Rendered at 16:26:08 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
Bender 22 hours ago [-]
The only device mandates that should be taking place is for the default installations of web clients should be checking to see if parental controls are enabled. This only impacts the major browsers. An intern at each browser company could add this check in minutes. If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1]. If present, prompt for a override password and also give the option for the admin to approve-list the domain at that time. That's it. Not perfect, nothing is or will be.
The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside. This knocks out two issues with one fix. Small children don't see much if any adult content and they are kept off social media until the admin (parent or legal guardian) approves it.
If a site is not adding the RTA header then progressively fine them into oblivion. If they accept the fines as the cost of doing business then seize everything and put everyone in GenPop. An intern could enable the header in 5 minutes.
All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. The focus should be on small children as teen share porn, warez, movies and such within Rated-G games.
Bold of you to assume that lawmakers have any common sense when it comes to technology legislation. It could have taken 3 interns 3 hours at each browser company to implement a cookie consent standard 15 years ago, yet here we are in cookie banner hell.
daemin 14 hours ago [-]
Cookie banners exist because it is a dark pattern companies use to get you to opt into marketing cookies by making the easiest thing the worst choice.
This could all be handled by settings in the browser, only if the sites themselves listened to the users' browser preferences.
vincnetas 12 hours ago [-]
Agree. Its like in some countries you put a sticker on the mail box "no advertisement, please" and its illegal tor postman to deliver you ad brochures. Same could have been possible with browsers, but oh no, now you have to go out to each postman ant tell him explicitly that you do not want ads, and postman has no memory, if you tel him that you don't want ads. He can come back ten minutes later and you have to tell him again.
tyre 9 hours ago [-]
Fun fact: in the US, the Supreme Court ruled that postal workers cannot filter out mail by the owner’s request.
It makes a bit of sense, since the mailer had already paid, but the main justification (iirc; it was years ago that I read the opinion) was that a postal service should be neutral and trusted to deliver.
andyferris 5 hours ago [-]
Sure, the ISP _should_ deliver the packets. No worries.
The user agent should... be an agent for the user, and be able to perform actions on their behalf.
(The legality of those actions is of course assumed by the user here... if I add an automated flamethrower to my mailbox and burn my bills, well the debt collectors may come regardless if I read them or not - we cannot shift blame to the USPS here).
SiempreViernes 5 hours ago [-]
Not terribly persuasive because the first argument could just as well be seen as the postal service selling a service it can't deliver.
The second argument has the problem that for the whole thing to work the recipient must also have reason to trust the post office, but here their interests are not considered at all.
tardedmeme 8 hours ago [-]
Fair enough. Most advertising isn't individually posted to each address because that's expensive - they hire their own guy, who isn't a postal worker, to go around and put it in everyone's mailbox. It's like paying one cent per email to prove it isn't spam.
metiscus 4 hours ago [-]
At least in the states, the postman is almost assuredly doing the end delivery of the mail, and is often given a stack of advert materials to mix into the delivery for a certain delivery area. The use of a mailbox by anyone who isn't a USPS employee delivering paid mail is prohibited by law. https://about.usps.com/news/state-releases/tx/2010/tx_2010_0...
cool_dude85 4 hours ago [-]
In the US it's illegal for someone who's not a postal worker to put things in your mailbox for exactly this kind of reason.
Geezus_42 4 hours ago [-]
No, 99.9% of the mail I get is trash and is delivered by USPS. You can't even recycle most of it because of the paper they are printed on. It's a huge, disgusting waste of resources on multiple levels.
dessimus 3 hours ago [-]
> It's a huge, disgusting waste of resources on multiple levels.
The companies on the ads wouldn't do it that way if they were not getting a positive ROI from it. They probably only need to get 2 maybe 3 new customers to offset the cost of mass mailings.
d1sxeyes 7 hours ago [-]
Imagine a similar sticker saying 'service of papers is not permitted at this address'.
Should USPS be required to respect that owners wishes here?
Sensible decision I think.
whywhywhywhy 7 hours ago [-]
If sites don’t listen to user preferences why would the cookie banner listen to my consent.
Ultimately there’s no good excuse for the banner solution.
theknarf 7 hours ago [-]
"Do Not Track" (DNT) is already a browser setting. It just doesn't enforce anything, nor does anyone respect it.
bragr 1 hours ago [-]
To be fair, some cookie banners do automatically opt you out if you send DNT, but is not the standard for sure.
olalonde 8 hours ago [-]
Lawmakers should have foreseen this would be the consequence of the law and not have gone through with it.
shakna 8 hours ago [-]
The law does mandate that opting out should be as easy as opting in. The choices are meant to be equal. It is simply that no one is actually compliant.
olalonde 5 hours ago [-]
They could and should have foreseen this as well.
jabwd 7 hours ago [-]
It is all in the law, the problem is enforcement. 99% of the cookie banners on the web you'll encounter are in fact illegal.
no_wizard 2 hours ago [-]
In the US all the age verification legislation is written by data broker companies that want to mine this data. The government also wants to be able to have access to this information by proxy.
It’s not written the way it’s written because they’re oblivious it’s written the way it’s written because it’s plain lobbying writing the bill.
For example, there’s little in the way of protections in how the age verification would be protected or prevent the analytics from being sold
miki123211 1 hours ago [-]
How do you know?
SoftTalker 12 hours ago [-]
Tech companies could have headed off this legislation 15 years ago by just solving the problem as Bender suggested. But they wanted to pretend they had no social responsibility to not deliver filth to children, and so now the legislators are involved and they get to deal with that. I have no sympathy.
ClikeX 9 hours ago [-]
Here's one thing Apple did well on. Their screentime settings also work in the browser. It could be better, but at least it's something if you set up your kids device properly.
compass_copium 4 hours ago [-]
I had a teen whose main device was an iPad 4ish years ago and now a tween whose main device is a Windows laptop. I like Windows' implementation better--it's more granular when it comes to site access on Edge, and allows time limits in specific programs rather than categories of apps. I remember some apps that were clearly games had themselves listed as education apps.
10 hours ago [-]
redsocksfan45 5 hours ago [-]
[dead]
axelthegerman 7 hours ago [-]
Also should have been easy to design an OAuth like flow where the government that seems to care so damn much about age verification to attest someone's age in a privacy respecting way - only yes/no if the person is of the desired age.
But then again if it was to protect children, better support for voluntary age control would be so much more useful as most minors use devices managed/owned by their parents.
But then similar to cookie banners it is just about enabling surveillance
akdev1l 4 hours ago [-]
You can brute force the real age this way.
Do binary search and you don’t even need that many calls.
1. Is person older than 50?
2. Older than 25?
3. Older than 18?
4. Older than 9?
5. Younger than 14?
6. Older than 16?
Joker_vD 3 hours ago [-]
Yeah, that's why the EU-designed API doesn't work that way.
Bender 19 hours ago [-]
I was referring to the intern being able to add the header. Politicians need financial incentive. I don't have the resources to lobby them. I think that might require a philanthropist should there happen to be one that lurks on HN. There are some interesting people that lurk here that we sometimes learn about.
They can't do anything today as it is a federal holiday but they could do something tomorrow.
ClikeX 9 hours ago [-]
Like how browsers made a do-not-track feature that got ignored by websites because there was no consequence?
olalonde 8 hours ago [-]
Browsers can literally chose not to store cookies... There is no need to bring trust in the equation.
miki123211 57 minutes ago [-]
Most laws make a distinction between cookies stored for "technical purposes" and those stored for marketing / tracking.
The former are things like "does the user want dark mode", the language you chose to use the website in, the contents of your cart, your login info etc. The latter are for tracking. Typically, the former don't need consent, the latter do. Browsers have no way of telling the two apart.
freehorse 5 hours ago [-]
Can browsers know which cookies are necessary for a site functioning, logins, etc and which are for tracking, ads etc? There are many ways one can eg block third party cookies and that helps and rarely causes issues, but tracking can also be done with first party cookies, let alone fingerprinting.
For example, firefox's "strict tracking protection" setting also breaks a bunch of websites.
gsich 18 hours ago [-]
DNT exists, not even that is honored by websites. There is no need for a cookie banner for technical cookies.
kube-system 9 hours ago [-]
DNT is deprecated by W3C, and browsers have been removing it
kqp 14 hours ago [-]
This is misinformation stemming from disinformation propagated by organized industry retaliation to the law. Cookie banners are not and never have been required by law, they are intentional harassment designed to make users oppose laws that actually just say “you may not track users without their consent”. A good faith implementation would be simply nothing, because no explicit consent is required when you’re actually using cookies for honest purposes.
AnthonyMouse 12 hours ago [-]
All of the cookie banners have separate categories for strictly necessary, functional, performance and marketing, because those come from the law.
The problem is that people generally want functional and often performance cookies, and then you end up with the stupid cookie banner regardless of marketing cookies.
kqp 11 hours ago [-]
Strictly necessary cookies don’t require explicit consent, and generally can’t be rejected. Functional cookies don’t require additional explicit consent if you actually use that function. “Performance” actually refers to analytics, probably rebranded because users did not want it. Making you think they had to ask for the reasonable cookies, too, is the whole trick being pulled here.
AnthonyMouse 7 hours ago [-]
> Functional cookies don’t require additional explicit consent if you actually use that function.
To not be indistinguishable from "strictly necessary" there would have to be a case where the "functional cookie" actually required consent, right? What case is that and how would you solicit that consent other than some kind of cookie banner?
> “Performance” actually refers to analytics, probably rebranded because users did not want it.
It refers to statistics, but sometimes you do want that, e.g. so the site can tell you how long it took you to do something compared to the average user, or provide those analytics to you. And the fact that this is ambiguous is an obvious problem -- if you get access to the data they collect is that "analytics" or "functional"?
In the face of an ambiguity, most corporate bureaucrats are going to take the risk-averse option, which is to ask for consent in case it turns out to be adjudicated as required ex post facto. The result is quite predictable. If you pass a poorly drafted law, businesses have a general preference for doing something stupid/wasteful/annoying over something that could get them sued or fined.
kqp 1 hours ago [-]
> To not be indistinguishable from "strictly necessary" there would have to be a case where the "functional cookie" actually required consent, right?
The case is when you don’t use that feature.
> how would you solicit that consent other than some kind of cookie banner?
Using the feature that requires the cookie is considered consent, same as using the website is considered consent to set cookies actually necessary for the entire website to function. For example, if you click “save settings”, that’s consent to save those settings, there’s no need for a “but am I allowed to save settings?” popup.
You might be tempted to dive into the potential grey area here, and sure, one exists, but (a) that’s why the laws go into 1,000 times more detail than this HN comment, (b) most of it’s not in the grey area, and (c) even in the worst case, making 100% sure is as easy as a checkbox before the button that activates the feature, there’s never a requirement for a blanket “can we do whatever we want” before even displaying the homepage.
> It refers to statistics, but sometimes you do want that, e.g. so the site can tell you how long it took you to do something compared to the average user, or provide those analytics to you. And the fact that this is ambiguous is an obvious problem -- if you get access to the data they collect is that "analytics" or "functional"?
The GDPR calls it “statistics”, but in this context defines the word to mean analytics, not statistics shown to users. If it’s shown to users then it’s either strictly necessary or functional.
> In the face of an ambiguity, most corporate bureaucrats are going to take the risk-averse option, which is to ask for consent in case it turns out to be adjudicated as required ex post facto. The result is quite predictable. If you pass a poorly drafted law, businesses have a general preference for doing something stupid/wasteful/annoying over something that could get them sued or fined.
Businesses are generally risk averse, yes, but don’t mistake knowing a force at play for knowing them all. The “cookie consent banner” was invented and evangelized not by the laws they’re commonly believed to have sprung from but by the IAB, an ad industry consortium counting Google, Facebook, and many others as members. The same organization that organized efforts to prevent third party cookie blocking, and that tried to block the GDPR entirely. The banner norms they created did not even comply with the law until changes a few years ago, the EU just took its sweet time on enforcement.
The average small business, of course, is not in on some grand scheme, but this is where your risk aversion comes in: if all the big players are doing something, and everybody around you is doing it, and you Google it and the first 20 results all say to do it, then the risk averse move is of course to just do it and move on. After all, trusting your own judgement is scary, what if you get sued or fined?
LtWorf 12 hours ago [-]
Most of those banners are in violation of GDPR. The law isn't necessarily the problem, although it could have been done better.
LtWorf 7 hours ago [-]
As always, downvoting me doesn't change the legality of those banners. The law clearly states the "deny all" button must be as prominent as the accept button, and the banners employ all sort of dark patterns.
d1sxeyes 7 hours ago [-]
I don't think 'the law' does clearly state that, although I'd be happy to be proved wrong, and honestly it's a point of pedantry, the enforcement indicates that you're right about the actual expectation, and definitely you're right about the actual usage.
3 hours ago [-]
codedokode 20 hours ago [-]
I think the header/metatag is designed poorly. The RTA proposal is that every operator of every site must verify the content and add the header to mark the site as "safe" or "unsafe". This is unnecessary burden that they have to bear if this proposal is given a green light and this is wrong.
Instead, the default should be, that if there is no header or it cannot be parsed, then the content is unsafe. And if there is a header, it describes the page rating, like what kind of dangerous content it may contain. The header may be added to any displayable content like HTML, text, images, audio or videos, but not to machine-readable content like JS files or AJAX responses.
So only those who wants their site to be accessible by minors, have to add headers. For social networks, the user might have an option to mark his content as "safe".
This means that with my proposal existing site operators need not to do anything to mark their sites as "unsafe" - all sites are "unsafe" by default. This means that millions of site operators need to spend 0 dollars to adapt their sites. How great is that?
The browser on a device with parent mode, should not allow displaying any content which doesn't have a header or that is marked as unsafe, or that contains header with invalid value. The parents may whitelist some sites.
There should be a reponsibility for intentionally marking unsafe content as "safe". We should also think what to do with foreign operators, intentionally putting invalid headers for unsafe content. Maybe they should be added to some kind of blacklist that the browsers would periodically update.
Search engines like Google could work by default in "safe" mode, but add "unsafe" header if the user wants to turn off restrictions.
> If a site is not adding the RTA header then progressively fine them into oblivion.
I think my proposal is better because it requires only fining those who intentionally misrepresent content safety.
AnthonyMouse 11 hours ago [-]
> Instead, the default should be, that if there is no header or it cannot be parsed, then the content is unsafe.
That's something the client should be doing. You can configure your own device (or your kid's) to have whatever default you want.
The actual problem is that classifying the entire firehose of user-generated content is precarious and uneconomical, so the default tag is going to be whatever minimizes liability. If untagged implies "unsafe" and "unsafe" minimizes liability then the majority of content will be untagged. If untagged implies "safe" then the majority of content will end up explicitly tagged as unsafe, because tagging it as unsafe minimizes liability.
But either way if you disable "unsafe content" you'll end up disabling almost everything, specifically including the huge amount of "safe" content which isn't tagged as safe because accurately classifying it is uneconomical.
bsdetector 11 minutes ago [-]
If the default wasn't "almost nothing" then you'd be sanctioning exposing some kids to content their parents didn't want them to see. If there's no economic incentive to tag content then it's not valuable content for kids.
Ultimately the problem is the provider knows what category the content is and the parent knows what the content policy is. Providers can't say whether it's "safe" or "unsafe", only what standards it complies with. Some parents will have weird policies like "only G-rated movies or any Jim Carey movie" that can't even be delegated in any reasonable way to providers.
So the header has "PG-13, US-legal" because it's a movie rated PG-13 and constitutionally-protected legal content in the US, and whatever other markets you want to open up. Providers could even include AI ratings so as to mass-tag their content at low cost, and parents can decide if a particular AI rating is okay.
Parental controls could even restrict official ratings to country of origin, so if you approve PG-13 it'll block that content from countries where you can't sue them for lying about it.
lokar 18 hours ago [-]
The page having a simple rating assumes there can be one mapping from content to rating for the whole world. I doubt we can even have one for North America and Europe.
l72 16 hours ago [-]
Every app submitted to the App or Play store already has to do this. If parental controls are on, then users cannot download those apps.
The only hard part for the web is that a site could lie since there is no gatekeeper, but some black lists can help with bad actors.
lokar 15 hours ago [-]
Do the app stores have per-country rules to decide a rating?
californical 17 hours ago [-]
Come up with a few categories and let the browser/OS decide.
Websites by default are ‘true’ for every category, unless they specify.
Categories are, for example of some: nudity, sexual, violence, etc.
It doesn’t have to be perfect but sites will have to err on the side of caution.
We could even create an html tag <restricted type=violence> for example, and the browser can simply not render that portion of the page of the user has that type disabled.
And we could give companies a pass for best-effort categorization using tech to assess user-generated content, along with allowing users to flag their own content as “safe”
lokar 14 hours ago [-]
A header is probably better than a tag.
The goal should be to satisfy most reasonable governments. A neutral technical standard and an international organization to maintain the the ontology for content descriptors
californical 12 hours ago [-]
Ah I was proposing the tag as another option - maybe a news article is fine for kids but the comment section is unmoderated. That way they could still read the article but not the comments
tardedmeme 7 hours ago [-]
Better idea is just tell the server if you want to hide restricted content. Then it can make any changes necessary. Yes it's a fingerprinting bit. Not a new one, because they could already detect whether the restricted tag was rendering or not, anyway.
fc417fc802 16 hours ago [-]
That's a sorry attempt at an excuse. Companies are expected to collect ID and have related business logic that respects local laws but can't figure out how to tag their content? That's an utterly nonsensical position.
There's no reason a simple, standardized header can't be used to communicate any number of classifications simultaneously.
Edit: It occurs to me that if you oppose all age related measures then my above response isn't entirely fair to you. I still think it's an absurd objection but the comparison I made no longer applies.
lokar 15 hours ago [-]
My point was they shouldn’t give an age rating, but instead a list of standardized content descriptors
fc417fc802 14 hours ago [-]
Well fair enough. In that case we are actually in agreement. Let the end user (or network admin) sort out what is and isn't acceptable in a given context.
What we need regulation to provide (IMO) is a reliable way of doing that.
SoftTalker 12 hours ago [-]
We don't need regulation, we need cooperation, analogous to movie ratings. A site could attest that they provide content ratings, and that attestation signed by an authority (MPAA). If they are found to have been dishonest about that, the signature is revoked (or probably easier, it's fairly short-lived and just won't be renewed). Browser makers (theatres) cooperate by only loading sites with a valid, signed attestation when the device's parental controls are enabled.
Sites can choose to have unrated content (adult movies) and those are only available on devices without an enabled parental control option (adult-only theaters).
fc417fc802 12 hours ago [-]
But we already have that and it doesn't work. Sites don't bother to classify themselves. Whitelists are spotty and out of date. Almost nothing interoperates properly. My expectation given the scenario you describe is that business continues as usual with the vast majority of the internet thus being inaccessible when in "child" mode. As a result no one uses child mode and the vicious cycle perpetuates.
A solution would be browsers refusing to load any site that didn't provide such metadata, not just in child mode but in any mode. I suppose either Apple or Google would likely be capable of unilaterally imposing such a requirement as things currently stand. However I also think that's unlikely to happen on its own for various reasons. Thus legally mandating certain basic content classification categories in addition to an extensible standard protocol for communicating such metadata would (I expect) end the cycle. And rather than the government going after individuals the legislation could be structured to place the onus on mainstream browsers, OSes, and other client software to enforce compliance on their behalf.
SoftTalker 11 hours ago [-]
> the vast majority of the internet thus being inaccessible when in "child" mode.
Fine. It probably should be, if sites don't want to bother cooperating.
lokar 2 hours ago [-]
We are seeking a solution to a social problem, not just a technical problem. If it fails to achieve most of the social goals, it won't be used and you get something worse. Welcome to the real world.
fc417fc802 11 hours ago [-]
But the expected result here is that parental controls continue not to work very well, parents continue not to use them (at least competently), and people continue complaining that something needs to be done. So I propose that we do something about that rather than sit around continuing to roll the dice on the next half assed turnkey authoritarian solution than an inept legislator fields courtesy of a lobbyist working for a megacorporation whose interests tread well into the realm of the blatantly evil.
Terr_ 14 hours ago [-]
It's a hard problem but the key is that it needs to be on the client rather than on the server, because that's what can have any information on jurisdictions, local regulations, religions, or general parental preference.
For example, it would be insane if every website and blog in the world to had to run logic to detect and prevent Elbonian males under 16 lunar years from seeing ankles except on Thursdays.
18 hours ago [-]
Bender 20 hours ago [-]
For what its worth this header has been around for a very long time. It's actually the second iteration and much simpler than it's predecessor.
Parents today can accomplish what you are suggesting by installing parental control software and only allowing access to things they explicitly approve.
This can also be done via headers explicit blocking of all the things and was suggested in another thread. [1] Some people liked the idea.
The point is that it is unrealistic to expect millions of people to mark the content. Also, the header is better than the metatag because it can be added to images, videos and other non-HTML content as well.
farley13 19 hours ago [-]
I tend to agree - making folks intending to interact with minors comply makes more sense.
That said, outside of the merits of this approach, I am dubious of any actual implementation given 2 points.
1) Protecting the youths will always be a leaky bucket. With disadvantaged youths possibly more at risk. Those exposed to non-compliant parents ("cool" parents who are ok with sharing unsuitable content) or lacking strong parental involvement, likely won't benefit a great deal from any implementation.
2) Anti privacy social networks stand to gain the most from targeting ads utilizing signals from most child safety acts. They also might be able to reduce some costs from moderation if they can make it someone else's problem. I'd argue the net social impact from these social networks is likely both more normalized and strongly negative for our youths than any smut.
On the balance I'd say we are better off investing our energy in other places.
nodar86 19 hours ago [-]
> "cool" parents who are ok with sharing unsuitable content
Or simply parents who won’t agree with the government on what is suitable for their children.
We already have parental control on all mainstream operating systems, why cannot this simply be the responsibility of the parent as are so many other things regarding what children do, watch, eat etc?
tardedmeme 17 hours ago [-]
We don't have parental control on any mainstream operating system that actually works. In fact, California just removed the law that said operating systems have to have working parental control.
throwaway173738 18 hours ago [-]
Because what parents have access to now is extremely ineffective unless they prevent their kids from going outside or going to school. Right now the onus is entirely on parents too keep their kids off the Internet equivalent of smoking cigarettes, and it’s a losing battle. What we’re looking for is for the liability to shift off the parent and onto the people intentionally communicating with children. Frankly the proposal above was very reasonable. If you don’t want to intentionally communicate with kids then do nothing and you have no liability.
wizzwizz4 18 hours ago [-]
I want to intentionally communicate with kids, because kids have always been valued members of the online communities I frequent. Right now, it is easy for social media giants to exploit children, easy for child predators to get access to abuse children, and increasingly-difficult to maintain online spaces in which children are allowed to safely exist. That is surely not what we are intending to accomplish, here.
Bender 19 hours ago [-]
The header (for videos and other) was mentioned in [1]. I agree that is the way to go.
Adding a header to a web server or load balancer or app server if done globally can be done in a minute or two. Maybe 5 minutes for the intern not counting QA testing.
But you are right, the inverse is easier. I like that too. That was debated in the other recent thread.
Do you need them to? Treat everything unmarked as unsafe. Websites intended for kids will mark themselves in time.
fc417fc802 15 hours ago [-]
The problem with your proposal is that it's already the status quo. Various whitelists exist but service operators don't generally bother with these things. What you end up with is a largely unusable experience if you enable whitelist filtering.
The core problem is the lack of buy in. Unfortunately that likely needs to be forced. I think it's not unreasonable to legally require people to make a claim about the nature of what they are serving up. They already need to be aware of the legal status of what they're doing anyway so it hardly seems as though making such a determination should pose a burden when you consider that it's an alternative to either requiring ID, requiring the client send age bracket information, or other heavy handed interventions. The choice here isn't "the status quo vs a header" but rather "some other age related regulation vs a header".
An easy way to enforce this "voluntarily" (ie coerce) without sending government agents after every small time website operator would be to require that mainstream browsers and other client software (based on MAU or similar metrics) refuse to process content that does not send a classification header. Doesn't matter what the header says or what the status of the user account or parental controls or whatever else is, it has to send the header regardless or it will be blocked without exception. That would presumably trigger broad compliance with the relevant regulations.
iamnothere 15 hours ago [-]
Should books require an age rating?
What about spoken words?
