As far as I can tell, adolescent exposure to porn has proved as meaningless as adolescent exposure to violent video games.
It dawned on me the other day that millennial men, being the first generation with access to seemingly unlimited amounts of porn from a young age, are not a bunch of sexually deranged rapists. In the same way we aren't a generation of murderers despite growing up on golden eye and counter strike.
You probably don't want your kids looking at porn, but I also think it's miles (kilometers?) from the point where we want a surveillance state in order to stop it.
> millennial men, being the first generation with access to seemingly unlimited amounts of porn from a young age, are not a bunch of sexually deranged rapist
It's caused the complete opposite, they aren't having sex at all.
True, but the causal link is hard to demonstrate. There's also a drop in friends, especially close friends. In-person social activity is down across the board.
Not that porn definitely isn't a factor, but I'm pretty certain there's larger factors at play.
If porn is involved in that equation, it's not the primary or fundamental driver.
I'd argue inflammatory foods that have a depressant effect on the nervous system, especially damaging during development stages, along with where mainstream culture is directing people - along with government policy heavily captured by industrial complexes and bad actors (domestic and foreign) in general, will be the leading causes.
If we simply look at the shallow metric of "not having sex" vs. studying to see what's different between those who are and aren't having sex, aren't having children - that's not going to be very fruitful except for people to simply conclude "be attractive; don't be ugly;" attraction is far deeper than the skin, however in part I believe that the inflammatory-depressant state I mentioned is likely to block to a small or large degree, a person's stimulation and excitement from deeper signals and processes that would otherwise 1) make more people attractive to them, as a stronger signal overall - which will be motivating on its own, and 2) also provide nuance to help with targeting to have the nuanced signals to know-learn more accurately who you're actually most attracted to - from more breadth and depth, where you could argue it allows a person's intuition to flourish; rather than be stunted by inflammation, or past unprocessed/unhealed trauma causing people to avoid, etc.
Sperm counts are going down for the better part of a century, and people are having less sex. Obviously coincendal and cannot related to each other in the least...
In jest I'd say it's caused not by porn but by Counter Strike.
Realistically I see much more issues with decay of Third Places (social meeting spaces) & decay of local society in general. But rather than have no culture & be bored, we have incredibly engaging interactive media to go engage in: CounterStrike or TikTok or whatever else.
I don't think these things are per se to blame. Cost of living being what it is, lots of people can't afford to go out to bars & clubs, one of the most traditional gathering spots for people. It's unclear what a lot of folks would change, what else they'd do, if the IT/media link they rely.
on so heavily were to shut off.
To be fair, the citations don't pass the sniff test. The very first citation contradicts statements in the article. Check the summary for it:
> Risky sexual behaviors were not associated with online pornography exposure in any of the groups, except that males who were exposed (deliberately or not) had higher odds of not having used a condom at last intercourse. Bi/homosexual orientation and Internet use parameters were not associated either. Additionally, males in the wanted exposure group were more likely to be sensation-seekers. On the other hand, exposed girls were more likely to be students, higher sensation-seekers, early maturers, and to have a highly educated father. We conclude that pornography exposure is not associated with risky sexual behaviors and that the willingness of exposure does not seem to have an impact on risky sexual behaviors among adolescents.
It was claimed: "However, early exposure to pornography and unregulated/excess exposure to pornography during the formative years of adolescence has been seen to have various long-term deleterious effects on sexual maturation, sexual behavior, Internet addiction, and overall personality development."
Notice that it said:
1. Early exposure
2. Unregulated
3. Long-term
4. May affect Behavior and/or internet addiction and/or overall personality development
Your citation meanwhile disproves one situation for specifically causing one of possible outcomes.
No it's actually worse imo. They used that citation to justify this statement:
> Studies have noted that early intentionally exposure to pornography use in children and adolescents can lead to delinquent behavior, high-risk sexual behavior, and substance use.
Except the citation says the literal opposite. Worse, the "link" to substance abuse sounds an awful lot like the articles suggestion that the male group that wanted porn were typically "sensation seekers", but that doesn't imply causation at all! I don't have access to the full paper to see if there's anything that remotely supports the article's claims, but this is a solid sniff test fail.
Because the citations fail the sniff test so badly and trivially, IMO the article, a clear call to action, has to be called into question.
It's bad enough that I wonder if the link to the article ought to be flagged on HN: if it were a submission, it would definitely be flagged and removed.
P.S.: In my opinion, the person calling out the lack of statistics is also completely correct. It's one thing to claim all of this stuff is true, but if it can't be quantified, how are we supposed to balance the actions we take against the severity of the problem? What if it's close to line noise?
