I was sitting in a room the other day with a young adult, we were searching for additional algorithm learning materials. They searched in Google, and accept the cookies. They clicked on a website, and accepted those cookies too. They then started entering their email address to access another service. I was completely taken aback.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
cortesoft 1 hours ago [-]
I am in my mid forties, been working as a professional software developer for over 20 years.
I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.
What “dark pattern cookie trick” are you worried about? I just can’t come up with a scenario where it will actually harm me in any way. All the examples I have heard are either completely implausible, don’t actually seem that bad to me, or are things that are trivially easy to do even without any cookies.
Now, I am not going around giving my real email out to random sites, though, although even that doesn’t strike me as particularly dangerous. I already get infinite spam, and I am sure there are millions of other ways to get my email address… it is supposed to be something you give out, after all.
I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive, but I just have not yet been convinced I should actually care.
1shooner 58 minutes ago [-]
First of all, if you don't practice any tracking limitation, you're almost certainly giving additional parties (directly or otherwise) access to your personal information. This is marketing data brokerage, this is the whole ballgame.
To your point about the actual harm, I've come to see it as a kind of ecological problem. Wasting energy and sending more trash to a landfill doesn't harm me individually, at least not immediately. But it does harm in aggregate, and it is probably directly related to other general harms, like overall health outcomes, efficiency, energy costs, etc.
No, accepting cookies by itself may not do much to me, but the broader surveillance and attention economy that relies on such apathy certainly has.
richardubright 10 minutes ago [-]
I hear what you're saying, and instinctually I feel gross about it. But, if enabling advertising allows the website I'm visiting to stay in business, I think that might be a trade-off worth making.
cm2012 37 minutes ago [-]
The effect of that data is serving you better ads. Its not a big deal. Dystopian governments have way better sources of citizen data than anonymized ad exchanges. It basically just powers product discovery in a giant global marketplace.
In theory, the government doesn't need the ad exchanges which have very lossy information. They have access to the ISPs and cell service providers, etc, with a warrant. Dictatorships like China and Russia don't need ad network data to be police states, they just use the core phone, internet and computer data.
But in this case, the US gov are using the insecure private data as a run-around to the warrant process. This is definitely unfortunate, and I think laws should be amended to prevent this workaround.
layman51 6 minutes ago [-]
I disagree, because there’s always a chunk of advertising that seems to be all about targeting low-income or people who aren’t financially savvy and I don’t think it’s ethical for an apparatus to take advantage of them.
Levitz 14 minutes ago [-]
>The effect of that data is serving you better ads.
On the contrary, the ads become worse, since they become better at trying to get me to buy some crap I don't need.
The more irrelevant to my profile they are, the better.
soopypoos 29 minutes ago [-]
Would you write your name down the side of your car?
0xffff2 8 minutes ago [-]
Would you not? It would look odd and draw a lot of attention simply for being unusual, but I'm struggling to come up with any way in which doing so would actually harm me.
cm2012 6 minutes ago [-]
My name is on my car, the license plate can be matched to my name in seconds.
catoc 3 minutes ago [-]
” it’s not a big deal. Just gets you better ads.”
I thought this was just ignorance.
Then I checked the profile. They ”have lots of experience with digital advertising “
AzN1337c0d3r 12 minutes ago [-]
Insurance is likely using that same data to adjust rates.
wonnage 29 minutes ago [-]
This might’ve been true in 2012 but definitely is not the case today
“It is difficult to get a man to understand something, when his salary depends on his not understanding it”
cluckindan 19 minutes ago [-]
Read the fine print. You’re usually not consenting to cookies, you’re consenting to having your data gathered, processed, enriched and sold by hundreds of companies around the world.
One click usually gives random foreign corpos the right to your data across a multitude of platforms, the right to identify you across data sets, and to permanently link your device identifiers to you, for ”fraud detection” on a site which sells nothing.
Clicking on accept or deny on those notices makes no real difference, since the ”partners” and ”vendors” usually enshrine their core data activities into the ”legitimate interest” category, which has no opt-out.
cortesoft 3 minutes ago [-]
Ok, so suppose I am consenting to all of those things.
I still have the same question… how is my life going to be made worse by that happening?
SJC_Hacker 17 minutes ago [-]
> Read the fine print. You’re usually not consenting to cookies, you’re consenting to having your data gathered, processed, enriched and sold by hundreds of companies around the world.
They'll get it one way or another
With IP tracking, you don't really need cookies much anymore
psychoslave 2 minutes ago [-]
IP is personal information, at least under GPDR in Europe.
> I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.
the effort and cost to download an ad-blocker that automatically removes the prompt to accept/deny entirely is practically zero and the amount of clicks you'd save yourself would quickly exceed the clicks it took to install the blocker.
> I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive
It seems like you are, but that's just how our brains work. We're very bad at judging long term and abstract risks, especially when the consequences and their connection to the cause are intentionally kept unclear. For example, when people's cars started collecting data on their driving habits and selling that data to insurance companies a lot of people saw their insurance rates go up, but none of the insurance companies said that it was because of the data collected from their cars. I'd be willing to bet the data being collected by tracking your
browsing history has already been screwing you over in various aspects of your life, online and offline, but you won't be told when it happens or why.
cortesoft 14 minutes ago [-]
> I'd be willing to bet the data being collected by tracking your browsing history has already been screwing you over in various aspects of your life, online and offline, but you won't be told when it happens or why.
Ok, can you give me a plausible example of what that harm could be? This seems in line with the exact thing I said in my comment; every time I ask how it could harm me, I am given vague statements about tracking and data. Charging me more if they think I can afford it is surely a thing to worry about, but there are so many ways to do that without tracking that I already need to take actions to defend against that (comparison shopping, price history tools, etc).
I am not saying I don’t think companies can take data they have access to and use it to extract more value from me… I am saying I don’t thing opting out of cookies is going to do much to change that, for better or worse.
gpvos 30 minutes ago [-]
> the effort and cost to download an ad-blocker that automatically removes the prompt to accept/deny entirely is practically zero and the amount of clicks you'd save yourself would quickly exceed the clicks it took to install the blocker.
For less-often used, e.g., non-English language sites, these often leave a site in an unusable state, e.g., non-scrollable. I often have to go into the developer tools to fix a site manually, sometimes hunting for the element to fix if it's not body or html.
fiddlerwoaroof 30 minutes ago [-]
> the effort and cost to download an ad-blocker that automatically removes the prompt to accept/deny entirely is practically zero
It's only zero if you don't need to interact with sites that break when you're running an adblocker. I run an ad-blocker nearly continuously, but there are all sorts of sites where I have to disable it in order to use the actual functionality of the site (and these are frequently sites I _have_ to interact with).
sdevonoes 22 minutes ago [-]
There’s a burden in ad blocker plugins: you never know when they will get compromised. Im comparison to that, simply ignoring the cookie baner is less effort imho
bethekidyouwant 30 minutes ago [-]
this is definitely happening and for some reason, no one has any clear evidence on it.
The data collected about us online is extensively used against us both online and offline. The multi-billion dollar industry around collecting and selling every scrap of data about you and your personal life didn't spring up because nobody was making money from it.
xXSLAYERXx 1 hours ago [-]
Feel similarly. And to be honest, even when I do select decline all, I have little confidence that the function does what it says it does.
devin 53 minutes ago [-]
Yes, I do not have a lot of faith that "essential" cookies are always "essential" for example.
LPisGood 41 minutes ago [-]
Certainly advertising is essential to the business model.
sudoshred 38 minutes ago [-]
Essential is contextually defined by whoever implemented the that part of the front-end basically.
KellyCriterion 4 minutes ago [-]
same experience here, but one exception:
I just always the most left button, as this is usually "cancel" or "deny" - not alwys right,though :-D LOL
bregma 17 minutes ago [-]
I like to just roll over and bite the pillow, click "accept all cookies" and let them go in dry and unprotected.
airstrike 1 hours ago [-]
I'm worried about my browsing to be tracked across the entire internet for the purposes of marketers to "enrich" my profile... just to sell me more and to sell that data to third-parties who can make all sorts of decisions based on a made up story about who I am, my preferences, my values and whatnot.
there's a reason I don't walk around naked either. it wouldn't hurt me, but I don't need that kind of exposure for no upside
caseyohara 30 minutes ago [-]
> third-parties who can make all sorts of decisions based on a made up story about who I am, my preferences, my values and whatnot
You're going to be presented with ads and preyed on by marketing no matter what. The "made up story about who you are" is just even more imaginary the less they know about you. You'll simply be presented with less-targeted ads.
NewsaHackO 1 hours ago [-]
I think he is referring to how some have an "Accept cookies" and a cookie's settings, but to reject cookies you have to open a separate dialog box. I agree, and I think it is so wild that people would give their actual email to random sites.
WesolyKubeczek 15 minutes ago [-]
Which is why I installed the "Consent-o-matic" extension which dutifully denies everything for me, and I have uBlock Origin for everything else.
mijoharas 55 minutes ago [-]
I'm the same, (well, mid thirties, and over a decade) but I always click accept for cookies.
The only times I've stopped, or tried to deny it is with the recent thing I've seen from some sites that say "accept cookies or pay money". I think that is scummy, and against what these regulations require, so I'll usually just close the site in that case.
Oh and to address the point from the main article, I think I'm unfortunately beholden to more companies, but would strongly prefer to not verify my identity, because I have little to no trust in the companies to safeguard my actual personal data. (rather than inferred cookie tracking data, which they can have imo).
rincebrain 1 hours ago [-]
I would imagine it's the GDPR "ACCEPT ALL COOKIES" in big font and then in very small low contrast text "select some cookies" or "reject cookies" that they were describing.
thewebguyd 1 hours ago [-]
You're lucky to get a "reject" or "select some" button at all. Now I typically see "ACCEPT ALL COOKIES" or "Customize Preferences"
jamiecurle 20 minutes ago [-]
technically, it's the ePrivacy directive. GDPR requires the consent to process personal data and governs the data but the ePrivacy directive is the instrument that requires that god-damn-please-make-it-stop-banner.
zahlman 22 seconds ago [-]
> the young people that are growing up conditioned to
How does the conditioning start?
> not value their personal data
Okay, but in practice how much do they do with it that isn't ad placements?
thewebguyd 2 hours ago [-]
> It is the young people that are growing up conditioned to press accept
It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy.
It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them.
andsoitis 2 hours ago [-]
> It's like they just assume that everything on the web is trustworthy.
> It's not hard to see why though. They grew up with app stores & locked down devices.
When we create a safer world, people’s defense mechanisms naturally atrophy or are never developed in the first place.
thewebguyd 2 hours ago [-]
The problem is, we haven't really created a safer world. We created an illusion of safety by taking away agency.
We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught.
Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety.
Forgeties79 1 hours ago [-]
It’s absolutely safer browsing the internet now than it was when I was a kid. Getting a virus or equivalent on your phone is no small feat
tweetle_beetle 34 minutes ago [-]
Is it that much different? In the past if you downloaded the wrong file, you could get ads opening constantly, a new toolbar taking over your browser, data scraped and sent off to a mystery server, or have some process maximise your compute.
This accounted for most of the risks on the wild west internet, but the worst case scenario of permanently losing data or having to reinstall Windows was actually rarer than it was made out to be imho.
These days the common risks are the same, except they're no longer risks - all of those have been built into the fabric of everyday internet usage and criminals have been replaced by businesses. It's like the cliche about Vegas being better when it was run by the mob.
autoexec 32 minutes ago [-]
It happens all the time, and its as easy as sending a phone a text, or a packet, or escaping a sandbox, but you'll rarely be aware of it when you're infected because unlike the old days where malware would fill your screen with ads or something today they just silently collect your data or use your internet connection for careful port scans or DDoS attacks. NSO Group spyware (or similar) could be on your phone right now.
Hell, cellphones these days ship with spyware pre-installed. Samsung being the one of the worst for filling their phones with their own apps which spy on you constantly.
asdfman123 37 minutes ago [-]
The late 90s internet was filled with predators, skeeziness, and viruses that would break your computer and require a reformatting.
That stuff is still there if you look for it, but it's not on your social media feeds or in any of the apps provided through app stores.
robotguy 2 hours ago [-]
That's the philosophy behind Safety Third.
lexszero_ 19 minutes ago [-]
Just curious, what come first and second in this use of the phrase applied to computer security? I came to know the expression from fire circus performance and adjacent circles, where first and second are safety of the audience and the venue, and third is your own. I use it often when I'm about to knowingly do something sketchy or potentially dangerous without applying safety practices required "by the book", acknowledging the present danger to myself and accepting the risk. I never saw it used in infosec context.
darknavi 2 hours ago [-]
Maybe we should make young learners in primary school use "infected" Windows XP so they can dodge spam popups and learn what and what not to click.
thewebguyd 2 hours ago [-]
Growing up I had a "computing" class in high school. It's where I learned to type, but also learned the basics of using both macOS(9 at the time) and Windows.
