ZH version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
50% Positive
Analyzed from 13324 words in the discussion.
Trending Topics
#don#law#surveillance#age#privacy#government#doesn#should#more#every
Discussion (306 Comments)Read Original on HackerNews
Did they think, as they worked to transfer final say from users to corporations, by technical means, that politicians couldn't transfer that control to themselves by political means?
Did they think they could lock things down to extract their 30% app store fee while enforcing rules through app review (and demonstrating censorship of sites like Tumblr) that politicians wouldn't want that same rule-setting, censoring power?
Did they think their employers were going to prevent that transfer, that the trillion-dollar companies would become some sort of Che Guevara style insurgents, running a guerrilla campaign to overthrow the very system that made them trillion-dollar companies?
This is akin to how two kinds of people respond to law. The first kind think "This is the law, we must follow it" and the other kind think "This law doesn't make sense, we must change it".
People who look at pedestrian traffic lights and cross when it's green vs. people who look at cars and cross when there are no cars coming. The first say you must follow traffic rules and the second kind say they wouldn't be alive if they looked at the green/red light of law instead of whether there are oncoming cars: a green doesn't mean it's safe to cross and a red doesn't mean you can't cross if only there are no cars.
Indeed. I can't understand the people who blindly believe any law is good just because. Stop, think. Is the law good? What's good about it? What's bad about it? Can it be abused? Then maybe it should be changed?
I advocate that every law should have an annual review to catalog every case where it has been applied. How many were sensible positive outcomes? How many were unintended consequences? How many were clear abuses of the letter of the law? Every legislator should vote on the record based on that annual review to either renew or cancel the law.
I think many people have an expectation that (all) laws are just and needed because... somehow they're the law.
In reality, laws can be unjust, unnecessary, biased, and completely arm-wrestled together by people strictly following an agency of their own. Other laws are put together by sheer ignorance and lack of thinking beyond mere good intentions. The first question shouldn't even be "is this law fair" but "was this law made fairly".
It creeps me that people treat laws as axioms whereas they're just polished and reinforced opinions. Sure, many laws we can agree on, and many others that don't agree on aren't worth changing, but you should always question the law and question where it came from before choosing to accept it.
I can see the same pattern with technology such as the various digital restrictions management (DRM) schemes.
Personally I would put myself somewhere between your two "kinds of people". Many individual laws are bad and should be changed, but the rule of law itself is a good, stabilizing force that should generally be respected. If people only followed laws they 100% agree with then that would be chaos, therefore even bad laws deserve at least a modicum of respect.
I like this idea but frankly I don't trust our lawmakers to do a fair assessment of this. Maybe there's an independent, non-partisan committee that does this.
https://www.nytimes.com/2003/06/30/business/technology-a-saf...
The mindset the parent described extends to what they're asked to do. They don't challenge it. It doesn't have to already be law for them to accept it and build it. It's enough that the ask comes from authority (a boss, a government) and pays.
I like to call those people "ventablackpilled". Being blackpilled is all about gloom and doom, but being ventablackpilled is beyond being blackpilled. It is when you actively want the world to be a worse place because you believe that that is how the world works.
The solution to avoiding dictatorship is engaging in politics and preventing dictatorship directly through that. Trying to retreat into the (perceived) wilderness and build barriers to dictatorship doesn't really work. But since people drafting that statement don't believe that politics work and it is, in fact, possible to both have a vibrant political scene (we have what, five viable political parties vs the American two?) and not let kids send nudes, they try to drag everyone into the same mind frame.
I sometimes work with people who worked on or at least worked with DRM-like stuff (Trustzone etc.). The people who make those systems and the structures that allow it falls squarely on banality of evil. It is not a big evil org or people with their own evil agendas (unlike Palantir, i think they are the true "ventablackpilled" ones). They are thousands of developers who push JIRA tickets like everyone. Many of them live in the developing world and they just pray to keep their jobs. The reason that big tech attracts developers despite their obvious and much bigger (IMO) evils is the same reason that attracts developers who make systems that can be completely closed down.
Many of the developers are not outright evil either. They sometimes voice their opinion. Their opinion doesn't matter in comparison to the business goals.
Sometimes it is understandable to write blocking software. Not all equipment is sold. Many industrial equipment is leased. So the actual owners want guarantees that their devices cannot be modified by renters.
The amount of info you can extract from an Apple phone or Graphene OS is limited due to same restrictions working in your favor too.
Similarly phones can be locked down due to radio restrictions. Nobody wants infinitely exploitable SDNs in peoples hands. It makes such SDNs a juicy target for enemies like Russia to exploit and turn into scalable attack vector as spoofing and jamming devices.
The reason those are attack vectors is also banal. We made our bed as engineers, voters, governments and business leaders one sloppy work at a time. We made shitty chips and shitty software with no care for security or safety. We sold millions of them and nobody wanted to pay to "do it right way". Worse is better. Silicon Valley style scaling up is the goal. Competition is for suckers. All those and every single one of us ate the fruits of shitty hardware and software that are protected by closed down systems. We engineers got the cushy jobs, our business leaders made 10x 100x gains from our work. We either had little voice (because making a big noise is guaranteeing that your cushy job no longer exists) or whatever we had is ignored in the hubris of shipping shit to billions of people.
There exist more kinds:
- the "rebel": "this is a law/rule, so I have to trespass it". This often holds for people who are either annoyed by rules or red tape or for people who see no hope of changing the law. An example are the "blade runners" in London who organize to destroy lots of surveillance cameras at once, in particular those that are used to enforce low-emission laws. [1]
- the "evil": "this is law, so I will (ab)use it for my personal gain".
