For those unaware, PHK created (amongst other things) the MD5crypt password hashing algorithm ($1$…). It came before bcrypt (1999), scrypt (2009), SHA2crypt (2016), etc, and was committed in 1994:
To clarify: not MD5 itself. It was created in 1991 by Ronald Rivest. (It is my experience that knowledge of these things isn't as widely distributed as one might hope.)
I don't think age restriction will impact FOSS in the long term. If there are some regulations that threaten FOSS now, they are going to be adopted in the long term.
Regulations for age restriction are understandable. A lot of modern technology is harming kids (and I don't mean dirty videos, social media seems to be much more harmful).
A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
I don't see a point of including all kind of OS or software into this regulation. Just the ones that are preinstalled on consumer devices, and commercially distributed to consumers. Once the age of the user was confirmed, the devices should be able to become as open as we know them now.
I strongly disagree. There are no kids in my household, and no one else ever uses my devices, so the idea that I need to prove that I'm not a kid for me to be able to pay bills or file taxes on a stock device is ridiculous.
"Age restriction" can be implemented where stock devices are completely unrestricted. For example, just with better parental controls and education: children don't have access to property, so the parent takes their device and enables the parental controls, but you own your device so leave them disabled.
And this wouldn't affect Linux or FOSS: on a child's device their parent installs either a proprietary OS or a FOSS with parental controls, but again, on your device you install whatever you want.
That's not what the comment I responded to was proposing:
> Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
Having an extra hurdle before installing Linux would be an awful secondary effect for this type of regulation independent of whether the check itself is already objectionable (which I always obviously think it is, although obviously plenty of people also don't)
Is anyone proposing age verification to file taxes? I'd hope you already have to provide some sort of stronger proof of identity to file a tax return anyway.
That's exactly my point; websites that already have absolutely no threat from having kids access them are literally unavailable due to the operating system put up a block that isn't necessary due to a hypothetical kid using the device to access an entirely different hypothetical website. The regulation is absurdly overbroad for what it's trying to actual protect against.
> A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
If you think that this statement is too broad for this thread, I don't understand why you only have issue with my direct response to it. It seems like your issue is with the parent comment I replied to for not being on-topic enough.
I don't understand what's hard to understand. Regulation that affects people and devices that have no risk of being used for the purported thing that's supposed to be protected against is not well-scoped.
Obviously if the government knew that you had no kids, they wouldn't need to check it. How do you propose they find out, without asking you to prove it?
> A sensible regulator would leave some responsibility to the parents
(Speaking as a parent of three) why can't we just leave all responsibility to the parents? In our experience in the offline world it seems this applies!
I speak as someone who's taken each of my three children - for two of them, multiple times - to the emergency room to be treated for broken bones incurred in the course of Real Life[tm].
Yes, they play contact sports.
Yes, we use Family Link with pretty restrictive settings.
Despite the series of broken bones, I'm still in favour of kids playing sports and still dubious about the effect of screen time on young minds...
> (Speaking as a parent of three) why can't we just leave all responsibility to the parents?
Then I'm sure that you appreciate that there are both legal and informal checks in place ensuring that you can take responsibility for your children in the offline world. For example: I would be surprised if your children were able to play organized sports without your permission. Failing to ask for permission would deny you the responsibility of protecting your child as you see fit.
You don't need to show your ID to go into the store and buy something else though, so why would this provide any sort of precedent for "you can't use the internet for literally anything on this device without proving your age"?
In many areas, this is left up to the parents - minors can't buy alcohol at stores, but parents are legally allowed to give alcohol to their children to drink.
I think the distinction the comment is drawing is about the legality of it not the practical feasibility .
It would be illegal under the currently proposed
/implemented laws and also open up social media to liability, which wouldn’t be true for other products like Alcohol or fire arms that require minimum age to buy but not give to children
An analogous good implementation of age restriction is that one must show their ID to buy an unrestricted device if they look too young.
They can't be tracked, as long as the devices are in randomly sorted identical boxes. Of course someone can buy a device and give it to a kid, but that's already possible with alcohol (and legal if it's their kid).
>why can't we just leave all responsibility to the parents?
because we don't live in a 15th century peasant village. The average adult reads at a 7th grade level, 20% of adults are considered functionally illiterate, most adults can't navigate digital spaces, privacy and social media themselves or take on trillion dollar companies.
This also hasn't applied in the offline world since idk, Kant and Hegel, every modern state recognizes that children are persons and citizens in development, not private possessions. If your children have broken bones you can't explain or your parenting is considered to threaten the welfare of your child you can be pretty sure you'll have the authorities at your door quickly, and countries like France have given children the right to sue their parents in case they breach their digital privacy. So called 'sharenting' laws exist because it's not guaranteed that parents are even respecting the privacy of their own children.
I think legislation could quite sensibly require OSes and browsers to have easy to enable well-integrated parental controls (which mostly already exists). Browsers could voluntarily send "I'm a child" flag, if you want to make it every website's problem.
But the current legislation is stupid. Treating toddlers like hackers, and forcing every website to deanonymize users. It is so backwards, that it's hard to believe it's not done on purpose as the first step to ban anonymity and strictly control all online access. In the UK of course they're already talking about having a VPN ban, because the hacker toddlers are learning how to mask their IP addresses.
I think a reasonable way to divide up responsibilities would be identify child-locked devices, not people. It should be trivial for a website to identify a device with a child lock turned on. Then it's up to parents to make sure their kids get a child-locked device. Manufacturers can make it easy to turn on, and society can help by not selling devices to kids without a child lock turned on.
It won't work against a determined teen (too many unlocked devices out there), but it doesn't have to work perfectly to change the culture that most kids have to deal with.
This is part of the very sensible Digital Age Assurance Act that is currently the law in California. It prohibits facial recognition, but requires each device to have a child lock. FOSS can implement this no problem.
What disconnects this discussion from reality, and maybe causes questions like “why don’t they just do it this way”, is the assumption that this is really only or even mainly about age verification and “protecting the children”.
The reason it’s not done “this way” or “that way” even when those are objectively better ways to achieve the stated goal, but rather in an unexplainable way broader way is because the goal is broader that that and age verification is just the tip of the spear. The rest of it is laying the groundwork for a framework to control the freedom on the internet by linking identity to speech and action.
Look at what solution is implemented to decide what problem is it supposed to fix, otherwise you’re just looking at the smoke and mirrors.
