In case people no longer remember, when China started to require websites to register for a license before be allowed to operate, it was for "protecting the children" too.
This simple policy then goes on to silence most individual publisher(/self-media) and consolidated the industry into the hands of the few, with no opportunity left for smaller entrepreneurs. This is arguably much worse than allowing children to watch porn online, because this will for sure effect people's whole life in a negative way.
Also, if EU really wants "VPN services to be restricted to adults only", they should just fine the children who uses it, or their parent for allowing it to happen. The same way you fine drivers for traffic violation, but not the road.
And if EU still think that's not enough, maybe they should just cut the cable, like what North Korea did.
1. First, year ~2015 legal framework was created under disguise of banning pirated media(specifically torrents.ru)(legislative push). State-wide DNS ban introduced. Very easy to circumvent via quering 8.8.8.8
2. Then, having legal basis, govt included extra stuff in banned list(casinos, terrorist orgs, etc)(executive push). IP bans introduced, applied very carefully.
3. Legal expanded allowing govt to ban specific media on very vague criterias(legislative push). IP blocks tried on some large websites. DPI hardware mandated to be installed by ISPs to filter by HTTPS SNI(executive push).
4. At ~2019 Roskomnadzor(RKN) created, special govt entity which enforces bans without court orders(legislative push).
5. ~2021 sites become banned if they are not filtering content by Russian laws by request of RKN(executive push). VPN services were obligated to also DPI-filter traffic(legislative push).
6. ~2023 Crackdown on VPN started(executive push). Popular commercial services were IP-banned, OpenVPN and IPSec connections selectively degraded by DPI.
7. ~2025 Heavy VPN filtering(vless, wireguard, etc) introduced(executive push). Performance of certain sites were degraded(youtube, twitter, etc).
This is very up to chance. Sometimes the VPN works, sometimes it doesn't. Sometimes it's fine on the home Internet, but fails on the cell data, sometimes it's otherwise. And it is fine if you're somewhat tech savvy and okay with tinkering with settings, but a huge pain for the older relatives.
But you are asking logical questions. You are thinking and talking too much for a World citizen in 2026. "Reasoning" is a reserved word for chatbots now, so we humans are not allowed to do that anymore. We can only obey like a bot and pretend all the lies they tell are the truth.
BTW I live in Turkiye where the government banned ALL the adult websites around 2008. Even as an adult you can't access them. This year they are banning VPNs, introduce age controls and ID verification COORDINATED with the rest of the world. Also banning some games, control social media, and basically make it legal to control and track everyone on the internet. What a coincidence that similar attempts are simultaneous in many independent countries.
And no, children have not been really protected in Turkiye since 2008.
Grab a SIM-card from Bulgaria with roaming enabled. Internet is routed through the Bulgarian ISP even when you are in Turkiye. Full internet access, no VPN required.
Until the three representatives from Bulgaria and the ones from the other EU countries win out lobbying for ChatControl and expand it to VPNControl too.
No, you live in Turkey. That is what the country is named in the English language. People can render it in Turkish however they like, but in English it's "Turkey".
You always hear the argument "protecting the children", because anyone oposing the regulation/laws can be labeled at best "exposing the children to danger" or at worst "pedofile". So as a consequence at best the oponents of such regulation/laws should not be listened to, or at worst they should be put into prison.
The excuse has to be something nobody can appear to be supporting (pedophilia, terrorism, nazis, etc.). It's not only an appeal to emotion, it's also a false dichotomy, a loaded question, guilt by association.
Others look at this recipe and can't help but notice its effectiveness. Eventually nobody is beneath pulling this kind of logic, even if they were the ones crucifying it just a few short years ago. The weaker the leader, the more likely that that they forget where they wrote down those principles of theirs and resort to this crap.
> In case people no longer remember, when China started to require websites to register for a license before be allowed to operate, it was for "protecting the children" too.
Indeed I do not remember this, nor can I find corroborating evidence that there was much of an effort to justify the requirement to the public at all. As far as I can tell, the government simply decided that they needed more control over the internet, so they made a law to give themselves more control over the internet. https://www.gov.cn/gongbao/content/2000/content_60531.htm It has no special provisions limited to children that only later got extended to adults. (Meanwhile, restrictions on how long children may play games continue to only apply to children, AFAIK.)
Ursula von den Leyen has been pushing internet blocks in Germany for the sake of the children since 2009. Which is when "Zensursula" nickname has been coined. You don't need to look far to find the same thinking by the people in power.
> In case people no longer remember, when China started to require websites to register for a license before be allowed to operate, it was for "protecting the children" too.
People don't remember because it didn't happen and the license wasn't about protecting the children. But it's so convenient to just blantantly lie on the internet nowadays, isn't it?
Just like the title of this article blatantly lies about "EU" doing something.
One of you ought to find out what really did happen, and tell us. I can only do the lame thing and quote Wikipedia:
> China had no such legislation until 1997. That year, China's sole legislative body – the National People's Congress (NPC) – passed CL97, a law that deals with cyber crimes, which it divided into two broad categories: crimes that target computer networks, and crimes carried out over computer networks. Behavior illegal under the latter category includes, among many things, the dissemination of pornographic material, and the usurping of "state secrets."
Parents can protect their children. Source: I’m a parent. My kids haven’t seen porn and can’t access the internet. This doesn’t affect the free exchange of ideas that my fellow countrymen enjoy.
Governments getting involved absolutely, unequivocally will be used to clamp down on the free exchange of ideas.
That wasn't the point i was asking for an argument for. What I wanted to know is how age verification is worse then allowing children to watch porn. To make that argument.
> Source: I’m a parent. My kids haven’t seen porn and can’t access the internet.
Are they above the age of 16? Because then you're either Amish or out of touch.
Age verification will be implemented as identity identification. And that means anything you read or write or watch or say will be tied to your identity, registered by the government and other organizations, and used against you as an individual.
Do you understand now? Or will you only understand when you get fired from your job and they won't tell you the reason?
> Age verification will be implemented as identity identification.
Thank you for bringing an argument.
I want to start by tackling your argument head on. What if it's not though. What if it's implemented by attestation and signatures rooted at your local national government? Nobody will be able to tie whatever you watch or write to your identity, because they won't have it. To my understanding, that's what's proposed here, and that won't feasibly lead to any of the spooky consequences you're predicting.
There's another leg to it also. "anything you read or write or watch or say will be tied to your identity" is already true right now. Google is already, at this second, tracking my every move online and using it against me in a targeted advertisement campaign to change my spending habits, but my political affiliations too. If you're truly afraid of that outcome, I believe there are much more prescient and immediate things you should oppose than this.
You're the one that needs to argue the presence of harm, given you're the one arguing we need to create a surveillance dragnet to shield certain age groups of humans from witnessing how their species procreates.
The default state is that humans procreate via sexual reproduction. You need to argue why we need to take action to hide this, especially given we let children witness other far more brutal activities from the human species like violence.
Surely someone claiming it's arguable should be willing to make that argument.
For me it's not that it's reproduction. Film that shows sex is not an issue as I see it and I don't know anyone that has developed serious addictions to sex in Hollywood film. However I know several people, family members included, that have absolutely obliterated their childhoods and early adult years by becoming addicted to porn. They were groomed by adults online from a young age and, although their parents tried to stop it, kids are sneakier and they got around it, exposing themselves to some truly dark things. It is not easy for families to recover from having dealt with a child with serious addiction issues.
I think it's pretty silly to argue that systemic protections are ineffective and overreach whereas the efforts of one or two parents should be enough and are the correct level of enforcement for the protection of children. The parents of the people I know went to extremes to protect their children and they were mostly unsuccessful.
Sounds like the people you describe were outliers with some preexisting conditions, and probably shouldn't be used as any sort of baseline or point of comparison.
The argument I am asking him to make is the one about how age verification is "much worse" than "allowing children to watch porn".
If your argument in favor of that is that watching porn isn't harmful to children, then I don't understand what all that superfluous waffling about china is doing in there.
The EP paper appears to be highlighting the existence of a debate regarding VPN.
Relevant quote:
"Some argue that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well. In response, some VPN providers argue that they do not share information with third parties and state that their services are not intended for use by children in the first place. The Children's Commissioner for England has called for VPNs to be restricted to adult use only.
While privacy advocates argue that imposing age-verification requirements on VPNs would pose significant risk to anonymity and date protection, child-safety campaigners claim that their widespread use by minors requires a regulatory response. Pornhub and other large pornography platforms have reportedly lost web traffic following the enforcement of age-verification rules in the UK, while VPN apps have reached the top of download rankings."
Of course I'm not saying the EU won't regulate VPNs, but nowhere in this paper is "the EU" stating that VPNs need closing.
These dimwits (and I don't just mean those in EU) seriously want to stop adolescents from watching porn, and are ready to mess with internet infrastructure for that. That's a depressing manifestation of aging society
> seriously want to stop adolescents from watching porn
no, they want to pretend this is the issue, so that pervasive monitoring or permission and/or deanonymization is normalized. It is to serve the state apparatus, rather than any actual protection.
If it is possible to "pretend that they want something reasonable", it means that there is something reasonable somewhere.
Maybe some want more control, but most certainly not everybody.
> so that pervasive monitoring
If you haven't gotten the memo, pervasive monitoring already exists. To sell ads.
> or permission and/or deanonymization is normalized
For age verification, it's possible to do it in a privacy-preserving manner. Now people spend their time complaining about the idea and claiming that all who disagree are extremists, so it doesn't help. But we could instead try to push for privacy-preserving age verification.
what i personally don't like about privacy-preserving age verification is the single subsequent law change that would criminalize individuals for "improperly" doing age verification.
it'd be so easy to do, and would immediately make obsolete any measures taken digitally to preserve privacy
Are you calling me a corporate apologist? For one, corporations want less regulation.
"Being a hacker" does not mean "being stuck in the 80s", IMO. If TooBigTech cryptographically controls everything, it becomes harder to hack. Are you aware that the biggest restriction against jailbreaking stuff is that it was made super illegal... because it helps corporations?
Believe me, in some EU countries (like my country Poland) people are very sensitive for this kind of bullshit.
Last two times they tried to push other censorship/tracking laws (claiming as always "we have to, EU is making us") there were mass protests in every city and town.
In my own town of 5k people there were several hundred (500 people at least, probably more). And the previous govt backed down.
This topic seems to be coming back everytime certain countries (Denmark etc) hold the rotating EU presidency. Our current PM is certainly in the same EU clique that wants to push this so much, but it's an extremely unpopular position and he is already leading a weak minority coalition govt. It wouldn't take much to topple him, so he will not do anything like that (unless he is convicted people are distracted with some crisis, but that is where normal people come in. To keep watching what is being smuggled in).
I wonder why do voters in those countries that propose these laws tend to allow this to happen again and again.
It's because it's not about the opinion of voters, but about existing political powers that want to retain their power.
No matter what you (as population) say it will get implemented. If you don't, then they will put sanctions on Poland, withdraw financial partnerships, etc. Like with migrants, they are going to be sent there, even if Polish people vote against.
No matter if you are in favor or against, raising the topic will just make you socially be isolated or even legally punished in some places.
Sad for democracy and free speech.
EDIT: clarified about migrant policy and the decision of countries to choose or not
my personal opinion is it’s an all or nothing thing for immigration. you either reduce entirely for all groups or it’s racism and unfair treatment. everyone deserves an equal chance
There's something in-between that could work: allow everyone, kick criminals permanently, and give a path to permanent residence to others, or something like that.
I just made it softer (though I never mentioned race but economic migration), still can be too sensitive so let it be, just my opinion (I am in Eastern Europe and there the views are rather harsh, compared to Germany or France or Sweden)
The rise of authoritarianism? Inequality? Revival of geopolitical "realism"? Decrease in empathy and holistic thinking? Increasing willingness of the general population to engage in political adventurism? Accelerating resource consumption (and decelerating resource stocks).
And if you consider none of those "real" problems, I know some people seem to have forgotten about it, but what about climate change? Given the half-life of CO2 and methane, that's a problem as "real" as they get.
It's not really about kids looking at porn, it's about tracking everyone else and making it easier for state surveillance and corporations to identify people.
Kids don't have money and hardly ever manage to do crime without getting caught so they're profoundly uninteresting to surveil in this way, but adults are and here the interests of the state and corporations converge so they'll make a push for tyranny.
But how to make people accept it? Tell them they want to expose kids to gruesome tentacle porn, or else they'd support this. Few adults are willing to admit they even look at porn, let alone argue that this is an important activity that needs to be protected, which it is.
If you think that there is a need for new technology to identify people, I suggest you wake up and start getting informed about surveillance capitalism.
There is absolutely no need for new technology to track people, it's there already.
Also I feel like a big reason for age verification is social media. Many countries are trying to prevent kids from accessing social media (because we know it's bad for them), and age verification is the way to do that.
Badly implemented, age verification is bad. But there are ways to implement it in a privacy-preserving manner, which wouldn't make the current state of surveillance capitalism worse.
People who are actually interesting, are often aware of that fact and avoid surveillance at the moment. You can use tor/i2p, proper VPN setups, VMs, alternative mobile ROMs and other tech and cut most of the fingerprints, trackers and identification. Pretty sure the trash from state agencies doesn't like that.
But the current push from all sides to provide id for everything and remote attestation through Google and apple will make the alternatives very hard to use as it basically cuts such people from the economy altogether.
Need is a very strong word. I'd call it a desire. Currently you can often identify people, sure, but there's hassle involved. What they want to do is to plug in a private corporation separate from whatever service that is likely to be more loyal with the state apparatus than the service, or else it is easily switched out for another.
And corporations are having issues discerning bots from people without making access to their services a fuss or dependent on possibly idealistic and troublesome open source projects, like Anubis.
It's truly, absolutely, not about "age verification". If it were about protecting kids from harm they'd take money from corporations post factum that are offending. Instead they're preparing to spend a lot of money. You could also look at who is heavily lobbying for this, you'll find it is fascist tech oligarchs from the US. They couldn't care less about kids except for obscene or profitable purposes. It would be weird for them to be cosy with epsteinian networks of power and at the same time be mindful about the wellbeing of children.
> Currently you can often identify people, sure, but there's hassle involved
You vastly underestimate the current state of surveillance capitalism.
> You could also look at who is heavily lobbying for this, you'll find it is fascist tech oligarchs from the US.
Go in the street, and ask a bunch of random people: "If there was a way to prevent kids from accessing stuff that is bad for them, and it had no downsides. Would you want it?". I'm absolutely certain that not only fascists will say they would want it.
