Decentralized social network Mastodon says it cannot comply with age verification laws, like in Mississippi and elsewhere, and says it's up to individual server owners to decide.
The service provider could even generate a certificate request that the age verification entity signs (again, with no identifying information, other than “I need an age verification signature, please”). That certificate would only be valid for that specific service provider and can’t be re-used.
I give it 2 years till Netflix requires you to have an ID every time you open the app because it has rated R movies.
This is the same principle. The account holder agreement should make the account holder responsible for the use of the service.
The government shouldn’t be parenting our minors, their guardians should be.
Otherswise we should put digital locks on every beer bottle, pack of cigarettes, blunt raps, car door, etc. That requires you to scan your ID before every use.
“Kids shouldn’t be driving cars, it isn’t safe!”
Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
And the car is far more deadly than them seeing someone naked.
“Kids shouldn’t be driving cars, it isn’t safe!” Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
This is sort of my take. There’s a lot of fun to be had in discussing possible technical solutions to the problem. And technical solutions do exist. But they all have some sort of noteworthy downside, including relying on the government to build and maintain this signing server.
But the best solution, IMO, is much more low-tech. Parental controls. Mandate that all browsers and operating systems support a parental control API where apps and websites can request to know if a user is of age. Mandate that adult sites call this API. And put the onus on parents to actually set up parental controls on their children’s devices, with an appropriately strong password that the children cannot break into.
Oh, I was thinking the certificate would only be needed for signups - once the account is created, it absolutely should be on the account holder, not the service provider.
Philosophically I agree with you. I was just discussing a technological way to accomplish age verification without giving up users’ identities to a service provider, or the government knowing what service you’re using. Unfortunately, too many governments want to know what you’re doing inside your pants.
Yeah, there is likely a tech answer to this that would work. Coming up with one and them choosing not to use it makes it even more clear kids’ safety isn’t their goal.
The service provider could even generate a certificate request that the age verification entity signs (again, with no identifying information, other than “I need an age verification signature, please”). That certificate would only be valid for that specific service provider and can’t be re-used.
I give it 2 years till Netflix requires you to have an ID every time you open the app because it has rated R movies.
This is the same principle. The account holder agreement should make the account holder responsible for the use of the service.
The government shouldn’t be parenting our minors, their guardians should be.
Otherswise we should put digital locks on every beer bottle, pack of cigarettes, blunt raps, car door, etc. That requires you to scan your ID before every use.
“Kids shouldn’t be driving cars, it isn’t safe!” Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
And the car is far more deadly than them seeing someone naked.
Driving is a much more visible activity than looking at your phone in a locked room though.
This is sort of my take. There’s a lot of fun to be had in discussing possible technical solutions to the problem. And technical solutions do exist. But they all have some sort of noteworthy downside, including relying on the government to build and maintain this signing server.
But the best solution, IMO, is much more low-tech. Parental controls. Mandate that all browsers and operating systems support a parental control API where apps and websites can request to know if a user is of age. Mandate that adult sites call this API. And put the onus on parents to actually set up parental controls on their children’s devices, with an appropriately strong password that the children cannot break into.
Oh, I was thinking the certificate would only be needed for signups - once the account is created, it absolutely should be on the account holder, not the service provider.
Signups + random checks to prevent reselling accounts.
Why not apply this to the ISP account holder and trust them to protect their own kids the way they see fit?
Philosophically I agree with you. I was just discussing a technological way to accomplish age verification without giving up users’ identities to a service provider, or the government knowing what service you’re using. Unfortunately, too many governments want to know what you’re doing inside your pants.
Yeah, there is likely a tech answer to this that would work. Coming up with one and them choosing not to use it makes it even more clear kids’ safety isn’t their goal.