What makes online speech different, from the perspective of the Constitution that limits the power of the state?
fc417fc802 15 hours ago [-]
The difference is one of redressing a concrete dysfunction. Libraries or the local bookstore or whoever aren't trying to sneak into your home, onto your child's school bus, into your child's classroom, while pushing various extremist publications purely for their own profit (ie "engagement"). We do in fact have zoning laws - I can't inadvertently encounter a strip club in a quiet residential area. Meanwhile it's commonplace for children to carry a network terminal around with them with which one can readily access the equivalent of things far worse than that.
What I've described does not restrict one's ability to speak freely. It is most similar to an impressum except it bears no identifying mark thus poses no hazard to anonymous speech.
iamnothere 14 hours ago [-]
Impressums cannot be required in the US, once again thanks to that pesky First Amendment. You may be mixing us up with Germany.
Mandates on how speech must be structured are a violation of freedom of speech, Constitutionally speaking.
“Redressing a concrete dysfunction” does not appear in the Constitution as an exemption to guaranteed rights, as far as I am aware. The proper remedy for this kind of problem is an Amendment, assuming you can get enough people to agree with your assessment.
SoftTalker 12 hours ago [-]
Regulations on speaking to children have ample precident. We rate movies and age-gate admittance, we don't allow children into liquor stores, strip clubs, or adult bookstores. None of those things violate the First Amendment.
iamnothere 4 hours ago [-]
> We rate movies
“We” (as in the US government) do not do this. There is not, nor can there be, a law requiring such rating.
> we don't allow children into liquor stores, strip clubs, or adult bookstores
These are physical stores/venues, not written speech. “We” do not restrict authors from writing adult books that may or may not be seen by children, nor do we require that the books are labeled as such.
If you want to restrict speech, pass an amendment. That is the allowable path.
fc417fc802 12 hours ago [-]
You're just vaguely waving towards the first amendment. That's not a cohesive argument in and of itself.
By your own logic would online ID laws not also be a constitutional violation? Ditto for age bracketing laws such as the one under discussion here. After all, they both effectively regulate one half of the exchange necessary for meaningful communication (ie protected speech).
> Impressums cannot be required in the US
Yes but why can't they be required? My (quite possibly flawed) understanding was that SCOTUS previously established that publishing without attribution could not directly be outlawed, recognizing the ability to speak anonymously as an important aspect of political speech. What I have described does not run afoul of that. It neither restricts one's ability to speak nor provides for any form of attribution.
> “Redressing a concrete dysfunction” does not appear in the Constitution as an exemption to guaranteed rights
Regardless of either your or my personal opinion SCOTUS routinely makes exceptions to constitutional rights when a compelling need is presented and the remedy is sufficiently targeted. That said, I don't believe that what I described infringes on the first amendment to begin with so your point is doubly moot.
iamnothere 4 hours ago [-]
> By your own logic would online ID laws not also be a constitutional violation? Ditto for age bracketing laws such as the one under discussion here.
Now you’re getting it. Throw them all out along with the idiots who passed the laws.
> Yes but why can't they be required?
The Court has interpreted compelled speech to be almost universally a violation of the First Amendment, outside of the courtroom. I tend to agree. “Shall make no law” is a strong statement.
> SCOTUS routinely makes exceptions to constitutional rights
Prior courts. The present Court seems to be (rightly) rolling back both judicially-granted overexpansion of rights and exceptions to rights, although this is a slow process.
We have to stop relying on the courts to grant new rights and/or exemptions to rights. Passing unconstitutional bills and hoping for a favorable interpretation is clearly not the intended process, yet it’s become increasingly common.
We need to figure out how to pass amendments again or we are going to lose our republic. (It may already be too late due to an out of control executive and corrupt Congress, but that’s another matter.)
fc417fc802 3 hours ago [-]
I don't think you're giving fair treatment to the complexity of the issue at hand. When SCOTUS came out in favor of anonymous political speech I do not understand it to have been on the basis of forced speech.
We require for example nutrition labels on food products. So clearly metadata of various sorts can be required for an interaction within the marketplace if there's a good enough reason for it. I'm not sure where that leaves personal blogs but it certainly applies to Amazon and PornHub.
The present court is rolling back some things but certainly not all. From the very beginning constitutional rights have never been absolute. One of the basic principles that comes up repeatedly and supersedes almost everything else is that the government must be able to carry out its duties. The contention is generally whether something is truly necessary for that and if so whether the law in question is overly broad.
iamnothere 3 hours ago [-]
> So clearly metadata of various sorts can be required for an interaction within the marketplace if there's a good enough reason for it.
Marketplace being the key word here. Interstate commerce may be regulated.
> I'm not sure where that leaves personal blogs but it certainly applies to Amazon and PornHub.
That’s the point. I also care about restrictions on smaller businesses and want to prevent regulatory capture, but personal/nonprofit/community sites must not be burdened above all else. They face enough challenges as it is. If a website or software project is noncommercial, their speech is not subject to regulation, Constitutionally speaking. What’s more, the Constitution has the correct take here—this is as it should be.
> One of the basic principles that comes up repeatedly and supersedes almost everything else is that the government must be able to carry out its duties.
Then you get the question, what are its duties? Enforcing unconstitutional laws is not one of them.
jamespo 2 hours ago [-]
Fine allow any text through, kids can use whatever gopher site they like.
paulddraper 14 hours ago [-]
You are correct.
Also, FWIW, 18 U.S.C. § 2257 applies to printed books as well as online content.
But pure text literature (physical or online) isn't as regulated as visual media.
xoa 19 hours ago [-]
Yes, exactly, this should be really simple as a foundation: by default the Internet is for adults. All of it. Where it's desirable for things to be available for kids, create the economic incentive and easy tools for parents to use and run on a white list, not a black list.
I'd actually go somewhat further though and ask whether it's a good idea to even do this via web pages at all. We have a great potential system for this already: DNS. Do something useful amongst all the ridiculous vanity and spam TLDs for once and set up a ".kids" gTLD, or ccTLD for that matter so that different countries can set their own regulatory standards naturally (ie, .kids.us, .kids.uk etc). Domains could also be used for some broad buckets for people who don't want to drill in, ie, .1-6.kids, .7-12.kids, .13-17.kids, or whatever is deemed appropriate, but simple age brackets that would offer some sane defaults. 1-6 could simply not allow any ads, user generated content or algorithmic feeds whatsoever for example. There are a lot of knobs to turn. And then at the registry level it can be ensured from the get-go that anyone getting a .kids domain is fully identified, located in the country in question, has valid ID, has specific credentials or is an accredited organization, or whatever other criteria makes sense.
But ultimately the point would be to create something that is built right from the ground up, and in turn that doesn't interfere with what has already been built at all. Something that can also be worked with at the gateway and thus cover every device on a LAN, and for that matter can easily be plugged into the vast number of powerful tools we have for working with that stuff. It'd be easy to put a nice UI on all this, even to make it higly automated. For example, have a setup wizard where you enter children, put in date of birth for each, and it'll spit out a password for each one. This then auto-provisions the network such that each kid has their own VLAN (password for PPSK or even wired connection) and is automatically limited to the domain groups of their age bracket, which then changes as their age changes.
Parents should be able to dig further in and get more granular with content categories, metadata for which could be required for anyone hosting a site within that domain, but I think there is the potential to make something both pretty bullet proof and pretty accessible, using existing tech stacks, and without impinging on the present internet at all including privacy and anonymity.
bruce511 15 hours ago [-]
A .kids domain is not a useful approach.
The vast bulk of the internet is child neutral. For example my church a web site, the bakery down the road has one, the local pro sport team has one. They're not designed "for kids", but kids are welcome.
Does StackOverflow need to register a .kids domain just so children might get answers to programing questions?
If my-bakery.co.uk and my-bakery.co.au both want to be visible to 16yo there needs to be at least kids.uk and kids.au.
Does OpenSSL.org or OpenSSL.com get to be OpenSSL.kids?
Sorry but duplicating the entire neutral internet domain space with yet another tld isn't a helpful approach.
thecrash 12 hours ago [-]
That's the trouble though - those friendly neighborhood sites can generally be assumed to be appropriate for kids, but if we create the expectation that they must ensure they are appropriate for certain age brackets simply by virtue of being online, those sites will cease existing.
Instead of running their own websites, they'll migrate to a platform like Facebook. That way Meta handles the burden of moderation and the legal complaints for the inevitable moderation failures.
xoa 5 hours ago [-]
>A .kids domain is not a useful approach.
I surprisingly seriously disagree, and think you're perhaps missing a lot of the contention in this whole societal debate. The point is to give people workable tools with some level of agreed sane defaults they can make use of, tweak, or ignore entirely, without imposing any burden at all on the existing internet and its adult (or children with parents who wish it) users.
>The vast bulk of the internet is child neutral
First: by who's standards is one of the core questions! What's neutral to one parent may not be to another. You illustrate this with your very first example in fact, "For example my church a web site". There are religious parents (and no doubt atheist ones as well) who would quite strongly not want their young child to visit your church's website.
Second: there is a difference between simply wanting to be child friendly and taking on a legal obligation and liability to be child "safe" to some given standard. Parents would be perfectly free to whitelist whatever additional sites they liked, or to subscribe to lists that curated whitelists of various sorts, or to use other controls. But a politically significant number of parents clearly want assurance that their child will near-never (with actual enforcement mechanisms for failure) encounter something outside of bounds. Meeting that need requires either whitelists or the sort of restrictions that would wreck the current web (and probably still not work very well).
>Does StackOverflow need to register a .kids domain just so children might get answers to programing questions?
If the parents of said kids want it to, then yes? Why would that be a big deal? I'd be surprised if like most places SO doesn't already have piles of domains purely for defensive purposes, and as something nationally regulated I certainly envision such a domain registrar being dirt cheap (or even free, paid for by tax dollars) for domains. Given the context and that it'd be very much not open to all there isn't any need to worry about cost to dissuade scammers and such, they'd be prevented from ever registering in the first place. Rules around use of trademark, business names and so on could also be very strict.
>If my-bakery.co.uk and my-bakery.co.au both want to be visible to 16yo there needs to be at least kids.uk and kids.au.
Yes? DNS is not expensive. And again, parents don't need to make use of it. This would be for those who do, who are right now pushing for ID for everything. It's a safe default walled garden, but one with doors any parent can open.
>Does OpenSSL.org or OpenSSL.com get to be OpenSSL.kids?
Which one chooses to get accredited by a regulator or child protection organization with insurance and so on first? Why are you asserting either would even bother? Which one would be happy about having to verify ID of users right now?
>Sorry but duplicating the entire neutral internet domain space with yet another tld isn't a helpful approach.
Sorry but you haven't thought about this very clearly at all. This proposal is very explicitly a small subset of the entire neutral internet! Duplication is never something I suggested, rather the very opposite! The "entire neutral internet" is by default adult here, but parents would be able to allow children to browse it just as now. However, some are clearly unhappy with that, enough that we're seeing politicians respond with things that would be very bad.
lokar 18 hours ago [-]
I think it really needs to be per-page.
And, if we are going to do this the “design” should be global and anticipate a range of cultures.
l72 16 hours ago [-]
That’s like saying movies should have to rate every scene so a 7 year old can watch the “safe” parts of an R movie?
If a site is really mixing so much content (like Reddit) then they should really be separating their sites into different subdomains.
lokar 14 hours ago [-]
For every different counties rating system? What about Wikipedia?
iamalizard 21 hours ago [-]
No such mandates should take place at all.
burnte 20 hours ago [-]
This is correct. It is not the government's job to raise our children. The more we ask the gov't to do that we should do, the less power we actually have. Some will say this ship has sailed, well, I say it's not too late to sink it.
xorcist 19 hours ago [-]
Earlier today there was a large thread on HN about the golden age of child rearing, from time immemorial to about two decades ago, when children started getting sent home and parents got a stern talking to from the police, just for owning a pocket knife or biking home alone.
We really can't have it both ways, that every failure of the child is blamed on the parent for lapsing in their almost totalitarian oversight, while also idealizing the idea that children must make their own mistakes and gradually growing into responsibilities and self-governance. Except having access to the Internet, apparently.
Taking a step back, this all smells like madeleines and a yearning for the good old days when everyone rode bikes and nobody owned smartphones. That's not really a productive stance on anything.
(If you would ask me, and I'm sure nobody would, I would think that there is a sort of trade-off here but with a clear answer: Make clear restrictions about buying cigarettes, alcohol, abusive content and extreme porn. But these restrictions aren't meant to be technically perfect. It's ok that some kids will learn to lift the limits and explore what is forbidden. At least then they would know that there is some reason society collectively considers these things off-limits, and that they soon will be in a mistake of their own making.)
hansvm 19 hours ago [-]
On the other hand, I know several "home-schooled" people [0] who literally can't even read and later married people more than twice their age or had other serious deficiencies in their life potential. The government can probably step in a little more here and there.
[0] I also know home-schooled people whose parents are far better than any teacher I've ever had and whose education and achievements reflect that obvious fact. Home-schooling itself isn't the issue, and I'd prefer that it remain possible.
saghm 10 hours ago [-]
> On the other hand, I know several "home-schooled" people [0] who literally can't even read and later married people more than twice their age or had other serious deficiencies in their life potential. The government can probably step in a little more here and there.
Back on the first hard, I'd argue that most of those people might have benefited from having more access to the internet, as it sounds like at least part of the problem was that they had severely limited experience for how to navigate the world outside of small amount their parents allowed them to be exposed to. I'm on board with the government being involved in ways that are beneficial, but "make anyone using an internet-connected device plug in their ID first" just feels like an absurd overreach for what it's trying to solve.
stinkbeetle 18 hours ago [-]
> On the other hand, I know several "home-schooled" people [0] who literally can't even read and later married people more than twice their age or had other serious deficiencies in their life potential. The government can probably step in a little more here and there.
Anecdotes like this don't help the case much when government schools in a lot of places "graduate" large proportions of their pupils who are functionally illiterate and innumerate. Then you get misconduct, bullying, abuse that goes on in government schools. Who should "step in" on the government?
Home schooled people do fine, statistically.
burnte 19 hours ago [-]
Public education is extremely different from age checks in apps. Yes, homeschooled people are generally really dumb because humans are not born with the knowledge of the world or how to teach it. This is different from California telling Debian to ask for user ages.
coryrc 18 hours ago [-]
You have that backward.
The home-educated typically score 15 to 25 percentile points above public-school students on standardized academic achievement tests.
I read one of those papers. Only between 10% and 25% of homeschool families completed the test. And that's of families that could be located because they had previously interacted with major homeschool testing companies; there isn't a national list of homeschooled kids and many parents homeschool precisely to avoid standardized testing. Plus in many cases the parents were the proctors. This is hardly a robust finding.
coryrc 13 hours ago [-]
Thanks for investigating deeper than I did. I don't know where else to look. However, unlike the post I originally replied to, every homeschooled adult I know is doing better than average, but anecdote vs anecdote isn't helping.
in_cahoots 1 hours ago [-]
I follow some homeschooling communities as a way to learn how to supplement my kids' schooling. There are many interwoven communities:
* religious families who don't want their kids exposed to the secular world
* families who don't trust adults to watch their kids and wouldn't ever consider public school, summer camp, sleepovers etc.
* families whose kids aren't being served by the public school system.
In all three scenarios (but especially in the first two) there is a sizeable population of parents who know their kid is several years behind grade level, but they tolerate it because they think kids learn at different paces. Or that it's fine for a kid to love one particular thing (cooking, machine repair, art) at the expense of a well-rounded education. And that's not even getting into the 'unschoolers' who treat never opening a textbook as a point of pride.
If you're well-educated and run in circles of people like you then you'll find the homeschoolers who also value education. But if you expose yourself to a wider variety of people your conclusions may change.
tcfhgj 17 hours ago [-]
Site: National Homeschool Education Research Institute
First independent search result:
> The US-based NHERI describes itself as a leading research institute in the field of homeschooling. However, its neutrality is often questioned.
Analemma_ 16 hours ago [-]
Asking NHERI to evaluate the effects of homeschooling is like asking Focus on the Family whether children do worse when raised by gay couples.
platevoltage 14 hours ago [-]
Aside from the horribly biased source, standardized testing scores are a terrible metric for judging education levels.
codedokode 19 hours ago [-]
But it seems that many parents do not bother to do anything to raise their children properly, including setting up parental controls.
saghm 10 hours ago [-]
Okay, but no kids live in my house, so why should there be a law requiring my ID to be checked even without knowing what I'm going to on my device? I don't get carded at the grocery store when I walk in because there's a chance I might buy alcohol.
echelon 19 hours ago [-]
Let me be very explicit so we're not dancing around the topic:
The potentially all-powerful government shouldn't know:
- what vices a person has
- what religion a person has or doesn't have
- what porn you watch
- what alcohol and drugs you buy
PERIOD.
All of these things can be exploited. To control jobs, to control finances, to extort influence, to shape ideology, etc.
The government shouldn't be able to catalog those things in a database for later misuse.
The government shouldn't be able to install friction or barriers that make it easy to cordon off and kill these things at a later time.
The "think of the kids" argument can go to straight to hell. Nobody's having children anyway.
This is a very real (not logically fallacious) slippery slope right into the pages of 1984.
It's not about kids. It's about control over society as a whole. They're going to force you to use your ID to access the internet, force you to use an approved device, and the minute you step outside of allowed behavior, you'll be punished.
Shackles and telescreens are coming, and they're using this argument to build it.
stouset 19 hours ago [-]
Nobody here disagrees. What should be the case is that sites are broadly required to flag what kind of content they serve so parents can choose to exercise their own level of desired control.
dpkirchner 15 hours ago [-]
Surely parents can look at the sites and decide for themselves whether or not they are suitable.
stouset 14 hours ago [-]
I am certain that with even two minutes of thought you can understand why this makes zero sense.
xorcist 19 hours ago [-]
What constitutes an all-powerful government? It seems rife for a no-true-scotsman argument.
Would it be acceptable for a private company to own this information? Perhaps sell it to others?
girvo 19 hours ago [-]
To me an all powerful government is one that has all the information the user just listed, because governments are by definition the most powerful force in our countries.
Private companies should also be regulated with regards to data sales of private information, yes.
CJefferson 13 hours ago [-]
Should a government control the porn a child can walk into a shop and buy? The alcohol and drugs they can work into a shop and buy?
Are you suggesting we remove current laws making it illegal for children to purchase these things?
saghm 9 hours ago [-]
If I recall correctly, in Pennsylvania the government does own the shops that sell liquor, and most states run lotteries, so there's certainly precedent for governments being the ones in the vice business.
That's besides the point though because this legislation doesn't check people's IDs when they're trying to purchase porn or alcohol, but as soon as they walk out the door, and if they refuse to show it, they have someone following then around even if they just go to the ATM and to the doctor.
echelon 1 hours ago [-]
A store doesn't photocopy your ID. Some states even allow retailers to skip the ID check if the patron looks old enough.
With online services, there's no way to ensure your information isn't permanently stored and associated with the transaction for later misuse.
throwawayqqq11 20 hours ago [-]
I am sick of these "government bad" takes. They lack constructive suggestions, like your "sink it" nugget, they lack decent problem descriptions, as if anything after the sinking (likely private governance, aka feudalism) is immune to the ills of big-gov, and on top perpetuate reductivist arguments as if any kind of restrictions of freedom is by definition bad.
This broad rejection without good reasons is borderline sociopathic. ... and parental control is not the gov raising anyone.
iugtmkbdfil834 19 hours ago [-]
Friend, we have a fair amount of suggestions ( including constructive ones! ). Do you know why? Because we mostly know how to make education decent for individual students like:
- keeping class sizes small
- keeping class within similar development range ( AP with AP. short bus with short bus )
None of it is a secret, but government can't (edit:or won't) make it happen. Hence regular people just doing the best they can within the system at their disposal.
zdragnar 19 hours ago [-]
I know people who will adamantly insist that keeping classes within similar development ranges is harmful and will vociferously reject any such proposal, up to and including things such as "gifted" schools and the like.
It's why some schools in (iirc) California did away with higher maths like calculus entirely.
Sadly, it seems there's nothing actually common about common wisdom.
iugtmkbdfil834 19 hours ago [-]
I will admit that I never heard a serious argument from anyone that did not rely on issues not related to individual student's education. If you have any materials on those, I would love to read some of it.
galangalalgol 18 hours ago [-]
Montessori advocates for mixed age classes where more advanced help teach the less advanced, as the teaching itself solidifies it in the more advanced student's mind. Not sure if it is valid. But it is something with studies and meta studies that may have been done well or poorly, not just an aesthetic choice. I think Vulcan style training pods driven by AI like khanmigo will end up being better education than the vast majority of students will ever have access to in person. Or consider it the realization of "a young lady's primer" from diamond age.
coryrc 17 hours ago [-]
Montessori does advocate that, but mixed ages is not mixed intelligence.
galangalalgol 4 hours ago [-]
Yes, that is an issue. There isn't much separation until age 11 or 12 and even then it is usually at the same physical facility. Is there good data on how to handle that? Don't want to make irrevocable decisions too early, seen lots of people good at arithmetic that can't do math and the reverse almost as often. Then is it bad to have socialization absent between different intelligence levels? Most public schools in the us seem to intentionally leave no time for critical thinking or actual history lessons (as opposed to propaganda).
coryrc 2 hours ago [-]
There is separation, at least here in the US, where basically all Montessori schools are private and can choose who to take, so the extreme lows aren't present. The other aspect is kids' abilities are masked by how fast kids grow and change; I'd guess a 20th percentile 4-year-old will be better at things than a 95th percentile kid 365 days younger, so the mixed ages still helps both, because teaching helps someone learn and the younger hasn't learned the thing yet. Where when you get to teens, the more capable student in, say, grade 9 will be able to learn calculus so much faster than a less capable student in grade 12, either you make the former waste most of the class repeating concepts they already solidly understand, or you end up leaving behind the slow learner. You're hurting one, the other, or both by mixing them. But that's doesn't mean they can't both be in art class, or band, or shop together.
Socialization doesn't have to solely occur in an academic classroom.
chickensong 18 hours ago [-]
I dunno, "government bad" seems like a pretty reasonable default. Governments typically have a high amount of corruption and are generally unhealthy organizations. It doesn't make sense to delegate more responsibility to an entity with such structural issues.
saghm 10 hours ago [-]
I'm not a libertarian; I just don't get why I should have to prove my age on every device I own regardless of what I access online when I don't have kids. Parental controls already exist on devices, so that's not really what this is legislation is proposing. I don't have a concrete solution because I don't even agree that "theoretically we don't know for sure that this device couldn't be used by a child to access pornography" is a problem that it's my job to solve as someone with no kids and plenty of mundane uses of the internet like paying bills, contacting medical providers, filing taxes, etc.
burnte 18 hours ago [-]
I am categorically not a "government bad" person. There are things that only government can do to help society and it's an important institution. However government shouldn't take over things in your household. I feel for the government to do a thing it should have to demonstrate that the state has an defensible interest. Gay marriage? Gov't has no business in marriage. Gov't demanding age checks in apps or in electronics? No, gov't doesn't need that.
> like your "sink it" nugget, they lack decent problem descriptions
Let me be clearer then: The legislation has passed but it is 100% possible to repeal that law. And it should be repealed, and we need to not let up pressure on California until it is rescinded. It was a bad law that was not thought out at all and fails to solve any problems.
I'm not worries about corporate feudalism and app age checks.
I'm not sociopathic, you're just making broad assumptions.
Aerroon 19 hours ago [-]
And I am sick of people constantly wanting every single aspect of life regulated by the government. You guys need to understand that government isn't static and society changes. The rules you come up with today are going to get in the way in unexpected ways tomorrow. Regulations should only happen if you can demonstrate that it substantially improves things in a measurable way.
Eg "if you ban cellphones in schools then average test scores (on tests like PISA) will substantially improve". Or something else like that.
>This broad rejection without good reasons is borderline sociopathic.
It's sociopathic to not want the people in control to constantly make up new arbitrary rules? I guess we just need a few more Patriot Acts and Snoopers Charters.
forgetfreeman 19 hours ago [-]
"And I am sick of people constantly wanting every single aspect of life regulated by the government." We're carting that strawman out again? What folks mostly want is for private industry to collectively display something approximating business ethics and maybe self-regulate away from objectively harmful/predatory behavior. The last few decades have very clearly demonstrated that there is literally no bottom to private industry depravity unless one is literally forced in place by legislation.
soraminazuki 13 hours ago [-]
Enabling government spying under the guise of "protecting children" doesn't put private industry in check one bit.