It was also drilled into me that the default state of anything on the internet is to be untrusted and potentially harmful.
It also helped that you could actually tinker with things, and there were plenty of foot guns around to drill that lesson home.
Somewhere along the way that message got lost and didn't get communicated to the young ones, and I'm not even that old (38).
whywhywhywhy 2 hours ago [-]
They'd just click it away every time, when my nephew got a gaming laptop he'd play mindcraft and the windows sticky keys popup would be firing constantly must have seen him dismiss it 15 times before I offered to show him how to get rid of it.
chrisjj 1 hours ago [-]
> They grew up with app stores & locked down devices. No concept of a file or file system
I think almost every Android user has thise concepts.
But on the trustworthy web assumption, I agree. The only effective remedy is a personal calamity.
RGamma 2 hours ago [-]
People are also struggling to think about what is computed or stored where or what different wireless interfaces do. Imagine what sort of data people enter into LLMs!
chrisjj 1 hours ago [-]
Absolutely. With many lawyers, it is client personal data.
adventured 2 hours ago [-]
That's an exaggeration. Young people on average have grown up with drastically greater understanding of what a file is than any other generation that has come before them. They grew up using Chromebooks or laptops in school, constantly interacting with the local file systems, uploading files to Instagram and TikTok from the file systems on their smartphones, browsing their phones for files constantly. They know what a file is, they use & manage files more than any other generation prior.
No other prior generation comes close.
Compare them to people growing up in the 1980s. The average person at that time was overwhelmingly oblivious to computing very broadly, their grasp of a "file" as a concept would have been close to non-existent. That was just 40 years ago.
In the mid 1980s a mere 10% of US households had home computers. And that was a high mark globally, it was drastically lower in nearly every other country (closer to zero in eg China, India at that time). The number of people routinely using office PCs was still extremely low.
Today young people have a computer in their hand for hours each day, and they knowingly manage files throughout the day.
asr 2 hours ago [-]
I use lights every day, but I know way less about electricity than my grandparents, two of whom who could remember when their town was electrified as children and who therefore treated it as the marvel it truly is. And also because we've worked out a ton of bugs in electricity and it often just works.
My kids will know way less about filesystems than I do, because I had to learn DOS commands to navigate around the operating system if I wanted to play computer games, which led to a lifelong interest in how computers actually work at a level they can (and, so far, do) happily ignore.
blackcatsec 2 hours ago [-]
Or in your scenario, understand the concept of 8.3 file names and why they existed, and when they were removed, and how :P
ghewgill 42 minutes ago [-]
Sheesh, trigger warning please! I remember the how.
raw_anon_1111 2 hours ago [-]
You don’t upload a “file” in a “folder” to TikTok. You upload a “video” from your “library”. Consumers have been conditioned to stop thinking about files especially when it comes to media since iTunes and the iPod in 2001.
esseph 2 hours ago [-]
> files especially when it comes to media since iTunes and the iPod in 2001
As a non-Apple user, this is not something that happened to me. I literally have a "Files" app on my Android phone and my laptop/desktop.
integralid 40 minutes ago [-]
As a technical person, who only ever used Android, I have no idea how files really work on my phone. I even used adb a few times but still. From my PoV there are no "files", just photos, videos, screenshots, downloads, application data, applications and system data - all completely different kinds of data.
In my files app i see "downloads" "images", "videos", "apps", "starred", "safe folder". In "images" i see pictures tagged "downloads", "camera", "DCIM", "screenshots" and one odd "2024-12-03_description_here" that I clearly names myself but don't remember doing that.
I have no clue how that maps to a physical phone filesystem, even though I know it's there. I'm sure teenagers don't know that too.
raw_anon_1111 1 hours ago [-]
Right as an Android user you don’t have a separate photo library where pictures go to? (yes I know this isn’t true).
Yes there has been a Files app on iOS devices for well over a decade
jen20 1 hours ago [-]
Both iPhone and iPad have an app named "Files" too.
50 minutes ago [-]
amluto 1 hours ago [-]
> They grew up using Chromebooks … in school, constantly interacting with the local file systems
While it is possible to interact with the local file system on a school Chromebook, it’s certainly not the default. School interactions with Chromebooks seem to consist of logging with highly secure passwords like “strawberry” and using Google Docs. And playing games with heavy PvP components and paid DLC (paid by parents whose kids beg for it, not by schools) that call themselves “educational” because they interject math problems needed to use those juicy spells, make no effort whatsoever to teach anything, but produce a nicely formatted report correlating scores to numbered elements of the Common Core standards.
morleytj 2 hours ago [-]
There may be some demographic groups located between people who were young during the 1980s and people who are young during the 2020s, time periods which are 40 years apart.
arvid-lind 2 hours ago [-]
Maybe they do more intuitively think of things as virtual objects, but it seems like the issue is they don't have a deeper understanding of how the mechanisms behind the abstractions work and can easily get fooled into accepting terms they wouldn't if they properly understood.
thewebguyd 2 hours ago [-]
> easily get fooled into accepting terms they wouldn't if they properly understood.
And easily get sold add-on services. How many people hit the 5GB iCloud limit for backups and just pay without stopping to think that it might be possible to do local backups to your computer and you don't really have to pay for extra storage?
Just hit them with the scary language "You are at risk of losing your photos forever if you don't pay!" because that concept of "Oh, photos are just files in a directory and I can copy those anywhere I want" doesn't exist. To many, those photos are part of the gallery app, not a separate file from it and since that app only runs on the phone, surely it must not be possible to copy them anywhere unless I pay for the storage.
maverick74 17 minutes ago [-]
> Young people on average have grown up with drastically greater understanding of what a file is than any other generation that has come before them.
I totally disagree!!!
Yes, everyone works with computer, phone, tablet, whatever, nowdays!
But does generation z "knows" about what a computer is?
Absolutely not!!!
While tech has advanced and graduated IT personal know more than previous generations (obviously!), all the rest, while they do know how to do their jobs, they know nothing about computers!!! They are pretty much like everyone else that didn't know what a computer was in generations x and previous!!!
However, contrary to previous generations, because they do interact with the tech, they represent a higher security risc for them and for others!
... Because they know nothing about it!!!
It's like giving a box of matches to a neanderthal in the middle of the woods...
Almost everyone in the "Gen x and previous" that interacted with the tech, did know what they were doing (past the initial learning phase)!!!
This does not happen after gen x!
mhurron 1 hours ago [-]
> drastically greater understanding of what a file
No, they do not. First, simply using something does not mean you understand it at all. Secondly, because the devices they've become the most accustomed to work very hard to hide all those details from the user.
thewebguyd 2 hours ago [-]
And yet, it's the generation that struggles the most with managing files on their work laptops and on SMB shares.
They know app silos, not file system hierarchy. Ask a teenager where a file is on their phone and the will tell you the name of an app. Ask them how to copy it somewhere else, and they'll use the share sheet and send it to another app.
High adoption doesn't equate to high literacy.
c0balt 2 hours ago [-]
> Ask them how to copy it somewhere else
To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions.
The only way to get, e. G., an attachment downloaded via Thunderbird to a PC or another app is the share dialogue. A user does not access to the isolated app storage by default on an unrooted Android phone. For better or worse the young user is actually making the right choice here for their platform.
(This is also why making a backup of an Android phone is a nightmare when you aren't using a first party option. ADB is sometimes able to bypass it)
thewebguyd 1 hours ago [-]
True, it's all abstracted away and you don't even get access, but that's part of the problem. We (the industry) are teaching people that proprietary formats inside of app silos are the only way to store your data, making the default state being no control over your own stuff.
Note taking apps are a prime example of this, using a proprietary localdb for notes, inside of app storage you can't access, forcing you to transact with your own data exclusively through the app (and whatever subscriptions or upcharges that come with it). We've trained out the idea that these could just be local text files in a directory you can access and do with what you want.
I've watched discussions around open file formats fade away into obscurity along with the rise of mobile, and now we have to fight on whether we should be so graciously allowed to install software on the devices we own or not.
Not everyone needs to be a computer science student, but some basic level of curiosity or education around how tech works should be required in school, at the very least a warning message of "Your data isn't safe if it's not under your control."
GJim 1 hours ago [-]
> To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions.
That's exactly the point!
The file system is hidden from modern users. Kids brought up on this now have no idea or concept of where their data resides.
blackcatsec 2 hours ago [-]
I mean on iOS you do have a raw home storage path you can save arbitrary binary data stuff to, although Apple generally just has the option of "Save to Files"--but you have at least some basic folder structure there you can use and have full access to.
It's just not commonly used for the reason the other person mentioned (share buttons between apps that are file type aware)
kjkjadksj 1 hours ago [-]
That was only recently made the case
mftrhu 1 hours ago [-]
That's exactly the problem. Digital natives have, by and large, grown up with computing devices which try their best to be the opposite of general-purpose: their skills are siloed to the few apps they rely on, and e.g. files, keyboard shortcuts, the command prompt are not part of the "API" they learned.
mftrhu 1 hours ago [-]
> They know what a file is, they use & manage files more than any other generation prior.
Unfortunately, they don't.
They might have had a computer in their hand for hours each day, but they barely know anything about it. The ones who do tend to be those who grew up playing on PC, as opposed to console or mobile, because the latter - despite falling under the "digital natives" aegis - are really shockingly ignorant of even basic concepts.
fragmede 2 hours ago [-]
That's also a stereotype. Gen Z (born 1997 to 2012) is roughly 2 billion people. Among them are the technorati, and the tech literate. The influencers and the influenced. It's fair to compare what was available to them growing up, vs yourself (I learned to program before there was Google), but it's hard to say things that are going to be universally true across that many humans that are interesting. Most of them will have two arms and two legs but will most be able to navigate /etc/systemd/user/? Can't say.
dewey 3 minutes ago [-]
Accepting cookies vs. entering personal information are very different buckets for me.
I just click "Accept all" on every cookie banner, life it too short to figure out which checkboxes and dark patterns I have to avoid on each site to not hand over some data...that is than later on just tracked in the backend ("server to server tracking"). Or sold by my credit card company, or tracked by me hovering over some video on YouTube. With the amount of data available unselecting some check boxes on a website just doesn't make a difference.
bmacho 2 hours ago [-]
It's not just cookies, it's explicit consent to track you, and sell your browsing history to ~1500 spy companies around the world.
To the sibling comments: don't "accept the cookies" and then delete them.
- - -
I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
We need a browser with a safe extension model.
- - -
edit: I guess using 2 Firefox profiles, one with uBlock and one with my google/facebook/bank/amazon/etc accounts solves the threat posed by uBlock and extensions. I still don't like it.
microtonal 2 hours ago [-]
Not just the web. Last time I installed Backdrops on my phone (a nice wallpaper app), you would literally approve hundreds of uses of your data when you press Consent. Even if you choose to manage choices, 200 'legitimate interest' options are enabled by default. Even when you are a paying Pro user. Data used includes location data.
What makes it worse is that a substantial portion of users block web trackers through an adblocker. However on phones, unless you have a rooted phone or use some DNS-based blocker, all these analytics get uploaded without restraint.
Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Some browsers (e.g. Vanadium, Vivaldi) have a built-in adblocker, so you have to trust one party less.
latexr 59 minutes ago [-]
Safari’s extension model could be really good by now, had they not stopped putting effort into it. You are able to define which extensions have access to which websites, and if that applies always or only in non-Private¹ mode. You can also easily allow an extension access for one day on one website.
But there are couple of things I find subpar:
You can’t import/export a list of website permissions. For a couple of extensions I’d like to say “you have access to every website, except this narrow list” and be able to edit that list and share it between extensions.
On iOS, the only way to explicitly deny website access in an extension’s permissions is to first allow it, then change the configuration to deny. This is bonkers. As per the example above, to allow an extension access to everything except a narrow list of websites is to first allow access to all of them.
Finally, these permissions do not sync between macOS and iOS, which increases the maintenance burden.
¹ Private being the equivalent to incognito.
ambicapter 2 hours ago [-]
How would you implement ability to arbitrarily block any network connection on any website without giving an extension 100% access?
bmacho 2 hours ago [-]
> How would you implement ability to arbitrarily block any network connection on any website without giving an extension 100% access?
Browsers should provide a filtering option before they makes a request.
IMO a lot of no-brainer options are missing from personal computers. Like the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux). Browsers should provide the ability to inspect, and filter network access, run custom javascript on websites, etc.
jstanley 1 hours ago [-]
We do sort of have that with the capabilities stuff (although I admit hardly anyone knows how to use it).
