Age verification is already mandated in the EU, and when you provide your credit card details to Google's age verification system for YouTube, they create a payments profile for you without consent. The Google account is set up for purchasing services across all Google properties, without needing to provide further payment details.
Google is exploiting the requirement for age verification to set up Google accounts for future purchases.
Google's use of payment profiles is much more nefarious and exploitative. I recently moved from one country to another. There are a lot of apps that provide local services - like banking and public transport information. I wasn't able to install any of them. Why? My original profile is from the country of my previous residence, where I originally bought my phone. None of those apps should be geographically restricted in the first place - but they are, for some unexplained reason. I have found apps that are geographically restricted even without the knowledge of the developer.
So then, how do you prove that you are in a different country? Easy, right? There are multiple sources of information that can prove your location - GPS, mobile service provider information, IP geo-location, Wifi SSID databases... . But no - none of that is enough. You have to add a local payment method! And coincidentally none of the payment methods other than credit card information works - not even the one provided by mobile service provider. So, you are forced to register your credit card information to prove your location.
Now that your have proved your location and installed the essential apps you need, may be it's time to delete the credit card information. What if you accidentally subscribe to some service you didn't want? After all, you aren't subscribed to any service or bought anything with the newly entered card. So it should be easy to delete it, right? NO! You are not allowed to delete your only registered payment method! [1] Now it's open forever as a payment method for online services or Google pay.
Google's tactics here are sleazy, underhanded and manipulative. And what of the complaints they receive about it? See for yourself - discussion locked and disabled! I don't know at what point their behavior is declared illegal and anti-social.
You could get a prepaid card and switch to that as your primary payment method. FWIW, I've removed all payment methods from my account before and it worked though I had to disable some unused Google Cloud projects I think.
> they create a payments profile for you without consent.
And? I create a "profile" in my mind of every new human I interact with, and every human I read about or hear about even without interacting with. It's a basic human function.
When I gain a new business client, I create a profile of them too. This might start with a phone number, but over time, expand to include an email address, knowledge about their location, work hours, bank of choice, etc. Most businesses do this and always have.
Storing my credit card details permanently should require separate consent. Even if a credit card is used to verify my age, once they've seen it one time, they should delete it unless I tell them to store it - it's not like I'm going to get younger or anything.
Isn't that a pretty straightforward violation of the GDPR? Consent to track somebody's personal information requires the data subject to be informed as to the use of the information, and personal information may not be used outside of the usages that were consented to.
There's "the law", and there's "what big corporations will attempt to get away with anyway".
Because whatever happens in court (if it gets that far), they'll have years of appeals to go, and that'll be some future Google employee's problem not the current people.
And there is "the law" and "the other law", often times the two being incompatible, so you're kinda left in the middle trying to kinda please both sides.
Like when governments agencies ask to both "disable all tracking of what their employees do on the platform", to ensure private data and GDPR like stuff are ok. They also ask to specifically "enable full logging of all access to their data" for security reasons.
So: "sed -i 's/tracker/logger/g' codebase" and everyone is perfectly happy.
They did not ask for consent to set up a payments profile during age verification.
Though what you're describing would also be illegal. GDPR does not allow requesting consent for such broad data processing just to fulfill a legal requirement to verify the user's age, and then denying access to the service if the user understandably refuses to give consent.
Or, they’re using the only consumer-focused credit card verification system they have (google pay), and “prevent users from using their credit cards” was never on the roadmap…
Suppose I asked you if I could borrow your car to get groceries. A week later, I take your car again and go for a road trip. You would be justified in being mad at me, because (1) the consent didn't cover the use and (2) the initial consent was for a limited time.
Google has an obligation to verify age. Google also has an obligation to limit tracking of personal information to usages that have been consented to. Neither of these obligations negate the other, and if Google never put it onto their feature roadmap, that just means that Google has been negligent in fulfilling their obligations.
It looks like it is for YouTube and Play content, not search links.
If so, I don't see how it is any more dystopian than the ID requirements that have long been in place for non-internet media. I don't recall anyone calling it dystopian back in the '70s for instance when we had to show ID to rent movies from the "adult" room at the local video rental store.
