Same approach could have prevented the cookie banner disaster: Simply require websites by law to respect user settings. Like the DNT header or an "Underage: yes" header and almost all such problems would not even exist.
But obviously this is not what governments really want. They want control. They want to see people self-censor. They want the panopticon.
I completely agree. Android devices already have rudimentary access controls for kids through Family Link. I'd much prefer governments put pressure on Google, Apple and Microsoft to provide full control of locking down devices, apps and websites that can be managed through a kind of family service. Let me lock things down using government supplied blocklists, or google, apple blocklists with the ability to selectively enable whatever i want for the kids.
But wouldn’t that be too easy to counterfeit? Or if it were handled by a special government-approved piece of software that’s then just DRM all over again.
Counterfeit what? This is about labeling and filtering: the device doesn't present an ID, the device prevents the user from accessing content with/without specific labels if so configured.
Specifically, governments mandate that:
1. Websites/apps/etc. MAY label content (via headers) indicating when their content/service is/isn't appropriate for some specific audience (e.g., children) according to X/Y/Z regulations. Websites/apps/etc. MUST NOT incorrectly label their content.
2. Devices that can access the internet must not be sold directly to miners without parental consent.
3. Devices that can access the internet must include parental control software can be configured to allow/forbid all apps/content that may contain content not deemed suitable for children (in the jurisdiction where the device is sold).
Importantly, this kind of solution solves the "borderless internet" problem:
1. Device sellers are regulated in the jurisdiction where they sell the device.
2. Service providers take no (additional) per-jusrisdiction responsibility until they start labeling their content. By labeling their content, they are claiming to abide by specific regulations.
Is there any serious investigation or a good article that explain how these ID check laws got simultaneously rolled out in the UK, EU and Australia? As well as the main payment processors heavily restricting adult content? It seems like there are remarkably powerful groups pushing for these things, or maybe it really is just happenstance.
You might find the following video useful: https://www.youtube.com/watch?v=lJ2AokZujC0 (The UK’s Online Safety Act didn’t come from Parliament or the public) Jump to about the 4:20 mark to skip the history of Carnegie.
The video makes the case that it was private interests that pushed for this in the UK - specifically the Carnegie 'charity'. They apparently defined the problem (i.e. what 'online harms' are), lobbied for it to be addressed, and then largely authored the policy/solution.
Edit: The claim is also made that Carnegie operates parallel influence and alignment campaigns globally. That may reveal the link you are looking for.
Canada too. It’s corporate interests that want a government mandated customer base with a legal requirement to participate. Get ready for verified id on everything, and to pay for it via taxes.
Next step: mandate that every web site verifies the identity of its users, no matter the content, whether users register or not. Goodbye old style personal static sites and blogs. Everyone forced to join a content silo or serve no content.
An additional consequence is it’s going to be significantly harder to set up an alternative social media site, as you’ll have to play by these rules which might end up favoring a certain provider’s implementation, or delegating the government the ability to shut down your site on a whim (even if through a court). This, I think, is way more concerning than having to ID your account on Meta.
It didn't, quite. The UK has been trying various laws like this for a very long time, and nearly passed something massively more censorious nine years ago (IMO the OSA is not censorship) and then backed out.
The OSA has actually already been law for about two years!
It was just awaiting secondary legislation (statutory instruments) that Ofcom has been developing, in conjunction with industry.
The web industry either knew or really if it was responsible and serious should have known this legislation was coming in 2025. Ofcom have not kept secrets.
So if there is a co-ordinating entity, it's likely the porn industry itself and in particular Aylo/Mindgeek, who would very much like a situation where governments let them show porn to people they can sell things to, and who therefore stop using Visa and Mastercard as proxies.
And, again, for clarity: the OSA does not require you give "ID" to any porn sites. Just that you verify your age via mechanisms that might include making a small credit card payment or visiting a link on your phone (since your phone will need to have been unblocked to view adult material, which is an industry standard parental control since on-device controls are often either non-existent, easily-circumvented or utterly confounding)
Anecdotal but my UK friends ere blindsided by this too, at least a number of them who are otherwise quite clued in. They said they felt like they had no idea this was coming at all.
No idea? But it was enacted into law two years ago, and we (web developers in particular) should have easily been aware that it set timescales for things.
It didn't come out of nowhere -- it literally came out of the previous government and a Queen's Speech.
the mandate existed forever in different levels, but now they actually finally ended up deciding on waht kind of techinical implementation would exist.