But the tricky part is that "reading files" is done all the time in ways you might not think of as "reading files". For example loading dynamic libraries involves reading files. Making network connections involves reading files (resolv.conf, hosts). Formatting text for a specific locale involves reading files. Working out the timezone involves reading files.
Even just echoing "hello" to the terminal involves reading files:
OP says "restricted access to files". Read access to your home directory is not required for loading dynamic libraries or printing the time.
user142 1 hours ago [-]
> the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux)
Bubblewrap allows you to do that on Linux.
jstanley 2 hours ago [-]
> every single extension provides 100% access to my websites to whoever controls the extension.
But the browser also has 100% access to all of the websites. The browser is software that works for you. You control the browser.
Who but yourself do you imagine controls your extensions?
2 hours ago [-]
esseph 2 hours ago [-]
> The browser is software that works for you. You control the browser.
Oh really? Then why do my browsers keep moving things?
jazzypants 1 hours ago [-]
How would an extension work if it didn't have access to the website you're browsing?
hedora 58 minutes ago [-]
Pick one:
- Read-only access to cross-tab web site content
- Ability to modify web site content
- Ability to access the network
They can always "access the network" in that the extension developer can push static updates for things like ad block lists or security updates.
It might be possible to have "read only" cross-tab access include automation APIs like keyboard + mouse, with user prompting to prevent data exfiltration.
xphos 42 minutes ago [-]
That just seems like a lazy capitalism models. We had both 10 years ago without crazy tracking and accept all cookies why do we have for the worst lowest common denominator ?
hedora 22 minutes ago [-]
I agree; the web ecosystem is enshittified garbage.
However, I'm just suggesting a modest improvement to browser extension security (that doesn't completely break ad blockers like Chrome's approach).
In practice, I run an ad blocker, and just trust that it won't exfiltrate bank passwords and stuff. Imagine the blast radius for a successful and undetected UBlock Origin supply chain attack!
My "pick one" approach (ad blockers would pick the middle option) would mean that comparable supply chain attacks would also need to include a sandbox zero day in the web browser.
bpt3 2 hours ago [-]
What would a safe extension model look like to you?
At some point, you have to implicitly trust someone unless you audit every line of code (or write it yourself) and build everything from source that you run.
raw_anon_1111 2 hours ago [-]
This is a solved problem for at least ad blockers for over a decade on iOS. The ad blocking extension gives Safari a list of URLs and regex expressions to block
blackcatsec 1 hours ago [-]
No, it's a solved problem for ad blockers, a very specific problem case that extensions have traditionally solved. But the entire concept of extensions is far greater than just "ad blockers", although that's the use case for which 99.9% of people have used them for.
But there are other uses cases, like cloud2butt.
bpt3 2 hours ago [-]
It's solved if you trust Safari. I'm not sure that's the case for the parent poster.
raw_anon_1111 36 minutes ago [-]
So you don’t “trust” Safari but you trust Firefox? In 25 years absolutely no one has accused Apple of storing your browsing data that’s not e2e encrypted (its stored so it can sync across devices).
pull_my_finger 16 minutes ago [-]
I use Cookie AutoDelete on Firefox and it's great. It works with Firefox Container Tabs (groups have their own cookie settings), and let's you greylist (allow cookies from a particular domain pattern until the tab is closed) or whitelist (always allow from the domain pattern). I set it up for my kids computers also. The default is to blacklist (cookies aren't set), and I can whitelist for particular sites where they need say persistent login.
Definitely in 2026 kids should be getting tons of education in public school about how to safely browse the internet, both for personal data privacy and for safety against stalking, doxxing, grooming etc in the same way millenials were grilled about source checking internet resources like Wikipedia.
PyWoody 3 hours ago [-]
I remember when it first became widely known that the government could see your library checkouts. People protested. It was a big deal in my tiny town.
I don't even think it would be even a blip on the radar now.
It really is depressing how much ground we've given.
chneu 2 hours ago [-]
I was just talking about this the other day. This all happened right after 9/11(nevr 4get) and people were fucking PISSED that the patriot act wanted to look at people's library histories. It was a HUGE deal where I lived. Now? Nobody gives a shit and people will trade away their valuable privacy for an IQ test.
huflungdung 1 hours ago [-]
[dead]
8organicbits 2 hours ago [-]
Can you clarify what you mean?
My local library is run by the county government, so of course the government can see the checkouts, they are the ones I check the book out from. But they restrict checkout information from others. For example, a parent can see the checkouts of their own children, but not after they turn 13.
Perhaps you're talking about subpoenas? Checking some other libraries I see SF Public Library has some discussion about that, but they delete books from your checkout history once they are returned. https://sfpl.org/about-us/confidentiality-and-usa-patriot-ac...
Barbing 2 hours ago [-]
USA PATRIOT Act, early 2000s?
bigbuppo 21 minutes ago [-]
My inclination is to simply close the window as soon as there's a popup of any sort. If someone did that to you in public you would be within your right to punch them in their face as an act of self defense.
jameson 2 hours ago [-]
Most doesn't event know what cookies too. In fact, most doesn't put extra thought into the things they are clicking/accepting on web.
Because of this, I found it odd that the regulation allows displaying the accept cookies button. Instead, it should be rejecting cookies by default and a separate flow to accept tracking cookies (e.g. via account settings page)
i7l 2 hours ago [-]
Why not have all tracking disabled by default by law and have users opt in through Settings menus?
jameson 1 hours ago [-]
That's exactly my point. Sorry about the poor wording
Fervicus 2 hours ago [-]
People around me (including engineers) all casually use things like Alexa, Google Home, Ring, Nest, Chrome, are always signed into Google, have all sorts of apps installed on their phones, and have no problems giving up their phone numbers to services for verification. It's crazy.
raw_anon_1111 2 hours ago [-]
I bet you use an Android phone don’t you?
ZpJuUuNaQ5 2 hours ago [-]
I do this, more or less, although I am a bit older. It's not as if I enter my real name, address, or email at every opportunity, but there is really no perceptible feedback loop that would force one to contemplate the consequences. I visit my local news site and the first thing I see is a massive cookie banner which lists over a thousand third-party vendors and asks me to either "Accept all", or if I am being prudent, click adjacent button called "Choose" to go to another page, then manually untick dozens of tracker categories, and then click "Allow selection". Whatever I chose, it wouldn't have any tangible impact on my life. I simply do not care.
nervysnail 2 hours ago [-]
With uBlock Origin, you would not see such popups.
Also, it may not have an impact on your life, but it sure as hell has an impact on adtech guys' pockets.
sdevonoes 24 minutes ago [-]
I use chrome as “burn” browser (i only use it for non important things) and I have a dummy email that I use for signing up in everything non important as well. Perhaps this young adult was doing the same?
cm2187 3 hours ago [-]
Accept the cookies and flush them out every time you close the browser. I think it would be naive anyway to assume that clicking no on a cookie banner would achieve much for your privacy.
mimimi31 2 hours ago [-]
So-called "cookie banners" usually ask for your consent to much more than optional tracking cookies. By accepting you might be giving your permission to e.g. track you through various fingerprinting methods, build a profile and share it with advertising partners.
reddalo 2 hours ago [-]
An additional reason for not browsing the web without uBlock Origin on Firefox or other browsers with full support (not Chrome).
bitmasher9 3 hours ago [-]
Why even ask for the cookies if denying them doesn’t achieve much?
It’s naive to think that cookies are the only tool used for tracking, but they are the most powerful tool for web based tracking.
_heimdall 3 hours ago [-]
Because in some legal systems you're required to ask. You're also required to follow fairly specific rules relates to the user's selection and data, though I can't imagine enforcement keeps up with websites breaking those laws.
N0isRESFe8GXmqR 3 hours ago [-]
Because EU Cookie Law was a flawed idea?
OKRainbowKid 2 hours ago [-]
How so? The law doesn't require cookie banners.
However, you could argue that tracking/advertisement cookies should have been banned completely and that the law is flawed in that it allows for tracking given user "consent".
raw_anon_1111 2 hours ago [-]
I love the EU apologists - “it wasn’t a bad law just because the outcome was bad”
GJim 1 hours ago [-]
The alternative being to bend over and grab our ankles with both hands the moment the scummy ad-tech industry requests our data?
Sorry mate, the GDPR is there for a bloody good reason; and legit companies obey the law.
raw_anon_1111 1 hours ago [-]
Yes because of the GDPR, there aren’t still two trillion dollar+ market cap ad Tech companies.
But at least we have cookie banners everywhere.
GJim 1 hours ago [-]
More pity to those who (for some bizarre reason) voluntarily choose to interact with those ad-tech companies.
raw_anon_1111 1 hours ago [-]
So you don’t use Google and don’t have an Android phone?
wsng 1 hours ago [-]
It was not a flawed idea, but flawed execution. The law should have mandated to adhere to the user's "do not track" setting in the browser.
That being said, it was very early regulation in this field, and more recent approaches are already better, e.g., GDPR, DMA.
Barbing 2 hours ago [-]
No, shan’t give them the metrics :)
CamouflagedKiwi 14 minutes ago [-]
Are those young people really doing the wrong thing by accepting? They are getting on and solving their problem, they have probably never had any personal harm done by "some weird dark-pattern cookie trickery".
It's almost like forcing (almost) every website to add these cookie banners has desensitised people to what they're actually saying.
jabroni_salad 2 hours ago [-]
I doubt the average person even reads those. They are just "the thing you must click to get on with things". How many of those does a person even see in a day across all software and websites wanting to pop up with some garbage you do not care about?
rustyhancock 3 hours ago [-]
There is a third path, Firefox focus.
Accept everything, the end the session.
That said even with throwaway relay emails I don't sign up to much
kelvinjps10 22 minutes ago [-]
I prefer to have a rule in ublock that blocks all cookies notices
CafeRacer 2 hours ago [-]
> It is the young people that are growing up conditioned to press accept
There is a similar story with Ford and how they build pavement everywhere and taught the young population that roads are for cars. Now we have to drive for 10 minutes to get from one shop on the plaza to another shop on the different plaza.
bluGill 2 hours ago [-]
It was the bikes who fought for pavement everywhere. Cars took it all over. Mud is annoying to walk it, but otherwise humans handle bare dirt just fine.
philwelch 2 hours ago [-]
And horses actually do better on dirt than on pavement.
kjkjadksj 1 hours ago [-]
Depending on where you live in the country mud is a certain default state.
kjkjadksj 1 hours ago [-]
Look at the suspension on a model T. That thing was built for the dirt wagon roads of the time. People on youtube actually off road the thing today.
zulban 1 hours ago [-]
I saw some research awhile ago that 60% of the time, "reject cookies" is ignored.
muyuu 2 minutes ago [-]
i've caught a lot of heat in the UK where i live for my position on GDPR, which is that i completely reject it, because people seem to believe it's there to protect any rights
if there's anything remotely good with GDPR is the requirement to companies to disclose known data breaches
all the rest of it is a terrible idea and only serves to nag people and legitimise the darkest of patterns
the regulation should be there to disallow companies from asking certain information, everything else regarding tracking is self-defeating as it's 1) seldom enforceable 2) hardly binding in any meaningful way 3) pushing people to concentrate their services where they have already surrendered their data 4) legitimising of dark patterns
this new and blatant step towards digital id is a hill i intend to die on, I will not comply and I will do everything in my power so that others don't have to and are even punished for doing so
this-is-why 45 minutes ago [-]
Have you noticed half the internet doesn’t work if you use a vpn? Even a good vpn? Even HN wont let you create an account with a vpn. The friction applied to preventing people from deploying privacy tactics is intense. I’m not sure how we can practically resist the privacy enshittification without abandoning the internet and its convenience entirely. I’m ready to go back to paper statements and visiting my bank and writing paper checks, but I don’t think GenZ is.
flurdy 2 hours ago [-]
That all random game and messaging sites now wants my kids' passport uploaded to some random 'id verification company' is madness.
But now instead, my 11 year old's Roblox thinks she is 18 because she wore glasses in their age verification webcam tool. And it can't be changed unless she uploads a passport, which I will never allow.
Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
bArray 49 seconds ago [-]
> That all random game and messaging sites now wants my kids' passport uploaded to some random 'id verification company' is madness.
This is truly crazy. Random companies interacting on this level with children is far from ideal.
> Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
I don't like the idea of governments collecting this sort of data either.
jameson 2 hours ago [-]
Most doesn't event know what cookies too. In fact, most doesn't put extra thought into the things they are clicking/accepting on web.
ge96 2 hours ago [-]
I would go into source, delete the overlay, undo the scroll lock
TingPing 2 hours ago [-]
You can just find adblocker rules for cookie banners.
phendrenad2 23 minutes ago [-]
Breaches will inevitably happen. And each time one does, it'll erode people's trust in this new world of zero-anonymity-allowed. Give it time.