Adolescents, or kids? Would you say it's completely stupid to want to stop kids from watching porn, or accessing social media?
Did you grow up with free streaming platforms? Pretty sure many adolescents were accessing porn before those, though it was slightly less accessible.
I personally don't have a definitive opinion about porn (I feel like young kids obviously shouldn't have access to it, but it shouldn't be illegal to adults, but I don't know where the limit should be), but I feel like making it harder for kids to access social media makes sense.
I dunno, you have experience being a kid, right? Young kids are just not interested enough to look for porn, not to say figure out how to use VPN to access it. Lax restrictions like we have today are enough to stop porn from being forced on children who are not interested in it
The title is also the exact title for that paper’s chapter.
You are right at pointing out that the paper is overall presenting the subject in a balanced manner, unfortunately it seems a bad choice was made when it came to that specific sentence, that gives a venue for it to be fed in the outrage machine.
Even the, it's incredibly vague at best, equivalent to "The USA said that", which only makes sense in a context where the relevant spokespeople are well-defined (such as a UN assembly or something), but who is the general spokesperson for the USA or the EU?
Usually things like these are qualified like "the Department of Defense of the USA stated X".
But you single out just one paper. If you include all paper and discussions the picture is super-clear, and the title is not misleading at all. This has to be said.
> Of course I'm not saying the EU won't regulate VPNs
The word choice is quite revealing. You write "regulate VPNs". To me this is not "regulation" at all - it is restriction or factually forbidding it. It is newspeak language here if we dampen it via nicer-sounding words. It also distracts from the main question: why the sudden attack by EU lobbyists against VPNs?
> why the sudden attack by EU lobbyists against VPNs?
Live sports, they’re already assaulting internet infrastructure in various EU member states (eg. La Liga forcing Spanish ISPs to block cloudflare IPs during matches). With this in mind it seems less a case of surveillance state and more a case of corporate state capture.
I think all the identity verification schemes should start with the beneficial owners of companies. Governments have been lobbied to allow complete anonymity for the wealthy that own businesses doing questionable things while regular people are going to have to show id to buy food.
Yep... and to make it worse, nobody is trying to push them towards looking at privacy-preserving age verification: instead technologists try to convince them that they just shouldn't regulate anything. Which... may not work so well.
As someone who lives in a jurisdiction which does require such disclosure: it is a significant inconvenience for small businesses, and no benefit to the general public.
Do small businesses in your area have complicated ownership structures that it's significantly inconvenient to disclose the one family that owns, for an example small business , a plumbing repair company with 4 vans and 6 employees?
They might? If they don't and it is trivial to identify the beneficial owner, why is it necessary to create a requirement to disclose? The practical experience is that people are quite bad at this sort of requirement, that may well be a source of problems and that on aggregate making it harder to do business has a notable impact [0] on general prosperity. Don't needlessly put barriers in front of people who create wealth.
It isn't a stretch to imagine that a small business owner literally doesn't have enough time in their life to maintain their own health and run their business. There are some pretty grim stories out there, I can tell one based on a friend of mine who was working ... I think 70 hour weeks. Sounded rough. It isn't actually crazy to say they may not have an hour free to figure out what form they need to fill out and where to file it, or that they'd be too sleep deprived to get it right. Assuming that this thing is the only thing they need to disclose and there aren't any other pieces of paperwork that need filing (which we all know there will be).
Sure if they have to they'll probably figure it out in most cases, maybe it is trivial. But the businesses where a straw broke the camel's back don't exist any more to point at as evidence. It is hard to know.
You get extra spam. Any data that ends up on those public lists will be used to spam you. Some websites will also correlate all the data they have on you too, so you can get that spam at home too.
Basically, you have no privacy if you start a small business under these kinds of rules.
Your personal info becomes public because it's attached to the business information. This can include phone numbers, emails, full names, home addresses etc. All accessible online by anyone, including spammers, scammers, swatters etc.
The people who really want to stop VPNs are commercial streamers, especially for live sports. Regardless of state, or governing party, it always comes back to money.
Is there a notable difference between these two in most places? There _should_ be but in practice it feels like more and more places function closer to an oligarchy than whatever form of “democracy” they espouse to practice.
Governement should force companies to give parental controls tools. Gaming companies like Nintendo and Steam do that, I can create a kid account with parental controls.
Social media companies (e.g. Meta, Snap) are the first that should provide that but they don't.
Band and severely punish systematic violations of privacy.
Regulate the poison first, not the access to it. All this age verification nonsense is an admission that some platforms knowingly harm their users. And instead of fixing the issue by cracking down on the proverbial crack, governments make everybody's life worse.
I remain hopeful that one day, humans will regard the online advertising companies with the same scorn we do the tobacco industry and may they be ashamed and disgusted at our inaction.
> Doesn't mean that it's equivalent to giving them free access to those consumables.
Why do people on HN always need to look at things as a Boolean state? It’s entirely reasonable to have some preventative measures but acknowledging that there are ways to circumvent them and accept that as a reasonable conclusion.
Things don’t need to be “all or nothing” ;)
> Source?
I grew up pre-WWW. Literally lived and breathed the points I’m making.
But don’t just take my word on this. Ask anyone of a certain age and they’ll tell you the same: they either tried cigarettes or knew lots of kids in school who smoked under the age of 16. They had access to alcohol under the age of 18. And pornographic content was easy to get hold of under the age of 18.
The age at which they gained access and the frequency of the usage depended greatly on their upbringing.
> It’s entirely reasonable to have some preventative measures but acknowledging that there are ways to circumvent them and accept that as a reasonable conclusion.
I totally agree. That can be used as an argument in favour of age verification, though.
What does national security even mean anymore? People are using this term for basically everything these days, as if saying "national security" is somehow a justification on its own.
What "national security" implications are there with VPNs?
Just the fact that it takes NGOs and journalists to uncover tax evasion practices. The governments and tax offices aren't looking. CumEx was a scandal in 2017, and despite being known since 1992, has only recently led to just a handful of prosecutions.
To be replaced by the Irish tax department making direct deals that are essentially the same. But ONLY for specific companies (principle: big multinationals don't pay tax at all, local companies get big tax raises. Irish companies are dying, multinationals are moving to Ireland)
In case anyone wonders: this means the FANG companies don't pay tax in Ireland if they hire enough people in Ireland, which has famously high income tax. It is, in other words, effectively a massive tax increase on the employees while actually reducing total tax income in the EU compared to the "double dutch sandwich".
Note that Ireland signed at least 2 international treaties that they weren't going to do this (OECD minimum tax treaty, EU tax treaty). Of course, there are no consequences to this.
The response to is that EU is exploring company-tax-per-transaction which is so incredibly bad in the massive administrative burden it will generate. It's not final, but it will mean that for every transaction done companies will have to keep (PER transaction) pieces (plural) of evidence for what country they happened in. Every single transaction.
Lots of governments give tax exemptions to selected industries (film comes to mind) or even companies (Foxconn/TSMC); I don’t support this behavior, but I don’t see what makes Ireland special in this regard.
And the answer is simple: because countries sabotage each other's tax income when they can, even within unions (like US or EU, hell I'm told it even exists in Russia).
And with mobile capital, like multinationals, they can.
Ireland violated international treaties, multiple, to do this. Oh and they call it a huge success (despite that this will obviously suddenly crash and burn when other countries either block it or give better deals).
Oh and it cements the power of American multinationals over local EU companies, when the Irish government publicly and loudly claims they intend the opposite, and for reasons I don't understand, people seem to actually believe them.
Why? Isn't your age verified when you renew your drivers license? Purchase something on Amazon?
When I was a kid, child programming and commercials were heavily scrutinized. Now any kid can access porn, violence, and scams on the internet. That's a blight. Not age verification.
Broadcast TV had a very simple solution to this problem: Only air the not-for-kids stuff at times of the day when the kids are already asleep, i.e. late in the evening or at night.
It was still the job of the parents to set the bed times etc, but at least this was something the parents could actually control.
And for pay-per-view stations with actual heavily violent or pornographic content: Yes, they were absolutely age-gated, usually via a PIN.
This is correct. I think the difference is that the PIN actually is an effective tool that parents can use to keep their kids from watching this stuff. It's also default-deny as the PIN is pre-set, and the parents would have to make a conscious efforts to allow viewing.
Im contrast, the internet is default-permit: Everyone can access everything, unless the device is specifically set up to block it. Setting up such a block has the risk of causing massive drama with your kids, and they fill probably quickly find ways to circumvent it anyway.
This is why I find the "it's the parent's responsibility" calls so hypocritical: The whole idea behind the internet is to make it as hard as possible to block things. But suddenly we expect the parents to do exactly that? How?
(All that independent of the point that the current push for age verification really seems like a disguised push for control. But that doesn't mean there isn't a real problem. Both things can be true at the same time)
Before the Internet you had to work fairly hard to get a Playboy centerfold where the model just had her breasts out. Now you can effortlessly find endless depictions of anything, including the most depraved sex acts you can possibly imagine. The ease of access and breadth of content available to kids today makes it qualitatively different than when we were kids.
That does not, of course, mean that age verification laws are the appropriate solution. You could even argue that it's not a problem that kids have access to all this stuff (though I don't think I would agree with that). But you can't just hand wave it away by saying "we looked at porn on paper when we were kids". The situations are not at all the same.
How can you define a tax loophole then? Since there isn't a thing you can do called a "Tax loophole", but rather a collection of otherwise totally legitimate practices, just used as an optimization, they are impossible to define, and as such, be scrutinized. It's a neverending whack-a-mole...
People keep looking at the consumer privacy vpns , but there's a huge field of commercial vpn usage for a broad spectrum of tasks in the european union. Point to point tunnels connecting two sites into a single network. Allowing access to (corporate) resources via laptops and mobile devices. Fixing the one way nature of crappy internet that most people are forced to work with these days (or simply never realized), etc etc.
Basically if you want to do any sort of remote work, I'm not saying you're necessarily using one right now, but the odds are good. Possibly the politician's own IT back-end might have ... opinions... on the ability of the executive to overly check the legislative too.
I have a question that's been going through my mind -
Why is age verification connected with identity verification?
I understand why the former is not possible with the latter, but my question is -
Whichever entity is responsible for the verification can just pass on the age verification confirmation without passing through any of the other details, right?
Am I mistaken here? Because if this was possible, I could still go ahead with using the VPN.
This seems to be what "double-blind" verification is doing:
> The report highlights emerging approaches, such as “double-blind” verification systems used in France, where websites receive only confirmation that a user meets age requirements without learning the user's identity, while the verification provider does not see which websites the user visits.
It's a question of blind trust in your government to respect this, when they themselves control the age verification apps, at least in the EU who wants to impose its own system and not rely on an autonomous third party.
It is cryptography. Just like you don't have to blindly trust Signal with end-to-end encryption (their client app is open source), it could be implemented in a way that you don't need to blindly trust your government.
From a tech perspective it has been a solved problem since about a decade ago, via DID (decentralised identities) and their Verifiable Proofs.
The EU digital wallet framework is built around those, and your suggested scenario is a first class citizen.
It is now moving from the academic/research world, to the political field, and feedback/pressure from both commercial groups and political agendas is muddling the field.
Here are some links to canonical docs, you can easily find high quality videos that explain this is shorter/simpler terms to get a grasp of it.
You are right, it is possible to do age verification in a privacy-preserving manner. Feels like most people being very vocal against the idea don't know about that.
At least most complaints I see here are assuming that age verification means tracking.
Too bad, there could be interesting discussions about privacy-preserving age verification, if people just bothered getting informed before complaining.
We already have privacy preserving age verification: the website asks for your age (or just whether you're over 18), and lets you through.
There's no issuing party to collude with to deanonymize users, no hard requirement on owning a Google- or Apple-vetted smartphone, and generally no way to identify me besides my choice of random numbers.
You move past that, and people rightfully tell you that your scheme outright breaks privacy, or that it makes too many assumptions or is too complex to easily verify it actually preserves privacy.
Governments already have everyone's ID, including DOB. They say that the problem is non-adults accessing adult sites and services. So therefore, the sites need to know that users are over 18 (or the selected government age).
There should be a standardized government ID service/API that allows a person to let it disclose their age (or other user selected information) to a requesting site/service. That's all that is needed if the government ID service has appropriate 2FA and security.
Both the request and the response can be appropriately anonymized so that the government doesn't know the site, and the site doesn't know the person's identity.
Why isn't this a thing yet? As far as I know, no one has proposed it.
In theory, every EU state will have to support this soon so users can use it to verify age privately online. Still work to do to roll this out for real, but the technological part is very much already happening and I think the rollout plan is committed.
The german gov id supports that. They have a PKI and the id is a smart card with a cert and private key on it [0]. It lets you answer the question "are you over 18" with a zero knowledge proof. I guess it only proves you have in your possession a valid id AND know the PIN to it, but that should be fine. France apparently has this, too, according to the article.
No. You seem to not understand how government works. It will never be anonymized so it's an awful idea, you basically suggest to link accounts to a passport.
> Both the request and the response can be appropriately anonymized so that the government doesn't know the site, and the site doesn't know the person's identity.
Yes that's how it's done in France for instance, and generally how it's being discussed in the EU.
Exactly. Governments that really care about age verification should provide the tools to do so. They have the means to do so without violating privacy. Something like the Dutch DigiD service (the one they're about to sell to the US despite literally everybody opposing that) would be a great basis for this; just add an age verification service to it. They already know who you are in the most legal sense possible.
> There should be a standardized government ID service/API
Most European country already have one, some are still testing theirs. They're required by the EU to make one accessible to their citizens by the end of this year, in the context of the eID project [0].
In Russia we have gosuslugi.ru (state services), which nowadays requires 2FA and hasn't been compromised in any major way so far.
Among other things they provide a way for a third party to use it as identification service and a user chooses which data about himself he wants to share. No anonymity, though, and I don't see how it can be implemented so that the verification provider doesn't know which service is requiring age verification.
You seriously think Russia's state services are not compromised by intelligence?
Also, yea, no anonymity is the problem. Why would you want your government to be able to track every single website you've ever visited -- especially considering we're talking about an autocratic regime?
I'm astonished at the naivety on display on a community called "Hacker news."
>You seriously think Russia's state services are not compromised by intelligence?
The state services are required to assist intelligence and law enforcement in lawful investigations, the intelligence don't need to compromise anything.
>Why would you want your government to be able to track every single website you've ever visited
I don't want anyone to track every single website I visited.