[1] https://www.independent.co.uk/news/uk/crime/ulez-cameras-van...
The evil is just a subset of the first type, abuse and use are functionally the same action within a poorly or properly constructed law/policy.
Some are also doing it for the technical challenge, especially those working on new tech rather than refining what already exists. Like the people who try to solve the great problems of mathematics/physics (or find interesting new ones) for the challenge of it (and sometimes refuse prizes & recognition if they do solve or otherwise discover something vital).
This sort of person is often blinkered to the possible extreme long-term outcomes, or are able to mentally separate themselves from them (“I just made the discovery, I didn't use it to do anything bad” or “I was paid for it, follow the money source and blame them”). Of course once a genie is out of the bottle, other sorts of people are more than eager to ask it for wishes…
Suppose there is some peon at Microsoft who is ordered to write code for Pluton and then does it because they don't want to be fired, expecting to hide behind the Nuremberg defense. The people in your second group will naturally disapprove of this.
But regardless of that, we can ask the same question of the person giving the orders. Someone in these companies initiated these programs, so are they merely fools who couldn't predict the obvious consequences that others did, or are they truly malicious?
I would rather say: people who are too "rebellious"/"non-obedient" don't get into a position where they are ordered to write code for Pluton.
What? I don't understand how this is a "two kinds of people" generalization, when the two categories aren't even mutually-exclusive?
One can think a law is bad and should change, while simultaneously recognizing the rule of law and following it.
It's pretty weird to try to pit those two perspectives against each other
That said, I'm not going to pretend I'm one of those people who say "this law doesn't make sense, we must change it." it's more like "this law is not convenient to me right now and I am willing to suffer the consequences of breaking it" but frankly I'm not going to start a grassroots effort to try to change it.
Don't forget the selfish jerks who simply ask for whatever class of traffic that isn't them to be punitively regulated to their benefit.
(both literally and transferrable to other issues as a metaphor)
The problem with that is it generally requires a central point of trust.
Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
Without commenting on the UK governments stuff (It is probably full of shit, but then thats what lobbying does) We as technologists need to engage with wider society and understand on their terms, the worries they have.
For this particular "proposal" it strikes at the core worry of today's kids. They are sadder, more insular, more dependent on mobile comms and exposed to much nastier stuff than millennials were at the same age.
AT my school in the very late 90s, a group of 14 year old girls went to the beach and took a disposable camera. Standard photos apart from one, which was a group of them topless. One of them brought them back from the developers into school. Somehow the topless photo was stolen and passed around various classes.
It ruined her month, even though she got the photo back. I suspect it left scars longer than that.
Now imagine not being able to get that photo back. Thats the problem for todays kids. One moment of stupidity and a lifetime of consequences. (under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life.)
You could say "oh education" but did you listen at that age?
Whats worse now is that there are no gates on what photos can be developed by the normal person. If you took any photo that was explicit, it almost certainly wouldn't be printed (hence why there were very little dick pics from that era).
Is what the UK government proposing workable? well looking at the OSA, almost certainly not.
However unless we, as a tech community engage with society, with useable answers that are understandable to the normal person, then we are going to be crushed by the weight of "something must be done". Absolutism is not our friend here. We need to engage and choose compromises, or lose wider freedom for ever.
While I don't doubt that's a motivation, the problem I have is it's really a question of likelihood. I feel that in terms of security focus it's very common for people to put on blinders and ignore the likelihood of an exploit in favor of "Ooooh look at this thing that COULD be exploited!"
It's fundamentally the problem I have with how CVEs are reported and handled in general.
In terms of secure boot stopping problems. Yes, it does stop someone from rooting a device which is great. However, someone that has access to root a device almost certainly also has the ability to just install a virus in the OS startup scripts. Or to modify a user executable. Or to modify the user's PATH environment variable to inject a malicious app in front of a commonly used one.
That's what I wish security focused people would weigh more heavily when they evaluate these sorts of threats. "What other damage could a malicious individual do if they had the same permissions to pull off this exploit."
Yes, its more like a popularity contest.
But secure boot stopped(or stops) a whole bunch of driver/rootkit exploits, which was a big thing in the late 2000s. It means that a random driver that is inserted by some script kiddie raises a whole bunch of warnings, which it wouldnt have done before.
We have come a long way since windows 2000
The problem with it is that the people who want to use a central point of trust as a chokepoint for censorship, surveillance and monopolization keep claiming that this is required when it isn't.
> Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
The premise being that if you have a monopoly then ordinary people can trust it. Only that isn't the case. A monopolist not only can be just as malicious or incompetent as any of the multiple players in a competitive landscape, they're more likely to be because the lack of competitive pressure allows them to be more abusive and complacent and more capable of capturing the government.
> under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life
That seems like a problem caused by the law. Why is it possible for any actions taken as a minor to cause someone to be put on a permanent list when we recognize that minors aren't mature enough to be held responsible for that?
> Now imagine not being able to get that photo back.
Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
Its a second order effect. The problem is predators get children to take pictures and distribute them. To stop them escaping justice it requires a certain level of absolutism. In Common law, there are exceptions. However people exploit the system.
> Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
I mean there are loads of ways to look at this. But if we want to have strong controls over your data, then sharing should be controlled by the owner, not the platform. Currently there are no trusted environments that allow people to share securely and privately data without it being copied.
My understanding of what is being proposed is that cameras will have basic nudity detection on them, and they will refuse to take the pictures if the device is registered to a person under the age of 18.
That, more or less is not privacy invading, depending on how its done.
The central point that you are missing here is that something which was quite hard to happen in 1999 was destructive to a child life. Now its much easier to do, and there is an actual economy in sourcing, exploiting and trading these pictures/videos.
