What I find puzzling about these proposals is that it SEEMS like they could be designed to achieve 90% of the stated goals with almost 0% of the loss of privacy.
The idea would be that devices could "opt in" to safety rather than opt out. Allow parents to purchase a locked-down device that always includes a "kids" flag whenever it requests online information, and simply require online services to not provide kid-unfriendly information if that flag is included.
I know a lot of people believe that this is just all just a secret ploy to destroy privacy. Personally, I don't think so. I think they genuinely want to protect kids, and the privacy destruction is driven by a combination of not caring and not understanding.
Better yet, require online services to send a 'not for kids' flag along with any restricted content then let families configure their devices however they want.
Even better, make the flags granular: <recommended age>, <content flag>, <source>, <type>
No - Kid friendly should be something site's Attest to and claim they ARE. That becomes an FTC enforceable market claim (or insert other thing here).
Foreign sites, places that aren't trying to publish things for children? The default state should be unrated content for consumers (adults) prepared to see the content they asked for.
Just say the whole internet is not for kids without adult supervision and leave it at that.
It doesn't even matter if you can get something that technically works. Half the "age appropriate" content targeted at children is horrifying brainrot. Hardcore pornography would be less damaging to them.
- It's much easier for web sites to implement, potentially even on a page-by-page basis (e.g. using <meta> tags).
- It doesn't disclose whether the user is underage to service providers.
- As mentioned, it allows user agents to filter content "on their own terms" without the server's involvement, e.g. by voluntarily displaying a content warning and allowing the user to click through it.
The "problem" back then was that nothing required sites to provide a rating and most of them didn't. Then you didn't have much of a content rating system, instead you effectively had a choice for what to do with "unrated" sites where if you allow them you allow essentially the whole internet and if you block them you might as well save yourself some money by calling up your ISP to cancel.
This could pretty easily be solved by just giving sites some incentive to actually provide a rating.
As others have said, the goal is the surveillance. But this notion goes further than that. So many ills people face in life can be solved by just not doing something. Addicted to something? Just stop. Fat? Stop eating. Getting depressed about social media? Stop browsing.
Some people have enough self control to do that and quit cold turkey. Other people don't even consciously realize what they are doing as they perform that maladaptive action without any thought at all, akin to scratching a mosquito bite.
If someone could figure out why some people are more self aware than others, a whole host of the worlds problems would be better understood.
I have not once seen a proposal actually contain zero knowledge proof.
This isn't something exotic or difficult.
It is clear to me there is ulterior motives, and perhaps a few well meaning folks have been co-opted.
A ZKP will work as a base, but the proof mechanism will have to be combined with anti-user measures like device attestation to prevent things like me offering an API to continually sign requests for strangers. You can rate-limit it, or you can add an identifier, both of which makes it not zero knowledge.
Parent's proposal is better in that it would only take away general purpose computing from children rather than from everyone. A sympathetic parent can also allow it anyway, just like how a parent can legally provide a teen with alcohol in most places. As a society we generally consider that parents have a right to decide which things are appropriate for their children.
it may be simple to sleuth out over time kid status or not, but i would be very uncomfortable with a tag that verifies kid status instantly no challenges, as it would provide a targeting vector, and defeat safety.
It's tiring how legislation like this is becoming predictable and feels inevitable. This article even mentions the verification needing to be embedded in the operating system itself, spelling the death of open computing
Some people have been saying for so long that you should need a license to use the internet, and now that we have it, it's a little different than we intended :(
I'd argue it's more like KYC for the internet. Something HN users have brutally and ruthlessly defended for banking every time I argue it's a 4A violation (in fact, it's one of the most fiercely defended things anytime I bring it up).
Give in 20+ years and you'll be called a kook for thinking otherwise.
The government requires the bank to search your identity documents to open an account, even when there is no individualized suspicion you've broken the law as to why your papers need to be searched, as part of the KYC regulations passed post 9/11. Technically it's not in the statute that they actually search your documents, but rather enforced through a byzantine series of federal regulatory frameworks that basically require them to do something that approximates "industry standard" KYC compliance which ends up being, verifying the customer through inspecting their identity and perhaps other documents. This is why i.e. when I was homeless even my passport couldn't open an account anywhere -- they wanted my passport plus some document showing an address to satisfy KYC requirements.