Plenty of these groups pushing these laws are already publicly linked via $ and staffer revolving door: DonorsTrust -> SPN -> ALEC -> CLI -> Heritage -> $ from Dunn & Wilks and other christian millionaires -> continue the circle etc. [6, 7]
Their playbook - which is sadly working:
- far right christian anti-porn, anti-lgbtq crusaders use 'child safety' or revenge porn to organize public outrage and direct that pressure on the choke point of payment processing. For example the writer of the viral pornhub article worked for anti-porn christian group that also helped pass extreme anti lgbtq laws in africa, such as Uganda's gays “should be castrated” insanity [1]
- Recent Australian version of this same story. Again, the buried lede is going after queer content (not by accident) [2]
- Same in the UK: ADF creates UK branch. CARE, Christin Concern, etc. Same anti-porn, anti-lgbt. Same tactics and messaging. Also throw in anti-abortion. [3, 4]
- Groups like Heritage & ALEC & SPN put out the blueprint and write the actual laws. Copy paste across red states. For instance Project 2025 advocates sending porn producers to jail & again backdoors targeting of Trans and queer people [8]. Another example in Tennessee [5]: define drag as adult only. impose narrow worldview that any gender expression not assigned at birth is wrong and adult only (pornagraphic). Just throw away 1a and dare scotus to blink on law 'loopholes' with private right of action b.s.
It's all just to inflict their christian worldview and 'morals' on the rest of us.
You know the porn thing is just a b.s. excuse to get their foot in the door because only a couple of large companies like Aylo (formerly Mindgeek) comply. They are the only porn sites with the $ and morals to actually moderate in the first place.
Whilst the other 99% of the internet is just an open stream of content with no care & no humans in the loop.
Therefore it's all just virtue signaling at best, and personally I see a very organized sinister plot to impose christian rule. Could you imagine if it was a muslim group organizing at this scale? Sharia anyone?
Ah yes, the eternal horseshoe of censorship, where both ends of the political spectrum discover they're passionate defenders of "the children" and "democracy" whenever it's convenient for controlling what others can see and say.
The same payment processor chokepoints and platform pressure tactics you're describing have been gleefully wielded by progressive activists to deplatform "dangerous misinformation," "hate speech," and "extremist content."
Remember when everyone cheered Mastercard and Visa cutting off WikiLeaks? Or Cloudflare and Kiwifarm? Or celebrated when payment processors started dropping anyone deemed "problematic"? The infrastructure for financial censorship didn't materialize overnight when Christian groups discovered it existed.
The left pioneered the modern "advertiser pressure" playbook - organizing campaigns to get platforms to ban everything from "Russian disinformation" to "COVID misinformation" to whatever qualified as this week's "stochastic terrorism." The same NGO-to-government pipeline exists there too: activist groups coordinate with sympathetic staffers, push model legislation, and pressure companies through ESG scores and brand safety concerns.
Both sides have their "think of the children" trump cards. One side waves "grooming" and "pornography," the other waves "radicalization" and "harmful content." Both genuinely believe they're saving society from moral decay, they just disagree violently on what that decay looks like.
The real tragedy is that both camps are so busy fighting their culture war that they've handed unprecedented censorship power to payment processors and tech platforms who answer to no one. Congratulations to both teams - you've successfully created the infrastructure for whoever wins to impose their vision of morality on everyone else.
I know it is not the same as ‘prove who you are to surf’ but when I open the page and am greeted with a note that explains that, in exchange for reading the article, The New Yorker will share my personal information with 219 different partners, you sort of wonder where the anonymity they are so worried about has gone.
>> "We, and our 219 partners use cookies and similar methods to recognize visitors and remember their preferences. We may also use these technologies to gauge the effectiveness of advertising campaigns, target advertisements, and analyze website traffic. Some of these technologies are essential for ensuring the proper functioning of the service or website and cannot be disabled, while others are optional but serve to enhance the user experience in various ways. We, in collaboration with our partners, store and/or access information on a user's device, including but not limited to IP addresses, unique identifiers, and browsing data stored in cookies, in order to process personal data."
The writers and editors understand that privacy is central to their lifestyle and work - few sources will allow exclusively on-the-record interviews.
The accountants that pay the writers and editors believe that, to make the math work of "Cheap enough that a viable number of subscribers will pay", the subscription must be ad-subsidized.
