[Nursie]

> Age verification should be banned

Why?

> They already got so much data on their users

There are a variety of ways (see "Verifiable Credentials") that ages can be verified without handing over any data other than "Is old enough" to social media services.

[shakna]

Age verification obliviates anonymity on the internet. If everything you do, _can_ be tracked by the government, it _will_ be.

Allowing for more effective propaganda, electrol control, and lights a fire on the concept of a government _representing_ anyone.

[Nursie]

> Age verification obliviates anonymity on the internet.

How so?

Please explain in detail, because there are already schemes such as "verifiable credentials" which allow people to prove they are of age without handing over ID to online services.

[shakna]

Last time my government tried that, they failed. [0]

You need to 100% trust those verification services. And considering their success rate [1], you shouldn't.

[0] https://thinkingcybersecurity.com/DigitalID/

[1] https://discord.com/press-releases/update-on-security-incide...

[Nursie]

> You need to 100% trust those verification services.

First link - mitigation: use a well supported standard like OIDC, not a home-cooked scheme. Duh.

Second link - this is part of the problem such schemes as verifiable credentials are designed to address, random third parties collecting ID they don't need.

Yes, any system needs to be executed well. Neither of these really display that.

[shakna]

If _the government_ can't be trusted not to use a dumbass scheme, then no, it isn't a duh moment. You don't exactly get to dictate how the government implements it!

The point is that systems today, aren't really well executed. So it is unreasonable to expect them to be well executed.

If you can't trust people not to build the bomb well - then don't let them build a bomb.

[Nursie]

> You don't exactly get to dictate how the government implements it!

Who was talking about the government implementing it? I wasn't.

And also "This has been done poorly in the past so we should never attempt to do it again, better" seems an odd way to go about things. There are well put together schemes by international standards bodies in this area now. Neither of the above links followed them.

[afiori]

because most implementations are not going to be like that.

[Nursie]

In the context of "Age verification should be banned" though, we're already talking about legislative intervention. If there's no particular problem with schemes that are like that then we don't necessarily need a blanket ban on age verification.

Perhaps what we're really saying is "Ban age verification that collects lots of personal information".

Or perhaps we could distil it down further to "Ban unnecessary collection and storage of PII". In which case, Congrats! You've arrived back at the GDPR :)

Which I think is a good thing, and should be strengthened further.

(Also the other response to "because most implementations are not going to be like that" is "why not?". People are already building such ecosystems.)

[AnthonyMouse]

> If there's no particular problem with schemes that are like that then we don't necessarily need a blanket ban on age verification.

There is a problem with schemes like that.

The way computer security works is, attacks always get better, they never get worse. A scheme that nobody has found any privacy holes in when it's enacted will have one found a week after.

The way governments work is, the compromise bill passes if the people who care about privacy support it because then it has the votes of the people who care about privacy and the people who want to ID everyone. But then when the vulnerability is found, the people who care about privacy can't get it fixed because they can't pass a new bill without also having the votes of the people who want to ID everyone, and those people already have what they want. More specifically, many of them then have what they really want, which is to invade everyone's privacy, as they were hoping to do once the vulnerability was found.

Which means you need it to be perfect the first time or it's already ossified and can't be fixed. But the chances of that happening in practice are zero, which means it needs to not happen at all.

[Nursie]

> There is a problem with schemes like that.

/goes on to discuss how government legislation of specific schemes is the issue, not the schemes themselves.

Then we don't legislate specific schemes? The GDPR doesn't do that, for instance, it spells out responsibilities and penalties but doesn't say "Though shalt use this specific algorithm".

Remember, this discussion started with a call to ban all age checks, which itself is a government action and restriction on the agency of private business.

There are ways that private entities can implement age checks both securely and without leaking much other information, so it seems very heavy-handed to ban them. Private entities are building such systems between themselves already, without government mandates on the specifics.

[Almondsetat]

Ok, and? Presenting your ID at a number of IRL estamblishments also heavily reduces anonymity

[gschizas]

The difference is that IRL establishments don't sell off that data to anyone else, nor do they have the ability to collate that data with data from other establishments to make a profile of you.

(at least not yet)

[fragmede]

If you think the nightclub that scans your driver's license magstripe isn't selling your data off, when they could be making money off of it? Between PatronScan,Intellicheck, Scantek, and TokenWorks, yeah a dingy bar where it's a dude visually checking isn't it, but a nightclub and quick swipe totally is.

[shakna]

But to get that ID from the bottleo, you need to hold them at gunpoint.

To get it from Discord you need to sneeze.

The internet has scale and availability, that physical locations do not.

[echelon]

It's a slippery slope.

This is the next two steps into 1984.

Once you start mandating this, there's no going back.

The next generation will start associating wrongthink with government IDs. (Wait, we already do that, right?)

[Nursie]

> It's a slippery slope.

Is it? I thought that was a logical fallacy?

> This is the next two steps into 1984.

How so?

> Once you start mandating this, there's no going back. > The next generation will start associating wrongthink with government IDs.

Could you provide some more details on why you think this? For a start I talked about a scheme in which you don't hand over ID.

[consp]

Slippery slope can be argumental if you provide the actual argumental reasoning for it as I was thought it could be used as deductive argumentation (though that does not say much). On itself it is a fallacy.

I don't see how verifiable credentials with zero knowledge proofs provide that however.

[sham1]

The Party doesn't care about the Proles, only the members of the Outer Party.

I think that it's rather funny that people like to appeal to 1984 as if the only point of Mr. Orwell was that surveillance is bad, missing the entire point about stuff like the control of the language or the idea that the only self-justification of the (Inner) Party is power for the sake of power (see also: The Theory and Practice of Oligarchical Collectivism).

I'd even go as far as to say that if "telescreens are horrible" is the only thing that someone takes away from 1984, they've frankly missed the point.

[fragmede]

Unfortunately, having totally missed the point, they still get the same number of votes as you do.

[drawfloat]

Read another book.

[pjc50]

The problem with this discussion is that this is a wonk solution for wonkish times. You're trying to thread the needle between various reasonable compromises. Ironically due to social media, that is simply not how politics and lawmaking works any more. Instead it's an emotionally driven fight between various different sorts of moral panic, and the only option is to get people more mad about surveillance than "think of the children".

You might be able to get somewhere by getting a tech company on your side, but they generally also hate adult content and don't mind banning it entirely.

(people are not going to get age verification _banned_ any time soon! That's simply not going to happen!)

[Nursie]

> You might be able to get somewhere by getting a tech company on your side

There are quite a few already looking at this, some in the context of providing secure verification services for the existing and upcoming social media bans etc.

Unfortunately I agree with you on the rest - facts and pragmatism have fallen by the wayside compared to feels and shouting.