I have a lot of skepticism because the rise of the Internet was a global phenomena. I'm not even sure Internet pornography is even at its peak anymore, but during the rise to prominence you'd be hard-pressed to find a correlation of any kind with an increase in, say, sexual assault, because that just continued to fall sharply with the rise of the Internet. If there is some effect, it's certainly not very obvious.
However, it did plenty of damage. Completely unrealistic dating expectations to the point where nobody dates anyone; women getting treated violently during sex ("what do you mean asphyxiation isn't normal?"), far greater experimentation with potentially dangerous behavior (anal sex), increased tension between the genders (hard to look at a man knowing he's looked at hundreds of you), etc. STD rates have also increased - syphilis has increased 80% in just 5 years. It is also a scientific fact that heavy porn use is correlated with depression, and depression rates among the youth have (to put it mildly) exploded, especially among young women (obviously other factors are contributing).
B. It's terrible for mental health and relationships.
C. Anything that is terrible for mental health, or relationships, is fair game for regulation on that basis alone when it affects children (alcohol, drugs, etc.)
Not really, we are just coming out of an unusually boring period in human sexual history. Ancient civilisations seemed to manage to be plenty deviant without any porn.
The sunset of Christianity's influence in the west has just as much to do with it.
> The sunset of Christianity's influence in the west has just as much to do with it.
What a common lark, and yet completely false.
Look at China - pornography is illegal. Guess what the firewall is also censoring. They are a completely atheist government by policy.
Look at India - pornography is illegal to distribute, and even though it is legal to privately consume, violent pornography is just as illegal as child pornography for private consumption. They are also not a Christian society.
Look at any Islamic country - be it Iran, Saudi Arabia, Afghanistan, etc. You'll be lucky to save your head if you get caught publicly using it. (Of course, privately, there's a lot of users - but that's useful for blackmail.)
Look at Japan - pornography is legal, but all genitalia must be censored or blurred.
Look at most of Africa - pornography is illegal and heavily restricted, despite their Christian status being tentative at best.
Ironically, post-Christian countries are the only countries where this stuff is legal and unregulated as it is. Believe me as well, as Islam gets stronger in this country, you might be surprised where the strongest opposition starts coming from.
This argument is somewhat undermined by the inclusion of Japan, a country well known for just how debased its
porn is.
Laws are not a good proxy for culture. Culture is only one of the inputs into a country’s laws. Frequently the people who make the laws are not the same as the people who have to follow them.
As for Islam, Christianity and Islam are closely related, both being Abrahamic religions. I don’t think a distinction is meaningful in this context because both the Bible and the Quran include same story of Sodom and Gomorrah, so their sexual morality comes from exactly the same Abrahamic tradition.
Biometrics for age verification sounds awful.
Really the problems with any sort of age verification system that uses your real name and ID are leaks, identity theft, and advertising. Imagine your unique ad id is your actual info. Or a leak and your name is tied to pornhub, looking at all the army guys who got exposed on Ashley Madison.
One of the things I wish we could start bringing into the public domain are zero-knowledge proofs for biometric data. Basically it'd enable the situation where the person being ID'd gives permission to a third party to know whether they're over 18 or not, and the entity requiring ID gets a yes/no without ever knowing the actual age or identity of the person.
No solution can be perfect, there will always be ways around things like that. DRM was supposed to stop piracy but it had the opposite effect. You can argue implementation problems all day along but that's exactly ALWAYS the issue.
It's not about restricting access to porn. That's just the easiest way to get their foot in the door. It's a group funded by a tech mogul lobbying the government to legislate the use of age verification technology. I would bet my life savings the people behind the lobbying group(s) stand to benefit financially.
I guarantee you the goal is to collect as much identity information as possible and that's going to include getting parents to "enrol" their kids in the system. The carrot will be lower friction to access online services and the average person won't understand that someone lobbied to create the friction so they could sell the solution back to us.
Ultimately the goal is probably to create government authorized identity providers, maybe even just one, and they'll make tons of money from it. It might end up being "free" for people, but only because it'll be funded by taxes. If they succeed, we'll likely end up with a private company doing identity verification for government service just like the USA and id.me.
And we also get to pay the price of making the internet more dangerous for kids. The thing these lawmakers don't realize is the insane value children place on their online accounts. Once you limit them to a single account, because it's tied to a real world identity, they'll be terrified of getting banned and losing their account.
That might sound like a good idea in the context of fostering healthy online participation in games, etc., but the reality is that kids are gullible and it'll open them up to exploitation by bad actors. Kids will be getting phishing notifications telling them their account has been flagged for illegal activity and they need to pay a fine to unlock it. They'll go to some shady website and type in their VISA debit card number, which is enabled by default on most kids' bank accounts, and get their bank account cleaned out.