These are two seperate groups, and lumping them in to call them both hypocritical is lazy in thought, or ignorant in recognizing that the New Yorker is more than one person. Yes, change should start at the paper running the story. The fact they haven't yet convinced all their subscribers or accountants, and ~~possibly not even~~ presumably the public at large, does not detract from their point.
The internet badly needs a standard system for people to verify their age*, identity**, etc but it's a terrible idea for that system not to be pseudonymous.
* as in "I am over n years old", not "my exact birthday is nnnn-nn-nn"
** as in "I am a unique human you know as <uuid>", not "I am John Q Smith"
> "I am a unique human you know as <uuid>", not "I am John Q Smith"
That just makes <uuid> an identifier like your name. <uuid> becomes yet another piece of PII, increasing your exposure.
Further, it will even inevitably get linked to your other identifiers in various databases over time. This problem is why pseudoanonymization isn't really that useful.
So for example, your ID card could have [Name, Pubkey, DOB] signed by the issuer, where pubkey is a pubkey for the ID card holder that supports unique signatures. The card has contains the private key and can sign with it.
Then to gain access to AdultsOnly.com you sign "AdultsOnly.com" and hash the result. This value is your site-identity.
You hand the site the site identity and a zero knowledge proof that you know a [Name, Pubkey, DOB] and valid issuer signature with DOB<=DATE and pubkey matching the signature that went into the hash.
Now they know you have an ID by that issuer with an acceptable DOB, and they know that one ID == one account (so no leaked/cracked ID being used to let everyone in). But they cannot link IDs between different sites or with names... if the private keys are not possessed by the state (e.g. generated by you when you get your ID) not even the state could help convert ID to names or link IDs between different sites.
The idea isn't that a human gets one uuid to be used everywhere, but that each site gets one of the human's many uuids. Someone still needs to track which uuids belong to which human, but at least it's not a random, possibly insecure or disreputable website.
This can only be done by delegating the verification to national eIDs systems. This way the website simply asks the government: is this person >18? and the trusted government platform can reply without disclosing additional information.
It doesn't need to be a national system. The relying party could give the browser a list of acceptable token providers to choose from, and the browser selects one it knows the user has already registered with, for example. There's no reason a private party couldn't be considered trusted to perform identity verification (e.g. banks have KYC requirements already).
Apple and Google are working on that but it isn't available everywhere yet so a lot of sites are outsourcing age checking to various untrustworthy companies.
It seems enormously underreported that the European Parliament has already voted in favor of a law that mandates age verification for pornography with a one year prison sentence. It was included as a last minute amendment into this bill [1]. See "Amendment 186".
The full accepted article reads: "Disseminating pornographic content online without putting in place robust and effective age verification tools to effectively prevent children from accessing pornographic content online shall be punishable by a maximum term of imprisonment of at least 1 year."
It's not law yet, as the first reading is now sent back to the Council of the European Union, but I don't think it's very likely it will get a second reading.
I’ll say it again: the fact an adult has to sign up and pay for internet service and devices that can access those services should be all the age verification needed, full stop.
If parents don’t want kids getting into mischief online, then they need to restrict device and network access appropriately.
The internet was never intended for children, and we need to stop placing the onus on other adults to police themselves instead of on parents to police their children.
I disagree. The internet was intended for children. It was intended for everyone. Getting access to information, learning material, how to's, class work, doing class work, research, etc are just as much a part of the internet as surfing Pornhub or gambling.
I do agree with everything else though. The onus is on the parents to do their job as a parent. If the goal is to protect children then improve the tools available to parents. They already have tons but the work is never done.
The internet was never intended for children. It was intended for everything you said above, but with the intention for adults to access that content and self-moderate.
For kids, we had services like Prodigy and Compuserve that distilled the internet into approved content suitable for minors. We can - and probably should - go back to that, rather than throwing youth onto the regular internet and letting them fend for themselves online.
I disagree with your agree. While the “buck stops (t)here” with a parent, we also live in a society with rules and expectations around what a youth can access and what there is expectation on all of us to play by those rules.
My child cannot walk into a gas station and buy beer or cigarettes, cannot buy liquor, cannot buy a machine gun, cannot walk into an adult book store or a strip club, cannot operate a motor vehicle.
If you, an adult, aid and abbet my child in any of these activities you’re likely going straight to jail.
You do not magically get a pass because “the internet.” We live in the real world, with laws, with rules, with social expectations. It’s time for the free pass to end.
