Even if we say I agree with this, why even ask for a specific year? Separate into child and adult, and let the super user make that change when asked.
Different countries (actually different regions within said countries) have different laws related to what “kids” can and can’t see and what age defines a “kid”. How much that matters is up to you. But it provides an automated check that ALSO avoids having to say “Hey mom? I just turned 18 and for no reason whatsoever it would be great if you could switch my account to an adult. Also make sure to knock and don’t look too closely at my laundry basket ever again”.
Websites and applications should never be allowed to know any PII without explicit consent.
And what do you think you are providing every time you tick “Yes, I am 18 years or older” or “Yes, I was born in 1920 or whatever the first option is now”?
That’s there point, with this websites will just know the users age, before it was the users choice: “are you 18 or over?” But now it will be: “I know you’re 37.567 years old” user has no idea. Maybe we should add religion and skin color too
The idea of storing age in the OS is that end programs don’t actually access it directly. They get age ranges, like child/adult, not the actual birthdate. In theory, it’s much more private than uploading your id and photo to every random website/app that you use.
Cookies already exist and there is countless leakage (both intentional and unintentional…). Like most things, you are not as private and protected as you seem to think you are. Just because a website is asking you to tell it (which is mostly for compliance, not knowledge) doesn’t mean they already know that you said you were 250 years old but your shopping habits suggest you are actually in your 20s and live in Detroit and really enjoy pegging.
Maybe we should add religion and skin color too
To my knowledge, very few nations tie laws or access to that slippery slope fallacy. And parents generally have those same traits (at least while the kid is living with them). So I am not seeing much benefit from this?
And if/when we reach the point where that is the case? Uhm… I don’t think companies and software will be given anywhere near as much freedom to say “Sure, we’ll comply so that we can be eligible for these contracts” or “No, we won’t comply so that we can market ourselves as protecting people”
That doesn’t seem like a great argument for doing something that further reduces privacy and protection.
The point is that, without third party verification (which I am vehemently opposed to), it changes absolutely nothing. So it is just people whining about “freedoms” they don’t even have.
And… there actually are arguments that it is good to tear down the security/privacy theatre so that people can make informed decisions and understand their actual exposure and risks.
A good example of this is that I am REALLY happy that we, as a society, have seen a drastic shift between calling things “Private Messages” and instead calling them “Direct Messages”. The former implies that only you and the recipient can see them. The latter does away with that and people rapidly learn (and communicate) that site owners and often mods can see everything you send along those avenues.
Privacy is a human right and I have a choice to who an d which third party collects my data.
My own computer with software I build myself doesn’t need mandated age gates.
This is being baked in because of US law. I wouldn’t be surprised if the US made some federal laws requiring your religion in the near future.
And that is why it is a slippery slope fallacy. Eventually, superpowers are going to want to have access to your machines (they already do, but mostly in isolated cases). So any kind of data storage and overrides should be destroyed. So let’s go shred our hard drives and remove the concept of sudo/root access?
Also, I will just add on that it is more than just the US that is increasingly pushing for age verification.
People can run secure systems that share minimal info. This requires all systems to store and share specific info. So you’re making it illegal to have a private system. Sure most people don’t, but now you’re making it illegal. You think that’s okay because we don’t have good privacy laws right now? You want to give up?
People can run secure systems that share minimal info.
And those generally aren’t the machines you want to connect to the internet and use for all your everyday browsing.
This requires all systems to store and share specific info.
Specific, unverified, info. That you are already sharing in most of the situations where it is being asked for.
So you’re making it illegal to have a private system. Sure most people don’t, but now you’re making it illegal.
A lot of things are illegal. Without the third party verification requirement, you are perfectly fine to hardcode that to say you were born on June 9th, 1969 by default. And that complies with the California legislation (last I read through it).
You think that’s okay because we don’t have good privacy laws right now? You want to give up?