>considering we're talking about an autocratic regime
Glad you see the EU for what it is.
The problem is that verifying age requires disclosing your identity and the fact that you use a certain service. Whoever is the provider of such verification, it learns too much about you.
Is the state a worse choice for that than a commercial entity that has fewer resources to secure itself against hacking and might even sell the data itself?
I would rather not have age verification at all and glad there is no such thing in Russia (yet?).
"hacked", such a shame what happened in the background; it was a teenager who saw some url like "view_my_id_documents?id=1234" and just incremented the number, and could download the documents of other people (did on dozens of millions).
Age restrictions + VPN bans + encryption restrictions + client-side monitoring + restricting general purpose computing.. It's just rapid descent into digital fascism set up by people who have no ability to see how the dots will end up connecting.
Speaking from the POV of my country, you absolutely have prime minister + minister level understandings that seem to plainly be based on issues such as "we need to stop children from bullying each other on social media", "we need to help police surveillance to stop crime", "we need to protect people from internet porn" etc, and it seems to be that the political capital and will to create these measures comes from short-term attempts to solve certain problems, without being able to understand how a broader set of these measures will together create digital fascism.
Beyond that I fully believe there are intelligence agencies, advertising agencies, military interests, IP control interests etc that are all working very diligently and in more targeted ways to each achieve their goals better by pushing for specific measures and helping to amplify moral panics to build the necessary political capital.
I am sorry you see it this way, when the very subject at hand is a practical example of how the EU has planned and built a wallet around the very same ideas you seem to cherish.
Unfortunately, now that it comes to the news cycle, it’s easy to get outraged around misleading headlines.
I encourage you to invest time in researching what the EU has done in the past decade around digital identities and their framing around privacy questions on this. I hope you will find, as I do, that it moved the needle in t he right direction.
I don't care for a limited and selective best-possible interpretation of a subset of measures viewed in isolation. The point is that a broader set of vectors are being used continuously to gradually ensnare and limit digital freedom.
This is not a misleading headline, this is a document from the European Parliamentary Research Service that calls out VPNs as a technology that may need to be moderated in order to enforce restrictions such as age verification.
As you are calling me out - specifically answer how restricting access to VPNs would benefit the freedom of thought, communication, and information within Europe, and not be something that - together with other measures - can help facilitate digital fascism.
VPN usage increased, but how to they draw the conclusion that this is children. I think it's more likely that adults are using VPNs to not have to deal with the ID process. I would do that.
As VPNs usually cost some money, which is already a barrier for minors.
VPNs are essential tools against government persecution. Linking identity to a VPN session under any guise (age verification or otherwise) is something out of the playbook of dictatorial states.
Perhaps these legislators are addicted to porn and don't want their children to do to themselves the same they have done. Would explain their obsession and relentlessness to get this done.
It's just a pity they are destroying the internet while doing that. They should be attacking the companies making money from porn instead.
And by the way porn can damage your mind even after 18 so age verification is not a real solution anyway.
Porn addiction has been shown not to be a real thing.
People who believe they are addicted to porn view porn at approximately the same rate as other people: they just feel more guilty about it, due to being raised to believe that it is shameful.
That's absolutely ridiculous. Porn addiction is 100% a real thing. You can't hand wave it away by saying "porn is actually ok, the problem is just that they believe it is bad so they feel shame".
The article gave one anecdotal example of a person who misdiagnosed themself and then tried to make a broader point by disregarding the definition of addiction. Addiction is not just how many times a compulsive behavior is done. It’s the inability to regulate oneself for the behavior often at the expense of relationships or other responsibilities. If you’re looking at porn when you should be working, that could be addiction, for example. Apply that to relationships too. If you’re looking at porn and masturbating instead of being with your spouse, that’s addiction too.
I agree that age verification is old perverts addicted to porn simply projecting their problem onto others. Kids after a day of continuous swiping of tiktok and instagram want tattoos and bitcoin.
Ah yes, the most pressing issue of our times. Mandatory surveillance of every person's activities is a reasonable solution to the critical issue of teenagers watching porn, who totally won't be able to bypass this by... grabbing Dad's phone.
Obviously, it's not about the children. It was never about the children. If I had my way every one of these people would be taken to a gulag, because they are evil, have evil intentions, and blatantly lie to further their evil goals. I am tired of the intolerant being tolerated, and by allowing this to fester we are headed for a much worse totalitarian dystopia.
All accounts and that are important to kids have are being tied to their real identity and they won’t be able to get a new one if they’re banned. The potential for social engineering is insane.
All of these ID laws are going to make it more dangerous for kids online IMO.
“Hi I’m a Roblox moderator. Your account was reported for X and you’ve been temp banned. Come to platform Y to appeal. Start by submitting all your personal info and a selfie.”
And it’ll be completely normalized by big tech. Seriously. WTF are they thinking?
First, I should say that I am against online age identification. But if we are going to get age verification because the larger population wants it, I definitely prefer the EU's privacy-preserving age verification that uses zero knowledge proofs (yes, they have issues too) over private companies doing age verification, requiring uploading scans of your ID, filming your face, etc. For the reasons that you mention (people can easily be tricked into giving information to the wrong people), but also because I simply do not want my data to be in the hands of random private companies that will sell the data, give it to Palantir, etc.
That makes this fight so annoying, we have to fight age identification, while at the same time also promoting privacy-preserving age verification for the case it happens anyway.
I think this is folly. You cannot communicate this level of nuance at scale, especially when faced with opposition that actively lies to achieve their goals.
Quoting an older post...
> In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario.
In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses
I do not (completely) agree with this. This seems like the very typical US-centric view of politics. A lot of members of the European Parliament are not corporate puppets and have ideals (even if they often do not align with mine). Why would the EU come with a ZKP-based verification reference app if they were sock puppets? The corporate sock-puppet politician would just push the narrative that age verification should be left to the market (which is probably what happens in the US, where most politicians are sock-puppets due campaign sponsoring, etc.).
You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements.
We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Also, in the case of the EU, they made a reference implementation of ZKP age verification and asked national governments to roll this out in their apps. One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart), so if national software development agencies use the reference implementation as-is, it shuts out competing systems. They should have used AOSP device attestation, which is also supported by GrapheneOS, etc. So, besides protesting age verification, I'm trying to get the message to politicians that how device attestation is done in the reference implementation is an issue. The thing that might help here is that sovereignty is also high on the agenda.
> We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Without the population on your side, it's some insignificant minority's words vs. corporation's power determining where the lines get drawn by regulators. The people can put a leash on politicians who cave too hard to corporations by voting them out of office, but if they don't even understand the issue and have been conditioned to accept age verification, that will never happen.
> One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart)
I am confused as to why you suggest my view is US-centric, and then go on to acknowledge that the EU is currently in the midst of rolling out regulation that de facto enshrines the Google+Apple duopoly in law. The EU bureacracy seems to be just as captured by corporate interests as the US. At times, they put up a token protest against Apple/Google, but generally only insofar as to promote competing European corporate interests where applicable. The EU would certainly prefer to serve European corporations over American ones, but the European people don't seem to factor into the equation at any point.
the EU is currently in the midst of rolling out regulation that de facto enshrines the Google+Apple duopoly in law
It isn't, it's not enshrined in law, de facto does a lot of work here. IANAL, but I'm pretty sure such a requirement will not hold up in court either. Besides that, the developers of the reference app have stated that national apps do not have to require strong integrity from Google Play Integrity. It seems like they took the standard platform path either because they did not have time the time or knowledge to do anything else.
At any rate, I'm optimistic that it won't require passing strong integrity in my country. Age verification will be added to our national ID app (DigiD), which does not require passing strong integrity, even if it is used for more security-critical applications than age attestation.
No, they shouldn't have used any attestation. If they are using sound cryptosystem for their ZKPs, they don't need to care at all about what hardware and software I'm using.
>In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses
Are you seriously blind? Do you genuinely believe politicians don't legislate in ways that benefit corporations over individuals? Or do you genuinely believe the sudden worldwide push across dozens of countries to surveil all internet access, prevent VPN usage, and lock down devices at the OS level is the result of an organic, grassroots desire to protect children no matter the cost?
Politicians do things that are likely to get them reelected, e.g, passing legislation that is broadly supported by their voters. Passing legislation that their constituents do not like will not increase the chances of them getting reelected.
If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
> cloak surveillance laws in "think of the children" to rally support from the masses
Politicians lie to voters to get them to accept things they would otherwise not accept. That was literally central to the entire comment you were replying to. "But the children" and "But national security" are essentially a free pass to enact any legislation a dishonest politician wants with support from a population that cannot stay fully informed on the nuances of the incredibly complex modern world.
> If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
I feel like I could gesture broadly at everything. As noted, people will support something when lied to, but even without public support it's obvious that this happens. Off the top of my head, Trump's corporate tax cuts in 2017 might be one of the most clearcut examples of something that benefitted corporations over individuals, was lobbied for by corporations, and was high profile enough to have public polling while being so blatantly unjustifiable that said polling demonstrated the public was clearly against it.
>Off the top of my head, Trump's corporate tax cuts in 2017 might be one of the most clearcut examples of something that benefitted corporations over individuals, was lobbied for by corporations, and was high profile enough to have public polling while being so blatantly unjustifiable that said polling demonstrated the public was clearly against it.
The 2017 tax cut law was extremely popular among republican voters, so I think that goes towards what I am saying.
I suppose that was a bad example because Republican voters don't have a single policy they stand by, only party loyalty. eg. Republican voters were staunchly opposed to war in Iran until Trump did it and then support skyrocketed.
That will only very rarely happen. Do you actually know people that will just give you their phone so you can watch porn? For more than one minute? People are so addicted to their phones.
> it's not about the children
It's also about the children, but there surely are parties which use the process to further their own goals.
> Do you actually know people that will just give you their phone so you can watch porn?
They don't ask for it, they take it when you're busy or sleeping. Teens certainly weren't asking for Dad's VHS tapes or magazines when I was a kid. I suppose this problem is solveable, too, though. Mandatory biometric locks on every device capable of accessing the internet, why not?
> That's not the right quote for this case.
It is. These people are fascists. Their goal is to create a society where the government has a permanent record of everything every person is doing, monitored 24/7 so nobody can defy it. The point about tolerating intolerance is that by abiding such people, you allow them to create an intolerant society, thus it is prudent even in a tolerant society to be intolerant specifically towards those whose goal is intolerance.
That will be quite noticeable. And tricky if it's face or fingerprint locked, something I see in all phones around me are. Daddy likes his privacy too.
For the rest: rant on, but it'll only reduce your audience. One thing we can learn from history: calling people fascists doesn't work.
One thing we can learn from history: tolerating fascists really, really doesn't work.
If it's not clear, the point of calling fascism what it is, is not to convince the people who are being called fascists of anything. They cannot be convinced of anything, because they are fascists. The point is to highlight, to people who are already amenable but complacent, that a greater sense of urgency is needed. Our societies are currently sleepwalking into a dystopia that will make the Gestapo and KGB look like child's play. There will be no revolution, no liberation, no resistance if our governments are allowed the degree of control they're seeking. Once complete surveillance is established, communications are controlled, and freedom ceases to exist, it will be lost permanently this time.
Can you not be disingenuous beyond belief? That is not even remotely close to what I said. What I take issue with is that the solution is worse than the problem (and does not even solve the problem). We can solve all problems of society if we lock everyone in an isolated prison cell 24/7 except under strict supervision when working or studying. That, obviously, is a fucking insane idea. Yet it is what we are creeping towards when you defend government surveillance of every person's device usage. A solution to a problem should not be 100x worse than the problem it allegedly solves, and this is doubly true when it doesn't even solve the problem.
Obviously, not all solutions have to be 100% solutions to problems. Indeed such solutions very rarely exist in the real world. But they do need to be less of a problem than the original problem, and the more invasive they are, the more you'd better expect they solve a serious problem as comprehensively as possible rather than barely addressing a trivial problem.
Your children would certainly cherish and respect you for it.
Many such cases, in fact! Which you of course don't know about. Because anti-prohibitionist narratives don't cause Number to Go Up.
What's safer: if you were to provide them with secure access to a substance that is risky only when used irresponsibly - or if they had to acquire it illegally off the street, and were to consume it in some sketchy environs away from your oversight?
On the other hand, setting boundaries meant to be crossed - such as a restriction on substance use that "they will violate anyway" - is parental betrayal, and risks bricking your child.
Also many such cases! Which you also "don't know" about. Because you prefer to consider unhappy people less-than-human, and parents are only happy to sweep their failures under the rug. Even if it means giving their child to the torturers.
From one sentence you wrote "as if it's obvious", I can see that your sense of ownership over your progeny trumps your concern for your children's safety.
A lot of resources go into subsidizing your unsustainable lifestyle, which you yourself only tolerate thanks to constantly impairing your cognition but perfectly legally.
Similarly, a lot of resources go into silencing and/or exterminating people like me; yet, last time I checked I was still kicking and spitting.
Both of these economic dynamics, ultimately, serve to perpetuate a multigenerational Ponzi scheme which treats humans as property. Notice people getting into debt younger and younger? Yeah, that.
Some EP commitee writes a report about some UK (not-EU) person stating "VPNs are a loophole that needs closing".
> A loophole that needs closing
[Some argue] that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well.
People pointed that out quite a while ago already. Age sniffing is a joint attack on the freedoms of people, which explains why these lobbyists also try to abolish VPNs. Their vision for the world wide web is one of authorization. Ultimately they will fail, but a few get rich here in the process.
Ugh. Here we go again. Europe’s politicians just cannot stop with wanting to control everyone and everything. It’s as if bureaucracy is the actual goal. Privacy and anonymity should be protected by law. Not violated by law.
I listen to a bunch of (mostly left) podcasts where they sometimes invite members of the European parlement and while I can agree with some of their opinions its downright scary how they think about regulations.
For everything that's wrong in society the answer seems to be more and more regulations. The negative effects (such as the lack of European AI companies) are then waved away (it's because Europe spends their money on American AI instead of investing in EU AI).
The goal is privacy and anonymity. Removing them that is. They don't care about teenagers watching porn, what they want is to know what every person is reading and saying, and being able to punish whoever says things the eurocrats don't like. That's the reason the age limits are not set in the device by the parents, but you must give your id to some entity.
> Within the EU, multiple attempts at pushing changes in opposition to this have been proposed, debated, voted on (and rejected), as democracies do.
