I sometimes wonder whether the people in the tech industry who worked on things like secure boot, attestation, and DRM saw this as the inevitability open source advocates always saw it as.
Did they think, as they worked to transfer final say from users to corporations, by technical means, that politicians couldn't transfer that control to themselves by political means?
Did they think they could lock things down to extract their 30% app store fee while enforcing rules through app review (and demonstrating censorship of sites like Tumblr) that politicians wouldn't want that same rule-setting, censoring power?
Did they think their employers were going to prevent that transfer, that the trillion-dollar companies would become some sort of Che Guevara style insurgents, running a guerrilla campaign to overthrow the very system that made them trillion-dollar companies?
My impression is that people who can work on stuff like that are the kind who just take the stuff in the world for granted. "This is how the world is, we need digital restrictions so now we need to implement them." "I don't have a say about whether DRM or remote attestation is standard business practice or not, it is just how it is."
This is akin to how two kinds of people respond to law. The first kind think "This is the law, we must follow it" and the other kind think "This law doesn't make sense, we must change it".
People who look at pedestrian traffic lights and cross when it's green vs. people who look at cars and cross when there are no cars coming. The first say you must follow traffic rules and the second kind say they wouldn't be alive if they looked at the green/red light of law instead of whether there are oncoming cars: a green doesn't mean it's safe to cross and a red doesn't mean you can't cross if only there are no cars.
> The first kind think "This is the law, we must follow it" and the other kind think "This law doesn't make sense, we must change it".
Indeed. I can't understand the people who blindly believe any law is good just because. Stop, think. Is the law good? What's good about it? What's bad about it? Can it be abused? Then maybe it should be changed?
I advocate that every law should have an annual review to catalog every case where it has been applied. How many were sensible positive outcomes? How many were unintended consequences? How many were clear abuses of the letter of the law? Every legislator should vote on the record based on that annual review to either renew or cancel the law.
> I can't understand the people who blindly believe any law is good just because. Stop, think. Is the law good? What's good about it? What's bad about it? Can it be abused? Then maybe it should be changed?
I think many people have an expectation that (all) laws are just and needed because... somehow they're the law.
In reality, laws can be unjust, unnecessary, biased, and completely arm-wrestled together by people strictly following an agency of their own. Other laws are put together by sheer ignorance and lack of thinking beyond mere good intentions. The first question shouldn't even be "is this law fair" but "was this law made fairly".
It creeps me that people treat laws as axioms whereas they're just polished and reinforced opinions. Sure, many laws we can agree on, and many others that don't agree on aren't worth changing, but you should always question the law and question where it came from before choosing to accept it.
I can see the same pattern with technology such as the various digital restrictions management (DRM) schemes.
Somebody had to work on it before it was how the world is. When Microsoft proposed a scheme involving remote attestation and DRM in 2003, the New York Times published a critical article. Google SafetyNet a decade later barely got a whimper out of major tech outlets, much less the mainstream press.
>Somebody had to work on it before it was how the world is.
The mindset the parent described extends to what they're asked to do. They don't challenge it. It doesn't have to already be law for them to accept it and build it. It's enough that the ask comes from authority (a boss, a government) and pays.
Suppose there is some peon at Microsoft who is ordered to write code for Pluton and then does it because they don't want to be fired, expecting to hide behind the Nuremberg defense. The people in your second group will naturally disapprove of this.
But regardless of that, we can ask the same question of the person giving the orders. Someone in these companies initiated these programs, so are they merely fools who couldn't predict the obvious consequences that others did, or are they truly malicious?
> My impression is that people who can work on stuff like that are the kind who just take the stuff in the world for granted. "This is how the world is, we need digital restrictions so now we need to implement them." "I don't have a say about whether DRM or remote attestation is standard business practice or not, it is just how it is."
I like to call those people "ventablackpilled". Being blackpilled is all about gloom and doom, but being ventablackpilled is beyond being blackpilled. It is when you actively want the world to be a worse place because you believe that that is how the world works.
Ironically, the very OP statement is exactly that: trying to make the world a worse place because they believe that that is how the world works.
The solution to avoiding dictatorship is engaging in politics and preventing dictatorship directly through that. Trying to retreat into the (perceived) wilderness and build barriers to dictatorship doesn't really work. But since people drafting that statement don't believe that politics work and it is, in fact, possible to both have a vibrant political scene (we have what, five viable political parties vs the American two?) and not let kids send nudes, they try to drag everyone into the same mind frame.
much much worse are the ones taking the biege pills, who of course will drag anyone who notices into there world of where which one of 59 shades of biege constitutes the true way into non confrontational , we will escalate and swat you for any hint of agitation while we decide not to decide to not provide the very function they are in charge of,passivity and conformity to bieng childless and into flabby sad kinky stuff.
legions of them.
You're giving too much thought into the issue or trying to construct something like a conspiracy out of it.
I sometimes work with people who worked on or at least worked with DRM-like stuff (Trustzone etc.). The people who make those systems and the structures that allow it falls squarely on banality of evil. It is not a big evil org or people with their own evil agendas (unlike Palantir, i think they are the true "ventablackpilled" ones). They are thousands of developers who push JIRA tickets like everyone. Many of them live in the developing world and they just pray to keep their jobs. The reason that big tech attracts developers despite their obvious and much bigger (IMO) evils is the same reason that attracts developers who make systems that can be completely closed down.
Many of the developers are not outright evil either. They sometimes voice their opinion. Their opinion doesn't matter in comparison to the business goals.
Sometimes it is understandable to write blocking software. Not all equipment is sold. Many industrial equipment is leased. So the actual owners want guarantees that their devices cannot be modified by renters.
The amount of info you can extract from an Apple phone or Graphene OS is limited due to same restrictions working in your favor too.
Similarly phones can be locked down due to radio restrictions. Nobody wants infinitely exploitable SDNs in peoples hands. It makes such SDNs a juicy target for enemies like Russia to exploit and turn into scalable attack vector as spoofing and jamming devices.
The reason those are attack vectors is also banal. We made our bed as engineers, voters, governments and business leaders one sloppy work at a time. We made shitty chips and shitty software with no care for security or safety. We sold millions of them and nobody wanted to pay to "do it right way". Worse is better. Silicon Valley style scaling up is the goal. Competition is for suckers. All those and every single one of us ate the fruits of shitty hardware and software that are protected by closed down systems. We engineers got the cushy jobs, our business leaders made 10x 100x gains from our work. We either had little voice (because making a big noise is guaranteeing that your cushy job no longer exists) or whatever we had is ignored in the hubris of shipping shit to billions of people.
<< We made our bed as engineers, voters, governments and business leaders one sloppy work at a time. We made shitty chips and shitty software with no care for security or safety. We sold millions of them and nobody wanted to pay to "do it right way".
I dunno. By that I mean, I am sure it happens, but I am not sure this is the reason for it. FWIW, I am not an engineer, but I have a window into that world.
In my little corner of the universe, we are going through belt tightening exercises already. So it is an interesting game of less meetings, shoving as much as you can onto others and the classic 'doing more with less'. In other words, even for internal customer's 'doing it the right way' is imply not a priority. On the other hand, getting more people, bigger budgets and somehow money saved is. 'Doing it the right way' is a distant ideal.
All that said, I don't think you are that wrong with the 'banality of evil' thought.
> This is akin to how two kinds of people respond to law. The first kind think "This is the law, we must follow it" and the other kind think "This law doesn't make sense, we must change it".
What? I don't understand how this is a "two kinds of people" generalization, when the two categories aren't even mutually-exclusive?
One can think a law is bad and should change, while simultaneously recognizing the rule of law and following it.
It's pretty weird to try to pit those two perspectives against each other
If there is a stupid law, there are several things you can do:
You can follow it anyway and make no attempt to improve the situation, allowing the stupid consequences to follow indefinitely. (Notice that anyone who follows the law while doing nothing because they've been convinced reform efforts will be ineffective are in this group.)
You can follow it anyway while trying to change it, attempting to limit the time the stupid consequences exist.
Or you can refuse to follow it.
But the people in the last group should still be trying to reform the law, both so that they don't have to risk being prosecuted for doing the right thing, and in order to get the people in the first and second groups to stop doing the stupid thing the people in the third group are already refusing to do.
If you don’t expect it to be obeyed or enforced, then I would say that means it should be fast tracked to be changed. “Show me the man, and I’ll show you the crime.”
The point is that if you don't follow the law as is then what expectation can you have that anyone follows your changed law - and if no one does then what's the point.
There are laws in existence that no one even "law addicts" would follow unless brain damaged. On top of that sheer amount of laws makes on "following those" simply impossible. there are also conflicting laws. Some laws are even refused to be enforced by the police.
It is a dynamic world where respect for law, trying to change law and plainly saying: "go fuck yourself, not gonna do it" should and do coexist.
Absolutely all laws followed strictly to the letter would kill a society.
>People who look at pedestrian traffic lights and cross when it's green vs. people who look at cars and cross when there are no cars coming. The first say you must follow traffic rules and the second kind say they wouldn't be alive if they looked at the green/red light of law instead of whether there are oncoming cars: a green doesn't mean it's safe to cross and a red doesn't mean you can't cross if only there are no cars.
Don't forget the selfish jerks who simply ask for whatever class of traffic that isn't them to be punitively regulated to their benefit.
(both literally and transferrable to other issues as a metaphor)
The people in the industry that I know were/are trying to stop fraudsters, script kiddies, nasty people, and governments from trying to exploit weaknesses and take unauthorised control of devices and services.
The problem with that is it generally requires a central point of trust.
Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
Without commenting on the UK governments stuff (It is probably full of shit, but then thats what lobbying does) We as technologists need to engage with wider society and understand on their terms, the worries they have.
For this particular "proposal" it strikes at the core worry of today's kids. They are sadder, more insular, more dependent on mobile comms and exposed to much nastier stuff than millennials were at the same age.
AT my school in the very late 90s, a group of 14 year old girls went to the beach and took a disposable camera. Standard photos apart from one, which was a group of them topless. One of them brought them back from the developers into school. Somehow the topless photo was stolen and passed around various classes.
It ruined her month, even though she got the photo back. I suspect it left scars longer than that.
Now imagine not being able to get that photo back. Thats the problem for todays kids. One moment of stupidity and a lifetime of consequences. (under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life.)
You could say "oh education" but did you listen at that age?
Whats worse now is that there are no gates on what photos can be developed by the normal person. If you took any photo that was explicit, it almost certainly wouldn't be printed (hence why there were very little dick pics from that era).
Is what the UK government proposing workable? well looking at the OSA, almost certainly not.
However unless we, as a tech community engage with society, with useable answers that are understandable to the normal person, then we are going to be crushed by the weight of "something must be done". Absolutism is not our friend here. We need to engage and choose compromises, or lose wider freedom for ever.
> The problem with that is it generally requires a central point of trust.
The problem with it is that the people who want to use a central point of trust as a chokepoint for censorship, surveillance and monopolization keep claiming that this is required when it isn't.
> Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
The premise being that if you have a monopoly then ordinary people can trust it. Only that isn't the case. A monopolist not only can be just as malicious or incompetent as any of the multiple players in a competitive landscape, they're more likely to be because the lack of competitive pressure allows them to be more abusive and complacent and more capable of capturing the government.
> under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life
That seems like a problem caused by the law. Why is it possible for any actions taken as a minor to cause someone to be put on a permanent list when we recognize that minors aren't mature enough to be held responsible for that?
> Now imagine not being able to get that photo back.
Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
In today's world the 14-year-old girl who took a topless beach photo of herself would likely be criminally charged as an adult for production, possession and distribution of child pornography. So there's something about how our legal attitudes have changed too.
>We as technologists need to engage with wider society and understand on their terms, the worries they have.
We were the vanguard blocking this to the public's benefit, now they've voted for it our only duty is to ourselves; to make sure the rules don't apply to us.
I mean I get that, but don't you also see thats dangerous?
I think its perfectly winnable argument. For example we already _had_ age gating in the UK, its just it was at the network level on mobile internet. It worked and was unobtrusive.
The antidote to the OSA was to just extend that to domestic internet.
That argument was lost, and lost hard. mainly because we didn't engage properly with a believable solution.
> to make sure the rules don't apply to us.