Maybe I will have more energy for it tomorrow, I've been through this probably a couple dozen times on HN and I don't have the energy to go through the whole rigmarole today because usually it results in 2-3 days of someone fiercely disagreeing down some long chain and in the end I provide all the evidence and by that point no one is paying attention and it just goes into this pyrrhic victory where I get drained dry just for no one to give a shit. I should probably consolidate it into a blog post or something.
It isn't a coincidence we have two Palantir articles on the front page and this. It's in the cards and American's seem to be ignoring it and are more than happy to accept the dystopian future where this leads.
It's incredibly sad as an optimistic person trying to find any silver lining here.
William Tong, Anne E. Lopez, Dave Yost, Jonathan Skrmetti, Gwen Tauiliili-Langkilde, Kris Mayes, Tim Griffin, Rob Bonta, Phil Weiser, Kathleen Jennings, Brian Schwalb, Christopher M. Carr, Kwame Raoul, Todd Rokita, Kris Kobach, Russell Coleman, Liz Murrill, Aaron M. Frey, Anthony G. Brown, Andrea Joy Campbell, Dana Nessel, Keith Ellison, Lynn Fitch, Catherine L. Hanaway, Aaron D. Ford, John M. Formella, Jennifer Davenport, Raúl Torrez, Letitia James, Drew H. Wrigley, Gentner Drummond, Dan Rayfield, Dave Sunday, Peter F. Neronha, Alan Wilson, Marty Jackley, Gordon C. Rhea, Derek Brown, Charity Clark, and Keith Kautz
--
Always operate under the assumption that the people serve the state, not the other way around. There are some names in that list that are outwardly infamous of this behavior, and none are surprising considering what type of person looks to be an AG. Maybe fighting fire with fire is appropriate - no such thing as a private life for any of these people, all their communications are open to the public 100% of the time and there are precisely 0 instances where it is not the case. It's only fair considering that is what their goal is for everyone not of the state.
so they can act accordingly is the variable, a simple headcount is one thing, but when it creeps like a census, then it is prone to polyusary.
putting the consiracy hat on, the exploit is to direct as many installed AGs to push for such bills, with no big letdown if they dont pass, why/because, the demographics on dissention are valuable and are, passed to a hostile federal government.
Being active about KOSA won't get you put on a "list of dissenters". This is an issue being pushed by the States and your federal lawmakers, not the executive branch.
RIP Internet. I don't agree with any of this, but I don't see the majority of people protesting this. If anything, promotion it because: Think of the children.
"Many social media platforms deliberately
target minors, fueling a nationwide youth mental health crisis."
". These
platforms are intentionally designed to be addictive, particularly for
underaged users, and generate substantial profits by monetizing
minors’ personal data through targeted advertising. These companies
fail to adequately disclose the addictive nature of their products or
the well-documented harms associated with excessive social media
use. Increasing evidence demonstrates that these companies are
aware of the adverse mental health consequences imposed on underage users, yet they
have chosen to persist in these practices. Accordingly, many of our Offices have initiated
investigations and filed lawsuits against Meta and TikTok for their role in harming minors. "
Yet, the comapnies aren't being regulated, nor the algorithims, the marketing or even the existence. It's the users that are the problem therefore everyone has to submit their Identity to use the Internet if this passes.
Instead of lobbying for taking away everyone's privacy, why isn't the government going after those they say are the actual culprits? From the article:
"The attorneys general argue that social media companies deliberately design products that draw in underage users and monetize their personal data through targeted advertising. They contend that companies have not adequately disclosed addictive features or mental health risks and point to evidence suggesting firms are aware of adverse consequences for minors."
Okay, so why aren't they going after the social media companies?
At a certain point the world just becomes less appealing to live in. Day by day death becomes more appealing; what do you have to lose when life just means living in a pigpen?