It's like saying we should install Flock cameras everywhere so that we can protect consumers from buying harmful products. Corruption and mass-violation of human rights is all that's ever going to come out of it.
If the goal is to stop predatory companies, why not do so? Oh right, because that was never the goal.
tardedmeme 7 hours ago [-]
Do you really believe that your computer asking you if you're over 18 is government spying? I don't believe that you really believe that.
soraminazuki 3 hours ago [-]
And how exactly do you validate your age? Government-issued IDs. Attaching government-issued IDs to every digital activity is the surveillance apparatus's wet dream, and it's not like these motives are hidden. So between this and equating opponents of this policy with cryptobros in your other comment, I have a hard time believing your accusation of bad faith as anything other than good old DARVO.
It's also the tired old argument that's constantly raised by encryption ban/backdoor proponents too. How many times do they have to be debunked, ugh.
If you're against the EFF on these kind of issues, it's typically a good time to reevaluate your position.
The current form of government and the last administrations have allowed this environment to exist. We don't have antitrust regulation being enforced and citizens united is still in effect.
This is only going to cause things you describe to get worse and the U.S. government is complicit in this because we have a two party system that works directly or indirectly for the establishment.
I'm not sure if you are encouraging more government intervention, but its clear this is not working. Its like going to a criminal gang and asking for security while they ransack your community and charge you for it.
forgetfreeman 14 hours ago [-]
That's a problem with the politicians folks have chosen to elect, not an issue with the concept of governance. And while I agree with your analysis proposing we all wait patiently for "market forces" to resolve whatever ludicrously unethical bullshit industry is up to at any given time is also clearly a non-starter. So now what?
trinsic2 12 hours ago [-]
It's more than just politicians we elect. There is a systemic problem that needs to be adressed before we can elect candidates that represent our wishes. Citizens United needs to be abolished. Money needs to be removed from politics and we need enforcement of anti-trust laws.
Governance only works when it represents the people, that is not what this government does right now and no amount of electing the right candidates is going to fix that until we have those two issues addressed.
forgetfreeman 19 hours ago [-]
What's really wild is 9 times out of 10 when you back a crypto-libertarian into a rhetorical corner far enough to get them to drop their pretenses what you're left with is "OMG YOU ARENT MY DAD" is, at least in their mind, a cogent political philosophy.
hunterpayne 18 hours ago [-]
Your post says far more about you than libertarians. Remember, every time you give the government a power, you are creating an avenue for corruption and by design putting someone who probably isn't qualified in charge of decisions they lack the experience to make reliably. There you go, a simple argument that increasing government power has a drawback that you never consider. And that's why you post says more about you than anything. Such an extreme position is impossible to defend and anytime you try either a) the person you are debating isn't very skilled at debating or b) you are just being stubborn and ignoring facts and arguments you don't like. I suspect its B.
forgetfreeman 15 hours ago [-]
And every time you remove legislation you open up entire new vistas of corporate depravity and as the last 40 years have comprehensively demonstrated, "market forces" are not a viable replacement for legislation. Increasing government power is a liability only and solely when folks make a habit of electing incompetents and the corrupt. Governance as a concept is fine, what you're actually arguing for is better politicians.
kyledrake 9 hours ago [-]
Having the government burrow into your Linux install like North Korea is totally fine as long as the people doing it are competent and not corrupt!
tardedmeme 7 hours ago [-]
telling Debian it should ask you during setup whether you're over 18 (which you're allowed to lie about) is the same as North Korea now?
kyledrake 7 hours ago [-]
"telling" is a really curious euphemism for forcing volunteer Debian developers at gun point or they'll get thrown in jail. People in recent history seem to have forgotten that this is how governments enforce laws. If it was not, why would anyone bother obeying the laws if they didn't like them?
Governments are dangerous monopolies on force and the use of that force shouldn't be casually tossed out like candy at a parade on crap like this. If it doesn't matter if you lie, what's the point of even doing this, to prove that we're insane? Or is it the pretext for requiring a remote server id carding service in the future under that guise? Keep driving down this road and you end up with an end game that looks a lot more like North Korea than a free society with limited government.
tardedmeme 4 hours ago [-]
The law defines it as a product quality issue. Meaning you can return it for a refund and a company that keeps selling broken products may be ordered to recall them or to stop selling them until they're fixed. You can't go to jail for selling broken products, and this doesn't apply to free software since it's free and has no warranty (which is only allowed because of the fact that it's free.).
Do you think the rule that children's toys can't contain lead is equivalent to living in North Korea? That's the same kind of law as this one.
You also have a lot more flexibility to negotiate on product quality. If you have a good reason why you can't meet normal product quality standards because your product is sufficiently different from the normal products in that category, you can usually put a prominent warning label on it to cover your ass and then you're fine.
kyledrake 2 hours ago [-]
> The law defines it as a product quality issue. Meaning you can return it for a refund and a company that keeps selling broken products may be ordered to recall them or to stop selling them until they're fixed.
And if they refuse to do all of this and resist, what happens to them? If you want a sample, stop paying your taxes, stuff your money under your mattress and see what ultimately happens. Just because our government is slow, stupid and incompetent doesn't mean that they don't use the same mechanism of action.
I would love to get into why looking at porno is not even in the same universe of danger as lead poisoning, but I've spent weeks trying to explain harm comparison to people that genuinely think high schoolers using social media is the same thing as them using cigarettes and heroin and I'm just exhausted.
mikestorrent 21 hours ago [-]
I agree with you, as a longtime free speech believe.
but... I would also like to keep my kids from seeing the very worst of the internet before they're ready to handle it. I tried using a PiHole but Firefox DNS-over-HTTPS nullifies that now. It's not realistic for me to be watching over their shoulders 24/7; what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
Bender 21 hours ago [-]
Unbound DNS if compiled with --with-libnghttp2 can listen for DoH and your Unbound/Pihole can forward to any destination you desire. This is what it looks like on my firewall:
# https://doh-int.mydomain.net/dns-query
interface: [ip of lan port]@443
interface: [ip of wifi port]@443
https-port: 443
http-max-streams: 220
tls-service-key: "/etc/unbound/keys.d/unbound_server.key"
tls-service-pem: "/etc/unbound/keys.d/unbound_server.pem"
Null routing the open DoH resolvers is just having a startup script that reads a list of all their IP addresses and
ip route add blackhole "${IP}" 2>/dev/null
People will argue that DoH can run on anything which is true but all the major resolvers will always use dedicated IP addresses as to not risk blocking CDN end points.
If the childs account is not able to gain admin privs then their ability to change settings can be disabled.
anigbrowl 20 hours ago [-]
99% of people have no idea what this means, but they do understand voting.
Bender 20 hours ago [-]
Yup I was just replying to the .001% that was discussing it. Please do reach out to your congress people.
anigbrowl 20 hours ago [-]
OK but we're talking about a general social problem (parents understandably don't want their kids corupte dby adult stuff, and some adult services vendors are unscrupulous but the internet makes it easy for them to hide.
I personally think this current version of the legislation is a good compromise. Tech workarounds are fine for the few of us that understand the relevant technology (though I have never bothered to compile DNS in my life and have no plans to do so in the future), but they are simply not practical for most people. Every time I hear someone suggesting this sort of thing I find myself tempted to say 'why worry about legislation? If you don't like what it mandates you can just write your own operating system.'
Of course this would not be helpful because writing your own OS is extremely hard beyond classroom/toy examples. And likewise, tech workarounds and even parental controls are hard for most consumers - partly by design. I have an xbox console and have been trying to figure out why it keeps freezing on certain apps for months now. I suspect a telemetry problem but it's just a guess, there isn't really any way to look at logs so it's a trial and error process because most consumer hardware/application vendors want their products to be black boxes.
shevy-java 20 hours ago [-]
> I personally think this current version of the legislation is a good compromise.
I don't think it is a good compromise. It seems to cover the wrong use cases.
My use cases have nothing to do with children on any level. Why would I want to submit to government restrictions? That makes zero sense.
It's as if the right-to-repair-movement would suddenly be undermined by a lobbyist advocating how restrictions are great. Or Jackie Chan suddenly praising the sinomarxist mono-party.
anigbrowl 19 hours ago [-]
I'm sure than intelligent person like yourself understands that a lot of voters have kids and prioritize feeling that their kids are safe, even if those feelings are not always grounded in rationality. Most people shy away from complexity.
qdotme 16 hours ago [-]
Yes, but equally so, some intelligent voters (who might've moved out of CA by now, as moving might be the best way to solve that disconnect) might also believe that we should be living in a Republic (and the government should not impose majority-favoured restrictions to the detriment of minority) rather than unrestricted Democracy. .
saghm 10 hours ago [-]
> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
The better question is "Why do I need to give up privacy on my devices that no children ever use and are used for all sorts of mundane things that are entirely unrelated to what you're trying to protect your children from to solve this problem?" The solution being proposed here is to require ID checks at the OS installation level; this would be like requiring me to flash my ID when I walk out of my house because kids would have to go outside if they were going to try to buy alcohol.
feelamee 7 hours ago [-]
> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
> before they're ready to handle it
You can restrict any access for the network to them. Extra bonus, this will save your child from addiction.
71bw 3 hours ago [-]
...unless they go and visit Mikey over the fence, whose parents are cool unlike you and let him – willingly or not – wank to hardcore porn at 11.
grim_io 21 hours ago [-]
Well, you can't.
Like no past generation could stop their kids.
JumpCrisscross 20 hours ago [-]
> no past generation could stop their kids
Past generations absolutely protected their kids from cigarettes and alcohol. A gate doesn’t have to be 100% effective to have net benefits.
saghm 10 hours ago [-]
Yes, but when I go to the grocery store, U don't buy alcohol or cigarettes (because I don't drink or smoke), and no one cards me. Even if I never accessed a single site like the ones being described, and despite there being no kids who have access to my devices because I don't have any children, according to these laws every OS I install is required to force me to provide proof of my age. That's a huge escalation over any of those other checks, and I'd be similarly against any check that required anyone to present id to literally enter a store that happens to sell alcohol or cigarettes.
(Yes, you might get carded before you can go into a bar or a club, but we're talking about every possible device that can connect to the internet here; that's a lot closer to the grocery store than a bar or club terms of how much of a staple this is for most people's daily lives at this point. Cutting off my ability to access to my bank account, contact doctor, or pay my bills should not be something that should require additional steps because my devices which no children ever used could theoretically be used for a child to try to watch porn).
JumpCrisscross 4 hours ago [-]
> but we're talking about every possible device that can connect to the internet here
I agree these proposals are garbage. But if everyone who can credibly say that is busy trying to block any age gating, this is what we’re going to get.
grim_io 18 hours ago [-]
I'm not saying parents shouldn't try.
But like your examples, it's not guaranteed to work.
Install a DNS filter. Firefox circumvented that? Smart kid :)
Censorship circumvention might be a good skill to have in the near future.
Auracle 12 hours ago [-]
> Past generations absolutely protected their kids from cigarettes and alcohol.
I'm sorry, but what? Cigarettes, sure. Alcohol? Binge drinking was absolutely rampant at my school, and I don't think I'm alone. Don't get me wrong, some parents just buried their heads in the sand, but unless you're giving them a breathalyzer when they get home and severely punishing them all the time it's pretty hard to prevent.
ImJamal 14 hours ago [-]
Well in the past there were laws banning the selling of cigarettes and alcohol to minors. Selling alcohol to a minor can cause you to lose your liquor license. With much of the online content being free and not involving a physical product it has become significantly harder for a parent to protect their children.
kelseyfrog 20 hours ago [-]
If one kid is able to bypass the system it means it's zero percent effective. Same thing with alcohol, and cigarettes. Especially if it means I have to show my ID to buy those things.
JumpCrisscross 17 hours ago [-]
> If one kid is able to bypass the system it means it's zero percent effective
No. Like, obviously no. That’s not how effectiveness is ever measured.
smelendez 19 hours ago [-]
It feels more complicated.
Some kids getting access to booze here and there with planning and coordination is different from kids walking into a liquor store or bar whenever they want.
kelseyfrog 19 hours ago [-]
It's literally all or nothing[1]. Either measures are 100 percent effective or they are completely broken and should not exist.
There is never a simple solution to a complex problem, although there are many complex solutions to simple problems.
dijksterhuis 19 hours ago [-]
are you… are you /s-ing right now? it’s unclear to me whether you’re being satirical/sarcastic or not and i want to check before i point out a thing.
ziml77 17 hours ago [-]
Shit thanks for pointing that out. My door lock isn't 100% effective at stopping thieves, so I guess I can get rid of that annoying thing. Will be nice to never worry about being locked out again!
19 hours ago [-]
ImJamal 14 hours ago [-]
Guess we should get rid of murder and rape laws, right?
dylan604 21 hours ago [-]
Just like no past generation had so much information so readily available. One quick quip can always be rebutted by another quick quip, but it doesn't really move the conversation along in any meaningful manner.
fc417fc802 15 hours ago [-]
That's an interesting problem. Even if you have full control over your children's devices they can still simply toggle the DoH feature back on unless you do complicated enterprise style device management things.
However DoH isn't obfuscated and in order to operate the list of resolvers that firefox uses must be published somewhere. It follows that you should be able to filter the major DoH providers at your gateway.
trinsic2 17 hours ago [-]
Support getting rid of Citizens United and support your representatives to support enforcing antitrust.
This is the main problem that needs to be addressed. Everything else is just a byproduct of it. If you support the by product of what was created by conditions that are not being address, you only make the problem worse.
fhn 20 hours ago [-]
You but them smartphones, tables, laptops, and internet access and then complain there is too much access?
ObscureScience 20 hours ago [-]
Yeah, why should it not be desireble to give them access to the good properties of such devices and the internet?
pluralmonad 20 hours ago [-]
What are the good properties that justify giving kids smart phones?
71bw 3 hours ago [-]
How much of your current knowledge would you simply lack were it not for the Internet?
catlikesshrimp 21 hours ago [-]
If your kids are in the smart 1% who can bypass your authority, they will. Be proud. For the rest, we don't need a police atate
malicka 21 hours ago [-]
You could block the default DoH services for Firefox, I reckon.
shevy-java 20 hours ago [-]
You describe a use case for you. That's fine.
Here we talk about use cases for EVERYONE. I don't see how your use case is fine for me, because I personally do not agree with it on any level at all whatsoever. You believe in restriction. I don't. There is no common ground here.
> It's not realistic for me to be watching over their shoulders 24/7
Is this your job? At which age will you stop monitoring them?
> what can I do to keep them away from stuff 99% of people agree isn't for children to see
99%? Where do you get those numbers from?
Besides, what stuff anyway? Even then the issue isn't about your kids. It is about laws for EVERYONE.
cyberax 21 hours ago [-]
> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
Nothing. VPNs exist (including free ones), some of classmates will have unlocked devices, etc.
Next question?
Bender 20 hours ago [-]
Teens for sure bypass all restrictions. Teens are young adults. My suggestions are for small children. Once a small child evolves and adapts to their surroundings, they too will one day bypass things. Reward them when they do this, it means they're smart and you did a good job.
fhn 20 hours ago [-]
block all VPNs?
harshreality 20 hours ago [-]
A lot of us who grew up pre-social-media agree in principle.
What it fails to account for is that today's internet is qualitatively different from the pre-social-media, pre-smartphone internet. The vast majority of the internet audience, too, is qualitatively different. Incentives are misaligned for an average parent who might want to keep a tight leash on smartphone internet access for their kids, when attempting to do so will generate fierce opposition from their kids and leave them socially out of the loop.
reddalo 20 hours ago [-]
People also wanted to smoke cigarettes but they got fierce opposition from their parents. That's what parents should do.
Maybe we should teach parents how to be parents instead of imposing draconian age checks (read: mass surveillance).
infinitezest 20 hours ago [-]
Aren't there laws against selling tobacco to minors? And advertising to them? Your analogy is supporting the opposite conclusion.
iamalizard 20 hours ago [-]
In some countries they scan you ID and likely keep it some database when you buy drugs or enter bars or clubs. In others they just look at your ID card if you don't look old enough.
The first example is bad, the second is tolerable.
But the reason most kids don't smoke is that the parents and the teachers instilled in them that it was bad. If a kid wants to smoke or drink, they can surely get an older friend or a friend of a friend to sell them the cigarettes or alcohol. Anyone can buy 20 bottles of hard liquor and 50 packs of cigarettes, sell them to a 15 year old who can then sell them to their friends. That doesn't happen often not because a surprise police raid will show up and bust the seller but because there isn't enough demand. If there is demand from the kids and the parents don't care, kids will get their hands on drugs. Maybe not 9 year olds but certainly the teens.
kelnos 14 hours ago [-]
> But the reason most kids don't smoke is that the parents and the teachers instilled in them that it was bad.
Big honking "citation needed" there. I think it's far more likely that laws against advertising to minors, and tightening enforcement of prohibiting the sale to minors, is what did it.
On top of it all, smoking has decreased among adults too. Part of that is certainly cutting off a big chunk of the teen-to-adult smoking pipeline, but part of it is also just that adults don't think it's so cool anymore (and "going out for a smoke" is no longer a social or even professional activity), and are more aware of the health risks.
wizzwizz4 20 hours ago [-]
Laws like that are sensible – and, in fact, already apply to the internet, too. Age verification doesn't help with that.
forgetfreeman 19 hours ago [-]
Well lack of age verification definitely isn't fixing anything either so what's they play here? We all just collectively as a society just shrug like oh well, no fixing any of that?
wizzwizz4 18 hours ago [-]
No, we should take measures that actually address the problems that exist. Problem numero uno: the Big Tech companies are creating systems and digital environments that are hostile to everyone (of which children are a subset), compelling everyone to use them, and punishing those who attempt to get away. We cannot fix that by merely dictating terms, especially if those terms are such that only the Big Tech companies themselves could possibly know enough to enforce the terms.
forgetfreeman 15 hours ago [-]
Ok we might be in violent agreement here but so far I've yet to see anyone put forth anything like a serious plan to dismantle Big Tech, which clearly indicates that "triage legislation" half measures are the only thing currently on the table. I see little sense in letting perfect be the enemy of good.
wizzwizz4 10 hours ago [-]
https://airesistlist.org/ (currently down: see the Internet Archive) has links to several concrete projects, including https://di.day/en (see also, https://european-alternatives.eu/, https://switching.software/). The IndieWeb (https://indieweb.org/) and the Fediverse[1] are both movements to take back parts of the internet. We can all make small changes in our lives: what would you do, if you refused to acknowledge the existence of Big Tech, and needed to choose another approach? And can you do this, in practice?
Low-tech Magazine (https://solar.lowtechmagazine.com/) has enough articles to publish a thematic book, “How To Build a Low-tech Internet?”. There are other books with concrete proposals: pretty sure Cory Doctorow's published a few (Chokepoint Capitalism, also by Rebecca Giblin; Enshittification; possibly others). You can read these if you would like. But the important part is using and maintaining credible alternatives, reducing both our dependence on and support of these companies.
[1]: although more work is needed to reduce the addictiveness / increase the user empowerment of Fediverse UIs (which are largely modelled on the corresponding Big Tech social media systems): websites are still the way to go, if you can.
RHSeeger 20 hours ago [-]
This seems like a poor example, because we _also_ made it illegal for minors to buy (and smoke?) cigarettes.
reddalo 4 hours ago [-]
It's also illegal for minors to watch adult movies. It's already illegal. Age verification is just an additional step that won't stop minors that really want to watch porn, while creating a 1984 style database of people and their sexual interests.
Bender 21 hours ago [-]
I agree fundamentally and ideologically but we are past that point. The toothpaste is already out of the tube as they say. There will be restrictions so all I can do is suggest more sensible restrictions that keep the control on the client side and do not share data. Any data shared can and will be abused, leaked, sold, stolen without consequence.
shevy-java 20 hours ago [-]
We are not past the point at all. Any democracy can ultimately decide on laws and regulation. Why would you wish to insinuate otherwise here? California could easily decide to not implement such laws, for instance.
That data leaks out is always a given. So, gather less data. Ideally none. But this is not a discussion about data. This is a discussion as to what state actors think they are allowed to do. It is an attack on private life of people. See the combined strike against VPNs.
hunterpayne 18 hours ago [-]
Please remember that there are CA state policies that the voters voted to overturn (in a referendum) and the current CA state government refuses to do so. California voters decided. The California government un-democratically decided to ignore the voters against their own laws they themselves passed.
PS I'm referring to bail reform here.
PPS Just trying to frame what the CA government thinks its allowed to do which is apparently anything it wants.
Bender 19 hours ago [-]
We are not past the point at all.
I can only hope you are correct.
saghm 10 hours ago [-]
How and when did we decide that we were past that point? I don't remember being consulted
AdrianB1 21 hours ago [-]
I heard that lie about "sensible restrictions" so many times, now I am waiting for "sensible violence", "sensible beating to death" and so on. It is a false argument that "there will be restrictions so all I can do is suggest more sensible restrictions", what you can do is recognize that "no restrictions is an option".
It is like negotiating with a terrorist that wants to kill you and this is his starting position and then he wants to agree on some compromise, like seriously beating you. There is no negotiation.
Bender 21 hours ago [-]
No harm in pushing for no restrictions at all. I support this idea.
No we aren't. Also you can put toothpaste in tubes or it wouldn't be in there. Hope that helps!
jrmg 20 hours ago [-]
Are you also against age limits for the purchase of alcohol, cigarettes, pornography etc?
anigbrowl 20 hours ago [-]
Filed with nobody should be bad and essential services should be free
JumpCrisscross 20 hours ago [-]
> No such mandates should take place at all
How do you propose doing age restrictions for social media?
These are broadly popular. (And the evidence supports them.) They are happening. So the question is how to do it best. The project for reversing the consensus isn’t worthless. But it’s a long-term project that will have to bear fruit after these restrictions go into effect, if ever.
Longlius 6 hours ago [-]
>These are broadly popular
The idea is broadly popular but the second you start asking about implementation details (ie showing your ID to post on the web), the actual approval percentage tanks down to the single digits.
But you knew that which is why you construct this rhetorical motte-and-bailey about it being "broadly popular"
JumpCrisscross 4 hours ago [-]
> the second you start asking about implementation details (ie showing your ID to post on the web), the actual approval percentage tanks down to the single digits
Source?
> But you knew that
I genuinely don’t. I don’t think many electeds do, either.
The playing field is currently lots of angry non-technical parents looking at Silicon Valley leadership not doing anything remotely reassuring when it comes to taking care of their children. And then a good fraction of them being drawn into a proper pantheon of idiot conspiracy theories. (They’re really stupid.) I would love to see polls considering implementation details because that would at least imply somebody is thinking of them.
Right now, honest answer, I don’t think anyone in government is. Electeds see an easy win—or more accurately, a patchwork of angry, mobilized voters they can scoop into their election-year campaigns with a rushed-out bill that pins them to the issue but which neither they nor those voters really have the technical chops to parse.
Best case, we get tripe. Worst, the process gets hijacked.
20 hours ago [-]
saghm 9 hours ago [-]
There's also broad popular support for raising taxes on millionaires, legal access to abortion, and cheaper healthcare, all of which are at least as important as the issue of kids using social media without restrictions. If the premise is that we should solve them with whatever solutions we can come up with unless everyone agrees on something better, I'll look forward to the upcoming laws that tax capital gains the same as income, enshrine a woman's right to choose, and to establish Medicare for all. When those all take effect, I'll accept your solution to mandate ID checks on every device I own, but until then, this line of argument is nonsensical.
bijowo1676 20 hours ago [-]
only parents can decide for their own children, so you can do whatever you want for your own children
JumpCrisscross 20 hours ago [-]
> only parents can decide for their own children
Voters are collectively deciding for all of our children. And there are absolutely group dynamics that require cooperation. It’s why rich communities ban phones in classrooms while in poor communities, the one family that tries doing it alone is probably going to be less successful.
Again, I’m not saying you’re fundamentally wrong. Just that this debate has been had and the polling is massively in favor of bans for under-14 year olds and strongly in favor for under-18s. (And to the degree I’ve connected with electeds, the folks calling in and writing were almost 100% one way. The civically-engaged electorate is practically at consensus.)
bijowo1676 15 hours ago [-]
we are not collectivist/communist country to have a "muh gubernment" rule and dictate over every little thing.
I want government bureacrats, empowered by the stupid median voter, to be as far away as possible from things that I (and any other parent) are perfectly capable of solving by ourselves.