After showing ID, did the rental place record it, the video you rented, when you rented it and for how long, then store that information in a database shared with other outlets of the giant multinational conglomerate which it belongs to, sell it to advertisers and corporate security, and make it available on request to governments of the world?
And was this process duplicated for every other piece of media you consumed, to create a full profile of your interests?
A large change in quantity changes quality as well.
It practically seems like a type of cognitive bias based around technology.
We use some similar technology from the past to model the implications of the new technology and then willfully ignore the fundamental change brought about by digitization and network connectivity. The strangest thing is everyone understands how powerful network connectivity and digitization are in the abstract but when it comes to the concrete we brush it off like it is not.
This is just like renting The Terminator from the video store in 1989. What could possibly go wrong?
When you shown ID to the local video store, no record is made. And the video stores usually were not connected to a global interconnected graph of customers data.
Worst case scenario, you had a paper card somewhere in a drawer with your name on it.
I'll explain why I downvoted - because I get a little bit sick of these slippery slope arguments that every time Google has to follow a law that, while controversial, is not exactly the last breath of a despotic régime, that people love to decry Google as "being evil".
The fact is, there are gray areas. When it comes to government regulations, tech companies essentially have 2 options: comply or leave the country in question (note Google has already tried to lobby against the law in question). While "leave" sometimes is the only moral option, I totally disagree that this law warrants Google leaving Australia.
Consider then if Google had decided to leave it would have had a huge negative backlash on the law, given the usefulness of Google.
Instead Australia can now get what it wants and the backlash is minimal at best. Meanwhile they can go on to celebrate their dystopian law as working because of the endorsement Google gave them by capitulating.
Short term yeah it'd suck for Australia to lose Google but then the law gets changed back, Google comes back, and everyone wins. Well except for the Australian government.
I find this reaction, well, odd. It is basically arguing that we want giant multinational corporations to have more power than democratically elected governments.
I see diatribes all the time on HN bashing companies like AirBnB and Uber for "blatantly ignoring the law" to get what they want, and here are a bunch of people wishing for Google to blatantly ignore the law to get what they want.
You have a point. However I don't believe anyone here's advocating that Google ignore or break laws. But rather, to (as done with China) voluntarily withdraw certain services in response to arguably-unacceptable duress.
[note: that is not my position here - I'm merely clarifying part of the discussion]
I must add, being relatively familiar with Australia's tech sector and it's people, that there is not a great deal of respect in the sector for the tech choices made by Australia's incumbent government of recent years. Whether or not that sentiment is ethically trumped by the fact of that government's democratic election by the general populace, is up to the reader...
I don't know the details of this legislation but I have viewed Australia as a beta test for new tech legislation and worry this sort of authorization barrier could become more common place in Western countries.
> I totally disagree that this law warrants Google leaving Australia
I think most people have this opinion, but I wonder if they would have the same opinion if the country in question is a non-Anglo non-West but democratic country like India or Brazil
Do you also have this same opinion on Google's Project Dragonfly (Google's censored Chinese search engine)? That is, that people shouldn't have "bashed" Google, since it was the Chinese government "forcing" them?
Kind of a bad look for Google when its workers refuse to work on projects for the US Military, and then when Trump wins they hold a meeting where top level execs are tearing up and emotional while unpacking the situation… but when things like this happen, seemingly, nothing but crickets from those brave workers.
Tired of people defending Google at every turn despite them not deserving the benefit of the doubt for many years now.
Although the title is correct, it's worth noting that Google is not doing this because it thinks it's fun to require verification. The Australian government is requiring google to take this action.
>"If our systems are unable to establish that a viewer is above the age of 18, we will request that they provide a valid ID or credit card to verify their age.”
I don't think Google is complaining too much. Especially if it gives them an excuse to collect credit card data (reducing a significant amount of friction when they sell YouTube premium / google drive subscriptions).
I had no idea you could actually use a credit card to verify age. I thought that was nothing but a scam employed by fraudulent cam/hookup sites and catfishers. Google probably shouldn't train people that this is a normal thing to do.
> Does a credit card in fact verify age? Anyone at all can go buy a prepaid card at the grocery store, right?
