This new "privacy" law will require that all operating system providers must start collecting your birth date every app you install will need to ask your OS provider for that information. It's whac...
The comment you answered to said not all software has to implement age checks; only those who actually deal with age relevant content. You said it would be a foot in the door. So… who’s foot to do what?
i mean in the sense this sets up the infrastructure for and normalizes invasive identification systems that could in the future be used to say, demand your id or face scanning for you to even access the internet or use computers at all, not just age restricted stuff. of course we can only speculate how they could use this for nefarious purposes.
as in a slippery slope, might have been a better way to put it.
Its not invasive yet (no third party, no ID, no verification; its basically just another user controlled date field that is not even exposed). So it is not lowering any barrier in that regard.
It’s also not a helpful intermediary step for harder measures, because as soon as you want a third party to do attestation, storing that on a user controlled device is just unnecessary complexity and risk of circumvention. It would be easier and safer (for those introducing it) to just let the attesting party talk to the providers directly.
Isn’t that level already socially normalized? Every second website asks me for my birthday to derive my age for as long as I can think. Many of them ask me basically every time I use them (even Steam, where I am logged in and my payment history alone should imply that I am old enough).
no, you are not forced to input any truthful information nor credit cards or id checks or facial recognition just yet, except for banks and stuff. being forced to “because of the kids!” and having it enforced at the OS level against your will changes everything.
most sites (that i use at least) usually have multiple payment methods with varying levels of “privacy” that doesn’t really force you to identify yourself to them.
The US bills I have read also don’t enforce any real age (how could they). They require the birthday to be stored on the device for the device to reply with the info if the user is within a certain age bracket. But nowhere did I see anything that would force users to store their truthful birthday. All that it would do is making the already existing age checks much more convenient and giving parents the opportunity to make them slightly more secure.
still a foot on the door. if we assume the real goal is to identify every internet user, a mandatory os-level system for storing a a bit of personal data is definitely step number one.
once they have the data and the internet adopts this, requiring transmission or broadening the scope bit by bit is just a few updates away.
From an acceptance point of view there is no difference in forcing providers to implement an API to talk to your device or forcing providers to talk to a central service (or at least any service implementing a certain interface).
If the goal was for more surveillance, they could have immediately gone for that route.
They could also have kept the current “ask the user” approach and mandated website providers to store these information. That would have been a much smaller step and would have brought them closer to big brother as well.
Now they went for an approach that takes a step away from what we already have, making it more privacy friendly. Websites don’t have to ask (and potentially store) your birthday anymore and can still stay compliant.
The comment you answered to said not all software has to implement age checks; only those who actually deal with age relevant content. You said it would be a foot in the door. So… who’s foot to do what?
i mean in the sense this sets up the infrastructure for and normalizes invasive identification systems that could in the future be used to say, demand your id or face scanning for you to even access the internet or use computers at all, not just age restricted stuff. of course we can only speculate how they could use this for nefarious purposes.
as in a slippery slope, might have been a better way to put it.
How would the current approach help?
Its not invasive yet (no third party, no ID, no verification; its basically just another user controlled date field that is not even exposed). So it is not lowering any barrier in that regard.
It’s also not a helpful intermediary step for harder measures, because as soon as you want a third party to do attestation, storing that on a user controlled device is just unnecessary complexity and risk of circumvention. It would be easier and safer (for those introducing it) to just let the attesting party talk to the providers directly.
by socially normalizing consent for it, and setting up the initial infrastructure for it to work.
Isn’t that level already socially normalized? Every second website asks me for my birthday to derive my age for as long as I can think. Many of them ask me basically every time I use them (even Steam, where I am logged in and my payment history alone should imply that I am old enough).
no, you are not forced to input any truthful information nor credit cards or id checks or facial recognition just yet, except for banks and stuff. being forced to “because of the kids!” and having it enforced at the OS level against your will changes everything.
most sites (that i use at least) usually have multiple payment methods with varying levels of “privacy” that doesn’t really force you to identify yourself to them.
The US bills I have read also don’t enforce any real age (how could they). They require the birthday to be stored on the device for the device to reply with the info if the user is within a certain age bracket. But nowhere did I see anything that would force users to store their truthful birthday. All that it would do is making the already existing age checks much more convenient and giving parents the opportunity to make them slightly more secure.
still a foot on the door. if we assume the real goal is to identify every internet user, a mandatory os-level system for storing a a bit of personal data is definitely step number one.
once they have the data and the internet adopts this, requiring transmission or broadening the scope bit by bit is just a few updates away.
From an acceptance point of view there is no difference in forcing providers to implement an API to talk to your device or forcing providers to talk to a central service (or at least any service implementing a certain interface).
If the goal was for more surveillance, they could have immediately gone for that route.
They could also have kept the current “ask the user” approach and mandated website providers to store these information. That would have been a much smaller step and would have brought them closer to big brother as well.
Now they went for an approach that takes a step away from what we already have, making it more privacy friendly. Websites don’t have to ask (and potentially store) your birthday anymore and can still stay compliant.