I want more freedom
JumpCrisscross 11 hours ago [-]
> I want more freedom
Sure. Call your electeds next time this comes up. Right now, the ship has sailed. Jurisdictions are debating methodology.
bitwize 19 hours ago [-]
Lolberts often underestimate the power and utility of collective action.
bijowo1676 15 hours ago [-]
lolberts know the IQ of a median voter and how federal big government abuses its power without delivering on what was promised
JumpCrisscross 17 hours ago [-]
> Lolberts
Huh?
miki123211 1 hours ago [-]
Three things:
1. This assumes that websites are under your jurisdiction and can be fined. This is not a valid assumption on the internet. If you want to do this, you need a framework to block noncompliant websites via ISP-side null-routing, putting pressure on payment processors and hosting companies which do operate in your country etc.
2. HTML tags and not HTTP headers. If just a small part of the site contains content which shouldn't be displayed, the web browser should just hide that part.
3. Sometimes, it is genuinely useful to know the user's restrictions ahead of time. Imagine you're a movie streaming site or game store. You have some content which is suitable for the user, no matter their age, but you need to know which bracket they're in to decide what to show them. Without that info, you either default-adult (which sucks for children) or default-child (which sucks for adults).
raxxorraxor 48 minutes ago [-]
No, I don't think any of that follows from that. The header can be set in the initial communication attempt. It is even more specific than any other mechanism to verify your age, because this header can be set appropriately for any web resource.
The problem of hosts in countries that don't give a shit is true for every solution aside from the great all blocking firewall no developed nation would want to have. So no to "ISP null routing" from me. ISPs provide infrastructure. They are not school teachers.
Such a solution implemented today would be tunnelled yesterday and everyone should support evasion attempts.
pkphilip 12 hours ago [-]
However, this is not about age verification or protecting children. That is just the excuse they are using.
If Meta, Google etc could easily have algorithms in place for determining the age of the person seeing the video - apart from having the override capability via a parental login as you have stated.. but these platforms have consistently refused to limit the type of content they are showing to children.
maccard 8 hours ago [-]
YouTube has this. It’s YouTube Kids. You can argue all day over whether it’s good enough but they do have this offering.
bawolff 9 hours ago [-]
> The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside....If a site is not adding the RTA header then progressively fine them into oblivion.
Seems like this would incentivize just all sites to have the header regardless of if it meets the definition since you get fined if you dont but no fine if you have the header unneccesarily.
Especially if your definition is contains user contributed content. That is all sites with a comment field. What really is left? I'm not sure i have even visited a site in the last month that wouldn't fall under this.
raxxorraxor 10 hours ago [-]
That is the only real solution. It removes the lobbyists with their bad verification schemes and untrustworthy software. You don't need untrusty flaggers or untrustworthy official authorities. In no way can nations be responsible enough to not attempt constant sniffing attempts. My nation couldn't keep itself from spying of corona app users.
This can also be broadly implemented, any other technical solution won't be widely spread anyway.
I don't think authorities care about child protection though. They could have legislated malicious advertising practices and a lot of similar bad influences, but didn't.
jahnu 22 hours ago [-]
Has this idea been discussed when drafting legislation? I mean are they aware of it but dismissed it for any reason or no stated reasons?
Bender 22 hours ago [-]
I've emailed politicians as have others but only received boilerplate thankyou's. I suspect the real reason is kick-backs but they will never admit it.
No harm in people reaching out to their politicians state and federal. The more people that bring it up the better. Let them know your childrens data will not be shared and when the data is leaked you will hold the politicians accountable.
maccard 8 hours ago [-]
I’m not in the US but assuming everyone who disagrees with you is receiving kickbacks is a bit much. I agree this is a terrible idea and doesn’t make sense past a few seconds of thinking but the reality is it’s very popular with an awful lot of people.
SilverElfin 21 hours ago [-]
Yep, they get funding from companies like meta and their insiders
reddalo 20 hours ago [-]
Exactly. More laws about internet services = less new competitors coming into the market, because the barriers to entry are too high.
Bender 20 hours ago [-]
Well, if the concern is they might miss out on revenue from a small child accessing their site and they are not a child specific site then perhaps they should be pushed out of the market one way or another.
reddalo 4 hours ago [-]
No, what I mean is that adding a lot of laws to let websites be legal (age verification, GDPR, etc.) adds a huge burden and that prevents new small websites from even existing.
kelnos 14 hours ago [-]
How does this work for mixed-content sites? Like say a minor visits a video sharing or social media site and the default feed/recommendations list includes stuff that should be age-restricted, but is mostly stuff that shouldn't be.
The entire site shouldn't be blocked; the browser needs a way to tell the website "my parental controls are enabled and I need to you to filter out age-restricted content".
Alternatively, the RTA header/meta could include a parameter/attribute for an "alternate URL" to load when parental controls are enabled. This could be useful to allow sites to present a custom error-type response, but could also be used to automatically redirect the user to similar, but age-appropriate, content.
Anyway, this all ignores the fact that "protect the children" isn't really the goal here: it's to slowly eat away at our ability to be anonymous (even read-only anonymous) on the internet. Age verification is just a watered-down way of saying they require positive identification, and eventually our hardware will have to cryptographically attest we are who we say we are. I really hope this isn't inevitable, but it's starting to feel that way.
kleiba2 7 hours ago [-]
This assumes that the goal is child protection, while the actual goal is user profiling and ad revenue.
tardedmeme 8 hours ago [-]
That's basically what this law was though. Are you cheering for them removing the law that said exactly what you wanted?
skybrian 22 hours ago [-]
I largely agree, but the RTA header doesn't seem to be good enough for most websites to use. When a website wants to block browsers with parental controls on, but it isn't porn and it shouldn't be blocked by SafeSearch, what do they do?
They stop trying to put everything in a different category and treat RTA as the person under the age of consent must get approval from their parent or legal guardian. Keep it simple.
skybrian 21 hours ago [-]
That's too simple to get much adoption. It's unreasonable to expect websites to drop out of Google search.
inetknght 21 hours ago [-]
> It's unreasonable to expect websites to drop out of Google search.
Google's doing that for them though.
Bender 21 hours ago [-]
Google and others can adapt. RTA header? Added to potential adult or user-contributed category.
skybrian 20 hours ago [-]
I imagine Google wants to distinguish between websites that want to be blocked by SafeSearch, versus websites that want to be blocked when parental controls are on? There's no reason to leave that ambiguous. Plenty of adults have SafeSearch on.
Defining a new header isn't hard; the hard part is getting consensus and adoption.
Bender 20 hours ago [-]
For what it's worth this header has been around for a long time. It's predecessor (PICS ICRA) was too complicated and started using topics. After a while they added so many topics that even being an abbreviated header it was still massive and confusing. There were websites that people could select all the topics and what not but even then the adoption was low due to complexity and topics constantly changing on sites.
Are today's videos beheading's without blood, with blood, with or without anguish, with nudity, without nudity, etc... After a while it gets out of hand.
It turned out the internet was too dynamic so the RTA header was created to just say "adult".
Correct. Until parent or guardian puts in password next to the text that says "Approve this site, forever."
You gave me an idea. Maybe there could be categories similar in concept to those that exist in corporate firewalls today that say things like:
- News Category (Known to be SFW)
- News Category (That may be NSFW)
- Child friendly sites
- Social media sites
... and so on.
This could be crowd sourced, ideally in a way that can not be gamed. The masses could flag/report false claims. That, or just keep it simple. ad-hoc input of permitted sites by parent.
dotancohen 19 hours ago [-]
What is [N]SFW under your definition? I don't think anybody has a problem with children seeing an adult heterosexual couple kissing, but what about a teenage couple? A homosexual couple? A mixed-race couple? A couple with a 40 year age gap? Audible moaning? Groping under clothes? Implied but not explicit hands touching genitals? Dripping saliva and face licking?
The problem with defining categories is that artists will do their best to defy categorization. That has been the nature of art for as long as humans have been making art.
Bender 19 hours ago [-]
What is [N]SFW under your definition?
I do not have a proposal for that. I'm only covering the issue of sharing any personal attributes of a child or anyone with any corporations as they have proven time and time again they can not be trusted with it. If anything they have proven beyond any shadow of doubt they can not be trusted with anything.
I will leave the NSFW definitions to yourself and others. Since the W stands for Work I guess company management and HR get some say in it too. I don't know where they get their standards from.
Ages ago I worked for a company that hosted porn and their standards were uniquely liberal.
lazyasciiart 21 hours ago [-]
This is a terrible idea and your proposed society is terrible. It doesn’t matter if it’s safe for work; you asked to identify sites with content that can change. Either the parent has seen and approved the content or not.
Bender 20 hours ago [-]
This is a terrible idea and your proposed society is terrible.
I think I know what you meant and sure we can keep it simple. Site is approved by a parent or it isn't.
teekert 10 hours ago [-]
Well sure, such a solution may solve age verification elegantly, but does it serve the interests of the companies that pushed this bill?
ekr____ 21 hours ago [-]
> The only device mandates that should be taking place is for the default installations of web clients should be checking to see if parental controls are enabled. This only impacts the major browsers. An intern at each browser company could add this check in minutes. If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1]. If present, prompt for a override password and also give the option for the admin to approve-list the domain at that time. That's it. Not perfect, nothing is or will be.
It's useful to contrast this with the various device-based mandates that have been created in order to get a sense of what legislators seem to be trying to do. With that in mind, a few points:
* What you are proposing allows parents to opt in via parental controls, but age assurance mandates (both device-side and server-side) tend to require positive action to enter unrestricted modes. In some cases (CA AB 1043, for instance), this is just a matter of entering your age. In others, you actually need to demonstrate your age via some technical mechanism.
* While many age assurance mandates focus on adult content, which is primarily consumed via the Web, others (e.g., Australia's Social Media Minimum Age) focus on social networking, which is primarily consumed via apps, so anything that is Web only will not be effective.
* Site-level granularity isn't really fine enough in some cases. For example, the New York SAFE for Kids act prohibits certain behaviors such as algorithmic recommendations when a user is a minor, but doesn't require blocking minor usage entirely. It's potentially possible to implement this with something like RTA, but it would have to at minimum be at much finer granularity.
None of this is an endorsement of age assurance techniques; I'm just trying to help flesh out the situation.
> All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion.
It's a bit late for that, given that around half of US states already have some kind of age assurance mandate.
Bender 20 hours ago [-]
It's a bit late for that, given that around half of US states already have some kind of age assurance mandate.
Perhaps late to solve this globally but parents can still install parental control software if they so desire and can still intervene locally to prevent sharing data with 3rd parties. At worst this means small children might not get to visit social media and other assorted sites and I am fine with that. I think a number of parents would be fine with that as well.
Sites can voluntarily label as some do. It just means that parental controls would have to default to blocking everything until approved and while sub-optimal maybe that's what people will have to do in order to avoid the evil pattern of sharing data with all the websites that will ultimately leak, or "leak", be sold, stolen, etc... Good parents will not participate in the evil patterns of sharing their children's personally identifiable information.
When the PII of children is ultimately shared with evil people the children once adults will resent their parents for not protecting them.
- To all parents here, your children have no idea what risks are out there including devious companies that want their data. They will one day be adults if all goes well. Protect your children as corporations and governments will not. They will thank you when they find out all their friends data was shared, leaked or otherwise abused forever.
ekr____ 20 hours ago [-]
I'm not following you here.
Certainly parents can install parental control software, but what does this have to do with children's PII being shared with sites?
Just so we're on the same page, the way AB1043 works is that the OS determines the user's age and then shares the age bracket with apps. No PII is shared with sites (this is not to say that the age isn't sensitive, but it's not PII as usually regarded). Is your concern here that sites get access to children's information because children visit certain sites regardless of legislation? That's a real thing, but it seems mostly orthogonal to age assurance.
Bender 19 hours ago [-]
Certainly parents can install parental control software, but what does this have to do with children's PII being shared with sites?
The parent can block or just never approve all the sites that require PII.
but it's not PII as usually regarded
We will never agree here. All the companies I worked for financial considered any attribute of the person to be PII, even their IP address. We were audited very strictly on this. If a users age was disclosed to a third party without their written consent that was a contract violation and came with severe monetary penalties. Parents should expect this to be the minimum standard. It's their children, not the corporation or governments children.
ekr____ 19 hours ago [-]
Thanks for your explanation. I understand what you're talking about, but this all just seems to be entirely orthogonal to age assurance mandates, which are largely about controlling which content and experiences minors engage with, in many cases regardless of what parents want.
Again, this isn't an endorsement of these mandates; I'm just saying that what you're proposing here doesn't address the objectives that policymakers who are in favor of these mandates are trying to achieve.
Bender 19 hours ago [-]
doesn't address the objectives that policymakers who are in favor of these mandates are trying to achieve.
Oh trust me, I get it. They and I will never align. I know I am beyond beating the dead horse. It's gone from bone dust to micronized dust to sub-atomic particles to sub-quantum particles at this point. That poor horse will never be forgotten. Perhaps it is an illness on my part but I will find a way to bring this up every time until the year 2150 after which point this will be the least of anyone's concerns.
tzs 20 hours ago [-]
> If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1].
Your cite is an earlier post of yours which says
> The one and only method I will participate in is server operators setting a RTA header [1]
and that cites a still earlier post of yours
> I stand by my repeated statements of how this could have been solved simply using an RTA header [1]
which finally actually cites¹ something that explains what the heck on RTA header is.
It would be quite a bit more reader friendly to cite https://www.rtalabel.org/page.php rather than make the reader traverse a linked list of comments to get there.
A) Aren't you targeting a completely different problem than this law? It's my understanding that this law targets the collection of the age from the user. What the user agent does with that signal is a different problem, and seems to already be solved, except for the definition of "actual knowledge" which they are trying to establish here.
B) How would your RTA header intersect with content rating in different jurisdictions? What if the content is illegal for children in Turkey but legal for children in Kentucky?
Bender 21 hours ago [-]
For topic (A) I am suggesting to negate this behavior all together. No more sharing personal data. That evil-pattern must be stopped.
For topic (B) companies can set or not set the header based on GeoIP. Not perfect but GeoIP is already used in load balancers, web servers and applications.
delusional 20 hours ago [-]
For (A) we have nothing to talk about. I think we fundamentally disagree about how society functions, and we aren't going to knock that out over hackernews.
For (B), your proposal requires the website have a database over current rules in every country they would be accessible from. Would a website then, in your opinion, be responsible for the accuracy of this database? We have to presuppose an official GeoIP source that would then be legally binding and under democratic control, but given such a database, would a website serving a wrong header to an IP associated with a specific country then be committing a crime in that country? What would the punishment be?
Bender 20 hours ago [-]
For (A) I guess you are right, we won't agree. I do like your username however.
For (B) this is already a thing. Porn sites and already doing this. Instead of blocking a region I am proposing to stop blocking and instead the law permit them to just add a header. The only people I can imagine apposing this are commercial VPN providers.
delusional 19 hours ago [-]
> Porn sites and already doing this.
I think a better example might be places like polymarket (not allowed to operate in us) or usatoday (serves an EU only version with no cookies). The technical limitations on those systems are both GeoIP as far as I'm aware, and that seem sufficient for regulators.
What I find more interesting is that what you want is within the scope of this law. It's only required that the operating system takes in your age from an admin, from there the application (user agent/webbrowser) is supposed to handle the blocking, which it could do with a header as you suggest.
I will note that you are going to find a lot of libertarians that would oppose banning GeoIP circumvention.
Bender 19 hours ago [-]
Are small children losing money on gambling sites already? If so I have not been paying attention. That really needs to be reigned in as they are likely using their parents credit cards without their permission. We need to break that habit before they reach the age of consent and that becomes a punishable crime. Our prison system already has too many young people. That's an awful way to start.
idiotsecant 13 hours ago [-]
You make the mistake of solving the stated problem, and not the actual problem. This was never about children, or a solution like what you describe would be trivial.
themafia 22 hours ago [-]
> An intern at each browser company could add this check in minutes.
An intern could also just delete the product which would also "solve" this "issue". The fact that it's easy or cheap is not significant to the problem at hand.
> should be doing is setting an RTA header
Many sites will just set the header by default. Now you've created a problem.
> then progressively fine them into oblivion.
This does nothing. See: Ofcom vs 4chan.
> device mandates
Mandate that the device provide an API for child protection software. Then it's up to individual parents to decide to install that software or not. Then we also get competition in this market rather than relying on whatever solution an intern cooked up one day.
Bender 22 hours ago [-]
On the topic of 4chan [1]
Many sites will just set the header by default. Now you've created a problem.
I am not seeing a problem. Kids need not access those sites unless the parent or legal guardian approves it. Sites meant for children would not be adding the header.
> Sites meant for children would not be adding the header.
Is Wikipedia "meant for children?" Should they be fully denied access to it? Should Wikimedia be fined if they make a mistake? If they get fined often enough do you think they'll just turn the header on everywhere in order to avoid risk?
Replace Wikipedia with any other mixed content site you prefer.
Bender 21 hours ago [-]
Child specific sites would not add the header. Anyone else could. I add it to my hobby sites. Some porn sites already add it to their sites [1]. Shodan can't reach my sites. I do not want small children on my blogs.
Add it to any site not specifically meant for children, that is totally fine.
I must be stupid. Reword this so it makes sense to me. I can't even parse it.
Bender 22 hours ago [-]
- Site adds a header if they may potentially have adult content.
- Browser detects header. Prompts for local password to access site.
- Child does not know password, picks a different site or begs parent for access.
- This is now between small child and parent. No third parties, no tracking, no telling website the users age, no local or remote API's sharing data.
- At some point if all goes well the child will be an adult and will thank their parent for looking out for them when all their friends data was sold and abused.
pessimizer 22 hours ago [-]
Absolutely trivial and totally comprehensive solution, enabling adult content blocking at the account level, device level, network level, and the ISP level. Could even be expanded to any sort of content blocking, if you want to allow households to restrict access to vaccine critique or criticism of the king without violating the First Amendment or rooting everyone's devices.
The problem is that the point is to root everyone's devices. Anyone explaining how easy this is would be pushed out of the conversation as fast as if they were advocating for single-payer healthcare.
edit: I've been advocating the nearly identical but opposite solution - restricted access sites shouldn't respond to requests that lack an appropriate age/content restriction header. If they do, jail them.
They're literally going to have to do this anyway. Rooting people's devices to force them to lie about their age when they install their operating system is an absolutely fake pretendy solution; the only way it works is if you have to verify your age with some government agency when you install an operating system, in order to make that OS age official. The point is the identification.
Bender 18 hours ago [-]
Imagine having to police the OS installations at everyone's home. It's dangerous enough to serve warrants to known felons at known locations. I would not want to be the paramilitary officer going door to door having to be ready to flashbang the family or worse. I don't know if there are even words to describe the PTSD that all the enforcers and families would have. Someone in North Korea probably has the words to describe this.
salawat 21 hours ago [-]
No. That requires information disclosure to a third party. The point is enabling device admins better control over local device behavior. We're trying to keep conscientious parents able to do their thing. Not further enable the ability to manage the populace with official registries. If a kid can figure out how to install their own OS without their parent's help, odds are the kid is with it enough to start dipping their toes in the deep end. Or at least until they out themselves in front of their parents. In that case though it's a home problem, not a rest of the Internet problem.
It's still a stupid unconstitutional law, but I see what the aim is, even without strawmanning it.
wizardforhire 22 hours ago [-]
Thats crazy talk, how are we gonna build a database of computers tied to physical identification of users by which we can monitor, control, and monetize… you’re saying parents should be responsible for their children? How is the state going to be able to exert more control if it doesn’t have ubiquitous surveillance of it’s population!?
/s
tzs 17 hours ago [-]
As usual 95+% of people commenting have no idea what is actually in the California law, and so are commenting about things that have nothing to do with it.
Different states, countries, and multi-country organizations that have legislated in this area or are working on legislating in this area have went with many different approaches. These differ in their scope, how age is verified (or even if age is actually verified), what documentation is required (or even if documentation is required), whether they apply to the web or to apps or to both, whether they make anonymous use harder or not, how much if any sensitive information they disclose to the apps/sites that need to check age, whether they could allow government to track your usage, and in other ways.
Most ridiculous are the comments that after saying how bad it is (clearly talking about things not in the California law) then say how it should work and describe something close to the California law.
abustamam 16 hours ago [-]
It's not out of the ordinary for folks on HN to discuss the general subject of a topic and not the exact contents of TFA. The article tends to just be a catalyst for discussions.
It is kinda silly to read comments that do what you mention at the end (have a seemingly novel idea to fix the issue at hand and their solution is the one from TFA). That's just embarrassing.
But I feel like the rest of the discussions are fair game.
bijowo1676 11 hours ago [-]
The age verification is coming from the Digital Age Assurance Act.
this act is pushed by the NGO 501c3 called Common Sense Media, their donors include Bezos, zuckerberg, and other rich people.
The same NGO also created a platform called Bandio that provides age verification services. How convenient.
Legislate restrictionist policy today that manufactures demand for age verification service, and then rollout the solution for $$$.
How convenient, muh free market capitalism.
Common sense media also earns $15 mln revenue from licensing its content rating technology.
throwthrowuknow 7 hours ago [-]
Magic, Inc.
neilv 21 hours ago [-]
Who is actually writing this very concerning California Internet legislation, which will ultimately affect the entire nation and world?
Did someone write California Internet legislation without consulting any California Internet companies?
Did some California Internet companies write California Internet legislation?
Did some other party write California Internet legislation?
pwg 21 hours ago [-]
If you go take a read through the CA bill text that "became law", you'll quickly realize that whomever did write it must live in a very narrow bubble where the only "computers" that exist in the world are tablet style cell phones, the only OS'es that exist in the world are Android and iOS, and the only way anyone installs any software on the only computers that exist is via an "app store".
Meanwhile, while the overall writing clearly indicates the author has a very narrow view of "computers", the definitions of the terms is so broad that every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
wtallis 13 hours ago [-]
> every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
Why do I keep seeing this bullshit exaggeration? It doesn't help anything to make such ridiculous statements. Nobody's microwave oven has an app store.
inetknght 13 hours ago [-]
> Nobody's microwave oven has an app store.
Meanwhile, Samsung refrigerators can have an app store.
oceansky 20 hours ago [-]
Meta alone spent 2 billion dollars lobbying for this worldwide, and it was a massive success, it's passing everywhere unanimously.
thesmtsolver2 19 hours ago [-]
Citation for this claim? Searching lands on this page without any citations and seems AI generated slop:
If I'm reading that right this covers all of Meta's state lobbying spending which is $45M + $25M federally and it's not all directly related to this age gating stuff, but general shaping anti-child exploitation policy?
> On every social media regulation bill in Colorado, Meta takes an "Amending" position, actively fighting changes. Across 117 lobbying records on 22 bills:
> Bills regulating social media: Meta position is "Amending" (fighting)
> The one bill putting the burden on OS providers: Meta position is "Monitoring" (watching)
> Meta fights bills that regulate Meta. Meta watches bills that regulate everyone else.
So their lobbyist choosing not to fight against the OS age gating is the big reveal.
thesmtsolver2 12 hours ago [-]
The link doesn't show what you think it shows.
sph 5 hours ago [-]
Yes, the source of these claims is AI slop from a new account with no history.
Aurornis 19 hours ago [-]
There was an AI generated slop report posted to Reddit that went viral. It even got some news coverage before anyone stopped to read the files and discover that it was gibberish.
I still get downvoted for pointing it out and trying to ground the conversation in facts. As you noticed the story continues to thrive on bad news sites and social media.
thesmtsolver2 18 hours ago [-]
> I still get downvoted for pointing it out and trying to ground the conversation in facts.
That seems right for current-day HN lol. I got downvoted for pointing out obvious inaccuracies in another comment.
Aurornis 20 hours ago [-]
Meta has not spent $2 billion lobbying for this or on lobbying altogether.
It’s amazing how that one AI slop project that made this claim got so many people to believe this number.
Spreading this disproven AI slop around isn’t helping. It just makes opposition look like uninformed conspiracy theorists who can’t fact check anything.
frm88 11 hours ago [-]
Meta is lobbying to get age verification installed at the OS level so that they don't have to bear the cost themselves. I know nothing of the $2B but the fact that Meta influences the legislation can hardly be denied:
During the meeting, Meta executives, including Antigone Davis, global head of safety, are understood to have argued that any age checks should be handled on a smartphone operating system rather than by the likes of Meta.