Not that every state and country is on board with this, but it’s getting a lot harder to maintain the pressure to keep these initiatives down. Every time they get pushed one step forward it’s that much harder to regain that ground.
> A lot of modern technology is harming kids (and I don't mean dirty videos, social media seems to be much more harmful).
If that's all we want then that's trivial -- just make certain phones that don't have access to social media, or have whatever limitations enforced. And kids only get those phones. I don't think anybody's addicted to desktop social media.
This gets us the privacy and the protection at once.
That's how the California act works, but we lumped it under "age verification" anyway. If you have to select whether the device is for someone over or under 18 in a drop-down menu, apparently that's "age verification"
Age restriction is a convenient political trope to get verification of humanity in the door. People can get fired up about it, argue about "think of the children", preserving anonymity on the Internet, supported platforms for government-mandated verification apps, etc, and completely miss the underlying purpose.
Adtech companies rent human attention to their Customers. Autonomous agents are an "adulterant" in the adtech company's stock of "raw material". Their Customers don't want to pay for ad impressions to autonomous agents, therefore the agents must be filtered out. A stock of "proven human attention" to rent is what they need.
So, we have "think of the children" campaigns because they're an easy sell to the public. This is just an early step in the escalating war against people putting their "identity" into the hands of autonomous agents. (I assume we'll have devices measuring biometric feedback in the future, all wrapped-up neatly in attestation.)
The sensible regulation would be aiming at socially harmful features of tech, not forcing people to provide proof of identity to a third party in order to continue harming themselves with the same exact features.
Imagine if such an approach was taken to, for example, food safety? Instead of closing down a restaurant that has poor hygiene, you'd be instead horce the restaurant to hire a private security contractor to check people's IDs to verify that they are old enough to consent to getting a foodborne illness. That's an absurd approach.
The stuff I've seen on this doesn't look terribly convincing. It seems to mostly be along the same lines as saying that since some people get bullied or hang out with a bad crowd, socializing in general is harmful.
Oh it's so nuanced and hard to parse that he's arguing for compromise.
The trouble is, compromise isn't really a tenable option with encryption. Either you make a draconian law that forces all electronic devices to run approved software only, or people will have access to easy encrypted messaging. There's really no middle ground, because where the smallest weakening of encryption affects everyone's privacy, only outlawing encryption completely will get it out of the hands of criminals. The cat's out of the bag.
Author here and in earlier writing seems to make the argument that a little compromise would make the courts less unhappy, but I think that's misattributing motivation.
These laws actually are originated by big tech, who think they will be shielded from liability and make more money off of selling your data. https://github.com/upper-up/meta-lobbying-and-other-findings
> make a draconian law that forces all electronic devices to run approved software only
That would outlaw programming. It's just not feasible at all, anyone with any kind of tech literacy understands that encryption is here to stay. It's also necessary for the web to function at all for the things we use it for, such as banking.
There is no way to prevent people from communicating in secret. Even if they did strictly control digital communication people would just communicate some other way.
I detest this writing style, where you assert arguments you don't actually believe in and know are in bad faith, in that sniveling "prove me wrong" tone, to provoke some kind of reaction.
Well, mission accomplished, reaction provoked. I'm not going to read this multiple times. I'm going to fire off this comment and remove it from my brain forever.
And please remember that Poul-Henning is an old-hat and well respected in the field, he's also not a product of American culture. Consider that he might have some useful insight that covers some blindspots your particular culture might not.
I struggle with this because the author is lumping FOSS and "tech bros" together as taking the blame for what a handful of large corporations have done, and thinks that our punishment is what those large corps are lobbying for. It seems like an argument that this is a necessary evil to protect the kids - despite admitting that this is not the real reason for the laws - and then says that those of us who care about privacy are either very rare or "mythical".
"LLM-assisted code review won't be a huge disruptor" is quite the prediction. Because it already is in a very big way. The take on LLMs seems incredibly out of date and out of touch with reality. (Which of course, has moved/advanced very fast the past months/year)
I’m not exactly sure but I think he’s implying the AI labs aren’t profitable on inference? And that once the bubble pops those models won’t be available anymore? Just my assumptions
Did you continue reading? His argument is exactly that, like all the previous model checkers, LLM's are going to give us some bugs for a while. Then that is going to stop.
His argument is not that they aren't going to find any bugs, but rather that at some point those bugs will be fixed. At which point we will continue on as usual.
The question is whether the balance of white-hat and black-hat LLM bug findings gives us a different enough result from the previous balance of white-hat and black-hat human bug findings to constitute a major disruption.
That wasn’t the question. The question is how LLM code review is a huge disruptor. What is it disrupting? At best, with regard to code review LLMs just solve the problems that LLMs create.
I did, his argument is that we've already discovered ~50% of all bugs discoverable by LLMs.
I'm treading lightly after you said "did you read it" to OP, I do believe we both understand that argument isn't nearly air-tight. (i.e. it implies either humans get so good at code that bug-introduction-rate falls percipitously, or, LLMs are so awesome they write all of our code bug-free. Neither of which jives with the thesis, that LLM code review is a nothingburger long term)
The best steelman we could say is "he meant 50% of all existing bugs in all currently existing code", which is still incompatible with a time-bound on their usefulness, unless we expect the rate of new code to fall percipitously.
The steelman I'm using, is they're speaking both loosely and strongly and intend us to understand these are strong opinions, held loosely, and they care for us enough to share.
> my personal guess is that the opportunities for anonymity on the Internet will shrink until mothers no longer are forced to have “the talk” when their daughters get their first mobile phone. As the parent of a daughter, I am totally on board with that.
depends on the age but.. they've probably discovered all kinds of shit already or heard about it from others
I don't think he was talking about "the birds and the bees"-talk, but about the "some random men will send you unsollicited dick pics just because you're a girl"-talk.
The attitute expressed in the quote, "until mothers no longer are forced to have 'the talk' when their daughters get their first mobile phone," is both wrong in its assumptions and dangerous for its well-known consequence: the enabling of petty tyranny. Forced, indeed.
There will never be a world populated by humans in which you do not need to have numerous talks with your children about the nature of humans, especially humans they do not know and cannot trust, and about the technology those other humans know how to use. Saying you are forced to do so on account of some particular new technology is like saying you are forced to provision food for yourself on account of this newfangled capitalist system... As if needing to provision food for oneself were not a state of affairs dating back to the dawn of cellular life. And as if the uglier parts of human nature emerge from the smartphone and do not in fact date back to the dawn of humanity as a species.