The Sinicization of the West continues, yet people still aren't pushing back; there are no indefinite general strikes, nor is there anyone foaming at the mouth demanding the arrest of the coup plotters in power...
The strange thing is that all leaders end up doing the same. I wonder if direct democracy would be possible. Right now we are like in a Trueman show movie.
I’m going to go against the pessimism here and say that this is the US not Europe or the UK and the First Amendment has teeth. There’s ample Supreme Court precedent that anonymous speech is a protected right (Talley vs CA, Macintyre vs Ohio, etc) so I’d expect efforts like this to flounder in the courts if push came to shove.
What the US Supreme Court decides is much less relevant than it used to be because the US executive can and will simply ignore the decision. If anyone in the US administration breaks the law, they can be pardoned by the US president,if the president breaks the law, he's immune against prosecution based on a previous decision of the Supreme Court, and no court can enforce anything if the executive doesn't comply with the court order.
I have mixed feelings about this website, reclaimthenet. In one breath it supports net neutrality and and opposes ID laws, and in the next — not in this particular article — mentions the Twitter files and says the UK is a dictatorship for arresting Lucy Connolly.
I blame HN and Silicon Valley in general for consistently treating keeping children online safe as a parental responsibility only, rather than a government-parent team effort like every other regulation.
This loophole, “think of the children,” would not exist if SV had gotten over itself and not called very solution unworkable while insisting that any solution parents receive, no matter how sloppy or confusing, is workable.
Yeah exactly, had it not been for Facebook and the rest of social media not taking children online seriously, The Simpsons wouldn't have had to mock the cultural meme of blaming everything on saving children back in 1996 https://www.youtube.com/watch?v=RybNI0KB1bg
What I find puzzling about these proposals is that it SEEMS like they could be designed to achieve 90% of the stated goals with almost 0% of the loss of privacy.
The idea would be that devices could "opt in" to safety rather than opt out. Allow parents to purchase a locked-down device that always includes a "kids" flag whenever it requests online information, and simply require online services to not provide kid-unfriendly information if that flag is included.
I know a lot of people believe that this is just all just a secret ploy to destroy privacy. Personally, I don't think so. I think they genuinely want to protect kids, and the privacy destruction is driven by a combination of not caring and not understanding.
You are mistaking cause for effect. The loss of privacy is the goal, not a side effect, the rest is just a fig leaf.
Better yet, require online services to send a 'not for kids' flag along with any restricted content then let families configure their devices however they want.
Even better, make the flags granular: <recommended age>, <content flag>, <source>, <type>
13+, profane language, user, text
17+, violence, self, video
18+, unmoderated content, user, text
13+, drug themes, self, audio
and so on...
No - Kid friendly should be something site's Attest to and claim they ARE. That becomes an FTC enforceable market claim (or insert other thing here).
Foreign sites, places that aren't trying to publish things for children? The default state should be unrated content for consumers (adults) prepared to see the content they asked for.
Okay...
0+, kid friendly, self, interactive content
Just say the whole internet is not for kids without adult supervision and leave it at that.
It doesn't even matter if you can get something that technically works. Half the "age appropriate" content targeted at children is horrifying brainrot. Hardcore pornography would be less damaging to them.
Just supervise your damn children people.
yep, 18+, show id at the time of purchasing access soooo easy and zero technical issues.
Other advantages include:
- It's much easier for web sites to implement, potentially even on a page-by-page basis (e.g. using <meta> tags).
- It doesn't disclose whether the user is underage to service providers.
- As mentioned, it allows user agents to filter content "on their own terms" without the server's involvement, e.g. by voluntarily displaying a content warning and allowing the user to click through it.
Internet Explorer had content ratings back in the day
The "problem" back then was that nothing required sites to provide a rating and most of them didn't. Then you didn't have much of a content rating system, instead you effectively had a choice for what to do with "unrated" sites where if you allow them you allow essentially the whole internet and if you block them you might as well save yourself some money by calling up your ISP to cancel.
This could pretty easily be solved by just giving sites some incentive to actually provide a rating.
As others have said, the goal is the surveillance. But this notion goes further than that. So many ills people face in life can be solved by just not doing something. Addicted to something? Just stop. Fat? Stop eating. Getting depressed about social media? Stop browsing.