The bill was written by Buffy Wicks, who represents me in the State Assembly, who is very good on housing, transportation, and climate, and who should absolutely stay in her lane and not try to legislate platform APIs.
pizzafeelsright 21 hours ago [-]
No, no, and absolutely.
The bill is written 'do good, stop bad stuff by establishing a committee or group to make sure fund good stuff, bad stuff doesn't happen' then the law passes and lobbyists write the details that fund the programs that tax the people that generate the income for companies that donate to the politicians that sell their votes to the lobbyists and interest groups.
California politicians start with the end goal "maintain power, secure revolt, obtain capital, deny failure".
It goes beyond lying to your face. They will be convincingly genuine, heartfelt, while finding a way to extract as much as possible for themselves, by extension their party, by extension the 'government' and do absolutely anything to keep the illusion that you have a choice, a vote, and a voice.
I lived here my whole life. These politicians are evil. Lie, cheat, and steal - deny if caught, punish if provoked.
ErroneousBosh 8 hours ago [-]
> Who is actually writing this very concerning California Internet legislation, which will ultimately affect the entire nation and world?
Why would it affect the entire world?
One technological backwater is Having A Massive Sad over people using rude words on the internet, so they think they can tell everyone else what do to?
mpalmer 4 hours ago [-]
Bit rich calling US/CA a tech backwater when it comes to online speech.
zarzavat 21 hours ago [-]
A cynical person might suspect that the reason they are doing this is so that Linux developers don't have standing to challenge the law on 1st amendment grounds...
cucumber3732842 21 hours ago [-]
Nah, you're not cynical enough.
This is the classic "what we're trying to do is bullshit on a fundamental level so we're gonna just exempt random things until it becomes a niche issue and we can just do what we want and from there we'll just close all those exceptions over time" move.
Give it 5yr and you'll have idiots in the comments talking about how the "linux loophole" was a mistake and should be closed.
Source: history
seanw444 21 hours ago [-]
They're finally applying their 2A strategy to the 1A.
SilverElfin 21 hours ago [-]
That’s exactly what it is. It removes standing, and that is a major flaw in our legal system. We need significant changes to defend constitutional rights properly.
NewJazz 17 hours ago [-]
Remember when women kept suing for the right to get an abortion and the courts kept just waiting out the pregnancy? Something something sixth amendment...
ndsipa_pomu 9 hours ago [-]
Justice delayed is justice denied
anigbrowl 20 hours ago [-]
LEarn to take a win as a win. People who are unable to look at anything without seeing themselves being scammed are clinically paranoid.
jwitthuhn 20 hours ago [-]
It is an admission from the writers that this law is unrelated to safety and people should very loudly and frequently point that out.
If OSes that don't verify the age of their users are a genuinely unsafe for children, why should they be allowed just because they are open source? That doesn't seem to mitigate dangers associated with age in any away I can identify.
unparagoned 12 hours ago [-]
I think it just means that people using those OS simply won’t be able to access adult content.
likeclockwork 46 minutes ago [-]
All content is "adult content" unless specifically marked otherwise.
anigbrowl 20 hours ago [-]
Have you considered that the writers typically have legislative but not technical skills and are just trying to placate upset voters, without really understanding what the optimal solution could be? Reading this and other threads you can see therea re plenty of highly technical people who struggle to articulate what kind of policy they want or what kind of parental controls they want to set up themselves?
It's kind of a hard problem and legislators are inclined picking the lowest hanging fruit. Their primary concern is to not be smeared as child predators by their political opponents at the next election, eg "jwitthuhn voted to give gambling websites, pronographers, and pedophiles easy access to YOUR children - s/he OPPOSED age verification laws on internet sleaze!! Who's jwitthuhn really working for - you, or the people who want to exploit your kids?!!"
One can point out that such electoral pitches are dishonest bullshit until one is blue in the face, but the fact is they work on a lot of voters because most of them are not smart and don't have the energy or inclination to research every issue. And it is true that there are a lot of hustlers on the internet who are willing to either passively or actively exploit kids, and the anonymity, non-locality, and technical complexity of the internet makes that relatively easy to do and hard to prosecute. Legislators offer simplistic solutions because that's what a most of the public wants, and people often make their voting decisions based on emotional factors rather than cold rationality.
You don't need mustache-twirling villains saying 'let's impose burdensome techn regulations that perpetuate oligopolies and allow me to make another trillion dollars, a few million of which I'll send your way, mwhahahaha' to get shitty legislation (which is not to say they don't exist). It will emerge naturally by default if other conditions are right.
jwitthuhn 18 hours ago [-]
"One can point out that such electoral pitches are dishonest bullshit until one is blue in the face"
This is what I intend to do. To just let lawmakers get away with passing bullshit because "of course they will" is a defeatist attitude that I don't advocate.
That is why it is so important to be loud about this incredibly obvious disingenuous behavior. Make sure everyone knows the people advocating this do not care one bit about children's safety.
dotancohen 19 hours ago [-]
> One can point out that such electoral pitches are dishonest bullshit until one is blue in the face, but the fact is they work on a lot of voters because most of them are not smart and don't have the energy or inclination to research every issue.
That sounds like a suggestion that democracy should be limited only to intelligent or educated people, or people who have researched all relevant issues. I know that was not your intent, but it is an easy conclusion to come to from your stated perspective.
Democracy, like the free market, is viable only for informed participants. But once a certain large mass of participants are no longer informed - willfully or not - the system fails for all participants.
some_random 1 hours ago [-]
This would be a reasonable take if lawmakers hadn't been trying to scam us our of our rights since those rights were first put to paper.
bmelton 19 hours ago [-]
A bad law that only affects other people might be a win for me, but it's still a loss for society
9087653545 19 hours ago [-]
[dead]
jrmg 20 hours ago [-]
There is so much conspiratorial nonsense in these threads…
NoSalt 1 hours ago [-]
On a side note ... does anybody know where I can get one of those Tux plushies? The tag appears to say "Penguin Power ... https://www.PenguinPower.com/", but that doesn't resolve to anything useful.
softwaredoug 22 hours ago [-]
All this because public institutions have lost the will or capacity to regulate the companies. So they switch to burdening the consumers.
dylan604 21 hours ago [-]
Lost the will? How about paid to look the other way?
account42 8 hours ago [-]
It's hard for a politician to understand what his campaign contributions require him not to.
anubistheta 16 hours ago [-]
This is regulation from a public institution. Regardless of how such a resolution is passed, it will impact the consumers.
softwaredoug 16 hours ago [-]
It’s regulation on consumers, not companies
Banning or limiting addictive features like algorithmic feeds would be regulating the companies.
jeroenhd 11 hours ago [-]
They are regulating the companies. Apple, Google, and Microsoft are companies.
Desktop and mobile Linux is an extreme niche and alternatives to Linux are practically nonexistent. I'm not surprised law makers might not have known that there are operating systems not made by for-profit companies.
Refreeze5224 21 hours ago [-]
Another way to say it is that capital is operating as it always has: in its own interest.
layer8 20 hours ago [-]
Not just Linux. More specifically: “Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
NewJazz 17 hours ago [-]
I read the title and thought "BSD folk must be in shambles". Glad it is not as shortsighted as I originally thought.
mmooss 18 hours ago [-]
Yes, I wonder what false positives and false negatives will result from that definition. I suppose Microsoft permits corporate licensees to copy (to all their PCs and servers), redistribute (internally), and modify (by corporate software developers and also by sysadmins using group policy) the software.
Maybe it should say, the software 'code' - requiring open source code - and to do it all 'for free'.
lucas_t_a 3 hours ago [-]
there must be an reasonable assumption of what counts as such in the first place.
being modifiable and publicly available in both source and binary form sound like enough to me.
jrnichols 15 hours ago [-]
Linux will be exempt for now. I wouldn't be at all surprised to see them try to slip it through later. Legislators in California have learned over the years, and have carved out exemptions in bills such as gun control bills to get it passed, and later classified their exemption as a "loophole" to be closed.
giancarlostoro 2 hours ago [-]
I was hoping we'd see some "-CA Compliant" ISOs of Linux distros released (crackes me up thinking about it), it feels a little insane to me that we would force so many open source projects to check for a person's age.
givemeethekeys 21 hours ago [-]
Okay, let's flip it: why would Apple, Microsoft, etc.. agree with such a law? What would the trickle down be for browser makers and website creators?
pibaker 13 hours ago [-]
It's a classic case of regulatory capture. Only the biggest players can get away with fully implementing age verification — if Microsoft requires age verification to use its OS, most people will oblige. If HN starts doing that most people will probably just log off forever.
What is maddening is how often people think such laws are about limiting the influence of "big tech." Big tech isn't going anywhere because of these laws, you are.
shit_game 17 hours ago [-]
Hypothetically, preemptive market recapture? This could theoretically make foss OSs non-kosher for any suitably large market (websites, games, chat platforms, etc), and serve to force foss OSs into a niche where theyre technically capable of being personal desktop software, but practically unusable because of lockout.
crummy 15 hours ago [-]
Doesn't Apple already ask you for your age when you set up a new device? And I think Microsoft requires you to be 18 on your admin account.
ajnin 16 hours ago [-]
This is part of a large movement to end personal computing as we know it, and give all control over our digital lives to the mega corporations. It is already impossible to use some national ID or banking apps on non-Apple and non-Google phones. (say GrapheneOS), giving them an immense edge in the market, and they're using that domination to add more restrictions like installing non-play store apps on Android. This goes bit by bit, try to add a restriction, go back enough to quiet the backlash, try again. This new law is a foot in the door to achieve the same restrictions on PCs. PCs are the last open computing platform and bastions of personal digital freedom and thus they must be destroyed by capitalists and governments. Once the technical means have been put in place to restrict access to some services, the system can be hardened : impose that the age checks can't be tampered with by using a TPU module, impose a link to the individual's identity so that all online activity can be traced to anyone. Pretenses are easy to find : protect children, block sex offenders from accessing dating sites, and so on. At this point I'm pretty convinced we're geared towards a global totalitarian regime, and there's a lot of evidence.
sakjur 8 hours ago [-]
It really bums me out that I fully believe this is it.
Megacorps seize the demand for regulation (to regulate them) in order to write regulation that purportedly does that, but in practice mostly closes the doors behind them and cementing their stranglehold on society. For Microsoft, Apple, and Google it's a small thing to agree to age verification if that means all the potential competitors will have to do so too.
The cheapest time to shut down a competitor is before they get to market.
GuB-42 19 hours ago [-]
If it gets horny teenagers into free software, that's a good thing, I guess :)
unparagoned 12 hours ago [-]
I assumed it just means that you wouldn’t be able to access adult material at all on those os.
cortesoft 22 hours ago [-]
As a dad of two younger kids (7 and 10), I have been incredibly frustrated with the way age restrictions are handled across various services.
Really, my main complaint comes down to: I completely disagree with what these services choose to restrict for kids and what they allow.
They block my kids from doing things I have no problem with them doing and they allow things I would never want my kids to do in 1000 years. It is incredibly frustrating.
Often times, there is literally no way for me to bypass some stupid restriction they put on my kids, so the only way I can get it to work is to help my kids lie about their age… and at that point, I lose the ability to actually block things I care about.
These laws are just going to make it worse. I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself, and you can choose some presets for parents to use, but don’t force me to use your definition of age appropriate.
big85 21 hours ago [-]
> I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself
I agree. Parental controls have been the norm for thirty years. The adult who owns the device should have control over it, not Microsoft or California.
alpinisme 22 hours ago [-]
What tools would you want?
modeless 17 hours ago [-]
A pure whitelist mode, especially for video apps. Netflix, Disney, etc don't provide this because they want to push their new shows on your kids. YouTube does provide a whitelist mode, which I appreciate. But it's hard to find, poorly implemented, and blocks a lot of great content from being whitelisted. It's very frustrating to come across a great educational YouTube video and have big nanny Google block you from sharing it with your kids.
cs02rm0 7 hours ago [-]
And I only want one. I don't want to set it for every single app, with different nuances.
cortesoft 22 hours ago [-]
Honestly, I don’t have a perfect answer. It really depends on what the service is.
My main thing is I want to be able to opt in or out of various filters. I don’t mind if my kids want to listen to music that has swear words, but I don’t want them watching videos where they give horribly sexist pickup artist advice.
This isn’t just about what I feel is age appropriate, either. It is also about what I know about my kids.
My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her. On the other hand, my 7 year old is obsessed with scary things and I don’t mind if he plays zombie video games.
JoshTriplett 21 hours ago [-]
> My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her.
The difference between this and the usual "parental control" mechanisms is that what you're describing here is something the child wants to cooperate with, voluntarily. In which case, you don't need a mechanism that makes it absolutely impossible; you need a mechanism for helping them not see things they don't want to see. That's something some adults also want (e.g. tools for preventing oneself going to Facebook, or going to TVTropes for too long).
cortesoft 16 hours ago [-]
Honestly, this is how I feel about all content for my kids. I am not trying to stop them from seeing something they really want to see. I am trying to stop them from seeing stuff they don’t want to see.
Now, sometimes my kids might not know they don’t want to see something, which is where my judgment comes in… but I don’t (or at least have not yet, anyway) feel the need to block my kids from watching things they want.
Now, I have spoken to my kids about some things they watch that I have issues with. I tell them why I think the content is problematic and why I would prefer they don’t watch it. But it is always a conversation rather than me just telling them they aren’t allowed.
I have been happy with how my kids have handled these conversations, and haven’t yet found the need to enforce specific rules yet. Even when they watch some things I don’t like, I have found it has made for really effective conversations about my values and what I hope their values are. Some of those topics are too abstract to have without having something tangible (like a YouTube video or channel) to center the conversation around.
brandonmenc 16 hours ago [-]
This level of filtering is so granular and bespoke that I'm not surprised no one offers it.
blymphony 21 hours ago [-]
I'm as a big of a horror movie fan as you can find, and I'm completely dumbfounded by the jump scares marketing is allowed to show in trailers nowadays. IMO (coming from someone who is basically unaffected by jump scares), they've gotten more shocking in the past couple years.
themafia 22 hours ago [-]
The internet is too dynamic to build a working filter around. Perhaps just tools which help parents quickly and efficiently monitor their child's device usage would be best.
Do you want to alter behaviors or lock children in a gilded cage?
KolmogorovComp 21 hours ago [-]
maybe at 7 and 10 they shouldn't use device connected to the internet without your active supervision at all? What will they miss?
BeetleB 19 hours ago [-]
Maybe it's the parent's decision on whether they should or shouldn't?
cortesoft 16 hours ago [-]
All the best stuff is online, though. My kids have found some of their favorite hobbies and interests from online videos they found. They enjoy using the internet for all the same reasons the rest of us do. I love computers and technology and the internet, and my kids and I play games together and build computers and explore technology. I have taught them a lot about internet safety (both personal and technological), and I am very impressed with their skills and abilities.
I would never tell another parent they were wrong for choosing not to allow their kids to use the internet or consume certain types of media. Those are very personal choices.
My wife and I have deliberately have chosen what to allow our kids to do, and continually have talks with each other and with the kids about our internet usage.
I don’t feel the need or desire to seek advice or approval from random internet commenters.
danborn26 10 hours ago [-]
It is good to see lawmakers course correct when technical realities are pointed out. Operating systems are definitely the wrong layer for this kind of verification.
bastard_op 21 hours ago [-]
>> SteamOS could still be affected
Steam itself does age verification, which when you first boot a steamdesk, afaik it forces you to log into steam before you can do much of anything without some initial hackery. That said, once in there's nothing stopping them from launching into desktop mode, launching firefox, and watching pr0n that way.
Sadly the solution is still for parents to do real parenting, but that's like saying stupid people shouldn't breed.
jjcm 18 hours ago [-]
This will only help if the law states that internet companies that check this have to default to assuming the user is an adult. Otherwise the end result will be that Linux clients will get caught in a dragnet of automatic denial.
solenoid0937 20 hours ago [-]
This law should never have been proposed to begin with. The fact that the backlash was needed is indicative of a huge problem in our lawmaking.
Kenji 9 hours ago [-]
[dead]
ajaimk 3 hours ago [-]
Is an android technically Linux and open source?
akdev1l 3 hours ago [-]
Technically linux. Not open source in its commercial forms.
apopapo 15 hours ago [-]
What about the BSD kernels? Other libre/open source operating systems?
These laws should be canceled altogether. They make no sense at all.
soanvig 11 hours ago [-]
Wow, stupid idea is hard to legislate. Nobody could predict that.
It reminds me of clients wanting some stupid feature from app developers which does not fit into anything, and makes no business sense, and therefore creates only problems.
subarctic 17 hours ago [-]
Wow this is smart politically because the largest group against this age verification bulls*t just so happens to overlap a lot with people who love open source software (technical people who value user freedom)
Of course this also means that the nerds who use linux or lineageos get to win cool points because they can access more adult stuff
tardedmeme 17 hours ago [-]
This is a bad move. California has no age verification law, only an age asking law and all of the reasons it's good to ask if the user is over 18 are still good reasons if the OS is Linux. And the penalty for providing an OS that doesn't ask if you're over 18 is that it's considered a defective product and you can return it for a refund, but open source software is already provided for free with no warranty so who cares. Unless you bought it from Red Hat so this is basically just giving Red Hat impunity to violate this law, for no reason.
p0w3n3d 8 hours ago [-]
we're preparing ourselves to deanonymise the internet. We do not know yet what this will have as a collateral, but certainly the governments will use it against us.
thot_experiment 21 hours ago [-]
Who else has that Tux plushie tho? I've had one since I was like 11 years old.
lol768 20 hours ago [-]
Same, my Dad ordered it for me at the time; sits on my desk :-)
tssva 3 hours ago [-]
This is ridiculous. Either this is a vital child safety requirement that needs to apply to operating systems regardless of origin or it isn't and shouldn't apply to any operating system.
lucas_t_a 3 hours ago [-]
it would be pointless to force software that can be modified to remove an age-verification to have age-verification.
but maybe they can move to force distributed copies of linux to have age-verification, hopefully dealing with those complaints
NSPG911 15 hours ago [-]
The law is so broad that theoretically, age verification can be on your watches, your Ti-84, anything.
phendrenad2 22 hours ago [-]
We did it despite the naysayers who faught us saying it "wasn't a big deal" and that this is the "best version of the law we could get". Never listen to the naysayers and compromise your principles to appease them, stay true to what you believe.
kajaktum 16 hours ago [-]
Open software should not implement this feature because slippery slope is not a fallacy based on my experience. Force them to actually create a government approved operating systems to make it clear how absurd this is and so that we know who will bend the knee.
beanjuiceII 4 hours ago [-]
having a linux only exception feels pretty weird, they should just drop this all together
t1234s 15 hours ago [-]
How does this age verification crap apply to server environments? If you can't use windows desktop without age verification can you just install windows server or IoT as a loophole?
amarant 9 hours ago [-]
Not how I imagined year of Linux on the desktop to happen, but I'll take it!
laughing_man 16 hours ago [-]
This will either fail or the entire law will go. Microsoft will spend a lot of money to make sure it's not at a disadvantage.
epr 19 hours ago [-]
So are kids not going to have access to llms? Seems trivial to get around this from a technical standpoint for frontier llms no matter how this is implemented.
kgwxd 22 hours ago [-]
No, not exemptions! Drop the stupid-ass law all together.
trollbridge 22 hours ago [-]
Kind of interesting - basically exempts any OS that’s under an MIT or GPL licence…
… doesn’t that excuse Android and possibly XNU, too?
tangotaylor 19 hours ago [-]
This is a potential loophole. Companies could have an "open source" OS but restrict installations like Tivo did in the 2000s (i.e. "Tivoization"). Or they could allow installation of modified software but restrict functionality like the way the Google Play Integrity API can nerf apps running on custom builds of Android.
Or, they can have a license like the Business Source License where you can copy, redistribute, and modify the software but you can't use it commercially. This goes against OSI's open source definition.
We emailed this amendment to Buffy Wicks's staff:
§1798.504(f) This title does not apply to[...]:
(4) An operating system or application that meets both of the following conditions:
(A) The operating system or application is distributed under license terms that permit a recipient to copy, redistribute, and modify the software, including for commercial purposes and without payment of a royalty or fee.
(B) The operating system provider or developer does not, by technical or contractual means, prevent the recipient from installing modified versions of the software on a device on which the unmodified version operates, and does not restrict the functionality or interoperability of modified versions.
mmooss 18 hours ago [-]
That's great, thank you.
> copy, redistribute, and modify the software
Shouldn't that specify the code not or not only the software? For example, the corporate Windows license allows the corporation to copy, redistribute (internally), and modify (via group policy, APIs, or development on the Windows platform) the software. The big difference between that and Linux is licensees can't access the code. FOSS requires free access to, use of, modification of, and redistribution of the code.
tangotaylor 17 hours ago [-]
Honestly you're probably right, code is a better term. I copied that language from Colorado's SB26-051 bill which also has a FOSS exemption and they use the word "software". I'm not a lawyer but I'm hoping that a court's interpretation of one state's language will apply to other states.
That and lots of FOSS licenses use some variant of those words "copy, redistribute, and modify" so it's probably a term-of-art that courts recognize.
This is what Colorado's law says. It prevents Tivoization but not feature nerfing like the Play Integrity API.
§ 6-30-105 (3)
(e) AN OPERATING SYSTEM PROVIDER OR DEVELOPER THAT
DISTRIBUTES AN OPERATING SYSTEM OR APPLICATION UNDER LICENSE TERMS
THAT PERMIT A RECIPIENT TO COPY, REDISTRIBUTE, AND MODIFY THE
SOFTWARE WITHOUT ANY PLATFORM-IMPOSED TECHNICAL OR CONTRACTUAL
RESTRICTIONS IMPOSED BY THE PROVIDER OR DEVELOPER ON INSTALLING
ALL MODIFIED VERSIONS.
antiframe 22 hours ago [-]
Is all the code running on my Google Pixel 10 licensed under GPL and/or MIT?
I think we have our answer.
hnlmorg 20 hours ago [-]
What are they defining as an operation system? It’s a term that has fuzzy edges as a technical term, and given laws are usually piss poor at defining technical terms, I can’t see it being well defined in CA law.
user_7832 21 hours ago [-]
I think there's a lot of proprietary stuff, from Google Play Services to Pixel specific features. A very significant stack of "modern" software layers are proprietary, even on Android.
thefreeman 21 hours ago [-]
I think that was his point
realusername 20 hours ago [-]
Modern open-source Android doesn't even include a working keyboard nowadays so...
Telaneo 20 hours ago [-]
So if you load AOSP and don't use Google Play Services, then you're exempt?
antiframe 20 hours ago [-]
I would hope so.
floxy 18 hours ago [-]
Sounds like another fellow GrapheneOS user!
antiframe 16 hours ago [-]
Indeed!
TylerE 21 hours ago [-]
No, Android is Apache 2.0.
7777332215 21 hours ago [-]
Ah, but what about my internet connected TI 84 calculator?
jiveturkey 20 hours ago [-]
BOOBS
age verified
nobodyandproud 19 hours ago [-]
Patching inherently bad legislation doesn’t solve the problems it’ll cause.
ajsnigrutin 20 hours ago [-]
Parental controls should be a client side option set by the user.
Sure, make it easy for users to do so, but it's a users choice.
Kids don't buy phones or computers, their parents do, and during initial setup, parents could choose "this pc is used by a child" option, input some override password to disable this in the future, and the phone could block whatever needs to be blocked.
mmooss 18 hours ago [-]
> Kids don't buy phones or computers, their parents do
It wouldn't take much for a kid to buy a phone or computer.
subarctic 17 hours ago [-]
Kids also tend to live with their parents, who much to their chagrin can usually confiscate stuff the kid bought and not let them use it
jmward01 20 hours ago [-]
This is the whole 'opt-in vs opt-out' at a high level. A better law would be crafted like 'some services have been determined to be harmful to minors and require age verification. Those -specific- services shall have these specific mitigations.....' Facebook and others should have a clear legal distinction of 'harmful to children' and then the law kicks in.
SilverElfin 22 hours ago [-]
The entire age verification and identity verification surveillance system shows state democrats aren’t on our side.
tzs 19 hours ago [-]
The California law has no age verification, identity verification, or surveillance. It is just a pretty simple parental control system, which only applies to devices whose primary user is a child.
dnnddidiej 22 hours ago [-]
Sounds like any GPL and perhaps other licences. Not just Linux.
exabrial 13 hours ago [-]
So android is exempt?