The goal has nothing to do with children, this is control.
The UK has a long long history of over reach with all of theses initiatives.
The UK governments is desperate to keep a increasingly fragile society from boiling over and their natural inclination is to censor, it's what they have always done.
your both wrong ;) the internet was almost unintentional, anybody but geeks useing it is just an accident......moving forward... it seems that everyone must be given a phone number, an email.address, a web site that functions as a personal repository, and store/business portal, blog, work space, etc,etc and that priviliges acrue, naturaly through time and effort. Kids could be automaticaly tied to and supervised by parents, and be flat out unable to get into the adult web.....and adults would be flat out prevented from partisipating in the kido-verse
cept perhaps parents through,(sigh) moderated forums where they could deal with, the, inevitable.....
There's a lot of precedent in the real world to force providers of a service/product to verify the age of the consumer. What is so special about services delivered over the internet?
I think this pov tends to come from people that are nostalgic for the wild west days of the web. It doesn't matter if the internet was not originally intended for children -- they're here, en masse, and now society is looking for solutions.
> What is so special about services delivered over the internet?
Metaphor time:
Consider a liquor store in a physical space, and a porn site on the internet.
The liquor store requires ID at point of sale because it has limited entry and exit into the building. It has physical restrictions making it harder for minors to enter, and harder to exploit their way into accessing age-restricted items. This is because the physical world is always shared by default, and we must make rules securing adults-only spaces in a world that’s intrinsically shared with children.
A digital porn site exists on a realm solely built by adults, that requires adults to access in the first place. A child cannot sign up for an ISP, a child cannot buy their own cellular phone[1], and a child cannot decide to share their coffee shop or library WiFi for free to everyone within range. At some point, a child requires the assistance of adults to enter the internet. That makes the internet a de facto space for adults first, not children, and that is why I vehemently disagree with vilifying the majority of users (adults) just to “protect” kids who will bypass those age checks like they’ve successfully done for decades.
There will always be youth finding a way to procure pornography, drugs, or alcohol underage. The difference with the internet is that it’s by adults, for adults, and that children are guests who should be supervised by adults in their circles - not by policing all the adults online through intrusive surveillance measures.
[1] Children can, of course, use cash or cards to buy prepaid phones and airtime in many countries. I do not think this should be allowed and would be a better venue to restrict access than a surveillance state.
If a bartender asks to see your driver's license, that's fine. Now imagine a bartender asks to see your driver's license, and then run it through a scanner to capture a digital image of it, which they then store in a folder for the owner to peruse at their leisure. It's not the same thing, at all.
In the real world, we have many businesses which will look at ones gov't issued ID, most bars for instance. We have other businesses which will record the information off ones ID, most dispensaries for instance. I will go into the first. I will not go into the second. Verifying my eligibility is one thing. Recording my data for later use is a very different thing. I can tell the difference in the real world because I can see the process. Online, it is impossible to tell. Providers can build a reputation for privacy, think Proton.
You say we are looking for solutions. There are better solutions, including privacy preserving solutions, which can work. We just don’t have any of those yet.
>What is so special about services delivered over the internet?
The most dangerous people on earth who are not in prison are on the internet; It is an adult place. Making it look like a child friendly place will not change this. But it will lure more kids online unsupervised and unprotected.
One of THE major selling points for the internet is the option of anonymity, is that true for your other examples? I'd add what exactly is the point in this context? For alcohol sales or tobacco sales you can see the rationale in public health, clearly stated data about reducing accidental deaths, road accidents, and violence.
It was never about "protecting the children", that's just the glazing they wrap internet censorship in so citizens would swallow it.
Case in point, the same UK politicians who try to burry the Muslim grooming gangs story where kids got harmed, are now suddenly the ones pushing for Internet ID to "protect the children". If they cared so much about the children, why didn't they go after the grooming gangs immediately, instead of trying to hide it.
What they want is internet censorship, to take away the internet freedom of assembly, the ability to control and ban any criticism from the public targeting politicians and the elite the same way they do to mainstream media. No more people taking about political scandals, corruption, illegal immigration, sex scandals, Epstein list, Ukraine, Gaza, law enforcement abuse, mass shootings, etc, they don't give a damn about the kids.
I’m aware, but I go right back to the substance of the original conceit instead of letting myself get dragged into the details; that’s how you get these ghouls accusing you of being a pedophile or claiming you want to show children pornography in the classroom.