The point is, they don't really apply to the determined. the same argument could be made for painkiller blister packs. The level of friction that the packs provide reduce drug based impulse suicide by 40% (depending on which study you reference)
The argument against it is "I can't be arsed with pressing the little shits out, I just want it easy". The Populist approach is making it prescription only.
Unless we engage properly, on the right level, then we are going to be worse off.
Oh, the people who work on secure boot, attestation, DRM, and other such features know very well, but don't care. This is because the claimed benefits for them, such as less hackers, less malware, less bot traffic, outweigh any possible downsides for the society.
That's exactly the shortsighted view I'm talking about - you are ignoring the cost of building/adopting a system that you may not control in the future.
I think it's even worse than that. Our industry has a strong track record of only looking at potential upsides (and pretending they're certain) and not even seeing that there may be serious downsides.
It's a kind of blindness. The kind that is, in my opinion, is one of the major reasons why we ended up building a world that's more than a bit dystopian.
It isn't TPMs nor attestation nor DRM making this possible. It isn't secure boot either. It's walled gardens with secure boot -yes, secure boot- that the consumer can't bypass. Secure booting isn't the problem in an enterprise setting -- of course we _want secure booting_ in the enterprise. It's consumer devices that can't be jail-broken that are the problem. Although even then, the silly age verification laws and the people pushing them don't even care if the OSes run on walled garden devices.
I would posit that any device that can't be jailbroken is a walled garden. Whether the wall is made of an app store or an operating system, it's not yours if you can't do what you want with it.
Would it? Parents who so choose could restrict their teenagers from owning a device and instead give them one owned by the parent and configured not to show adult content.
A sufficiently adversarial teenager could get a different one, but they could do that regardless since it generally costs even less to get some 18 year old high school senior or homeless adult etc. to lend you their ID than to buy another device.
They're ultimately employees. Their employers hire them to write the code that the employers want. If they don't write the code, employers just fire them and move on to hire some other people to write code. As much as how ethically questionable it is, it's still very rare that people would give up their jobs to defend their viewpoint.
The practical alternative is sabotage. Write the code poorly, with obvious bugs. Don't sign the full URL so the user can just delete the drm=true parameter.
FAANG programmers were never anywhere close to having their kids starve so its more like "I have gotten used to this lifestyle and will sell other peoples future to maintain it".
Yet they stopped thinking as soon as their wallet got involved and never considered that their kids also need freedom and the ability to use technology that works for them and not against them. Selfishness and greed are the problem. The kids are just a convenient but shallow way to deflect from that.
Nobody implemented DRM with a gun pointed at their heads, and anyone capable of implementing harmful technology has the skills to work on something else for lots of money implementing other things. It was always a choice.
Having argued these topics for decades, I think that a lot of people just truly can't foresee the inevitable consequences. I don't know why, the consequences seem obvious but because they are not spelled out, many people say it won't happen.
There's a selection effect. Some people thought these were bad and didn't implement them. Other people thought they weren't bad and implemented them. We use implementations from the latter group of people. Obviously.
Same thing is happening with age verification. We had the chance to just ask if the user is over 18 when setting the computer up, but we didn't do that so they're using a solution from a mass surveillance company instead.
I think you can learn about it most by reading clever, capable people from big tech corporations. Their framing often involves tradeoffs against a slow but inevitable societal pressure that is helped by compromising on freedom.
So I don't believe they are ignorant of all your points; it's rather that they don't see a realistic way how tech, corporations, and perhaps even ordinary people can go forward (being better, or richer, or more sophisticated or whatever) without making that compromise. It's as if they saw the forking paths of the future, and none will end up without technical restraints, regardless of whether they do it or whether things just get worse and someone else then does them.
But they're right. The next guy will do it if you don't. And you'll be fired meaning you won't have any power any more, and the person who thinks DRM is good will be hired and become powerful in your stead. How does that help?
I remember piping up about all those things. But the excuses were everywhere.
- Oh but you can turn it off so it's no issue (secure boot). Well yeah but more and more stuff just won't run then (eg iOS apps on Mac). It will become the norm to stay inside the fuzzy walled garden just like it already is on phones. And if you stray you will just be blocked from any app that does something useful.
- But companies need to be sure you are who you say you are (attestation). Yes but they will abuse that power if they can profit from it.
> Did they think, as they worked to transfer final say from users to corporations, by technical means, that politicians couldn't transfer that control to themselves by political means?
Makes me think of the most sobering line I ever saw in a museum (Berlin): The biggest atrocities were committed by people with a spreadsheet and a performance goal.
Politicians always had that power, because it was always technically possible. To think we could have done anything to stop it once there was a will to do it is naive. If you doubt it, just look at Palantir. People like us built that - Thiel and his minions only paid their salaries.
Boiling the frog is a thing. As is laying the groundwork. Governments are much less likely to pull off multi-decade plans than they are to make use of whatever technology is already out there.
Does that really still apply when the people in question make six or seven figures for it? At some point we should expect some kind of individual responsibility.
I always think of the lumberjack tasked with cutting down the last redwood giant. He hesitated a bit and was somewhat reluctant to start. Several of his coworkers understood that it was slightly emotional and said they would do it if he couldn't.
I often also wonders if ideological zealots ever thinks of this passage while pushing their agenda for control:
...and it was allowed to give breath to the image of the beast, so that the image of the beast could even speak and cause those who would not worship the image of the beast to be killed.
Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead,
so that no one can buy or sell who does not have the mark, that is, the name of the beast or the number of its name.
Those who would think of such a passage (or any biblical passage) and those who push for a total-control agenda are disjoint sets.
Communism and fascism were both fueled by atheism (either explicit or functional), not a Judeo-Christian worldview.
"Ohne Gott und Sonnenschein bringen wir die Ernte ein." (Without God and without sun, we will get the harvest done.) - the slogan of East Germany in 1975 when people were hungry and it kept raining during harvest.
that's not Christian though (in the sense that their beliefs are not scriptural and not subjected to scriptural review)... it's something else, and it's really ugly.
While I'm not fundamentally opposed to the idea I'm not convinced its going to be effective. A lot of the leaders that ultimately approved these developments are already public figures and that doesn't seem to affect their motivations.
> Did they think, as they worked to transfer final say from users to corporations, by technical means, that politicians couldn't transfer that control to themselves by political means?
Corporations are already hostile enough that it doesn't really matter:
The report says that between 30 and 40 Rockstar employees working in multiple offices in the UK and Canada were fired on October 30, all of them part of a private trade union chat group on Discord. - https://www.pcgamer.com/gaming-industry/rockstar-accused-of-...
Twitter people expressly started their company with the idea of crowd-friendly semi-anonymous msgs on demand.
The game of GO delivers an idea where a very large construct can be built then in one move the entire thing flips to a different purpose... seems relevant somehow..
> Did they think, as they worked to transfer final say from users to corporations, by technical means, that politicians couldn't transfer that control to themselves by political means?
Why does that matter? If it's bad for politicians to usurp that power, it's already bad for corporates to have it in the first place.
I'd rather politicians use power in a way that includes democratic oversight than, say, Peter Thiel doing whatever the hell he likes.
I guess they think "someone is going to do it anyway, so it might as well be me so I can be the one who gets paid for it". But yeah, I'm sure there is also a good chunk of tech workers who are indeed useful idiots who think they are the last link in the chain.
> Did they think, as they worked to transfer final say from users to corporations, by technical means...
Your argument is flawed here. The truth is that measures such as secure boot do have real security benefits. They can be misused, like any technology can be, but that is not an inherent feature of the tech, but rather how it is implemented. And as the developers of such measures are not a monolith, it is unfair to paint them as merely trying to exert control. I'm not going to argue that some involved parties were trying to exert control. But lots of others were trying to implement a genuine security benefit for the users, and they don't deserve to be reprimanded as if they were some kind of apologists for authoritarianism.
> They can be misused, like any technology can be, but that is not an inherent feature of the tech, but rather how it is implemented. And as the developers of such measures are not a monolith, it is unfair to paint them as merely trying to exert control.
You can argue that exerting control is a good thing - a clever scam artist convinces a vulnerable user to paste an attack at the command line, and the benevolent OS vendor uses their control makes the attack impossible, no matter what the scam artist tells the user to do. A greedy software maker produces a spyware-laden, cookie-stealing update and asks the user to enter the admin password to install the update. The benevolent OS vendor uses their control to make such malicious updates impossible, even with the administrator password entered.
But even if the control is being used exclusively for good, it is, ultimately, control.
They (developers) did what they did for money. Just like everyone else. And they would do it all again.
At a corporate level, no one cares about lots of freedoms, except if it is a selling point.
If 'keeping freedoms' is a selling point then the ideal position is to gain the kudos of appearing to support this whilst also getting the benefits of the loss of freedoms. Why not get both?
What defines a bad tech vs a good tech? Similar arguments can be made for most research including nuclear fusion, AI, vaccines, space, polymers, combustion engines, electric motors, semiconductors...
Good tech empowers individuals and subverts authorities, corporations, oligarchs and governments. Bad tech subverts individuals and empowers authorities, corporations, oligarchs and governments.
Meanwhile Signal Corporation keeps trying to connect to updates2.signal.org even when the app is not being used. "Automatic updates", remote code execution by default with no option to disable
Silicon Valley has its own ideas of what "privacy" and "surveillance" mean
To those folks, it does not mean privacy from Silicon Valley companies
The Signal app will keep on trying to connect to the mothership
Because to the people who work on Silicon Valley software, that is not a privacy violation
The battle is over _control_ over software not privacy or surveillance. The later is not possible without the former
Silicon Valley does not want the user to have control any more than they want the government to have control
It's starting to feel like ethno-nationalism is the answer.
See: the PRC. Support for surveillance is allegedly high. Anecdotally, talking to PRC citizens in circumstances where they don't need to worry about said surveillance (e.g., when they're vacationing in Japan and I want to pester someone and practice my mandarin), they generally like it. Makes them feel safe.
The CPC has sold them on a vision of them as members of the state-race "Chinese" (which is not really an ethnicity any more than "American" is) and the surveillance as a thing that keeps them and their "Chinese" lifestyle safe from non-Chinese. Uighurs have to be extra surveilled until they're also Chinese, which, many are now according to the CPC.
So PRC citizens feel safe and cozy among in the country for "their people," not realizing this whole ethnonationalist concept is at best 100 years old, maybe even younger. During the Qing dynasty, there's a whole hell of a lot of people that think of themselves as "Chinese" that definitely weren't by the dynastic government.
I smell similar happening in Russia, the USA, and Israel, with State support. It looks like right wing groups are trying to pull it off in the UK and Germany as well.
>Anecdotally, talking to PRC citizens in circumstances where they don't need to worry about said surveillance (e.g., when they're vacationing in Japan and I want to pester someone and practice my mandarin)
I'm not sure you are aware that China has monitoring operations for its citizens outside China.
People forget how we got here. Whatever your philosophical stance, history has shown beyond a shadow of a doubt that giving most people complete control over their device has been an unmitigiated disaster.
Scams, stealing credentials, stealing money, botnets, viruses, losses of data, ransomware, etc etc etc.
What is better for most people is a locked down device like an iPad where each app has to be approved and they're incredibly sandboxed. 20 years ago we had people installing malware because a strange email promised them smiley face emojis.
When we transitioned from the single-user ODS-based Windows model (ie Win98/SE were the last of that line) to a multi-user restricted privilege model based on NT 3.0/3.5/4.0 (first as WinXP) it was meant to be better but privilege escalation was still too easy because of what users had become accustomed to doing and of what was needed to install software you downloaded.
Things like an App Store (on Mac and eventually on Windows) are actually a good thing. Signed apps are a good thing. Having to go out of your way to install unsigned apps is a good thing.
I really abhor "technical libertarians" because they never address these issues. It's all principle-based while ignoring reality, human nature and whether or not unfettered access gives users something they even need.
Also, other people pay the price. Where do you think these DDoS attacks come from? Compromised Windows PCs (primarily).
> Whatever your philosophical stance, history has shown beyond a shadow of a doubt that giving most people complete control over their device has been an unmitigiated disaster.
I'd argue that giving governments and corporations control over our devices has also been an unmitigiated disaster. You could say the same thing about any kind of freedom though couldn't you? Freedom is so dangerous after all. Look at all the problems it's caused. Giving up all of our freedoms would surely make the world better right?