20 hours ago [-]
shevy-java 20 hours ago [-]
I don't trust this one bit.
The reason is simple: the pattern I see hints that there is:
a) money spent, to push through age-sniffing, and
b) it is happening almost globally.
I am not necessarily saying that all this can be singularized down to one
bribe-using company, be it Meta, Google or what not, or state actors becoming
beyond Evil. But just as the butterfly effect is used as analogy how a strong
wind can be created further downstream, I see the situation here VERY similar.
To me it is not confined to age-sniffing. Remember the sudden declaration of
war by the UK against VPN. This is in my opinion connected here. The goal is
not "protect the children" but instead spy more on people than before. A
gradual extension of this. And some companies and private interests will
benefit. See also the recent Palantir claim made against London aka "the major
is responsible for more robberies when he refused to obey to our rule". These
companies are greedy - and insolent.
jmclnx 22 hours ago [-]
Hopefully the add the BSDs too.
pessimizer 22 hours ago [-]
> The proposed amendment specifically states: “Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
cwicklein 15 hours ago [-]
How about composite software products, say a de facto operating system which contains substantial elements subject to a permissive license? What if those are the components which support networking? If, hypothetically, a commercial operating system vendor built on Mach and 4BSD?
stevenalowe 22 hours ago [-]
And yet, still unlawful compelled speech
SilentM68 15 hours ago [-]
Most politicians are easily swayed when their political bacon is on the line. Perhaps there is yet some hope for California!
pengaru 16 hours ago [-]
If you look up either "half measures" or "unintended consequences" they should both say "See also: California"
m0llusk 20 hours ago [-]
The state should handle personal records, authentication, and age verification. Compliance should be as simple as implementing dead simple state provided interfaces.
jmyeet 20 hours ago [-]
What's depressing to me is just how self-serving all this is. The original bill was AB 1043. Who supported that, breaking with other tech companies? Why Meta of course [1][2]! Meta likes this because it pushes liability onto the OS providers. Guess who doesn't have an OS? Google's support is a little stranger given Android. It seems like AB 1043 also shifted liability to third-party app developers instead of the app store so, conflicting goals?
Likewise, you'll have Microsoft and maybe Apple pushing for Linux to be included for, again, entirely self-serving reasons. Microsoft is never one to miss an opportunity to benefit Windows.
All that's going on here is competing corporate interests. Likely nobody in power actually cares the actual end users.
As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online. Advertising to children, harmful impacts of social media, cyberbullying, addictive behavior and selling the data of minors needs to stop. How we get there is unclear. Meanwhile, everyone responsible is just trying to limit and shift their legal liability and that's it.
If Meta is liable for when someone underage uses their service, then Meta is going to require proof of age which almost certainly means giving them copies of things like driver's licenses or passports probably along with video showing that you match the photo.
In jurisdictions taking the California approach Meta does not need to ask for anything like that. Their app just has to ask the OS, which reports the age bracket that was entered when the user account was made on the device, and the OS gets that information from whoever set up the account. The OS trusts whatever is entered at that time. No driver's licenses or passports or face scans or videos are involved.
> As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online
...and this is pretty much the way to do it with the least impact on privacy and anonymity possible without first building up some high tech cryptographic infrastructure that would likely include hardware requirements that would, at least at first, exclude users who do not have an iOS/iPadOS or Android device that has a secure hardware element.
rezmason 17 hours ago [-]
> If Meta is liable for when someone underage uses their service, then Meta is going to require proof of age—
Let's be clear what this means, "Meta is going to require" something. They'll require it to continue to do something, which is namely to be a bad company, running bad services, without pivoting to something else.
Of course, no one requires Meta to continue to be Meta. We'd protect people by requiring companies like Meta to request PII outright, because then the user is explicitly prompted to decide whether using Meta's services is worth surrendering their privacy. And if consumer sentiment and market forces mean anything anymore, that will incentivize Meta to replace their bad services with better ones, ones that don't cause them tricky liability issues.
In other words, forcing operating systems to demand PII from users from the get-go, regardless of the quality of that signal, and to broadcast that to any website, is not, as you put it, "the way to do it with the least impact on privacy and anonymity possible", etc etc. The "way to do it" is to phase out this rotten era of surveillance apparatus disguised as social media companies.
Sorry for being irate, it just feels like so many people these days arrive too quickly (for my taste) at conclusions without testing certain popular assumptions about the inevitability of tech oligarchy.
subarctic 16 hours ago [-]
> As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online
Just cuz today's ad-supported social media is bad for kids, doesn't mean everyone should have to verify their identity to use it. You can just make it 18+ and if kids lie to get around it that's not the end of the world. And in general, regulations that would make these things better for everyone would be better rather than just saying kids can't use it and not fix the actual problems with them
1 hours ago [-]
nikhilpareek13 20 hours ago [-]
[flagged]
cboyardee 20 hours ago [-]
[dead]
fleroviumna 19 hours ago [-]
[dead]
wetpaws 22 hours ago [-]
[dead]
grigio 19 hours ago [-]
next step age-verification at BIOS/EFI level /s
platevoltage 14 hours ago [-]
Windows 12 will require a special component on the motherboard to support this feature.
zeroCalories 22 hours ago [-]
[flagged]
zarzavat 21 hours ago [-]
Young children should be supervised when they access the internet.
Adolescents are not going to be defeated by such easily bypassed technical measures.
These laws are a trojan horse for control of the adult population. The relative anonymity and freedom of the internet is a threat to those who spend their lives seeking power over others.
zeroCalories 21 hours ago [-]
[flagged]
big85 21 hours ago [-]
A better question - how do you imagine age verification is going to protect children from being groomed? Age verification will force services to assume everyone is a child until proven otherwise. Now it will be harder to tell adults and children apart online. Next, adult content will be harder for adults to acquire, pushing people into black markets, where illegal content will be easier to find.
I appreciate that people are concerned for their children, but we can't keep signing away basic rights and freedoms just to allay parents' anxiety for another few years.
konmok 21 hours ago [-]
There are so many low-hanging fruit to choose from if you want to protect children online, so it makes zero sense to start with the option that deprives every adult of their rights.
lynndotpy 21 hours ago [-]
When I hear that people own cameras, what I hear is that people are okay with children being harmed for the sight convenience of the freedom to create photographs. Let's just be honest about how we're calculting things: You think living without a camera, which is how humanity has lived for 99% of its existence, is worse than children being groomed.
zeroCalories 21 hours ago [-]
[flagged]
JoshTriplett 21 hours ago [-]
> We certainly need surveillance, but it should only come from official sources.
I hope you are never, ever in a position to set any kind of societal policy.
zeroCalories 21 hours ago [-]
[flagged]
JoshTriplett 20 hours ago [-]
Your false dichotomies, loaded questions, and attempts to tar others who disagree with you do not interest me, and I'm not going to engage with them.
I repudiate your statement that "We certainly need surveillance".
SilverElfin 22 hours ago [-]
If you are worried about your children, keep them off the internet. Don’t rob society of its right to privacy and anonymity and speech.
tverbeure 21 hours ago [-]
Why don’t you start by explaining how an age verification at the start of a Linux installation help against children being groomed?
keernan 21 hours ago [-]
I have 7 grandchildren with the oldest being 10. My daughters are very strict about not providing their kids with devices that have internet access. The only one of the 7 who has a phone has a flip phone with no internet access. There simply is no reason to provide young children with access to the internet.
zeroCalories 21 hours ago [-]
[flagged]
dang 20 hours ago [-]
Please don't perpetuate flamewars, as you've done (quite badly) in this thread. It's not what this site is for, and destroys what it is for.
"Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith."
convolvatron 21 hours ago [-]
any solution that depends on everyone agreeing on what content is age appropriate is a bad solution.
HDThoreaun 21 hours ago [-]
dame libertad o muerte
canelonesdeverd 21 hours ago [-]
[dead]
panny 21 hours ago [-]
And I bet that Microsoft employee who was sending PRs to all the linux distros (and systemd) will not bother sending apologies to them for wasting their time.
sufficientsoup 19 hours ago [-]
You mean dylanmtaylor? I didn't know he was an MSFT employee but I guess I wouldn't be surprised.
hypfer 19 hours ago [-]
He isn't. Also never was (unless the CV lies that is).
As for what drove him instead.. I suppose we will never know.
All we can know for certain is that the whole thing felt _very_ inorganic and not like something a reasonable human being would just start doing out of the blue.
(Corporate) politics love plausible deniability, so maybe it was just inherently human randomness. I'm sure it was.
Please move along.
kogasa240p 19 hours ago [-]
Maybe it's a Lennart Pottering sockpuppet.
hypfer 19 hours ago [-]
I doubt it.
And you would doubt it too if you would look at the actual person that is Lennart beyond the "Pulseaudio bad. Systemd bad. Lennart bad." meme.
Very different handwriting too.
7e 20 hours ago [-]
Why should Linux be exempt? Linux lobbyists seem to be against the public good. It takes an AI agent 5 minutes to add this feature and then they add be good forevermore. And given that the software is open source, everyone can use the same library to be compliant. Belly-aching snowflakes…
kloop 20 hours ago [-]
1st amendment. There's a long history of carve outs around commercial products. But, if Linux devs (who aren't selling anything) went to the mat against this law, the government of California would lose and (at least part of) their law would be struck down.
zoobab 2 hours ago [-]
Kids deserve free speech. There is no valid reason to deny access to them to social networks. First amendment is being breached here.
platevoltage 14 hours ago [-]
Why should I care about being surveilled? I have nothing to hide. \s
jamesgill 16 hours ago [-]
Linux was always exempt--because it's not an operating system.
TimTheTinker 16 hours ago [-]
Huh? An operating system, as defined by Andrew Tanenbaum[0], the author of both Minix and of the best operating textbook ever, is a combination of:
- an "extended machine": provide usable abstractions over the hardware to reduce complexity to a manageable level
- a "resource manager": provide for an orderly and controlled allocation of the processors, memories, and I/O devices among all the various programs wanting them.
By that definition, Linux is very much an operating system... unless by "Linux" you meant the kernel only without the additional tooling (systemd, libc, coreutils, shell, etc.) that distros ship with.
I'd just like to interject for a moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
TimTheTinker 12 hours ago [-]
I know that, most technical people know it, but I refuse to call it "GNU/Linux" because that's a dumb name and Richard Stallman is so over the top pedantic to constantly insist on it.
ochrist 8 hours ago [-]
The difference is important, because there are examples of GNU without Linux (eg. GNU Hurd) and Linux without GNU (Android comes to mind).
TimTheTinker 7 hours ago [-]
The year of Linux on the desktop (and its broader adoption) is in part slowed by fragmentation across distros and weird names.
You wouldn't tell your mom about this great operating system she should use named "GNU/Linux". That's bad marketing.
xbar 15 hours ago [-]
Linux is the kernel.
platevoltage 14 hours ago [-]
This comment would impress a lot of people somewhere that's not HN.
The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside. This knocks out two issues with one fix. Small children don't see much if any adult content and they are kept off social media until the admin (parent or legal guardian) approves it.
If a site is not adding the RTA header then progressively fine them into oblivion. If they accept the fines as the cost of doing business then seize everything and put everyone in GenPop. An intern could enable the header in 5 minutes.
All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. The focus should be on small children as teen share porn, warez, movies and such within Rated-G games.
[1] - https://news.ycombinator.com/item?id=47950091
This could all be handled by settings in the browser, only if the sites themselves listened to the users' browser preferences.
It makes a bit of sense, since the mailer had already paid, but the main justification (iirc; it was years ago that I read the opinion) was that a postal service should be neutral and trusted to deliver.
The user agent should... be an agent for the user, and be able to perform actions on their behalf.
(The legality of those actions is of course assumed by the user here... if I add an automated flamethrower to my mailbox and burn my bills, well the debt collectors may come regardless if I read them or not - we cannot shift blame to the USPS here).
The second argument has the problem that for the whole thing to work the recipient must also have reason to trust the post office, but here their interests are not considered at all.
The companies on the ads wouldn't do it that way if they were not getting a positive ROI from it. They probably only need to get 2 maybe 3 new customers to offset the cost of mass mailings.
Should USPS be required to respect that owners wishes here?
Sensible decision I think.
Ultimately there’s no good excuse for the banner solution.
It’s not written the way it’s written because they’re oblivious it’s written the way it’s written because it’s plain lobbying writing the bill.
For example, there’s little in the way of protections in how the age verification would be protected or prevent the analytics from being sold
But then again if it was to protect children, better support for voluntary age control would be so much more useful as most minors use devices managed/owned by their parents.
But then similar to cookie banners it is just about enabling surveillance
Do binary search and you don’t even need that many calls.
1. Is person older than 50? 2. Older than 25? 3. Older than 18? 4. Older than 9? 5. Younger than 14? 6. Older than 16?
They can't do anything today as it is a federal holiday but they could do something tomorrow.
The former are things like "does the user want dark mode", the language you chose to use the website in, the contents of your cart, your login info etc. The latter are for tracking. Typically, the former don't need consent, the latter do. Browsers have no way of telling the two apart.
For example, firefox's "strict tracking protection" setting also breaks a bunch of websites.
The problem is that people generally want functional and often performance cookies, and then you end up with the stupid cookie banner regardless of marketing cookies.
To not be indistinguishable from "strictly necessary" there would have to be a case where the "functional cookie" actually required consent, right? What case is that and how would you solicit that consent other than some kind of cookie banner?
> “Performance” actually refers to analytics, probably rebranded because users did not want it.
It refers to statistics, but sometimes you do want that, e.g. so the site can tell you how long it took you to do something compared to the average user, or provide those analytics to you. And the fact that this is ambiguous is an obvious problem -- if you get access to the data they collect is that "analytics" or "functional"?
In the face of an ambiguity, most corporate bureaucrats are going to take the risk-averse option, which is to ask for consent in case it turns out to be adjudicated as required ex post facto. The result is quite predictable. If you pass a poorly drafted law, businesses have a general preference for doing something stupid/wasteful/annoying over something that could get them sued or fined.
The case is when you don’t use that feature.
> how would you solicit that consent other than some kind of cookie banner?
Using the feature that requires the cookie is considered consent, same as using the website is considered consent to set cookies actually necessary for the entire website to function. For example, if you click “save settings”, that’s consent to save those settings, there’s no need for a “but am I allowed to save settings?” popup.
You might be tempted to dive into the potential grey area here, and sure, one exists, but (a) that’s why the laws go into 1,000 times more detail than this HN comment, (b) most of it’s not in the grey area, and (c) even in the worst case, making 100% sure is as easy as a checkbox before the button that activates the feature, there’s never a requirement for a blanket “can we do whatever we want” before even displaying the homepage.
> It refers to statistics, but sometimes you do want that, e.g. so the site can tell you how long it took you to do something compared to the average user, or provide those analytics to you. And the fact that this is ambiguous is an obvious problem -- if you get access to the data they collect is that "analytics" or "functional"?
The GDPR calls it “statistics”, but in this context defines the word to mean analytics, not statistics shown to users. If it’s shown to users then it’s either strictly necessary or functional.
> In the face of an ambiguity, most corporate bureaucrats are going to take the risk-averse option, which is to ask for consent in case it turns out to be adjudicated as required ex post facto. The result is quite predictable. If you pass a poorly drafted law, businesses have a general preference for doing something stupid/wasteful/annoying over something that could get them sued or fined.
Businesses are generally risk averse, yes, but don’t mistake knowing a force at play for knowing them all. The “cookie consent banner” was invented and evangelized not by the laws they’re commonly believed to have sprung from but by the IAB, an ad industry consortium counting Google, Facebook, and many others as members. The same organization that organized efforts to prevent third party cookie blocking, and that tried to block the GDPR entirely. The banner norms they created did not even comply with the law until changes a few years ago, the EU just took its sweet time on enforcement.
The average small business, of course, is not in on some grand scheme, but this is where your risk aversion comes in: if all the big players are doing something, and everybody around you is doing it, and you Google it and the first 20 results all say to do it, then the risk averse move is of course to just do it and move on. After all, trusting your own judgement is scary, what if you get sued or fined?
Instead, the default should be, that if there is no header or it cannot be parsed, then the content is unsafe. And if there is a header, it describes the page rating, like what kind of dangerous content it may contain. The header may be added to any displayable content like HTML, text, images, audio or videos, but not to machine-readable content like JS files or AJAX responses.
So only those who wants their site to be accessible by minors, have to add headers. For social networks, the user might have an option to mark his content as "safe".
This means that with my proposal existing site operators need not to do anything to mark their sites as "unsafe" - all sites are "unsafe" by default. This means that millions of site operators need to spend 0 dollars to adapt their sites. How great is that?
The browser on a device with parent mode, should not allow displaying any content which doesn't have a header or that is marked as unsafe, or that contains header with invalid value. The parents may whitelist some sites.
There should be a reponsibility for intentionally marking unsafe content as "safe". We should also think what to do with foreign operators, intentionally putting invalid headers for unsafe content. Maybe they should be added to some kind of blacklist that the browsers would periodically update.
Search engines like Google could work by default in "safe" mode, but add "unsafe" header if the user wants to turn off restrictions.
> If a site is not adding the RTA header then progressively fine them into oblivion.
I think my proposal is better because it requires only fining those who intentionally misrepresent content safety.
That's something the client should be doing. You can configure your own device (or your kid's) to have whatever default you want.
The actual problem is that classifying the entire firehose of user-generated content is precarious and uneconomical, so the default tag is going to be whatever minimizes liability. If untagged implies "unsafe" and "unsafe" minimizes liability then the majority of content will be untagged. If untagged implies "safe" then the majority of content will end up explicitly tagged as unsafe, because tagging it as unsafe minimizes liability.
But either way if you disable "unsafe content" you'll end up disabling almost everything, specifically including the huge amount of "safe" content which isn't tagged as safe because accurately classifying it is uneconomical.
Ultimately the problem is the provider knows what category the content is and the parent knows what the content policy is. Providers can't say whether it's "safe" or "unsafe", only what standards it complies with. Some parents will have weird policies like "only G-rated movies or any Jim Carey movie" that can't even be delegated in any reasonable way to providers.
So the header has "PG-13, US-legal" because it's a movie rated PG-13 and constitutionally-protected legal content in the US, and whatever other markets you want to open up. Providers could even include AI ratings so as to mass-tag their content at low cost, and parents can decide if a particular AI rating is okay.
Parental controls could even restrict official ratings to country of origin, so if you approve PG-13 it'll block that content from countries where you can't sue them for lying about it.
The only hard part for the web is that a site could lie since there is no gatekeeper, but some black lists can help with bad actors.
Websites by default are ‘true’ for every category, unless they specify.
Categories are, for example of some: nudity, sexual, violence, etc.
It doesn’t have to be perfect but sites will have to err on the side of caution.
We could even create an html tag <restricted type=violence> for example, and the browser can simply not render that portion of the page of the user has that type disabled.
And we could give companies a pass for best-effort categorization using tech to assess user-generated content, along with allowing users to flag their own content as “safe”
The goal should be to satisfy most reasonable governments. A neutral technical standard and an international organization to maintain the the ontology for content descriptors
There's no reason a simple, standardized header can't be used to communicate any number of classifications simultaneously.
Edit: It occurs to me that if you oppose all age related measures then my above response isn't entirely fair to you. I still think it's an absurd objection but the comparison I made no longer applies.
What we need regulation to provide (IMO) is a reliable way of doing that.
Sites can choose to have unrated content (adult movies) and those are only available on devices without an enabled parental control option (adult-only theaters).
A solution would be browsers refusing to load any site that didn't provide such metadata, not just in child mode but in any mode. I suppose either Apple or Google would likely be capable of unilaterally imposing such a requirement as things currently stand. However I also think that's unlikely to happen on its own for various reasons. Thus legally mandating certain basic content classification categories in addition to an extensible standard protocol for communicating such metadata would (I expect) end the cycle. And rather than the government going after individuals the legislation could be structured to place the onus on mainstream browsers, OSes, and other client software to enforce compliance on their behalf.
Fine. It probably should be, if sites don't want to bother cooperating.
For example, it would be insane if every website and blog in the world to had to run logic to detect and prevent Elbonian males under 16 lunar years from seeing ankles except on Thursdays.
Parents today can accomplish what you are suggesting by installing parental control software and only allowing access to things they explicitly approve.
This can also be done via headers explicit blocking of all the things and was suggested in another thread. [1] Some people liked the idea.
[1] - https://news.ycombinator.com/item?id=47952999
That said, outside of the merits of this approach, I am dubious of any actual implementation given 2 points.
1) Protecting the youths will always be a leaky bucket. With disadvantaged youths possibly more at risk. Those exposed to non-compliant parents ("cool" parents who are ok with sharing unsuitable content) or lacking strong parental involvement, likely won't benefit a great deal from any implementation.
2) Anti privacy social networks stand to gain the most from targeting ads utilizing signals from most child safety acts. They also might be able to reduce some costs from moderation if they can make it someone else's problem. I'd argue the net social impact from these social networks is likely both more normalized and strongly negative for our youths than any smut.
On the balance I'd say we are better off investing our energy in other places.
Or simply parents who won’t agree with the government on what is suitable for their children.
We already have parental control on all mainstream operating systems, why cannot this simply be the responsibility of the parent as are so many other things regarding what children do, watch, eat etc?
Adding a header to a web server or load balancer or app server if done globally can be done in a minute or two. Maybe 5 minutes for the intern not counting QA testing.
But you are right, the inverse is easier. I like that too. That was debated in the other recent thread.
[1] - https://news.ycombinator.com/item?id=47950091
The core problem is the lack of buy in. Unfortunately that likely needs to be forced. I think it's not unreasonable to legally require people to make a claim about the nature of what they are serving up. They already need to be aware of the legal status of what they're doing anyway so it hardly seems as though making such a determination should pose a burden when you consider that it's an alternative to either requiring ID, requiring the client send age bracket information, or other heavy handed interventions. The choice here isn't "the status quo vs a header" but rather "some other age related regulation vs a header".
An easy way to enforce this "voluntarily" (ie coerce) without sending government agents after every small time website operator would be to require that mainstream browsers and other client software (based on MAU or similar metrics) refuse to process content that does not send a classification header. Doesn't matter what the header says or what the status of the user account or parental controls or whatever else is, it has to send the header regardless or it will be blocked without exception. That would presumably trigger broad compliance with the relevant regulations.
What about spoken words?
What makes online speech different, from the perspective of the Constitution that limits the power of the state?
What I've described does not restrict one's ability to speak freely. It is most similar to an impressum except it bears no identifying mark thus poses no hazard to anonymous speech.
Mandates on how speech must be structured are a violation of freedom of speech, Constitutionally speaking.
“Redressing a concrete dysfunction” does not appear in the Constitution as an exemption to guaranteed rights, as far as I am aware. The proper remedy for this kind of problem is an Amendment, assuming you can get enough people to agree with your assessment.
“We” (as in the US government) do not do this. There is not, nor can there be, a law requiring such rating.
> we don't allow children into liquor stores, strip clubs, or adult bookstores
These are physical stores/venues, not written speech. “We” do not restrict authors from writing adult books that may or may not be seen by children, nor do we require that the books are labeled as such.
If you want to restrict speech, pass an amendment. That is the allowable path.
By your own logic would online ID laws not also be a constitutional violation? Ditto for age bracketing laws such as the one under discussion here. After all, they both effectively regulate one half of the exchange necessary for meaningful communication (ie protected speech).
> Impressums cannot be required in the US
Yes but why can't they be required? My (quite possibly flawed) understanding was that SCOTUS previously established that publishing without attribution could not directly be outlawed, recognizing the ability to speak anonymously as an important aspect of political speech. What I have described does not run afoul of that. It neither restricts one's ability to speak nor provides for any form of attribution.
> “Redressing a concrete dysfunction” does not appear in the Constitution as an exemption to guaranteed rights
Regardless of either your or my personal opinion SCOTUS routinely makes exceptions to constitutional rights when a compelling need is presented and the remedy is sufficiently targeted. That said, I don't believe that what I described infringes on the first amendment to begin with so your point is doubly moot.
Now you’re getting it. Throw them all out along with the idiots who passed the laws.
> Yes but why can't they be required?
The Court has interpreted compelled speech to be almost universally a violation of the First Amendment, outside of the courtroom. I tend to agree. “Shall make no law” is a strong statement.
> SCOTUS routinely makes exceptions to constitutional rights
Prior courts. The present Court seems to be (rightly) rolling back both judicially-granted overexpansion of rights and exceptions to rights, although this is a slow process.