You gotta attack the root argument: this space was never intended for children, and it is the sole responsibility of parents to protect their children in adults-only spaces like the internet.
> Case in point, the same UK politicians who try to burry the Muslim grooming gangs story where kids got harmed
Please don’t spread lies to make your point. The current Prime Minister was the DPP who oversaw the prosecution of the Rochdale scandal and worked on changing reporting and investigation. Listen to Andrew Norfolk’s interview with the News Agents if you’d like a citation.
I find it sad that all these problems have solutions already (see for example https://sovrin.org). You do not need a full ID or exact birthday to perform a check for age.
As usual, mental laziness means that complexity kills the acceptance of good solutions and instead we legislate privacy-invading garbage.
Yes — that was part of my point, actually. Insufficient adoption. If you read their documents, the concepts are there, quite valid, and the entire system is well designed.
But these kinds of solutions are "too difficult" and require thinking.
No, we most certainly should not! Zero knowledge proofs are not some magic privacy faerie dust that can be sprinkled around to provide any desired security property.
For this use ZKPs are trivially proxyable, and thus this type of system also requires additional security properties from treacherous computing [0] - specifically remote attestation which prevents your ability to run code of your choosing on your own device.
And Google (et al) are quite eager to supply this type of environment ("Safety" Net, WEI, etc). This is exactly why the new UK system requires the use of a locked down corpo-controlled phone, and why corpos are pushing this idea that there is a "secure" way this can be done.
Essentially they are advertising the cool privacy-preserving half of the system, without mentioning the necessary other half that destroys privacy and freedom.
[0] "trusted" computing in corpo speak. In other words, a crippled model of computing that the corpos can trust us to have.
Yes, you could use someone elses ID to access the porn.
That someone else could also sit next to you and press the button.
There is no solution that isn't 'proxyable' with the aid of the approved party. No solutions being considered are even particularly resistant to borrowing someone's ID or credit card, etc..
ZKP are no worse in this respect.
Adding treacherous computing doesn't improve any of them other than "approved software says its okay" is just a cheap (and fairly insecure!) way of implementing looksalike functionality to an actual cryptographic technique.
The problem with ZKPs, especially for age verification in the US, is that it you obviously still need some digital identity to perform the proof against. That not only doesn't exist in the US, but introduces a sensitive identity that like any other can be leaked.
The same is true for cryptocurrency of course but that risk is implicit in holding a private key to spend in the first place.
If there is no provable link between the service and the identity, however, there isn't that much harm in the leak itself. It just becomes a list of names and ages which are a dime a dozen on the internet. Hell, if the identity service was the government itself then it would be entirely useless outside of getting a list of people who have a driver's license (is this public info already?)
I'd prefer zkp if we're doing this at all, but I think you could go simpler still. Google is skipping it for accounts with an associated credit card, that would work in lots of sites really
Readit News
* It allows parents to decide what age to allow kiddo to see certain content, not the state.
* It allows others to restrict content too. E.g. a gambling addict who doesn't want to see gambling content.
* It has no risk of leaks etc for adults.
I'd like to see laws mandating that service provides respect a new content restriction header or something like that.
But obviously this is not what governments really want. They want control. They want to see people self-censor. They want the panopticon.
Fast forward to now, it doesn't seem a bad idea for them.
Parents also don't care if their kid is sitting 5h daily in front of some roblox gambling machine.
Specifically, governments mandate that:
1. Websites/apps/etc. MAY label content (via headers) indicating when their content/service is/isn't appropriate for some specific audience (e.g., children) according to X/Y/Z regulations. Websites/apps/etc. MUST NOT incorrectly label their content.
2. Devices that can access the internet must not be sold directly to miners without parental consent.
3. Devices that can access the internet must include parental control software can be configured to allow/forbid all apps/content that may contain content not deemed suitable for children (in the jurisdiction where the device is sold).
Importantly, this kind of solution solves the "borderless internet" problem:
1. Device sellers are regulated in the jurisdiction where they sell the device.
2. Service providers take no (additional) per-jusrisdiction responsibility until they start labeling their content. By labeling their content, they are claiming to abide by specific regulations.
The video makes the case that it was private interests that pushed for this in the UK - specifically the Carnegie 'charity'. They apparently defined the problem (i.e. what 'online harms' are), lobbied for it to be addressed, and then largely authored the policy/solution.