A prepaid card isn't a credit card. Payment processors can tell the difference between card types. You have to be 18 or older to get a credit card issued in your name (although you can add an underage authorized user to your card). And there are now other requirements needed if you're under 21 in the US, such as proof of income or a cosigner.
A prepaid card is also not a debit card (debit cards are attached to a bank account). To get a debit card you must be either 18 or have a legal guardian who is at least 18 on the account.
> To get a debit card you must be either 18 or have a legal guardian who is at least 18 on the account.
Not necessarily. You can be issued a debit card from age 11 in the UK, although it will only do online transactions to prevent the account going overdrawn.
Allowing a parent/guardian control of the account is optional.
I'm not sure what your point is in relation to the discussion, of course they do.
But the discussion was around being able to use a credit card to verify that you're over the age of 18. My point being is that a credit card doesn't have a photo to verify that you are who the persons name is on the card.
A simple "the law requires us to" somewhere in that quote would have gone a long way to convey displeasure at their arm being twisted. But nothing in that quote suggests any arm twisting, and why should google of all corporations be given the benefit of the doubt? They look like eager and willing collaborators.
Large Corporations will often have government enact laws they know would be unpopular policies for a variety of reasons... Many times companies will even publicly opposes the very laws they actually support behind the scenes.
Not saying that is the case here, but it pretty common for corporations to use government as their tool
If they want us to believe they're displeased at this requirement, why don't they say so? Google has certainly complained and protested about other laws before.
> In response to multiple complaints we received under the US Digital Millennium Copyright Act, we have removed 15 results from this page. If you wish, you may read the DMCA complaints that caused the removals at LumenDatabase.org:
You're comparing a quote from an article clearly being written in the context of this Australian law to the actual quote from Google's implementation of DMCa law. There is nothing in your quote indicating they are "protesting" DMCA law.
Here is the full quote.
> Over the coming month, we will also be introducing a new age assurance step on YouTube and Google Play. This added step is informed by the Australian Online Safety (Restricted Access Systems) Declaration, which requires platforms to take reasonable steps to confirm users are adults in order to access content that is potentially inappropriate for viewers under 18.
> This is in line with the actions we took in the European Union in response to the Audiovisual Media Services Directive (AVMSD).
> As part of this process some Australian users may be asked to provide additional proof of age when attempting to watch mature content on YouTube or downloading content on Google Play. If our systems are unable to establish that a viewer is above the age of 18, we will request that they provide a valid ID or credit card to verify their age. We’ve built our age-verification process in keeping with Google’s Privacy and Security Principles.
Pulling out a quote and then saying "they don't mention the law", when they actually do mention the law a few lines above is frankly... a bad objection.
They aren't required to disclose any DMCA removals, but choose to anyway, citing the law by name. Pointing out that a law is requiring them to do something is the least anybody can do if they object to that law's requirements. The omission of such a statement is sufficient evidence to conclude they are willing collaborators. A tech corporation like Google does not deserve the benefit of the doubt anyway.
Are you still not following that this "omission" is something you've entirely made up in your own mind by selectively copying one quote from an entire article?
The text you quoted does not seem to convey any displeasure at the law. Think what you like.
> This added step is informed by
Why so passive? Why not "required by"?
> We’ve built our age-verification process in keeping with Google’s Privacy and Security Principles.
Why not omit this apologia?
Also, that statement about the DMCA is on every single search page with DMCA omissions. Do you think Google is going to cite the ID law by name on every page requiring it? I guess we'll find out, but I'm not holding my breath for this.
1) For Google to "complain" about the law and then still enforce it is just a toothless objection, virtue signaling. At least in the case of the LumenDatabase.org notice, their complaint actually serves a valid purpose of subverting the law (by allowing the user to see the offending domains.)
2) Google is a US corporation. If it is unhappy with US laws, it could be considered perhaps reasonable or even responsible for it to voice its concerns as a "corporate person" while it continues to fulfill its legal obligations. But it's a guest in Australia. If it doesn't want to obey the laws enacted by the people of Australia in Australia, it doesn't have to. After exhausting any judicial remedies, it can simply choose to leave Australia voluntarily. But to continue to reap Australian dollars while being demonstratively surly about it, could come across as disrespectful to the people of Australia. It would be as if someone came as a "plus one" to an exclusive party at your house, and then vocally complained the entire time that they were "forced" to remove their shoes.
