| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by godelski 88 days ago

  > The OS could require the parent to manually update it.

How is their age verified?

At some point one of two things is required:

  1) A promise that the user is a certain age
    - Which puts us exactly where we are
  2) Official identification is used to verify age
    - Which creates a PII nightmare

That's it. There's only those two options. You may not believe #2 is going to be a privacy nightmare but we're already seeing it happen with Discord/OpenAI/LinkedIn and everyone else that uses Persona[1]. They aren't doing the minimal security things and already aren't doing what they claimed (processed on device, then deleted). This "hack" couldn't happen if that was true

[0] https://cybernews.com/privacy/persona-leak-exposes-global-su...

[1] https://withpersona.com/customers

1 comments

ThatPlayer 88 days ago

> Which puts us exactly where we are

The difference here is it can be set by the parent on the OS and locked. Requiring sudo equivalent to change.

The way it is now, there's nothing stopping a (18-) user from logging out of a 'parental control enabled' account and making a new account without those controls on any service from Facebook to Steam. So the only effective option at that point is to entirely block that app or service.

This gives more power to parental control software. And yeah moves the responsibility from the service to the parents, which is what the services want cuz COPPA and other similar laws.

link

godelski 88 days ago

That doesn't change anything I said.

But you do bring up another issue people aren't discussing. That the default setting is under 18.

So we protect the children from adults by... having no way to actually verify someone is a child?

The problem is less kids getting access to porn and more pedos getting accounts to spaces designed for children. Places like Club Penguin or very famously Roblox.

Here's the problem, you can't verify children. They don't have identification in the same way adults do. And worse, if we gave them that then it only makes them more vulnerable!

Then we have the whole problem of a global internet. VPN usage is already skyrocketing to circumvent these policies.

So the only real "solution" to this is global identification systems where essentially everyone is carrying around some dystopian FIDO key (definitely your phone) that has all your personal information on it and you sign every device you touch. Because everything from your fridge to your car is connected to the Internet.

But that's a cure worse than the poison. I mean what the fuck happens to IOT devices? Do we just not allow them on the internet? That they're assumed 18+? So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies. That information spread like wildfire and you bet it got easier as the smarter kids put in the legwork.

This is a losing battle. It's not a cat and mouse game it's While E Coyote vs Road Runner.

We're on HN FFS. If there's anywhere on the Internet that the average user is going to understand how impossible this is it should be here. We haven't even talked about hacking! And yes, teenage script kiddies do exist.

These policies don't protect kids, they endanger them. On top of that they endanger the rest of us. Seriously, just try to work it out. Try to create a solution and then actually try to defeat your solution. Don't be fucking Don Quixote.

link

Dylan16807 88 days ago

> But you do bring up another issue people aren't discussing. That the default setting is under 18.

Some things do that. This law doesn't have a default. If the admin sets all the user accounts to 18+, then the users are stuck with the setting being 18+.

> I mean what the fuck happens to IOT devices? Do we just not allow them on the internet?

Sounds pretty good to me.

But yeah they need a different handling of some manner. Maybe a "give no access to anything age-gated" category, though is that really different from under-13 in practice?

> So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies.

Just delaying unrestricted access to high school would already solve most of the problem.

> These policies don't protect kids, they endanger them. On top of that they endanger the rest of us.

They do not. Some totally different system could endanger people, but this one doesn't.

link

godelski 87 days ago

  > Some things do that.

I think you're missing the point...

  > Sounds pretty good to me

Really? Be a bit more serious now. There are a lot of things that connect to the internet, and not just for stupid data harvesting reasons. I gave other examples. I think you can understand that this gets pretty hairy pretty quickly. If you don't, then dig in deeper to how the networking is done. You're an older account so I'm assuming you actually understand computers.

  > They do not.

They definitely do. I explicitly stated how that happens too. If you want me to take you seriously you have to respond with something better than "trust me bro".

There is no evidence that these companies are actually handling that data properly. There is a lot of evidence that they are handling it improperly. That data being leaked does in fact, endanger kids.

I'm also unconvinced these things even achieve the goals they claim to be after. Which is keeping pedos away from kids. i.e. the reason I said you're missing the point. So either it is not achieving that goal, or lulling people into a false sense of security. Imagine if Roblox was saying "we don't allow adults on the platform" and so now all the tech illiterate parents and kids think their kids are exclusively talking to other kids. That's just a worse situation than now.

So what do these laws even solve?! I'm serious

link

Dylan16807 87 days ago

> Be a bit more serious now.

The serious answer is in the next line.

> They definitely do. I explicitly stated how that happens too. [...] data being leaked

Again "Some totally different system could endanger people, but this one doesn't."

Any system that has companies handling personal data and able to leak it is not the system this kind of law talks about.

> false sense of security. Imagine if Roblox was saying

In that situation, Roblox is the problem, not the law.

> So what do these laws even solve?! I'm serious

If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.

It wouldn't replace direct checks from the parent on what their kids are doing, but it would greatly reduce the risk profile. And making it simple and built-in means that non-tech-expert parents can set it.

link

godelski 87 days ago

  >> Be a bit more serious now.

  > The serious answer is in the next line.
  > ...
  > Again "Some totally different system could endanger people, but this one doesn't."

  >> If you want me to take you seriously you have to respond with something better than "trust me bro".

I do have a hard time taking you seriously

  > If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.

HOW

link