Remember, if you lose your account, you can't get another one, so you better pay the fine, right? And what kids are going to go ask their parents for help if they're being accused of bad behavior? None of them.
The core of the problem is that by tying online accounts to real world identities you make those accounts so valuable that people will act irrationally when threatened with the loss of an account. It's not just kids either, but kids will be the most vulnerable to exploitation.
Our politicians are a bunch of low IQ suckers that are getting played by rich tech bros that don't care if they make everything worse as long as they making money.
I remember having some sort of parent lock on my laptop I got when I was 11. Was the most annoying thing ever. Stopped me from seeing all sorts of totally useful information so I just hacked around it entirely. Instinctively not very on board with too much internet helicopter parenting.
Reminds me of how I couldn't even innocently search for information about reproduction in plants in a country with an overly broad internet filter, because the results would have the word "sex" in them at some point. So I had to get good at coming up with indirect searches to get around the filter.
Whenever this comes up, the focus is on simply opposing the idea. I think perhaps devoting energy to solutions that can address both the concern of safety and privacy is also worth considering.
The internet is going to be a fundamental part of human life I would argue indefinitely. The need for robust information verification is not something we're going to be able to do without.
The question is, would solutions end up being effective ones or ones that "work" but create all sorts of other problems? The worse outcome in my view would be that we all end up being required to use big tech companies as gate keepers for our digital lives.
Now for my pitch :). Cryptographic certificates are a solution option that CAN bridge this gap.
Respectfully, you are making the error of assuming it is a technical problem when it is a political one.
The problem the government have is the masses trust those bad people over there more than our trusted and approved government experts over here, and they think this is a communication problem and not a problem of substance.
I would agree that technical measures for trust are necessary, but the gov should not be allowed to be the arbiter of who gets to trust who - that is a fundamental freedom that must be left to individuals.
>Whenever this comes up, the focus is on simply opposing the idea.
Well, because the idea is fundamentally unsound. Nobody can keep such a database secure, and certainly not the Canadian government, champions of ineptitude that they are.
It doesn't require maintaining a database. The certificates can be in a registry but also can be on your device without being in a registry. In any case, the security is not associated with a database or anything of the sort.
Yes if you lose your keys you do have to get new certificates and if possible revoke the lost keys. Revoking certificates will require either a revocation code that is issued when you get the certificate or you can use a copy of your private key to issue a revocation request.
If you don't have a revocation code or a private key for the cert you wish to revoke, it will require administrative access to the certificate registry to mark the cert as revoked. That feature is currently built into the platform but not something accessible because of the obvious challenges.
Your private keys are only known to you, certificate revocation is just an annotation that says to someone who receives a signature associated with that certificate to not trust the certificate.
All private keys are generated and stored only on your device.
Okay so we've established there must be a central registry, since it's a certainty that somebody's 65 year old mom will lose her phone and her certs and keys with it.
How does your system protect against attackers claiming to be my mom?
> Whenever this comes up, the focus is on simply opposing the idea
What are you saying? We have been proposing solutions since immemorial times. If it's bad for the kids to have access, why it is not bad for the adults? If you can answer that question the solution should be evident.
> Whenever this comes up, the focus is on simply opposing the idea. I think perhaps devoting energy to solutions that can address both the concern of safety and privacy is also worth considering.
This implies you have to be concerned about safety. But I don't believe seeing anything [they would voluntarily watch] on a computer screen can inflict serious harm to anybody, no matter the age. I advocate for universal (without exclusion of any age group) right for anonymous access to whatever information already is publicly available.
> But I don't believe seeing anything [they would voluntarily watch] on a computer screen can inflict serious harm to anybody, no matter the age.
You can believe whatever you want but a whole lot of people including me do believe watching shit, voluntarily or otherwise, harms you. Plenty of evidence for it.
I actually do believe everything does harm you in at least some minuscule degree (even things that help you in a way or many, harm you in another). Even breathing does. Yet the degree of harm is not substantial enough to justify prohibition and all the downsides coming from trying to enforce it.
Being a generally normal person I also feel I wish kids see no porn yet as soon as I direct my attention to this feeling and question it I recognize it has no rational reason whatsoever, it's just as subjective as a preference can be. Banning a specific kind of content would be as reasonable as banning a food I personally don't find tasty, even if the majority feels the same - should we waste everyone's effort and sacrifice everyone's rights in such a case?
I seriously doubt seeing porn before 18 (which, by the way, is and will always be inevitable, no matter how hard we try, every interested teenager will find a way) these things сan cause any of these. And even if it could, lack of interest in real world sexuality sounds almost as great as lack of need to eat: a whole new world of possibility, autonomy, spare time and other resources instead of depending to another thing the world can use as a button to subdue you and drag you into wasteful consumption and playing unnecessary non-ergodic gambles people in sober state of mind would prefer to avoid.