The credit-card as a viable ID is hilarious. I don't have a CC nor do I want one. So I just used someone else's so that Google doesn't bitch when I want to watch an 18 plus video.
I do have a passport that everyone is legally required to have in this country but trying to upload a picture of that was a fucking nightmare so I said fuck it take these numbers you clowns.
Now if I can do this I'm sure every kid on the planet can just take their mom's CC so what is the point of this law anyway?
They are lying. I have recently verified my age on YouTube with a credit card, and they've created a payments profile without my consent. I have discovered what happened a couple of weeks later when I've signed up for Google Cloud and my payment data was already listed in the form of a payments profile that could be selected.
First of all, I said privacy, not security. Huge difference.
That aside, I am not advocating for less choice, merely observing that in many cases users willingly give up their privacy (or other rights) for convenience. Your reaction to my observation actually proves my point.
Which is not a good proof. You can use one from somebody else, it doesn't prove that it's yours. Only that you have access to it. As long as you don't make any paiement, I suppose you will be fine.
Google could have required people to enter credit card details to download apps at all on their phones, following the precedent Apple had already set. That hasn't happened.
You don't need to give Apple a credit card to download apps. You do need an iTunes account, which can be created without a credit card (I have two with no cards attached).
If you only download free apps, you're good. You can fund the account with PayPal or gift cards if you choose to download paid apps.
Try to refrain from making stuff up in your defense of Google.
I set up my 9 year old's apple watch yesterday. I had to enter my credit card details to add it to my Family. I didn't have to do this when linking my child's fitbit.
https://discussions.apple.com/thread/251793338 no longer requires a credit card after iOS 6 but is still heavy on dark patterns. A credit card isn't even asked for when creating a Google account at all. My point is that Apple either requires or tricks you into giving a credit card to use Apple services, and the only reason this is a big issue for Google is that many Google accounts don't have a credit card already.
Ah I created the account on the device during initial setup, so that explains why I was never asked for CC info. Though from reading through the help page it appears they have an option for "none" for CC info when you create the account later. There are no screenshots on the page but I found some on Youtube.
They don't do that out of benevolence. The reality is they know a huge portion of their customer base are already on the lower income side. If required that info upfront they would lose millions of customers. Never underestimate how many people live on the fringes of society. No bank account, no credit cards, no offical address.
Also worth remembering that selling you stuff is not how google makes most of their money. The sell you as a product. The more people they have on their system the more money they make even if they are not buying anything.
I've had an android phone for many years without ever putting in a CC to the play store. I've bought apps though through Fdroid though.
That's interesting. Is the Australian government requiring me (superkuh) to take action to follow their absurd laws for my dot com website too? I definitely have Australian users.
I guess what I'm asking is if this is something Google is doing pro-actively to cover their asses after a general law was passed, or if the Australian government has explicitly contacted Google (alphabet) about this?
The Australian Government is only targeting big social media. They are requiring big social media to be able to identify users so they may be prosecuted for defamation. They and the courts don't care about sites that an insignificant number of people follow (yet). Age verification on Google is just the start. Soon you won't be able to use Twitter, Facebook or comments sections on Australian news sites without sending them ID or using a VPN. Tumbler, Pinterest and hacker news have not yet been targeted.
Well, the Australian government has shown it's willing to throw people into camps against their will, so...greater control of the population would be my guess.
The Australian Government wants social media to be able to identify users who make posts so they can be sued for defamation. Age verification is just an easy to accept start, getting people on board and setting the legal precedent of requiring foreign owned social media companies to collect this private and dangerous information (and note, Australia is also suing these same companies for abusing private information they collect). Assuming the opposition goes along for the ride, identity verification will also kick in before making Youtube comments, Facebook posts or comments, or Tweets. And maybe Mozilla will make some money marketing their VPN as a privacy service for Australians.
There is no connection between this and what is in the article, which is about age verification for viewing adult content. If you are commenting on social media, those companies already have all your information.