If 51% of people want to do something wrong, they should do it to themselves and leave the other 49% alone. Democracy is not an excuse for doing the wrong thing and going "oh well, guess people want it".
>Almost seven in ten (69%) support age verification checks on platforms that may host content related to suicide, self-harm, eating disorders, and pornography.
Sometimes the majority is going to make a decision that you do not like, oh well, that is the cost of living in a democracy. People in "terminally online" spaces like HN vastly underestimate the popularity of these laws.
>>Almost seven in ten (69%) support age verification checks on platforms that may host content related to suicide, self-harm, eating disorders, and pornography.
>>eating disorders
I'm genuinely sorry, but... wait, what? Okay, suicide, somewhat understandable (although some forums where people just share their feelings are endangered by this). Same applies to self-harm. Pornography - well, at least I can understand the motive/justification, although I don't welcome such intrusions in personal privacy. But eating disorders? What? I'm sorry, WHAT? Where's the reasons behind this? Any adequate justification? I apologize, again, maybe I don't understand the thing, but how eating disorders ended up in the same line as suicide, self-harm, pornography and similar?
It sometimes even forces governments to collect more data on their own citizens like in Romania.
The only difference between the US and the EU is that the EU has somehow managed to convince a bunch of useful idiots (not saying that you are part of it) that it is better than the US when in reality its the same shit just with a different color and smell.
If you want protection from the government, you should most likely emmigrate to countries that really care about that - like United States of America. They spent a lot of time adding laws to protect themselves against the government.
Sounds more like they should have sand-boxed white-listed school networks for known publishers in each age group.
Then leave the rest of the world out of domestic failed parenting nonsense. However, policy would still likely fail given the cruelty youthful ignorance often brings, and persistent 1:100 child psychopath occurrence rates. =3
Here we go again with new restrictions on civil liberties. This is Chat Control all over again.
The EU won't stop until it has access to all your data, all your messages, anything you read, save, send will be scrutinized by the the big great EU and it's little minions.
Hey, at least we get the freedom of movement right?
Too easy to dunk on the EU. The UK, USA and Australia seem to have reached the same conclusions. In UK all young males now have a VPN rather than do whatever you’re supposed to do to see porn. VPNs went from “nerd talk” to “vpn=porn” in the space of weeks. Whatever is next will suffer a similar fate.
There is no such thing as the EU wants X. There are huge differences between what the European Commission, the European Council, and the majority of the European Parliament want.
Most of the anti-privacy crap hasn't happened thanks to the EU. Particular countries and lobbying groups have been pushing this through the Commission and Council and most attempts have been rejected by the EP.
If we didn't have the EU, some countries would have long introduced this nonsense (like the UK). But in the EU that does not make much sense, since there is a single market, so you have to enforce it EU-wide.
The European Parliament + courts of justice/human rights are one of the last beacons of democracy/freedom worldwide that resist upcoming authoritarianism. We should support them and remind the Parliament over and over again that they should be continuing the good fight.
---
By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
> By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
Disclaimer first: I'm not trying to protect him and I'm not tied to him in any possible way. But since when constantly expressing your own opinion (that's what I assume given the age of the account; maybe I'm wrong, but this seems rather like a person than a bot) is a deliberately malicious activity (as implied by your "trying to sow dissent" expression)? If their opinion doesn't match yours, it doesn't mean that they're evil or something similar. It just means that your views are different.
Politics and tech are basically intertwined at this point. Tech is also intertwined with Geo-politics, tax policies, mental health, and a bunch of other issues.
One cannot talk about tech without talking inevitably of the second or third order effects that derive from it which is again almost inevitably linked to politics either in the US or elsewhere.
Even on HN there is been a surge of users who instead of defending their arguments or positions on certain sensitive topics such as the EU prefer to simply smear the opposition.
I write about the EU a lot because I live there and I am especially interested in what the EU is doing regarding tech.
I am especially critical of policies that target my private life and it irks me to no end that some people will claim loud a and clear that I should simply be grateful for what the EU is doing when the EU's actions in a lot of matters that I care about have either been deceptive and/or completely went against the supposed principles that the EU is supposed to have.
> Calling out blatant lying and bot propaganda isn't "smearing the opposition".
I am not sure what you are trying to get at.
Are you implying that this new draft is not in any way related to the recent Chat Control proposal that wanted to intercept all encrypted messages on phones in the EU, this same proposal that has been debated many times here on HN?
If so, then I am sorry if you think this blatant lying. You must have not been paying attention nor have read the many drafts of this law.
This proposal of tightening regulations around messaging apps and VPNs is being pushed as part of the other pushes for digital identity, age verification and potentially linking online identities to your real identity.
This is not happening just around Europe. It's also happening in the UK, Australia and more and I disagree with everyone of them.
This is not a conspiracy theory, this is publicly documented information that has been reviewed by journalist of all sides and has been decried by many human rights organizations who rightfully see all these moves as wanting to remove fully or partially the anonymity that the internet has provided thus far while curtailing freedom of speech.
> It's disgusting that people run here, write utter complete lying bullshit and then you attack folks that say "hey, this is complete bullshit".
I haven't attacked anyone. I am not sure what you are talking about.
I was the one who was attacked ad-hominem by OP who casually hinted that I was either a troll, a bot or working for Russia or China when the truth is that I am simply a EU citizen who is dissatisfied with the way the EU has handled a lot of it's tech regulations and I am simply voicing my personal opinions on these matters just like anyone else does in these threads.
Maybe you don't share my opinions and that's fine, we don't have to be friends.
> Be better
I will interpret this comment as simply someone who sees himself in the right and looks down on everyone else as poor souls needing to be guided to the light. This is not Reddit, you can get off your high horse now.
The recent chat control proposal was shot down by the EU parliament.
It was proposed and pushed forward by member countries represented in other EU inatances. It seems obvious that governments of at least some member countries want this crap and try to get in implemented via EU. When it reached the instance that is more sensitive to public opinion, it was shot down.
This is why I tend to look more favorably on the EU than on any member state government.
The obvious solution is having the EU to be more representative. I dislike how entities like the EU Council and EU Commission are sometimes used to launder some countries' governments authoritarian intentions.
> There is no such thing as the EU wants X. There are huge differences between what the European Commission, the European Council, and the majority of the European Parliament want.
Of course there is such a thing as EU wants X. The commission drafts laws and presents them to the MEPs who vote on them. The MEPs do not have the ability to propose their own laws. So all these bullshit laws that are voted on originate from the commission.
If I tell you that you can have a red balloon and you only choice is either to accept or reject the balloon, then you don't really have a choice do you? You can't say I want a blue balloon.
> Most of the anti-privacy crap hasn't happened thanks to the EU. Particular countries and lobbying groups have been pushing this through the Commission and Council and most attempts have been rejected by the EP.
Most attempts? And that should somehow reassure me?
When Romania protested that this was illegal under their constitution, the EU sued them and forced them to spy on their own citizens. So thank you but no thank you.
> If we didn't have the EU, some countries would have long introduced this nonsense (like the UK). But in the EU that does not make much sense, since there is a single market, so you have to enforce it EU-wide.
On the contrary, if we did not have the EU then it would not be such a problem because the same people who are pushing for this crap would have to repeat the same process 27 times, one in each country and they would have to convince/bribe their way into each government. Instead they can now push this stuff through the commission and it gets voted on and if approved gets applied to 450M people in one go.
That is the definition of single point of failure if I have ever seen one.
> The European Parliament + courts of justice/human rights are one of the last beacons of democracy/freedom worldwide that resist upcoming authoritarianism. We should support them and remind the Parliament over and over again that they should be continuing the good fight.
Do we now have to resort to this sort of emotional arguments? The EU as a whole is 27 countries, the world has more than 200 countries today. Are you claiming that most of them are hell-hole under some sort of tyrannical government? You can't be serious.
This is my problem with the EU supporters these days, you guys are so quick to shove in everyone throats the amazing stuff that the EU supposedly does for us every day but as soon as someone complains, you revert to using the same tactics as populists with the US vs Them rhetoric, the emotional manipulative language and what not.
Also your last paragraph is in complete contradiction with your previous statement. Somehow the EU/European parliament is the last bastion of democracy/freedom but it stills wants to access my private messages and emails (for my own good of course), and now it wants to force VPNs to record identifying information of its users (for our own good again).
If what you say is true then we wouldn't be having this conversation because anyone who proposes this sort of law should have been ostracized and kicked out of the commission in no time. Yet here we are.
> By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
Ha, yes, you got me! I can see that when the push comes to shove it's easier to go for the subtle ad-hominem or character attacks.
God forbid someone in Europe could have any issues with the way things are going at the moment. Seems highly suspicious.
Should I send you a copy of my EU passports? Maybe that's whats going to be required in a few years time to post online if the all-mighty EU gets its way but I can understand if you want to start doing the policing early. After all we can never be too careful.
By the way, I love the new definition of democracy theses days: agree with us about everything or we will consider you a Chinese/Russian/Populist/evil (take your pick) troll.
Its perfectly fitting with the way the EU is trending down towards authoritarianism and subtle freedom of speech suppression.
In case people no longer remember, when China started to require websites to register for a license before be allowed to operate, it was for "protecting the children" too.
This simple policy then goes on to silence most individual publisher(/self-media) and consolidated the industry into the hands of the few, with no opportunity left for smaller entrepreneurs. This is arguably much worse than allowing children to watch porn online, because this will for sure effect people's whole life in a negative way.
Also, if EU really wants "VPN services to be restricted to adults only", they should just fine the children who uses it, or their parent for allowing it to happen. The same way you fine drivers for traffic violation, but not the road.
And if EU still think that's not enough, maybe they should just cut the cable, like what North Korea did.
Just a recap how it happened in Russia:
1. First, year ~2015 legal framework was created under disguise of banning pirated media(specifically torrents.ru)(legislative push). State-wide DNS ban introduced. Very easy to circumvent via quering 8.8.8.8
2. Then, having legal basis, govt included extra stuff in banned list(casinos, terrorist orgs, etc)(executive push). IP bans introduced, applied very carefully.
3. Legal expanded allowing govt to ban specific media on very vague criterias(legislative push). IP blocks tried on some large websites. DPI hardware mandated to be installed by ISPs to filter by HTTPS SNI(executive push).
4. At ~2019 Roskomnadzor(RKN) created, special govt entity which enforces bans without court orders(legislative push).
5. ~2021 sites become banned if they are not filtering content by Russian laws by request of RKN(executive push). VPN services were obligated to also DPI-filter traffic(legislative push).
6. ~2023 Crackdown on VPN started(executive push). Popular commercial services were IP-banned, OpenVPN and IPSec connections selectively degraded by DPI.
7. ~2025 Heavy VPN filtering(vless, wireguard, etc) introduced(executive push). Performance of certain sites were degraded(youtube, twitter, etc).
Similar stuff is happening in Turkey as well. Afaik with ipv6 adoption goverment mandates DPI hardware at ISPs. It was voluntary for ipv4 traffic.
DPI = Deep packet inspection?
yes
and yet my friend in Moscow is able to use VPN to get around all this
This is very up to chance. Sometimes the VPN works, sometimes it doesn't. Sometimes it's fine on the home Internet, but fails on the cell data, sometimes it's otherwise. And it is fine if you're somewhat tech savvy and okay with tinkering with settings, but a huge pain for the older relatives.
But you are asking logical questions. You are thinking and talking too much for a World citizen in 2026. "Reasoning" is a reserved word for chatbots now, so we humans are not allowed to do that anymore. We can only obey like a bot and pretend all the lies they tell are the truth.
BTW I live in Turkiye where the government banned ALL the adult websites around 2008. Even as an adult you can't access them. This year they are banning VPNs, introduce age controls and ID verification COORDINATED with the rest of the world. Also banning some games, control social media, and basically make it legal to control and track everyone on the internet. What a coincidence that similar attempts are simultaneous in many independent countries.
And no, children have not been really protected in Turkiye since 2008.
Grab a SIM-card from Bulgaria with roaming enabled. Internet is routed through the Bulgarian ISP even when you are in Turkiye. Full internet access, no VPN required.
Until the three representatives from Bulgaria and the ones from the other EU countries win out lobbying for ChatControl and expand it to VPNControl too.
You have to tolerate 100ms ping.
Not only that, sprinkle a bit of hate speech laws on top and then you got rid a lot of political competition that could disagree with you
> BTW I live in Turkiye
No, you live in Turkey. That is what the country is named in the English language. People can render it in Turkish however they like, but in English it's "Turkey".
You always hear the argument "protecting the children", because anyone oposing the regulation/laws can be labeled at best "exposing the children to danger" or at worst "pedofile". So as a consequence at best the oponents of such regulation/laws should not be listened to, or at worst they should be put into prison.
https://en.wikipedia.org/wiki/Think_of_the_children
The excuse has to be something nobody can appear to be supporting (pedophilia, terrorism, nazis, etc.). It's not only an appeal to emotion, it's also a false dichotomy, a loaded question, guilt by association.
Others look at this recipe and can't help but notice its effectiveness. Eventually nobody is beneath pulling this kind of logic, even if they were the ones crucifying it just a few short years ago. The weaker the leader, the more likely that that they forget where they wrote down those principles of theirs and resort to this crap.
> In case people no longer remember, when China started to require websites to register for a license before be allowed to operate, it was for "protecting the children" too.
Indeed I do not remember this, nor can I find corroborating evidence that there was much of an effort to justify the requirement to the public at all. As far as I can tell, the government simply decided that they needed more control over the internet, so they made a law to give themselves more control over the internet. https://www.gov.cn/gongbao/content/2000/content_60531.htm It has no special provisions limited to children that only later got extended to adults. (Meanwhile, restrictions on how long children may play games continue to only apply to children, AFAIK.)
Not only in China. Russian internet cenzorship also started as a "children protection" measure.
Ursula von den Leyen has been pushing internet blocks in Germany for the sake of the children since 2009. Which is when "Zensursula" nickname has been coined. You don't need to look far to find the same thinking by the people in power.
> In case people no longer remember, when China started to require websites to register for a license before be allowed to operate, it was for "protecting the children" too.
People don't remember because it didn't happen and the license wasn't about protecting the children. But it's so convenient to just blantantly lie on the internet nowadays, isn't it?
Just like the title of this article blatantly lies about "EU" doing something.