Edit: The claim is also made that Carnegie operates parallel influence and alignment campaigns globally. That may reveal the link you are looking for.
Before this I was only aware of a few instances of ID checks, like Utah and pornhub, or something?
Now laws are getting passed all over the place. Is this something that people really want? I guess I’m just out of loop?
The OSA has actually already been law for about two years!
It was just awaiting secondary legislation (statutory instruments) that Ofcom has been developing, in conjunction with industry.
The web industry either knew or really if it was responsible and serious should have known this legislation was coming in 2025. Ofcom have not kept secrets.
So if there is a co-ordinating entity, it's likely the porn industry itself and in particular Aylo/Mindgeek, who would very much like a situation where governments let them show porn to people they can sell things to, and who therefore stop using Visa and Mastercard as proxies.
And, again, for clarity: the OSA does not require you give "ID" to any porn sites. Just that you verify your age via mechanisms that might include making a small credit card payment or visiting a link on your phone (since your phone will need to have been unblocked to view adult material, which is an industry standard parental control since on-device controls are often either non-existent, easily-circumvented or utterly confounding)
It didn't come out of nowhere -- it literally came out of the previous government and a Queen's Speech.
Plenty of these groups pushing these laws are already publicly linked via $ and staffer revolving door: DonorsTrust -> SPN -> ALEC -> CLI -> Heritage -> $ from Dunn & Wilks and other christian millionaires -> continue the circle etc. [6, 7]
Their playbook - which is sadly working:
- far right christian anti-porn, anti-lgbtq crusaders use 'child safety' or revenge porn to organize public outrage and direct that pressure on the choke point of payment processing. For example the writer of the viral pornhub article worked for anti-porn christian group that also helped pass extreme anti lgbtq laws in africa, such as Uganda's gays “should be castrated” insanity [1] - Recent Australian version of this same story. Again, the buried lede is going after queer content (not by accident) [2] - Same in the UK: ADF creates UK branch. CARE, Christin Concern, etc. Same anti-porn, anti-lgbt. Same tactics and messaging. Also throw in anti-abortion. [3, 4] - Groups like Heritage & ALEC & SPN put out the blueprint and write the actual laws. Copy paste across red states. For instance Project 2025 advocates sending porn producers to jail & again backdoors targeting of Trans and queer people [8]. Another example in Tennessee [5]: define drag as adult only. impose narrow worldview that any gender expression not assigned at birth is wrong and adult only (pornagraphic). Just throw away 1a and dare scotus to blink on law 'loopholes' with private right of action b.s.
It's all just to inflict their christian worldview and 'morals' on the rest of us.
You know the porn thing is just a b.s. excuse to get their foot in the door because only a couple of large companies like Aylo (formerly Mindgeek) comply. They are the only porn sites with the $ and morals to actually moderate in the first place.
Whilst the other 99% of the internet is just an open stream of content with no care & no humans in the loop.
Therefore it's all just virtue signaling at best, and personally I see a very organized sinister plot to impose christian rule. Could you imagine if it was a muslim group organizing at this scale? Sharia anyone?
------
1 https://www.theguardian.com/world/article/2024/may/30/us-far...
2 https://www.cbc.ca/radio/day6/steam-itch-takedowns-credit-ca...
3 https://www.theguardian.com/uk-news/2025/apr/02/us-anti-abor...
4 https://care.org.uk/cause/online-safety
5 https://time.com/6267962/tennessee-drag-bill-law-hold-friend...
6 https://www.influencewatch.org/non-profit/donorstrust/
7 https://www.sourcewatch.org/index.php/SPN_Ties_to_ALEC
8 https://www.msnbc.com/opinion/msnbc-opinion/project-2025-por...
The same payment processor chokepoints and platform pressure tactics you're describing have been gleefully wielded by progressive activists to deplatform "dangerous misinformation," "hate speech," and "extremist content."
Remember when everyone cheered Mastercard and Visa cutting off WikiLeaks? Or Cloudflare and Kiwifarm? Or celebrated when payment processors started dropping anyone deemed "problematic"? The infrastructure for financial censorship didn't materialize overnight when Christian groups discovered it existed.
The left pioneered the modern "advertiser pressure" playbook - organizing campaigns to get platforms to ban everything from "Russian disinformation" to "COVID misinformation" to whatever qualified as this week's "stochastic terrorism." The same NGO-to-government pipeline exists there too: activist groups coordinate with sympathetic staffers, push model legislation, and pressure companies through ESG scores and brand safety concerns.