We were the vanguard blocking this to the public's benefit, now they've voted for it our only duty is to ourselves; to make sure the rules don't apply to us.
I think its perfectly winnable argument. For example we already _had_ age gating in the UK, its just it was at the network level on mobile internet. It worked and was unobtrusive.
The antidote to the OSA was to just extend that to domestic internet.
That argument was lost, and lost hard. mainly because we didn't engage properly with a believable solution.
> to make sure the rules don't apply to us.
The point is, they don't really apply to the determined. the same argument could be made for painkiller blister packs. The level of friction that the packs provide reduce drug based impulse suicide by 40% (depending on which study you reference)
The argument against it is "I can't be arsed with pressing the little shits out, I just want it easy". The Populist approach is making it prescription only.
Unless we engage properly, on the right level, then we are going to be worse off.
Believe me, the people writing the age verification laws care a great deal whether the age verification can be turned off by the device owner.
The whole exercise would be pointless if teenage device owners could turn the censorship off.
A sufficiently adversarial teenager could get a different one, but they could do that regardless since it generally costs even less to get some 18 year old high school senior or homeless adult etc. to lend you their ID than to buy another device.
It's a kind of blindness. The kind that is, in my opinion, is one of the major reasons why we ended up building a world that's more than a bit dystopian.
I have seen time and time again that individual, principled stands like this do nothing to change anything and only hurt the individual. Unless you are part of an organized movement against something, opting out doesn't help.
I think you can learn about it most by reading clever, capable people from big tech corporations. Their framing often involves tradeoffs against a slow but inevitable societal pressure that is helped by compromising on freedom.
So I don't believe they are ignorant of all your points; it's rather that they don't see a realistic way how tech, corporations, and perhaps even ordinary people can go forward (being better, or richer, or more sophisticated or whatever) without making that compromise. It's as if they saw the forking paths of the future, and none will end up without technical restraints, regardless of whether they do it or whether things just get worse and someone else then does them.
- Oh but you can turn it off so it's no issue (secure boot). Well yeah but more and more stuff just won't run then (eg iOS apps on Mac). It will become the norm to stay inside the fuzzy walled garden just like it already is on phones. And if you stray you will just be blocked from any app that does something useful.
- But companies need to be sure you are who you say you are (attestation). Yes but they will abuse that power if they can profit from it.
Same thing is happening with age verification. We had the chance to just ask if the user is over 18 when setting the computer up, but we didn't do that so they're using a solution from a mass surveillance company instead.
Having argued these topics for decades, I think that a lot of people just truly can't foresee the inevitable consequences. I don't know why, the consequences seem obvious but because they are not spelled out, many people say it won't happen.
Makes me think of the most sobering line I ever saw in a museum (Berlin): The biggest atrocities were committed by people with a spreadsheet and a performance goal.
If EVERYONE that got hired to build the enshittification of humanity would just speak up about what they were asked to build there is no 'next guy' - ar at least we all know that the 'next guy' is wilfully complicit in the evil done at the company and you can disinvite him to family reunions and refuse him membership in the golf club for humanitarian violations.
I.E. What good is a mortgage payment when the next guy cant hire a plumber because the whole town knows he's a vile POS?
But the line of people doing the work, and keeping their mouths shut about it is nearly an unbroken chain from start to end. And here we are because no one wants to be the only one speaking out against evil, when we all should be.
Or even surveillance, for that matter.
Plenty of hubris, mind.
Communism and fascism were both fueled by atheism (either explicit or functional), not a Judeo-Christian worldview.
"Ohne Gott und Sonnenschein bringen wir die Ernte ein." (Without God and without sun, we will get the harvest done.) - the slogan of East Germany in 1975 when people were hungry and it kept raining during harvest.
Arguably this plan is mostly working for Apple.
I'm not saying we should lynch them, but a good deal of public shaming is in order. Who knows, their kids might pick a different vocation.
Corporations are already hostile enough that it doesn't really matter:
The report says that between 30 and 40 Rockstar employees working in multiple offices in the UK and Canada were fired on October 30, all of them part of a private trade union chat group on Discord. - https://www.pcgamer.com/gaming-industry/rockstar-accused-of-...
Leaked Amazon Whole Foods Docs: Workforce Diversity Helps Prevent Unions - https://www.informationliberation.com/?id=61403 (summarizing https://www.businessinsider.com/whole-foods-tracks-unionizat...)
Microsoft Are Fixated on “Hate Speech” With Lopsided XBOX Live Enforcement Strike System - https://www.techopse.com/microsoft-are-fixated-on-hate-speec...
The game of GO delivers an idea where a very large construct can be built then in one move the entire thing flips to a different purpose... seems relevant somehow..
Pretty sure they didn't do a lot of thinking.
Why does that matter? If it's bad for politicians to usurp that power, it's already bad for corporates to have it in the first place.
I'd rather politicians use power in a way that includes democratic oversight than, say, Peter Thiel doing whatever the hell he likes.
Silicon Valley has its own ideas of what "privacy" and "surveillance" mean
To those folks, it does not mean privacy from Silicon Valley companies
The Signal app will keep on trying to connect to the mothership
Because to the people who work on Silicon Valley software, that is not a privacy violation
The battle is over _control_ over software not privacy or surveillance. The later is not possible without the former
Silicon Valley does not want the user to have control any more than they want the government to have control
At a corporate level, no one cares about lots of freedoms, except if it is a selling point.
If 'keeping freedoms' is a selling point then the ideal position is to gain the kudos of appearing to support this whilst also getting the benefits of the loss of freedoms. Why not get both?