LiquidSky 2 hours ago [-]
Does it even actually matter what you do? How many lawsuits/investigations have there been in the last decade revealing that some company or another that swore up and down was following privacy laws, protecting your data, and not selling it actually were. I'm at the point where I figure anyone who wants to track me is, and any privacy pop-ups or the like are just for show.
dietr1ch 2 hours ago [-]
People are getting brainwashed into giving away information on the web and real life.
In the US it's not rare to link accounts through phone numbers that are required in web forms and store memberships.
In Chile they started asking for your National Id with so many stupid pretexts that people got conditioned into just giving it away. It wasn't like this 10yrs ago. I'd rather have membership numbers.
It's technically public information, so collecting Ids is legal, but it's also a universal primary key within the country that allows merging any user-related table you run into.
Retail says it's just to associate it with receipts in case you need that later, but I'd rather just get a photo of the printed receipt for later than rely on them to find my receipt. Supermarkets, Drug stores, and petrol stations tie it to (possible) discounts or points at check-out, which is price discrimination and it's illegal, but we are in our way to get surge pricing as soon as the new US bootlicker president begins his period next week.
RGamma 2 hours ago [-]
Giving out the Ids directly is stupid. Any sane scheme would use unlinkable attestation.
dubeye 2 hours ago [-]
I'm pretty old and was the same as you for about five years, but now I just tick anything, much like the young adults. If they want my info, they can have it. I've not heard a convincing explanation why I, personally, should care
bluGill 2 hours ago [-]
The problem is most of the time - perhaps all the time - you don't need to care. However you won't know about the exception until it is too late.
raw_anon_1111 2 hours ago [-]
Again the HN bubble, I assure that the vast majority of adults of any age are not privacy conscious.
bookofjoe 2 hours ago [-]
Spot on. 99+% of those reading/making these comments use an ad blocker; 99+% of non-techies like me never have and never will.
kjkjadksj 1 hours ago [-]
Why would you never use an ad blocker? You like staring at billboards too?
bookofjoe 50 minutes ago [-]
Yes: some billboards are very entertaining!
shadowgovt 2 hours ago [-]
It's been done for about a generation or two, and that's what people don't seem to realize.
In the early aughts I was sitting in on privacy discussions that reluctantly acknowledged that regardless of what we do online, surveys showed you could offer someone at the mall a free Snickers and they'd fill out the whole form.
The perceived cost to the individual of divulging their personal data is near zero; dangling nearly any incentive in front of them will induce them to let it go. And that's not a new phenomenon.
yehat 2 hours ago [-]
"they"... sadly indeed the damage is done, but not by "them".
randomjoe2 3 hours ago [-]
The fact that you think declining the cookies gets you privacy is the real grift. The fact that you think you're safe from tracking because of a cookie banner
varispeed 2 hours ago [-]
I've been saying this for years. GDPR and Cookie Law were created for big corporations to legitimise data trade where before it was grey area. Now they get consent as people blindly click accept and they can make money. It was never about privacy.
gib444 41 minutes ago [-]
100 percent agreed
mcv 47 minutes ago [-]
I completely agree. The only services for which I will verify my age (and the entire rest of my ID) are bank accounts and other services involving a real legal requirement for real ID.
The notion that you should upload a passport to random sites for age verification is unbelievably dangerous. That's a recipe for identity theft. And face scanning is also an invasion of privacy, not to mention very unreliable (my 16 year old son has apparently been accepted as 20 years old).
I've pointed out in many places already that the only way to do online age verification right, is for the government to provide an e-ID that the random site will direct you to with the question "is this person older than X?", then you log in to the e-ID site, which informs you exactly what the site wants to know (which should be as rough as possible; no birthdate), then the e-ID site directs you back to your original site (or possibly through a proxy, if you don't want the government to know what sites you visit), and calls their webhook (through a proxy) with the confirmation of your age.
That's also how my online payments work, and this should be the standard pattern for everything that needs to be secure. Not sharing sensitive or personal data with random sites.
shiandow 27 minutes ago [-]
That very much isn't the only right way, and it is far to close to government tracking activities online. For one it effectively allows governments to disallow someone from accessing the internet.
All this to let you do stuff you were allowed to do anyway.
The problem is handing kids admin level access on a device with full unfiltered access to several communication networks. You do not fix that by demoting everyone's access.
ticulatedspline 14 minutes ago [-]
even better would be a solution that didn't require even proxy or direct government log in.
like if you could be issued an E-id that could perform a local signature/challenge-response that allowed the site to confirm an age bracket (like 12 or below,13-17,18-20, 21+), assert the entity that issued the id but not assert a stable identifier (not even pairwise) and not pass any data between other parties.
Obviously not foolproof, credentials can be stolen (same in your scenario) but the site doesn't need to care, they should be legally in the clear. Basically it would let you anonymously assert your age.
bradley13 21 minutes ago [-]
It is likely not a coincidence that so many different countries simultaneously started pushing for age verification.
The decline of privacy, the increase in intrusive government surveillance, the increasing restrictions on free speech - this is all part of a very disturbing pattern. Our governments are becoming increasingly authoritarian, and these are the tools they use to keep the populace under control.
simmerup 18 minutes ago [-]
And also our countries are being attacked by external actors who want to sow discord and damage our institutions
I'm fine with providing my identity for online banking and other finance platforms for legal & taxation purposes.
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
marmarama 2 hours ago [-]
The problem is those self-same authoritarian strongmen are very successfully using sockpuppeting to change national discourses in ways that benefit them and are detrimental to the targeted countries. Hybrid war is real and has been ongoing for more than a decade. LLMs make it way more cost effective.
Being able to limit the influence of external bad actors is the main goal of ID verification. Age verification is a useful side effect that makes it easier to sell to the general public.
Big Tech has had at least a decade to fix this, did nothing of note, and is all out of ideas. Privacy advocates had the same time to figure out a "least bad" technical solution, but got so obsessed with railing against it happening at all, that nothing got any traction.
So governments are here to legislate, for better or worse. They know it's a trade-off between being undermined by external forces vs. the systems being abused by future governments, but their take is that a future authoritarian government will end up implementing something similar anyway.
ajam1507 36 minutes ago [-]
> Being able to limit the influence of external bad actors is the main goal of ID verification.
How does automatically determining your age serve the goal of ID verification? It seems like most sites are choosing this as the first option. If the point was to link your ID, why wouldn't they ask everyone to provide it?
15 minutes ago [-]
areoform 1 hours ago [-]
Do you truly believe that ID "verification" will do anything in a world where IDs are leaked by the tens of thousands to the millions?
You are shifting the onus on to the platforms, when the problem is pretty simple; with a few exceptions, we've failed as a species to learn how to think.
Also do you think that the TLAs don't know who the bots most likely are with all the surveillance data they're gathering? That the NSA doesn't have detailed telemetry of the surveillance ops??
Let me ask you the question, what have they done about it? And why not?
specialist 19 minutes ago [-]
Correct.
The choice is between democracy and our current ever worsening sociopolitical hellscape.
If eliminating bots and sockpuppets is the price for restoring some semblance of democracy, then gosh darn.
And if social media, targeted ads, and algorithmic hate machines are collateral damage, than gee double gosh darn.
Those sacrifices are a price I'm willing to pay.
Barbing 2 hours ago [-]
>circumventing
I would say the time to buy mesh networking equipment is now. But it's not like I'm capable of defending the transmitter. So when they come for the VPNs, the VPSs, and encryption, I guess I'll just be out of luck.
(Out of luck = resigned to zero digital privacy. No matter I follow the law and “have nothing to hide” of course.)
Perhaps people will pass flash drives like North Korea or Cuba?
p0w3n3d 6 minutes ago [-]
I've seen a channel demonetised because they showed how to use MP3 player and it was deemed "spreading piracy" by Google. So I guess flash drives would get illegal as well...
chneu 2 hours ago [-]
People trade away longevity for short term convenience. Then when that convenience is shown to be bad/unhealthy people refuse to give up that convenience.
So many aspects of our lives are like this now. People just accept defeat cuz it would mean giving up one click ordering or free return shipping or they might have to look at labels to avoid bad companies.
p0w3n3d 6 minutes ago [-]
It's because people are too busy and distracted to understand and even listen to what dangers are heading towards them
SiempreViernes 2 hours ago [-]
Honestly I think these age verification laws are blunt instruments responding to the decade of avoided moderation the big platforms have managed to pull off.
I've run ad blockers for years now, but I'm still trying to forget those disgusting zit popping pictures that trended in ads for a while. Or those incredibly stupid life hack shorts, like the one where someone tied a cord around a mug and the hack to get it loose was smashing the cup... that crap made me despair for humanity as much as the Gaza genocide.
But google and facebook convinced the legislators that it would be impossible to keep that chum away from kids on their platform, so the legislators are going with the next option: banning the kids from the platforms.
NGRhodes 1 hours ago [-]
One thing people underestimate is how brittle digital identity actually is in the UK.
There isnt a single identity. Theres a loose federation of databases (banks, CRAs, telecoms, electoral roll, etc.).
There are multiple operational definitions of "name": legal name, common name, known-as name, card name, account display name. None is universally canonical. Theres no statutory hierarchy that forces institutions to agree on precedence.
In the absence of a mandatory national ID, identification relies on matching across name, date of birth, and address history, which are inconsistently collected. Fuzziness is necessary for coverage, but it introduces brittleness. If a variant isnt explicitly linked as an alias, automated online checks can fail because the matching rules dont explore every permutation.
Even within a single dataset the problem doesnt disappear. Large systems such as the NHS have documented identification errors involving patients with identical names, twins at the same address, or demographic overlaps. Unique identifiers help, but operational workflows still depend on humans entering and reconciling imperfect data.
This is exactly what I am feeling (the title, didn't read). I can't see why I would give a copy of my official id card or a picture of my face to a basic service on the Internet. Seriously ? They do not deserve it. Even my phone number is too much but well Google has it now.
reddalo 2 hours ago [-]
Givin a copy of your ID card to a website? Damn. In my times, we didn't even use to provide our _real name_ to websites.
thewebguyd 60 minutes ago [-]
In fact, it was strongly recommended not to give out your real name on the internet.
I'll stand by my opinion that deeply integrating the internet into our daily lives instead of keeping as a "place you go" was a huge mistake.
croes 3 hours ago [-]
Luckily it’s already possible to verify your age without actually giving out any data like your birthdate
_heimdall 3 hours ago [-]
And without having to trust that the government isn't keeping track of every request for age verification?
I'd be curious how that might work as I haven't yet seen a zero-trust age verification system.
raron 2 hours ago [-]
The age verification proposal of the EU tries to do that, the government knows you used age verification (and I think the rough number of times you used it), but they don't know when or where you used it.
I can't imagine countries with such strict speech laws, for example, would be willing to build a system that is technically incapable of linking the person visiting a sire and the site requesting verification.
This proposal may have been updated since I read it previously, so I could be wrong now, but it didn't read as a true zero-knowledge proof as key steps in the flow still required a level of trusting the government as the central authority to do the right thing and not track requests, both today and in the future.
croes 1 hours ago [-]
The EU has more freedom of speech than the US, the US has just a different way of punishment.
It’s much easier in the US to lose your job for what you say as in the EU and in the US the consequences of losing your job are more severe if you don’t have enough money so you can afford to lose it.
US freedom of speech comes with a price tag that puts the censor inside your brain.
f33d5173 1 hours ago [-]
And in the eu you go to jail for criticing politicians. I guess it's really all the same, eh?
raw_anon_1111 2 hours ago [-]
The EU passing a law about the internet? What could possibly go wrong?
chocmake 2 hours ago [-]
See eg. BBS+[1]. Proofs that preserve anonymity are generated locally and neither the verifier nor issuer can determine the user based on these (in scenarios of non PII signals like age thresholds), while still allowing the verifier to validate it's issuer approved.
Not to a service that only accepts such data as proof.
jermaustin1 3 hours ago [-]
Steam thinks I was born Jan 1, 1970. Not that I needed to lie when I did my age verification back 15 years ago, I just randomly scrolled the year down and selected one.
As the years have marched on, though, that "birthdate" becomes significantly closer to my real birthday.
flurdy 2 hours ago [-]
Only when chatting in a large channel at work, did I realise nearly 1/3 of the people there also set theirs as 1/1/1970. Which I presume is the first date that phisers will try to enter to reset people's accounts.
I am fully aware that my standard fake birthday is now used by me in some many places, that I have started to have a fake fake birhday. I should really just randomise and store it in my password manager.
But obviously the context of this OP story ruins all that.
adithyassekhar 2 hours ago [-]
> As the years have marched on, though, that "birthdate" becomes significantly closer to my real birthday.