People often misuse freedom. The answer to that is not to take freedom away, but to educate people on how to use their freedom, and only restrict those who have proven to be unable to handle it. Let's say your argument, that clueless users getting infected are an externality upon everyone else and thus they need to be locked down for everyone's good, is accurate (though I don't think it is). In that case, why should the majority of intelligent people be made to suffer because a minority can't handle the freedom? No, in that case the correct thing to do is to have a mechanism by which we identify people who are hurting others, and restrict them. Nobody would countenance the idea that because some people are irresponsible drivers, cars must therefore be unavailable and everyone pushed into using public transit. But that is the exact same logic people try to use to crack down on freedom of use for computers, even though they are nowhere near as dangerous as a car.
> I really abhor "technical libertarians"...
Well, I abhor those who try to take freedom away from people. So the feeling is mutual I guess.
Why as an Apple user in the UK am I considered too dumb to use a 3rd party app store but if I were 30 miles away in France I would be considered intelligent enough to cope? Because this was never about my safety. It was about their 30% as correctly supposed above.
Why in the UK Billy is considered a civil engineer but if he were 30 miles away in France it would be considered illegal for him to sign off on a bridge design? Different places arrived at different consensuses.
Online is terrible for kids. Online is terrible for adults! Too many people don't have the agency or social skills to manage themselves. Conspiracy theories, anarchists and libertarians, misinformation and disinformation, weirdos and beardos and creeps of all description. People end up believing all kinds of things that just aren't real.
It'll be best for society if things are a little more regulated, a little safer. And I'm happy to help where I can. Listening to the terminally online about it would be counterproductive.
1. You need a camera on your computer to allow a third party to verify your age before viewing adult content
2. It applies to social media too
3. It applies to your operating system too
4. Unless you age verify, the law demands your computer must be powerful enough to run an AI, or be internet-equipped and send your private photos to a third party, to detect and prohibit nudity. It must be capable of running in real-time, presumably, to work on Facetime calls and such.
Next step, certainly to outlaw most operating systems and older devices. Excellent news for Google, Apple, and Microsoft, bad for Linux and alternative operating systems. Remember when schools handed out Raspberry Pis?
Edit: And they are asking for this to be implemented for free in three months, because nobody knows how software engineering works. Great job
However the original proposal was pretty much aimed at phone manufactures. It is perfectly possible for current gen phones (and previous gen) to detect nudes in camera. Infact most phones do that already in order to adjust the exposure, its just you dont see that.
The problem for the UK is that they are not legislating technically. The original proposal was tightly scoped. The problem was, because of the way government runs in the UK it was shelved. Now that its not, the original scoping has been mashed, as its been blended with an child social media ban (quite what makes them think social media is ok for elder millennials++ is also interesting)
If they actually decided to make laws like they did for building materials or cars (ie all phones must conform to EU/BS standard x/y/z) then life would be much easier for everyone. But alas we have forgotten how to govern. something must be done now
>Next step, certainly to outlaw most operating systems and older devices.
They won't have to.
Instead, they'll just make some new essentially mandatory tech which older devices cannot run – update or stop existing, societally.
----
Phones and email already seem this way (i.e. "required") – from my perspective as an internet user whom doesn't use phone/email, personally. Nobody believes me when answering "no phone, no email" – free-est man alive - their loss is disbelief.
I am very curious how you make it in current society without a phone or email. It does sound incredibly freeing, but I'm definitely having trouble comprehending how it works.
This isn’t just your photos. This is all content displayed on the device, all content captured by the camera - everything. Full take. GCHQ must be wetting themselves.
We all know this is the first political position. They'll walk back half of it, and what remains will appear to be a compromise, but was what was intended all along.
We all also know they know they will be absolutely ravaged in the next GE, at the scale of the Tories.
The question - why hand that to Farage and his far right? Is Keir Starmer a far right operative in Labour? His track revord would suggest so, but do we have any receipts?
I don't think so, I kind of wish but he was a skilled human rights lawyer, the head of CPS, an utter moron wouldn't be able to achieve this much, he's not a lettuce.
I'm afraid it's a malicious intent here, and I also wish I could see a competent government, but until one takes on FPTP and media dictating the policy, nothing changes.
The hope is in the angry youngsters, maybe they could vote Greens+LibDems in.
Alternative interpretation: the purpose of a system is what it does, and the PMs and governments are competent at something else than what you think they should be competent at.
That's not what the UK is demanding. They want client side scanning malware that breaks DRM, circumvents encryption and VPNs, and bypasses other security features in order to scan everything visible on your screen.
It absolutely doesn't. However, the argument doesn't work when it's about connecting the "is the user a kid" bit to the existing and constantly running object recognition (phone cameras already run skin detection all the time to set white balance), so people invent "third parties" and "report people to authorities".
But "Is the user a kid" is already a switch that I (a parent) switch on in the device and that the kid in question can't switch off. That bit seems like a solved problem?
Why would anything else even be needed in that space? The interest of parents and tech companies likely align here.
With just enough fascistic pressure maybe Usenet can be great again. Just have to figure out how to filter known good content from the spam which I think can be solved with OpenPGP identities. Otherwise Tor and download managers for the patient people. Static generated galleries of pictures and videos spread across thousands of small sites. Some downsides of pushing people into dark corners is that all regulation goes out the window along with some tax revenue. Loss of tax revenue may be one way to get their attention.
The Government is going to put a snitch on every phone, tape every bedroom, and listen in every evening on every home. Every doctor's visit. Every therapy session. Every pub. Every street. Every store.
When the snitches phone home, what you type to your lover may get the cops sent to your home.
Artificial stasi in every desktop, laptop, tablet, camera, and phone. Around every corner. In every living room. No one will be exempt from their gaze.
Are you ready for your vacuum cleaner to phone home?
Signal the messaging app/platform? A funny thing is that Signal barely works (with VPN ofc) here in China. Sending media/images is impossible. Sometimes it’s blacked out weeks on end. Everything else seems to work fine ish (again with VPN ofc).
Signal outright lies in their privacy policy. It opens with "Signal is designed to never collect or store any sensitive information." but they collect and permanently store sensitive information in the cloud (user's name, photo, number, and contacts) and in some cases they even store the contents of messages. They've steadfastly refused to update the policy even as they introduced those features deceiving users about their risks. Signal can't really be trusted at this point.
A service that advertises itself as privacy focused refusing to update their privacy policy while adding features like this seems like a pretty big dead canary.
Did we read the same article?
You're complaining about an optional back-up service. No data is being "collected," you're giving it to them (in an encrypted form) to store on your behalf. How else would a backup service work?
If you don't want to use the cloud version, there's a feature to store backups locally on-device.
Shrug. If they don't, they will lose the customers who do care about privacy and they won't lose the ones that don't .. right away. However, it will near guarantee further fragmentation and circling a new solution that will be recommended to normies by their techy friends or current batch of cool kids. We have been here before. The only way to win the game is not to play. Especially with government, the moment you start playing, you lose.
Surveillance replaces ostensible individual fringe threats with a clear dangerous pervasive and (for practical purposes) irreversible threat that monotonically aggregates increasing centralized leverage over every aspect our lives, direct and indirect.
Knowledge is power. Forced revelation of our inner lives puts each of us in a position of vulnerability.
Even when "not abused", the very real latent threat actively takes away freedoms of thought and action.
It is extreme abuse.
It undermines any sense that the state works for the people, when it operationally embodies a maximalized one-way threat over all citizens.
AI collation exponentially compounds the threat, the passive and active damage.
One of the wisest ethical/safety concepts ever: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated."
Democracy that sets up the levers of total autocracy is the greatest possible perversion and threat to democracy. Democracy only works as long as it recognizes government is the greatest threat to freedom. And that strict limitations on its power over citizens is the only defense.
I didn’t mind Starmer but this is finally giving me the leg up onto the anti-Starmer bandwagon.
What a dreadful legacy to leave - a sad attempt to get the biggest possible bang for the smallest possible buck. Also, 3 months? Perhaps that is as long as he expects to be pm.
Surveillance is a tool. It's neither right nor wrong, good or evil. It can be used to create safety (as it is by police forces, when authorized by judges, in compliance with democratically voted laws), or can be misused to create terror (and, as we've seen before, it never needed cellphones for that).
We should guard against the misuses and create enough legal frameworks to protect individuals' privacy (and aggressively uphold those protections). Private companies already do that - if I query a database for PII without proper approvals, or I query it outside the approval's boundaries, it'll take a couple minutes for me to receive something between a harshly worded e-mail and a visit from a couple large people who appear surgically incapable of smiling.
> Surveillance is a tool. It's neither right nor wrong, good or evil.
What is it a tool for, it is a tool for observing while no person is present therefore breaking privacy.
Privacy, a state in which one is not observed or disturbed by other people.
Any tool is (as long as it exists) always used for right or wrong, good or evil. However what might be good or evil is very subjective. Both in the moment and looking back on the use of the tool. Therefore it might be best to consider not creating the tool at all, instead of the current we'll try it and see what happens rhetoric.
Kudos to signal for coming out on side with this, and quickly. I only hope that this stance is quickly picked up as a counterpoint to the ever-so-strong narrative that more hastily concocted sledge-hammer legislation is the best step forward.
This step forward is instead of building understanding of, and solutions for, the erosion of communities, trust and empathy for others. I feel these things might (MIGHT!) be overlooked symptoms of poor investment, policies and governance for healthy society. Crikey, perhaps I shouldn't try and call that into account, it sounds like I might be cynical about politics. Oh dear...
Governments have been pushing surveillance since the earliest days of the consumer Internet.
The earliest example I can remember is the Clipper Chip. That was dead three years after it was proposed.
This current idiocy - proposed by a PM who promoted a very good friend of the most notorious paedophile in recent history to ambassador, against the recommendations of the civil service - is similarly doomed. Three months to implement huge changes to every OS on the planet? Like that's even remotely likely.
Signal refuses to answer: Why won't they release/open source all of their backend infra automation scripts/tools/etc...
There's no reasonable reason why a 501(c)(3) won't put this out there to make sure there's redundancy so we could built an alternate network if they're compromised by some gag order.
Probably because its leadership seems to have been taken over by more politically and less technically inclined people (for better and/or worse) who don't understand why it matters.
The trade is we get (hopefully) people very dedicated to keeping the org developing the stuff alive and well-funded, and gaining mainstream acceptance/attention.
Signal did such things always. They delayed years to clarify licensing to allow iOS forks. And hid server source code for a year to hide MobileCoin integration.
Signal just can't be trusted at this point. They're probably compromised. My theory is that that's why the very first line of their privacy is a lie saying that it's designed to never collect or store sensitive data when they keep a list of your contacts forever in the cloud (and in some cases now even message contents).
The average person hold all kinds of conflicting views.
The average middle class parent will surveil the shit out of their children, for example.
Hence the title of the article is not completely correct. The outcome of surveillance is the intent of the entity surveilling. In the case of the parent, this is likely the safety of their offspring. In the case of a state entity, it's likely the safety of the people in power of the state. This second type of safety is very dangerous and does not include your safety.
> The average middle class parent will surveil the shit out of their children, for example.
Most of those parents will argue that they have the right to do that and are actively recommending other parents to do the same. It happens so much that a local celebrity actually said the following recently (paraphrased)"As long as you live in my house I(the parent) have the right to go through your room, your stuff and your phone whenever I want".
In my country this is actually illegal as kids have a right to privacy just like the parents, though it happens so much since kids don't have the resources to sue their parents therefore people think this is normal (and kids grow up thinking it is normal).
I think you are onto something with intent here. By now, we effectively know that various power centers are getting away with things that normal people do not. If true, the concern is not that we are getting away with things, but that we might be thinking that maybe current arrangement is no longer suitable. In other words, they are literally preparing for a worst case scenario. And to me, this seems silly now. As in, I buy the fear of a peasant uprising and being on the wrong side of the scythe, but I sincerely doubt peasants will actually do anything.
The average person doesn't think that far ahead. They just hear "a cause I like can be furthered by implementing 1984" and so they support it.