Some people have enough self control to do that and quit cold turkey. Other people don't even consciously realize what they are doing as they perform that maladaptive action without any thought at all, akin to scratching a mosquito bite.
If someone could figure out why some people are more self aware than others, a whole host of the worlds problems would be better understood.
I have not once seen a proposal actually contain zero knowledge proof. This isn't something exotic or difficult. It is clear to me there is ulterior motives, and perhaps a few well meaning folks have been co-opted.
FWIW, the EU is working on zero-knowledge proofs: https://digital-strategy.ec.europa.eu/en/news/commission-mak...
But I strongly prefer my solution!
A ZKP will work as a base, but the proof mechanism will have to be combined with anti-user measures like device attestation to prevent things like me offering an API to continually sign requests for strangers. You can rate-limit it, or you can add an identifier, both of which makes it not zero knowledge.
Parent's proposal is better in that it would only take away general purpose computing from children rather than from everyone. A sympathetic parent can also allow it anyway, just like how a parent can legally provide a teen with alcohol in most places. As a society we generally consider that parents have a right to decide which things are appropriate for their children.
it may be simple to sleuth out over time kid status or not, but i would be very uncomfortable with a tag that verifies kid status instantly no challenges, as it would provide a targeting vector, and defeat safety.
It has nothing much to do with kids and everything to do with monitoring and suppressing adults.
You are assuming good faith. This is why you are puzzled.
I completely agree. The problem is the lack of compromise on both sides of the issue.
I wouldn't say it's a lack of understanding, but that any compromise is seen as weakness by other members of their party. That needs to end.
It's tiring how legislation like this is becoming predictable and feels inevitable. This article even mentions the verification needing to be embedded in the operating system itself, spelling the death of open computing
Some people have been saying for so long that you should need a license to use the internet, and now that we have it, it's a little different than we intended :(
We don't have it yet and there is still time to head this off. Not much time - but still time! Talk to your federal lawmakers and state AG's office!
I'd argue it's more like KYC for the internet. Something HN users have brutally and ruthlessly defended for banking every time I argue it's a 4A violation (in fact, it's one of the most fiercely defended things anytime I bring it up).
Give in 20+ years and you'll be called a kook for thinking otherwise.
KYC is one of the greatest government overreaches in the last several decades. I'll back you up on that.
Can you explain the connection between KYC in banking and the Fourth Amendment? How does KYC constitute a government search/seizure?
The government requires the bank to search your identity documents to open an account, even when there is no individualized suspicion you've broken the law as to why your papers need to be searched, as part of the KYC regulations passed post 9/11. Technically it's not in the statute that they actually search your documents, but rather enforced through a byzantine series of federal regulatory frameworks that basically require them to do something that approximates "industry standard" KYC compliance which ends up being, verifying the customer through inspecting their identity and perhaps other documents. This is why i.e. when I was homeless even my passport couldn't open an account anywhere -- they wanted my passport plus some document showing an address to satisfy KYC requirements.
Maybe I will have more energy for it tomorrow, I've been through this probably a couple dozen times on HN and I don't have the energy to go through the whole rigmarole today because usually it results in 2-3 days of someone fiercely disagreeing down some long chain and in the end I provide all the evidence and by that point no one is paying attention and it just goes into this pyrrhic victory where I get drained dry just for no one to give a shit. I should probably consolidate it into a blog post or something.
Fwiw I lean to your side and would be interesting in reading what you have to say about it.
I’d happily host that blog. Contact info is in my profile.
It isn't a coincidence we have two Palantir articles on the front page and this. It's in the cards and American's seem to be ignoring it and are more than happy to accept the dystopian future where this leads.
It's incredibly sad as an optimistic person trying to find any silver lining here.
