EU chief calls for a bloc-wide push on an age verification app to protect children online. If enforced, users will have to prove their age to access legally restricted sites.
The motives are irrelevant. This will destroy the internet as we know it and disempower citizens. I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset, finally demanding to be able to know and track what we do online, everywhere we do it. This is about protecting their ability to rule, not children from harm.
I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset
LLMs are here to enrich the rich, not to “empower the individual”. They require ridiculously expensive computing power, which makes them impractical or even impossible to self-host (with data centers buying up the market, the required hardware becomes unaffordable to the individual). Now you’re at the mercy of renting out the compute from the oligarchs and their companies, and you’re also relying on their censored and biased models (see Grok and his “Mecha-Hitler” antics if you want a taste of the future). Please don’t expect that to empower you, or anyone else. It can’t, and even if it could, it wouldn’t be available to you.
Unless we democratise LLMs, they’ll just become yet another tool of enslavement in the clutches of the Epstein class.
It could greatly boost the use of decentralized apps. Which will ultimately give people more power than they have right now. So in the long run, it might have some positive side effects.
In order to make sure that the age a person provided is real, the system will gather all that information anyway. I don’t know what you mean by “reveal”, but it will gather it. And that’s the main building block of the problem.
No, that’s an app on your phone. That accumulates a ton of data in a way that didn’t exist before. The government knows I exist. Now it knows every website I’m visiting, and my identity on those sites. Now the new politician in my country decides to be a little bit more corrupt, and asks the app maintainer “hey, can you gather IDs and home addresses of all the people who criticized genocide online last couple of years, I would like to execute them publicly”, and they can do it with basically one sql equerry. The only defense against that will be “but that’s illegal, there are laws against that!”, which is shit defense nowadays.
I’m sorry, but have you read the technical documentation? The design is intentional created this way to avoid tracking.
You are issued a set of ZKP tokens that you hand back to websites. They cannot correlate these tokens back to you, nor can the operator of the system.
Now they could lie, of course, and violate the design (but being open source that’s a little harder), but if the government wanted to secretly track you, much more precise tools exist for this already.
That’s the stupid part, it doesn’t matter what it will look like at the beginning. It might be the best written documentation now, they can even implement the app correctly. The thing is, the jump from “people can use the internet” to “in order to access the internet you need to provide your government ID to your smartphone” is a big jump, one that can cost a politician career. The jump from “you need to use version 1.4.412 of the govenment id checker” to “you need to use version 2.0 of the Government Id Checker Plus” is minuscule. That’s where you introduce a persistent database of the tokens, somewhere on page 5 of the changelog. And only nerds care about that and nobody listens to them.
It’s so fucking easy, Russia did this exact gambit in 2017, Kazakhstan couple of years before.
But that slippery slope, which it sounds like you believe us to be on, also applies to phone location tracking, credit cards payments, mobile phone train tickets, smart homes, smart cars, home CCTV etc etc.
Do you leave your phone at home, always pay with cash, don’t use any apps? Most people do these things on the basis that the government doesn’t wantonly have access to what we’ve bought online. Why is age gating so different?
Of course things can break and something might be able to refer back to you, until it gets fixed.
But if your argument is that “the standard is fine, but something might not quite work”, then the same argument applies to your phone’s location tracking, your debit/credit payments etc. The vast majority of us happily use systems on the basis that they are secure, until they’re not, and then things get fixed.
It’s a matter of exposure and attack surface vs rewards for the attacker, and risk in companies are evaluated by the trio: freqency of occurrence, severity of occurrence (how large), severity of the occurrence. Banks can spend a lot because severity quickly gets very high in money.
What’s the incentive again for the next gov to properly fund the system? Oh yes: they would have to say “sorry! shit happens! that’s all because of the previous admin!!” and maybe throw one guy under the bus.
The motives are irrelevant. This will destroy the internet as we know it and disempower citizens. I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset, finally demanding to be able to know and track what we do online, everywhere we do it. This is about protecting their ability to rule, not children from harm.