Check out any comment section on transportation policy, environmental policy, professional licensing for trades other than software. Look at how HN, people who should know how this sausage is made, schemes about how policy and technology can be used by government to enforce it's will and preferences upon other people in ways they cannot avoid or resist. It's not a case of divide and conquer, it's a case of completely lacking principals. Nobody believes in privacy, civil rights or that the application of government (violence) should be expensive and difficult and politically fraught when it's an application that they like. Nobody is thinking far enough ahead to wonder how those systems will be used when the whims and dispositions of government and society shift.
Just this morning I was reading a comment where some jerk was scheming about how the government should (the implication being that now that AI makes it easy to automate) scrape property listings and fine people for not pulling permits when there's a diff from the prior listings and that the whole thing can be automated and anyone innocent can just have the government tour their home to prove it.
There is something to be said about true believers, who will go out of their way to not 'live and let live'. I remember getting extra antsy when one such individual was flying drones over private properties looking for signs for what they believe is an issue.
Tech.. it truly is a tool and something of a true reveal of character. It immediately shows what you do with power.
I doubt the average person gives it much thought at all.
This certainly isn't a result of democratic overreach by a concerned group of citizens. No demographic is demanding this.
It's one of those "create the infrastructure for stasi 2.0" the epstein elite tries to periodically ram down our throats ironically using "think of the children" to manufacture consent.
How long until we find out the politicians have written in an exemption for themselves and the security apparatus? I hope my pessimism is unwarranted in this case, but it certainly isn't unfounded.
Detection, even if "on-device, fully private". Is meant to notify others, the person viewing the image already knows what they are viewing. I would argue that the notifying of others of what (kind of imagery/category) you are viewing, is the main violation of privacy, even if the actual imagery is withheld.
Actually withholding the image may make it harder to fight the accusation (in court) if wrongly categorized.
For now the category argued seems to be "nude children" but what safeguards are there that prevent another category "politically sensitive"?
Its been getting pretty bad for a long while now. On the topic of UK privacy, there's an interesting requirement that if you are a "data controller" processing "personal" data for "non-exempt" purposes, you need to register with the ICO to go on the register. Even can apply to individuals.
Sounds great until you realize anyone that does that effectively gets their residential address publicly doxxed and archived by archive.org (unless they can use a separate company address or spend money on a po box). And to make it worse, unless you have an obvious named company it's basically useless for looking up data controllers.
The UK should just be banned from modern technology until their government has evolved socially enough to respect privacy. Companies need to pull out and stay out, because that's the only way the UK government will learn a lesson.
I'm sure when this law goes through they won't stop and will shortly be lining up some even crazier surviellance tech.
I'm thinking something that automatically scans your computer for porn or other things, like ripped film mp4s and sends it to the goverment to be analysed.
Or perhaps little gps trackers that children are mandated to wear at all times.
They do. The tenders don't write themselves. The scale of corruption is unprecedented, yet nothing - as it seems - is being reported or even questioned by civil service.
What the UK is trying to do here is evil and authoritarian. Its the sort of thing people brushed off as conspiracy theories not long ago. It is completely and utterly unacceptable.
I recently talked to a brit who expressed their fear of... knives. It blew my mind. The UK has one of the lowest murder rates in the world, 5 times less than the US, but they're so incredibly afraid.
They are just plain embracing a culture of paranoia, cowardice and extreme surveillance. I wouldn't care because I don't live there except the dystopian tech and business models they're developing ends up crossing the seas.
Because in the UK people believe, media enhances this, they can get stabbed for little to no reason or over a small argument due to mostly due to social tensions but also poverty. In the US it seems you have a high chance of not getting stabbed/shot if you don't agitate. So I think the paranoia about knives does not correlate with the likely hood of getting stabbed but with the unpredictability of it.
I agree that this is the wrong direction to develop into.
100%. The public tend to get very angry when police kill innocent people. So the govt want to squash any uprising which is exactly what they've been doing by taking down any video that allows people against the status quo to coalesce and coordinate. They want people to very energetic about voting for one of a few awful options which amount to /dev/null.
The counter must be as visceral is the claim. They make an emotional pitch:your children are in danger, surveillance is the solution. The counter must show the dangers in visceral, emotionally relevant way. This surveillance is actually a risk to parents and children as well - that by the accusation of an opaque, unaccountable system, you will be labelled a pedophile, and your kids taken away. That when sharing a picture of your own child with your own mother, you will have to worry about what the electronic bureaucracy will label your picture as.
Abstractions like privacy,and categorical claims, aren't going to reverse this. A properly pitched campaign could do. Sure, complain that politicians and the public are dumb. That may make you feel better but it won't change this an iota. Talking to people in the terms they care about might.
>>> That when sharing a picture of your own child with your own mother, you will have to worry about what the electronic bureaucracy will label your picture as.
I 100% agree on the need to counter emotional fire with emotional fire. And this is the right way to combat this sort of overreach
However, I do think that “the choir” need to rethink what is and is not privacy - a huge amount of the benefits of having our every waking moment monitored by the virtual world (which is going to happen) can be lost if we don’t allow epidemiology to follow our digital selves.
Detecting one’s word use is slipping might signal a trip to the doctors or a thousand other digital tells that will help us improve our lives. If we have to fight against ads and digital searches for terrorism, at least let’s get the benefits too.
That's all very well, but we just plain don't have a legal, economic, or technical system which will allow separation of the good uses from the bad uses. Once data is in someone else's possession, there's f-all way to prevent it being used to do whatever the possessor wants. Even if there is a legal agreement, it's easily abrogated, or overridden by insolvency law, or by a company having a "we can update our terms" clause. Some of this I can imagine how to address - insolvency law could be changed, for example - but in the absence of a fully robust system, promises of "we will only use your data for good" are not credible. Those who actually want to use data for good should be on the side of robust assurance of that, not just plead that they can be trusted and that no accountability is needed.
It’s hard to enforce a law so we should not have the law seems a poor argument.
Let’s say we define personal data about, generated by or inferred from the actions of a natural person as owned by the society as a whole. And misuse is liable to 5% of annual turnover. It’s more or less GDPR. That seems viable - and I am sure an army of class action lawyers will be happy to help out
(Ok I need to work on a better proposal but I think this is more doable than you are allowing for)
I don't think we necessarily disagree. I am pessimistic about laws being effective in this case, but that doesn't mean we should not try to find ones that are. I like your idea. Thinking and trials in that direction would be good.
Data using organisations often seem to prefer fig-leaf laws that aren't effective, and lobby against ones that might be effective. "My data use is a good use, therefore I should not be subject to restrictions and oversight". Instead, anyone with a use of data which is valuable to the public should not see themselves as on the same side as the advertisers and surveillance vendors. They should see themselves as on the opposite side.
Characterising people who analyse reprehensible material in order to try to save children from abuse as “pedos working for government to watch all the reported images” is, quite frankly, disgusting.
You don't give a stranger the keys to your house but we run their code every day.
This is wrong regardless of there being surveillance present.
We all know where it went wrong and can't say we did not know.
Signal is on the right side here. I think it's time for us techies to fight back by developing the future. I'm trying to do my part - https://mediaden.ca
Also looking to get involved with the meshtastic project.
I used to agree with this, but now I don't actually think I do. Apple's app privacy report can be used to guarantee network access for any iOS app - https://support.apple.com/en-us/102188
That only shows the domain eg facebook.com, not facebook.com/tracking-script. There's no reason that they can't put all the bad stuff on the same essential, first-party domain needed for the app which makes DNS blocking and viewing not effective.
That's why you can't block youtube ads with DNS, only with a browser-level adblocker because the browser adblocker is able to block the specific paths.
You can view the full encrypted traffic with something like mitmproxy, but there's ways apps can detect or prevent it.
For me, right now, I think it's conceivably a security advantage if the source isn't public. I know security by obscurity isn't a strategy alone, but with an incredibly difficult surface area to attack, I think user's using the app are very well protected, except for against nation states.
Same people screaming 1984 have five authenticator apps installed on their fingerprinted tracking device and 2fa with their phone number, and have no idea what 'sensors off' does.
Palpable irony present when a chat provider whom requires personally identifiable information to use their service complains about privacy...
Follow-up/P.S.: There's a Doctorow piece [0] which I think is relevant here. It's about how individual refusal (e.g. to quit your job at an employer when they require an authenticator-app) is an inferior substitute for "real" politics on both a practical and emotional level.
> It's obvious why we might prefer to substitute voting or shopping for politics: they're activities you do alone. You don't have to find anyone else to do them with you. [...] Individual consumption choices don't change the world, but if you've been convinced that the only way to change the world is by voting with your wallet then when the world stays terrible, you can only conclude that your friends and neighbors have ruined by things by voting (shopping) wrong. [... and] every political disappointment in your life is down to your friends' personal defects.
What's wrong with two-factor authentication? TOTP work without any network connection and only requires synchronized clocks to work. You could even do TOTP with pend and paper if you wanted (and were fast enough), no computer needed at all.
Two-factor is one thing. They're mandating client-side scanning in every operating system. This was previously rejected for obvious privacy reasons.
There are already phones with an anti-nudity feature as a parental control option, but the key there is that it's optional. The major pivot with age verification is that all devices treat all users as a child until they identify themselves with a third party. This allows a rhetorical paradox that the controls are only for children, when they apply to adults too by default.
Won't somebody think of the children appears to be the world's most effective method of bringing in restrictive and privacy destroying laws, yet they just don't work.
The idea is that people who have politics like yours can be “visited” by the police and asked to “voluntarily” come down to the station for an interview about “hateful rhetoric” on social media. Doesn’t matter how you vote if actual political opposition is outlawed, which is where the UK is heading rapidly aided by digital surveillance.
Well yes, the great cabal of people bringing in these immense rafts of surveillance are the very people who commit, or who certainly hang out with the people who commit the most heinous acts. See the Epstein files.
Notice the same people will also talk during the daytime about morals and equality, while then conducting genocide in the evening.
This is really disingenuous coming from Signal who pioneered secure compute architecture for a number of useful features [1][2]. On-device checks are no more "surveillance" than Signal's private contact discovery is, and the same slippery slope argument applies there.
It's also technically incoherent: the exact same kind of "surveillance" is already applied by every single phone, because that's how the Photos app (or whatever it's called on Android) searches for cat pictures based on the text "cat". I can't recall any Signal statements about cat recognition technology leading to "reporting people to government authorities".
The "cover-ups" link right in the beginning is a real mask-off moment though. This is not a measured statement informed by the reality of modern Britain. It's an American view informed by the twitter cesspool and divisive rhetoric of the far right. It's a real shame to see Signal falling so low.
Not even Saudi Arabia does the kinda draconian bullshit the UK is doing nowadays. This is what happens when your government is occupied by foreign agent traitors.
We already have warrants, judicial oversight and public audits to prevent abuse of power. Not sure what's authoritarian about standard overt surveillance.
No, not in the UK. XKEYSCORE surveillance tools are used without a warrant signed by a judge (the police grant themselves "warrants" covering unlimited uses for a period pending renewal, which I would have assumed constituted a "general warrant", something prohibited in UK constitutional law... but I am not a UK lawyer).
MI5, MI6, and NCA are immune to Freedom of Information, and you cannot sue in open court; you can take it to the Investigatory Powers Tribunal, who will not even let your lawyer see the relevant information to the case.
Everything you said is true and inteligence agencies should not be above the law. But the logical response to that is to fight for strict oversight, judicial reform, and to disallow the misuse of those tools, not to abolish surveillance entirely. A broken system should be fixed, not thrown away (unless there is an alternative better system which is not plagued with these issues).
This was so profound. Now that I think of it there is nobody to watch the watcher and we should just dismantle society and let the local warlords sort out the crime rate. /s
Beyond the fact that this isn't true, it's even less credible coming from a new, anonymous account. If privacy is really so dangerous and has no value, you should have no issue making comments like these under a publicly identifiable account.
I noticed you skipped over every other part of my comment to focus on an irrelevant one. Is that an admission that you don't actually stand by what you say?
Internet pseudonymity from other strangers on a public forum is very different from being anti-surveillance. I am not sure how you could equate the two.
I would have absolutely no problem if the state contacted HN to obtain my IP access logs and other identifying information if I were to post something illegal here. Expecting privacy from random internet users is not the same thing as demanding immunity from law enforcement.
Surveillance which violates the privacy or other rights of lawful citizens is worse than crime, I argue. The criminal fears the police, but the government obeys nobody.