No. I want people to actually understand what is going on so that they can actually protect themselves.
That is really going to depend on what your actual risk is. There are a decent number of articles and videos out there that go into what journalists have to do and… they are generally ahead of the curve on stuff like that.
But what people SHOULD do is to gain an understanding of what is actually going on. This entire debacle REALLY feels like a mix of people being mislead as to what the California legislature actually is (whether for Views or more nefarious reasons) combined with making it abundantly clear that they know absolutely nothing about their current risks.
Like, you telling pornhub you are over 18 is not telling PornhubCorp anything they don’t already know from all the other cookies and fingerprints you are carrying everywhere. Hell, a lot of services are dedicated to tracking by IP to get around incognito mode and even caching to get around VPNs (although, most don’t have to bother since people have been trained to just put EVERYTHING through a vpn so that it doesn’t matter in the first place). They are literally just ticking a checkbox in the hope of not getting blocked by more payment processors.
So if you truly care about protecting your age? Have multiple devices. Learn how to split your traffic based upon device to get around many fingerprinting techniques. Figure out where to sit at Starbucks so that you have your back to a wall but don’t look like a pervert. And so forth.
Rather than freaking out and throwing tantrums because people are trying to inform you about how little a self-reported age at the OS level that can be requested matters.
One fun bit of paranoia. I am sure most people are aware of the “Abnormal behavior has been detected from your IP. Please click here and then do some ML training to prove you are human” prompts that tend to come up on shared connections or if you have too many adblockers running.
Understand a lot of that is you “consenting” to have even more of your specific cookies checked (which is what happens when they “verify” you without a test). But a few years back there was an excellent paper that actually used how you perform on the ML training to further fingerprint you. The person at 1.2.3.4 with these cookies who is probably color blind is distinguished from the person at 1.2.3.4 with most of the same cookies (everyone loves going to Dildos R Us) but gets confused over whether a hotel shuttle is a bus.
And that all goes towards making sure they know exactly who you are and what ads (and trackers) to use.
Different countries (actually different regions within said countries) have different laws related to what “kids” can and can’t see and what age defines a “kid”. How much that matters is up to you. But it provides an automated check that ALSO avoids having to say “Hey mom? I just turned 18 and for no reason whatsoever it would be great if you could switch my account to an adult. Also make sure to knock and don’t look too closely at my laundry basket ever again”.
And what do you think you are providing every time you tick “Yes, I am 18 years or older” or “Yes, I was born in 1920 or whatever the first option is now”?
That’s there point, with this websites will just know the users age, before it was the users choice: “are you 18 or over?” But now it will be: “I know you’re 37.567 years old” user has no idea. Maybe we should add religion and skin color too
The idea of storing age in the OS is that end programs don’t actually access it directly. They get age ranges, like child/adult, not the actual birthdate. In theory, it’s much more private than uploading your id and photo to every random website/app that you use.
If they age or birthdate is there it could leak, regardless of the API.
Cookies already exist and there is countless leakage (both intentional and unintentional…). Like most things, you are not as private and protected as you seem to think you are. Just because a website is asking you to tell it (which is mostly for compliance, not knowledge) doesn’t mean they already know that you said you were 250 years old but your shopping habits suggest you are actually in your 20s and live in Detroit and really enjoy pegging.
To my knowledge, very few nations tie laws or access to that slippery slope fallacy. And parents generally have those same traits (at least while the kid is living with them). So I am not seeing much benefit from this?
And if/when we reach the point where that is the case? Uhm… I don’t think companies and software will be given anywhere near as much freedom to say “Sure, we’ll comply so that we can be eligible for these contracts” or “No, we won’t comply so that we can market ourselves as protecting people”
That doesn’t seem like a great argument for doing something that further reduces privacy and protection.
The point is that, without third party verification (which I am vehemently opposed to), it changes absolutely nothing. So it is just people whining about “freedoms” they don’t even have.