There is no provable connection, no. But I do find it a coincidence that age verification is being pursued now rather than years ago, just months after the government started pressing for social media to be able to identify users so they can be sued for defamation, bullying etc. Social media may already know who many users are, but they obviously can't prove it to the satisfaction of the courts or with enough reliability or this would not have become an issue.
The ~only reason gov't ever does anything is because they think it looks good to voters.
And any given voter doesn't have "wants" or "beliefs", just violent mood swings and social performance.
This isn't really even a bug of government's! Government action is very often valuable and necessary. But the incentive structure is such that modeling the gov't as a somewhat-rational entity with well-formed desires is usually not the correct frame to start with, IMO
"because the voters want it" is just how they spin it, the reason is to have a chilling effect on expressing dissatisfaction with whatever party is in power.
I think we also need to realize that those in power aren't necessarily plain old rich like the monocle guy from Monopoly or Mr Burns from the Simpsons. They're just connected, powerful, to a degree rich, and sometimes plain old skilled orators that can convince a lot of people.
If that's the case, then we should be able to do a referendum for legislation this "big" to go through, right? I'd argue that the lack of a robust, accessible and easy form of referendums means we're not fundamentally different to a dictatorship.
I admire Switzerland's system, where the people can petition for a referendum to delete any law they don't like.
This forces the politicians to negotiate with motivated minorities before creating new laws.
Instead in the U.S. we allow rich people and corporations (who are not voters!) to give money to politicians. In most other democracies this is illegal and considered to be corrupt.
Thanks for your comment, I had not heard of the minaret ban [0], which was an amendment passed by a double-majority (people and cantons), and was considered to violate existing constitutional protections.
I guess this is what happens in a democracy when enough people believe in doing something, even if that something is not right by everyone. Many forms of government are susceptible to this, depending on the culture. The world would be a better place if people had more respect for each other.
You are not the voter anymore. Watch the second half of GCP Greys. Rules for Rules on youtube, or read the book its based on if you want to understand. The video is a really good summary though.
Australia trades with China, particularly in minerals, but the countries are not on good terms.
Australia has multiple WTO cases running against China, and the Australian government frequently calls out CCP misbehaviour. In turn, China has placed tarrifs on higher value Australia products like seafood and wine.
It's similar to the Germany / Russia relationship, economically necessary but with frequently conflicting social principles.
The incentives of the two organizations are aligned. It makes sense and is very unfortunate that they capitulate so easily. It's yet another example of why you shouldn't rely on anything from Google.
What kind of problem solves this measure? If someone think that minors won't access adult content that person is pretty naive. Only with TV shows, series, movies, music, and games they are going to watch a lot of violence and sex scenes, and most of us knows there are a lot of easy ways to access to this kind of content outside mass media.
Letting the usefulness of this measure aside, I think there should be other ways to get your age without using your ID, like using a credit card for example. I don't know if there is any way to get the age of a person using the credit card, to be honest, but at least is an identification method with a expiring date and possibilities to cancel in any moment, not a unique number you can't never change in your whole life (at least in most Western countries I know).
I don’t disagree with anything you said, but some countries, like the US, don’t have a national ID system. So we usually have the option of using one of several different ways to verify our identities[1] for commercial services. Unfortunately most still do give you fixed numbers that don’t change unless you move to another state.
but some countries, like the US, don’t have a national ID system
This is.. not quite true. Social security numbers are used this way (even if they aren't intended to be such a thing) and passports are essentially a national ID system. My passport is the only valid ID that I have - of course, I live outside the US and have to have the nearest US embassy renew it. (I don't qualify for Norwegian IDs yet, and my immigration card is a supplement to my passport instead of actual ID)
Passports are a federal ID, but they’re not mandated in the same way that other countries like Estonia mandate national IDs.
SSNs? Sure, they’re (optionally) used as an identifier. But they’re primarily used in the financial world, along with your credit score. Most state and federal agencies won’t require an SSN for official business (again excepting taxes & payments). A hotel will accept a Global Entry card for check in. UPS will accept a non-driver’s license to pick up a package. You can vote with a student ID in some states.
And don’t forget people who are undocumented immigrants or on F-1 and J-1 visas who don’t even have a SSN, but still need to open US bank accounts, pay taxes, get US driver’s licenses, and vote in municipal elections.