Security cameras in public areas, I don't have a problem. Government mandated scanning software running on my PC, yeah, I have a problem. It amounts to a warrantless search.
It's no more "warrantless search" than object recognition in your photo app. Signal deliberately misrepresents the policy, which is about connecting (already existing, local) object recognition to (already existing, local) established adulthood of the user.
No, it's much worse than you suggest. Quoting the government:
> The government therefore wants Apple and Google to block nudity across the whole device by default, so they can only be deactivated via age assurance.
All smartphones and tablets will be required to detect and block adult content on the device. You can avoid it by showing photo ID, but it's bizarre that the default state should be to assume the user is not an adult until proven otherwise.
Article 1 of the ECHR guarantees that "every natural or legal person is entitled to the peaceful enjoyment of his possessions". "Until they show government ID" isn't in there!
Perhaps I'm jumping the gun to assume this will be used as a precedent to require on-device scanning for illegal content, and further extended from smartphones to desktop PCs. However, I'm not optimistic.
How is it worse than I suggested? There's no "surveillance", for all intents and purposes it's just a hole in functionality requiring age verification to be filled. Article 1 doesn't guarantee that as a kid I can use my possessions to acquire a bottle of vodka.
You don't need to show a government ID, I never did. Also, I trust Apple-mediated age verification with a single bit output to any vendor much more than a random B2B SaaS.
More generally, the backstop on abusing system is always political. It can't be just a passive immutable barrier with any variation seen as a slippery slope (see the US government just buying commercial intel on citizens). Our political system just saw two ~new national parties spring up in additional to already established three (plus national parties) and MPs revolting at a mild inconveniences to their constituents. We're alright.
People are less likely to commit crimes if they know the state has the tools to identify and prosecute them. Surveillance provides that capability, and reducing it makes solving and deterring crime much harder.
The cost is manageable as long as it's used for the right reasons and that the data is kept secure. The benefits of deterring violence outweigh those risks.
Billionaires may be a bigger threat but criminals are a threat nonetheless.
Have they never heard of "the boy who cried wolf"?
First of all, age verification is not mass surveillance, it is possible to verify your age without disclosing who you are to the site you're visiting, and without disclosing what site you visited to the government. There are even age verification services (and I do despise them fully, this should be a government provided service!) that use only facial features to determine your age (you can call it surveillance, but not "mass").
See, the thing is, no matter how good your intent is, no matter how noble your cause, if you use lies and half-truths to further your argument or resist change, it only serves to undermine it all. For example "They do not deserve surveillance," is so disingenuous, if a site is required to verify age, the only children whose age might be verified are those who might have been exposed to that harmful content otherwise anyways, they're not being selected for surveillance, no one is trying to spy on children (or could possibly benefit from doing so using this method, since it is so unreliable), but they're framing it as it is so.
This isn't like "DRM" or "the nsa is spying on everyone", and there is a big difference between Signal (how are they involved in all this? is this just opportunistic politicking?) being required to verify peer-to-peer messaging from a porn site or or a live-cam site for sex workers requiring both parties to be age verified (where children do get trafficked!!).
Don't get me wrong, I don't like the idea, i really hate it but the prevailing positions in areas of the internet like here is so irrational and unreasonable.
You can't flash your private parts at children, you can't take children to a strip club, they're required by law to check IDs (even night clubs are!!). if that same interaction happens on the internet, suddenly no age verification is needed?
Is it because this problem has been left unaddressed for so long that so many are just too used to "the old way of doing things" despite the ever increasing human suffering caused by lack of regulations and laws like this?
I hope legislators grow a pair and stand up to these tech-crusaders who will burn down the world so long as they feel their corner is safe and secure.
Shame on everyone who refuses to have a nuanced discussion on this and instead takes an all-or-nothing position against any sort of legislature that would reduce (not eliminate) the harm being done. To mean, such people are no different than catholics, teachers, administrators, and anyone else in a position to do something about harm against children but turned the other way because their little world would be too shaken otherwise. Hiding behind "mah privacy!!" doesn't absolve you of the responsibility to at least attempt to be nuanced about it, at least propose an actual solution instead of just "I don't what the solution is, but not this" or "parents are at fault, I don't care" or something lazy like that. I wish I didn't know that when it comes to their own interests, wannabe technocrats like these are ingenious in developing tech like homomorphic encryption, differential privacy and zero-knowledge-proofs; this isn't about anyone's privacy or mass surveillance, it's about preservation of the status quo, apathy and faulty slippery-slope fallacy thinking.
> it is possible to verify your age without disclosing who you are to the site you're visiting, and without disclosing what site you visited to the government.
I can't believe people are really okay with a system where you have to show your real face to access websites. Cameras on phones went from a novelty to a government mandate so you can be observed.
There are various other potential methods to verify one's age, all of which are forbidden by OFCOM. Account age, zero-knowledge proofs, key signing, some kind of OAuth thing, physical tokens that require proof of age to buy, etc. The only permitted ones require your to link your real-life identity. This is a huge boon to the intelligence services and law enforcement.
Even among the few permitted verification methods, there are obstacles. Each site usually provides only one verification method at one verification provider. You may have to trust a company you never heard of before. Sometimes the photo fails (maybe their system thinks you don't look old enough) and they ask for ID too, or the photo fails and you are locked out of verification. Some services only allow credit card verification (e.g. Steam), so if you have poor credit you aren't able to even view the store page despite being of age.
What I say is, we don't need any of this. For thirty or so years we had client-side optional Parental Controls, and it worked fine. Many adult sites voluntarily use a <meta name="rating"> tag to ensure sites are correctly identified. The ability of adults to access adult content was not impeded. Parental Controls work better than verification because 1) many sites will not deploy age verification, and 2) it's trivial to overcome photo-based ID by holding your device up to a picture of an adult on a television set.
> There are various other potential methods to verify one's age, all of which are forbidden by OFCOM. Account age, zero-knowledge proofs, key signing, some kind of OAuth thing, physical tokens that require proof of age to buy, etc. The only permitted ones require your to link your real-life identity.
This is just not true. See 4.17 here, for example [1]
> The only permitted ones require your to link your real-life identity. This is a huge boon to the intelligence services and law enforcement.
Then let's talk about THAT!! why is that not the discussion instead of "nah, we'll find a solution some other day, for now, let's not solve anything"??
> Even among the few permitted verification methods,
These laws are still being debated, what's permitted has not been decided, why is Signal not advocating for a privacy friendly alternative. Why are our options lose all privacy to the most horrible people ever who will do us harm versus let the children suffer!
> You may have to trust a company you never heard of before.
Why do I have to? Why can't the government itself issue something as simple as a timestamp CA certificate signature for a secret that expires every few weeks, requiring facial/ID verification directly with the government to generate a new secret? the site only needs to verify that the signature is correct. a signed token you show random sites. and this is the most naive idea i brought up for discussion without things like zkp even considered. Lawmakers aren't being told by the likes of Signal "there is a better way to do this, let's discuss" they're being told "ignore what all the scientists, research, law enforcement, social workers are telling you so we can watch porn in secret".
> For thirty or so years we had client-side optional Parental Controls, and it worked fine.
It absolutley did not work fine! the toll of human suffering is inexcusably abominable! I shudder in confusion between whose head i should rip off or why this damn planet hasn't been burned down to ashes already at the very thought of all that has been perpetrated using this technology. The internet multiplied and empowered many things, chief amongst them is human cruelty and apathy.
> For thirty or so years we had client-side optional Parental Controls, and it worked fine....
Save your breath, even amongst those who genuinely wish to do well, they have employees and user generated content they can't keep up with. There is no excuse for this. Forget about the tiny span in human history that is the past 30 years. How many people died of industrial accident at the begining of the industrial revolution, how many people died because of car accidents before all the car safety and traffic laws were in place. Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet. Just because you don't see it, doesn't mean it doesn't happen. The internet isn't special, it's just a tool, a technology that connects people. Except billions are connected, and now they can abuse and harm each other across national borders , timezones and continents and maximize their profit from it.
HN and tech-world in general is like any other industry that caused massive suffering until it was regulated. I keep making the same simple comparison of a stripper IRL vs live cam porn over the internet, and no one in this thread even wants to attack that simple example that I picked because it isn't overly sensationalized and universally accepted that laws should force strip clubs to check IDs in any country on the planet. I didn't bring up pedos, human trafficking, revenge porn and so much more in between. and that's just the sexual dramatic stuff, not the seemingly harmless stuff that is easier to brush away and dismiss.
People can see your face and make decisions when they interact with you IRL, they can't over the internet. The problem is huge and the fact that the internet has been young and unregulated does not excuse looking the other way.
I can't believe I'm defending politicians' (however ill intended) agendas against HN/tech-world. but here we are. If things progress this route, I would even cheer as everyone (self included) loses any semblance of privacy or democracy because the alternative was these masses keeping looking the other way at human suffering instead of finding sensible middle grounds, especially when the tech is there. This is insane to me! things crypto-bros (both kind!) have been trying to make main stream like zkp and homomorphic encryption and so much more can actually solve a critical fault of the internet, and the choice is to just let people suffer instead of risking a potential slipper slope.
zero knowledge proofs exist, don't they? also it matters "private from whom, and what". You can make what sites you visit private from the government, and your identity a secret from the site, but the inverse isn't true, the government would know the identity, and the site would obviously know someone visited it.
The problem with this whole thing is the expectation of privacy online for interactions where their IRL equivalents don't have such an expectation. Even if there was no harm being done to anyone, it isn't a rational argument if you subscribe to the ideal of equal treatment under the law.
Zero knowledge proofs exist in theory, but none of these age verification laws that are introduced use them, probably on purpose. I'm certain that every government will want to know what sites everyone visits.
Did they think, as they worked to transfer final say from users to corporations, by technical means, that politicians couldn't transfer that control to themselves by political means?
Did they think they could lock things down to extract their 30% app store fee while enforcing rules through app review (and demonstrating censorship of sites like Tumblr) that politicians wouldn't want that same rule-setting, censoring power?
Did they think their employers were going to prevent that transfer, that the trillion-dollar companies would become some sort of Che Guevara style insurgents, running a guerrilla campaign to overthrow the very system that made them trillion-dollar companies?
This is akin to how two kinds of people respond to law. The first kind think "This is the law, we must follow it" and the other kind think "This law doesn't make sense, we must change it".
People who look at pedestrian traffic lights and cross when it's green vs. people who look at cars and cross when there are no cars coming. The first say you must follow traffic rules and the second kind say they wouldn't be alive if they looked at the green/red light of law instead of whether there are oncoming cars: a green doesn't mean it's safe to cross and a red doesn't mean you can't cross if only there are no cars.
Indeed. I can't understand the people who blindly believe any law is good just because. Stop, think. Is the law good? What's good about it? What's bad about it? Can it be abused? Then maybe it should be changed?
I advocate that every law should have an annual review to catalog every case where it has been applied. How many were sensible positive outcomes? How many were unintended consequences? How many were clear abuses of the letter of the law? Every legislator should vote on the record based on that annual review to either renew or cancel the law.
I think many people have an expectation that (all) laws are just and needed because... somehow they're the law.
In reality, laws can be unjust, unnecessary, biased, and completely arm-wrestled together by people strictly following an agency of their own. Other laws are put together by sheer ignorance and lack of thinking beyond mere good intentions. The first question shouldn't even be "is this law fair" but "was this law made fairly".
It creeps me that people treat laws as axioms whereas they're just polished and reinforced opinions. Sure, many laws we can agree on, and many others that don't agree on aren't worth changing, but you should always question the law and question where it came from before choosing to accept it.
I can see the same pattern with technology such as the various digital restrictions management (DRM) schemes.
https://www.nytimes.com/2003/06/30/business/technology-a-saf...
The mindset the parent described extends to what they're asked to do. They don't challenge it. It doesn't have to already be law for them to accept it and build it. It's enough that the ask comes from authority (a boss, a government) and pays.
Suppose there is some peon at Microsoft who is ordered to write code for Pluton and then does it because they don't want to be fired, expecting to hide behind the Nuremberg defense. The people in your second group will naturally disapprove of this.
But regardless of that, we can ask the same question of the person giving the orders. Someone in these companies initiated these programs, so are they merely fools who couldn't predict the obvious consequences that others did, or are they truly malicious?