I understand there's a clever phrasing here but I didn't get it. English is only my second language.
jjgreen 2 hours ago [-]
When you're 10, a year is a long time, when you're 60 it is not. There's an implicit "relatively" here, which is unusual but not unknown in English. Almost poetic, I like it.
adithyassekhar 2 hours ago [-]
Thanks now I understand. I am "only" 26, but I remember being 20 like yesterday. I can't believe I'm on the second half of the way to 50. COVID lockdowns and responsibilities didn't help.
I feel time has gone faster since I got a job, if that makes sense. Every day yearning for it to be 5o clock so I can check out, every week yearning for the weekend, every month yearning for the last day to get paid. Doing this is just asking for time to be over sooner.
Barbing 2 hours ago [-]
When a 10-year-old registers for an adult website, they pretend they're 100 years old. Their age is 90 years different from the stated birthday. Eighty years later, the birth date is just as far off—but the implied age is now only 10 years off.
adithyassekhar 2 hours ago [-]
Thanks this seems like the correct meaning rather than the other comment. But that is beautiful its own way, got me all philosophical.
Barbing 1 hours ago [-]
I liked that interpretation too!
LoganDark 49 minutes ago [-]
It becomes closer to their real birthday than their real birthday is to the present day.
ambicapter 2 hours ago [-]
That doesn't make any sense, your fake age increases every year just like your real age.
chneu 2 hours ago [-]
But it's closer to their real age in relation to the sum. And it makes up more of their life, ratio wise.
a456463 51 minutes ago [-]
Stop making your kids my problem! We have everything to hide. It is called personal identity. All data online managed by companies will always be misused, lost to scammers, blamed back to you for something you never did, and hunt you down.
OpenWaygate 3 hours ago [-]
I live in China, where every mobile game requires age verification. Teenagers can play for up to 1.5h/d on weekends. But as far as I can see, some parents will assist their children to unlock more time on purpose.
SiempreViernes 3 hours ago [-]
Handing over a phone is certainly cheaper than paying for extra childcare, though most likely much less healthy for the child.
I suppose idea is that Chinese women will stay at home with the child so the state doesn't have to provide any help?
OpenWaygate 2 hours ago [-]
The gov does provide some help. But a clearer trend is a lower marriage and birth rate
mothballed 2 hours ago [-]
More like the state (at least in places like USA) cracked down on children roaming freely so now people hide their kids inside playing video games so a Karen doesn't call CPS when mommy has other things to do all day besides play helicopter parent staring down at their kid all day.
rd 2 hours ago [-]
Is there any hard evidence that this is true compared to say 20 years ago. I’ve heard it repeated a million times but no one’s ever provided evidence
thewebguyd 2 hours ago [-]
Neglect laws are written too broadly, giving too much discretion to CPS to decide what constitutes neglect or inadequate supervision. There have been a couple cases IIRC in Florida where parents were arrested for letting their kids walk/play in parks alone, albeit these were very young children.
Outside of that, there's increased traffic and the US as a whole is way too car centric. Suburbs are horribly designed, and we prioritize moving cars instead of moving people, and any kind of infrastructure design that might slow down traffic, reduce the need to drive, or mildly inconvenience a driver gets shot down.
There is a very real danger of getting killed by a distracted idiot in a car, and that risk is much higher today. I commute on I5 every day for work and every single day I see multiple people, going 80MPH watching tiktoks on their phone on the dash mount, or obviously looking down texting. I can't blame anyone for not wanting their kids running around the neighborhood when we can't even be responsible enough to pay attention when we are driving 2 ton death machines.
mothballed 2 hours ago [-]
[ redacted ]
bpt3 2 hours ago [-]
You live in a very strange area to say the least.
None of those are true in my area, and how did the "Karen" even get to your child on your private road?
mothballed 2 hours ago [-]
[ redacted ]
bpt3 1 hours ago [-]
I'm sorry, the "Karen" drove onto your private road to interrogate your kid?
These things don't happen on a liberal/conservative axis in my experience.
I've lived all over the place, though not as much with kids, and have had none of these issues (including having mixed race kids who look much more like their other parent than me).
You really need to look at why you're living where you do.
jen20 1 hours ago [-]
A "private road" typically means one not maintained by the city. I live on one, but so do two other households, who have equal right to drive on it.
bpt3 51 minutes ago [-]
Yeah, except the now redacted comments didn't indicate that was the case which is why I was asking more questions.
It really was an extraordinary story without any extraordinary evidence.
mothballed 12 minutes ago [-]
What I find extraordinary is y'alls bullshit theory that it is extraordinary to claim the CPS apparatus wasn't used more before when it didn't even exist until like ~1974, and before then as a much different process.
As usual, just blame the victim, then complain they don't provide evidence knowing full damn well child and family welfare services complaints are sealed and hidden from public oversight. This is how vampires with these theories operate, first they make it illegal to get the records, then they make it illegal to even find out who the accuser is, then when you call them on it they say "ha ha, you don't have the evidence, that we made it illegal for you to get!" The whole system is designed to evade oversight, so what we are all left with is anecdotes that we have about our own childhood being so much different than the ones our children have after interactions with the authorities that have placed these restraints. But of course when you share them, they are only used against you by persons such as yourself (judging me for where I live, as if it's not going on all over the US).
Personally I find it absolutely fucking hilarious that as much or more CPS induced restraint existed ... before CPS did.
>Yeah, except the now redacted comments didn't indicate that was the case which is why I was asking more questions.
Lol you responded to my comment saying it was an easement.
amoe_ 3 hours ago [-]
The problem for me is not services where the content is online, you can just avoid those, but cases where access to scarce real resources is controlled through online verification. E.g. renting recording studios, background checks for job applications, things like this. Often there is no route that does not go through a third-party verification service.
inanutshellus 3 hours ago [-]
I gave a bunch of details of my personal history to a verification service thinking naively that it would be used to prove I was me.
Instead, they didn't know much about me apparently and just stored what I told them.
Then it appears they were hacked because some completely unrelated release of stolen data included all my data, specifically all that data I had provided to that service, that one time.
The Verification Service is the honeypot for your private information. Arg.
efsavage 22 minutes ago [-]
I think there should be an option to assume I'm a child and proceed from there. If I want access to any mature content or real identify related stuff, I'll verify, but if your service doesn't have or need that anyways then there's no reason to prove I'm an adult.
JohnFen 3 hours ago [-]
I'm of the same mind as the author. I can't think of a single online service that would be worth the risk of exposing myself to age or identity verification.
elorant 2 hours ago [-]
Facebook recently flagged my account and asked for a video selfie and I decided that I'd rather leave that shithole than uploade biometric data.
fauigerzigerk 1 hours ago [-]
I don't have a problem with verifying that I am an adult as long as I don't have to provide information that makes it easy to track down my identity.
The UK government has approved 7 age verification methods. Not one of them meets that standard.
It doesn't help that it feels like poorly veiled information mining, not genuine policy.
uyzstvqs 1 hours ago [-]
I've said it before, and I'll say it again: The standard should be that devices ask whether the user is a minor during setup, and make that available as an is_minor boolean to all apps and websites. Children's devices are almost always set up by parents, and the setting can be protected by a parental PIN code. This method is effective while being completely private and local.
Though I can't take credit for the idea. It was proposed by the European Democratic Party.[0]
the verification service is the honeypot by design. it has to store what it collected to prove it did the check. the incentive to retain is built into the business model, and the breach is just a matter of time.
cjfd 3 hours ago [-]
There are some services where it makes sense. E.g., submitting taxes with the government, logging into the banking website. Apart from that kind of service, yes I don't think I would want my identity or age verified on more or less any website.
vincnetas 3 hours ago [-]
the catch is that for both cases same backend provider is most likely used. persona for example. and you have no choice who will id your face.
SiempreViernes 2 hours ago [-]
I mean, if you live in a country where the state will delegate ID verification to a creepy company instead of having that as an in house capability you have more pressing structural issues to deal with.
vincnetas 2 hours ago [-]
ok, lets do a poll. id like to see who uses what. remember its not only countries its also private businesses like banks or lawyers
and remember its like ratchet. there might be 99% of services that use inhouse face id, and its enough to have only one to leak your data.
SiempreViernes 2 hours ago [-]
Ha! You are concerned about the privacy aspects of IDs but you want me to list what authentication services I use for you? That's too funny to help out with :p
vincnetas 1 hours ago [-]
i ment to list id services that are used by your services not services themselves.
My data point is persona.
1 hours ago [-]
michaelt 3 hours ago [-]
> I was pondering last night for which services I, personally, would actually be willing to verify my age or identity.
> And… the answer is “none”.
> At least, none that I can think of at the moment.
Think back to the recent pandemic.
Work? Online. School? Online. Recreational activities? Online. Talking to loved ones you don’t live with? Online. Birthday party? Online. Nonfood shopping? Online. Banking? Paying taxes and bills? Online. Job interview? Doctors appointment? Online. Dating? You guessed it, online.
The internet’s a big thing these days.
JohnFen 2 hours ago [-]
How true this is probably varies a whole lot from person to person.
Very few of the things you list are things that I do primarily online (even during the pandemic), and none of those are things that I can only do online.
mirzap 2 hours ago [-]
And you shouldn’t verify. Many companies offering these identity verification services have ties to the intelligence networks of a country that shall not be named (similar to most VPN services that are supposedly there to protect your anonymity).
smallstepforman 59 minutes ago [-]
No Such Agency is the biggest government data collection agency, why not name the hosting country?
CommieBobDole 2 hours ago [-]
When thinking about verifying your identity with a service, you have to ask yourself "what will be the impact to me if everything this service knows about me, every click I've made, everything I've watched/read/uploaded is posted publicly on the internet, attached to my full name, address and photo?". Because those are the very real stakes; if you verify with enough services, this will happen to you.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
Barbing 2 hours ago [-]
Price discrimination comes to mind. What else?
(“what will be the impact to me”)
cableshaft 2 hours ago [-]
I have a date I use that's incorrect, but consistent so I can remember it if I need to, that I use for age verification for anything that doesn't truly need an accurate birthdate (example, age verification to view games on Steam).
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
autoexec 50 minutes ago [-]
I won't do it for any of them. I've got an endless selection of things competing for my time and attention and I'll be happy to find another one where needed.
Springtime 3 hours ago [-]
Related: this[1] current article/thread about privacy-preserving age verification.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
The question I'd ask myself is; who would _I_ trust to implement privacy preserving verification?
The only answer I can come up with right now is; myself. I would trust myself.
vincnetas 3 hours ago [-]
yeah, but wait till you have to id yourself to use online governments service, or do a one hour drive to meet in person with officials. and then if you have to do this four times. i gave up and submited my face to save 8+ hours and inevitably most of people will do the same...
ottah 46 minutes ago [-]
Age verification is about one thing only, it's about controlling how you participate in public society. The state wants a veto on public participation that they don't like. This system will not prevent children from being exposed to unsafe spaces, but it will be effective at barring people with counter political narratives from sharing online. Look how they've desperately tried to crack down on Epstein and information on Gaza. They want the same controls over information and political content as China.
jacquesm 2 hours ago [-]
As you should be. I so far have not verified my age for anything, if that becomes a requirement I just bow out.
zippyman55 2 hours ago [-]
This stuff worries me as one needs to be a hard target when they reach their 80 and 90’s. People do not need personal info out there in the public domain.
hedora 47 minutes ago [-]
I wish we lived in the timeline where the most reputable and market-leading age verification provider was PornHub, which would have a modestly dressed model check via video chat. I'd actually trust that more than the actual providers that exist in reality, and hey, if even 1% of the money goes to college tuition, great. Of course, if that was how this worked, the optics would kill most of these schemes before they were implemented.
As a parent, I'd like to point out that the threat I care about is not "my kid of age N talks to a sicko of age M, where M - N > P for some legislatively-prescribed value of P".
The threat is "my kid of age N talks to or can be observed by a sicko".
These age verification schemes do nothing to help against that. Also, the worst predators online are often the vendors providing "kid friendly" services.
On top of that, these laws are being pushed hardest by the worst of the most corrupt politicians on earth. Why would I install a webcam on my kid's machine because that group of people wants me to?!?
Maybe we should focus on prosecuting the backlog of stuff in the Epstein files pertaining to politicians pushing these age verification services, not let anyone (except parents) control how kids access stuff online.
rustyhancock 3 hours ago [-]
The problem for me is that the reason this is needed is that kids are permanently online, completely unprepared for the wild west that is the internet and increasingly effectively raised by the internet.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
jagermo 2 hours ago [-]
I will never tell my real age if possible. I especially love free forms for entry, because then I can be born in the 1800s. Surprisingly few services have an issue with that.
etothet 3 hours ago [-]
I encountered my first run-in with an age verification prompt when I went to authenticate into the Claude iOS app. It asked me to use me iOS/iCloud account to confirm myage. It was quick and seamless enough, but even though I'm aware of this trend, it struck me as a bit jarring.
tiffanyh 2 hours ago [-]
Why does Claude require my phone number.