An American passport ID number changes every ten years, causing lots of problems when foreign banks (like Chinese ones) try to use it as a stable ID number. Source: personal experience.
I've had absolutely no issues with it here in Norway, but Norway gives folks a number much like a SSN, which is used more widely than a SS# in the US alongside a picture ID.
China uses foreigner passport IDs in place of a Chinese ID number. Which is kind of dumb since that number changes, which caught the bank by surprise. I had to carry around both my old and new passport for awhile after my first renewal.
Right, but I think the concept of a national ID necessarily has the property of everyone (as close as is feasible) having one because it is required and they should be stable across time. Passports are optional, they expire, and they aren't stable. Not everyone can get an American passport (e.g., non-citizens).
somehow i don't think the invasive measures will go away with artificial placentas and factories that pop out healthy and ready 25-35 year old professionals/drones.
> Governments all over the world have started pushing for ways to collect ID on social media users, often under the guise of providing a safe space for kids online.
Does anyone know how these work on a technical level? Are they actually verifying these IDs with some sort of government API? What's preventing people from just sending fake IDs?
I'm also curious how non-tech giants are going to implement this. It's a big ask for small websites run by single or small groups of people. If they face consequences too, it seems like a win for the social media sites to keep their market positions.
Finally, what's preventing the children from just using non-tech giant sites to get at adult content? If it's literally just for Facebook, Youtube and the like, it'll be about as useless as the "Click here to confirm you're 18+!" verifications since they'll just search elsewhere, on one of the millions of other adult content sites...
One would imagine, but the state of "KYC" in the wild is much less pretty. Some governments don't even have a national identity card (USA, UK) to verify. So instead they verify driver's licenses, passports, utility bills. Others use credit agencies, half-baked and built-up-over-time databases of who knows what, facial recognition, etc. Kicker, most border control checks are no more advanced than looking up a traveler's name surname and date of birth in old lists.
I find it somewhat hilarious that a site "reclaim the net – Push back against online censorship, cancel culture, and privacy invasion. Informed by principles on digital rights" wants me to give them my email for their newsletter on my very first visit. Before showing me the article, or anything.
Yes, I would like to reclaim the net. From sites such as that one.
Imagine you are visiting hacker news, and for some reason you have to prove your age, but you don't want HN to know who you are, nor your age identity site to know you're going to HN
One way to do this off the top mf my head would be
HN issues a unique number (say 4096 bit) to you when you create an account
You send that number to your identity provider along with confirming proof of age
The identity provider signs that the number is valid and posts it to a public source
HN downloads a list of 4096 bit numbers posted in the last 5 minutes and confirms the one associated with your account is on the list
HN will know that "Identities-r-us.com" has proven your age, but nothing else
IRU know you had to age approve a site, but there are many sites downloading the lists so they don't know which one
You can do even better than that. IRU could proxy your TLS connection to the identity provider, and you could prove to IRU in zero knowledge that the decrypted transcript verifies that your age is over some threshold, without IRU ever seeing your age, and without the provider having to run a signature service. Then IRU is the one who signs the attestation on your age.
But this way ppl could falsely verify their age by using a shared identity, unless the identity provider saves the identity (and shares it with other such providers)?
The central checker knows you've proven your age, but not where you've proven it.
As someone else points out, you send a message to your ID provider 17 requesting the minimum required fields and an anonymous token provided by HN, the ID Provider returns that (over18=yes, token=1234567....) which is signed, you then send the returned payload to the server you're asking, saying "I used Identity provider", and HN (assuming it trusts your ID provider) can confirm that.
HN knows the IP you're connecting from and the identify provider (say the Austrailian government)
The Austrailian government doesn't know where you're connecting to, just that you are trying to prove you are over 18. The unique random number HN provides confirms it's not someone else's token, but it doesn't link to HN
I assume there's a proper standard which does this
The Australian government made a big push to make Google and Facebook pay Australian news sites for links to content on their platforms.
Google made a number of moves to head that off, including pumping money into local initiatives and a deal with the local media companies.
Not fighting back hard against the current social conservative government's moves on censorship and cracking down on online rights is consistent with Google's other moves to protect profits and avoid paying media companies for links.