Your argument is flawed here. The truth is that measures such as secure boot do have real security benefits. They can be misused, like any technology can be, but that is not an inherent feature of the tech, but rather how it is implemented. And as the developers of such measures are not a monolith, it is unfair to paint them as merely trying to exert control. I'm not going to argue that some involved parties were trying to exert control. But lots of others were trying to implement a genuine security benefit for the users, and they don't deserve to be reprimanded as if they were some kind of apologists for authoritarianism.
You can argue that exerting control is a good thing - a clever scam artist convinces a vulnerable user to paste an attack at the command line, and the benevolent OS vendor uses their control makes the attack impossible, no matter what the scam artist tells the user to do. A greedy software maker produces a spyware-laden, cookie-stealing update and asks the user to enter the admin password to install the update. The benevolent OS vendor uses their control to make such malicious updates impossible, even with the administrator password entered.
But even if the control is being used exclusively for good, it is, ultimately, control.
See: the PRC. Support for surveillance is allegedly high. Anecdotally, talking to PRC citizens in circumstances where they don't need to worry about said surveillance (e.g., when they're vacationing in Japan and I want to pester someone and practice my mandarin), they generally like it. Makes them feel safe.
The CPC has sold them on a vision of them as members of the state-race "Chinese" (which is not really an ethnicity any more than "American" is) and the surveillance as a thing that keeps them and their "Chinese" lifestyle safe from non-Chinese. Uighurs have to be extra surveilled until they're also Chinese, which, many are now according to the CPC.
So PRC citizens feel safe and cozy among in the country for "their people," not realizing this whole ethnonationalist concept is at best 100 years old, maybe even younger. During the Qing dynasty, there's a whole hell of a lot of people that think of themselves as "Chinese" that definitely weren't by the dynastic government.
I smell similar happening in Russia, the USA, and Israel, with State support. It looks like right wing groups are trying to pull it off in the UK and Germany as well.
I'm not sure you are aware that China has monitoring operations for its citizens outside China.
Good tech empowers individuals and subverts authorities, corporations, oligarchs and governments. Bad tech subverts individuals and empowers authorities, corporations, oligarchs and governments.
Scams, stealing credentials, stealing money, botnets, viruses, losses of data, ransomware, etc etc etc.
What is better for most people is a locked down device like an iPad where each app has to be approved and they're incredibly sandboxed. 20 years ago we had people installing malware because a strange email promised them smiley face emojis.
When we transitioned from the single-user ODS-based Windows model (ie Win98/SE were the last of that line) to a multi-user restricted privilege model based on NT 3.0/3.5/4.0 (first as WinXP) it was meant to be better but privilege escalation was still too easy because of what users had become accustomed to doing and of what was needed to install software you downloaded.
Things like an App Store (on Mac and eventually on Windows) are actually a good thing. Signed apps are a good thing. Having to go out of your way to install unsigned apps is a good thing.
I really abhor "technical libertarians" because they never address these issues. It's all principle-based while ignoring reality, human nature and whether or not unfettered access gives users something they even need.
Also, other people pay the price. Where do you think these DDoS attacks come from? Compromised Windows PCs (primarily).
I'd argue that giving governments and corporations control over our devices has also been an unmitigiated disaster. You could say the same thing about any kind of freedom though couldn't you? Freedom is so dangerous after all. Look at all the problems it's caused. Giving up all of our freedoms would surely make the world better right?
> I really abhor "technical libertarians"...
Well, I abhor those who try to take freedom away from people. So the feeling is mutual I guess.
It'll be best for society if things are a little more regulated, a little safer. And I'm happy to help where I can. Listening to the terminally online about it would be counterproductive.
1. You need a camera on your computer to allow a third party to verify your age before viewing adult content
2. It applies to social media too
3. It applies to your operating system too
4. Unless you age verify, the law demands your computer must be powerful enough to run an AI, or be internet-equipped and send your private photos to a third party, to detect and prohibit nudity. It must be capable of running in real-time, presumably, to work on Facetime calls and such.
Next step, certainly to outlaw most operating systems and older devices. Excellent news for Google, Apple, and Microsoft, bad for Linux and alternative operating systems. Remember when schools handed out Raspberry Pis?
Edit: And they are asking for this to be implemented for free in three months, because nobody knows how software engineering works. Great job
However the original proposal was pretty much aimed at phone manufactures. It is perfectly possible for current gen phones (and previous gen) to detect nudes in camera. Infact most phones do that already in order to adjust the exposure, its just you dont see that.
The problem for the UK is that they are not legislating technically. The original proposal was tightly scoped. The problem was, because of the way government runs in the UK it was shelved. Now that its not, the original scoping has been mashed, as its been blended with an child social media ban (quite what makes them think social media is ok for elder millennials++ is also interesting)
If they actually decided to make laws like they did for building materials or cars (ie all phones must conform to EU/BS standard x/y/z) then life would be much easier for everyone. But alas we have forgotten how to govern. something must be done now
They won't have to.
Instead, they'll just make some new essentially mandatory tech which older devices cannot run – update or stop existing, societally.
----
Phones and email already seem this way (i.e. "required") – from my perspective as an internet user whom doesn't use phone/email, personally. Nobody believes me when answering "no phone, no email" – free-est man alive - their loss is disbelief.
The question - why hand that to Farage and his far right? Is Keir Starmer a far right operative in Labour? His track revord would suggest so, but do we have any receipts?
Why would anything else even be needed in that space? The interest of parents and tech companies likely align here.