LLMs are here to enrich the rich, not to “empower the individual”. They require ridiculously expensive computing power, which makes them impractical or even impossible to self-host (with data centers buying up the market, the required hardware becomes unaffordable to the individual). Now you’re at the mercy of renting out the compute from the oligarchs and their companies, and you’re also relying on their censored and biased models (see Grok and his “Mecha-Hitler” antics if you want a taste of the future). Please don’t expect that to empower you, or anyone else. It can’t, and even if it could, it wouldn’t be available to you.
Unless we democratise LLMs, they’ll just become yet another tool of enslavement in the clutches of the Epstein class.
It could greatly boost the use of decentralized apps. Which will ultimately give people more power than they have right now. So in the long run, it might have some positive side effects.
Cracking down on decetralized apps will be the next logical step
The internet as we know it is a playground for billionaires to get richer. Good riddance.
And the new internet that is on the horizon will be the definitive establishment of these same billionaires as feudal lords.
Unlike most other age verification system, this doesn’t reveal any other personal information but your age. No credit card number, no personal id.
So I’m curious how you get to your conclusion?
In order to make sure that the age a person provided is real, the system will gather all that information anyway. I don’t know what you mean by “reveal”, but it will gather it. And that’s the main building block of the problem.
That system is basically the government. They already know.
No, that’s an app on your phone. That accumulates a ton of data in a way that didn’t exist before. The government knows I exist. Now it knows every website I’m visiting, and my identity on those sites. Now the new politician in my country decides to be a little bit more corrupt, and asks the app maintainer “hey, can you gather IDs and home addresses of all the people who criticized genocide online last couple of years, I would like to execute them publicly”, and they can do it with basically one sql equerry. The only defense against that will be “but that’s illegal, there are laws against that!”, which is shit defense nowadays.
Yes, all of that happens. That is a valid worry. Which is why they tried to avoid it.
Did you see how much they did to avoid this? Do you see a flaw in their solution?
Yes, the flaw in their solution is that they require the government ID to access the internet now. That’s the flaw.
I’m sorry, but have you read the technical documentation? The design is intentional created this way to avoid tracking.
You are issued a set of ZKP tokens that you hand back to websites. They cannot correlate these tokens back to you, nor can the operator of the system.
Now they could lie, of course, and violate the design (but being open source that’s a little harder), but if the government wanted to secretly track you, much more precise tools exist for this already.
That’s the stupid part, it doesn’t matter what it will look like at the beginning. It might be the best written documentation now, they can even implement the app correctly. The thing is, the jump from “people can use the internet” to “in order to access the internet you need to provide your government ID to your smartphone” is a big jump, one that can cost a politician career. The jump from “you need to use version 1.4.412 of the govenment id checker” to “you need to use version 2.0 of the Government Id Checker Plus” is minuscule. That’s where you introduce a persistent database of the tokens, somewhere on page 5 of the changelog. And only nerds care about that and nobody listens to them.
It’s so fucking easy, Russia did this exact gambit in 2017, Kazakhstan couple of years before.
Ok, so it’s the slippery slope fallacy.
But that slippery slope, which it sounds like you believe us to be on, also applies to phone location tracking, credit cards payments, mobile phone train tickets, smart homes, smart cars, home CCTV etc etc.
Do you leave your phone at home, always pay with cash, don’t use any apps? Most people do these things on the basis that the government doesn’t wantonly have access to what we’ve bought online. Why is age gating so different?
At last a piece of code free of any flaw, any exploit, invulnerable to any known or unknown attack method!
Of course things can break and something might be able to refer back to you, until it gets fixed.
But if your argument is that “the standard is fine, but something might not quite work”, then the same argument applies to your phone’s location tracking, your debit/credit payments etc. The vast majority of us happily use systems on the basis that they are secure, until they’re not, and then things get fixed.
Your argument has to apply evenly.
It’s a matter of exposure and attack surface vs rewards for the attacker, and risk in companies are evaluated by the trio: freqency of occurrence, severity of occurrence (how large), severity of the occurrence. Banks can spend a lot because severity quickly gets very high in money.
What’s the incentive again for the next gov to properly fund the system? Oh yes: they would have to say “sorry! shit happens! that’s all because of the previous admin!!” and maybe throw one guy under the bus.
Extrapolating from US decisions, like I would have done