I like to call those people "ventablackpilled". Being blackpilled is all about gloom and doom, but being ventablackpilled is beyond being blackpilled. It is when you actively want the world to be a worse place because you believe that that is how the world works.
The solution to avoiding dictatorship is engaging in politics and preventing dictatorship directly through that. Trying to retreat into the (perceived) wilderness and build barriers to dictatorship doesn't really work. But since people drafting that statement don't believe that politics work and it is, in fact, possible to both have a vibrant political scene (we have what, five viable political parties vs the American two?) and not let kids send nudes, they try to drag everyone into the same mind frame.
I sometimes work with people who worked on or at least worked with DRM-like stuff (Trustzone etc.). The people who make those systems and the structures that allow it falls squarely on banality of evil. It is not a big evil org or people with their own evil agendas (unlike Palantir, i think they are the true "ventablackpilled" ones). They are thousands of developers who push JIRA tickets like everyone. Many of them live in the developing world and they just pray to keep their jobs. The reason that big tech attracts developers despite their obvious and much bigger (IMO) evils is the same reason that attracts developers who make systems that can be completely closed down.
Many of the developers are not outright evil either. They sometimes voice their opinion. Their opinion doesn't matter in comparison to the business goals.
Sometimes it is understandable to write blocking software. Not all equipment is sold. Many industrial equipment is leased. So the actual owners want guarantees that their devices cannot be modified by renters.
The amount of info you can extract from an Apple phone or Graphene OS is limited due to same restrictions working in your favor too.
Similarly phones can be locked down due to radio restrictions. Nobody wants infinitely exploitable SDNs in peoples hands. It makes such SDNs a juicy target for enemies like Russia to exploit and turn into scalable attack vector as spoofing and jamming devices.
The reason those are attack vectors is also banal. We made our bed as engineers, voters, governments and business leaders one sloppy work at a time. We made shitty chips and shitty software with no care for security or safety. We sold millions of them and nobody wanted to pay to "do it right way". Worse is better. Silicon Valley style scaling up is the goal. Competition is for suckers. All those and every single one of us ate the fruits of shitty hardware and software that are protected by closed down systems. We engineers got the cushy jobs, our business leaders made 10x 100x gains from our work. We either had little voice (because making a big noise is guaranteeing that your cushy job no longer exists) or whatever we had is ignored in the hubris of shipping shit to billions of people.
I dunno. By that I mean, I am sure it happens, but I am not sure this is the reason for it. FWIW, I am not an engineer, but I have a window into that world.
In my little corner of the universe, we are going through belt tightening exercises already. So it is an interesting game of less meetings, shoving as much as you can onto others and the classic 'doing more with less'. In other words, even for internal customer's 'doing it the right way' is imply not a priority. On the other hand, getting more people, bigger budgets and somehow money saved is. 'Doing it the right way' is a distant ideal.
All that said, I don't think you are that wrong with the 'banality of evil' thought.
What? I don't understand how this is a "two kinds of people" generalization, when the two categories aren't even mutually-exclusive?
One can think a law is bad and should change, while simultaneously recognizing the rule of law and following it.
It's pretty weird to try to pit those two perspectives against each other
There's zero point in changing the law if you don't expect it to be obeyed and enforced. Those positions are not opposites.
You can follow it anyway and make no attempt to improve the situation, allowing the stupid consequences to follow indefinitely. (Notice that anyone who follows the law while doing nothing because they've been convinced reform efforts will be ineffective are in this group.)
You can follow it anyway while trying to change it, attempting to limit the time the stupid consequences exist.
Or you can refuse to follow it.
But the people in the last group should still be trying to reform the law, both so that they don't have to risk being prosecuted for doing the right thing, and in order to get the people in the first and second groups to stop doing the stupid thing the people in the third group are already refusing to do.
It is a dynamic world where respect for law, trying to change law and plainly saying: "go fuck yourself, not gonna do it" should and do coexist.
Absolutely all laws followed strictly to the letter would kill a society.
Don't forget the selfish jerks who simply ask for whatever class of traffic that isn't them to be punitively regulated to their benefit.
(both literally and transferrable to other issues as a metaphor)
The problem with that is it generally requires a central point of trust.
Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
Without commenting on the UK governments stuff (It is probably full of shit, but then thats what lobbying does) We as technologists need to engage with wider society and understand on their terms, the worries they have.
For this particular "proposal" it strikes at the core worry of today's kids. They are sadder, more insular, more dependent on mobile comms and exposed to much nastier stuff than millennials were at the same age.
AT my school in the very late 90s, a group of 14 year old girls went to the beach and took a disposable camera. Standard photos apart from one, which was a group of them topless. One of them brought them back from the developers into school. Somehow the topless photo was stolen and passed around various classes.
It ruined her month, even though she got the photo back. I suspect it left scars longer than that.
Now imagine not being able to get that photo back. Thats the problem for todays kids. One moment of stupidity and a lifetime of consequences. (under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life.)
You could say "oh education" but did you listen at that age?
Whats worse now is that there are no gates on what photos can be developed by the normal person. If you took any photo that was explicit, it almost certainly wouldn't be printed (hence why there were very little dick pics from that era).
Is what the UK government proposing workable? well looking at the OSA, almost certainly not.
However unless we, as a tech community engage with society, with useable answers that are understandable to the normal person, then we are going to be crushed by the weight of "something must be done". Absolutism is not our friend here. We need to engage and choose compromises, or lose wider freedom for ever.
The problem with it is that the people who want to use a central point of trust as a chokepoint for censorship, surveillance and monopolization keep claiming that this is required when it isn't.
> Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
The premise being that if you have a monopoly then ordinary people can trust it. Only that isn't the case. A monopolist not only can be just as malicious or incompetent as any of the multiple players in a competitive landscape, they're more likely to be because the lack of competitive pressure allows them to be more abusive and complacent and more capable of capturing the government.
> under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life
That seems like a problem caused by the law. Why is it possible for any actions taken as a minor to cause someone to be put on a permanent list when we recognize that minors aren't mature enough to be held responsible for that?
> Now imagine not being able to get that photo back.
Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
We were the vanguard blocking this to the public's benefit, now they've voted for it our only duty is to ourselves; to make sure the rules don't apply to us.
I think its perfectly winnable argument. For example we already _had_ age gating in the UK, its just it was at the network level on mobile internet. It worked and was unobtrusive.
The antidote to the OSA was to just extend that to domestic internet.
That argument was lost, and lost hard. mainly because we didn't engage properly with a believable solution.
> to make sure the rules don't apply to us.
The point is, they don't really apply to the determined. the same argument could be made for painkiller blister packs. The level of friction that the packs provide reduce drug based impulse suicide by 40% (depending on which study you reference)
The argument against it is "I can't be arsed with pressing the little shits out, I just want it easy". The Populist approach is making it prescription only.
Unless we engage properly, on the right level, then we are going to be worse off.
It's a kind of blindness. The kind that is, in my opinion, is one of the major reasons why we ended up building a world that's more than a bit dystopian.
Sure, they have MEs that maybe you can't disable, but you can firewall them.
Server kit is just not like consumer kit. Even laptops are [still, for now] a lot better than smartphones in this regard.
Believe me, the people writing the age verification laws care a great deal whether the age verification can be turned off by the device owner.
The whole exercise would be pointless if teenage device owners could turn the censorship off.
A sufficiently adversarial teenager could get a different one, but they could do that regardless since it generally costs even less to get some 18 year old high school senior or homeless adult etc. to lend you their ID than to buy another device.
Having argued these topics for decades, I think that a lot of people just truly can't foresee the inevitable consequences. I don't know why, the consequences seem obvious but because they are not spelled out, many people say it won't happen.
Same thing is happening with age verification. We had the chance to just ask if the user is over 18 when setting the computer up, but we didn't do that so they're using a solution from a mass surveillance company instead.
I think you can learn about it most by reading clever, capable people from big tech corporations. Their framing often involves tradeoffs against a slow but inevitable societal pressure that is helped by compromising on freedom.
So I don't believe they are ignorant of all your points; it's rather that they don't see a realistic way how tech, corporations, and perhaps even ordinary people can go forward (being better, or richer, or more sophisticated or whatever) without making that compromise. It's as if they saw the forking paths of the future, and none will end up without technical restraints, regardless of whether they do it or whether things just get worse and someone else then does them.
If you don't understand this, then you just don't understand.
- Oh but you can turn it off so it's no issue (secure boot). Well yeah but more and more stuff just won't run then (eg iOS apps on Mac). It will become the norm to stay inside the fuzzy walled garden just like it already is on phones. And if you stray you will just be blocked from any app that does something useful.
- But companies need to be sure you are who you say you are (attestation). Yes but they will abuse that power if they can profit from it.
Makes me think of the most sobering line I ever saw in a museum (Berlin): The biggest atrocities were committed by people with a spreadsheet and a performance goal.
Or even surveillance, for that matter.
Plenty of hubris, mind.
When in doubt refer to the public API as specified in Revelations 13:15-17"
Communism and fascism were both fueled by atheism (either explicit or functional), not a Judeo-Christian worldview.
"Ohne Gott und Sonnenschein bringen wir die Ernte ein." (Without God and without sun, we will get the harvest done.) - the slogan of East Germany in 1975 when people were hungry and it kept raining during harvest.
I'm not saying we should lynch them, but a good deal of public shaming is in order. Who knows, their kids might pick a different vocation.
Arguably this plan is mostly working for Apple.
Pretty sure they didn't do a lot of thinking.
Corporations are already hostile enough that it doesn't really matter:
The report says that between 30 and 40 Rockstar employees working in multiple offices in the UK and Canada were fired on October 30, all of them part of a private trade union chat group on Discord. - https://www.pcgamer.com/gaming-industry/rockstar-accused-of-...
Leaked Amazon Whole Foods Docs: Workforce Diversity Helps Prevent Unions - https://www.informationliberation.com/?id=61403 (summarizing https://www.businessinsider.com/whole-foods-tracks-unionizat...)
Microsoft Are Fixated on “Hate Speech” With Lopsided XBOX Live Enforcement Strike System - https://www.techopse.com/microsoft-are-fixated-on-hate-speec...
The game of GO delivers an idea where a very large construct can be built then in one move the entire thing flips to a different purpose... seems relevant somehow..
Why does that matter? If it's bad for politicians to usurp that power, it's already bad for corporates to have it in the first place.
I'd rather politicians use power in a way that includes democratic oversight than, say, Peter Thiel doing whatever the hell he likes.
Your argument is flawed here. The truth is that measures such as secure boot do have real security benefits. They can be misused, like any technology can be, but that is not an inherent feature of the tech, but rather how it is implemented. And as the developers of such measures are not a monolith, it is unfair to paint them as merely trying to exert control. I'm not going to argue that some involved parties were trying to exert control. But lots of others were trying to implement a genuine security benefit for the users, and they don't deserve to be reprimanded as if they were some kind of apologists for authoritarianism.
You can argue that exerting control is a good thing - a clever scam artist convinces a vulnerable user to paste an attack at the command line, and the benevolent OS vendor uses their control makes the attack impossible, no matter what the scam artist tells the user to do. A greedy software maker produces a spyware-laden, cookie-stealing update and asks the user to enter the admin password to install the update. The benevolent OS vendor uses their control to make such malicious updates impossible, even with the administrator password entered.
But even if the control is being used exclusively for good, it is, ultimately, control.
At a corporate level, no one cares about lots of freedoms, except if it is a selling point.
If 'keeping freedoms' is a selling point then the ideal position is to gain the kudos of appearing to support this whilst also getting the benefits of the loss of freedoms. Why not get both?
Good tech empowers individuals and subverts authorities, corporations, oligarchs and governments. Bad tech subverts individuals and empowers authorities, corporations, oligarchs and governments.
Silicon Valley has its own ideas of what "privacy" and "surveillance" mean
To those folks, it does not mean privacy from Silicon Valley companies
The Signal app will keep on trying to connect to the mothership
Because to the people who work on Silicon Valley software, that is not a privacy violation
The battle is over _control_ over software not privacy or surveillance. The later is not possible without the former
Silicon Valley does not want the user to have control any more than they want the government to have control
See: the PRC. Support for surveillance is allegedly high. Anecdotally, talking to PRC citizens in circumstances where they don't need to worry about said surveillance (e.g., when they're vacationing in Japan and I want to pester someone and practice my mandarin), they generally like it. Makes them feel safe.
