Here is just one solution that helps parents, and respects everyone's privacy:
Zero knowledge proofs.
Allow any organization that already legitimately verifies ages (i.e. credit card company, driver's license issuer, ...) to provide a cryptographic key to their clients, that they can use to anonymously verifiably assert they are 18+ to any adult sites they visit.
This solution (1) gives sites no user information except 18+ verification, and (2) gives key providers no information about sites clients visit.
This is what zero knowledge proofs are for.
Everyone wins:
• Parents jobs get easier.
• Children are less likely to encounter adult material.
• Everyone's privacy is protected.
• Adult sites can verify 18+ ages, without driving users away.
Not solving/mitigating endemic child access to adult sites is (1) a great disservice to parents and children, and (2) makes the success of draconian surveillance legislation MORE likely.
(If you have a critique of this solution, please frame it as an issue to resolve, not a categorical swipe at crafting solutions. The cynical prevalence of the latter is so damaging to these debates.)
Reality check: Children have many and useful opportunities to use devices in all kinds of situations away from parents.
Useful situations. On devices parents don't control.
Expecting parents to follow their children around 24/7, in case they access some adult site from a public or friend's device they don't control is beyond ridiculous.
Privacy protecting, anonymous validation of 18+ status solves the problem, in a way that doesn't require unrealistic "parenting" behavior, protects everyone's privacy, and is even helpful to responsible adult sites.
Condescendingly telling parents to "parent" in a way that is virtually impossible, instead of helping, is just rolling out the red carpet for alternate non-anonymous age verification legislation.
Zero knowledge tech, like end-to-end encryption, protects privacy.
Children will always be able to use devices or accounts borrowed or bought from adults, regardless of how the initial verification is carried out. Not to mention that the verification key / token / device might also be borrowed or when copied or transferred, depending on how it's implemented.
I think a device level setting is actually quite pragmatic.
I am having trouble understanding how anyone is unaware that children have pervasive and useful access to devices outside of their parent's sphere on a daily basis.
Or why anyone would discourage use of cryptographically hard privacy protecting solutions.
This is the perfect opportunity to take zero knowledge proofs mainstream, like end-to-end encryption, as a solution for myriads of current privacy leaking services and infrastructure.
The alternative to cryptographically protected privacy, is sites increasingly collecting people's identifiable information and associating their identities with access/behavior logs. Information that can never be assumed to stay private.
Let’s start with friend’s devices. Children have lots of devices and lots of friends.
Friend’s phones, home computers and devices of other family members.
Unattended PCs and laptops at school. According to a music teacher who has literally had to clean her work computer after it was used for erotic viewing by students when the music room in a temp building wasn’t otherwise in use.
Web browsers on game consoles, e-readers, VR headsets, smart TVs, tablets, …
Now throw in constant device turnover, software updates, including settings panel changes, and settings values that get reverted, across the board.
I am not sure why you wanted my opinion. That’s less of an opinion and more of a list of what counts as ordinary for the last decade or so.
So if we secure personal devices of children, with simple, standardized "child-owned" marker, we're basically back to 80s/90s, where children could occasionally get access to adult material via friends or irresponsible adults.
In my opinion that's more than enough, especially when you compare it to requiring everyone to identify themselves. It may be ZPK on the tin, but likely it will be close-source, corporation owned implementation, which will have holes. Then in a few years we will learn that Meta exploited them for years to sell your soul for ad money.
Btw - students occasionally steal teacher's cars. Should we block engine start with ID check too?
> In my opinion that's more than enough, especially when you compare it to requiring everyone to identify themselves.
The solution I proposed was the opposite of people identifying themselves.
Zero knowledge proofs. Enabling trusted verification without revealing identity is exactly what cryptographers designed them for.
We should be using them everywhere. Like end-to-end encryption they provide massive privacy, security, and trust (I.e. ability to verify intended disclosure) improvements.
Or we can complain about parents, the ones who care enough to ask for better help, while legislatures keep passing identity revealing anti-privacy rules. That seems to be the direction many are taking here. Complain, condescendingly, don’t solve anything. Repeat.
I have a categorical swipe to make, sadly this is a human problem, and attempts to solve it using technology are doomed to fail or to be increasingly complex and require endless modifications.
Your solution sounds good and should work fine, and be easy to implement, which is perfect! But people will soon wonder what all the elderly people that are living in retirement homes without internet access are doing on porn sites watching mostly the overwatch and fortnite cosplay themed videos...
I am having trouble understanding how that is a swipe.
If you are pointing out that the technical solution I proposed isn't perfect, that children may steal their older family members identities, I agree.
As noted, imperfection is a common, unhelpful argument, against improvement. However, identifying imperfections is constructive, if the point is to continue to solve problems. (Kids stealing identities isn't great for many reasons.)
I can't prove that there are no technical solutions to this kind of problems, but it certainly feels like so (to me).
It's like electronic voting, you can have the best cryptography hardware and software in the world, if the end user does not understand at least on a surface level how it works, it will be vulnerable against manipulation. You can certainly keep the same system and educate all users, but that's a whole other class of problem.
Well we can build out privacy preserving standards, with cryptography that already exists. (You can go to Wikipedia or many other places to verify for yourself what kinds of things cryptography can do.)
Or we can continue to have our identities and activities logged by more and more actors. And our online and even offline experiences “personalized” for us for ends that are not friendly. Now add AI, which is only in its early stages, actively participating in our surveillance and manipulation.
Privacy holes are serious security holes.
Ironic or not, zero knowledge proofs allow people to volunteer exactly the information needed for an interaction and no more.
Isn’t that the ideal? Maximize both freedom and trust? With existing tech.
Flip the parental concern upside down. Let’s take the side of genuinely responsible adult sites. Isn’t their ideal to be able to verify that visitors are adults, without surveiling them? Avoiding becoming a resource and target for other actors? A target for lawsuits if they are hacked or leak information.
Lots of adult sites are already unhappy for being put in that role in a growing number of regions.
But as design criteria go, that is certainly a sensible one to include.
Just a random first idea, the key effectively auto updates, I.e it’s a time varying key chain. I can think of several ways to do that, so the time varying nature can’t be replicated by someone else without the same originating account. But couldn’t say if any were good or not. It is something to design carefully, as all cryptographic systems need to be.
Other criteria would be easy revocation by the original key holder. Keys that are created from any multiple number of independent accounts, blind to each other, that the key recipient chooses.
Here is just one solution that helps parents, and respects everyone's privacy:
Allow any organization that already legitimately verifies ages (i.e. credit card company, driver's license issuer, ...) to provide a cryptographic key to their clients, that they can use to anonymously verifiably assert they are 18+ to any adult sites they visit.This solution (1) gives sites no user information except 18+ verification, and (2) gives key providers no information about sites clients visit.
Everyone wins:• Parents jobs get easier.
• Children are less likely to encounter adult material.
• Everyone's privacy is protected.
• Adult sites can verify 18+ ages, without driving users away.
Not solving/mitigating endemic child access to adult sites is (1) a great disservice to parents and children, and (2) makes the success of draconian surveillance legislation MORE likely.
(If you have a critique of this solution, please frame it as an issue to resolve, not a categorical swipe at crafting solutions. The cynical prevalence of the latter is so damaging to these debates.)