Demanding everyone on the Internet show their papers to the government so that the author can hand their teenage daughter a free, always-networked pocket computer plus microphone and video camera without having to think about any related risks is an attitude repugnant for its laziness, its entitlement, its delusion, and most of all its contempt for the freedoms of others.
> In comparison, tech sisters advocating for an absolute right to privacy seem to be a very rare, and maybe mythical, species.
Ever heard of Meredith Whittaker?
> We could have designed our protocols to be minimally compatible with “a nation of laws,” but the tech bros insisted that compromise was treason, and, as a result, we will lose more privacy than necessary.
This has to be a joke. There's private, and there's not private. There is nothing in between. This is not about tech bros. This is about guiding principles, about personal liberty, and about freedom from tyranny.
> It may not quite be a law of nature, but my personal guess is that the opportunities for anonymity on the Internet will shrink until mothers no longer are forced to have “the talk” when their daughters get their first mobile phone.
In addition to "the talk" guess what else they won't be forced (or allowed) to talk about? Political dissent.
This chunk of the article is both sexist and defeatist. Now to read the rest.
I finished the article. My own bad prediction: If FOSS "dies" it will continue to thrive in 3rd world countries, where no one bothers to administer punishment for the heinous crime of not letting your government's LLM read every word you type. The 1st world will ignore all this until it becomes apparent that the (former) 3rd world countries are suddenly in a position to economically surpass everyone else, and at that point the wise will see that their desire to keep a stranglehold on online activity was actually a bad idea that allowed their dominance to wane and wither.
> the weights of the model—which you have to sell many million times over before you turn a profit—easily fits on contemporary pocket-sized storage devices.
Which model is this author talking about? Which pocket-sized devices? Where can I get them? No one is using Gemma 4 to find cybersecurity issues.
Edit: there are a lot of sentences that I can't distinguish from sarcasm in this article. I guess I read it too seriously.
I make this point pretty much every time I comment on this subject and it's generally downvoted. It's more than one, but one may be the most obvious. The social media and big tech companies made their bed here. They want to operate as if they have no social responsibility and just blame all the bad stuff on users and parents. This was never going to fly over the long term.
This is a very strange read. If that was posted on a random blog, I would have dismissed it. I didn’t know that that cell (anti tech bro, anti big tech, pro age verification laws) in the alignment chart is populated by actual people. And by intelligent people even.
Also the fact they call it “age verification” when they clearly build an identity verification and we just accept their language is crazy.
I am anti big tech, that's why I support the California digital age assurance act, it pre-empts things like persona by saying that a simple checkbox is age verification.
He acknowledged the LLM tools are useful, and ponder on the economic viability. I don’t see something that seems to say he doesn’t like AI? he seems to be mostly a critic of AI boosters
He really seems to think he made some deep insight on the "bubble" that he seems so confident about.
> So, it is not obvious to me who will be training new iterations of these models once the current bubble explodes, in particular if the returns are diminishing the way I have experienced.
It looks like he has no clue on how market equilibriums work. He really seems to think LLM's will just like.. stop existing.
So in their world, people would suddenly realise that AI is actually not that economic and we can't have Opus 4.8 quality models just with updated knowledge cutoff perpetually. So in his future, things won't just stall, they will literally go back.
He's really putting his emotional weight on this particular kind of future.
Either that or he's making nebulous emotional claims - its his blog so he can do it.
I think the mechanism is that ACM has a certain archetype of "bro" self selected into the group. They all have similar views like hating big tech, loving FOSS, pro government regulation and so on. The author probably fills a gap of a priest. This publication itself needed a priest to do the sermon and who better than the author. He touches on all the points of interest here and there and keeps everyone satisfied.
At least, this is what I have come up with because this blog is mostly incoherent blabbering.
This whole thing can be reduced to "think of the children", see the literal example around paragraph ~30. I'm not sure I've ever seen anyone try so hard to equate being pro-privacy with being pro-crime.
> When Edward Snowden revealed that Somebody Important had been taking an interest after all, the tech bros, who had grown up free of adult supervision, felt betrayed and started a campaign to encrypt everything and anything so that prying eyes could never again look them in the cards.
TIL: Phil Zimmermann was a "tech bro" and had a time machine.
"We could have designed our protocols to be minimally compatible with “a nation of laws,” but the tech bros insisted that compromise was treason, and, as a result, we will lose more privacy than necessary"
Unfortunately, no, you can't have a prophilactic that just makes you a little bit pregnant. We used to know this.
It’s interesting to claim that the ‘tech bros’ oppose hardware attenuation and age verification when this will massively benefit them; everyone will be forced to use their operating system and the government will have exercised its power to protect Microsoft’s god-given right to make money, Peter Thiel’s age verification startup’s ability to collect people’s data and their ability to trace the identity of any critics through identity-based age verification.
That’s why large tech companies are lobbying in favour of this!
Lol this feels trite to say, but tech bros are not ideologically homogenous. You and the author are mixing up different people commonly identified as tech bros.
There are some incredibly strange equivalences going on in here that make me think the person in question is indeed quite out of date.
The people pushing for the destruction of privacy and attested software integrity ARE the tech bros. I'm sure there are people here that will vehemently disagree with me, but we see the biggest tech companies pushing for age verification and we see founders and rich folk gleefully giving up their earlier pro-privacy stances in favor of supporting locking down identity. They're building up their moat in real time because not only does it let them kill that pesky FOSS, but also it means they can legally gather even more data from individuals in question.
It also goes hand-in-hand with the increasingly authoritarian bent a lot of those same people have taken and these resources will absolutely be used to crack down on minorities and things they don't like.
I think your head would have to be firmly planted deep underground to somehow not connect the two dots. As another poster here said, they're literally lobbying for these age verification laws because it benefits them.
> Right now, there is a LOT of shrill propaganda from the tech bros, who call themselves “privacy advocates,” about how mandatory age checking is the gateway drug to comprehensive identity checks on the entire Internet, and ridiculing the valid civic concerns governments are trying to address as merely “think of the children” strawman arguments.
Oh, it’s not a slippery slope. It’s a single step: age verification IS identity verification, and it abolishes anonymous publishing on the internet, allowing on day one for violent retaliation against political speech.
If you think that authoritarian governments won’t be abusing this instantly, you are sorely ignorant of history.
I don’t even know which party he champions. There is no pro-privacy party in America. That quote can come from either side of the establishment. Both increased surveillance.
