Philosophical: FOSS relies on the “many eyes” approach to security. Adding any API, even internal adds another layer of risk. This is exactly why some projects refuse to have API access to application data, even if it runs from a privileged forked service. (Using locked sockets or other methods instead).
Any open port is a attack vector and no matter how secure it is today, tomorrow is not a promise. More so with how this overlaps with laws like Australia’s, which requires all encryption to provide a backdoor for government access. (This means the 5 eyes nations get access by definition to this API while it’s in transit, as soon as it leaves the host system…)
But that’s not just the only issue. The whole issue with libxz being targeted by nation state sabotage proved that, it’s possible to put backdoors into applications despite “many eyes” on the code. (That case was only caught because one obsessive person over the /testing/ speed… 90% of such attempts in most projects would go unnoticed simply as there is not enough maintainers)
Licensed software: not all applications are completely open, even if the underlying OS is. This is a API thats exposed to all userland applications. Nothing stops Firefox for example from using binary blobs in Thier source to “sign” this data for supporting websites, then send this data to places you don’t consent.
Firefox is just a example, so many applications use permissable licenses that don’t require all of the sourcecode to be human readable or even accessible.
Big thing is nothing stops driver vendors from stealing this data too, no different than Microsoft does, whether or not you are signed Into a Microsoft account on windows. Telemetry is already a growing issue and the scope of telemetry data in closed source blobs doesn’t have to be defined…
So by definition it’s not any more secure…
Even if it was, the bigger question is why. Why does the application or web service need to know.
If a child walks into a liquor store and steals alcohol, they get arrested. The burden of proof was never on the liquor store. Why is the burden of proof on the OS and not the parent or child.
We don’t need nanny software, that teaches kids to be better liars. We need stronger punishments for criminal actions, regardless of age and more importantly punishments for the parents for allowing it to occur. Babygating the entire OS for some one elses children that would never touch it, legally. Is a example of creating solutions for a problem YOU(parents/government) created.
All of these age laws came from the social media bans. These of which only came into existence as a means of datacollection… Non-compliance, is actually compliance with how they are written, as they all place the burden of proof on you. No evidence == no crime. It’s still a crime to lie about your age to age restricted content.
Any age check is just a good way for predators to know WHO are the actual children, and with the epstein files revealing the whole billionaire and politician interest in trafficking and raping minors, this is essentially the perfect playground for them.
Localized age checks ARE a good system and are something that should have been in the OS for decades. It is the basis for being able to make “child accounts” and is a genuine requirement for Linux to be a meaningful option for “normal people”. And having a protocol for software/websites to request that is a very good system to build on that.
We talk about how the problem of kids getting exposed to horrendous shit is a problem of “bad parenting”. This is the tool you provide to allow parents some control.
The issue is not the age check. The issue is verification. To my understanding, the California legislature explicitly does NOT require a third party. So it is literally just you saying “Sure, whatever. I was born in 1901. Now load the Maya Woulfe video faster”. And yes, this is a step towards that. But so is having network access or user accounts at all.
Even if we say I agree with this, why even ask for a specific year? Separate into child and adult, and let the super user make that change when asked.
In theory I’m not opposed to it existing as an option, but I do not like it being mandatory at all. Websites and applications should never be allowed to know any PII without explicit consent.
Different countries (actually different regions within said countries) have different laws related to what “kids” can and can’t see and what age defines a “kid”. How much that matters is up to you. But it provides an automated check that ALSO avoids having to say “Hey mom? I just turned 18 and for no reason whatsoever it would be great if you could switch my account to an adult. Also make sure to knock and don’t look too closely at my laundry basket ever again”.
And what do you think you are providing every time you tick “Yes, I am 18 years or older” or “Yes, I was born in 1920 or whatever the first option is now”?
That’s there point, with this websites will just know the users age, before it was the users choice: “are you 18 or over?” But now it will be: “I know you’re 37.567 years old” user has no idea. Maybe we should add religion and skin color too
"You have selected ‘Caucasian Christian’. Permanent light mode has been activated and you can no longer look up porn on Sunday.
You have selected “Arabic Muslim”, sensor access has automatically been granted to determine when you are facing Mecca. If you have too many friendly fire incidents in CoD, the US will deploy reaper drones to your IRL GPS location.
On a more serious note:
There’s been a lot of talk about protecting kids, but none about protecting grandma from scams and AI misinformation if her systemd age field indicates she’s 65 or older. Why is that? Is it because kids don’t have rights, so who cares if by protecting them we prevent them from developing a shred of digital literacy? Or is it because the over 65’s can vote and kids can’t?
The idea of storing age in the OS is that end programs don’t actually access it directly. They get age ranges, like child/adult, not the actual birthdate. In theory, it’s much more private than uploading your id and photo to every random website/app that you use.
If they age or birthdate is there it could leak, regardless of the API.
there is no such thing as privacy when sharing private information, that’s accessible remotely.
leaks can and will occur. but more importantly this will be used to create digital associations between inviduals and Their online presence, just like all the other digital identity laws have.
it protects no one, as getting around it is easy as lying. while intentionally harming adults that comply out of necessity.
there is a reason people are jumping ship from privacy invading services already…
the solution is holding parents (and the child) responsible for the action of their childrens actions and not trying to create industry wide privacy invasion for bad actors to use. what’s next, gold stars for Linux users to wear?