Both sides have their "think of the children" trump cards. One side waves "grooming" and "pornography," the other waves "radicalization" and "harmful content." Both genuinely believe they're saving society from moral decay, they just disagree violently on what that decay looks like.
The real tragedy is that both camps are so busy fighting their culture war that they've handed unprecedented censorship power to payment processors and tech platforms who answer to no one. Congratulations to both teams - you've successfully created the infrastructure for whoever wins to impose their vision of morality on everyone else.
>> "We, and our 219 partners use cookies and similar methods to recognize visitors and remember their preferences. We may also use these technologies to gauge the effectiveness of advertising campaigns, target advertisements, and analyze website traffic. Some of these technologies are essential for ensuring the proper functioning of the service or website and cannot be disabled, while others are optional but serve to enhance the user experience in various ways. We, in collaboration with our partners, store and/or access information on a user's device, including but not limited to IP addresses, unique identifiers, and browsing data stored in cookies, in order to process personal data."
The accountants that pay the writers and editors believe that, to make the math work of "Cheap enough that a viable number of subscribers will pay", the subscription must be ad-subsidized.
These are two seperate groups, and lumping them in to call them both hypocritical is lazy in thought, or ignorant in recognizing that the New Yorker is more than one person. Yes, change should start at the paper running the story. The fact they haven't yet convinced all their subscribers or accountants, and ~~possibly not even~~ presumably the public at large, does not detract from their point.
Edited, but struck-through instead of deleted
* as in "I am over n years old", not "my exact birthday is nnnn-nn-nn"
** as in "I am a unique human you know as <uuid>", not "I am John Q Smith"
That just makes <uuid> an identifier like your name. <uuid> becomes yet another piece of PII, increasing your exposure.
Further, it will even inevitably get linked to your other identifiers in various databases over time. This problem is why pseudoanonymization isn't really that useful.
So for example, your ID card could have [Name, Pubkey, DOB] signed by the issuer, where pubkey is a pubkey for the ID card holder that supports unique signatures. The card has contains the private key and can sign with it.
Then to gain access to AdultsOnly.com you sign "AdultsOnly.com" and hash the result. This value is your site-identity.
You hand the site the site identity and a zero knowledge proof that you know a [Name, Pubkey, DOB] and valid issuer signature with DOB<=DATE and pubkey matching the signature that went into the hash.
Now they know you have an ID by that issuer with an acceptable DOB, and they know that one ID == one account (so no leaked/cracked ID being used to let everyone in). But they cannot link IDs between different sites or with names... if the private keys are not possessed by the state (e.g. generated by you when you get your ID) not even the state could help convert ID to names or link IDs between different sites.
Deleted Comment
You should look at selective disclosure JWTs and wallets. https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-...
Though creates other issues with, i.e. selling validation tokens.
The full accepted article reads: "Disseminating pornographic content online without putting in place robust and effective age verification tools to effectively prevent children from accessing pornographic content online shall be punishable by a maximum term of imprisonment of at least 1 year."
It's not law yet, as the first reading is now sent back to the Council of the European Union, but I don't think it's very likely it will get a second reading.
[1] https://www.europarl.europa.eu/doceo/document/TA-10-2025-011...
If parents don’t want kids getting into mischief online, then they need to restrict device and network access appropriately.
The internet was never intended for children, and we need to stop placing the onus on other adults to police themselves instead of on parents to police their children.
I do agree with everything else though. The onus is on the parents to do their job as a parent. If the goal is to protect children then improve the tools available to parents. They already have tons but the work is never done.
For kids, we had services like Prodigy and Compuserve that distilled the internet into approved content suitable for minors. We can - and probably should - go back to that, rather than throwing youth onto the regular internet and letting them fend for themselves online.
My child cannot walk into a gas station and buy beer or cigarettes, cannot buy liquor, cannot buy a machine gun, cannot walk into an adult book store or a strip club, cannot operate a motor vehicle.
If you, an adult, aid and abbet my child in any of these activities you’re likely going straight to jail.
You do not magically get a pass because “the internet.” We live in the real world, with laws, with rules, with social expectations. It’s time for the free pass to end.
The UK has a long long history of over reach with all of theses initiatives.
The UK governments is desperate to keep a increasingly fragile society from boiling over and their natural inclination is to censor, it's what they have always done.
