[trashb]

I wonder (and don't hear anyone talking about it) if kids can't upload on social media and "publishing" platforms. Can they still host a website?

I know that my fascination with computers largely began with creating websites and messing about with HTML. Blog platforms can be considered social media I suppose but what if it is just a page of HTML or text?

Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?

I feel like most politicians and people don't understand privacy and the impact of breaking it. Additionally seems the governments don't consider themselves a thread vector for privacy invasion.

[palata]

> Should I worry about having to verify my age/identity if I want to host a page on a vps in the future?

Today I cannot get a VPS without verifying my identity. Can you?

> I feel like most politicians and people don't understand privacy and the impact of breaking it.

I feel like it doesn't start like this. Opponents to age verification assume "politicians are authoritarians, therefore politicians try to increase surveillance, therefore politicians try to introduce age verification". I think it goes the other way round: "society knows that social media are bad for children (and adults, to be fair), therefore people try to imagine ways to solve that problem, therefore politicians end up thinking about ways to prevent children from accessing social media".

Of course, most people (technical people included) don't understand whether or not it can be done in a "reasonable" way (e.g. in a privacy-preserving way). But the debate mostly doesn't revolve around that, and it is a pity. Ideally we would think about the best possible way to do it, and only then we would debate about whether or not we want it.

[trashb]

> Today I cannot get a VPS without verifying my identity. Can you?

I think it is at least possible to do so in a identity opaque way if you wanted to using obfuscated payment provider, free email and possibly fake name/address (illegal).

I meant more without scanning an actual ID or face.

> I feel like it doesn't start like this.

Of course the train of thought is not "how can we break privacy" usually the concerns/problems are valid (I agree that social media is bad for kids). But in a lot of debates I am a part of privacy concerns are easily dismissed, not taken seriously or not the priority. I'm not talking about if technically private implementations are possible yes or no. I am talking about the conceptual step before that, "what is the impact of this request" how are we limiting people that can't or don't want to comply with what we are asking.

I feel like privacy is one of the most fundamental rights since it is at the root of a lot of other rights required for democracy. For example freedom of speech, freedom of religion, right to property and more. Privacy it is continually devalued, invaded and the right to it eroded.

That leads to undermining of the other rights as in this issue a lot of people are bringing up, in the article freedom to be anonymous is brought up but also the freedom of expression of young people.

The discussion should be the other way around, no options should be considered UNLESS it can be done in a private manner. The right to privacy is more important then the right not to be hurt by watching harmful content and therefore the responsibility of the government to protect privacy is of higher importance then their responsibility to not get you hurt.

[palata]

Yeah I agree with all of that.

I do believe that there exist ZKPs, but then it raises more questions, like:

- Do we ban VPNs? I don't think we should.

- What happens if the ZKP doesn't work? It's not okay to fall back to identity verification, but then does that mean that the services are blocked if the ZKP infrastructure doesn't work?

[chriswarbo]

I don't have any answers or strong opinions yet, but I feel like the legal/societal conversation should focus on "actions taken via XYZ" rather than "technology underlying XYZ". Similar to how GDPR, etc. cover actions like collection/storage of personal information, not specific technologies like cookies (despite what many believe!).

In particular, your examples bring these things to mind, which might be worth considering alongside:

- Any machine can host a server, with no third-party required except an ISP (if we're being pedantic, even that's not needed if use a mesh network, etc.). The main barrier to connectivity IME is NAT, but there are ways around that (e.g. make it a .onion service). I played with all of the above as a teenager, so it's not unrealistic.

- "Hosting a website" covers a lot of things, some of which are already illegal (e.g. CSAM). Just because we can spin up something without jumping through social media sign-up hoops, doesn't mean it can't/shouldn't be subject to legal questions.

- Hosting a website/blog/etc. does not come with the same questionable baggage as social media (algorithmic feeds, PII, tracking, identity verification, communication, etc.). We might opt in to such things, e.g. by accepting comments on posts, but I'd distinguish such two-way, "user generated" activity from merely "hosting a website". Technologically, such things require some dynamic system (usually a self-hosted or third-party backend), rather than "just" a static HTML server.

- There is no technological difference between a blog used like a personal diary, and a blog used to post reviews of Lego. Is there a societal difference? What about if they include photos?

- Posting things on a personal website/blog has an implicit understanding that it's being published and shared with the world (that feels like the whole point of a blog). Social media has muddied those waters, by claiming things like "privacy settings", which can give the impression that posts are not being published and shared with the world.

- When it comes to activities like receiving comments, two-way communication, unsolicited messages from anonymous strangers, etc. the more relevant "basic tech" feels like running a server for email, IRC, Jabber, etc. rather than a web site; since those place such "dangerous" aspects front-and-centre. Email is the most obvious, but I mention the others since getting external systems to trust a self-hosted email server is notoriously tricky!