Back to the internet's peer-to-peer roots. Many protocols besides the www
The www became infested with so-called "tech" companies acting as intermediaries (middlemen)
Lots of folks making money from surveillance ad system on the www. Oversized, unmanageable websites calling themselves "platforms". Creating "subscriptions"
The www is an ad network. Not a great place for non-commercial activity
Fortunately, the internet is more than the www
People pay for an internet subscription, not a www subscription
You can't sign up for a Facebook account without giving a live selfie.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
You find it to be a negative that banks require identity verification to drain an account? Personally, I would refuse to keep my money with a bank that doesn’t do this.
most banks using faceid won't accept you go to a branch. because they contract with a provider who makes more money from building and selling a database than to fulfilling the contract with the banks.
And your data on all those platforms - Google, Apple, Facebook, Twitter, etc. are ALL building comprehensive profiles on you, selling your data, and probably tossing it straight to the government in one way or another.
One very simple way to give parents control over what their children see and participate in without violating everyone else’s privacy is to create adult and social TLDs and require these sites to migrate to them. So instagram.com becomes instagram.social, etc. Then mandate that all consumer network equipment mfrs and internet providers provide easily accessible ways to block these TLDs. Maybe combine that with some public education materials to teach less savvy parents how to do this.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
There was some optimism with .xxx that adult content producers would voluntarily switch over. Spoiler: almost none of them did, except for domain name availability reasons.
Block how? You can block sites now and all it takes is a proxy/vpn to get around it. Nothing short of personalized age verification will work. The best we can do is make sure the age verification system is centralized by the government. The client sites can’t see who you are and the centralized government server should not be able to see the sites you visit.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
Whether such a system could be bypassed by a VPN would depend on exactly how the age verification works and whether said government decides to ban the use of VPNs.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
Reminder that the internet was created to be live and a indestructible means of reaching one and another, none of what you wrote can meaningfully do what you think it would.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
There isn't much left of the free Internet anyway. Search engines no longer work, all discussion forums are ranked/censored by interest groups, mail delivery is between large entities.
Maybe we need an alternative set of root servers for a free Internet.
And content is increasingly produced for, and by, machines. Human initiative and/or access is increasingly incidental.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
Would be nice to see something referral based. If you don't like X, block them. If X invited Y and Z and their invites behave poorly, you can block the whole tree. Kinda like lobste.rs referrals but for wider internet
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
Perhaps, but in both cases, I think that the principle problem is attempted control at the wrong portal.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
The problem is kids on social media. This doesn't need to be a problem for anyone except social media companies and social media users. Sloppy policymaking is making it a broader problem, but I don't think this is some nefarious scheme (at least in the U.S., it looks sketchier in Europe). It's just policymakers pulling the first proposal off the shelf to respond to intense demand for a policy from voters.
“Introducing age verification is based on the state being able to force social media companies to verify their users’ identities”
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
> Nobody forced them to use their real names and post countless pictures of their faces alongside
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
Dont forget what kicked this age verification in first place. Initially they wanted do age verification for porn, and only year later they moved into social media seeing there's wasn't huge pushback.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
The "First they came for the Communists" logic still holds. When government able to open the flood gate, the mandatory ID check will be slowly and surely be everywhere.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
Growing up I remember all the ads about avoiding narcotics talking about getting hooked on free samples and then going to jail for theft and/or possession. The people behind that propaganda didn't know drugs do cost money, dealers being dorky teens and twenty-somethings who are about as dangerous as a butterfly. But this propaganda also illustrates how some elements aren't very bright. The internet age with free email, free social media, etc. got everyone hooked and now Zuckerberg, et al. are giving doe-eyed, hat-in-hand, and crying poverty. If people were wise to those PSAs, past and present, they'd see how the loyal opposition has been playing with their cards face-up on the table under the guise of good intentions. Much like the pedophile scare during the teens, pun unintended, with Comet Ping Pong and then come 2024 it's revealed Epstein and his cadre of deviant cronies were doing it all along while deflecting poorly to innocent parties. Goodness knows what else is still right in front of our noses but their reality hasn't come to fruition in the zeitgest.
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
> EU law gives every citizen a right to a bank account.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
"Will the police stop and search people on the street looking for unauthorized phones? Prison sentences for buying a non-state computer on the black market? Charges of organized crime for smuggling in containers of open-source software on USB sticks?"
Come on, do people seriously believe this will happen?
Mullvad VPN is great. Mullvad Browser is a great balance for preventing fingerprinting and also usability vs the Tor Browser. Most browsers I've found, even ones with claimed fingerprinting protections, are easily traced by fingerprint.com and other tests. Mullvad beats it.