The Government is going to put a snitch on every phone, tape every bedroom, and listen in every evening on every home. Every doctor's visit. Every therapy session. Every pub. Every street. Every store.
When the snitches phone home, what you type to your lover may get the cops sent to your home.
Artificial stasi in every desktop, laptop, tablet, camera, and phone. Around every corner. In every living room. No one will be exempt from their gaze.
Are you ready for your vacuum cleaner to phone home?
I hadn't heard this before. Doesn't that kind of defeat the entire purpose of using the app?
Knowledge is power. Forced revelation of our inner lives puts each of us in a position of vulnerability.
Even when "not abused", the very real latent threat actively takes away freedoms of thought and action.
It is extreme abuse.
It undermines any sense that the state works for the people, when it operationally embodies a maximalized one-way threat over all citizens.
AI collation exponentially compounds the threat, the passive and active damage.
One of the wisest ethical/safety concepts ever: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated."
Democracy that sets up the levers of total autocracy is the greatest possible perversion and threat to democracy. Democracy only works as long as it recognizes government is the greatest threat to freedom. And that strict limitations on its power over citizens is the only defense.
Due to the fact that it can't easily be modified without the source, software is uniquely able to act against the interests of its owner in a way almost no other product can. Client side scanning wouldn't be viable if people could just install a mod that disables it, and remote attestation would be a much harder sell if the availability of such mods were expected.
Maybe software copyright should require releasing the source and build tools just like patents require releasing the design...
What a dreadful legacy to leave - a sad attempt to get the biggest possible bang for the smallest possible buck. Also, 3 months? Perhaps that is as long as he expects to be pm.
This step forward is instead of building understanding of, and solutions for, the erosion of communities, trust and empathy for others. I feel these things might (MIGHT!) be overlooked symptoms of poor investment, policies and governance for healthy society. Crikey, perhaps I shouldn't try and call that into account, it sounds like I might be cynical about politics. Oh dear...
The earliest example I can remember is the Clipper Chip. That was dead three years after it was proposed.
This current idiocy - proposed by a PM who promoted a very good friend of the most notorious paedophile in recent history to ambassador, against the recommendations of the civil service - is similarly doomed. Three months to implement huge changes to every OS on the planet? Like that's even remotely likely.
There's no reasonable reason why a 501(c)(3) won't put this out there to make sure there's redundancy so we could built an alternate network if they're compromised by some gag order.
The trade is we get (hopefully) people very dedicated to keeping the org developing the stuff alive and well-funded, and gaining mainstream acceptance/attention.
> Despite [iphone age verification] children can still take, view, share and save nude images. The government therefore wants Apple and Google to block nudity across the whole device by default, so they can only be deactivated via age assurance.
We tolerate the systematic child rape and run cover for the perps, but teens sending n00dz is a bridge too far. It's time for the UK to nut up and start holding these kids accountable. This works well, too, because it's deactivated on the devices used by adults, so they can continue to view their child porn, I guess.
Is there another reading of this?
Maybe not, but as long as the average person thinks it is, it may as well be.
The average person hold all kinds of conflicting views.
The average middle class parent will surveil the shit out of their children, for example.
Hence the title of the article is not completely correct. The outcome of surveillance is the intent of the entity surveilling. In the case of the parent, this is likely the safety of their offspring. In the case of a state entity, it's likely the safety of the people in power of the state. This second type of safety is very dangerous and does not include your safety.
Most of those parents will argue that they have the right to do that and are actively recommending other parents to do the same. It happens so much that a local celebrity actually said the following recently (paraphrased)"As long as you live in my house I(the parent) have the right to go through your room, your stuff and your phone whenever I want".
In my country this is actually illegal as kids have a right to privacy just like the parents, though it happens so much since kids don't have the resources to sue their parents therefore people think this is normal (and kids grow up thinking it is normal).
Check out any comment section on transportation policy, environmental policy, professional licensing for trades other than software. Look at how HN, people who should know how this sausage is made, schemes about how policy and technology can be used by government to enforce it's will and preferences upon other people in ways they cannot avoid or resist. It's not a case of divide and conquer, it's a case of completely lacking principals. Nobody believes in privacy, civil rights or that the application of government (violence) should be expensive and difficult and politically fraught when it's an application that they like. Nobody is thinking far enough ahead to wonder how those systems will be used when the whims and dispositions of government and society shift.
Just this morning I was reading a comment where some jerk was scheming about how the government should (the implication being that now that AI makes it easy to automate) scrape property listings and fine people for not pulling permits when there's a diff from the prior listings and that the whole thing can be automated and anyone innocent can just have the government tour their home to prove it.
Tech.. it truly is a tool and something of a true reveal of character. It immediately shows what you do with power.
This certainly isn't a result of democratic overreach by a concerned group of citizens. No demographic is demanding this.
It's one of those "create the infrastructure for stasi 2.0" the epstein elite tries to periodically ram down our throats ironically using "think of the children" to manufacture consent.
The last time they did this they contracted saatchi and saatchi to run an a disturbing campaign: https://londondaily.com/revealed-uk-gov-t-plans-publicity-bl...
It's not like it's the average person pushing it.
It’s simple: when the risk of getting caught is too high, crime plummets."
https://x.com/rahul/status/2063984276610114001
Sounds great until you realize anyone that does that effectively gets their residential address publicly doxxed and archived by archive.org (unless they can use a separate company address or spend money on a po box). And to make it worse, unless you have an obvious named company it's basically useless for looking up data controllers.
I'm thinking something that automatically scans your computer for porn or other things, like ripped film mp4s and sends it to the goverment to be analysed.
Or perhaps little gps trackers that children are mandated to wear at all times.