Bad actors like --
William Tong, Anne E. Lopez, Dave Yost, Jonathan Skrmetti, Gwen Tauiliili-Langkilde, Kris Mayes, Tim Griffin, Rob Bonta, Phil Weiser, Kathleen Jennings, Brian Schwalb, Christopher M. Carr, Kwame Raoul, Todd Rokita, Kris Kobach, Russell Coleman, Liz Murrill, Aaron M. Frey, Anthony G. Brown, Andrea Joy Campbell, Dana Nessel, Keith Ellison, Lynn Fitch, Catherine L. Hanaway, Aaron D. Ford, John M. Formella, Jennifer Davenport, Raúl Torrez, Letitia James, Drew H. Wrigley, Gentner Drummond, Dan Rayfield, Dave Sunday, Peter F. Neronha, Alan Wilson, Marty Jackley, Gordon C. Rhea, Derek Brown, Charity Clark, and Keith Kautz
--
Always operate under the assumption that the people serve the state, not the other way around. There are some names in that list that are outwardly infamous of this behavior, and none are surprising considering what type of person looks to be an AG. Maybe fighting fire with fire is appropriate - no such thing as a private life for any of these people, all their communications are open to the public 100% of the time and there are precisely 0 instances where it is not the case. It's only fair considering that is what their goal is for everyone not of the state.
Poettering will help get us remote attestation on Linux so we won't have to switch to Windows when it dies.
It's already the law in California. I don't remember any outrage here when it was passed there.
No it isn't. There is no law in California that mandates showing an ID to see ambiguously-defined adult content.
If this really bothers you, talk to your state AG's office and your federal lawmaker
The worst that can happen is you don't change things.
The best? Maybe you'll find a receptive ear. Your lawmaker stops co-sponsoring KOSA. Your state AG stops pushing for it.
i think the worst that can happen is you could be put on a list of dissention.
A list of people who dissent to KOSA is not a bad list to be on as a constituent.
You need to make it easier for your lawmakers to be on that list too. Show them there's people who won't rake them over the coals for bowing out.
Isn’t that the point? Our lawmakers keep track of how many constituents approve or disapprove of pending legislation so they can act accordingly
so they can act accordingly is the variable, a simple headcount is one thing, but when it creeps like a census, then it is prone to polyusary.
putting the consiracy hat on, the exploit is to direct as many installed AGs to push for such bills, with no big letdown if they dont pass, why/because, the demographics on dissention are valuable and are, passed to a hostile federal government.
Don't comply in advance
Being active about KOSA won't get you put on a "list of dissenters". This is an issue being pushed by the States and your federal lawmakers, not the executive branch.
Just as a note, federal officials are retaliating against those providing respectful comment on policy.[]
So the worst that can happen could be worse than nothing.
[] https://www.aclu.org/press-releases/department-of-homeland-s...
Did I say to provide feedback to the Trump administration - an entity that has not made an official stance on this matter?
No.
I said your state Attorney General's office and your elected federal Senators and members of the House.
So I reiterate - the worst that can happen is you don't change where things have been going to.
The best? Your elected officials bow out of this.
Would this mean spammers and advertisers cannot send me email and ads if I refuse to allow my mailbox to authenticate my age to them?
> 40 State Attorneys General Want To Tie Online Access to ID
Here's the actual title of the article, which is much more concerning than the HN title.
RIP Internet. I don't agree with any of this, but I don't see the majority of people protesting this. If anything, promotion it because: Think of the children.
"Many social media platforms deliberately target minors, fueling a nationwide youth mental health crisis."
". These platforms are intentionally designed to be addictive, particularly for underaged users, and generate substantial profits by monetizing minors’ personal data through targeted advertising. These companies fail to adequately disclose the addictive nature of their products or the well-documented harms associated with excessive social media use. Increasing evidence demonstrates that these companies are aware of the adverse mental health consequences imposed on underage users, yet they have chosen to persist in these practices. Accordingly, many of our Offices have initiated investigations and filed lawsuits against Meta and TikTok for their role in harming minors. "
Yet, the comapnies aren't being regulated, nor the algorithims, the marketing or even the existence. It's the users that are the problem therefore everyone has to submit their Identity to use the Internet if this passes.