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
You guys certainly love to cry about the dead internet theory and how bots spewing AI generated content are ruining the internet. It makes it extra strange to watch you simultaneously cry about anything that might down the bot population.
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
>and that you can no longer post anonymously on social media. You cannot be certain that your criticism of the government will not be followed up by the authorities.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
Age verification is a project 2025 backdoor to ban porn, and also a way for Meta and others to advertise much more aggressively without violating age restrictions, and also a mass surveillance opportunity for the government. It is definitely not for the children or anyone’s safety. It threatens the most basic civil rights we have like free speech. The fact that so many people blindly support it is really depressing and disturbing.
Good arguments there, and for once addressing privacy-preserving age verification.
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
> Many people genuinely want to find a solution that is better for the children
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
There is a solution, it is regulating social media companies to stop abusing their users, and by extension, children. strict laws around adtech and tracking tech. more consumer rights, in other words - that’s why this solution comes off as authoritarian, because there is such a variety of ways to tackle this problem, and this is the most authoritarian one.
Parents need to either control the internet, or control their children’s devices and screentime. The latter sounds like the obvious option, except that Google wants every second grader to have a school-mismanaged chromebook and Google wants to mediate control of the internet, and by pushing parents to the former they win on both fronts.
Age verification literally already exists in a way that doesn't require orwellian centralized control. The <meta rating> tag has existed for decades. If you want to restrict access force websites to apply these tags, then use a browser that obeys them. Parents control what their kids access, mostly, like it's been since forever.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
Sure but that absolute opposition hasn't, as far I can tell at least, achieved an iota of success. So it's largely a self indulgent merit badge than an actual strategy.
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
Current policy is victim-blaming: it excludes from social media potential victims (children) but allows perpetrators (convicted csam users).
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.
i never read a nat geo where a young girls innocence gets destroyed in 4k ultra hd , either way based on the behaviour of our ruling class it seems likely that the pedophiles are the ones instituting these laws
The www became infested with so-called "tech" companies acting as intermediaries (middlemen)
Lots of folks making money from surveillance ad system on the www. Oversized, unmanageable websites calling themselves "platforms". Creating "subscriptions"
The www is an ad network. Not a great place for non-commercial activity
Fortunately, the internet is more than the www
People pay for an internet subscription, not a www subscription
- You have to have an approved browser.
- It has to be installed on an approved platform, Google or Apple, for which you have a valid account.
- You have to have an account on the posting platform.
- You have to get past moderation on the posting platform.
That's without age verification.
Any image of your family you post will be scraped by Clearview AI, bypassing the restrictions that make it hard for you to create accounts, to create a worldwide facial recognition system.
But to get the money out? Oh no! We need a picture of your face! And there’s no option for going in person.
Now you’ve given every parent a way to easily mass block all adult/social sites/apps if they want and no one’s privacy need be compromised.
The only way this can go wrong is if the client sites collude and publish their visitor logs and then the government can do the legwork to identify you. But even this is pretty easily bypassed if you use a VPN.
More importantly, I don't personally have any faith that at least the US government could properly define and build a system that is reliably and provably resistant to tracking. The government has incentives to want to know what sites a person visits, the NSA would be loathed to allow that opportunity to go unused. The government also likely doesn't have the skills or resources to do it in house, I'd expect them to outsource it at an absurd cost to a third party that would also have incentives to want to track usage data through the system.
Failing in parenting and lobbied politicians (regulatory capture) on the other side.
Maybe we need an alternative set of root servers for a free Internet.
It's easy to create an alternative. The problem isn't that, it's keeping that alternative clanker-free. (As well as free of all the other enemies / plauges on the useful, generative, Internet.)
which brings you right back to verification...
I guess the correlary would be like how you can block an entire ASN if you find a lot of abuse from it, but at the human-network level.
Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.
Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.
For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.
For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.
Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.
The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.
I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.
Occasional communities may survive in a walled garden fashion.
Sorry, Tim Berners-Berners-Lee.
Users have been doing this themselves without state coercion for twenty years now by putting their real names all over Facebook and all the other socials. Nobody forced them to use their real names and post countless pictures of their faces alongside, and pour out the totality of their worthless opinions on every issue. Compared to this, when considered sensibly, the verification is almost a trivial step.
No? You've obviously never been ostracized from your friends, family, or coworkers due to not using Facebook or Instagram or whatever the latest vapid social network is.
So even if this change doesn't affect you right now, but it will affect you later then it'll be too late to fight agaisnt.
If you don't use social media and AI platform. Fine. But what about app stores, what about any registries from docker, to npm, to apk and toward the end source code repositories like Github/Codeberg?