The CPC has sold them on a vision of them as members of the state-race "Chinese" (which is not really an ethnicity any more than "American" is) and the surveillance as a thing that keeps them and their "Chinese" lifestyle safe from non-Chinese. Uighurs have to be extra surveilled until they're also Chinese, which, many are now according to the CPC.
So PRC citizens feel safe and cozy among in the country for "their people," not realizing this whole ethnonationalist concept is at best 100 years old, maybe even younger. During the Qing dynasty, there's a whole hell of a lot of people that think of themselves as "Chinese" that definitely weren't by the dynastic government.
I smell similar happening in Russia, the USA, and Israel, with State support. It looks like right wing groups are trying to pull it off in the UK and Germany as well.
I'm not sure you are aware that China has monitoring operations for its citizens outside China.
Scams, stealing credentials, stealing money, botnets, viruses, losses of data, ransomware, etc etc etc.
What is better for most people is a locked down device like an iPad where each app has to be approved and they're incredibly sandboxed. 20 years ago we had people installing malware because a strange email promised them smiley face emojis.
When we transitioned from the single-user ODS-based Windows model (ie Win98/SE were the last of that line) to a multi-user restricted privilege model based on NT 3.0/3.5/4.0 (first as WinXP) it was meant to be better but privilege escalation was still too easy because of what users had become accustomed to doing and of what was needed to install software you downloaded.
Things like an App Store (on Mac and eventually on Windows) are actually a good thing. Signed apps are a good thing. Having to go out of your way to install unsigned apps is a good thing.
I really abhor "technical libertarians" because they never address these issues. It's all principle-based while ignoring reality, human nature and whether or not unfettered access gives users something they even need.
Also, other people pay the price. Where do you think these DDoS attacks come from? Compromised Windows PCs (primarily).
I'd argue that giving governments and corporations control over our devices has also been an unmitigiated disaster. You could say the same thing about any kind of freedom though couldn't you? Freedom is so dangerous after all. Look at all the problems it's caused. Giving up all of our freedoms would surely make the world better right?
> I really abhor "technical libertarians"...
Well, I abhor those who try to take freedom away from people. So the feeling is mutual I guess.
It'll be best for society if things are a little more regulated, a little safer. And I'm happy to help where I can. Listening to the terminally online about it would be counterproductive.
1. You need a camera on your computer to allow a third party to verify your age before viewing adult content
2. It applies to social media too
3. It applies to your operating system too
4. Unless you age verify, the law demands your computer must be powerful enough to run an AI, or be internet-equipped and send your private photos to a third party, to detect and prohibit nudity. It must be capable of running in real-time, presumably, to work on Facetime calls and such.
Next step, certainly to outlaw most operating systems and older devices. Excellent news for Google, Apple, and Microsoft, bad for Linux and alternative operating systems. Remember when schools handed out Raspberry Pis?
Edit: And they are asking for this to be implemented for free in three months, because nobody knows how software engineering works. Great job
However the original proposal was pretty much aimed at phone manufactures. It is perfectly possible for current gen phones (and previous gen) to detect nudes in camera. Infact most phones do that already in order to adjust the exposure, its just you dont see that.
The problem for the UK is that they are not legislating technically. The original proposal was tightly scoped. The problem was, because of the way government runs in the UK it was shelved. Now that its not, the original scoping has been mashed, as its been blended with an child social media ban (quite what makes them think social media is ok for elder millennials++ is also interesting)
If they actually decided to make laws like they did for building materials or cars (ie all phones must conform to EU/BS standard x/y/z) then life would be much easier for everyone. But alas we have forgotten how to govern. something must be done now
They won't have to.
Instead, they'll just make some new essentially mandatory tech which older devices cannot run – update or stop existing, societally.
----
Phones and email already seem this way (i.e. "required") – from my perspective as an internet user whom doesn't use phone/email, personally. Nobody believes me when answering "no phone, no email" – free-est man alive - their loss is disbelief.
The question - why hand that to Farage and his far right? Is Keir Starmer a far right operative in Labour? His track revord would suggest so, but do we have any receipts?
I'm afraid it's a malicious intent here, and I also wish I could see a competent government, but until one takes on FPTP and media dictating the policy, nothing changes.
The hope is in the angry youngsters, maybe they could vote Greens+LibDems in.
Why would anything else even be needed in that space? The interest of parents and tech companies likely align here.
The Government is going to put a snitch on every phone, tape every bedroom, and listen in every evening on every home. Every doctor's visit. Every therapy session. Every pub. Every street. Every store.
When the snitches phone home, what you type to your lover may get the cops sent to your home.
Artificial stasi in every desktop, laptop, tablet, camera, and phone. Around every corner. In every living room. No one will be exempt from their gaze.
Are you ready for your vacuum cleaner to phone home?
I hadn't heard this before. Doesn't that kind of defeat the entire purpose of using the app?
A service that advertises itself as privacy focused refusing to update their privacy policy while adding features like this seems like a pretty big dead canary.
If you don't want to use the cloud version, there's a feature to store backups locally on-device.
Signal blog: https://signal.org/blog/introducing-secure-backups/
HN: https://news.ycombinator.com/item?id=45170515
Knowledge is power. Forced revelation of our inner lives puts each of us in a position of vulnerability.
Even when "not abused", the very real latent threat actively takes away freedoms of thought and action.
It is extreme abuse.
It undermines any sense that the state works for the people, when it operationally embodies a maximalized one-way threat over all citizens.
AI collation exponentially compounds the threat, the passive and active damage.
One of the wisest ethical/safety concepts ever: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated."
Democracy that sets up the levers of total autocracy is the greatest possible perversion and threat to democracy. Democracy only works as long as it recognizes government is the greatest threat to freedom. And that strict limitations on its power over citizens is the only defense.
What a dreadful legacy to leave - a sad attempt to get the biggest possible bang for the smallest possible buck. Also, 3 months? Perhaps that is as long as he expects to be pm.
We should guard against the misuses and create enough legal frameworks to protect individuals' privacy (and aggressively uphold those protections). Private companies already do that - if I query a database for PII without proper approvals, or I query it outside the approval's boundaries, it'll take a couple minutes for me to receive something between a harshly worded e-mail and a visit from a couple large people who appear surgically incapable of smiling.
What is it a tool for, it is a tool for observing while no person is present therefore breaking privacy.
Any tool is (as long as it exists) always used for right or wrong, good or evil. However what might be good or evil is very subjective. Both in the moment and looking back on the use of the tool. Therefore it might be best to consider not creating the tool at all, instead of the current we'll try it and see what happens rhetoric.This step forward is instead of building understanding of, and solutions for, the erosion of communities, trust and empathy for others. I feel these things might (MIGHT!) be overlooked symptoms of poor investment, policies and governance for healthy society. Crikey, perhaps I shouldn't try and call that into account, it sounds like I might be cynical about politics. Oh dear...
The earliest example I can remember is the Clipper Chip. That was dead three years after it was proposed.
This current idiocy - proposed by a PM who promoted a very good friend of the most notorious paedophile in recent history to ambassador, against the recommendations of the civil service - is similarly doomed. Three months to implement huge changes to every OS on the planet? Like that's even remotely likely.
There's no reasonable reason why a 501(c)(3) won't put this out there to make sure there's redundancy so we could built an alternate network if they're compromised by some gag order.
The trade is we get (hopefully) people very dedicated to keeping the org developing the stuff alive and well-funded, and gaining mainstream acceptance/attention.
Maybe not, but as long as the average person thinks it is, it may as well be.
The average person hold all kinds of conflicting views.
The average middle class parent will surveil the shit out of their children, for example.
Hence the title of the article is not completely correct. The outcome of surveillance is the intent of the entity surveilling. In the case of the parent, this is likely the safety of their offspring. In the case of a state entity, it's likely the safety of the people in power of the state. This second type of safety is very dangerous and does not include your safety.
Most of those parents will argue that they have the right to do that and are actively recommending other parents to do the same. It happens so much that a local celebrity actually said the following recently (paraphrased)"As long as you live in my house I(the parent) have the right to go through your room, your stuff and your phone whenever I want".
In my country this is actually illegal as kids have a right to privacy just like the parents, though it happens so much since kids don't have the resources to sue their parents therefore people think this is normal (and kids grow up thinking it is normal).
Check out any comment section on transportation policy, environmental policy, professional licensing for trades other than software. Look at how HN, people who should know how this sausage is made, schemes about how policy and technology can be used by government to enforce it's will and preferences upon other people in ways they cannot avoid or resist. It's not a case of divide and conquer, it's a case of completely lacking principals. Nobody believes in privacy, civil rights or that the application of government (violence) should be expensive and difficult and politically fraught when it's an application that they like. Nobody is thinking far enough ahead to wonder how those systems will be used when the whims and dispositions of government and society shift.
Just this morning I was reading a comment where some jerk was scheming about how the government should (the implication being that now that AI makes it easy to automate) scrape property listings and fine people for not pulling permits when there's a diff from the prior listings and that the whole thing can be automated and anyone innocent can just have the government tour their home to prove it.
Tech.. it truly is a tool and something of a true reveal of character. It immediately shows what you do with power.
This certainly isn't a result of democratic overreach by a concerned group of citizens. No demographic is demanding this.
It's one of those "create the infrastructure for stasi 2.0" the epstein elite tries to periodically ram down our throats ironically using "think of the children" to manufacture consent.
The last time they did this they contracted saatchi and saatchi to run an a disturbing campaign: https://londondaily.com/revealed-uk-gov-t-plans-publicity-bl...
It's not like it's the average person pushing it.
The statistics on global child porngraphy rings are quite shocking. The UK is a big market consumer for these images/streams.
Actually withholding the image may make it harder to fight the accusation (in court) if wrongly categorized.
For now the category argued seems to be "nude children" but what safeguards are there that prevent another category "politically sensitive"?
Sounds great until you realize anyone that does that effectively gets their residential address publicly doxxed and archived by archive.org (unless they can use a separate company address or spend money on a po box). And to make it worse, unless you have an obvious named company it's basically useless for looking up data controllers.
I'm thinking something that automatically scans your computer for porn or other things, like ripped film mp4s and sends it to the goverment to be analysed.
Or perhaps little gps trackers that children are mandated to wear at all times.
They do question it when they don't agree with it. Which is to say they do agree with a lot of things being done. And that is as far as I can say.
They are just plain embracing a culture of paranoia, cowardice and extreme surveillance. I wouldn't care because I don't live there except the dystopian tech and business models they're developing ends up crossing the seas.
I agree that this is the wrong direction to develop into.
Education is hard but effective whilst surveillance is easy and ineffective. Guess which option politicians take?
The counter must be as visceral is the claim. They make an emotional pitch:your children are in danger, surveillance is the solution. The counter must show the dangers in visceral, emotionally relevant way. This surveillance is actually a risk to parents and children as well - that by the accusation of an opaque, unaccountable system, you will be labelled a pedophile, and your kids taken away. That when sharing a picture of your own child with your own mother, you will have to worry about what the electronic bureaucracy will label your picture as.
Abstractions like privacy,and categorical claims, aren't going to reverse this. A properly pitched campaign could do. Sure, complain that politicians and the public are dumb. That may make you feel better but it won't change this an iota. Talking to people in the terms they care about might.
I 100% agree on the need to counter emotional fire with emotional fire. And this is the right way to combat this sort of overreach
However, I do think that “the choir” need to rethink what is and is not privacy - a huge amount of the benefits of having our every waking moment monitored by the virtual world (which is going to happen) can be lost if we don’t allow epidemiology to follow our digital selves.
Detecting one’s word use is slipping might signal a trip to the doctors or a thousand other digital tells that will help us improve our lives. If we have to fight against ads and digital searches for terrorism, at least let’s get the benefits too.
Let’s say we define personal data about, generated by or inferred from the actions of a natural person as owned by the society as a whole. And misuse is liable to 5% of annual turnover. It’s more or less GDPR. That seems viable - and I am sure an army of class action lawyers will be happy to help out
(Ok I need to work on a better proposal but I think this is more doable than you are allowing for)
Data using organisations often seem to prefer fig-leaf laws that aren't effective, and lobby against ones that might be effective. "My data use is a good use, therefore I should not be subject to restrictions and oversight". Instead, anyone with a use of data which is valuable to the public should not see themselves as on the same side as the advertisers and surveillance vendors. They should see themselves as on the opposite side.