One of you ought to find out what really did happen, and tell us. I can only do the lame thing and quote Wikipedia:
> China had no such legislation until 1997. That year, China's sole legislative body – the National People's Congress (NPC) – passed CL97, a law that deals with cyber crimes, which it divided into two broad categories: crimes that target computer networks, and crimes carried out over computer networks. Behavior illegal under the latter category includes, among many things, the dissemination of pornographic material, and the usurping of "state secrets."
or maybe just maybe its time for people to realize that the EU is an enemy of the people, and hold the people pushing for this personally responsible.
You're right
> This is arguably much worse than allowing children to watch porn online, because this will for sure effect people's whole life in a negative way.
I would like you to make that argument.
Parents can protect their children. Source: I’m a parent. My kids haven’t seen porn and can’t access the internet. This doesn’t affect the free exchange of ideas that my fellow countrymen enjoy.
Governments getting involved absolutely, unequivocally will be used to clamp down on the free exchange of ideas.
>My kids haven’t seen porn and can’t access the internet.
You sure about that? )))
That wasn't the point i was asking for an argument for. What I wanted to know is how age verification is worse then allowing children to watch porn. To make that argument.
> Source: I’m a parent. My kids haven’t seen porn and can’t access the internet.
Are they above the age of 16? Because then you're either Amish or out of touch.
Age verification isn't the problem. It is just a tool for censorship. It's censorship which is the problem.
So to put the bricks together: Age verification is worse than allowing children to watch pornography, because age verification is censorship.
I hope you can see how that argument is not compelling.
It’s not only compelling to a lot of Americans, it’s foundational.
Age verification will be implemented as identity identification. And that means anything you read or write or watch or say will be tied to your identity, registered by the government and other organizations, and used against you as an individual.
Do you understand now? Or will you only understand when you get fired from your job and they won't tell you the reason?
> Age verification will be implemented as identity identification.
Thank you for bringing an argument.
I want to start by tackling your argument head on. What if it's not though. What if it's implemented by attestation and signatures rooted at your local national government? Nobody will be able to tie whatever you watch or write to your identity, because they won't have it. To my understanding, that's what's proposed here, and that won't feasibly lead to any of the spooky consequences you're predicting.
There's another leg to it also. "anything you read or write or watch or say will be tied to your identity" is already true right now. Google is already, at this second, tracking my every move online and using it against me in a targeted advertisement campaign to change my spending habits, but my political affiliations too. If you're truly afraid of that outcome, I believe there are much more prescient and immediate things you should oppose than this.
Nobody thought to protect western millennials from accidentally wandering across porn on the internet, and we mostly grew up ok
What argument?
You're the one that needs to argue the presence of harm, given you're the one arguing we need to create a surveillance dragnet to shield certain age groups of humans from witnessing how their species procreates.
The default state is that humans procreate via sexual reproduction. You need to argue why we need to take action to hide this, especially given we let children witness other far more brutal activities from the human species like violence.
> This is arguably much worse
Surely someone claiming it's arguable should be willing to make that argument.
For me it's not that it's reproduction. Film that shows sex is not an issue as I see it and I don't know anyone that has developed serious addictions to sex in Hollywood film. However I know several people, family members included, that have absolutely obliterated their childhoods and early adult years by becoming addicted to porn. They were groomed by adults online from a young age and, although their parents tried to stop it, kids are sneakier and they got around it, exposing themselves to some truly dark things. It is not easy for families to recover from having dealt with a child with serious addiction issues.
I think it's pretty silly to argue that systemic protections are ineffective and overreach whereas the efforts of one or two parents should be enough and are the correct level of enforcement for the protection of children. The parents of the people I know went to extremes to protect their children and they were mostly unsuccessful.
Sounds like the people you describe were outliers with some preexisting conditions, and probably shouldn't be used as any sort of baseline or point of comparison.
The argument I am asking him to make is the one about how age verification is "much worse" than "allowing children to watch porn".
If your argument in favor of that is that watching porn isn't harmful to children, then I don't understand what all that superfluous waffling about china is doing in there.
This title seems misleading.
The EP paper appears to be highlighting the existence of a debate regarding VPN.
Relevant quote:
"Some argue that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well. In response, some VPN providers argue that they do not share information with third parties and state that their services are not intended for use by children in the first place. The Children's Commissioner for England has called for VPNs to be restricted to adult use only.
While privacy advocates argue that imposing age-verification requirements on VPNs would pose significant risk to anonymity and date protection, child-safety campaigners claim that their widespread use by minors requires a regulatory response. Pornhub and other large pornography platforms have reportedly lost web traffic following the enforcement of age-verification rules in the UK, while VPN apps have reached the top of download rankings."
Of course I'm not saying the EU won't regulate VPNs, but nowhere in this paper is "the EU" stating that VPNs need closing.
These dimwits (and I don't just mean those in EU) seriously want to stop adolescents from watching porn, and are ready to mess with internet infrastructure for that. That's a depressing manifestation of aging society
> seriously want to stop adolescents from watching porn
no, they want to pretend this is the issue, so that pervasive monitoring or permission and/or deanonymization is normalized. It is to serve the state apparatus, rather than any actual protection.
If it is possible to "pretend that they want something reasonable", it means that there is something reasonable somewhere.
Maybe some want more control, but most certainly not everybody.
> so that pervasive monitoring
If you haven't gotten the memo, pervasive monitoring already exists. To sell ads.
> or permission and/or deanonymization is normalized
For age verification, it's possible to do it in a privacy-preserving manner. Now people spend their time complaining about the idea and claiming that all who disagree are extremists, so it doesn't help. But we could instead try to push for privacy-preserving age verification.
what i personally don't like about privacy-preserving age verification is the single subsequent law change that would criminalize individuals for "improperly" doing age verification.
it'd be so easy to do, and would immediately make obsolete any measures taken digitally to preserve privacy
guy on website called hackernews, tries to convince everyone more restrictions are good
As a hacker, I want antitrust to break TooBigTech such that they can't cryptographically lock me out of everything.
Those who want less regulation are not hackers, but rich and powerful assholes.
Hey, I'm not rich and powerful, how dare you.
Regulations are also restrictions, lots of people here are pro regulation when it comes to things they don't like.
This topic is just unfavorable with this community... for good reasons.
Website called "Hacker News" has had zilch to do with the Hacking community for almost a decade now. It's VC and corporate apologist news.
Are you calling me a corporate apologist? For one, corporations want less regulation.
"Being a hacker" does not mean "being stuck in the 80s", IMO. If TooBigTech cryptographically controls everything, it becomes harder to hack. Are you aware that the biggest restriction against jailbreaking stuff is that it was made super illegal... because it helps corporations?
> Are you calling me a corporate apologist? For one, corporations want less regulation
Ah yes, so that's why Meta et al are the main ones behind pushes for more "think of the children" ID verification/attestation regulations.
it's not about porn, it's about power over all citizens.
Believe me, in some EU countries (like my country Poland) people are very sensitive for this kind of bullshit.
Last two times they tried to push other censorship/tracking laws (claiming as always "we have to, EU is making us") there were mass protests in every city and town.
In my own town of 5k people there were several hundred (500 people at least, probably more). And the previous govt backed down.
This topic seems to be coming back everytime certain countries (Denmark etc) hold the rotating EU presidency. Our current PM is certainly in the same EU clique that wants to push this so much, but it's an extremely unpopular position and he is already leading a weak minority coalition govt. It wouldn't take much to topple him, so he will not do anything like that (unless he is convicted people are distracted with some crisis, but that is where normal people come in. To keep watching what is being smuggled in).
I wonder why do voters in those countries that propose these laws tend to allow this to happen again and again.
It's because it's not about the opinion of voters, but about existing political powers that want to retain their power.
No matter what you (as population) say it will get implemented. If you don't, then they will put sanctions on Poland, withdraw financial partnerships, etc. Like with migrants, they are going to be sent there, even if Polish people vote against.
No matter if you are in favor or against, raising the topic will just make you socially be isolated or even legally punished in some places.
Sad for democracy and free speech.
EDIT: clarified about migrant policy and the decision of countries to choose or not
Poland and other nations should be carefull with handling of imigration, as history shows.
https://en.wikipedia.org/wiki/1938_expulsion_of_Polish_Jews_...
https://en.wikipedia.org/wiki/Emigration_of_Jews_from_Nazi_G...
Your racist drivel is offtopic here.
I just don’t like criminals, no matter where they come from, it’s quite ok but yes selecting immigration is a socially slippery topic
my personal opinion is it’s an all or nothing thing for immigration. you either reduce entirely for all groups or it’s racism and unfair treatment. everyone deserves an equal chance
There's something in-between that could work: allow everyone, kick criminals permanently, and give a path to permanent residence to others, or something like that.
Seems moderate.
I didn’t see race mentioned in the comment?
I just made it softer (though I never mentioned race but economic migration), still can be too sensitive so let it be, just my opinion (I am in Eastern Europe and there the views are rather harsh, compared to Germany or France or Sweden)
Practically all the ills we suffer currently are depressing manifestations of an aging society.
That, and the lack of real issues to solve.
Without thinking too hard I can name a few?
The rise of authoritarianism? Inequality? Revival of geopolitical "realism"? Decrease in empathy and holistic thinking? Increasing willingness of the general population to engage in political adventurism? Accelerating resource consumption (and decelerating resource stocks).
And if you consider none of those "real" problems, I know some people seem to have forgotten about it, but what about climate change? Given the half-life of CO2 and methane, that's a problem as "real" as they get.
There's also a worrying trend of education getting less effective across the first world.
If only we were all privileged enough to believe that the problems in the world today weren't real.
I was talking about the first world. And yes, I think most if not all of the problems in the first world are gratuitously self-inflicted.
Even if that were true (it isn't) you would want to consider the systemic issues that background self-sabotage.
Where is the cushy insulated bubble you're living? Can I join?
It's not really about kids looking at porn, it's about tracking everyone else and making it easier for state surveillance and corporations to identify people.
Kids don't have money and hardly ever manage to do crime without getting caught so they're profoundly uninteresting to surveil in this way, but adults are and here the interests of the state and corporations converge so they'll make a push for tyranny.
But how to make people accept it? Tell them they want to expose kids to gruesome tentacle porn, or else they'd support this. Few adults are willing to admit they even look at porn, let alone argue that this is an important activity that needs to be protected, which it is.
If you think that there is a need for new technology to identify people, I suggest you wake up and start getting informed about surveillance capitalism.
There is absolutely no need for new technology to track people, it's there already.
Also I feel like a big reason for age verification is social media. Many countries are trying to prevent kids from accessing social media (because we know it's bad for them), and age verification is the way to do that.
Badly implemented, age verification is bad. But there are ways to implement it in a privacy-preserving manner, which wouldn't make the current state of surveillance capitalism worse.
People who are actually interesting, are often aware of that fact and avoid surveillance at the moment. You can use tor/i2p, proper VPN setups, VMs, alternative mobile ROMs and other tech and cut most of the fingerprints, trackers and identification. Pretty sure the trash from state agencies doesn't like that.
But the current push from all sides to provide id for everything and remote attestation through Google and apple will make the alternatives very hard to use as it basically cuts such people from the economy altogether.
Need is a very strong word. I'd call it a desire. Currently you can often identify people, sure, but there's hassle involved. What they want to do is to plug in a private corporation separate from whatever service that is likely to be more loyal with the state apparatus than the service, or else it is easily switched out for another.
And corporations are having issues discerning bots from people without making access to their services a fuss or dependent on possibly idealistic and troublesome open source projects, like Anubis.
It's truly, absolutely, not about "age verification". If it were about protecting kids from harm they'd take money from corporations post factum that are offending. Instead they're preparing to spend a lot of money. You could also look at who is heavily lobbying for this, you'll find it is fascist tech oligarchs from the US. They couldn't care less about kids except for obscene or profitable purposes. It would be weird for them to be cosy with epsteinian networks of power and at the same time be mindful about the wellbeing of children.
> Currently you can often identify people, sure, but there's hassle involved
You vastly underestimate the current state of surveillance capitalism.
> You could also look at who is heavily lobbying for this, you'll find it is fascist tech oligarchs from the US.
Go in the street, and ask a bunch of random people: "If there was a way to prevent kids from accessing stuff that is bad for them, and it had no downsides. Would you want it?". I'm absolutely certain that not only fascists will say they would want it.
Well why did you say to them it doesnt have downsides? It has downsides and a very essential one like privacy.
You don't really believe this is about porn?
Adolescents, or kids? Would you say it's completely stupid to want to stop kids from watching porn, or accessing social media?
Did you grow up with free streaming platforms? Pretty sure many adolescents were accessing porn before those, though it was slightly less accessible.
I personally don't have a definitive opinion about porn (I feel like young kids obviously shouldn't have access to it, but it shouldn't be illegal to adults, but I don't know where the limit should be), but I feel like making it harder for kids to access social media makes sense.
I dunno, you have experience being a kid, right? Young kids are just not interested enough to look for porn, not to say figure out how to use VPN to access it. Lax restrictions like we have today are enough to stop porn from being forced on children who are not interested in it
It's not just "look for porn", it's "being exposed to stuff they shouldn't be exposed to".
E.g. the problem of social media is not that kid access information. It's more that kids get harassed by other kids.
The title is also the exact title for that paper’s chapter.
You are right at pointing out that the paper is overall presenting the subject in a balanced manner, unfortunately it seems a bad choice was made when it came to that specific sentence, that gives a venue for it to be fed in the outrage machine.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
Showing children naked humans is a horrible crime.
Bombing children is OK and we happily produce and deliver all the weapons needed for that.
Patterns of an ill society.
"Children's Commissioner for England"... that's not the EU. Really not the EU - they had a whole election and years-long process to leave the EU.
The point is that does not stop the EU from quoting the Children's Commissioner for England on the first page of this document:
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
This needs a new "law of headlines": whenever it's the EU saying something, it's never the EU that said that.
Even the, it's incredibly vague at best, equivalent to "The USA said that", which only makes sense in a context where the relevant spokespeople are well-defined (such as a UN assembly or something), but who is the general spokesperson for the USA or the EU?
Usually things like these are qualified like "the Department of Defense of the USA stated X".
This is how waters are tested and potential negative reactions are probed.
But you single out just one paper. If you include all paper and discussions the picture is super-clear, and the title is not misleading at all. This has to be said.
> Of course I'm not saying the EU won't regulate VPNs
The word choice is quite revealing. You write "regulate VPNs". To me this is not "regulation" at all - it is restriction or factually forbidding it. It is newspeak language here if we dampen it via nicer-sounding words. It also distracts from the main question: why the sudden attack by EU lobbyists against VPNs?
> why the sudden attack by EU lobbyists against VPNs?