> Child safety looks like well-funded education, robust social services, and meaningful guardrails on the very AI technologies and platforms the current government is eagerly courting.
is such a weak, unrealistic, slow and idealistic solution to the real suffering of children. I was hoping this thread might offer up some better alternatives.
The counter must be as visceral is the claim. They make an emotional pitch:your children are in danger, surveillance is the solution. The counter must show the dangers in visceral, emotionally relevant way. This surveillance is actually a risk to parents and children as well - that by the accusation of an opaque, unaccountable system, you will be labelled a pedophile, and your kids taken away. That when sharing a picture of your own child with your own mother, you will have to worry about what the electronic bureaucracy will label your picture as.
Abstractions like privacy,and categorical claims, aren't going to reverse this. A properly pitched campaign could do. Sure, complain that politicians and the public are dumb. That may make you feel better but it won't change this an iota. Talking to people in the terms they care about might.
I 100% agree on the need to counter emotional fire with emotional fire. And this is the right way to combat this sort of overreach
However, I do think that “the choir” need to rethink what is and is not privacy - a huge amount of the benefits of having our every waking moment monitored by the virtual world (which is going to happen) can be lost if we don’t allow epidemiology to follow our digital selves.
Detecting one’s word use is slipping might signal a trip to the doctors or a thousand other digital tells that will help us improve our lives. If we have to fight against ads and digital searches for terrorism, at least let’s get the benefits too.
Let’s say we define personal data about, generated by or inferred from the actions of a natural person as owned by the society as a whole. And misuse is liable to 5% of annual turnover. It’s more or less GDPR. That seems viable - and I am sure an army of class action lawyers will be happy to help out
(Ok I need to work on a better proposal but I think this is more doable than you are allowing for)
They are just plain embracing a culture of paranoia, cowardice and extreme surveillance. I wouldn't care because I don't live there except the dystopian tech and business models they're developing ends up crossing the seas.
Some people will tell you that they need a pointy knife for cutting tomatoes but they should try using a serrated knife instead: it's much better.
I agree that this is the wrong direction to develop into.
Education is hard but effective whilst surveillance is easy and ineffective. Guess which option politicians take?
We should guard against the misuses and create enough legal frameworks to protect individuals' privacy (and aggressively uphold those protections). Private companies already do that - if I query a database for PII without proper approvals, or I query it outside the approval's boundaries, it'll take a couple minutes for me to receive something between a harshly worded e-mail and a visit from a couple large people who appear surgically incapable of smiling.
What is it a tool for, it is a tool for observing while no person is present therefore breaking privacy.
Any tool is (as long as it exists) always used for right or wrong, good or evil. However what might be good or evil is very subjective. Both in the moment and looking back on the use of the tool. Therefore it might be best to consider not creating the tool at all, instead of the current we'll try it and see what happens rhetoric.A nuclear weapon is a tool. You can use it to blast a city-killing asteroid, one you just noticed, into pieces that'd burn in the atmosphere (and miss the city). You can also use it to mass murder an entire population.
> it is a tool for observing while no person is present therefore breaking privacy.
The capacity exists, but it's not necessarily used all the time. We should create the legal frameworks to protect ourselves from the misuse of the technology.
Then it hits reality and it takes about 5 minutes for governments to start abusing it and when caught will retroactively legalise their actions https://www.bbc.co.uk/news/world-asia-23769206
By choosing not to engage with a tool you are deciding that the tool serves you and your goals (perception of good) best by not being used. You can make it illegal to use the tool but as long as the tool exists it does not mean it won't be used.
Think of the millions devices part of a botnet or web accessible camera's that are being used illegally by malicious actors.
Isn't it worth considering if we actually need and/or want this tool to be build in the first place?
The statistics on global child porngraphy rings are quite shocking. The UK is a big market consumer for these images/streams.
Actually withholding the image may make it harder to fight the accusation (in court) if wrongly categorized.
For now the category argued seems to be "nude children" but what safeguards are there that prevent another category "politically sensitive"?
Are any of us expecting that there are safeguards in today's global political environment? in tomorrow's?
Honestly, the only safeguards against abuse of surveillance are that the surveillance not happen in the first place.
Once it has happened, the only safeguards keeping the owners of the system from using it to coerce and control the masses exist in the form of pitchforks and ropes wielded by the masses, and the days when that was a real potential for repealing any such coercion and control are fully in the distant past.
These systems are made possible and installed beyond the reach of any constituent based consent - see the current condition of Ring cameras, Flock, and the many tools created by Palantir et. al and much like the boiled frog analogy the citizenry has sat in their movie theatre and restaurant seats telling each other soothing lies about how the goal was to make us even safer from ourselves and now we are steps away from the fully immersive per-person verified identity and 24-7 observation of what everything, everyone read, writes, says, and does. Exactly as the 'foil hats' have been telling them would happen if they didn't speak up sooner.
Tough cookies, we all get exactly what we deserve for letting it get this far out of hand. It's no use crying over spilt milk.
- how do you know that it doesnt cut down crimes or deter criminals or make identifying criminals easier?
- no seriously think of me as the stupidest person on the planet and explain to me why everyone is super duper paranoid about surveillance
- what other methods do you recommend for tracking , catching criminals, terrorists and anti social elements?
Orwell identified the genetic defect in the British genome 80 years ago.
And if you saw these media posts, I'm sure you'd agree with those arrests in majority of the cases.
>>It’s also a crime in the UK to offend someone.
Is that what American "news" tell you? Because it's absolutely not true.
I find they way that Peter Kyle and Jess Philips have dismissed privacy concerns about online surveillance particularly condescending.
Come the next general election they are going to be paid back for this.