And… there actually are arguments that it is good to tear down the security/privacy theatre so that people can make informed decisions and understand their actual exposure and risks.
A good example of this is that I am REALLY happy that we, as a society, have seen a drastic shift between calling things “Private Messages” and instead calling them “Direct Messages”. The former implies that only you and the recipient can see them. The latter does away with that and people rapidly learn (and communicate) that site owners and often mods can see everything you send along those avenues.
Semantics
Privacy is a human right and I have a choice to who an d which third party collects my data. My own computer with software I build myself doesn’t need mandated age gates.
Only if you actually understand what information you are and aren’t exposing about yourself in your every day activities.
Which… yeah, does really feel like understanding the meaning of a text/concept. So… spot on?
Amazing what you can do to protect yourself
Like one, don’t give your information to the machine
This is being baked in because of US law. I wouldn’t be surprised if the US made some federal laws requiring your religion in the near future.
There’s a big difference between data collection and government mandated identification.
And that is why it is a slippery slope fallacy. Eventually, superpowers are going to want to have access to your machines (they already do, but mostly in isolated cases). So any kind of data storage and overrides should be destroyed. So let’s go shred our hard drives and remove the concept of sudo/root access?
Also, I will just add on that it is more than just the US that is increasingly pushing for age verification.
People can run secure systems that share minimal info. This requires all systems to store and share specific info. So you’re making it illegal to have a private system. Sure most people don’t, but now you’re making it illegal. You think that’s okay because we don’t have good privacy laws right now? You want to give up?
And those generally aren’t the machines you want to connect to the internet and use for all your everyday browsing.
Specific, unverified, info. That you are already sharing in most of the situations where it is being asked for.
A lot of things are illegal. Without the third party verification requirement, you are perfectly fine to hardcode that to say you were born on June 9th, 1969 by default. And that complies with the California legislation (last I read through it).
No. I want people to actually understand what is going on so that they can actually protect themselves.
How do you want people to protect themselves?
That is really going to depend on what your actual risk is. There are a decent number of articles and videos out there that go into what journalists have to do and… they are generally ahead of the curve on stuff like that.
But what people SHOULD do is to gain an understanding of what is actually going on. This entire debacle REALLY feels like a mix of people being mislead as to what the California legislature actually is (whether for Views or more nefarious reasons) combined with making it abundantly clear that they know absolutely nothing about their current risks.
Like, you telling pornhub you are over 18 is not telling PornhubCorp anything they don’t already know from all the other cookies and fingerprints you are carrying everywhere. Hell, a lot of services are dedicated to tracking by IP to get around incognito mode and even caching to get around VPNs (although, most don’t have to bother since people have been trained to just put EVERYTHING through a vpn so that it doesn’t matter in the first place). They are literally just ticking a checkbox in the hope of not getting blocked by more payment processors.
So if you truly care about protecting your age? Have multiple devices. Learn how to split your traffic based upon device to get around many fingerprinting techniques. Figure out where to sit at Starbucks so that you have your back to a wall but don’t look like a pervert. And so forth.
Rather than freaking out and throwing tantrums because people are trying to inform you about how little a self-reported age at the OS level that can be requested matters.
One fun bit of paranoia. I am sure most people are aware of the “Abnormal behavior has been detected from your IP. Please click here and then do some ML training to prove you are human” prompts that tend to come up on shared connections or if you have too many adblockers running.
Understand a lot of that is you “consenting” to have even more of your specific cookies checked (which is what happens when they “verify” you without a test). But a few years back there was an excellent paper that actually used how you perform on the ML training to further fingerprint you. The person at 1.2.3.4 with these cookies who is probably color blind is distinguished from the person at 1.2.3.4 with most of the same cookies (everyone loves going to Dildos R Us) but gets confused over whether a hotel shuttle is a bus.
And that all goes towards making sure they know exactly who you are and what ads (and trackers) to use.