It's honestly a reason why I don't use the service.
cedws 2 hours ago [-]
Could be worse. OpenAI is asking for ID verification to use Codex 5.3, through Persona, which was just exposed as doing extremely dodgy surveillance stuff.
2 hours ago [-]
fusslo 2 hours ago [-]
Personally, I can see use cases for verifying my identity:
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
skeptic_ai 2 hours ago [-]
You lost your account and you still back to Gmail? Impressive
crazygringo 2 hours ago [-]
Google didn't do anything wrong, they lost their Yahoo and it was the only way they had of verifying their older Gmail. What do you expect, when you don't have access to your recovery method, and it's a free service so it's not like you can prove ownership of a credit card previously used for billing or something? And especially since that was presumably from before the days when Gmail required a phone number, so your recovery e-mail was the only mechanism, and things like 2FA authentication codes didn't exist.
adzm 3 hours ago [-]
I use multiple "real" identities so I don't have my real name associated with certain open source projects that involve sensitive things like cryptography etc. This is a huge concern of mine.
xerox13ster 1 hours ago [-]
I have multiple “real identities”, diagnosed due to trauma. We each want to have our own spaces of interest and experience online.
As a matter of mental health, we really cannot have these overlapping for many reasons, prime among them is that if one part of me becomes aware of another while they’re doing their thing, a
mental “table join” can happen and disturbing memories can be shared which is incredibly destabilizing to the system.
As a wireframe example my programming alter cannot be exposed to the alter who browses cptsd forums or they remember things that cause them to dip from the headspace and we lose their knowledge.
We can’t try to pretend we don’t exist and pretend to be one person either, we did that for years and we ended up having a breakdown and went into a fugue state and moved across country leaving everything behind.
This law would destroy our productivity and contribution to economy or whatever corporacrats care about.
3 hours ago [-]
underdown 3 hours ago [-]
It’s a hand out to advertisers losing uuids.
throw7 1 hours ago [-]
Stop making your kids my fucking problem/annoyance.
Some company or, hell, the gov't setup a proxy service that whitelists the internet and have your kid use that. Do your fucking job.
nottorp 26 minutes ago [-]
Umm. Yes. I completely agree.
What else is there to say?
Any such verification service will either sell your data or lose it. Will not may.
moi2388 47 minutes ago [-]
I initially thought, well, we can implement it with zero knowledge claims, just a yes/no from a government app: am I allowed to use this app? I.e. is my age above let’s say 16 or 18?
But then I remembered the game 20 questions, and how few yes/no questions you need to guess pretty much any concept.
I am no longer willing to share anything, not even a yes/no question.
kccqzy 2 hours ago [-]
We’ve had age verification for decades. It just depends on specifically what is being verified. Congress passed Children’s Online Privacy Protection Act back in 1998, that basically made it extremely tedious for websites to serve children under 13 years of age. How did everyone manage this in the early 2000s? Every child simply lied to the website with an incorrect birthdate. Now that was before real name policy was instituted by social networks and it was also common for people to provide a false name to websites. This approach of “asking the user for a birthdate and accepting it as true” is the only age verification method that’s sane.
numpad0 2 hours ago [-]
See, I think, you're not supposed to continue using those services as before. They want them all gone, and so-called age verification is a means to chase away users that are less dedicated.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
thenoblesunfish 2 hours ago [-]
People don't like these checks. Ok. But. Parents worry about their kids being exposed to porn and social media. They want someone to do something about it. That political force is real, and someone is going to take advantage of it. What tools can they ask for if not these checks everyone agrees they hate? That's what I hope for in these types of comment threads.
a456463 48 minutes ago [-]
It's called parenting. Don't do ipad parenting then. We didn't get a SEGA console and cable TV was restricted to only 2 hours. It was fine. It was fun. The only thing I wish for from my child is more time with friends not more screen time.
Ylpertnodi 1 hours ago [-]
> But. Parents worry about their kids being exposed to porn and social media. They want someone to do something about it.
Someone, anyone, but themselves.
48 minutes ago [-]
croes 3 hours ago [-]
> I haven’t been asked to verify my age for a DVD purchase (online or offline) in a very long time.
Offline there is a reason for that, online are enough countries where it breaks the law if you sell without verification at least for NC-17 titles
nvarsj 3 hours ago [-]
Honestly seems like the moral panic of the day. I was just reading about some “red vs blue” school meme in London which led to a lot of hand wringing and parents keeping their kids at home. The kicker? There was no actually school battles, it was a viral meme (mostly consumed by adults) and the kids just thought it was a joke.
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
d--b 2 hours ago [-]
Age and identity verification can and should be done at the country level.
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
I don't understand how this is even an issue.
dymk 2 hours ago [-]
I don't like the idea that media services are required to report back to the government that I'm accessing them - I think that is an issue many would have with such a system
smakt 1 hours ago [-]
I also don't understand any of this kerfuffle. I think it mostly stems from third world countries, like the USA, where no one has a real ID; for those luddites it's "driver's license", or "electricity bill", or "birth certificate" or something to that effect.
Functioning countries have cryptographically secure government-issued ids. Those cards have a cryptographic computer chip. A crazy innovation that makes your nose bleed if you look at it funny. You stick the ID card with a secure chip in a card reader and open bank accounts, sign any document as if in person, even vote. It's free, by the way. It's a pact with the devil, really, or unadulterated communism. In the banana republic of the USA you go around showing your driver's license or uploading selfies to fakebook. So modern. So untraceable. So unspoofable. Go team USA. It's like the rest of us are here sitting by the track while the handicapped team is still three laps away, still figuring out where the finish line is. All in the name of Freedom(TM) of course.
Verifying age: 1- use ID card in reader, challenge is received from website, challenge answered, the website checks with the ID database about that particular challenge/response pair. The website gets a positive match, they don't know anything about you, not even your age. Done. Don't forget to drown three rabbits in goat blood or the authentication will not work.
arewethereyeta 2 hours ago [-]
you should NOT need any face ID to pay taxes.
d--b 1 hours ago [-]
whatever man. Everyone in France has an ID. It's no big deal, really.
jjgreen 3 hours ago [-]
This guy is reading my mind ...
delaminator 3 hours ago [-]
Steam was asking for your Age since day 1.
1 - 1 - 1970 is always mine - Unix zero
kps 2 hours ago [-]
I too like to appear younger online.
shadowgovt 2 hours ago [-]
The most relevant question to answer for your jurisdiction is "What is the penalty for lying?"
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
economistbob 2 hours ago [-]
[flagged]
advisedwang 2 hours ago [-]
Ah yes, Jews control the world, nefariously plotting to undermine good people. Never heard that before
2 hours ago [-]
51 minutes ago [-]
nonethewiser 3 hours ago [-]
Enforcing laws against porn companies distributing porn to minors seems reasonable. It's already illegal many places, such as the US. It is then their responsibility to gate by age. It has always worked this way for liquor stores or basically anything else age-gated, including some online services like poker. If you dont want to provide age verification you don't have to.
mossTechnician 3 hours ago [-]
There is a difference between a liquor store checking your ID, and a liquor store scanning your ID, appending it to a record of your purchase, and uploading it to a service to be processed by third parties (such as insurance companies, perhaps).
(In the US, the latter occurs more often than you may expect.)
sanitycheck 2 hours ago [-]
Well, and that service then inevitably being hacked and your ID being distributed and/or sold to miscreants online.
I'm in the UK, I'm normally connected through a VPN these days.
malfist 3 hours ago [-]
When I buy liquor (well, I don't drink anymore, so THC seltzers), the liquor company isn't saving my ID to my profile and then following me around everywhere I go for the rest of my life shouting "This is MALFIST, he's 42! He buys alcohol! He also visited X Y and Z last week and had interests in A, B and C. He's annual income is six figures and buys expensive bourbon."
SiempreViernes 3 hours ago [-]
Not yet anyway. But there's nothing much stopping Google to offer a "verification" service to "help combat fake IDs" using a web connected camera at the till.
Lio 57 minutes ago [-]
And Google then selling a service to insurance companies, employers or law enforcement letting them know you occasionally buy alcohol.
2 hours ago [-]
mothballed 3 hours ago [-]
You can absolutely buy for instance tobacco, cannabis by the pound ("CBD" but actually ~20+% THC[a]), explosives(tannerite), alcohol (wine), and guns (black powder, or perfectly functional cartridge pre-1898) completely legally online without ID check. It's really not a problem, which is why most people probably haven't heard of it being one or even realize all can legally be bought online without ID.
a456463 48 minutes ago [-]
Your ipad babies are not my problem. It's called parenting. Don't do ipad parenting then. We didn't get a SEGA console and cable TV was restricted to only 2 hours. It was fine. It was fun. The only thing I wish for from my child is more time with friends not more screen time.
Rendered at 17:57:55 GMT+0000 (Coordinated Universal Time) with Vercel.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.
What “dark pattern cookie trick” are you worried about? I just can’t come up with a scenario where it will actually harm me in any way. All the examples I have heard are either completely implausible, don’t actually seem that bad to me, or are things that are trivially easy to do even without any cookies.
Now, I am not going around giving my real email out to random sites, though, although even that doesn’t strike me as particularly dangerous. I already get infinite spam, and I am sure there are millions of other ways to get my email address… it is supposed to be something you give out, after all.
I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive, but I just have not yet been convinced I should actually care.
To your point about the actual harm, I've come to see it as a kind of ecological problem. Wasting energy and sending more trash to a landfill doesn't harm me individually, at least not immediately. But it does harm in aggregate, and it is probably directly related to other general harms, like overall health outcomes, efficiency, energy costs, etc.
No, accepting cookies by itself may not do much to me, but the broader surveillance and attention economy that relies on such apathy certainly has.
In theory, the government doesn't need the ad exchanges which have very lossy information. They have access to the ISPs and cell service providers, etc, with a warrant. Dictatorships like China and Russia don't need ad network data to be police states, they just use the core phone, internet and computer data.
But in this case, the US gov are using the insecure private data as a run-around to the warrant process. This is definitely unfortunate, and I think laws should be amended to prevent this workaround.
On the contrary, the ads become worse, since they become better at trying to get me to buy some crap I don't need.
The more irrelevant to my profile they are, the better.
I thought this was just ignorance.
Then I checked the profile. They ”have lots of experience with digital advertising “
“It is difficult to get a man to understand something, when his salary depends on his not understanding it”
One click usually gives random foreign corpos the right to your data across a multitude of platforms, the right to identify you across data sets, and to permanently link your device identifiers to you, for ”fraud detection” on a site which sells nothing.
Clicking on accept or deny on those notices makes no real difference, since the ”partners” and ”vendors” usually enshrine their core data activities into the ”legitimate interest” category, which has no opt-out.
I still have the same question… how is my life going to be made worse by that happening?
They'll get it one way or another
With IP tracking, you don't really need cookies much anymore
https://gdpr.eu/eu-gdpr-personal-data/
the effort and cost to download an ad-blocker that automatically removes the prompt to accept/deny entirely is practically zero and the amount of clicks you'd save yourself would quickly exceed the clicks it took to install the blocker.
> I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive
It seems like you are, but that's just how our brains work. We're very bad at judging long term and abstract risks, especially when the consequences and their connection to the cause are intentionally kept unclear. For example, when people's cars started collecting data on their driving habits and selling that data to insurance companies a lot of people saw their insurance rates go up, but none of the insurance companies said that it was because of the data collected from their cars. I'd be willing to bet the data being collected by tracking your browsing history has already been screwing you over in various aspects of your life, online and offline, but you won't be told when it happens or why.
Ok, can you give me a plausible example of what that harm could be? This seems in line with the exact thing I said in my comment; every time I ask how it could harm me, I am given vague statements about tracking and data. Charging me more if they think I can afford it is surely a thing to worry about, but there are so many ways to do that without tracking that I already need to take actions to defend against that (comparison shopping, price history tools, etc).
I am not saying I don’t think companies can take data they have access to and use it to extract more value from me… I am saying I don’t thing opting out of cookies is going to do much to change that, for better or worse.
For less-often used, e.g., non-English language sites, these often leave a site in an unusable state, e.g., non-scrollable. I often have to go into the developer tools to fix a site manually, sometimes hunting for the element to fix if it's not body or html.
It's only zero if you don't need to interact with sites that break when you're running an adblocker. I run an ad-blocker nearly continuously, but there are all sorts of sites where I have to disable it in order to use the actual functionality of the site (and these are frequently sites I _have_ to interact with).
Conspiracy theories are gossip for men.
The data collected about us online is extensively used against us both online and offline. The multi-billion dollar industry around collecting and selling every scrap of data about you and your personal life didn't spring up because nobody was making money from it.