(Oh, and I appreciate Signal speaking up and have just donated to them again for doing so).
Notice the same people will also talk during the daytime about morals and equality, while then conducting genocide in the evening.
It's also technically incoherent: the exact same kind of "surveillance" is already applied by every single phone, because that's how the Photos app (or whatever it's called on Android) searches for cat pictures based on the text "cat". I can't recall any Signal statements about cat recognition technology leading to "reporting people to government authorities".
The "cover-ups" link right in the beginning is a real mask-off moment though. This is not a measured statement informed by the reality of modern Britain. It's an American view informed by the twitter cesspool and divisive rhetoric of the far right. It's a real shame to see Signal falling so low.
[1]: https://signal.org/blog/private-contact-discovery/
[2]: https://signal.org/blog/secure-value-recovery/
Are you suggesting that the automatic scanning of photos on a phone (which has led to wrongful arrests[1]) is not surveillance?
[1]: https://www.eff.org/deeplinks/2022/08/googles-scans-private-...
First of all, age verification is not mass surveillance, it is possible to verify your age without disclosing who you are to the site you're visiting, and without disclosing what site you visited to the government. There are even age verification services (and I do despise them fully, this should be a government provided service!) that use only facial features to determine your age (you can call it surveillance, but not "mass").
See, the thing is, no matter how good your intent is, no matter how noble your cause, if you use lies and half-truths to further your argument or resist change, it only serves to undermine it all. For example "They do not deserve surveillance," is so disingenuous, if a site is required to verify age, the only children whose age might be verified are those who might have been exposed to that harmful content otherwise anyways, they're not being selected for surveillance, no one is trying to spy on children (or could possibly benefit from doing so using this method, since it is so unreliable), but they're framing it as it is so.
This isn't like "DRM" or "the nsa is spying on everyone", and there is a big difference between Signal (how are they involved in all this? is this just opportunistic politicking?) being required to verify peer-to-peer messaging from a porn site or or a live-cam site for sex workers requiring both parties to be age verified (where children do get trafficked!!).
Don't get me wrong, I don't like the idea, i really hate it but the prevailing positions in areas of the internet like here is so irrational and unreasonable.
You can't flash your private parts at children, you can't take children to a strip club, they're required by law to check IDs (even night clubs are!!). if that same interaction happens on the internet, suddenly no age verification is needed?
Is it because this problem has been left unaddressed for so long that so many are just too used to "the old way of doing things" despite the ever increasing human suffering caused by lack of regulations and laws like this?
I hope legislators grow a pair and stand up to these tech-crusaders who will burn down the world so long as they feel their corner is safe and secure.
Shame on everyone who refuses to have a nuanced discussion on this and instead takes an all-or-nothing position against any sort of legislature that would reduce (not eliminate) the harm being done. To mean, such people are no different than catholics, teachers, administrators, and anyone else in a position to do something about harm against children but turned the other way because their little world would be too shaken otherwise. Hiding behind "mah privacy!!" doesn't absolve you of the responsibility to at least attempt to be nuanced about it, at least propose an actual solution instead of just "I don't what the solution is, but not this" or "parents are at fault, I don't care" or something lazy like that. I wish I didn't know that when it comes to their own interests, wannabe technocrats like these are ingenious in developing tech like homomorphic encryption, differential privacy and zero-knowledge-proofs; this isn't about anyone's privacy or mass surveillance, it's about preservation of the status quo, apathy and faulty slippery-slope fallacy thinking.
I can't believe people are really okay with a system where you have to show your real face to access websites. Cameras on phones went from a novelty to a government mandate so you can be observed.
There are various other potential methods to verify one's age, all of which are forbidden by OFCOM. Account age, zero-knowledge proofs, key signing, some kind of OAuth thing, physical tokens that require proof of age to buy, etc. The only permitted ones require your to link your real-life identity. This is a huge boon to the intelligence services and law enforcement.
Even among the few permitted verification methods, there are obstacles. Each site usually provides only one verification method at one verification provider. You may have to trust a company you never heard of before. Sometimes the photo fails (maybe their system thinks you don't look old enough) and they ask for ID too, or the photo fails and you are locked out of verification. Some services only allow credit card verification (e.g. Steam), so if you have poor credit you aren't able to even view the store page despite being of age.
What I say is, we don't need any of this. For thirty or so years we had client-side optional Parental Controls, and it worked fine. Many adult sites voluntarily use a <meta name="rating"> tag to ensure sites are correctly identified. The ability of adults to access adult content was not impeded. Parental Controls work better than verification because 1) many sites will not deploy age verification, and 2) it's trivial to overcome photo-based ID by holding your device up to a picture of an adult on a television set.
This is just not true. See 4.17 here, for example [1]
[1] https://www.ofcom.org.uk/siteassets/resources/documents/cons...
Then let's talk about THAT!! why is that not the discussion instead of "nah, we'll find a solution some other day, for now, let's not solve anything"??
> Even among the few permitted verification methods,
These laws are still being debated, what's permitted has not been decided, why is Signal not advocating for a privacy friendly alternative. Why are our options lose all privacy to the most horrible people ever who will do us harm versus let the children suffer!
> You may have to trust a company you never heard of before.
Why do I have to? Why can't the government itself issue something as simple as a timestamp CA certificate signature for a secret that expires every few weeks, requiring facial/ID verification directly with the government to generate a new secret? the site only needs to verify that the signature is correct. a signed token you show random sites. and this is the most naive idea i brought up for discussion without things like zkp even considered. Lawmakers aren't being told by the likes of Signal "there is a better way to do this, let's discuss" they're being told "ignore what all the scientists, research, law enforcement, social workers are telling you so we can watch porn in secret".