Will Google in Australia have a button that lets you skip the identification process but see the content anyway? No, so those aren't even remotely similar.
I am curious if the ID will be validated somehow or just dates checked. If the former, I wonder of this endpoint would be given to any site owner to validate age. If the latter, I can imagine someone creating a "this ID does not exist" service to fill this need. More likely VPN providers are about to get a bump in clientele.
It would probably be an automatic system somehow just looking at the dates. Imagine someone wanting to watch a video and then submitting their ID and getting the message back "thank you, you will be able to access this content in a few hours once we have verified your ID".
You would have just lost that person for a long time.
While it is unilateral, it appears that the triggering effect for the age restriction is the content of the video, not the fact that a politician put it up.
For YouTube, that has been the case for a while in Germany. Certain videos (usually semi-pornographic, I think I only encountered it for black metal music videos) will require age verification. And that is despite my Google account being 18 years old…
I used to believe, at least in the early days, that these tech companies were successful in upholding the values of freedom of expression, speech, and exchange of information, subsequently the values that the early internet itself formed around. They were anti-authoritarian.
Now it seems they willingly accept being pushed around, succumb to any request to compromise its values in the interest of shareholder value, and willingly collude with authoritarian requests from governments.
It's all so typical, in a way. Whatever shred of idealism I had left for these companies is now completely gone.
The problem is that the more a company wants to draw a line in the sand against a government, the more it must be a monopoly of some kind otherwise be replaced by someone who doesn't
I find the reverse to be true. It is only when a company becomes a monopoly does it begin acting in this way. It becomes hellbent on maintaining that monopoly.
Regarding adult content, don't you think that there is a better solution? Websites could add a HTTP header containing content rating; if the header is missing then it is considered 18+ content. Browsers use this header to restrict access according to OS settings.
This way the problem can be solved without any IDs and credit cards.
Also I don't understand why age verification is needed for Google Play. Isn't adult content already banned there?
I think this is more about getting people on board with requiring social media to be able to identify users, which is also happening. People hate having to provide ID to Facebook so that they can be identified when the law asks, and the chilling effects of de-anonymization. But stopping kids viewing decapitation videos, sure.
Welp time to re-up a mulvad subscription I guess. The Australian government has been embracing cronyism and corruption for a while, but until half the country stops rewarding the incumbent party with votes while complaining about everything they do because "the other guys will be worse" then here we are.
We really need to have the OS and browser cooperate on this, otherwise we will need to show our ID to each website we visit. But browser makers are busy with chasing benchmarks or other less relevant stuff that are fun for devs to work on or that might make more money.
Why? it would not be forced on you but think about this super easy scenario.
1 I buy a device for my child and I set it up and enter his birthday, say he is under 13
2 I buy me a device , setup my account and enter my credit card to use the Store , the OS now is 100% sure I am an adult
3 The browser on our devices knows our ages now
4 13+ , 18+ webpages will mark this in the header , the browser on the child phone knows to not just allow the child to click "I am 18+ old" , the browser on my device would check my settings and say if I am a religious guy I tell the browser not to show the pages to me.
5 if you can't or won't tell your OS or browser your age either send your ID card to all websites or don't go there, big websites will respect local laws so maybe you can have luck with a VPN or some small website that does not care about local laws in a different country.
I suggest this idea as an alternatives to having to send ID card copy to each websites, I am not advocating for UK or Australian laws to be made default everywhere.
Sure it could come in via user agent. I would worry that governments would then attempt to regulate and lock down browsers such that Free Software is no longer viable, or even legal.
I think most of us know that clicking "I am 18+" is a joke, governments will eventually look into this and not because politicians want to make it harder for them to access this pages but because activists and religious groups will put pressure on them (I seen with my own eyes religious people exiting from a party because the leadership allowed gays to have a parade in the city, and if in your region/country there are many religious people like this the politicians will try to get their votes) , so the tech sector needs to find a solution for this that is privacy friendly. At this moment I can use my bank and PayPal from Linux so there is no technical reason that prevents open source software to implement it.
Any open source solution would be trivial to disable, by definition. Hence OP's point that pursuing this to its logical conclusion means banning F/OSS.