I just always the most left button, as this is usually "cancel" or "deny" - not alwys right,though :-D LOL
there's a reason I don't walk around naked either. it wouldn't hurt me, but I don't need that kind of exposure for no upside
You're going to be presented with ads and preyed on by marketing no matter what. The "made up story about who you are" is just even more imaginary the less they know about you. You'll simply be presented with less-targeted ads.
The only times I've stopped, or tried to deny it is with the recent thing I've seen from some sites that say "accept cookies or pay money". I think that is scummy, and against what these regulations require, so I'll usually just close the site in that case.
Oh and to address the point from the main article, I think I'm unfortunately beholden to more companies, but would strongly prefer to not verify my identity, because I have little to no trust in the companies to safeguard my actual personal data. (rather than inferred cookie tracking data, which they can have imo).
How does the conditioning start?
> not value their personal data
Okay, but in practice how much do they do with it that isn't ad placements?
It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy.
It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them.
> It's not hard to see why though. They grew up with app stores & locked down devices.
When we create a safer world, people’s defense mechanisms naturally atrophy or are never developed in the first place.
We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught.
Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety.
This accounted for most of the risks on the wild west internet, but the worst case scenario of permanently losing data or having to reinstall Windows was actually rarer than it was made out to be imho.
These days the common risks are the same, except they're no longer risks - all of those have been built into the fabric of everyday internet usage and criminals have been replaced by businesses. It's like the cliche about Vegas being better when it was run by the mob.
Hell, cellphones these days ship with spyware pre-installed. Samsung being the one of the worst for filling their phones with their own apps which spy on you constantly.
That stuff is still there if you look for it, but it's not on your social media feeds or in any of the apps provided through app stores.
It was also drilled into me that the default state of anything on the internet is to be untrusted and potentially harmful.
It also helped that you could actually tinker with things, and there were plenty of foot guns around to drill that lesson home.
Somewhere along the way that message got lost and didn't get communicated to the young ones, and I'm not even that old (38).
I think almost every Android user has thise concepts.
But on the trustworthy web assumption, I agree. The only effective remedy is a personal calamity.
No other prior generation comes close.
Compare them to people growing up in the 1980s. The average person at that time was overwhelmingly oblivious to computing very broadly, their grasp of a "file" as a concept would have been close to non-existent. That was just 40 years ago.
In the mid 1980s a mere 10% of US households had home computers. And that was a high mark globally, it was drastically lower in nearly every other country (closer to zero in eg China, India at that time). The number of people routinely using office PCs was still extremely low.
Today young people have a computer in their hand for hours each day, and they knowingly manage files throughout the day.
My kids will know way less about filesystems than I do, because I had to learn DOS commands to navigate around the operating system if I wanted to play computer games, which led to a lifelong interest in how computers actually work at a level they can (and, so far, do) happily ignore.
As a non-Apple user, this is not something that happened to me. I literally have a "Files" app on my Android phone and my laptop/desktop.
In my files app i see "downloads" "images", "videos", "apps", "starred", "safe folder". In "images" i see pictures tagged "downloads", "camera", "DCIM", "screenshots" and one odd "2024-12-03_description_here" that I clearly names myself but don't remember doing that.
I have no clue how that maps to a physical phone filesystem, even though I know it's there. I'm sure teenagers don't know that too.
Yes there has been a Files app on iOS devices for well over a decade
While it is possible to interact with the local file system on a school Chromebook, it’s certainly not the default. School interactions with Chromebooks seem to consist of logging with highly secure passwords like “strawberry” and using Google Docs. And playing games with heavy PvP components and paid DLC (paid by parents whose kids beg for it, not by schools) that call themselves “educational” because they interject math problems needed to use those juicy spells, make no effort whatsoever to teach anything, but produce a nicely formatted report correlating scores to numbered elements of the Common Core standards.
And easily get sold add-on services. How many people hit the 5GB iCloud limit for backups and just pay without stopping to think that it might be possible to do local backups to your computer and you don't really have to pay for extra storage?
Just hit them with the scary language "You are at risk of losing your photos forever if you don't pay!" because that concept of "Oh, photos are just files in a directory and I can copy those anywhere I want" doesn't exist. To many, those photos are part of the gallery app, not a separate file from it and since that app only runs on the phone, surely it must not be possible to copy them anywhere unless I pay for the storage.
I totally disagree!!! Yes, everyone works with computer, phone, tablet, whatever, nowdays!
But does generation z "knows" about what a computer is?
Absolutely not!!!
While tech has advanced and graduated IT personal know more than previous generations (obviously!), all the rest, while they do know how to do their jobs, they know nothing about computers!!! They are pretty much like everyone else that didn't know what a computer was in generations x and previous!!!
However, contrary to previous generations, because they do interact with the tech, they represent a higher security risc for them and for others!
... Because they know nothing about it!!!
It's like giving a box of matches to a neanderthal in the middle of the woods...
Almost everyone in the "Gen x and previous" that interacted with the tech, did know what they were doing (past the initial learning phase)!!!
This does not happen after gen x!
No, they do not. First, simply using something does not mean you understand it at all. Secondly, because the devices they've become the most accustomed to work very hard to hide all those details from the user.
They know app silos, not file system hierarchy. Ask a teenager where a file is on their phone and the will tell you the name of an app. Ask them how to copy it somewhere else, and they'll use the share sheet and send it to another app.
High adoption doesn't equate to high literacy.
To be fair, at least Android and presumably iOS grant apps by default no access to your files in modern versions.
The only way to get, e. G., an attachment downloaded via Thunderbird to a PC or another app is the share dialogue. A user does not access to the isolated app storage by default on an unrooted Android phone. For better or worse the young user is actually making the right choice here for their platform.
(This is also why making a backup of an Android phone is a nightmare when you aren't using a first party option. ADB is sometimes able to bypass it)
Note taking apps are a prime example of this, using a proprietary localdb for notes, inside of app storage you can't access, forcing you to transact with your own data exclusively through the app (and whatever subscriptions or upcharges that come with it). We've trained out the idea that these could just be local text files in a directory you can access and do with what you want.
I've watched discussions around open file formats fade away into obscurity along with the rise of mobile, and now we have to fight on whether we should be so graciously allowed to install software on the devices we own or not.
Not everyone needs to be a computer science student, but some basic level of curiosity or education around how tech works should be required in school, at the very least a warning message of "Your data isn't safe if it's not under your control."
That's exactly the point!
The file system is hidden from modern users. Kids brought up on this now have no idea or concept of where their data resides.
It's just not commonly used for the reason the other person mentioned (share buttons between apps that are file type aware)
Unfortunately, they don't.
They might have had a computer in their hand for hours each day, but they barely know anything about it. The ones who do tend to be those who grew up playing on PC, as opposed to console or mobile, because the latter - despite falling under the "digital natives" aegis - are really shockingly ignorant of even basic concepts.
I just click "Accept all" on every cookie banner, life it too short to figure out which checkboxes and dark patterns I have to avoid on each site to not hand over some data...that is than later on just tracked in the backend ("server to server tracking"). Or sold by my credit card company, or tracked by me hovering over some video on YouTube. With the amount of data available unselecting some check boxes on a website just doesn't make a difference.
To the sibling comments: don't "accept the cookies" and then delete them.
- - -
I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
We need a browser with a safe extension model.
- - -
edit: I guess using 2 Firefox profiles, one with uBlock and one with my google/facebook/bank/amazon/etc accounts solves the threat posed by uBlock and extensions. I still don't like it.
What makes it worse is that a substantial portion of users block web trackers through an adblocker. However on phones, unless you have a rooted phone or use some DNS-based blocker, all these analytics get uploaded without restraint.
Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.
Some browsers (e.g. Vanadium, Vivaldi) have a built-in adblocker, so you have to trust one party less.
But there are couple of things I find subpar:
You can’t import/export a list of website permissions. For a couple of extensions I’d like to say “you have access to every website, except this narrow list” and be able to edit that list and share it between extensions.
On iOS, the only way to explicitly deny website access in an extension’s permissions is to first allow it, then change the configuration to deny. This is bonkers. As per the example above, to allow an extension access to everything except a narrow list of websites is to first allow access to all of them.
Finally, these permissions do not sync between macOS and iOS, which increases the maintenance burden.
¹ Private being the equivalent to incognito.
Browsers should provide a filtering option before they makes a request.
IMO a lot of no-brainer options are missing from personal computers. Like the ability to start a program with restricted access to files, network or OS calls (on Windows and on Linux). Browsers should provide the ability to inspect, and filter network access, run custom javascript on websites, etc.
But the tricky part is that "reading files" is done all the time in ways you might not think of as "reading files". For example loading dynamic libraries involves reading files. Making network connections involves reading files (resolv.conf, hosts). Formatting text for a specific locale involves reading files. Working out the timezone involves reading files.
Even just echoing "hello" to the terminal involves reading files:
Bubblewrap allows you to do that on Linux.
But the browser also has 100% access to all of the websites. The browser is software that works for you. You control the browser.
Who but yourself do you imagine controls your extensions?
Oh really? Then why do my browsers keep moving things?
- Read-only access to cross-tab web site content
- Ability to modify web site content
- Ability to access the network
They can always "access the network" in that the extension developer can push static updates for things like ad block lists or security updates.
It might be possible to have "read only" cross-tab access include automation APIs like keyboard + mouse, with user prompting to prevent data exfiltration.
However, I'm just suggesting a modest improvement to browser extension security (that doesn't completely break ad blockers like Chrome's approach).
In practice, I run an ad blocker, and just trust that it won't exfiltrate bank passwords and stuff. Imagine the blast radius for a successful and undetected UBlock Origin supply chain attack!
My "pick one" approach (ad blockers would pick the middle option) would mean that comparable supply chain attacks would also need to include a sandbox zero day in the web browser.
At some point, you have to implicitly trust someone unless you audit every line of code (or write it yourself) and build everything from source that you run.
But there are other uses cases, like cloud2butt.
Definitely in 2026 kids should be getting tons of education in public school about how to safely browse the internet, both for personal data privacy and for safety against stalking, doxxing, grooming etc in the same way millenials were grilled about source checking internet resources like Wikipedia.
I don't even think it would be even a blip on the radar now.
It really is depressing how much ground we've given.
My local library is run by the county government, so of course the government can see the checkouts, they are the ones I check the book out from. But they restrict checkout information from others. For example, a parent can see the checkouts of their own children, but not after they turn 13.
Perhaps you're talking about subpoenas? Checking some other libraries I see SF Public Library has some discussion about that, but they delete books from your checkout history once they are returned. https://sfpl.org/about-us/confidentiality-and-usa-patriot-ac...
Because of this, I found it odd that the regulation allows displaying the accept cookies button. Instead, it should be rejecting cookies by default and a separate flow to accept tracking cookies (e.g. via account settings page)
It’s naive to think that cookies are the only tool used for tracking, but they are the most powerful tool for web based tracking.
Sorry mate, the GDPR is there for a bloody good reason; and legit companies obey the law.
But at least we have cookie banners everywhere.
That being said, it was very early regulation in this field, and more recent approaches are already better, e.g., GDPR, DMA.
It's almost like forcing (almost) every website to add these cookie banners has desensitised people to what they're actually saying.
Accept everything, the end the session.
That said even with throwaway relay emails I don't sign up to much
There is a similar story with Ford and how they build pavement everywhere and taught the young population that roads are for cars. Now we have to drive for 10 minutes to get from one shop on the plaza to another shop on the different plaza.
if there's anything remotely good with GDPR is the requirement to companies to disclose known data breaches
all the rest of it is a terrible idea and only serves to nag people and legitimise the darkest of patterns
the regulation should be there to disallow companies from asking certain information, everything else regarding tracking is self-defeating as it's 1) seldom enforceable 2) hardly binding in any meaningful way 3) pushing people to concentrate their services where they have already surrendered their data 4) legitimising of dark patterns
this new and blatant step towards digital id is a hill i intend to die on, I will not comply and I will do everything in my power so that others don't have to and are even punished for doing so
But now instead, my 11 year old's Roblox thinks she is 18 because she wore glasses in their age verification webcam tool. And it can't be changed unless she uploads a passport, which I will never allow.
Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
This is truly crazy. Random companies interacting on this level with children is far from ideal.
> Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...
I don't like the idea of governments collecting this sort of data either.
In the US it's not rare to link accounts through phone numbers that are required in web forms and store memberships.
In Chile they started asking for your National Id with so many stupid pretexts that people got conditioned into just giving it away. It wasn't like this 10yrs ago. I'd rather have membership numbers.
It's technically public information, so collecting Ids is legal, but it's also a universal primary key within the country that allows merging any user-related table you run into.
Retail says it's just to associate it with receipts in case you need that later, but I'd rather just get a photo of the printed receipt for later than rely on them to find my receipt. Supermarkets, Drug stores, and petrol stations tie it to (possible) discounts or points at check-out, which is price discrimination and it's illegal, but we are in our way to get surge pricing as soon as the new US bootlicker president begins his period next week.