> For thirty or so years we had client-side optional Parental Controls, and it worked fine.
It absolutley did not work fine! the toll of human suffering is inexcusably abominable! I shudder in confusion between whose head i should rip off or why this damn planet hasn't been burned down to ashes already at the very thought of all that has been perpetrated using this technology. The internet multiplied and empowered many things, chief amongst them is human cruelty and apathy.
> For thirty or so years we had client-side optional Parental Controls, and it worked fine....
Save your breath, even amongst those who genuinely wish to do well, they have employees and user generated content they can't keep up with. There is no excuse for this. Forget about the tiny span in human history that is the past 30 years. How many people died of industrial accident at the begining of the industrial revolution, how many people died because of car accidents before all the car safety and traffic laws were in place. Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet. Just because you don't see it, doesn't mean it doesn't happen. The internet isn't special, it's just a tool, a technology that connects people. Except billions are connected, and now they can abuse and harm each other across national borders , timezones and continents and maximize their profit from it.
HN and tech-world in general is like any other industry that caused massive suffering until it was regulated. I keep making the same simple comparison of a stripper IRL vs live cam porn over the internet, and no one in this thread even wants to attack that simple example that I picked because it isn't overly sensationalized and universally accepted that laws should force strip clubs to check IDs in any country on the planet. I didn't bring up pedos, human trafficking, revenge porn and so much more in between. and that's just the sexual dramatic stuff, not the seemingly harmless stuff that is easier to brush away and dismiss.
People can see your face and make decisions when they interact with you IRL, they can't over the internet. The problem is huge and the fact that the internet has been young and unregulated does not excuse looking the other way.
I can't believe I'm defending politicians' (however ill intended) agendas against HN/tech-world. but here we are. If things progress this route, I would even cheer as everyone (self included) loses any semblance of privacy or democracy because the alternative was these masses keeping looking the other way at human suffering instead of finding sensible middle grounds, especially when the tech is there. This is insane to me! things crypto-bros (both kind!) have been trying to make main stream like zkp and homomorphic encryption and so much more can actually solve a critical fault of the internet, and the choice is to just let people suffer instead of risking a potential slipper slope.
Bare in mind we aren't banning the internet, just kids on social media.
> Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet
A billion people have died from.... the internet? Youve GOT to explain this one lol how exactly?
Man you're just reaching at this point... Should we ban telephones, and written correspondence also? You're hysterical
The problem with this whole thing is the expectation of privacy online for interactions where their IRL equivalents don't have such an expectation. Even if there was no harm being done to anyone, it isn't a rational argument if you subscribe to the ideal of equal treatment under the law.
Of all the topics I’ve had to work with in my career, this one has caused me by far the most frustration. I like to think the hacker community is generally scientifically-minded and open to rational debate, but online discussion of this subject uniquely tends to cause people to hunker down, refuse to engage productively, and resort to name-calling. This might feel righteous, but ultimately leads to own-goals from us.
Firstly, to make one thing clear, it’s _absolutely_ possible to do age verification in a privacy-preserving manner. A technology called Privacy Pass exists that separates the roles in the age-verification question. This would make it possible to have a solution where the government can attest to your age without knowing what website you’re trying to visit (e.g. pornography, or an online casino, or just purchasing alcohol online). This is just a matter of fact. I’d recommend reading RFC 9576 for more details on the separation of roles here, it’s a really nice protocol.
There seems to be some misconception that privacy-preserving solutions for age verification aren’t permitted under various legislations. I don’t know where this comes from, but certainly Ofcom _mandates_ the minimisation of unnecessary data collection. This doesn’t mean that suboptimal technologies aren’t in use, but there’s certainly nothing precluding the use of fully privacy-preserving solutions.
We should be pushing for privacy-preserving age verification. It’s easy and convenient to say it’s the job of parents, and label anyone who doesn’t use parental controls as a bad parent, but at the end of the day, a government’s job is to look after its citizens regardless of whether they have good parents. If instead of engaging productively we stonewall the topic based on a vaguely-directed-but-intense distrust of Government, then governments will implement it anyway, and the solutions will be bad. We know this is the case, because it already happens.
I participated in a very productive workshop last year with representatives from government as well as various privacy-conscious companies, including Mozilla. I was pleasantly surprised at how productive we could be when we all worked together on this. We all walked away with a much better understanding of some of the problems, some of the nuances involved, and some possible paths forward.
Also looking to get involved with the meshtastic project.
That's why you can't block youtube ads with DNS, only with a browser-level adblocker because the browser adblocker is able to block the specific paths.
You can view the full encrypted traffic with something like mitmproxy, but there's ways apps can detect or prevent it.
Palpable irony present when a chat provider whom requires personally identifiable information to use their service complains about privacy...
"Yet you participate in society. Curious!"
https://thenib.com/mister-gotcha/
> It's obvious why we might prefer to substitute voting or shopping for politics: they're activities you do alone. You don't have to find anyone else to do them with you. [...] Individual consumption choices don't change the world, but if you've been convinced that the only way to change the world is by voting with your wallet then when the world stays terrible, you can only conclude that your friends and neighbors have ruined by things by voting (shopping) wrong. [... and] every political disappointment in your life is down to your friends' personal defects.
[0] https://pluralistic.net/2026/05/21/purity-culture/
There are already phones with an anti-nudity feature as a parental control option, but the key there is that it's optional. The major pivot with age verification is that all devices treat all users as a child until they identify themselves with a third party. This allows a rhetorical paradox that the controls are only for children, when they apply to adults too by default.