[lsiunsuex]

As a Floridian and someone in IT - I'm curious how this will be implemented

I can't remember the last time I signed up for a new social network; do they ask age? Is it an ask to Apple / Google to add stronger parental approval? Verify drivers license #?

We heard about this days ago on local news and I've been struggling to figure out short of are you 16 years or older how this is gonna get done and how do you fine someone if it's breached.

[alistairSH]

Yes, some (all?) ask for DOB/age at sign-up.

If I remember correctly, at one time Google even tried to enforce it and there were usability problems with typos and wrong dates and things - there was no verification and no easy way to fix an error. IE, if a mid-40s adult accidentally entered 1/1/2024, they'd be locked out. And if a kid entered 1/1/1977, they'd have an account (but not way to correct that date when they eventually turned 18).

[AlecSchueler]

Yes, they always ask your date of birth and generally won't allow sign ups for under 13s, it's been that way for almost 20 years.

[internet101010]

Yep. Twitch automatically bans any chatter who says that they are under that age.

[brightball]

My guess is that it will be most easily enforced in school. After school is another story entirely.

[thsksbd]

(Putting aside if the law is good or bad and the constitutionality of it.)

Put criminal penalties to the directors if no reasonable attempt to keep kids out.

Plus corporate death penalty if they purposely target kids.

Then how they enforce it doesn't really matter as long as there are periodic investigations. The personal risks are too great and the companies will figure it out.

[djfdat]

Excessive punishment with arbitrary enforcement? What could go wrong?

[a_victorp]

You forgot selective punishment as well

[throwaway-blaze]

The FTC already implements a "corporate death penalty" in the form of massive fines if an organization collects data on kids and uses it to target advertising (see COPPA)

[WarOnPrivacy]

> I'm curious how this will be implemented

The only way to determine age is to compile a database of gov-issued IDs and related data. Which is an unconstitutional barrier to speech. Which is why this will get struck-down like each similar law.

The part about ID data eventually being shared with 3rd parties, agencies - and/or leaked - is a bonus.

[tzs]

It sounds like you are envisioning age verification that involves just two parties: the user and the site that they need to prove their age to. The user shows the site their government issued ID and the site uses the information on the ID to verify the age.

That would indeed allow the site to compile a database of government issues IDs and give that information (willfully or via leaks) to third parties.

Those issues can be fixed by using a three party system. The parties are the user, the site that they need to prove their age to, and a site that already has the information from the user's government ID.

Briefly, the user gets a token from the social media site, presents that token and their government ID to the site that already has their ID information, and that site sign that token if the user meets the age requirements. The user presents that signed token back to the social network which sees that it was signed by the third site which tells it the third site says the user meeds the age requirement.

By using modern cryptographic techniques (blind signatures or zero knowledge proofs) the communication between the user and the third site can be done in a way that keeps the third site from getting any information about which site they are doing the age check for.

With some additional safeguards in the protocol and in what sites are allowed to be the ID checking sites it can even be made so that someone who gets records of both the social media site and the third site can't use timing information to match up social media accounts with verifications and so could work with sites that allow anonymous accounts.

[WarOnPrivacy]

> It sounds like you are envisioning age verification that involves just two parties: the user and the site that they need to prove their age to. ... Those issues can be fixed by using a three party system.

Okay. That sounds promising.

However the method of collecting childrens' private data isn't what makes these laws unconstitutional. It's a government erecting broad, restrictive barriers to speech.

ref: https://reason.com/2023/09/19/federal-judge-blocks-californi...

ref: https://www.theverge.com/2023/8/31/23854369/texas-porn-age-v...

ref: https://www.techdirt.com/2023/09/13/you-cant-wish-away-the-1...

ref: http://mediashift.org/2009/01/u-s-supreme-court-finally-kill...

ref: https://netchoice.org/district-court-halts-unconstitutional-...

Utah caught a glimpse or reality and stayed their own unconstitutional law. They seem to looking for a way to retool it so it won't be quite so trivial to strike down.

ref: https://kslnewsradio.com/2073740/utahs-social-media-child-pr...

[hn_acker]

> With some additional safeguards in the protocol and in what sites are allowed to be the ID checking sites it can even be made so that someone who gets records of both the social media site and the third site can't use timing information to match up social media accounts with verifications and so could work with sites that allow anonymous accounts.

I'm assuming that there will be some kind of way to prevent matching of logged IP addresses between the social media site and the verification site. Is there really a method for preventing matches of timing without requiring the user to bear the burden of requesting tokens from the sites at different times?

As I hinted at in a different comment [1] though, there remains a tradeoff of letting the verification party know how frequently I visit a single type of website vs. avoiding the first problem but needing my ID for multiple types of websites i.e. more of the internet.

[1] https://news.ycombinator.com/item?id=39180203

[bilsbie]

I don’t think anyone in government is smart enough to enable or allow this.

[throwaway-blaze]

That is literally how the age verification for porn works in Louisiana and Virginia among other states.