In the early aughts I was sitting in on privacy discussions that reluctantly acknowledged that regardless of what we do online, surveys showed you could offer someone at the mall a free Snickers and they'd fill out the whole form.
The perceived cost to the individual of divulging their personal data is near zero; dangling nearly any incentive in front of them will induce them to let it go. And that's not a new phenomenon.
The notion that you should upload a passport to random sites for age verification is unbelievably dangerous. That's a recipe for identity theft. And face scanning is also an invasion of privacy, not to mention very unreliable (my 16 year old son has apparently been accepted as 20 years old).
I've pointed out in many places already that the only way to do online age verification right, is for the government to provide an e-ID that the random site will direct you to with the question "is this person older than X?", then you log in to the e-ID site, which informs you exactly what the site wants to know (which should be as rough as possible; no birthdate), then the e-ID site directs you back to your original site (or possibly through a proxy, if you don't want the government to know what sites you visit), and calls their webhook (through a proxy) with the confirmation of your age.
That's also how my online payments work, and this should be the standard pattern for everything that needs to be secure. Not sharing sensitive or personal data with random sites.
All this to let you do stuff you were allowed to do anyway.
The problem is handing kids admin level access on a device with full unfiltered access to several communication networks. You do not fix that by demoting everyone's access.
like if you could be issued an E-id that could perform a local signature/challenge-response that allowed the site to confirm an age bracket (like 12 or below,13-17,18-20, 21+), assert the entity that issued the id but not assert a stable identifier (not even pairwise) and not pass any data between other parties.
Obviously not foolproof, credentials can be stolen (same in your scenario) but the site doesn't need to care, they should be legally in the clear. Basically it would let you anonymously assert your age.
The decline of privacy, the increase in intrusive government surveillance, the increasing restrictions on free speech - this is all part of a very disturbing pattern. Our governments are becoming increasingly authoritarian, and these are the tools they use to keep the populace under control.
Funny choice of wording: https://www.eff.org/deeplinks/2026/02/discord-voluntarily-pu...
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
Being able to limit the influence of external bad actors is the main goal of ID verification. Age verification is a useful side effect that makes it easier to sell to the general public.
Big Tech has had at least a decade to fix this, did nothing of note, and is all out of ideas. Privacy advocates had the same time to figure out a "least bad" technical solution, but got so obsessed with railing against it happening at all, that nothing got any traction.
So governments are here to legislate, for better or worse. They know it's a trade-off between being undermined by external forces vs. the systems being abused by future governments, but their take is that a future authoritarian government will end up implementing something similar anyway.
How does automatically determining your age serve the goal of ID verification? It seems like most sites are choosing this as the first option. If the point was to link your ID, why wouldn't they ask everyone to provide it?
You are shifting the onus on to the platforms, when the problem is pretty simple; with a few exceptions, we've failed as a species to learn how to think.
Also do you think that the TLAs don't know who the bots most likely are with all the surveillance data they're gathering? That the NSA doesn't have detailed telemetry of the surveillance ops??
Let me ask you the question, what have they done about it? And why not?
The choice is between democracy and our current ever worsening sociopolitical hellscape.
If eliminating bots and sockpuppets is the price for restoring some semblance of democracy, then gosh darn.
And if social media, targeted ads, and algorithmic hate machines are collateral damage, than gee double gosh darn.
Those sacrifices are a price I'm willing to pay.
I would say the time to buy mesh networking equipment is now. But it's not like I'm capable of defending the transmitter. So when they come for the VPNs, the VPSs, and encryption, I guess I'll just be out of luck.
(Out of luck = resigned to zero digital privacy. No matter I follow the law and “have nothing to hide” of course.)
Perhaps people will pass flash drives like North Korea or Cuba?
So many aspects of our lives are like this now. People just accept defeat cuz it would mean giving up one click ordering or free return shipping or they might have to look at labels to avoid bad companies.
I've run ad blockers for years now, but I'm still trying to forget those disgusting zit popping pictures that trended in ads for a while. Or those incredibly stupid life hack shorts, like the one where someone tied a cord around a mug and the hack to get it loose was smashing the cup... that crap made me despair for humanity as much as the Gaza genocide.
But google and facebook convinced the legislators that it would be impossible to keep that chum away from kids on their platform, so the legislators are going with the next option: banning the kids from the platforms.
There isnt a single identity. Theres a loose federation of databases (banks, CRAs, telecoms, electoral roll, etc.).
There are multiple operational definitions of "name": legal name, common name, known-as name, card name, account display name. None is universally canonical. Theres no statutory hierarchy that forces institutions to agree on precedence.
In the absence of a mandatory national ID, identification relies on matching across name, date of birth, and address history, which are inconsistently collected. Fuzziness is necessary for coverage, but it introduces brittleness. If a variant isnt explicitly linked as an alias, automated online checks can fail because the matching rules dont explore every permutation.
Even within a single dataset the problem doesnt disappear. Large systems such as the NHS have documented identification errors involving patients with identical names, twins at the same address, or demographic overlaps. Unique identifiers help, but operational workflows still depend on humans entering and reconciling imperfect data.
https://digital.nhs.uk/services/personal-demographics-servic...
https://github.com/moj-analytical-services/splink.
I'll stand by my opinion that deeply integrating the internet into our daily lives instead of keeping as a "place you go" was a huge mistake.
I'd be curious how that might work as I haven't yet seen a zero-trust age verification system.
https://ageverification.dev/av-doc-technical-specification/d...
This proposal may have been updated since I read it previously, so I could be wrong now, but it didn't read as a true zero-knowledge proof as key steps in the flow still required a level of trusting the government as the central authority to do the right thing and not track requests, both today and in the future.
It’s much easier in the US to lose your job for what you say as in the EU and in the US the consequences of losing your job are more severe if you don’t have enough money so you can afford to lose it.
US freedom of speech comes with a price tag that puts the censor inside your brain.
[1] https://news.ycombinator.com/item?id=47231456
As the years have marched on, though, that "birthdate" becomes significantly closer to my real birthday.
I am fully aware that my standard fake birthday is now used by me in some many places, that I have started to have a fake fake birhday. I should really just randomise and store it in my password manager.
But obviously the context of this OP story ruins all that.
I understand there's a clever phrasing here but I didn't get it. English is only my second language.
I feel time has gone faster since I got a job, if that makes sense. Every day yearning for it to be 5o clock so I can check out, every week yearning for the weekend, every month yearning for the last day to get paid. Doing this is just asking for time to be over sooner.
I suppose idea is that Chinese women will stay at home with the child so the state doesn't have to provide any help?
Outside of that, there's increased traffic and the US as a whole is way too car centric. Suburbs are horribly designed, and we prioritize moving cars instead of moving people, and any kind of infrastructure design that might slow down traffic, reduce the need to drive, or mildly inconvenience a driver gets shot down.
There is a very real danger of getting killed by a distracted idiot in a car, and that risk is much higher today. I commute on I5 every day for work and every single day I see multiple people, going 80MPH watching tiktoks on their phone on the dash mount, or obviously looking down texting. I can't blame anyone for not wanting their kids running around the neighborhood when we can't even be responsible enough to pay attention when we are driving 2 ton death machines.
None of those are true in my area, and how did the "Karen" even get to your child on your private road?
These things don't happen on a liberal/conservative axis in my experience.
I've lived all over the place, though not as much with kids, and have had none of these issues (including having mixed race kids who look much more like their other parent than me).
You really need to look at why you're living where you do.
It really was an extraordinary story without any extraordinary evidence.
As usual, just blame the victim, then complain they don't provide evidence knowing full damn well child and family welfare services complaints are sealed and hidden from public oversight. This is how vampires with these theories operate, first they make it illegal to get the records, then they make it illegal to even find out who the accuser is, then when you call them on it they say "ha ha, you don't have the evidence, that we made it illegal for you to get!" The whole system is designed to evade oversight, so what we are all left with is anecdotes that we have about our own childhood being so much different than the ones our children have after interactions with the authorities that have placed these restraints. But of course when you share them, they are only used against you by persons such as yourself (judging me for where I live, as if it's not going on all over the US).
Personally I find it absolutely fucking hilarious that as much or more CPS induced restraint existed ... before CPS did.
>Yeah, except the now redacted comments didn't indicate that was the case which is why I was asking more questions.
Lol you responded to my comment saying it was an easement.
Instead, they didn't know much about me apparently and just stored what I told them.
Then it appears they were hacked because some completely unrelated release of stolen data included all my data, specifically all that data I had provided to that service, that one time.
The Verification Service is the honeypot for your private information. Arg.
The UK government has approved 7 age verification methods. Not one of them meets that standard.
That's not an accident.
https://www.ofcom.org.uk/online-safety/protecting-children/a...
Though I can't take credit for the idea. It was proposed by the European Democratic Party.[0]
[0] https://democrats.eu/wp-content/uploads/2025/12/Protecting-C...
and remember its like ratchet. there might be 99% of services that use inhouse face id, and its enough to have only one to leak your data.
My data point is persona.
> And… the answer is “none”.
> At least, none that I can think of at the moment.
Think back to the recent pandemic.
Work? Online. School? Online. Recreational activities? Online. Talking to loved ones you don’t live with? Online. Birthday party? Online. Nonfood shopping? Online. Banking? Paying taxes and bills? Online. Job interview? Doctors appointment? Online. Dating? You guessed it, online.
The internet’s a big thing these days.
Very few of the things you list are things that I do primarily online (even during the pandemic), and none of those are things that I can only do online.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
(“what will be the impact to me”)
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
[1] https://news.ycombinator.com/item?id=47229953
The question I'd ask myself is; who would _I_ trust to implement privacy preserving verification?
The only answer I can come up with right now is; myself. I would trust myself.
As a parent, I'd like to point out that the threat I care about is not "my kid of age N talks to a sicko of age M, where M - N > P for some legislatively-prescribed value of P".
The threat is "my kid of age N talks to or can be observed by a sicko".
These age verification schemes do nothing to help against that. Also, the worst predators online are often the vendors providing "kid friendly" services.
On top of that, these laws are being pushed hardest by the worst of the most corrupt politicians on earth. Why would I install a webcam on my kid's machine because that group of people wants me to?!?
Maybe we should focus on prosecuting the backlog of stuff in the Epstein files pertaining to politicians pushing these age verification services, not let anyone (except parents) control how kids access stuff online.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
It's honestly a reason why I don't use the service.
Banking, taxes, treasurydirect, linkedin, docusign, online filing,
Right now all those are tied to my gmail account.
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
As a matter of mental health, we really cannot have these overlapping for many reasons, prime among them is that if one part of me becomes aware of another while they’re doing their thing, a mental “table join” can happen and disturbing memories can be shared which is incredibly destabilizing to the system.
As a wireframe example my programming alter cannot be exposed to the alter who browses cptsd forums or they remember things that cause them to dip from the headspace and we lose their knowledge.
We can’t try to pretend we don’t exist and pretend to be one person either, we did that for years and we ended up having a breakdown and went into a fugue state and moved across country leaving everything behind.
This law would destroy our productivity and contribution to economy or whatever corporacrats care about.
Some company or, hell, the gov't setup a proxy service that whitelists the internet and have your kid use that. Do your fucking job.
What else is there to say?
Any such verification service will either sell your data or lose it. Will not may.
But then I remembered the game 20 questions, and how few yes/no questions you need to guess pretty much any concept.
I am no longer willing to share anything, not even a yes/no question.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
Someone, anyone, but themselves.
Offline there is a reason for that, online are enough countries where it breaks the law if you sell without verification at least for NC-17 titles
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
I don't understand how this is even an issue.
Functioning countries have cryptographically secure government-issued ids. Those cards have a cryptographic computer chip. A crazy innovation that makes your nose bleed if you look at it funny. You stick the ID card with a secure chip in a card reader and open bank accounts, sign any document as if in person, even vote. It's free, by the way. It's a pact with the devil, really, or unadulterated communism. In the banana republic of the USA you go around showing your driver's license or uploading selfies to fakebook. So modern. So untraceable. So unspoofable. Go team USA. It's like the rest of us are here sitting by the track while the handicapped team is still three laps away, still figuring out where the finish line is. All in the name of Freedom(TM) of course.
Verifying age: 1- use ID card in reader, challenge is received from website, challenge answered, the website checks with the ID database about that particular challenge/response pair. The website gets a positive match, they don't know anything about you, not even your age. Done. Don't forget to drown three rabbits in goat blood or the authentication will not work.
1 - 1 - 1970 is always mine - Unix zero
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
(In the US, the latter occurs more often than you may expect.)
I'm in the UK, I'm normally connected through a VPN these days.