We have to stop relying on the courts to grant new rights and/or exemptions to rights. Passing unconstitutional bills and hoping for a favorable interpretation is clearly not the intended process, yet it’s become increasingly common.
We need to figure out how to pass amendments again or we are going to lose our republic. (It may already be too late due to an out of control executive and corrupt Congress, but that’s another matter.)
We require for example nutrition labels on food products. So clearly metadata of various sorts can be required for an interaction within the marketplace if there's a good enough reason for it. I'm not sure where that leaves personal blogs but it certainly applies to Amazon and PornHub.
The present court is rolling back some things but certainly not all. From the very beginning constitutional rights have never been absolute. One of the basic principles that comes up repeatedly and supersedes almost everything else is that the government must be able to carry out its duties. The contention is generally whether something is truly necessary for that and if so whether the law in question is overly broad.
Marketplace being the key word here. Interstate commerce may be regulated.
> I'm not sure where that leaves personal blogs but it certainly applies to Amazon and PornHub.
That’s the point. I also care about restrictions on smaller businesses and want to prevent regulatory capture, but personal/nonprofit/community sites must not be burdened above all else. They face enough challenges as it is. If a website or software project is noncommercial, their speech is not subject to regulation, Constitutionally speaking. What’s more, the Constitution has the correct take here—this is as it should be.
> One of the basic principles that comes up repeatedly and supersedes almost everything else is that the government must be able to carry out its duties.
Then you get the question, what are its duties? Enforcing unconstitutional laws is not one of them.
Also, FWIW, 18 U.S.C. § 2257 applies to printed books as well as online content.
But pure text literature (physical or online) isn't as regulated as visual media.
I'd actually go somewhat further though and ask whether it's a good idea to even do this via web pages at all. We have a great potential system for this already: DNS. Do something useful amongst all the ridiculous vanity and spam TLDs for once and set up a ".kids" gTLD, or ccTLD for that matter so that different countries can set their own regulatory standards naturally (ie, .kids.us, .kids.uk etc). Domains could also be used for some broad buckets for people who don't want to drill in, ie, .1-6.kids, .7-12.kids, .13-17.kids, or whatever is deemed appropriate, but simple age brackets that would offer some sane defaults. 1-6 could simply not allow any ads, user generated content or algorithmic feeds whatsoever for example. There are a lot of knobs to turn. And then at the registry level it can be ensured from the get-go that anyone getting a .kids domain is fully identified, located in the country in question, has valid ID, has specific credentials or is an accredited organization, or whatever other criteria makes sense.
But ultimately the point would be to create something that is built right from the ground up, and in turn that doesn't interfere with what has already been built at all. Something that can also be worked with at the gateway and thus cover every device on a LAN, and for that matter can easily be plugged into the vast number of powerful tools we have for working with that stuff. It'd be easy to put a nice UI on all this, even to make it higly automated. For example, have a setup wizard where you enter children, put in date of birth for each, and it'll spit out a password for each one. This then auto-provisions the network such that each kid has their own VLAN (password for PPSK or even wired connection) and is automatically limited to the domain groups of their age bracket, which then changes as their age changes.
Parents should be able to dig further in and get more granular with content categories, metadata for which could be required for anyone hosting a site within that domain, but I think there is the potential to make something both pretty bullet proof and pretty accessible, using existing tech stacks, and without impinging on the present internet at all including privacy and anonymity.
The vast bulk of the internet is child neutral. For example my church a web site, the bakery down the road has one, the local pro sport team has one. They're not designed "for kids", but kids are welcome.
Does StackOverflow need to register a .kids domain just so children might get answers to programing questions?
If my-bakery.co.uk and my-bakery.co.au both want to be visible to 16yo there needs to be at least kids.uk and kids.au.
Does OpenSSL.org or OpenSSL.com get to be OpenSSL.kids?
Sorry but duplicating the entire neutral internet domain space with yet another tld isn't a helpful approach.
Instead of running their own websites, they'll migrate to a platform like Facebook. That way Meta handles the burden of moderation and the legal complaints for the inevitable moderation failures.
I surprisingly seriously disagree, and think you're perhaps missing a lot of the contention in this whole societal debate. The point is to give people workable tools with some level of agreed sane defaults they can make use of, tweak, or ignore entirely, without imposing any burden at all on the existing internet and its adult (or children with parents who wish it) users.
>The vast bulk of the internet is child neutral
First: by who's standards is one of the core questions! What's neutral to one parent may not be to another. You illustrate this with your very first example in fact, "For example my church a web site". There are religious parents (and no doubt atheist ones as well) who would quite strongly not want their young child to visit your church's website.
Second: there is a difference between simply wanting to be child friendly and taking on a legal obligation and liability to be child "safe" to some given standard. Parents would be perfectly free to whitelist whatever additional sites they liked, or to subscribe to lists that curated whitelists of various sorts, or to use other controls. But a politically significant number of parents clearly want assurance that their child will near-never (with actual enforcement mechanisms for failure) encounter something outside of bounds. Meeting that need requires either whitelists or the sort of restrictions that would wreck the current web (and probably still not work very well).
>Does StackOverflow need to register a .kids domain just so children might get answers to programing questions?
If the parents of said kids want it to, then yes? Why would that be a big deal? I'd be surprised if like most places SO doesn't already have piles of domains purely for defensive purposes, and as something nationally regulated I certainly envision such a domain registrar being dirt cheap (or even free, paid for by tax dollars) for domains. Given the context and that it'd be very much not open to all there isn't any need to worry about cost to dissuade scammers and such, they'd be prevented from ever registering in the first place. Rules around use of trademark, business names and so on could also be very strict.
>If my-bakery.co.uk and my-bakery.co.au both want to be visible to 16yo there needs to be at least kids.uk and kids.au.
Yes? DNS is not expensive. And again, parents don't need to make use of it. This would be for those who do, who are right now pushing for ID for everything. It's a safe default walled garden, but one with doors any parent can open.
>Does OpenSSL.org or OpenSSL.com get to be OpenSSL.kids?
Which one chooses to get accredited by a regulator or child protection organization with insurance and so on first? Why are you asserting either would even bother? Which one would be happy about having to verify ID of users right now?
>Sorry but duplicating the entire neutral internet domain space with yet another tld isn't a helpful approach.
Sorry but you haven't thought about this very clearly at all. This proposal is very explicitly a small subset of the entire neutral internet! Duplication is never something I suggested, rather the very opposite! The "entire neutral internet" is by default adult here, but parents would be able to allow children to browse it just as now. However, some are clearly unhappy with that, enough that we're seeing politicians respond with things that would be very bad.
And, if we are going to do this the “design” should be global and anticipate a range of cultures.
If a site is really mixing so much content (like Reddit) then they should really be separating their sites into different subdomains.
We really can't have it both ways, that every failure of the child is blamed on the parent for lapsing in their almost totalitarian oversight, while also idealizing the idea that children must make their own mistakes and gradually growing into responsibilities and self-governance. Except having access to the Internet, apparently.
Taking a step back, this all smells like madeleines and a yearning for the good old days when everyone rode bikes and nobody owned smartphones. That's not really a productive stance on anything.
(If you would ask me, and I'm sure nobody would, I would think that there is a sort of trade-off here but with a clear answer: Make clear restrictions about buying cigarettes, alcohol, abusive content and extreme porn. But these restrictions aren't meant to be technically perfect. It's ok that some kids will learn to lift the limits and explore what is forbidden. At least then they would know that there is some reason society collectively considers these things off-limits, and that they soon will be in a mistake of their own making.)
[0] I also know home-schooled people whose parents are far better than any teacher I've ever had and whose education and achievements reflect that obvious fact. Home-schooling itself isn't the issue, and I'd prefer that it remain possible.
Back on the first hard, I'd argue that most of those people might have benefited from having more access to the internet, as it sounds like at least part of the problem was that they had severely limited experience for how to navigate the world outside of small amount their parents allowed them to be exposed to. I'm on board with the government being involved in ways that are beneficial, but "make anyone using an internet-connected device plug in their ID first" just feels like an absurd overreach for what it's trying to solve.
Anecdotes like this don't help the case much when government schools in a lot of places "graduate" large proportions of their pupils who are functionally illiterate and innumerate. Then you get misconduct, bullying, abuse that goes on in government schools. Who should "step in" on the government?
Home schooled people do fine, statistically.
The home-educated typically score 15 to 25 percentile points above public-school students on standardized academic achievement tests.
-- https://nheri.org/research-facts-on-homeschooling/#Academic
In all three scenarios (but especially in the first two) there is a sizeable population of parents who know their kid is several years behind grade level, but they tolerate it because they think kids learn at different paces. Or that it's fine for a kid to love one particular thing (cooking, machine repair, art) at the expense of a well-rounded education. And that's not even getting into the 'unschoolers' who treat never opening a textbook as a point of pride.
If you're well-educated and run in circles of people like you then you'll find the homeschoolers who also value education. But if you expose yourself to a wider variety of people your conclusions may change.
First independent search result:
> The US-based NHERI describes itself as a leading research institute in the field of homeschooling. However, its neutrality is often questioned.
The potentially all-powerful government shouldn't know:
- what vices a person has
- what religion a person has or doesn't have
- what porn you watch
- what alcohol and drugs you buy
PERIOD.
All of these things can be exploited. To control jobs, to control finances, to extort influence, to shape ideology, etc.
The government shouldn't be able to catalog those things in a database for later misuse.
The government shouldn't be able to install friction or barriers that make it easy to cordon off and kill these things at a later time.
The "think of the kids" argument can go to straight to hell. Nobody's having children anyway.
This is a very real (not logically fallacious) slippery slope right into the pages of 1984.
It's not about kids. It's about control over society as a whole. They're going to force you to use your ID to access the internet, force you to use an approved device, and the minute you step outside of allowed behavior, you'll be punished.
Shackles and telescreens are coming, and they're using this argument to build it.
Would it be acceptable for a private company to own this information? Perhaps sell it to others?
Private companies should also be regulated with regards to data sales of private information, yes.
Are you suggesting we remove current laws making it illegal for children to purchase these things?
That's besides the point though because this legislation doesn't check people's IDs when they're trying to purchase porn or alcohol, but as soon as they walk out the door, and if they refuse to show it, they have someone following then around even if they just go to the ATM and to the doctor.
With online services, there's no way to ensure your information isn't permanently stored and associated with the transaction for later misuse.
This broad rejection without good reasons is borderline sociopathic. ... and parental control is not the gov raising anyone.
- keeping class sizes small - keeping class within similar development range ( AP with AP. short bus with short bus )
None of it is a secret, but government can't (edit:or won't) make it happen. Hence regular people just doing the best they can within the system at their disposal.
It's why some schools in (iirc) California did away with higher maths like calculus entirely.
Sadly, it seems there's nothing actually common about common wisdom.
Socialization doesn't have to solely occur in an academic classroom.
> like your "sink it" nugget, they lack decent problem descriptions
Let me be clearer then: The legislation has passed but it is 100% possible to repeal that law. And it should be repealed, and we need to not let up pressure on California until it is rescinded. It was a bad law that was not thought out at all and fails to solve any problems.
I'm not worries about corporate feudalism and app age checks.
I'm not sociopathic, you're just making broad assumptions.
Eg "if you ban cellphones in schools then average test scores (on tests like PISA) will substantially improve". Or something else like that.
>This broad rejection without good reasons is borderline sociopathic.
It's sociopathic to not want the people in control to constantly make up new arbitrary rules? I guess we just need a few more Patriot Acts and Snoopers Charters.
It's like saying we should install Flock cameras everywhere so that we can protect consumers from buying harmful products. Corruption and mass-violation of human rights is all that's ever going to come out of it.
If the goal is to stop predatory companies, why not do so? Oh right, because that was never the goal.
It's also the tired old argument that's constantly raised by encryption ban/backdoor proponents too. How many times do they have to be debunked, ugh.
If you're against the EFF on these kind of issues, it's typically a good time to reevaluate your position.
https://www.eff.org/issues/age-verification
This is only going to cause things you describe to get worse and the U.S. government is complicit in this because we have a two party system that works directly or indirectly for the establishment.
I'm not sure if you are encouraging more government intervention, but its clear this is not working. Its like going to a criminal gang and asking for security while they ransack your community and charge you for it.
Governance only works when it represents the people, that is not what this government does right now and no amount of electing the right candidates is going to fix that until we have those two issues addressed.
Governments are dangerous monopolies on force and the use of that force shouldn't be casually tossed out like candy at a parade on crap like this. If it doesn't matter if you lie, what's the point of even doing this, to prove that we're insane? Or is it the pretext for requiring a remote server id carding service in the future under that guise? Keep driving down this road and you end up with an end game that looks a lot more like North Korea than a free society with limited government.
Do you think the rule that children's toys can't contain lead is equivalent to living in North Korea? That's the same kind of law as this one.
You also have a lot more flexibility to negotiate on product quality. If you have a good reason why you can't meet normal product quality standards because your product is sufficiently different from the normal products in that category, you can usually put a prominent warning label on it to cover your ass and then you're fine.
And if they refuse to do all of this and resist, what happens to them? If you want a sample, stop paying your taxes, stuff your money under your mattress and see what ultimately happens. Just because our government is slow, stupid and incompetent doesn't mean that they don't use the same mechanism of action.
I would love to get into why looking at porno is not even in the same universe of danger as lead poisoning, but I've spent weeks trying to explain harm comparison to people that genuinely think high schoolers using social media is the same thing as them using cigarettes and heroin and I'm just exhausted.
but... I would also like to keep my kids from seeing the very worst of the internet before they're ready to handle it. I tried using a PiHole but Firefox DNS-over-HTTPS nullifies that now. It's not realistic for me to be watching over their shoulders 24/7; what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
If the childs account is not able to gain admin privs then their ability to change settings can be disabled.
I personally think this current version of the legislation is a good compromise. Tech workarounds are fine for the few of us that understand the relevant technology (though I have never bothered to compile DNS in my life and have no plans to do so in the future), but they are simply not practical for most people. Every time I hear someone suggesting this sort of thing I find myself tempted to say 'why worry about legislation? If you don't like what it mandates you can just write your own operating system.'
Of course this would not be helpful because writing your own OS is extremely hard beyond classroom/toy examples. And likewise, tech workarounds and even parental controls are hard for most consumers - partly by design. I have an xbox console and have been trying to figure out why it keeps freezing on certain apps for months now. I suspect a telemetry problem but it's just a guess, there isn't really any way to look at logs so it's a trial and error process because most consumer hardware/application vendors want their products to be black boxes.
I don't think it is a good compromise. It seems to cover the wrong use cases.
My use cases have nothing to do with children on any level. Why would I want to submit to government restrictions? That makes zero sense.
It's as if the right-to-repair-movement would suddenly be undermined by a lobbyist advocating how restrictions are great. Or Jackie Chan suddenly praising the sinomarxist mono-party.
The better question is "Why do I need to give up privacy on my devices that no children ever use and are used for all sorts of mundane things that are entirely unrelated to what you're trying to protect your children from to solve this problem?" The solution being proposed here is to require ID checks at the OS installation level; this would be like requiring me to flash my ID when I walk out of my house because kids would have to go outside if they were going to try to buy alcohol.
> before they're ready to handle it
You can restrict any access for the network to them. Extra bonus, this will save your child from addiction.
Like no past generation could stop their kids.
Past generations absolutely protected their kids from cigarettes and alcohol. A gate doesn’t have to be 100% effective to have net benefits.
(Yes, you might get carded before you can go into a bar or a club, but we're talking about every possible device that can connect to the internet here; that's a lot closer to the grocery store than a bar or club terms of how much of a staple this is for most people's daily lives at this point. Cutting off my ability to access to my bank account, contact doctor, or pay my bills should not be something that should require additional steps because my devices which no children ever used could theoretically be used for a child to try to watch porn).
I agree these proposals are garbage. But if everyone who can credibly say that is busy trying to block any age gating, this is what we’re going to get.
But like your examples, it's not guaranteed to work.
Install a DNS filter. Firefox circumvented that? Smart kid :)
Censorship circumvention might be a good skill to have in the near future.
I'm sorry, but what? Cigarettes, sure. Alcohol? Binge drinking was absolutely rampant at my school, and I don't think I'm alone. Don't get me wrong, some parents just buried their heads in the sand, but unless you're giving them a breathalyzer when they get home and severely punishing them all the time it's pretty hard to prevent.
No. Like, obviously no. That’s not how effectiveness is ever measured.
Some kids getting access to booze here and there with planning and coordination is different from kids walking into a liquor store or bar whenever they want.
1. https://en.wikipedia.org/wiki/Splitting_(psychology)
However DoH isn't obfuscated and in order to operate the list of resolvers that firefox uses must be published somewhere. It follows that you should be able to filter the major DoH providers at your gateway.
This is the main problem that needs to be addressed. Everything else is just a byproduct of it. If you support the by product of what was created by conditions that are not being address, you only make the problem worse.
Here we talk about use cases for EVERYONE. I don't see how your use case is fine for me, because I personally do not agree with it on any level at all whatsoever. You believe in restriction. I don't. There is no common ground here.
> It's not realistic for me to be watching over their shoulders 24/7
Is this your job? At which age will you stop monitoring them?
> what can I do to keep them away from stuff 99% of people agree isn't for children to see
99%? Where do you get those numbers from?
Besides, what stuff anyway? Even then the issue isn't about your kids. It is about laws for EVERYONE.
Nothing. VPNs exist (including free ones), some of classmates will have unlocked devices, etc.
Next question?
What it fails to account for is that today's internet is qualitatively different from the pre-social-media, pre-smartphone internet. The vast majority of the internet audience, too, is qualitatively different. Incentives are misaligned for an average parent who might want to keep a tight leash on smartphone internet access for their kids, when attempting to do so will generate fierce opposition from their kids and leave them socially out of the loop.
Maybe we should teach parents how to be parents instead of imposing draconian age checks (read: mass surveillance).
The first example is bad, the second is tolerable.
But the reason most kids don't smoke is that the parents and the teachers instilled in them that it was bad. If a kid wants to smoke or drink, they can surely get an older friend or a friend of a friend to sell them the cigarettes or alcohol. Anyone can buy 20 bottles of hard liquor and 50 packs of cigarettes, sell them to a 15 year old who can then sell them to their friends. That doesn't happen often not because a surprise police raid will show up and bust the seller but because there isn't enough demand. If there is demand from the kids and the parents don't care, kids will get their hands on drugs. Maybe not 9 year olds but certainly the teens.
Big honking "citation needed" there. I think it's far more likely that laws against advertising to minors, and tightening enforcement of prohibiting the sale to minors, is what did it.
On top of it all, smoking has decreased among adults too. Part of that is certainly cutting off a big chunk of the teen-to-adult smoking pipeline, but part of it is also just that adults don't think it's so cool anymore (and "going out for a smoke" is no longer a social or even professional activity), and are more aware of the health risks.
Low-tech Magazine (https://solar.lowtechmagazine.com/) has enough articles to publish a thematic book, “How To Build a Low-tech Internet?”. There are other books with concrete proposals: pretty sure Cory Doctorow's published a few (Chokepoint Capitalism, also by Rebecca Giblin; Enshittification; possibly others). You can read these if you would like. But the important part is using and maintaining credible alternatives, reducing both our dependence on and support of these companies.
[1]: although more work is needed to reduce the addictiveness / increase the user empowerment of Fediverse UIs (which are largely modelled on the corresponding Big Tech social media systems): websites are still the way to go, if you can.
That data leaks out is always a given. So, gather less data. Ideally none. But this is not a discussion about data. This is a discussion as to what state actors think they are allowed to do. It is an attack on private life of people. See the combined strike against VPNs.
PS I'm referring to bail reform here.
PPS Just trying to frame what the CA government thinks its allowed to do which is apparently anything it wants.
I can only hope you are correct.
It is like negotiating with a terrorist that wants to kill you and this is his starting position and then he wants to agree on some compromise, like seriously beating you. There is no negotiation.
That exists and is called "self defense", no?
Obligatory XKCD: https://xkcd.com/2521/
How do you propose doing age restrictions for social media?
These are broadly popular. (And the evidence supports them.) They are happening. So the question is how to do it best. The project for reversing the consensus isn’t worthless. But it’s a long-term project that will have to bear fruit after these restrictions go into effect, if ever.
The idea is broadly popular but the second you start asking about implementation details (ie showing your ID to post on the web), the actual approval percentage tanks down to the single digits.
But you knew that which is why you construct this rhetorical motte-and-bailey about it being "broadly popular"
Source?
> But you knew that
I genuinely don’t. I don’t think many electeds do, either.
The playing field is currently lots of angry non-technical parents looking at Silicon Valley leadership not doing anything remotely reassuring when it comes to taking care of their children. And then a good fraction of them being drawn into a proper pantheon of idiot conspiracy theories. (They’re really stupid.) I would love to see polls considering implementation details because that would at least imply somebody is thinking of them.
Right now, honest answer, I don’t think anyone in government is. Electeds see an easy win—or more accurately, a patchwork of angry, mobilized voters they can scoop into their election-year campaigns with a rushed-out bill that pins them to the issue but which neither they nor those voters really have the technical chops to parse.
Best case, we get tripe. Worst, the process gets hijacked.
Voters are collectively deciding for all of our children. And there are absolutely group dynamics that require cooperation. It’s why rich communities ban phones in classrooms while in poor communities, the one family that tries doing it alone is probably going to be less successful.
Again, I’m not saying you’re fundamentally wrong. Just that this debate has been had and the polling is massively in favor of bans for under-14 year olds and strongly in favor for under-18s. (And to the degree I’ve connected with electeds, the folks calling in and writing were almost 100% one way. The civically-engaged electorate is practically at consensus.)
I want government bureacrats, empowered by the stupid median voter, to be as far away as possible from things that I (and any other parent) are perfectly capable of solving by ourselves.
I want more freedom
Sure. Call your electeds next time this comes up. Right now, the ship has sailed. Jurisdictions are debating methodology.
Huh?
1. This assumes that websites are under your jurisdiction and can be fined. This is not a valid assumption on the internet. If you want to do this, you need a framework to block noncompliant websites via ISP-side null-routing, putting pressure on payment processors and hosting companies which do operate in your country etc.
2. HTML tags and not HTTP headers. If just a small part of the site contains content which shouldn't be displayed, the web browser should just hide that part.
3. Sometimes, it is genuinely useful to know the user's restrictions ahead of time. Imagine you're a movie streaming site or game store. You have some content which is suitable for the user, no matter their age, but you need to know which bracket they're in to decide what to show them. Without that info, you either default-adult (which sucks for children) or default-child (which sucks for adults).
The problem of hosts in countries that don't give a shit is true for every solution aside from the great all blocking firewall no developed nation would want to have. So no to "ISP null routing" from me. ISPs provide infrastructure. They are not school teachers.
Such a solution implemented today would be tunnelled yesterday and everyone should support evasion attempts.
If Meta, Google etc could easily have algorithms in place for determining the age of the person seeing the video - apart from having the override capability via a parental login as you have stated.. but these platforms have consistently refused to limit the type of content they are showing to children.
Seems like this would incentivize just all sites to have the header regardless of if it meets the definition since you get fined if you dont but no fine if you have the header unneccesarily.
Especially if your definition is contains user contributed content. That is all sites with a comment field. What really is left? I'm not sure i have even visited a site in the last month that wouldn't fall under this.
This can also be broadly implemented, any other technical solution won't be widely spread anyway.
I don't think authorities care about child protection though. They could have legislated malicious advertising practices and a lot of similar bad influences, but didn't.
No harm in people reaching out to their politicians state and federal. The more people that bring it up the better. Let them know your childrens data will not be shared and when the data is leaked you will hold the politicians accountable.
The entire site shouldn't be blocked; the browser needs a way to tell the website "my parental controls are enabled and I need to you to filter out age-restricted content".
Alternatively, the RTA header/meta could include a parameter/attribute for an "alternate URL" to load when parental controls are enabled. This could be useful to allow sites to present a custom error-type response, but could also be used to automatically redirect the user to similar, but age-appropriate, content.
Anyway, this all ignores the fact that "protect the children" isn't really the goal here: it's to slowly eat away at our ability to be anonymous (even read-only anonymous) on the internet. Age verification is just a watered-down way of saying they require positive identification, and eventually our hardware will have to cryptographically attest we are who we say we are. I really hope this isn't inevitable, but it's starting to feel that way.
https://webmasters.stackexchange.com/questions/140733/how-to...