>Any open source solution would be trivial to disable, by definition. Hence OP's point that pursuing this to its logical conclusion means banning F/OSS.
And you think that you can't "mod" some proprietary application? The only exception is locked down devices so not only FOSS would be affected but also non locked-down and DRM devices, if UK or Australia will demand only DRM devices to exist so all laws are followed then we are fucked anyway.
It's a step-by-step thing. First you pass the laws to ban X. Then it turns out that F/OSS makes working around them trivial, and so you ban F/OSS. Then it turns out that proprietary apps can also be hacked, and then you mandate DRM.
Again, "Rainbows End" describes the end result quite nicely.
I understand your point and I would prefer not to have to do this. But I was thinking that we already are going down hill better we chose our path then have others to do it. I would prefer to say prove my age to Canonical then have to send my proof to every website individually. As long as a majority of the users are protected I do not see some idiot religious politician complaining that children could root Android phones and watch porn or that children removed OSX to install Linux to get more freedom(probably a VM would work too).
Since the big companies don't gain lot of money from this like they gain with DRM media and anti-repair I do not see the insentives to push thos ossue to extremes.
> Is long as a majority of the users are protected I do not see some idiot religious politician complaining that children could root Android phones and watch porn
I totally do. All that would be needed for this to happen is one well-publicized case.
The fundamental problem here is that by aiding and abetting the censorship, you're implicitly legitimizing the purported reasons for it. Thus strengthened, that reasoning will inevitably be extended, if only by chance - and you won't have any arguments to push back by then. Consider: if we've already decided that cracking down on porn justifies routine violations of privacy (that would be necessary in any pervasive age-ID scheme), and the majority of the society agreed with it, how would you convince them that F/OSS is valuable enough to not sacrifice on the same altar?
Given that both major parties in Australia have a bad history of bad tech law, I'm not hopeful that even the upcoming election would get in the way of this one.
Sounds like exact quandary that the emerging DID spec (Decentralized Identifiers) [https://www.w3.org/TR/did-core/] is hoping to solve. I.e. you can submit your proof of age to an attestation service (in this case, perhaps the australian government itself) and receive an anonymous DID from which you can issue proofs of age without revealing other aspects of your identity.
Would that also work the other way around? Ie would it mean the Australian government wouldn’t know anything other than you wanting to prove your age to somebody?
Yeah, the DID you receive from the attestation service can be used multiple times, and is assumed to be immutable, so you sign messages with your private key to prove ownership of the DID but generally reveal no other information. One concern would be that a backend integration might exist between the Australian government’s attestation service and Google’s system, in which case there might be benefit to the existence of an alternative public institution that is committed to privacy which has the demonstrated authority to verify age.
Nope, it's an unintended consequence, I think the political motivation is naivistic. It turns into a kind of censorship, but was conceptualized as a speed bump.
I've noticed the restriction on some YouTube video as well. With one account of mine I'm able to see them though, even if I don't remember giving my credit card details or ID. I created this account a long time ago so I might be wrong. I think they asked for my phone number for verification instead.
So are all the Fox News idiots that wanted to come and liberate us from authoritarianism going to do it already? Or is that just for liberal state governments with barely any power that don't share your political views?
1/8th of the country takes a different approach to a public health crisis and suddenly every hot take American conservative talks about invading the country. But the federal government uses us as a testing ground for technological authoritarianism for the better part of a decade and it doesn't get reported at all, even within Australia, except for on tech sites and other left-leaning places.
If you, as an American, are worried about authoritarianism within your own country, stamping this steady ramping of it out in other allied western nations should be a key priority. But the only time I've ever heard an American news network even talk about Australia was about the Melbourne lockdowns, with completely incorrect facts everywhere, making an absolute mountain out of a molehill.
Fox Is pushing this agenda in Australia. Murdoch plays our governments like his private backgammon table. "Conversative Liberal" party in Australia = "Rust belt GOP" party in US
Australia is what happens when you sell off your land to the highest bidder, throw your consistution out the window and let the Capitalists take over.
There, I fixed it. I'm getting tired of every headline trying to bash on Google/Facebook/etc. for clicks.