Instead of lobbying for taking away everyone's privacy, why isn't the government going after those they say are the actual culprits? From the article:
"The attorneys general argue that social media companies deliberately design products that draw in underage users and monetize their personal data through targeted advertising. They contend that companies have not adequately disclosed addictive features or mental health risks and point to evidence suggesting firms are aware of adverse consequences for minors."
Okay, so why aren't they going after the social media companies?
They are in some other democracies. We will see how it all plays out.
They want to sniff after everyone. The "omg terrorists" or "omg children" is the lie.
And why wouldn't a state attorney want this? I expect cops would also like blanket warrants usable whenever they deem necessary.
That doesn't mean they should get what they might want, or that its Constitutional.
In the 90s they told kids: don't give strangers your real name online. In 2026: the government demands your ID to access the internet. Progress.
To be fair some things loosened others tightened. In the 90s you were much more flippant with your social security number.
Next they'll try to make Tor and I2p illegal.
At a certain point the world just becomes less appealing to live in. Day by day death becomes more appealing; what do you have to lose when life just means living in a pigpen?
resist
What is a good resource for reviewing the advantages and disadvantages of mandatory Real ID for Internet access?
Aren't there sound reasons to support anonymous whistleblowing?
Would there be critical feedback without pseudo-anonymity on the internet?
But you folks just have to dom all the haters.
What is their favorite thing: stuffed animal brand, candy, musical artist?
But then wouldn't undercover ops be obvious?
Is this similar to the "ban all crypto" movements that periodically forget everything we've learned about infosec and protecting folks?
Do protectees' deserve privacy for their safety?
In the 1990s, they told us kids not to use our real names or addresses on the internet.
The Sinicization of the West continues, yet people still aren't pushing back; there are no indefinite general strikes, nor is there anyone foaming at the mouth demanding the arrest of the coup plotters in power...
I suggest to (re)read
- https://www.dni.gov/files/documents/Global%20Trends_Mapping%...
- https://www.dni.gov/files/documents/Newsroom/Reports%20and%2...
These predictions have largely come true.
Between this and https://news.ycombinator.com/item?id=47026134 on the front page it feels, yet again, like we’re speed running to living in a Peter Watts novel
If there are 40 state Attorney Generals signing this letter, this must include a number of Democrat lead states as well correct?
we really need better leadership
The strange thing is that all leaders end up doing the same. I wonder if direct democracy would be possible. Right now we are like in a Trueman show movie.
somehow need to remove money from politics.
also need a more informed citizenry able to see through propaganda.
The internet as we know it will be the first casualty of a great power hot war. We are living on borrowed time.
All forms of citizen power, such as widespread publishing, will eventually be tied to strong ID requirements.
You can’t illegally retaliate against citizens if you don’t know where they sleep at night.
I’m going to go against the pessimism here and say that this is the US not Europe or the UK and the First Amendment has teeth. There’s ample Supreme Court precedent that anonymous speech is a protected right (Talley vs CA, Macintyre vs Ohio, etc) so I’d expect efforts like this to flounder in the courts if push came to shove.
What the US Supreme Court decides is much less relevant than it used to be because the US executive can and will simply ignore the decision. If anyone in the US administration breaks the law, they can be pardoned by the US president,if the president breaks the law, he's immune against prosecution based on a previous decision of the Supreme Court, and no court can enforce anything if the executive doesn't comply with the court order.
I have mixed feelings about this website, reclaimthenet. In one breath it supports net neutrality and and opposes ID laws, and in the next — not in this particular article — mentions the Twitter files and says the UK is a dictatorship for arresting Lucy Connolly.
I blame HN and Silicon Valley in general for consistently treating keeping children online safe as a parental responsibility only, rather than a government-parent team effort like every other regulation.
This loophole, “think of the children,” would not exist if SV had gotten over itself and not called very solution unworkable while insisting that any solution parents receive, no matter how sloppy or confusing, is workable.
Yeah exactly, had it not been for Facebook and the rest of social media not taking children online seriously, The Simpsons wouldn't have had to mock the cultural meme of blaming everything on saving children back in 1996 https://www.youtube.com/watch?v=RybNI0KB1bg
Aren't most of these problems directly caused by the government claiming to do these things to protect children?