It's not a free "sample": drug dealers give their stuff for free at parties where vulnerable young people are in the form of sharing what they are themselves taking. Then they have that teen on the hook for extortion and having them do things or pay "debts". I "gave" you some drugs because you're my friend, but now you have to pay back, you have to do this favor, take this stuff from here to there. Another common thing is that the "debt" has to be paid in money again and again and again. You don't want us to go talk to your parents who think you're their perfect little boy/girl? You don't want them to know that you took drugs, do you?
As dangerous as a butterfly... It's a filthy world on all levels, filled with demonic people who spend all their time thinking about how to use and abuse others - the more innocent the better.
I know it's a tangent.
I wonder if EU law could give every citizen a right to a google or Apple account, including a forced recovery option if the account is 'deactivated'?
If at some point such an account becomes essential to function in society, access to such an account becomes a legal mandate.
That directive regulates banks from denying the opening of a basic payment account. But there is no legislation preventing governments from freezing accounts, Canada-style. As far as I know, there's no protection against being de-banked.
Here in Australia, the local and state governments push the use of their Apps as well.
These Apps provide access to identity documents, offical notifications, and messages for health, benefits and taxation purposes.
Then there is Banking and the issues around becoming a cashless digital society…
It’s become less about access to hardware devices, as useable devices can often be free when donated by a friend or relative, and more about continuity of access to your digital life.
The risk of losing access to your online identity or having it stolen are very real with often traumatic results for individuals.
Come on, do people seriously believe this will happen?
There's this cool new feature that they added to the Mullvad browser extension, which is built into the Browser. It gives you a random different proxy for each site, kind of like the Tor Browser.
Mullvad understands that VPNs overpromise and underdeliver, but if you combine a trustworthy VPN, a fingerprint-resistant browser, and uBlock Origin, you get a damn good internet privacy. The browser is not ideal for daily-driving because it's always incognito so you get signed out on close, but I heard they're working on a persistent version.
the beginning of the freedom of every person to become a developer
Dave, first we will need to setup age verification for your friends in order to comply with the law. I will not be able to help you otherwise. Remember Dave, I will submit to the local government your request to make a social media website so they will know if are complying with age verification. I have your ID which I will also provide as you need government ID to use AI. Open source AI models were banned.
sorry but I don't get this point. If you're on Instagram or Facebook, did you think fifteen different three letter agencies weren't already watching you? It has the word 'face' in the name, the entire point of that site is that people mindlessly share their personal information, it's not some underground space for activists.
You can be perfectly anonymous on the internet, but demanding to be anonymous on Facebook is like trying to start a Das Kapital book club at Goldman Sachs or decrying commercial culture while you're in a Disneyland theme park
I just don't like that proponents of age verification are systematically (including in this article) dismissed as authoritarians hiding behind "just another “what about the children” excuse to introduce mass surveillance and censorship". Many people genuinely want to find a solution that is better for the children, and telling them "if you are open to age verification you are either a fascist or a moron" is not constructive.
Also I find the way ZKP is criticised a bit manipulative. It kinda implies that "fundamentally, any kind of ZKP system can be switched off remotely and without anyone realising", and that is wrong. It can be implemented in such a way that people have pretty good guarantees about it preserving their privacy, similar to end-to-end encryption. I find it hypocritical to say "E2EE can be reasonably trusted, but privacy-preserving age verification fundamentally cannot", just because tech people like the former and not the latter.
at the expense of everyone and everything else all to not have to be an actual parent.
These arguments are not coming from places of concern, they are coming from laziness and people taking advantage of that laziness to further even worse agendas.
Think carefully about why a politician might disregard this extremely simple mechanism and you'll have your answer about the real goals here
We know they'll take a mile if you give them an inch. Ditto with "trusted" computing and the rest of that wormcan. That's why the opposition has to be absolute.
We have age verification for all kinds of things that can harm minors. Most of them have adequate penalties for breach such that operators of said harms ensure they comply (checks for ID when selling alcohol, entry to over-18s pubs/clubs, etc.)
There's nothing sinister going on here, just attempts to prevent social/mental harm to minors.
There absolutely is you're just not aware of it.
This whole thing is meta financially backing right wing conservative groups that want age verification because meta wants to avoid liability for the harms their platforms cause.
In addition, this is the beginning of the end of any sort of anonymity on the internet, which has disastrous consequences for politically minded individuals, minority populations, or targets of stalking. This is a privacy nightmare bring pushed through in the guise of "muh children".
Porn has always been around (national geographic, anyone), and parents can use screen time to limit access for their children if they want.
But this was always about governments wanting to know who's posting what (and controlling them, through chilling effect); not about saving 'the children'.