None of the ones you're thinking of. PHK is Danish. Danish politics and society at large leans pretty left. Even what you might call the rightwing party there consider themselves as bourgeois-liberal, or "not-socialist". The farthest they'd generally position themselves is center-right.
Except for shit like Stram Kurs, which nobody really supports or tolerates.
> During the past couple of decades, rampant neoliberalism and “globalism” allowed the U.S. tech industry to capture almost the entire European IT market, including all “social media.” This has recently proved to be a ghastly mistake, and now the EU, along with its member states and companies, are scrambling to claw back their digital sovereignty.
This is not a partisan political statement, it's a factual one. It is simply a statement of fact that neoliberal world markets have permitted hyperscalers to cross national boundaries and provide the same services at scale to governments worldwide, and like, without even going into any U.S. politics at the moment, isn't that... really weird? Like many EU governments had essentially put their ability to function as states in the hands of a foreign actor. That's WILD.
> And before you ask: Yes, I’m laying this one squarely down before (and partly on the toes of) the tech bros: We could have designed our protocols to be minimally compatible with “a nation of laws,” but the tech bros insisted that compromise was treason, and, as a result, we will lose more privacy than necessary.
Ah, the famous “maybe if I take a step back they’ll appreciate it and not push harder”. Or maybe it’s “if I give the leopard my face maybe it spares my body”.
I’ll let reality speak for itself: look no further than Stingrays and every bit of legal abuse they enabled, where innocent people are spied on in bulk with flimsy excuses. How well did it work out when the protocol was already maximally compatible with laws?
There’s no “minimally compatible”, you either have the privacy technically guaranteed or you don’t. If it’s technically allowed to breach it, it will soon be done as a matter of routine under the guise of “protecting”, “preventing”, and so on.
So in the end we didn’t lose anything, what we did was we gained a short period in which we could all taste that freedom. If we used your proposal nobody would have had even that to begin with.
This logic would have been easier to forgive if it came from youth and inexperience, from someone who never got to know about the endless abuse of surveillance that was inflicted indiscriminately on everyone.
> I promised myself I would never join their ranks.
A wasted opportunity, missed by at least 1 article :).
I also found the compromise bit of the article strange
The minimally compatible is what existed before. The Snowden leaks showed that the Government, and not just the US government, would abuse the shit out of that for mass surveillance.
So now privacy advocates no longer trust that such a compromise can exist
It’s strange that the author both recognizes that the Government broke the social contract and then says privacy advocates should just keep trusting them in the same article
A working solution can forestall a worse one. Because of the age verification law in California, which is very explicit that you only need a device-wide checkbox, nobody can use the argument that they need a passport scan to comply with the law.
We’ve had the “compromise” solutions forever before the harder stance tech took on privacy in the last few years, and governments abused them into oblivion. Every time the tech allowed it, it was legally abused and applied much wider than initially promised. This isn’t just about age verification but also encryption.
Every time you step back, the opposing force advances one step and soon you’ll have the same discussion again except from an even weaker position. Do you really think that once the framework is in place everyone will forever be content and not push for the next step?
Like the author, you are advocating for the “small backdoor”. Or like another commenter put it, the prophylactic that only gets you a little pregnant. There’s no such thing.
This. Author does talk about a lot of facts but seems very defeatist wrt whether an anonymous, encrypted internet can be preserved.
I do recognize their point that it's been made very hard to catch and prosecute cyber criminals. I think there are ways to improve that that don't destroy the privacy of everyone. But if that's the real goal, why isn't it the big pitch line of the Parent's Decide Act?
I guess tech has grown too large and fractured and maybe most working software engineers are too young to be familiar with phk and his points of view.
He's been a strong privacy and FOSS advocate for decades and has more credibility on both of these topics than nearly anyone on this board.
He also has an account and comments frequently. phkamp. I suggest reading some of his comments before making judgment.
So many kneejerk and nuance-less opinions. Absolutely hilarious that people are thinking the guy who wrote MD5crypt and BSD Jails is anti-privacy.
Also eye opening watching how many people are getting frothing-at-the-mouth mad seeing somebody with that pedigree coming to different conclusions than they do.
Sadly, after the 2024 anti-E2E-messaging piece[1] I do in fact think he’s pretty anti-privacy overall. Perhaps calling that pro-regulation is more correct, but my (non-American) experience over the last, say, twenty years does not include literally a single piece of regulation that traded privacy for more government control (however reasonable) and went well, so, same difference. Accomlished hacker holds some wrong-to-downright-harmful political opinions; wouldn’t be the first time.
Wow, re-read the fine article. He was NOT stating that he wants the outcome you think. He is afraid it is going to happen because the younger generation has no clue or ability to maintain FOSS.
(just to be clear, my post was just to point out that the article is very difficult to make heads or tails of. it's easy to misinterpret a lot of the points many different ways! kind of like they're being overly implicit with the expectation that everyone'll know what they mean. it's something I do too and my way of cutting through it is to cut my writing in half and focus on clarity over mystique)
Sigh. Just because you don't understand why something is confusing to someone doesn't mean it isn't confusing. That's literally the point I'm trying to make. I'm glad it wasn't confusing to you.
It's not anti-privacy to point out the obvious that privacy-advocacy is sometimes at odds with governments and the will of voters at large.
Privacy is being abused by criminals to victimize people at scale. Just because privacy is a moral good doesn't mean you are morally off the hook for enabling criminals.
Governments are so aware of this they're passing sweeping laws against it. This is your new reality -- you can't just bury your head in the sand. The whole point was saying that there could have been a middle ground that protected more of your rights than where you're at now if it weren't for the absolutism.
Age verification is not the will of the voters. It is the will of large political donors (specifically tech companies and religious censorship groups). It is certainly not the will of adult citizens who use adult websites, who have overwhelming shown in their usage patterns they will abandon any website that tries to do age verification.
Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
Just for those who aren't aware, most of the recent push for these laws has been bankrolled by Meta. They wish to avoid legal responsibility for their attacks on democracy and human health by convincing governments that people don't need any right to anonymous speech, and thusly free speech, as much as Meta needs to not have to pay moderators.
Nobody wants age verification (except Zuck), but most people want children kept away from social media, and nobody's suggested a better option. Why haven't we suggested a better option? Well it's because we called the whole thing authoritarianism and refused to get involved.
You know who didn't refuse to get involved? Larry Ellison, Peter Thiel, Mark Zuckerberg. They made suggestions to governments about how to solve this problem, and the best proposed solution was adopted and made the law.