Also looking to get involved with the meshtastic project.
That's why you can't block youtube ads with DNS, only with a browser-level adblocker because the browser adblocker is able to block the specific paths.
You can view the full encrypted traffic with something like mitmproxy, but there's ways apps can detect or prevent it.
For me, right now, I think it's conceivably a security advantage if the source isn't public. I know security by obscurity isn't a strategy alone, but with an incredibly difficult surface area to attack, I think user's using the app are very well protected, except for against nation states.
- how do you know that it doesnt cut down crimes or deter criminals or make identifying criminals easier?
- no seriously think of me as the stupidest person on the planet and explain to me why everyone is super duper paranoid about surveillance
- what other methods do you recommend for tracking , catching criminals, terrorists and anti social elements?
Palpable irony present when a chat provider whom requires personally identifiable information to use their service complains about privacy...
"Yet you participate in society. Curious!"
https://thenib.com/mister-gotcha/
> It's obvious why we might prefer to substitute voting or shopping for politics: they're activities you do alone. You don't have to find anyone else to do them with you. [...] Individual consumption choices don't change the world, but if you've been convinced that the only way to change the world is by voting with your wallet then when the world stays terrible, you can only conclude that your friends and neighbors have ruined by things by voting (shopping) wrong. [... and] every political disappointment in your life is down to your friends' personal defects.
[0] https://pluralistic.net/2026/05/21/purity-culture/
There are already phones with an anti-nudity feature as a parental control option, but the key there is that it's optional. The major pivot with age verification is that all devices treat all users as a child until they identify themselves with a third party. This allows a rhetorical paradox that the controls are only for children, when they apply to adults too by default.
Orwell identified the genetic defect in the British genome 80 years ago.
And if you saw these media posts, I'm sure you'd agree with those arrests in majority of the cases.
>>It’s also a crime in the UK to offend someone.
Is that what American "news" tell you? Because it's absolutely not true.
I find they way that Peter Kyle and Jess Philips have dismissed privacy concerns about online surveillance particularly condescending.
Come the next general election they are going to be paid back for this.
(Oh, and I appreciate Signal speaking up and have just donated to them again for doing so).
Notice the same people will also talk during the daytime about morals and equality, while then conducting genocide in the evening.
It's also technically incoherent: the exact same kind of "surveillance" is already applied by every single phone, because that's how the Photos app (or whatever it's called on Android) searches for cat pictures based on the text "cat". I can't recall any Signal statements about cat recognition technology leading to "reporting people to government authorities".
The "cover-ups" link right in the beginning is a real mask-off moment though. This is not a measured statement informed by the reality of modern Britain. It's an American view informed by the twitter cesspool and divisive rhetoric of the far right. It's a real shame to see Signal falling so low.
[1]: https://signal.org/blog/private-contact-discovery/
[2]: https://signal.org/blog/secure-value-recovery/
MI5, MI6, and NCA are immune to Freedom of Information, and you cannot sue in open court; you can take it to the Investigatory Powers Tribunal, who will not even let your lawyer see the relevant information to the case.
Many criminals don't seem to care if they're being watched. They do still have an instinct of self-preservation, however.
"Privacy is dangerous" - i never said that.
Internet pseudonymity from other strangers on a public forum is very different from being anti-surveillance. I am not sure how you could equate the two.
I would have absolutely no problem if the state contacted HN to obtain my IP access logs and other identifying information if I were to post something illegal here. Expecting privacy from random internet users is not the same thing as demanding immunity from law enforcement.
Security cameras in public areas, I don't have a problem. Government mandated scanning software running on my PC, yeah, I have a problem. It amounts to a warrantless search.
> The government therefore wants Apple and Google to block nudity across the whole device by default, so they can only be deactivated via age assurance.
All smartphones and tablets will be required to detect and block adult content on the device. You can avoid it by showing photo ID, but it's bizarre that the default state should be to assume the user is not an adult until proven otherwise.
Article 1 of the ECHR guarantees that "every natural or legal person is entitled to the peaceful enjoyment of his possessions". "Until they show government ID" isn't in there!
Perhaps I'm jumping the gun to assume this will be used as a precedent to require on-device scanning for illegal content, and further extended from smartphones to desktop PCs. However, I'm not optimistic.
You don't need to show a government ID, I never did. Also, I trust Apple-mediated age verification with a single bit output to any vendor much more than a random B2B SaaS.
More generally, the backstop on abusing system is always political. It can't be just a passive immutable barrier with any variation seen as a slippery slope (see the US government just buying commercial intel on citizens). Our political system just saw two ~new national parties spring up in additional to already established three (plus national parties) and MPs revolting at a mild inconveniences to their constituents. We're alright.
In terms of everyday threats to my life, billionaires are a bigger one than criminals.
The cost is manageable as long as it's used for the right reasons and that the data is kept secure. The benefits of deterring violence outweigh those risks.
Billionaires may be a bigger threat but criminals are a threat nonetheless.
Two things that we have yet to be able to even reasonably ensure.
First of all, age verification is not mass surveillance, it is possible to verify your age without disclosing who you are to the site you're visiting, and without disclosing what site you visited to the government. There are even age verification services (and I do despise them fully, this should be a government provided service!) that use only facial features to determine your age (you can call it surveillance, but not "mass").
See, the thing is, no matter how good your intent is, no matter how noble your cause, if you use lies and half-truths to further your argument or resist change, it only serves to undermine it all. For example "They do not deserve surveillance," is so disingenuous, if a site is required to verify age, the only children whose age might be verified are those who might have been exposed to that harmful content otherwise anyways, they're not being selected for surveillance, no one is trying to spy on children (or could possibly benefit from doing so using this method, since it is so unreliable), but they're framing it as it is so.
This isn't like "DRM" or "the nsa is spying on everyone", and there is a big difference between Signal (how are they involved in all this? is this just opportunistic politicking?) being required to verify peer-to-peer messaging from a porn site or or a live-cam site for sex workers requiring both parties to be age verified (where children do get trafficked!!).
Don't get me wrong, I don't like the idea, i really hate it but the prevailing positions in areas of the internet like here is so irrational and unreasonable.
You can't flash your private parts at children, you can't take children to a strip club, they're required by law to check IDs (even night clubs are!!). if that same interaction happens on the internet, suddenly no age verification is needed?
Is it because this problem has been left unaddressed for so long that so many are just too used to "the old way of doing things" despite the ever increasing human suffering caused by lack of regulations and laws like this?
I hope legislators grow a pair and stand up to these tech-crusaders who will burn down the world so long as they feel their corner is safe and secure.
Shame on everyone who refuses to have a nuanced discussion on this and instead takes an all-or-nothing position against any sort of legislature that would reduce (not eliminate) the harm being done. To mean, such people are no different than catholics, teachers, administrators, and anyone else in a position to do something about harm against children but turned the other way because their little world would be too shaken otherwise. Hiding behind "mah privacy!!" doesn't absolve you of the responsibility to at least attempt to be nuanced about it, at least propose an actual solution instead of just "I don't what the solution is, but not this" or "parents are at fault, I don't care" or something lazy like that. I wish I didn't know that when it comes to their own interests, wannabe technocrats like these are ingenious in developing tech like homomorphic encryption, differential privacy and zero-knowledge-proofs; this isn't about anyone's privacy or mass surveillance, it's about preservation of the status quo, apathy and faulty slippery-slope fallacy thinking.
I can't believe people are really okay with a system where you have to show your real face to access websites. Cameras on phones went from a novelty to a government mandate so you can be observed.
There are various other potential methods to verify one's age, all of which are forbidden by OFCOM. Account age, zero-knowledge proofs, key signing, some kind of OAuth thing, physical tokens that require proof of age to buy, etc. The only permitted ones require your to link your real-life identity. This is a huge boon to the intelligence services and law enforcement.
Even among the few permitted verification methods, there are obstacles. Each site usually provides only one verification method at one verification provider. You may have to trust a company you never heard of before. Sometimes the photo fails (maybe their system thinks you don't look old enough) and they ask for ID too, or the photo fails and you are locked out of verification. Some services only allow credit card verification (e.g. Steam), so if you have poor credit you aren't able to even view the store page despite being of age.
What I say is, we don't need any of this. For thirty or so years we had client-side optional Parental Controls, and it worked fine. Many adult sites voluntarily use a <meta name="rating"> tag to ensure sites are correctly identified. The ability of adults to access adult content was not impeded. Parental Controls work better than verification because 1) many sites will not deploy age verification, and 2) it's trivial to overcome photo-based ID by holding your device up to a picture of an adult on a television set.
This is just not true. See 4.17 here, for example [1]
[1] https://www.ofcom.org.uk/siteassets/resources/documents/cons...
Then let's talk about THAT!! why is that not the discussion instead of "nah, we'll find a solution some other day, for now, let's not solve anything"??
> Even among the few permitted verification methods,
These laws are still being debated, what's permitted has not been decided, why is Signal not advocating for a privacy friendly alternative. Why are our options lose all privacy to the most horrible people ever who will do us harm versus let the children suffer!
> You may have to trust a company you never heard of before.
Why do I have to? Why can't the government itself issue something as simple as a timestamp CA certificate signature for a secret that expires every few weeks, requiring facial/ID verification directly with the government to generate a new secret? the site only needs to verify that the signature is correct. a signed token you show random sites. and this is the most naive idea i brought up for discussion without things like zkp even considered. Lawmakers aren't being told by the likes of Signal "there is a better way to do this, let's discuss" they're being told "ignore what all the scientists, research, law enforcement, social workers are telling you so we can watch porn in secret".
> For thirty or so years we had client-side optional Parental Controls, and it worked fine.
It absolutley did not work fine! the toll of human suffering is inexcusably abominable! I shudder in confusion between whose head i should rip off or why this damn planet hasn't been burned down to ashes already at the very thought of all that has been perpetrated using this technology. The internet multiplied and empowered many things, chief amongst them is human cruelty and apathy.
> For thirty or so years we had client-side optional Parental Controls, and it worked fine....
Save your breath, even amongst those who genuinely wish to do well, they have employees and user generated content they can't keep up with. There is no excuse for this. Forget about the tiny span in human history that is the past 30 years. How many people died of industrial accident at the begining of the industrial revolution, how many people died because of car accidents before all the car safety and traffic laws were in place. Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet. Just because you don't see it, doesn't mean it doesn't happen. The internet isn't special, it's just a tool, a technology that connects people. Except billions are connected, and now they can abuse and harm each other across national borders , timezones and continents and maximize their profit from it.
HN and tech-world in general is like any other industry that caused massive suffering until it was regulated. I keep making the same simple comparison of a stripper IRL vs live cam porn over the internet, and no one in this thread even wants to attack that simple example that I picked because it isn't overly sensationalized and universally accepted that laws should force strip clubs to check IDs in any country on the planet. I didn't bring up pedos, human trafficking, revenge porn and so much more in between. and that's just the sexual dramatic stuff, not the seemingly harmless stuff that is easier to brush away and dismiss.
People can see your face and make decisions when they interact with you IRL, they can't over the internet. The problem is huge and the fact that the internet has been young and unregulated does not excuse looking the other way.
I can't believe I'm defending politicians' (however ill intended) agendas against HN/tech-world. but here we are. If things progress this route, I would even cheer as everyone (self included) loses any semblance of privacy or democracy because the alternative was these masses keeping looking the other way at human suffering instead of finding sensible middle grounds, especially when the tech is there. This is insane to me! things crypto-bros (both kind!) have been trying to make main stream like zkp and homomorphic encryption and so much more can actually solve a critical fault of the internet, and the choice is to just let people suffer instead of risking a potential slipper slope.
Bare in mind we aren't banning the internet, just kids on social media.
> Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet
A billion people have died from.... the internet? Youve GOT to explain this one lol how exactly?
Man you're just reaching at this point... Should we ban telephones, and written correspondence also? You're hysterical
The problem with this whole thing is the expectation of privacy online for interactions where their IRL equivalents don't have such an expectation. Even if there was no harm being done to anyone, it isn't a rational argument if you subscribe to the ideal of equal treatment under the law.