Live sports, they’re already assaulting internet infrastructure in various EU member states (eg. La Liga forcing Spanish ISPs to block cloudflare IPs during matches). With this in mind it seems less a case of surveillance state and more a case of corporate state capture.
This is the only paper that is presented as a source for this statement. I'm not the one singling it out.
I think all the identity verification schemes should start with the beneficial owners of companies. Governments have been lobbied to allow complete anonymity for the wealthy that own businesses doing questionable things while regular people are going to have to show id to buy food.
> Governments have been lobbied to
Yep... and to make it worse, nobody is trying to push them towards looking at privacy-preserving age verification: instead technologists try to convince them that they just shouldn't regulate anything. Which... may not work so well.
As someone who lives in a jurisdiction which does require such disclosure: it is a significant inconvenience for small businesses, and no benefit to the general public.
Do small businesses in your area have complicated ownership structures that it's significantly inconvenient to disclose the one family that owns, for an example small business , a plumbing repair company with 4 vans and 6 employees?
They might? If they don't and it is trivial to identify the beneficial owner, why is it necessary to create a requirement to disclose? The practical experience is that people are quite bad at this sort of requirement, that may well be a source of problems and that on aggregate making it harder to do business has a notable impact [0] on general prosperity. Don't needlessly put barriers in front of people who create wealth.
It isn't a stretch to imagine that a small business owner literally doesn't have enough time in their life to maintain their own health and run their business. There are some pretty grim stories out there, I can tell one based on a friend of mine who was working ... I think 70 hour weeks. Sounded rough. It isn't actually crazy to say they may not have an hour free to figure out what form they need to fill out and where to file it, or that they'd be too sleep deprived to get it right. Assuming that this thing is the only thing they need to disclose and there aren't any other pieces of paperwork that need filing (which we all know there will be).
Sure if they have to they'll probably figure it out in most cases, maybe it is trivial. But the businesses where a straw broke the camel's back don't exist any more to point at as evidence. It is hard to know.
[0] https://www.grumpy-economist.com/p/the-cost-of-regulation
You get extra spam. Any data that ends up on those public lists will be used to spam you. Some websites will also correlate all the data they have on you too, so you can get that spam at home too.
Basically, you have no privacy if you start a small business under these kinds of rules.
Precisely what inconvenience does it actually cause those businesses?
Your personal info becomes public because it's attached to the business information. This can include phone numbers, emails, full names, home addresses etc. All accessible online by anyone, including spammers, scammers, swatters etc.
Yes... if you want to business, then people want to know who they do business with.
What a fucking tragedy.
I'm sorry you have to live in such a socialist hellscape.
Shell companies for the ruling class, ever decreasing anonymity for the peasants.
It's very easy to fall in this trap of "surveillance for the greater good".
It reminds me the Mullvad pub campaign: https://mullvad.net/en/and-then/uk
The people who really want to stop VPNs are commercial streamers, especially for live sports. Regardless of state, or governing party, it always comes back to money.
This probably needs to be highlighted more.
It isn't just governments.
This is also quietly being backed by some big corporations with money .
> governments
> big corporations with money
Is there a notable difference between these two in most places? There _should_ be but in practice it feels like more and more places function closer to an oligarchy than whatever form of “democracy” they espouse to practice.
How come tax loopholes aren't as scrutinized?
Mandatory age verification online is a blight imho. It should be outlawed.
I agree, age verification on the web should 100% banned.
Parents should learn how to be parents; the government shouldn't force companies to do parenting instead.
Governement should force companies to give parental controls tools. Gaming companies like Nintendo and Steam do that, I can create a kid account with parental controls.
Social media companies (e.g. Meta, Snap) are the first that should provide that but they don't.
Band and severely punish systematic violations of privacy.
Regulate the poison first, not the access to it. All this age verification nonsense is an admission that some platforms knowingly harm their users. And instead of fixing the issue by cracking down on the proverbial crack, governments make everybody's life worse.
I remain hopeful that one day, humans will regard the online advertising companies with the same scorn we do the tobacco industry and may they be ashamed and disgusted at our inaction.
So you're implying alcohol and cigarettes should be sold to children?
(Not to mention all the other consent age laws.)
That said, VPN is a national security issue, children are only a pretext.
Children have always found ways to access age restricted consumables. Whether that was porno mags, alcohol or cigarettes.
They’d just get an older sibling, or stranger to buy it. Or they’d have a fake ID. Or they’d just steal it from a family member.
But you know which kids did this the least? It was the ones where their parents / guardians took their responsibilities as a guardian properly.
> Children have always found ways to access age restricted consumables
Doesn't mean that it's equivalent to giving them free access to those consumables.
> But you know which kids did this the least?
Source?
> Doesn't mean that it's equivalent to giving them free access to those consumables.
Why do people on HN always need to look at things as a Boolean state? It’s entirely reasonable to have some preventative measures but acknowledging that there are ways to circumvent them and accept that as a reasonable conclusion.
Things don’t need to be “all or nothing” ;)
> Source?
I grew up pre-WWW. Literally lived and breathed the points I’m making.
But don’t just take my word on this. Ask anyone of a certain age and they’ll tell you the same: they either tried cigarettes or knew lots of kids in school who smoked under the age of 16. They had access to alcohol under the age of 18. And pornographic content was easy to get hold of under the age of 18.
The age at which they gained access and the frequency of the usage depended greatly on their upbringing.
> It’s entirely reasonable to have some preventative measures but acknowledging that there are ways to circumvent them and accept that as a reasonable conclusion.
I totally agree. That can be used as an argument in favour of age verification, though.
Sure, if you ignore the other part of my comment where I said parents should be responsible for the upbringing of their own children.
What does national security even mean anymore? People are using this term for basically everything these days, as if saying "national security" is somehow a justification on its own.
What "national security" implications are there with VPNs?
> VPN is a national security issue
:/
What makes you think they aren't? The Double-Irish-Dutch-Sandwich in particular was cracked down on.
Just the fact that it takes NGOs and journalists to uncover tax evasion practices. The governments and tax offices aren't looking. CumEx was a scandal in 2017, and despite being known since 1992, has only recently led to just a handful of prosecutions.
Cumex was not a tax loophole it was straight up fraud .
So imagine the enthusiasm of chasing "legal" practices.
To be replaced by the Irish tax department making direct deals that are essentially the same. But ONLY for specific companies (principle: big multinationals don't pay tax at all, local companies get big tax raises. Irish companies are dying, multinationals are moving to Ireland)
https://taxsummaries.pwc.com/ireland/corporate/tax-credits-a...
In case anyone wonders: this means the FANG companies don't pay tax in Ireland if they hire enough people in Ireland, which has famously high income tax. It is, in other words, effectively a massive tax increase on the employees while actually reducing total tax income in the EU compared to the "double dutch sandwich".
Note that Ireland signed at least 2 international treaties that they weren't going to do this (OECD minimum tax treaty, EU tax treaty). Of course, there are no consequences to this.
The response to is that EU is exploring company-tax-per-transaction which is so incredibly bad in the massive administrative burden it will generate. It's not final, but it will mean that for every transaction done companies will have to keep (PER transaction) pieces (plural) of evidence for what country they happened in. Every single transaction.
https://joint-research-centre.ec.europa.eu/projects-and-acti...
Lots of governments give tax exemptions to selected industries (film comes to mind) or even companies (Foxconn/TSMC); I don’t support this behavior, but I don’t see what makes Ireland special in this regard.
Well, that was the original question of the thread:
> How come tax loopholes aren't as scrutinized?
And the answer is simple: because countries sabotage each other's tax income when they can, even within unions (like US or EU, hell I'm told it even exists in Russia).
And with mobile capital, like multinationals, they can.
Ireland violated international treaties, multiple, to do this. Oh and they call it a huge success (despite that this will obviously suddenly crash and burn when other countries either block it or give better deals).
Oh and it cements the power of American multinationals over local EU companies, when the Irish government publicly and loudly claims they intend the opposite, and for reasons I don't understand, people seem to actually believe them.
A tax "loophole" is just a deliberate policy you happen to disagree with.
Why? Isn't your age verified when you renew your drivers license? Purchase something on Amazon?
When I was a kid, child programming and commercials were heavily scrutinized. Now any kid can access porn, violence, and scams on the internet. That's a blight. Not age verification.
I don’t understand, did broadcast TV or cable do age verification? Surely kids could watch content that was for adults very easily.
Broadcast TV had a very simple solution to this problem: Only air the not-for-kids stuff at times of the day when the kids are already asleep, i.e. late in the evening or at night.
It was still the job of the parents to set the bed times etc, but at least this was something the parents could actually control.
And for pay-per-view stations with actual heavily violent or pornographic content: Yes, they were absolutely age-gated, usually via a PIN.
and who sets that pin? It's the parents, not the cable company.
This is correct. I think the difference is that the PIN actually is an effective tool that parents can use to keep their kids from watching this stuff. It's also default-deny as the PIN is pre-set, and the parents would have to make a conscious efforts to allow viewing.
Im contrast, the internet is default-permit: Everyone can access everything, unless the device is specifically set up to block it. Setting up such a block has the risk of causing massive drama with your kids, and they fill probably quickly find ways to circumvent it anyway.
This is why I find the "it's the parent's responsibility" calls so hypocritical: The whole idea behind the internet is to make it as hard as possible to block things. But suddenly we expect the parents to do exactly that? How?
(All that independent of the point that the current push for age verification really seems like a disguised push for control. But that doesn't mean there isn't a real problem. Both things can be true at the same time)
As a kid, you never found a stack of porno magazines in the woods did you?
> Now any kid can access porn, violence, and scams on the internet.
Before Internet they used paper.
Before the Internet you had to work fairly hard to get a Playboy centerfold where the model just had her breasts out. Now you can effortlessly find endless depictions of anything, including the most depraved sex acts you can possibly imagine. The ease of access and breadth of content available to kids today makes it qualitatively different than when we were kids.
That does not, of course, mean that age verification laws are the appropriate solution. You could even argue that it's not a problem that kids have access to all this stuff (though I don't think I would agree with that). But you can't just hand wave it away by saying "we looked at porn on paper when we were kids". The situations are not at all the same.
The ease of access, quantity and diversity of internet porn is in no common measure with magazines that existed in the 20th century.
That’s the job of parents. No exceptions. OP is right, it needs to be outlawed.
How can you define a tax loophole then? Since there isn't a thing you can do called a "Tax loophole", but rather a collection of otherwise totally legitimate practices, just used as an optimization, they are impossible to define, and as such, be scrutinized. It's a neverending whack-a-mole...
People keep looking at the consumer privacy vpns , but there's a huge field of commercial vpn usage for a broad spectrum of tasks in the european union. Point to point tunnels connecting two sites into a single network. Allowing access to (corporate) resources via laptops and mobile devices. Fixing the one way nature of crappy internet that most people are forced to work with these days (or simply never realized), etc etc.
Basically if you want to do any sort of remote work, I'm not saying you're necessarily using one right now, but the odds are good. Possibly the politician's own IT back-end might have ... opinions... on the ability of the executive to overly check the legislative too.
I have a question that's been going through my mind -
Why is age verification connected with identity verification?
I understand why the former is not possible with the latter, but my question is -
Whichever entity is responsible for the verification can just pass on the age verification confirmation without passing through any of the other details, right?
Am I mistaken here? Because if this was possible, I could still go ahead with using the VPN.
This seems to be what "double-blind" verification is doing:
> The report highlights emerging approaches, such as “double-blind” verification systems used in France, where websites receive only confirmation that a user meets age requirements without learning the user's identity, while the verification provider does not see which websites the user visits.
It's a question of blind trust in your government to respect this, when they themselves control the age verification apps, at least in the EU who wants to impose its own system and not rely on an autonomous third party.
It is cryptography. Just like you don't have to blindly trust Signal with end-to-end encryption (their client app is open source), it could be implemented in a way that you don't need to blindly trust your government.
From a tech perspective it has been a solved problem since about a decade ago, via DID (decentralised identities) and their Verifiable Proofs.
The EU digital wallet framework is built around those, and your suggested scenario is a first class citizen.
It is now moving from the academic/research world, to the political field, and feedback/pressure from both commercial groups and political agendas is muddling the field.
Here are some links to canonical docs, you can easily find high quality videos that explain this is shorter/simpler terms to get a grasp of it.
https://www.w3.org/TR/did-1.0/
https://www.w3.org/TR/vc-data-model-2.0/
A note: it’s one of the healthy byproducts of the blockchain age, don’t get sidetracked by some hyped videos from crypto bros.
It's a "solved problem" that didn't ever need solving in the first place.
You are right, it is possible to do age verification in a privacy-preserving manner. Feels like most people being very vocal against the idea don't know about that.
At least most complaints I see here are assuming that age verification means tracking.
Too bad, there could be interesting discussions about privacy-preserving age verification, if people just bothered getting informed before complaining.
We already have privacy preserving age verification: the website asks for your age (or just whether you're over 18), and lets you through.
There's no issuing party to collude with to deanonymize users, no hard requirement on owning a Google- or Apple-vetted smartphone, and generally no way to identify me besides my choice of random numbers.
You move past that, and people rightfully tell you that your scheme outright breaks privacy, or that it makes too many assumptions or is too complex to easily verify it actually preserves privacy.
Governments already have everyone's ID, including DOB. They say that the problem is non-adults accessing adult sites and services. So therefore, the sites need to know that users are over 18 (or the selected government age).
There should be a standardized government ID service/API that allows a person to let it disclose their age (or other user selected information) to a requesting site/service. That's all that is needed if the government ID service has appropriate 2FA and security.
Both the request and the response can be appropriately anonymized so that the government doesn't know the site, and the site doesn't know the person's identity.
Why isn't this a thing yet? As far as I know, no one has proposed it.
This has been widely discussed, and initial implementations exist: the EU digital wallets are doing exactly this. https://ec.europa.eu/digital-building-blocks/sites/spaces/EU....
In theory, every EU state will have to support this soon so users can use it to verify age privately online. Still work to do to roll this out for real, but the technological part is very much already happening and I think the rollout plan is committed.
The german gov id supports that. They have a PKI and the id is a smart card with a cert and private key on it [0]. It lets you answer the question "are you over 18" with a zero knowledge proof. I guess it only proves you have in your possession a valid id AND know the PIN to it, but that should be fine. France apparently has this, too, according to the article.
[0] https://www.personalausweisportal.de/Webs/PA/EN/government/t..., https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/El...