Please provide citations regarding public support for age verification. Surveys show majority support, for dating sites, social media, adult content, and sports betting.
> Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
This opinion is not grounded in data and facts. If this was true, we would not be here. But we’re here because parental controls are insufficient, the vast majority of parents are just hanging in there getting their kids to adulthood.
The real single-parent capital of America - https://news.ycombinator.com/item?id=42867716 - January 2025 ("The places with the most single parents tend to be, to put it bluntly, struggling. The strongest predictors of single parenthood are high poverty rates and high shares of the population receiving government assistance." [There are ~13.6M single parents in the U.S. raising over 21M children. This means single parents head roughly one in three households and approximately 34% of all U.S. children live in a single-parent family.])
> When stress is severe or prolonged, it can have a deleterious effect; 41% of parents say that most days they are so stressed they cannot function and
48% say that most days their stress is completely overwhelming compared to other adults (20% and
26%, respectively).
> Nearly 70% of parents say parenting is now more difficult than it was 20 years ago, with children’s use of technology and social media as the top two
cited reasons.
> Recent data from 2021-2022 indicate that among parents, 23.9% (or 20.3 million) had any mental illness and 5.7% (or 4.8 million) of parents had a serious mental illness.
> Lastly, many other caregivers assume primary
caregiving responsibility when parents cannot, thus
acting as a critical safety net for children. In recent
years, there has been a notable increase in such
individuals taking on caregiving responsibilities
for children, with approximately 2.4 million
children being raised by grandparents, other
relatives, or family friends, without their biological
parent(s) in the household.
(fertility rates continue to collapse though, so hopefully this problem continues to decline over time, only time will tell; 40% of annual pregnancies in the US and internationally are unintended, per the Guttmacher Institute and the UN, respectively)
Charted: How American Households Have Changed Over Time (1960-2023) - https://www.visualcapitalist.com/how-american-households-hav... ("A record 58.4% of American households now consist of married or single adults without children. Only 25.3% of American households contain children.")
The laws not stopping the criminals isn't the point. People are calling on their governments to do something and thus governments are going to do what they are going to do.
It's a mix of what they can do and what they're likely to do. They just have to be able to go back to voters and say they're doing something.
If you think that the fact that they did the wrong thing is an argument for not doing anything, you clearly are blind to politics & history.
And age verification being the wrong solution to the "privacy problem" doesn't remove privacy from lawmakers' crosshairs.
Governments can make effective laws, you know. There are tools that can solve this. Parental controls, separation of peer-to-peer communications from algorithmic feeds. The lawmakers are old, tech-illiterate people. You can tell them that a private Minecraft server is illegal and they will believe it.
Yep. For example on Instagram DMs, which is why Instagram abolished E2EE, and we all went into an uproar.
Also on Discord and Roblox, they are apparently the biggest platforms for this, but they're not E2EE anyway, they're just hiding it because their executives like what's happening.
Gotta disagree. The encryption part needed to happen: without it, there's just too much opportunity for governments to intercept unencrypted traffic and abscond with it. We saw that occur with Snowden, and with programs like MUSCULAR in particular.
I don't think it's that encryption was harmful, it's that it wasn't enough, and in a sense I agree with TFA & the Sun Tzu bit: it needed to be complemented by legislation that added decent privacy protections, and it largely wasn't. That was a mistake, I suppose, but the current political situation, esp. in the USA, disfavors privacy regulation getting done, ever. The Democrats are … maybe spiritually for it? … but not terrible effectual at getting it done; Obama's response to Snowden was "meh" at best, and Congresspeople, in particular Feinstein especially, let the DNI walk all over her. The GOP has no interest at all in regulating corporations, at all, ever, so with the House/Senate/POTUS all (R) at the moment, it's going to be until at least Nov before it is possible to even think that these might get addressed, and even that's … generous, and I won't be holding my breath for it to occur.
Stuff like what we saw in another thread today — with LG wantonly installing spyware — and things like Flock would have happened in addition to network intercepts; they are not happening instead of. Corporations and the government will do whatever the People permit them to get away with.
The guy’s logic is “if only we had allowed a small backdoor from the start they wouldn’t be forced to install a large backdoor now”. Other technologies that were open to the law were endlessly abused for surveillance.
His theory is bunk, there is absolutely no middle ground to be had with the people who want a backdoor. There are no small backdoors.
What do you consider a backdoor though? Saying that devices must have parental controls isn't a backdoor. Saying that devices must scan your ID is a backdoor to break anonymity, but is he saying that?
If we had parental controls that actually worked it would forestall any talk about ID scanning because parents could just enable parental controls.
yeah - once regulators come into play - the private ecosystems take over. discord is already a precursor to this.
the era of mass public social networks will come to the end. next it will be just private networks of individuals. likely the won't interact.
how the dynamics play out - I don't know - but if you study history - you will know what behaviors will happen.
* https://svnweb.freebsd.org/base/head/lib/libcrypt/crypt.c?re...
* https://github.com/freebsd/freebsd-src/commit/3b2b7f71deba2a...
* https://phk.freebsd.dk/sagas/md5crypt/
* https://en.wikipedia.org/wiki/Poul-Henning_Kamp
[0] https://en.wikipedia.org/wiki/Floyd%E2%80%93Rivest_algorithm
What qualifications does phk have that are relevant to the current subject?
Edit: oof, sorry, touched a nerve there
Regulations for age restriction are understandable. A lot of modern technology is harming kids (and I don't mean dirty videos, social media seems to be much more harmful).
A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
I don't see a point of including all kind of OS or software into this regulation. Just the ones that are preinstalled on consumer devices, and commercially distributed to consumers. Once the age of the user was confirmed, the devices should be able to become as open as we know them now.
And this wouldn't affect Linux or FOSS: on a child's device their parent installs either a proprietary OS or a FOSS with parental controls, but again, on your device you install whatever you want.
> Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
Having an extra hurdle before installing Linux would be an awful secondary effect for this type of regulation independent of whether the check itself is already objectionable (which I always obviously think it is, although obviously plenty of people also don't)
> A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.
If you think that this statement is too broad for this thread, I don't understand why you only have issue with my direct response to it. It seems like your issue is with the parent comment I replied to for not being on-topic enough.
How do I propose the government know if I have kids? I'm pretty sure they already know that I don't?
(Speaking as a parent of three) why can't we just leave all responsibility to the parents? In our experience in the offline world it seems this applies!
I speak as someone who's taken each of my three children - for two of them, multiple times - to the emergency room to be treated for broken bones incurred in the course of Real Life[tm].