They stop trying to put everything in a different category and treat RTA as the person under the age of consent must get approval from their parent or legal guardian. Keep it simple.
Google's doing that for them though.
Defining a new header isn't hard; the hard part is getting consensus and adoption.
Are today's videos beheading's without blood, with blood, with or without anguish, with nudity, without nudity, etc... After a while it gets out of hand.
It turned out the internet was too dynamic so the RTA header was created to just say "adult".
Correct. Until parent or guardian puts in password next to the text that says "Approve this site, forever."
You gave me an idea. Maybe there could be categories similar in concept to those that exist in corporate firewalls today that say things like:
- News Category (Known to be SFW)
- News Category (That may be NSFW)
- Child friendly sites
- Social media sites
... and so on.
This could be crowd sourced, ideally in a way that can not be gamed. The masses could flag/report false claims. That, or just keep it simple. ad-hoc input of permitted sites by parent.
The problem with defining categories is that artists will do their best to defy categorization. That has been the nature of art for as long as humans have been making art.
I do not have a proposal for that. I'm only covering the issue of sharing any personal attributes of a child or anyone with any corporations as they have proven time and time again they can not be trusted with it. If anything they have proven beyond any shadow of doubt they can not be trusted with anything.
I will leave the NSFW definitions to yourself and others. Since the W stands for Work I guess company management and HR get some say in it too. I don't know where they get their standards from.
Ages ago I worked for a company that hosted porn and their standards were uniquely liberal.
I think I know what you meant and sure we can keep it simple. Site is approved by a parent or it isn't.
It's useful to contrast this with the various device-based mandates that have been created in order to get a sense of what legislators seem to be trying to do. With that in mind, a few points:
* What you are proposing allows parents to opt in via parental controls, but age assurance mandates (both device-side and server-side) tend to require positive action to enter unrestricted modes. In some cases (CA AB 1043, for instance), this is just a matter of entering your age. In others, you actually need to demonstrate your age via some technical mechanism.
* While many age assurance mandates focus on adult content, which is primarily consumed via the Web, others (e.g., Australia's Social Media Minimum Age) focus on social networking, which is primarily consumed via apps, so anything that is Web only will not be effective.
* Site-level granularity isn't really fine enough in some cases. For example, the New York SAFE for Kids act prohibits certain behaviors such as algorithmic recommendations when a user is a minor, but doesn't require blocking minor usage entirely. It's potentially possible to implement this with something like RTA, but it would have to at minimum be at much finer granularity.
Section VI of https://kgi.georgetown.edu/wp-content/uploads/2026/01/Age_As... goes into quite a bit more detail about various architectures (disclaimer, I'm an author).
None of this is an endorsement of age assurance techniques; I'm just trying to help flesh out the situation.
> All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion.
It's a bit late for that, given that around half of US states already have some kind of age assurance mandate.
Perhaps late to solve this globally but parents can still install parental control software if they so desire and can still intervene locally to prevent sharing data with 3rd parties. At worst this means small children might not get to visit social media and other assorted sites and I am fine with that. I think a number of parents would be fine with that as well.
Sites can voluntarily label as some do. It just means that parental controls would have to default to blocking everything until approved and while sub-optimal maybe that's what people will have to do in order to avoid the evil pattern of sharing data with all the websites that will ultimately leak, or "leak", be sold, stolen, etc... Good parents will not participate in the evil patterns of sharing their children's personally identifiable information.
When the PII of children is ultimately shared with evil people the children once adults will resent their parents for not protecting them.
- To all parents here, your children have no idea what risks are out there including devious companies that want their data. They will one day be adults if all goes well. Protect your children as corporations and governments will not. They will thank you when they find out all their friends data was shared, leaked or otherwise abused forever.
Certainly parents can install parental control software, but what does this have to do with children's PII being shared with sites?
Just so we're on the same page, the way AB1043 works is that the OS determines the user's age and then shares the age bracket with apps. No PII is shared with sites (this is not to say that the age isn't sensitive, but it's not PII as usually regarded). Is your concern here that sites get access to children's information because children visit certain sites regardless of legislation? That's a real thing, but it seems mostly orthogonal to age assurance.
The parent can block or just never approve all the sites that require PII.
but it's not PII as usually regarded
We will never agree here. All the companies I worked for financial considered any attribute of the person to be PII, even their IP address. We were audited very strictly on this. If a users age was disclosed to a third party without their written consent that was a contract violation and came with severe monetary penalties. Parents should expect this to be the minimum standard. It's their children, not the corporation or governments children.
Again, this isn't an endorsement of these mandates; I'm just saying that what you're proposing here doesn't address the objectives that policymakers who are in favor of these mandates are trying to achieve.
Oh trust me, I get it. They and I will never align. I know I am beyond beating the dead horse. It's gone from bone dust to micronized dust to sub-atomic particles to sub-quantum particles at this point. That poor horse will never be forgotten. Perhaps it is an illness on my part but I will find a way to bring this up every time until the year 2150 after which point this will be the least of anyone's concerns.
Your cite is an earlier post of yours which says
> The one and only method I will participate in is server operators setting a RTA header [1]
and that cites a still earlier post of yours
> I stand by my repeated statements of how this could have been solved simply using an RTA header [1]
which finally actually cites¹ something that explains what the heck on RTA header is.
It would be quite a bit more reader friendly to cite https://www.rtalabel.org/page.php rather than make the reader traverse a linked list of comments to get there.
¹https://www.rtalabel.org/page.php
B) How would your RTA header intersect with content rating in different jurisdictions? What if the content is illegal for children in Turkey but legal for children in Kentucky?
For topic (B) companies can set or not set the header based on GeoIP. Not perfect but GeoIP is already used in load balancers, web servers and applications.
For (B), your proposal requires the website have a database over current rules in every country they would be accessible from. Would a website then, in your opinion, be responsible for the accuracy of this database? We have to presuppose an official GeoIP source that would then be legally binding and under democratic control, but given such a database, would a website serving a wrong header to an IP associated with a specific country then be committing a crime in that country? What would the punishment be?
For (B) this is already a thing. Porn sites and already doing this. Instead of blocking a region I am proposing to stop blocking and instead the law permit them to just add a header. The only people I can imagine apposing this are commercial VPN providers.
I think a better example might be places like polymarket (not allowed to operate in us) or usatoday (serves an EU only version with no cookies). The technical limitations on those systems are both GeoIP as far as I'm aware, and that seem sufficient for regulators.
What I find more interesting is that what you want is within the scope of this law. It's only required that the operating system takes in your age from an admin, from there the application (user agent/webbrowser) is supposed to handle the blocking, which it could do with a header as you suggest.
I will note that you are going to find a lot of libertarians that would oppose banning GeoIP circumvention.
An intern could also just delete the product which would also "solve" this "issue". The fact that it's easy or cheap is not significant to the problem at hand.
> should be doing is setting an RTA header
Many sites will just set the header by default. Now you've created a problem.
> then progressively fine them into oblivion.
This does nothing. See: Ofcom vs 4chan.
> device mandates
Mandate that the device provide an API for child protection software. Then it's up to individual parents to decide to install that software or not. Then we also get competition in this market rather than relying on whatever solution an intern cooked up one day.
Many sites will just set the header by default. Now you've created a problem.
I am not seeing a problem. Kids need not access those sites unless the parent or legal guardian approves it. Sites meant for children would not be adding the header.
[1] - https://news.ycombinator.com/item?id=47953096
Is Wikipedia "meant for children?" Should they be fully denied access to it? Should Wikimedia be fined if they make a mistake? If they get fined often enough do you think they'll just turn the header on everywhere in order to avoid risk?
Replace Wikipedia with any other mixed content site you prefer.
Add it to any site not specifically meant for children, that is totally fine.
[1] - https://www.shodan.io/search?query=RTA-5042-1996-1400-1577-R... [ Follow Links At Your Own Peril ]
- Browser detects header. Prompts for local password to access site.
- Child does not know password, picks a different site or begs parent for access.
- This is now between small child and parent. No third parties, no tracking, no telling website the users age, no local or remote API's sharing data.
- At some point if all goes well the child will be an adult and will thank their parent for looking out for them when all their friends data was sold and abused.
The problem is that the point is to root everyone's devices. Anyone explaining how easy this is would be pushed out of the conversation as fast as if they were advocating for single-payer healthcare.
edit: I've been advocating the nearly identical but opposite solution - restricted access sites shouldn't respond to requests that lack an appropriate age/content restriction header. If they do, jail them.
They're literally going to have to do this anyway. Rooting people's devices to force them to lie about their age when they install their operating system is an absolutely fake pretendy solution; the only way it works is if you have to verify your age with some government agency when you install an operating system, in order to make that OS age official. The point is the identification.
It's still a stupid unconstitutional law, but I see what the aim is, even without strawmanning it.
Different states, countries, and multi-country organizations that have legislated in this area or are working on legislating in this area have went with many different approaches. These differ in their scope, how age is verified (or even if age is actually verified), what documentation is required (or even if documentation is required), whether they apply to the web or to apps or to both, whether they make anonymous use harder or not, how much if any sensitive information they disclose to the apps/sites that need to check age, whether they could allow government to track your usage, and in other ways.
Most ridiculous are the comments that after saying how bad it is (clearly talking about things not in the California law) then say how it should work and describe something close to the California law.
It is kinda silly to read comments that do what you mention at the end (have a seemingly novel idea to fix the issue at hand and their solution is the one from TFA). That's just embarrassing.
But I feel like the rest of the discussions are fair game.
this act is pushed by the NGO 501c3 called Common Sense Media, their donors include Bezos, zuckerberg, and other rich people.
The same NGO also created a platform called Bandio that provides age verification services. How convenient.
Legislate restrictionist policy today that manufactures demand for age verification service, and then rollout the solution for $$$.
How convenient, muh free market capitalism.
Common sense media also earns $15 mln revenue from licensing its content rating technology.
Did someone write California Internet legislation without consulting any California Internet companies?
Did some California Internet companies write California Internet legislation?
Did some other party write California Internet legislation?
Meanwhile, while the overall writing clearly indicates the author has a very narrow view of "computers", the definitions of the terms is so broad that every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
Why do I keep seeing this bullshit exaggeration? It doesn't help anything to make such ridiculous statements. Nobody's microwave oven has an app store.
Meanwhile, Samsung refrigerators can have an app store.
https://captaincompliance.com/education/meta-is-spending-2-b...
> On every social media regulation bill in Colorado, Meta takes an "Amending" position, actively fighting changes. Across 117 lobbying records on 22 bills:
> Bills regulating social media: Meta position is "Amending" (fighting) > The one bill putting the burden on OS providers: Meta position is "Monitoring" (watching)
> Meta fights bills that regulate Meta. Meta watches bills that regulate everyone else.
So their lobbyist choosing not to fight against the OS age gating is the big reveal.
I still get downvoted for pointing it out and trying to ground the conversation in facts. As you noticed the story continues to thrive on bad news sites and social media.
That seems right for current-day HN lol. I got downvoted for pointing out obvious inaccuracies in another comment.
It’s amazing how that one AI slop project that made this claim got so many people to believe this number.
Spreading this disproven AI slop around isn’t helping. It just makes opposition look like uninformed conspiracy theorists who can’t fact check anything.
During the meeting, Meta executives, including Antigone Davis, global head of safety, are understood to have argued that any age checks should be handled on a smartphone operating system rather than by the likes of Meta.
https://www.yahoo.com/news/politics/articles/meta-urges-labo...
Source: Some guy on Reddit, trust me bro
The bill is written 'do good, stop bad stuff by establishing a committee or group to make sure fund good stuff, bad stuff doesn't happen' then the law passes and lobbyists write the details that fund the programs that tax the people that generate the income for companies that donate to the politicians that sell their votes to the lobbyists and interest groups.
California politicians start with the end goal "maintain power, secure revolt, obtain capital, deny failure".
It goes beyond lying to your face. They will be convincingly genuine, heartfelt, while finding a way to extract as much as possible for themselves, by extension their party, by extension the 'government' and do absolutely anything to keep the illusion that you have a choice, a vote, and a voice.
I lived here my whole life. These politicians are evil. Lie, cheat, and steal - deny if caught, punish if provoked.
Why would it affect the entire world?
One technological backwater is Having A Massive Sad over people using rude words on the internet, so they think they can tell everyone else what do to?
This is the classic "what we're trying to do is bullshit on a fundamental level so we're gonna just exempt random things until it becomes a niche issue and we can just do what we want and from there we'll just close all those exceptions over time" move.
Give it 5yr and you'll have idiots in the comments talking about how the "linux loophole" was a mistake and should be closed.
Source: history
If OSes that don't verify the age of their users are a genuinely unsafe for children, why should they be allowed just because they are open source? That doesn't seem to mitigate dangers associated with age in any away I can identify.
It's kind of a hard problem and legislators are inclined picking the lowest hanging fruit. Their primary concern is to not be smeared as child predators by their political opponents at the next election, eg "jwitthuhn voted to give gambling websites, pronographers, and pedophiles easy access to YOUR children - s/he OPPOSED age verification laws on internet sleaze!! Who's jwitthuhn really working for - you, or the people who want to exploit your kids?!!"
One can point out that such electoral pitches are dishonest bullshit until one is blue in the face, but the fact is they work on a lot of voters because most of them are not smart and don't have the energy or inclination to research every issue. And it is true that there are a lot of hustlers on the internet who are willing to either passively or actively exploit kids, and the anonymity, non-locality, and technical complexity of the internet makes that relatively easy to do and hard to prosecute. Legislators offer simplistic solutions because that's what a most of the public wants, and people often make their voting decisions based on emotional factors rather than cold rationality.
You don't need mustache-twirling villains saying 'let's impose burdensome techn regulations that perpetuate oligopolies and allow me to make another trillion dollars, a few million of which I'll send your way, mwhahahaha' to get shitty legislation (which is not to say they don't exist). It will emerge naturally by default if other conditions are right.
This is what I intend to do. To just let lawmakers get away with passing bullshit because "of course they will" is a defeatist attitude that I don't advocate.
That is why it is so important to be loud about this incredibly obvious disingenuous behavior. Make sure everyone knows the people advocating this do not care one bit about children's safety.
Democracy, like the free market, is viable only for informed participants. But once a certain large mass of participants are no longer informed - willfully or not - the system fails for all participants.
Banning or limiting addictive features like algorithmic feeds would be regulating the companies.
Desktop and mobile Linux is an extreme niche and alternatives to Linux are practically nonexistent. I'm not surprised law makers might not have known that there are operating systems not made by for-profit companies.
Maybe it should say, the software 'code' - requiring open source code - and to do it all 'for free'.
What is maddening is how often people think such laws are about limiting the influence of "big tech." Big tech isn't going anywhere because of these laws, you are.
Megacorps seize the demand for regulation (to regulate them) in order to write regulation that purportedly does that, but in practice mostly closes the doors behind them and cementing their stranglehold on society. For Microsoft, Apple, and Google it's a small thing to agree to age verification if that means all the potential competitors will have to do so too.
The cheapest time to shut down a competitor is before they get to market.
Really, my main complaint comes down to: I completely disagree with what these services choose to restrict for kids and what they allow.
They block my kids from doing things I have no problem with them doing and they allow things I would never want my kids to do in 1000 years. It is incredibly frustrating.
Often times, there is literally no way for me to bypass some stupid restriction they put on my kids, so the only way I can get it to work is to help my kids lie about their age… and at that point, I lose the ability to actually block things I care about.
These laws are just going to make it worse. I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself, and you can choose some presets for parents to use, but don’t force me to use your definition of age appropriate.
I agree. Parental controls have been the norm for thirty years. The adult who owns the device should have control over it, not Microsoft or California.
My main thing is I want to be able to opt in or out of various filters. I don’t mind if my kids want to listen to music that has swear words, but I don’t want them watching videos where they give horribly sexist pickup artist advice.
This isn’t just about what I feel is age appropriate, either. It is also about what I know about my kids.
My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her. On the other hand, my 7 year old is obsessed with scary things and I don’t mind if he plays zombie video games.
The difference between this and the usual "parental control" mechanisms is that what you're describing here is something the child wants to cooperate with, voluntarily. In which case, you don't need a mechanism that makes it absolutely impossible; you need a mechanism for helping them not see things they don't want to see. That's something some adults also want (e.g. tools for preventing oneself going to Facebook, or going to TVTropes for too long).
Now, sometimes my kids might not know they don’t want to see something, which is where my judgment comes in… but I don’t (or at least have not yet, anyway) feel the need to block my kids from watching things they want.
Now, I have spoken to my kids about some things they watch that I have issues with. I tell them why I think the content is problematic and why I would prefer they don’t watch it. But it is always a conversation rather than me just telling them they aren’t allowed.
I have been happy with how my kids have handled these conversations, and haven’t yet found the need to enforce specific rules yet. Even when they watch some things I don’t like, I have found it has made for really effective conversations about my values and what I hope their values are. Some of those topics are too abstract to have without having something tangible (like a YouTube video or channel) to center the conversation around.
Do you want to alter behaviors or lock children in a gilded cage?
I would never tell another parent they were wrong for choosing not to allow their kids to use the internet or consume certain types of media. Those are very personal choices.
My wife and I have deliberately have chosen what to allow our kids to do, and continually have talks with each other and with the kids about our internet usage.
I don’t feel the need or desire to seek advice or approval from random internet commenters.
Steam itself does age verification, which when you first boot a steamdesk, afaik it forces you to log into steam before you can do much of anything without some initial hackery. That said, once in there's nothing stopping them from launching into desktop mode, launching firefox, and watching pr0n that way.
Sadly the solution is still for parents to do real parenting, but that's like saying stupid people shouldn't breed.
It reminds me of clients wanting some stupid feature from app developers which does not fit into anything, and makes no business sense, and therefore creates only problems.
Of course this also means that the nerds who use linux or lineageos get to win cool points because they can access more adult stuff
… doesn’t that excuse Android and possibly XNU, too?
Or, they can have a license like the Business Source License where you can copy, redistribute, and modify the software but you can't use it commercially. This goes against OSI's open source definition.
We emailed this amendment to Buffy Wicks's staff:
§1798.504(f) This title does not apply to[...]:
(4) An operating system or application that meets both of the following conditions:
(A) The operating system or application is distributed under license terms that permit a recipient to copy, redistribute, and modify the software, including for commercial purposes and without payment of a royalty or fee.
(B) The operating system provider or developer does not, by technical or contractual means, prevent the recipient from installing modified versions of the software on a device on which the unmodified version operates, and does not restrict the functionality or interoperability of modified versions.
> copy, redistribute, and modify the software
Shouldn't that specify the code not or not only the software? For example, the corporate Windows license allows the corporation to copy, redistribute (internally), and modify (via group policy, APIs, or development on the Windows platform) the software. The big difference between that and Linux is licensees can't access the code. FOSS requires free access to, use of, modification of, and redistribution of the code.
That and lots of FOSS licenses use some variant of those words "copy, redistribute, and modify" so it's probably a term-of-art that courts recognize.
This is what Colorado's law says. It prevents Tivoization but not feature nerfing like the Play Integrity API.
§ 6-30-105 (3)
(e) AN OPERATING SYSTEM PROVIDER OR DEVELOPER THAT DISTRIBUTES AN OPERATING SYSTEM OR APPLICATION UNDER LICENSE TERMS THAT PERMIT A RECIPIENT TO COPY, REDISTRIBUTE, AND MODIFY THE SOFTWARE WITHOUT ANY PLATFORM-IMPOSED TECHNICAL OR CONTRACTUAL RESTRICTIONS IMPOSED BY THE PROVIDER OR DEVELOPER ON INSTALLING ALL MODIFIED VERSIONS.
I think we have our answer.
Sure, make it easy for users to do so, but it's a users choice.
Kids don't buy phones or computers, their parents do, and during initial setup, parents could choose "this pc is used by a child" option, input some override password to disable this in the future, and the phone could block whatever needs to be blocked.
It wouldn't take much for a kid to buy a phone or computer.
The reason is simple: the pattern I see hints that there is:
a) money spent, to push through age-sniffing, and b) it is happening almost globally.
I am not necessarily saying that all this can be singularized down to one bribe-using company, be it Meta, Google or what not, or state actors becoming beyond Evil. But just as the butterfly effect is used as analogy how a strong wind can be created further downstream, I see the situation here VERY similar. To me it is not confined to age-sniffing. Remember the sudden declaration of war by the UK against VPN. This is in my opinion connected here. The goal is not "protect the children" but instead spy more on people than before. A gradual extension of this. And some companies and private interests will benefit. See also the recent Palantir claim made against London aka "the major is responsible for more robberies when he refused to obey to our rule". These companies are greedy - and insolent.
Likewise, you'll have Microsoft and maybe Apple pushing for Linux to be included for, again, entirely self-serving reasons. Microsoft is never one to miss an opportunity to benefit Windows.
All that's going on here is competing corporate interests. Likely nobody in power actually cares the actual end users.
As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online. Advertising to children, harmful impacts of social media, cyberbullying, addictive behavior and selling the data of minors needs to stop. How we get there is unclear. Meanwhile, everyone responsible is just trying to limit and shift their legal liability and that's it.
[1]: https://www.politico.com/news/2025/09/13/california-advances...
[2]: https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b...
In jurisdictions taking the California approach Meta does not need to ask for anything like that. Their app just has to ask the OS, which reports the age bracket that was entered when the user account was made on the device, and the OS gets that information from whoever set up the account. The OS trusts whatever is entered at that time. No driver's licenses or passports or face scans or videos are involved.
> As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online
...and this is pretty much the way to do it with the least impact on privacy and anonymity possible without first building up some high tech cryptographic infrastructure that would likely include hardware requirements that would, at least at first, exclude users who do not have an iOS/iPadOS or Android device that has a secure hardware element.
Let's be clear what this means, "Meta is going to require" something. They'll require it to continue to do something, which is namely to be a bad company, running bad services, without pivoting to something else.
Of course, no one requires Meta to continue to be Meta. We'd protect people by requiring companies like Meta to request PII outright, because then the user is explicitly prompted to decide whether using Meta's services is worth surrendering their privacy. And if consumer sentiment and market forces mean anything anymore, that will incentivize Meta to replace their bad services with better ones, ones that don't cause them tricky liability issues.
In other words, forcing operating systems to demand PII from users from the get-go, regardless of the quality of that signal, and to broadcast that to any website, is not, as you put it, "the way to do it with the least impact on privacy and anonymity possible", etc etc. The "way to do it" is to phase out this rotten era of surveillance apparatus disguised as social media companies.
Sorry for being irate, it just feels like so many people these days arrive too quickly (for my taste) at conclusions without testing certain popular assumptions about the inevitability of tech oligarchy.
Just cuz today's ad-supported social media is bad for kids, doesn't mean everyone should have to verify their identity to use it. You can just make it 18+ and if kids lie to get around it that's not the end of the world. And in general, regulations that would make these things better for everyone would be better rather than just saying kids can't use it and not fix the actual problems with them
Adolescents are not going to be defeated by such easily bypassed technical measures.
These laws are a trojan horse for control of the adult population. The relative anonymity and freedom of the internet is a threat to those who spend their lives seeking power over others.
I appreciate that people are concerned for their children, but we can't keep signing away basic rights and freedoms just to allay parents' anxiety for another few years.
I hope you are never, ever in a position to set any kind of societal policy.
I repudiate your statement that "We certainly need surveillance".
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful. Note this one:
"Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith."
As for what drove him instead.. I suppose we will never know.
All we can know for certain is that the whole thing felt _very_ inorganic and not like something a reasonable human being would just start doing out of the blue.
(Corporate) politics love plausible deniability, so maybe it was just inherently human randomness. I'm sure it was. Please move along.
And you would doubt it too if you would look at the actual person that is Lennart beyond the "Pulseaudio bad. Systemd bad. Lennart bad." meme.
Very different handwriting too.
- an "extended machine": provide usable abstractions over the hardware to reduce complexity to a manageable level
- a "resource manager": provide for an orderly and controlled allocation of the processors, memories, and I/O devices among all the various programs wanting them.
By that definition, Linux is very much an operating system... unless by "Linux" you meant the kernel only without the additional tooling (systemd, libc, coreutils, shell, etc.) that distros ship with.
[0] https://en.wikipedia.org/wiki/Andrew_S._Tanenbaum
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
You wouldn't tell your mom about this great operating system she should use named "GNU/Linux". That's bad marketing.