No. You seem to not understand how government works. It will never be anonymized so it's an awful idea, you basically suggest to link accounts to a passport.
> Both the request and the response can be appropriately anonymized so that the government doesn't know the site, and the site doesn't know the person's identity.
Yes that's how it's done in France for instance, and generally how it's being discussed in the EU.
Exactly. Governments that really care about age verification should provide the tools to do so. They have the means to do so without violating privacy. Something like the Dutch DigiD service (the one they're about to sell to the US despite literally everybody opposing that) would be a great basis for this; just add an age verification service to it. They already know who you are in the most legal sense possible.
> There should be a standardized government ID service/API
Most European country already have one, some are still testing theirs. They're required by the EU to make one accessible to their citizens by the end of this year, in the context of the eID project [0].
[0] https://commission.europa.eu/topics/digital-economy-and-soci...
> if the government ID service has appropriate 2FA and security.
You're kidding right?
Why?
In Russia we have gosuslugi.ru (state services), which nowadays requires 2FA and hasn't been compromised in any major way so far.
Among other things they provide a way for a third party to use it as identification service and a user chooses which data about himself he wants to share. No anonymity, though, and I don't see how it can be implemented so that the verification provider doesn't know which service is requiring age verification.
You seriously think Russia's state services are not compromised by intelligence?
Also, yea, no anonymity is the problem. Why would you want your government to be able to track every single website you've ever visited -- especially considering we're talking about an autocratic regime?
I'm astonished at the naivety on display on a community called "Hacker news."
>You seriously think Russia's state services are not compromised by intelligence?
The state services are required to assist intelligence and law enforcement in lawful investigations, the intelligence don't need to compromise anything.
>Why would you want your government to be able to track every single website you've ever visited
I don't want anyone to track every single website I visited.
>considering we're talking about an autocratic regime
Glad you see the EU for what it is.
The problem is that verifying age requires disclosing your identity and the fact that you use a certain service. Whoever is the provider of such verification, it learns too much about you.
Is the state a worse choice for that than a commercial entity that has fewer resources to secure itself against hacking and might even sell the data itself?
I would rather not have age verification at all and glad there is no such thing in Russia (yet?).
These already exist in several eu countries. Imagine that there are governments that is not America and that actually work.
Just this year, France government ID system hacked: https://www.biometricupdate.com/202604/french-govt-confirms-...
"hacked", such a shame what happened in the background; it was a teenager who saw some url like "view_my_id_documents?id=1234" and just incremented the number, and could download the documents of other people (did on dozens of millions).
.
That seems separate from any electronic id. Government already has records on your passport, biometrics or drivers license.
So a research arm of the European parliament is "the EU" now?
There was a time that parents control what websites children can access.
Now there is a time politicians control what websites we can access.
Sorry for being blunt but those fuckheads won't stop until they ruined everything. No age verification in my house for computer use.
Age restrictions + VPN bans + encryption restrictions + client-side monitoring + restricting general purpose computing.. It's just rapid descent into digital fascism set up by people who have no ability to see how the dots will end up connecting.
I think they absolutely have the ability to see it, it's part of the value proposition for them.
Speaking from the POV of my country, you absolutely have prime minister + minister level understandings that seem to plainly be based on issues such as "we need to stop children from bullying each other on social media", "we need to help police surveillance to stop crime", "we need to protect people from internet porn" etc, and it seems to be that the political capital and will to create these measures comes from short-term attempts to solve certain problems, without being able to understand how a broader set of these measures will together create digital fascism.
Beyond that I fully believe there are intelligence agencies, advertising agencies, military interests, IP control interests etc that are all working very diligently and in more targeted ways to each achieve their goals better by pushing for specific measures and helping to amplify moral panics to build the necessary political capital.
I am sorry you see it this way, when the very subject at hand is a practical example of how the EU has planned and built a wallet around the very same ideas you seem to cherish.
Unfortunately, now that it comes to the news cycle, it’s easy to get outraged around misleading headlines.
I encourage you to invest time in researching what the EU has done in the past decade around digital identities and their framing around privacy questions on this. I hope you will find, as I do, that it moved the needle in t he right direction.
I don't care for a limited and selective best-possible interpretation of a subset of measures viewed in isolation. The point is that a broader set of vectors are being used continuously to gradually ensnare and limit digital freedom.
This is not a misleading headline, this is a document from the European Parliamentary Research Service that calls out VPNs as a technology that may need to be moderated in order to enforce restrictions such as age verification.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
As you are calling me out - specifically answer how restricting access to VPNs would benefit the freedom of thought, communication, and information within Europe, and not be something that - together with other measures - can help facilitate digital fascism.
VPN usage increased, but how to they draw the conclusion that this is children. I think it's more likely that adults are using VPNs to not have to deal with the ID process. I would do that.
As VPNs usually cost some money, which is already a barrier for minors.
We desperately need a new internet
VPNs are essential tools against government persecution. Linking identity to a VPN session under any guise (age verification or otherwise) is something out of the playbook of dictatorial states.
The western great fire wall is reducing its scope..
Maybe the problem is trying to govern a global space with sub-global governments.
Perhaps these legislators are addicted to porn and don't want their children to do to themselves the same they have done. Would explain their obsession and relentlessness to get this done.
It's just a pity they are destroying the internet while doing that. They should be attacking the companies making money from porn instead.
And by the way porn can damage your mind even after 18 so age verification is not a real solution anyway.
Porn addiction has been shown not to be a real thing.
People who believe they are addicted to porn view porn at approximately the same rate as other people: they just feel more guilty about it, due to being raised to believe that it is shameful.
One source on the topic: https://www.psychologytoday.com/us/blog/talking-apes/202207/...
That's absolutely ridiculous. Porn addiction is 100% a real thing. You can't hand wave it away by saying "porn is actually ok, the problem is just that they believe it is bad so they feel shame".
The article gave one anecdotal example of a person who misdiagnosed themself and then tried to make a broader point by disregarding the definition of addiction. Addiction is not just how many times a compulsive behavior is done. It’s the inability to regulate oneself for the behavior often at the expense of relationships or other responsibilities. If you’re looking at porn when you should be working, that could be addiction, for example. Apply that to relationships too. If you’re looking at porn and masturbating instead of being with your spouse, that’s addiction too.
I agree that age verification is old perverts addicted to porn simply projecting their problem onto others. Kids after a day of continuous swiping of tiktok and instagram want tattoos and bitcoin.
Which is why the age restriction would apply to "normal" social media as well?
Even better! Now teenager can legally buy bitcoin straight in the tattoo parlor one week after their 18th birthday.
Porn or social media or fake news destroy kids brain more? I can’t even tell
Parents destroy kids' brains the most.
Over my dead internet connection.
VPN for the VPN with a back-up VPN for the VPN's VPN.
Ah yes, the most pressing issue of our times. Mandatory surveillance of every person's activities is a reasonable solution to the critical issue of teenagers watching porn, who totally won't be able to bypass this by... grabbing Dad's phone.
Obviously, it's not about the children. It was never about the children. If I had my way every one of these people would be taken to a gulag, because they are evil, have evil intentions, and blatantly lie to further their evil goals. I am tired of the intolerant being tolerated, and by allowing this to fester we are headed for a much worse totalitarian dystopia.
All accounts and that are important to kids have are being tied to their real identity and they won’t be able to get a new one if they’re banned. The potential for social engineering is insane.
All of these ID laws are going to make it more dangerous for kids online IMO.
“Hi I’m a Roblox moderator. Your account was reported for X and you’ve been temp banned. Come to platform Y to appeal. Start by submitting all your personal info and a selfie.”
And it’ll be completely normalized by big tech. Seriously. WTF are they thinking?
First, I should say that I am against online age identification. But if we are going to get age verification because the larger population wants it, I definitely prefer the EU's privacy-preserving age verification that uses zero knowledge proofs (yes, they have issues too) over private companies doing age verification, requiring uploading scans of your ID, filming your face, etc. For the reasons that you mention (people can easily be tricked into giving information to the wrong people), but also because I simply do not want my data to be in the hands of random private companies that will sell the data, give it to Palantir, etc.
That makes this fight so annoying, we have to fight age identification, while at the same time also promoting privacy-preserving age verification for the case it happens anyway.
I think this is folly. You cannot communicate this level of nuance at scale, especially when faced with opposition that actively lies to achieve their goals.
Quoting an older post...
> In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario.
In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses
I do not (completely) agree with this. This seems like the very typical US-centric view of politics. A lot of members of the European Parliament are not corporate puppets and have ideals (even if they often do not align with mine). Why would the EU come with a ZKP-based verification reference app if they were sock puppets? The corporate sock-puppet politician would just push the narrative that age verification should be left to the market (which is probably what happens in the US, where most politicians are sock-puppets due campaign sponsoring, etc.).
You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements.
We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Also, in the case of the EU, they made a reference implementation of ZKP age verification and asked national governments to roll this out in their apps. One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart), so if national software development agencies use the reference implementation as-is, it shuts out competing systems. They should have used AOSP device attestation, which is also supported by GrapheneOS, etc. So, besides protesting age verification, I'm trying to get the message to politicians that how device attestation is done in the reference implementation is an issue. The thing that might help here is that sovereignty is also high on the agenda.
> We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Without the population on your side, it's some insignificant minority's words vs. corporation's power determining where the lines get drawn by regulators. The people can put a leash on politicians who cave too hard to corporations by voting them out of office, but if they don't even understand the issue and have been conditioned to accept age verification, that will never happen.
> One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart)
I am confused as to why you suggest my view is US-centric, and then go on to acknowledge that the EU is currently in the midst of rolling out regulation that de facto enshrines the Google+Apple duopoly in law. The EU bureacracy seems to be just as captured by corporate interests as the US. At times, they put up a token protest against Apple/Google, but generally only insofar as to promote competing European corporate interests where applicable. The EU would certainly prefer to serve European corporations over American ones, but the European people don't seem to factor into the equation at any point.
the EU is currently in the midst of rolling out regulation that de facto enshrines the Google+Apple duopoly in law
It isn't, it's not enshrined in law, de facto does a lot of work here. IANAL, but I'm pretty sure such a requirement will not hold up in court either. Besides that, the developers of the reference app have stated that national apps do not have to require strong integrity from Google Play Integrity. It seems like they took the standard platform path either because they did not have time the time or knowledge to do anything else.
At any rate, I'm optimistic that it won't require passing strong integrity in my country. Age verification will be added to our national ID app (DigiD), which does not require passing strong integrity, even if it is used for more security-critical applications than age attestation.
>They should have used AOSP device attestation
No, they shouldn't have used any attestation. If they are using sound cryptosystem for their ZKPs, they don't need to care at all about what hardware and software I'm using.
>In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses
Conspiratorial gibberish
Are you seriously blind? Do you genuinely believe politicians don't legislate in ways that benefit corporations over individuals? Or do you genuinely believe the sudden worldwide push across dozens of countries to surveil all internet access, prevent VPN usage, and lock down devices at the OS level is the result of an organic, grassroots desire to protect children no matter the cost?
Politicians do things that are likely to get them reelected, e.g, passing legislation that is broadly supported by their voters. Passing legislation that their constituents do not like will not increase the chances of them getting reelected.
If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
> cloak surveillance laws in "think of the children" to rally support from the masses
Politicians lie to voters to get them to accept things they would otherwise not accept. That was literally central to the entire comment you were replying to. "But the children" and "But national security" are essentially a free pass to enact any legislation a dishonest politician wants with support from a population that cannot stay fully informed on the nuances of the incredibly complex modern world.
> If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
I feel like I could gesture broadly at everything. As noted, people will support something when lied to, but even without public support it's obvious that this happens. Off the top of my head, Trump's corporate tax cuts in 2017 might be one of the most clearcut examples of something that benefitted corporations over individuals, was lobbied for by corporations, and was high profile enough to have public polling while being so blatantly unjustifiable that said polling demonstrated the public was clearly against it.
>Off the top of my head, Trump's corporate tax cuts in 2017 might be one of the most clearcut examples of something that benefitted corporations over individuals, was lobbied for by corporations, and was high profile enough to have public polling while being so blatantly unjustifiable that said polling demonstrated the public was clearly against it.
The 2017 tax cut law was extremely popular among republican voters, so I think that goes towards what I am saying.
I suppose that was a bad example because Republican voters don't have a single policy they stand by, only party loyalty. eg. Republican voters were staunchly opposed to war in Iran until Trump did it and then support skyrocketed.
I agree that the US is in a strange place currently. The cult of personality Trump has hopefully goes away with him.
> grabbing Dad's phone
That will only very rarely happen. Do you actually know people that will just give you their phone so you can watch porn? For more than one minute? People are so addicted to their phones.
> it's not about the children
It's also about the children, but there surely are parties which use the process to further their own goals.
> I am tired of the intolerant being tolerated
That's not the right quote for this case.
> Do you actually know people that will just give you their phone so you can watch porn?
They don't ask for it, they take it when you're busy or sleeping. Teens certainly weren't asking for Dad's VHS tapes or magazines when I was a kid. I suppose this problem is solveable, too, though. Mandatory biometric locks on every device capable of accessing the internet, why not?
> That's not the right quote for this case.
It is. These people are fascists. Their goal is to create a society where the government has a permanent record of everything every person is doing, monitored 24/7 so nobody can defy it. The point about tolerating intolerance is that by abiding such people, you allow them to create an intolerant society, thus it is prudent even in a tolerant society to be intolerant specifically towards those whose goal is intolerance.
> they take it when you're busy or sleeping
That will be quite noticeable. And tricky if it's face or fingerprint locked, something I see in all phones around me are. Daddy likes his privacy too.
For the rest: rant on, but it'll only reduce your audience. One thing we can learn from history: calling people fascists doesn't work.
One thing we can learn from history: tolerating fascists really, really doesn't work.
If it's not clear, the point of calling fascism what it is, is not to convince the people who are being called fascists of anything. They cannot be convinced of anything, because they are fascists. The point is to highlight, to people who are already amenable but complacent, that a greater sense of urgency is needed. Our societies are currently sleepwalking into a dystopia that will make the Gestapo and KGB look like child's play. There will be no revolution, no liberation, no resistance if our governments are allowed the degree of control they're seeking. Once complete surveillance is established, communications are controlled, and freedom ceases to exist, it will be lost permanently this time.
By your logic, my kids are going to find a way to smoke weed anyway so I might as well give them some, right?