Yes, they play contact sports.
Yes, we use Family Link with pretty restrictive settings.
Despite the series of broken bones, I'm still in favour of kids playing sports and still dubious about the effect of screen time on young minds...
Then I'm sure that you appreciate that there are both legal and informal checks in place ensuring that you can take responsibility for your children in the offline world. For example: I would be surprised if your children were able to play organized sports without your permission. Failing to ask for permission would deny you the responsibility of protecting your child as you see fit.
> why can't we just leave all responsibility to the parents? In our experience in the offline world it seems this applies!
It would be illegal under the currently proposed /implemented laws and also open up social media to liability, which wouldn’t be true for other products like Alcohol or fire arms that require minimum age to buy but not give to children
Also give it to your kids too often and the state can step in.
Defense in depth
They can't be tracked, as long as the devices are in randomly sorted identical boxes. Of course someone can buy a device and give it to a kid, but that's already possible with alcohol (and legal if it's their kid).
I bought a beer yesterday and shared it with our 16 year-old, and I shared some wine with him this evening.
How does that not come under "parental responsibility"?
because we don't live in a 15th century peasant village. The average adult reads at a 7th grade level, 20% of adults are considered functionally illiterate, most adults can't navigate digital spaces, privacy and social media themselves or take on trillion dollar companies.
This also hasn't applied in the offline world since idk, Kant and Hegel, every modern state recognizes that children are persons and citizens in development, not private possessions. If your children have broken bones you can't explain or your parenting is considered to threaten the welfare of your child you can be pretty sure you'll have the authorities at your door quickly, and countries like France have given children the right to sue their parents in case they breach their digital privacy. So called 'sharenting' laws exist because it's not guaranteed that parents are even respecting the privacy of their own children.
I don't mean to be combative about this but
1) do you have children and 2) if yes, how many times have you taken your child to hospital with a broken bone
I have (unfortunately) got a certain amount of experience with this, and I'm not sure it works the way the uninitiated may think it does.
But the current legislation is stupid. Treating toddlers like hackers, and forcing every website to deanonymize users. It is so backwards, that it's hard to believe it's not done on purpose as the first step to ban anonymity and strictly control all online access. In the UK of course they're already talking about having a VPN ban, because the hacker toddlers are learning how to mask their IP addresses.
It won't work against a determined teen (too many unlocked devices out there), but it doesn't have to work perfectly to change the culture that most kids have to deal with.
The reason it’s not done “this way” or “that way” even when those are objectively better ways to achieve the stated goal, but rather in an unexplainable way broader way is because the goal is broader that that and age verification is just the tip of the spear. The rest of it is laying the groundwork for a framework to control the freedom on the internet by linking identity to speech and action.
Look at what solution is implemented to decide what problem is it supposed to fix, otherwise you’re just looking at the smoke and mirrors.
Not that every state and country is on board with this, but it’s getting a lot harder to maintain the pressure to keep these initiatives down. Every time they get pushed one step forward it’s that much harder to regain that ground.
If that's all we want then that's trivial -- just make certain phones that don't have access to social media, or have whatever limitations enforced. And kids only get those phones. I don't think anybody's addicted to desktop social media.
This gets us the privacy and the protection at once.
Adtech companies rent human attention to their Customers. Autonomous agents are an "adulterant" in the adtech company's stock of "raw material". Their Customers don't want to pay for ad impressions to autonomous agents, therefore the agents must be filtered out. A stock of "proven human attention" to rent is what they need.
So, we have "think of the children" campaigns because they're an easy sell to the public. This is just an early step in the escalating war against people putting their "identity" into the hands of autonomous agents. (I assume we'll have devices measuring biometric feedback in the future, all wrapped-up neatly in attestation.)
Imagine if such an approach was taken to, for example, food safety? Instead of closing down a restaurant that has poor hygiene, you'd be instead horce the restaurant to hire a private security contractor to check people's IDs to verify that they are old enough to consent to getting a foodborne illness. That's an absurd approach.
The stuff I've seen on this doesn't look terribly convincing. It seems to mostly be along the same lines as saying that since some people get bullied or hang out with a bad crowd, socializing in general is harmful.
Do yourself a favor and read this, a few times, and take a moment to actually try and see what the author's getting at.
The trouble is, compromise isn't really a tenable option with encryption. Either you make a draconian law that forces all electronic devices to run approved software only, or people will have access to easy encrypted messaging. There's really no middle ground, because where the smallest weakening of encryption affects everyone's privacy, only outlawing encryption completely will get it out of the hands of criminals. The cat's out of the bag.
Author here and in earlier writing seems to make the argument that a little compromise would make the courts less unhappy, but I think that's misattributing motivation. These laws actually are originated by big tech, who think they will be shielded from liability and make more money off of selling your data. https://github.com/upper-up/meta-lobbying-and-other-findings
That would outlaw programming. It's just not feasible at all, anyone with any kind of tech literacy understands that encryption is here to stay. It's also necessary for the web to function at all for the things we use it for, such as banking.
There is no way to prevent people from communicating in secret. Even if they did strictly control digital communication people would just communicate some other way.
Well, mission accomplished, reaction provoked. I'm not going to read this multiple times. I'm going to fire off this comment and remove it from my brain forever.
> Just on that repeated experience, I suspect we have already seen more than half of the “worst software bugs found with LLM-tools” list.
On the other hand, it’s not clear to me how you think that it already is “in a very big way”.
> The only real question for me is: Are the LLM-code-review tools economically viable outside the bubble?
Now that's quite a prediction.
His argument is not that they aren't going to find any bugs, but rather that at some point those bugs will be fixed. At which point we will continue on as usual.
This part is the load bearing claim. Why would you continue on as usual? I'm using LLM's everyday on code reviews and they still catch bugs.
I'm treading lightly after you said "did you read it" to OP, I do believe we both understand that argument isn't nearly air-tight. (i.e. it implies either humans get so good at code that bug-introduction-rate falls percipitously, or, LLMs are so awesome they write all of our code bug-free. Neither of which jives with the thesis, that LLM code review is a nothingburger long term)
The best steelman we could say is "he meant 50% of all existing bugs in all currently existing code", which is still incompatible with a time-bound on their usefulness, unless we expect the rate of new code to fall percipitously.
The steelman I'm using, is they're speaking both loosely and strongly and intend us to understand these are strong opinions, held loosely, and they care for us enough to share.
depends on the age but.. they've probably discovered all kinds of shit already or heard about it from others
I fail do imagine what kind of world is he implying.