Cookies already exist and there is countless leakage (both intentional and unintentional…). Like most things, you are not as private and protected as you seem to think you are. Just because a website is asking you to tell it (which is mostly for compliance, not knowledge) doesn’t mean they already know that you said you were 250 years old but your shopping habits suggest you are actually in your 20s and live in Detroit and really enjoy pegging.
To my knowledge, very few nations tie laws or access to that slippery slope fallacy. And parents generally have those same traits (at least while the kid is living with them). So I am not seeing much benefit from this?
And if/when we reach the point where that is the case? Uhm… I don’t think companies and software will be given anywhere near as much freedom to say “Sure, we’ll comply so that we can be eligible for these contracts” or “No, we won’t comply so that we can market ourselves as protecting people”
That doesn’t seem like a great argument for doing something that further reduces privacy and protection.
The point is that, without third party verification (which I am vehemently opposed to), it changes absolutely nothing. So it is just people whining about “freedoms” they don’t even have.
And… there actually are arguments that it is good to tear down the security/privacy theatre so that people can make informed decisions and understand their actual exposure and risks.
A good example of this is that I am REALLY happy that we, as a society, have seen a drastic shift between calling things “Private Messages” and instead calling them “Direct Messages”. The former implies that only you and the recipient can see them. The latter does away with that and people rapidly learn (and communicate) that site owners and often mods can see everything you send along those avenues.
Semantics
Privacy is a human right and I have a choice to who an d which third party collects my data. My own computer with software I build myself doesn’t need mandated age gates.
Only if you actually understand what information you are and aren’t exposing about yourself in your every day activities.
Which… yeah, does really feel like understanding the meaning of a text/concept. So… spot on?
This is being baked in because of US law. I wouldn’t be surprised if the US made some federal laws requiring your religion in the near future.
There’s a big difference between data collection and government mandated identification.
And that is why it is a slippery slope fallacy. Eventually, superpowers are going to want to have access to your machines (they already do, but mostly in isolated cases). So any kind of data storage and overrides should be destroyed. So let’s go shred our hard drives and remove the concept of sudo/root access?
Also, I will just add on that it is more than just the US that is increasingly pushing for age verification.
People can run secure systems that share minimal info. This requires all systems to store and share specific info. So you’re making it illegal to have a private system. Sure most people don’t, but now you’re making it illegal. You think that’s okay because we don’t have good privacy laws right now? You want to give up?
And those generally aren’t the machines you want to connect to the internet and use for all your everyday browsing.
Specific, unverified, info. That you are already sharing in most of the situations where it is being asked for.
A lot of things are illegal. Without the third party verification requirement, you are perfectly fine to hardcode that to say you were born on June 9th, 1969 by default. And that complies with the California legislation (last I read through it).
No. I want people to actually understand what is going on so that they can actually protect themselves.
I completely agree with this. treat it like a privilege level. it’s that simple. it doesn’t need to define “age”, it can just define what a account cannot access.
this is all a slippery slope, and a terrible one at that. gates protect no one and just tech people to learn to get around them…
Yeah, to be completely honest, the one place where you actually could trust this kind of information is on your own local (and ideally libre-oriented) OS, never leaving your device and instead obfuscated through an API that’s exposed to whatever services need to do an age check, with the potential for additional security impositions or other concessions from data requesters due to the leverage of still having your data controlled by you. This is the bonus FOSS part where we get a say on how we want our data to be exposed on our libre systems. Other users aren’t so lucky and don’t get to have any voice on how this implementation happens, so we should probably participate in the discourse for those PRs rather than condemn them point blank.
However this is not entirely true either, for two reasons.
Any open port is a attack vector and no matter how secure it is today, tomorrow is not a promise. More so with how this overlaps with laws like Australia’s, which requires all encryption to provide a backdoor for government access. (This means the 5 eyes nations get access by definition to this API while it’s in transit, as soon as it leaves the host system…)
But that’s not just the only issue. The whole issue with libxz being targeted by nation state sabotage proved that, it’s possible to put backdoors into applications despite “many eyes” on the code. (That case was only caught because one obsessive person over the /testing/ speed… 90% of such attempts in most projects would go unnoticed simply as there is not enough maintainers)
Firefox is just a example, so many applications use permissable licenses that don’t require all of the sourcecode to be human readable or even accessible.
Big thing is nothing stops driver vendors from stealing this data too, no different than Microsoft does, whether or not you are signed Into a Microsoft account on windows. Telemetry is already a growing issue and the scope of telemetry data in closed source blobs doesn’t have to be defined…
So by definition it’s not any more secure…
Even if it was, the bigger question is why. Why does the application or web service need to know.
If a child walks into a liquor store and steals alcohol, they get arrested. The burden of proof was never on the liquor store. Why is the burden of proof on the OS and not the parent or child.
We don’t need nanny software, that teaches kids to be better liars. We need stronger punishments for criminal actions, regardless of age and more importantly punishments for the parents for allowing it to occur. Babygating the entire OS for some one elses children that would never touch it, legally. Is a example of creating solutions for a problem YOU(parents/government) created.
All of these age laws came from the social media bans. These of which only came into existence as a means of datacollection… Non-compliance, is actually compliance with how they are written, as they all place the burden of proof on you. No evidence == no crime. It’s still a crime to lie about your age to age restricted content.
Any age check is just a good way for predators to know WHO are the actual children, and with the epstein files revealing the whole billionaire and politician interest in trafficking and raping minors, this is essentially the perfect playground for them.
^^^ If you needed proof that lemmy is overrun with bots just like everywhere else.