Can you not be disingenuous beyond belief? That is not even remotely close to what I said. What I take issue with is that the solution is worse than the problem (and does not even solve the problem). We can solve all problems of society if we lock everyone in an isolated prison cell 24/7 except under strict supervision when working or studying. That, obviously, is a fucking insane idea. Yet it is what we are creeping towards when you defend government surveillance of every person's device usage. A solution to a problem should not be 100x worse than the problem it allegedly solves, and this is doubly true when it doesn't even solve the problem.
Obviously, not all solutions have to be 100% solutions to problems. Indeed such solutions very rarely exist in the real world. But they do need to be less of a problem than the original problem, and the more invasive they are, the more you'd better expect they solve a serious problem as comprehensively as possible rather than barely addressing a trivial problem.
Your children would certainly cherish and respect you for it.
Many such cases, in fact! Which you of course don't know about. Because anti-prohibitionist narratives don't cause Number to Go Up.
What's safer: if you were to provide them with secure access to a substance that is risky only when used irresponsibly - or if they had to acquire it illegally off the street, and were to consume it in some sketchy environs away from your oversight?
On the other hand, setting boundaries meant to be crossed - such as a restriction on substance use that "they will violate anyway" - is parental betrayal, and risks bricking your child.
Also many such cases! Which you also "don't know" about. Because you prefer to consider unhappy people less-than-human, and parents are only happy to sweep their failures under the rug. Even if it means giving their child to the torturers.
From one sentence you wrote "as if it's obvious", I can see that your sense of ownership over your progeny trumps your concern for your children's safety.
A lot of resources go into subsidizing your unsustainable lifestyle, which you yourself only tolerate thanks to constantly impairing your cognition but perfectly legally.
Similarly, a lot of resources go into silencing and/or exterminating people like me; yet, last time I checked I was still kicking and spitting.
Both of these economic dynamics, ultimately, serve to perpetuate a multigenerational Ponzi scheme which treats humans as property. Notice people getting into debt younger and younger? Yeah, that.
North Korea calls VPNs “a loophole that needs closing” in age verification push
More bullshit from the gov.
Add better parental controls to devices, if Facebook sends my children porn on a phone that's "underage" than they get a big fat fine.
But I guess then there's no sending my ID to the world, think of the poor advertisers.
Some EP commitee writes a report about some UK (not-EU) person stating "VPNs are a loophole that needs closing".
[Some argue] being a link to some UK websitehttps://www.europarl.europa.eu/thinktank/en/document/EPRS_AT...
ὦ Ευρώπη, this would kick off an arms race. μολὼν λαβέ!
If my kid can setup a VPN, then he's old enough.
The lobbyists are doing what they are paid to do.
People pointed that out quite a while ago already. Age sniffing is a joint attack on the freedoms of people, which explains why these lobbyists also try to abolish VPNs. Their vision for the world wide web is one of authorization. Ultimately they will fail, but a few get rich here in the process.
Ugh. Here we go again. Europe’s politicians just cannot stop with wanting to control everyone and everything. It’s as if bureaucracy is the actual goal. Privacy and anonymity should be protected by law. Not violated by law.
I listen to a bunch of (mostly left) podcasts where they sometimes invite members of the European parlement and while I can agree with some of their opinions its downright scary how they think about regulations.
For everything that's wrong in society the answer seems to be more and more regulations. The negative effects (such as the lack of European AI companies) are then waved away (it's because Europe spends their money on American AI instead of investing in EU AI).
It's honestly scary.
Care to share some of these podcasts?
The goal is privacy and anonymity. Removing them that is. They don't care about teenagers watching porn, what they want is to know what every person is reading and saying, and being able to punish whoever says things the eurocrats don't like. That's the reason the age limits are not set in the device by the parents, but you must give your id to some entity.
EU didn't state this for one. The paper they wrote quoted someone else stating this.
EU enshrined privacy in its charter of fundamental rights. GDPR was and still is a major protection.
US, from its biggest companies to the whole of Silicon Valley culture has done the exact opposite.
Within the EU, multiple attempts at pushing changes in opposition to this have been proposed, debated, voted on (and rejected), as democracies do.
Not perfect, but when you come down to laws, EU bureaucrats gave EU citizens article 8, US gave them the CLOUD act.
> Within the EU, multiple attempts at pushing changes in opposition to this have been proposed, debated, voted on (and rejected), as democracies do.
If 51% of people want to do something wrong, they should do it to themselves and leave the other 49% alone. Democracy is not an excuse for doing the wrong thing and going "oh well, guess people want it".
70% is a more likely figure
https://www.ipsos.com/en-uk/britons-back-online-safety-acts-...
>Almost seven in ten (69%) support age verification checks on platforms that may host content related to suicide, self-harm, eating disorders, and pornography.
Sometimes the majority is going to make a decision that you do not like, oh well, that is the cost of living in a democracy. People in "terminally online" spaces like HN vastly underestimate the popularity of these laws.
>>Almost seven in ten (69%) support age verification checks on platforms that may host content related to suicide, self-harm, eating disorders, and pornography.
>>eating disorders
I'm genuinely sorry, but... wait, what? Okay, suicide, somewhat understandable (although some forums where people just share their feelings are endangered by this). Same applies to self-harm. Pornography - well, at least I can understand the motive/justification, although I don't welcome such intrusions in personal privacy. But eating disorders? What? I'm sorry, WHAT? Where's the reasons behind this? Any adequate justification? I apologize, again, maybe I don't understand the thing, but how eating disorders ended up in the same line as suicide, self-harm, pornography and similar?
You need to learn what democracy is then.
> EU enshrined privacy in its charter of fundamental rights. GDPR was and still is a major protection.
GDPR does not protect you from governments snooping on you. The same way it does not stop governments from collecting data on you: https://en.wikipedia.org/wiki/Data_Retention_Directive
It sometimes even forces governments to collect more data on their own citizens like in Romania.
The only difference between the US and the EU is that the EU has somehow managed to convince a bunch of useful idiots (not saying that you are part of it) that it is better than the US when in reality its the same shit just with a different color and smell.
If you want protection from the government, you should most likely emmigrate to countries that really care about that - like United States of America. They spent a lot of time adding laws to protect themselves against the government.
They EU authorities care for children so much that they haven't noticed almost none are being born anymore in EU.
Tiresome surveillance state push
Yet another «copy protection».
Legislation must call real experts before making any *technical* decisions.
Sounds more like they should have sand-boxed white-listed school networks for known publishers in each age group.
Then leave the rest of the world out of domestic failed parenting nonsense. However, policy would still likely fail given the cruelty youthful ignorance often brings, and persistent 1:100 child psychopath occurrence rates. =3
Here we go again with new restrictions on civil liberties. This is Chat Control all over again.
The EU won't stop until it has access to all your data, all your messages, anything you read, save, send will be scrutinized by the the big great EU and it's little minions.
Hey, at least we get the freedom of movement right?
Too easy to dunk on the EU. The UK, USA and Australia seem to have reached the same conclusions. In UK all young males now have a VPN rather than do whatever you’re supposed to do to see porn. VPNs went from “nerd talk” to “vpn=porn” in the space of weeks. Whatever is next will suffer a similar fate.
There is no such thing as the EU wants X. There are huge differences between what the European Commission, the European Council, and the majority of the European Parliament want.
Most of the anti-privacy crap hasn't happened thanks to the EU. Particular countries and lobbying groups have been pushing this through the Commission and Council and most attempts have been rejected by the EP.
If we didn't have the EU, some countries would have long introduced this nonsense (like the UK). But in the EU that does not make much sense, since there is a single market, so you have to enforce it EU-wide.
The European Parliament + courts of justice/human rights are one of the last beacons of democracy/freedom worldwide that resist upcoming authoritarianism. We should support them and remind the Parliament over and over again that they should be continuing the good fight.
---
By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
> By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
Disclaimer first: I'm not trying to protect him and I'm not tied to him in any possible way. But since when constantly expressing your own opinion (that's what I assume given the age of the account; maybe I'm wrong, but this seems rather like a person than a bot) is a deliberately malicious activity (as implied by your "trying to sow dissent" expression)? If their opinion doesn't match yours, it doesn't mean that they're evil or something similar. It just means that your views are different.
Talking continually about politics is against the HN guidelines.
Politics and tech are basically intertwined at this point. Tech is also intertwined with Geo-politics, tax policies, mental health, and a bunch of other issues.
One cannot talk about tech without talking inevitably of the second or third order effects that derive from it which is again almost inevitably linked to politics either in the US or elsewhere.
I appreciate the support but I am not surprised.
Even on HN there is been a surge of users who instead of defending their arguments or positions on certain sensitive topics such as the EU prefer to simply smear the opposition.
I write about the EU a lot because I live there and I am especially interested in what the EU is doing regarding tech.
I am especially critical of policies that target my private life and it irks me to no end that some people will claim loud a and clear that I should simply be grateful for what the EU is doing when the EU's actions in a lot of matters that I care about have either been deceptive and/or completely went against the supposed principles that the EU is supposed to have.
Calling out blatant lying and bot propaganda isn't "smearing the opposition".
It's disgusting that people run here, write utter complete lying bullshit and then you attack folks that say "hey, this is complete bullshit".
Be better.
> Calling out blatant lying and bot propaganda isn't "smearing the opposition".
I am not sure what you are trying to get at.
Are you implying that this new draft is not in any way related to the recent Chat Control proposal that wanted to intercept all encrypted messages on phones in the EU, this same proposal that has been debated many times here on HN?
If so, then I am sorry if you think this blatant lying. You must have not been paying attention nor have read the many drafts of this law.
This proposal of tightening regulations around messaging apps and VPNs is being pushed as part of the other pushes for digital identity, age verification and potentially linking online identities to your real identity.
This is not happening just around Europe. It's also happening in the UK, Australia and more and I disagree with everyone of them.
This is not a conspiracy theory, this is publicly documented information that has been reviewed by journalist of all sides and has been decried by many human rights organizations who rightfully see all these moves as wanting to remove fully or partially the anonymity that the internet has provided thus far while curtailing freedom of speech.
> It's disgusting that people run here, write utter complete lying bullshit and then you attack folks that say "hey, this is complete bullshit".
I haven't attacked anyone. I am not sure what you are talking about.
I was the one who was attacked ad-hominem by OP who casually hinted that I was either a troll, a bot or working for Russia or China when the truth is that I am simply a EU citizen who is dissatisfied with the way the EU has handled a lot of it's tech regulations and I am simply voicing my personal opinions on these matters just like anyone else does in these threads.
Maybe you don't share my opinions and that's fine, we don't have to be friends.
> Be better
I will interpret this comment as simply someone who sees himself in the right and looks down on everyone else as poor souls needing to be guided to the light. This is not Reddit, you can get off your high horse now.
The recent chat control proposal was shot down by the EU parliament.
It was proposed and pushed forward by member countries represented in other EU inatances. It seems obvious that governments of at least some member countries want this crap and try to get in implemented via EU. When it reached the instance that is more sensitive to public opinion, it was shot down.
This is why I tend to look more favorably on the EU than on any member state government.
The obvious solution is having the EU to be more representative. I dislike how entities like the EU Council and EU Commission are sometimes used to launder some countries' governments authoritarian intentions.
> There is no such thing as the EU wants X. There are huge differences between what the European Commission, the European Council, and the majority of the European Parliament want.
Of course there is such a thing as EU wants X. The commission drafts laws and presents them to the MEPs who vote on them. The MEPs do not have the ability to propose their own laws. So all these bullshit laws that are voted on originate from the commission.
If I tell you that you can have a red balloon and you only choice is either to accept or reject the balloon, then you don't really have a choice do you? You can't say I want a blue balloon.
> Most of the anti-privacy crap hasn't happened thanks to the EU. Particular countries and lobbying groups have been pushing this through the Commission and Council and most attempts have been rejected by the EP.
Most attempts? And that should somehow reassure me?
Here is another law that was overturned after many years even though everyone knew it was illegal from the start: https://en.wikipedia.org/wiki/Data_Retention_Directive. It only took something like 8 years.
When Romania protested that this was illegal under their constitution, the EU sued them and forced them to spy on their own citizens. So thank you but no thank you.
> If we didn't have the EU, some countries would have long introduced this nonsense (like the UK). But in the EU that does not make much sense, since there is a single market, so you have to enforce it EU-wide.
On the contrary, if we did not have the EU then it would not be such a problem because the same people who are pushing for this crap would have to repeat the same process 27 times, one in each country and they would have to convince/bribe their way into each government. Instead they can now push this stuff through the commission and it gets voted on and if approved gets applied to 450M people in one go.
That is the definition of single point of failure if I have ever seen one.
> The European Parliament + courts of justice/human rights are one of the last beacons of democracy/freedom worldwide that resist upcoming authoritarianism. We should support them and remind the Parliament over and over again that they should be continuing the good fight.
Do we now have to resort to this sort of emotional arguments? The EU as a whole is 27 countries, the world has more than 200 countries today. Are you claiming that most of them are hell-hole under some sort of tyrannical government? You can't be serious.
This is my problem with the EU supporters these days, you guys are so quick to shove in everyone throats the amazing stuff that the EU supposedly does for us every day but as soon as someone complains, you revert to using the same tactics as populists with the US vs Them rhetoric, the emotional manipulative language and what not.
Also your last paragraph is in complete contradiction with your previous statement. Somehow the EU/European parliament is the last bastion of democracy/freedom but it stills wants to access my private messages and emails (for my own good of course), and now it wants to force VPNs to record identifying information of its users (for our own good again).
If what you say is true then we wouldn't be having this conversation because anyone who proposes this sort of law should have been ostracized and kicked out of the commission in no time. Yet here we are.
> By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
Ha, yes, you got me! I can see that when the push comes to shove it's easier to go for the subtle ad-hominem or character attacks.
God forbid someone in Europe could have any issues with the way things are going at the moment. Seems highly suspicious.
Should I send you a copy of my EU passports? Maybe that's whats going to be required in a few years time to post online if the all-mighty EU gets its way but I can understand if you want to start doing the policing early. After all we can never be too careful.
By the way, I love the new definition of democracy theses days: agree with us about everything or we will consider you a Chinese/Russian/Populist/evil (take your pick) troll.
Its perfectly fitting with the way the EU is trending down towards authoritarianism and subtle freedom of speech suppression.
What does this rant have to do with the linked report in this article?
> What does this rant have to do with the linked report in this article?
This is not a rant. I responded to OPs message point by point and simply expressed my opinion on these matters just like he did.
I also responded to OPs thinly veiled accusations that are completely unfounded and downright accusatory.