There will never be a world populated by humans in which you do not need to have numerous talks with your children about the nature of humans, especially humans they do not know and cannot trust, and about the technology those other humans know how to use. Saying you are forced to do so on account of some particular new technology is like saying you are forced to provision food for yourself on account of this newfangled capitalist system... As if needing to provision food for oneself were not a state of affairs dating back to the dawn of cellular life. And as if the uglier parts of human nature emerge from the smartphone and do not in fact date back to the dawn of humanity as a species.
Demanding everyone on the Internet show their papers to the government so that the author can hand their teenage daughter a free, always-networked pocket computer plus microphone and video camera without having to think about any related risks is an attitude repugnant for its laziness, its entitlement, its delusion, and most of all its contempt for the freedoms of others.
> In comparison, tech sisters advocating for an absolute right to privacy seem to be a very rare, and maybe mythical, species.
Ever heard of Meredith Whittaker?
> We could have designed our protocols to be minimally compatible with “a nation of laws,” but the tech bros insisted that compromise was treason, and, as a result, we will lose more privacy than necessary.
This has to be a joke. There's private, and there's not private. There is nothing in between. This is not about tech bros. This is about guiding principles, about personal liberty, and about freedom from tyranny.
> It may not quite be a law of nature, but my personal guess is that the opportunities for anonymity on the Internet will shrink until mothers no longer are forced to have “the talk” when their daughters get their first mobile phone.
In addition to "the talk" guess what else they won't be forced (or allowed) to talk about? Political dissent.
This chunk of the article is both sexist and defeatist. Now to read the rest.
Which model is this author talking about? Which pocket-sized devices? Where can I get them? No one is using Gemma 4 to find cybersecurity issues.
Edit: there are a lot of sentences that I can't distinguish from sarcasm in this article. I guess I read it too seriously.
A large model like Kimi 3 should be something like, 1-2TB? That’s a pocket size hard drive
Also the fact they call it “age verification” when they clearly build an identity verification and we just accept their language is crazy.
There is nothing of substance here. You don't like AI, I get. But it still exists and pretending that no-one finds it useful is utterly foolish.
Edit: I overuse the word utterly. Nice to identify one of my tells.
> So, it is not obvious to me who will be training new iterations of these models once the current bubble explodes, in particular if the returns are diminishing the way I have experienced.
It looks like he has no clue on how market equilibriums work. He really seems to think LLM's will just like.. stop existing.
So in their world, people would suddenly realise that AI is actually not that economic and we can't have Opus 4.8 quality models just with updated knowledge cutoff perpetually. So in his future, things won't just stall, they will literally go back.
He's really putting his emotional weight on this particular kind of future.
Either that or he's making nebulous emotional claims - its his blog so he can do it.
Talking isn't doing, just like word generation isn't an outcome.
At least, this is what I have come up with because this blog is mostly incoherent blabbering.
TIL: Phil Zimmermann was a "tech bro" and had a time machine.
Unfortunately, no, you can't have a prophilactic that just makes you a little bit pregnant. We used to know this.
That’s why large tech companies are lobbying in favour of this!
The people pushing for the destruction of privacy and attested software integrity ARE the tech bros. I'm sure there are people here that will vehemently disagree with me, but we see the biggest tech companies pushing for age verification and we see founders and rich folk gleefully giving up their earlier pro-privacy stances in favor of supporting locking down identity. They're building up their moat in real time because not only does it let them kill that pesky FOSS, but also it means they can legally gather even more data from individuals in question.
It also goes hand-in-hand with the increasingly authoritarian bent a lot of those same people have taken and these resources will absolutely be used to crack down on minorities and things they don't like.
I think your head would have to be firmly planted deep underground to somehow not connect the two dots. As another poster here said, they're literally lobbying for these age verification laws because it benefits them.
Oh, it’s not a slippery slope. It’s a single step: age verification IS identity verification, and it abolishes anonymous publishing on the internet, allowing on day one for violent retaliation against political speech.
If you think that authoritarian governments won’t be abusing this instantly, you are sorely ignorant of history.
> In this last Bikeshed in acmqueue, I will ponder the far future of free and open source software (FOSS), hoping to upset so many readers that...
> During the past couple of decades, rampant neoliberalism and “globalism” allowed...
And I’m out. I guess congratulations to the author. Mission accomplished.
But I’m disappointed that the article took a turn towards partisan politics.
Except for shit like Stram Kurs, which nobody really supports or tolerates.
> During the past couple of decades, rampant neoliberalism and “globalism” allowed the U.S. tech industry to capture almost the entire European IT market, including all “social media.” This has recently proved to be a ghastly mistake, and now the EU, along with its member states and companies, are scrambling to claw back their digital sovereignty.
This is not a partisan political statement, it's a factual one. It is simply a statement of fact that neoliberal world markets have permitted hyperscalers to cross national boundaries and provide the same services at scale to governments worldwide, and like, without even going into any U.S. politics at the moment, isn't that... really weird? Like many EU governments had essentially put their ability to function as states in the hands of a foreign actor. That's WILD.
Ah, the famous “maybe if I take a step back they’ll appreciate it and not push harder”. Or maybe it’s “if I give the leopard my face maybe it spares my body”.
I’ll let reality speak for itself: look no further than Stingrays and every bit of legal abuse they enabled, where innocent people are spied on in bulk with flimsy excuses. How well did it work out when the protocol was already maximally compatible with laws?
There’s no “minimally compatible”, you either have the privacy technically guaranteed or you don’t. If it’s technically allowed to breach it, it will soon be done as a matter of routine under the guise of “protecting”, “preventing”, and so on.
So in the end we didn’t lose anything, what we did was we gained a short period in which we could all taste that freedom. If we used your proposal nobody would have had even that to begin with.
This logic would have been easier to forgive if it came from youth and inexperience, from someone who never got to know about the endless abuse of surveillance that was inflicted indiscriminately on everyone.
> I promised myself I would never join their ranks.
A wasted opportunity, missed by at least 1 article :).
The minimally compatible is what existed before. The Snowden leaks showed that the Government, and not just the US government, would abuse the shit out of that for mass surveillance.
So now privacy advocates no longer trust that such a compromise can exist
It’s strange that the author both recognizes that the Government broke the social contract and then says privacy advocates should just keep trusting them in the same article
Every time you step back, the opposing force advances one step and soon you’ll have the same discussion again except from an even weaker position. Do you really think that once the framework is in place everyone will forever be content and not push for the next step?