ARPANET and the related early nets were intended for sharing research and sharing scarce computing resources for research purposes.
Everything else was an accident of the telecoms wanting to get their respective beaks wet.
I’m sure someone has tried to bring it back but it’s interesting to me that the public at large seems to have forgotten these ideas.
I think this pov tends to come from people that are nostalgic for the wild west days of the web. It doesn't matter if the internet was not originally intended for children -- they're here, en masse, and now society is looking for solutions.
Metaphor time:
Consider a liquor store in a physical space, and a porn site on the internet.
The liquor store requires ID at point of sale because it has limited entry and exit into the building. It has physical restrictions making it harder for minors to enter, and harder to exploit their way into accessing age-restricted items. This is because the physical world is always shared by default, and we must make rules securing adults-only spaces in a world that’s intrinsically shared with children.
A digital porn site exists on a realm solely built by adults, that requires adults to access in the first place. A child cannot sign up for an ISP, a child cannot buy their own cellular phone[1], and a child cannot decide to share their coffee shop or library WiFi for free to everyone within range. At some point, a child requires the assistance of adults to enter the internet. That makes the internet a de facto space for adults first, not children, and that is why I vehemently disagree with vilifying the majority of users (adults) just to “protect” kids who will bypass those age checks like they’ve successfully done for decades.
There will always be youth finding a way to procure pornography, drugs, or alcohol underage. The difference with the internet is that it’s by adults, for adults, and that children are guests who should be supervised by adults in their circles - not by policing all the adults online through intrusive surveillance measures.
[1] Children can, of course, use cash or cards to buy prepaid phones and airtime in many countries. I do not think this should be allowed and would be a better venue to restrict access than a surveillance state.
You say we are looking for solutions. There are better solutions, including privacy preserving solutions, which can work. We just don’t have any of those yet.
The most dangerous people on earth who are not in prison are on the internet; It is an adult place. Making it look like a child friendly place will not change this. But it will lure more kids online unsupervised and unprotected.
Where is the equivalent here?
Case in point, the same UK politicians who try to burry the Muslim grooming gangs story where kids got harmed, are now suddenly the ones pushing for Internet ID to "protect the children". If they cared so much about the children, why didn't they go after the grooming gangs immediately, instead of trying to hide it.
What they want is internet censorship, to take away the internet freedom of assembly, the ability to control and ban any criticism from the public targeting politicians and the elite the same way they do to mainstream media. No more people taking about political scandals, corruption, illegal immigration, sex scandals, Epstein list, Ukraine, Gaza, law enforcement abuse, mass shootings, etc, they don't give a damn about the kids.
You gotta attack the root argument: this space was never intended for children, and it is the sole responsibility of parents to protect their children in adults-only spaces like the internet.
Please don’t spread lies to make your point. The current Prime Minister was the DPP who oversaw the prosecution of the Rochdale scandal and worked on changing reporting and investigation. Listen to Andrew Norfolk’s interview with the News Agents if you’d like a citation.
As usual, mental laziness means that complexity kills the acceptance of good solutions and instead we legislate privacy-invading garbage.
But these kinds of solutions are "too difficult" and require thinking.
https://blog.google/technology/safety-security/opening-up-ze...
For this use ZKPs are trivially proxyable, and thus this type of system also requires additional security properties from treacherous computing [0] - specifically remote attestation which prevents your ability to run code of your choosing on your own device.
And Google (et al) are quite eager to supply this type of environment ("Safety" Net, WEI, etc). This is exactly why the new UK system requires the use of a locked down corpo-controlled phone, and why corpos are pushing this idea that there is a "secure" way this can be done.
Essentially they are advertising the cool privacy-preserving half of the system, without mentioning the necessary other half that destroys privacy and freedom.
[0] "trusted" computing in corpo speak. In other words, a crippled model of computing that the corpos can trust us to have.
Yes, you could use someone elses ID to access the porn.
That someone else could also sit next to you and press the button.
There is no solution that isn't 'proxyable' with the aid of the approved party. No solutions being considered are even particularly resistant to borrowing someone's ID or credit card, etc..
ZKP are no worse in this respect.
Adding treacherous computing doesn't improve any of them other than "approved software says its okay" is just a cheap (and fairly insecure!) way of implementing looksalike functionality to an actual cryptographic technique.
The same is true for cryptocurrency of course but that risk is implicit in holding a private key to spend in the first place.