Like the author, you are advocating for the “small backdoor”. Or like another commenter put it, the prophylactic that only gets you a little pregnant. There’s no such thing.
I do recognize their point that it's been made very hard to catch and prosecute cyber criminals. I think there are ways to improve that that don't destroy the privacy of everyone. But if that's the real goal, why isn't it the big pitch line of the Parent's Decide Act?
HN existed 20 years ago...? /s
edit: yes it did, lol
He's been a strong privacy and FOSS advocate for decades and has more credibility on both of these topics than nearly anyone on this board.
He also has an account and comments frequently. phkamp. I suggest reading some of his comments before making judgment.
So many kneejerk and nuance-less opinions. Absolutely hilarious that people are thinking the guy who wrote MD5crypt and BSD Jails is anti-privacy.
Also eye opening watching how many people are getting frothing-at-the-mouth mad seeing somebody with that pedigree coming to different conclusions than they do.
[1] https://queue.acm.org/detail.cfm?id=3703126
(just to be clear, my post was just to point out that the article is very difficult to make heads or tails of. it's easy to misinterpret a lot of the points many different ways! kind of like they're being overly implicit with the expectation that everyone'll know what they mean. it's something I do too and my way of cutting through it is to cut my writing in half and focus on clarity over mystique)
Privacy is being abused by criminals to victimize people at scale. Just because privacy is a moral good doesn't mean you are morally off the hook for enabling criminals.
Governments are so aware of this they're passing sweeping laws against it. This is your new reality -- you can't just bury your head in the sand. The whole point was saying that there could have been a middle ground that protected more of your rights than where you're at now if it weren't for the absolutism.
Turns out that being an absolutist isn't helpful.
Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
You know who didn't refuse to get involved? Larry Ellison, Peter Thiel, Mark Zuckerberg. They made suggestions to governments about how to solve this problem, and the best proposed solution was adopted and made the law.
Then legally require it to be effective and easy-to-use-if-you-take-a-few-minutes-to-read-the-instructions.
See also [0].
[0] <https://news.ycombinator.com/item?id=48911863>
https://www.pewresearch.org/short-reads/2026/07/01/majority-...
https://x.com/PTBwrites/status/2031529878021923118
https://yougov.com/en-us/daily-results/20250502-1e408-1
https://yougov.com/en-us/daily-results/20250502-1e408-2
> Parental controls remains the right way to do age gating. It works today and has no privacy impacts.
This opinion is not grounded in data and facts. If this was true, we would not be here. But we’re here because parental controls are insufficient, the vast majority of parents are just hanging in there getting their kids to adulthood.
More than 3 million college students are raising kids. Most won’t graduate - https://news.ycombinator.com/item?id=48709130 - June 2026
The real single-parent capital of America - https://news.ycombinator.com/item?id=42867716 - January 2025 ("The places with the most single parents tend to be, to put it bluntly, struggling. The strongest predictors of single parenthood are high poverty rates and high shares of the population receiving government assistance." [There are ~13.6M single parents in the U.S. raising over 21M children. This means single parents head roughly one in three households and approximately 34% of all U.S. children live in a single-parent family.])
Parents Under Pressure: The U.S. Surgeon General's Advisory on the Mental Health & Well-Being of Parents - https://www.hhs.gov/sites/default/files/parents-under-pressu... - 2024
> When stress is severe or prolonged, it can have a deleterious effect; 41% of parents say that most days they are so stressed they cannot function and 48% say that most days their stress is completely overwhelming compared to other adults (20% and 26%, respectively).
> Nearly 70% of parents say parenting is now more difficult than it was 20 years ago, with children’s use of technology and social media as the top two cited reasons.
> Recent data from 2021-2022 indicate that among parents, 23.9% (or 20.3 million) had any mental illness and 5.7% (or 4.8 million) of parents had a serious mental illness.
> Lastly, many other caregivers assume primary caregiving responsibility when parents cannot, thus acting as a critical safety net for children. In recent years, there has been a notable increase in such individuals taking on caregiving responsibilities for children, with approximately 2.4 million children being raised by grandparents, other relatives, or family friends, without their biological parent(s) in the household.
U.S. has world’s highest rate of children living in single-parent households - https://news.ycombinator.com/item?id=37628812 - September 2023 (108 comments)
(fertility rates continue to collapse though, so hopefully this problem continues to decline over time, only time will tell; 40% of annual pregnancies in the US and internationally are unintended, per the Guttmacher Institute and the UN, respectively)
Charted: How American Households Have Changed Over Time (1960-2023) - https://www.visualcapitalist.com/how-american-households-hav... ("A record 58.4% of American households now consist of married or single adults without children. Only 25.3% of American households contain children.")
It's a mix of what they can do and what they're likely to do. They just have to be able to go back to voters and say they're doing something.
If you think that the fact that they did the wrong thing is an argument for not doing anything, you clearly are blind to politics & history.
And age verification being the wrong solution to the "privacy problem" doesn't remove privacy from lawmakers' crosshairs.
Almost all victimization is being done without end to end encryption. This is not a problem caused by privacy.
Also on Discord and Roblox, they are apparently the biggest platforms for this, but they're not E2EE anyway, they're just hiding it because their executives like what's happening.
I don't think it's that encryption was harmful, it's that it wasn't enough, and in a sense I agree with TFA & the Sun Tzu bit: it needed to be complemented by legislation that added decent privacy protections, and it largely wasn't. That was a mistake, I suppose, but the current political situation, esp. in the USA, disfavors privacy regulation getting done, ever. The Democrats are … maybe spiritually for it? … but not terrible effectual at getting it done; Obama's response to Snowden was "meh" at best, and Congresspeople, in particular Feinstein especially, let the DNI walk all over her. The GOP has no interest at all in regulating corporations, at all, ever, so with the House/Senate/POTUS all (R) at the moment, it's going to be until at least Nov before it is possible to even think that these might get addressed, and even that's … generous, and I won't be holding my breath for it to occur.
Stuff like what we saw in another thread today — with LG wantonly installing spyware — and things like Flock would have happened in addition to network intercepts; they are not happening instead of. Corporations and the government will do whatever the People permit them to get away with.
His theory is bunk, there is absolutely no middle ground to be had with the people who want a backdoor. There are no small backdoors.
If we had parental controls that actually worked it would forestall any talk about ID scanning because parents could just enable parental controls.