What about the zombie state of mind of when you have the urge to visit a bathroom to empty your overwhelmed colon/bladder? Isn't it way more sane to just do it and forget it than to walk around obsessed with such urge for hours and days requiring others to participate in the process?
There's a "rule of a thumb" I learnt as an adolescent: as soon as you feel attracted to somebody - jerk off and cool down so you become way more sober and do less stupid things. In particular - always jerk off before going to a date: if you still feel interested - this has a chance of being a meaningful relationship, otherwise this was just a stupid hormone play. And I never really needed porn to implement this, imagination was enough.
How is anyone else going to know that the public key I hand them belongs to a person that satisfies whatever requirement they are checking? For example, if someone wants to verify my age, how do they know the public key I hand them belongs to a person that meets the age requirement?
Some third party is going to have to verify that that's true. Which means some third party is going to have to have access to my private data, to verify that my public key belongs to a person whose private data meets whatever requirements are being asked about. That third party will end up being a big tech company.
Your example about CAs is not relevant because CAs only need to verify that someone has control of a particular web endpoint. They don't need to verify the private information of whoever that person is. So the information they need is much less intrusive than the information a third party who is going to attest that public keys belong to people meeting things like age requirements would need to have. Yes, once a third party has attested to your age certificate, they aren't involved with how you use it--but that third party has to have a lot more private information about you to be able to make that attestation, than CAs currently have about website operators.
Do note that the reference here to CA is a conceptual reference, in other words it refers to a trusted entity who can verify certain bits of information (like your age or identity) then issue certificates for it, "trust anchor" is the lingo Certisfy uses for CAs.
Hostnames are what TLS certificate CAs such as DigiCert verify ownership of then issue certificates for; the same concept can be applied to any kind of information, including private information.
For instance a state DMV could choose to be a Certisfy "trust anchor"/CA and issue you a cryptographic certificate for your driver's license to be used for IRL identity anchoring.
So no, a "trust anchor"/CA need not be a big tech company, in fact if such a concept is deployed at scale a large class of entities can/should play the role of "CA", including people doing it as part of a business service.
There is zero chance that a legally mandated certificate scheme won't require centrally-managed certificates to prevent the underage from loading illegally shared keys onto their devices.
Certificates are not things that are centrally managed.
If you get a certificate from a CA (DigiCert, AWS,Google...etc), they hand you the certificate after necessary verification but otherwise have nothing to do with how you use (TLS traffic) it.
The same with something like age verification. Once you have a certificate that attests to your age (as of certificate issue date), the issuer has nothing to do with how you use it, the receiver of signatures generated from that certificate (via private key) can verify it without any interaction with issuer.
As for misuse, that's certainly a concern but it can be addressed via the issuing process. Certisfy does address this issue.
A fundamental requirement for making a certificate scheme work is that certificates are anchored to IRL identity via identity anchor certificates in a privacy preserving manner. You can read up on the approach here: https://cipheredtrust.com/doc/#pki-id-anchoring
> Certificates are not things that are centrally managed.
Of course they can be. That they aren't _necessarily_ centrally managed is a neat fact about the math, but has little bearing on what sort of system the political process will end up endorsing, and _that_ is what I'm saying has no chance of not being centrally managed.
The government will end up requiring that only Trusted Parties be permitted to handle loading the key material into Approved Devices, and that parties requiring age verification only permit use with Approved Devices. Mark my words, this is how it will hit the streets, if it ever does.
Did you just forget that CAs exist? They are centralized. You always have to trust SOMEONE. Even if it's the person that wrote the CA software being used, or the supply chain that provided the software to a vendor, or or or. See what I mean?
The CAs being centralized is not a problem. They do the verification and issue the certificate. The privacy concern stems from using the certificate and CAs are not involved in that process.
Yes you do have to trust someone and the CA is the trusted entity for doing the verification, but once they do the verification and in effect encode that verification onto a certificate, their role is done.
Meh, while I think he has some misunderstandings about the role of CA's, I'm not sure you're doing any better: you can certainly use certificates in a decentralized manner; I use them every day for ssh. No third parties are involved at all.
But decentralized CAs for identity verification still have the same problem, you have to trust someone. They said zero-trust, which I don't think is possible.
Except that being on a phone I can't scan a QR code being displayed on the same device.
But basically you're saying that I need a QR code for each site I'm using? That's not obvious from reading the blog post. And still doesn't address that someone else could use the same code on the same site?
Also I don't think I understand what "the secrecy of your social insurance number/credit card doesn't matter as long as nobody else can generate a certificate for it" means. Is that assuming everyone only accepts certificates and not the raw information anymore?
I'm sure fraudsters would happily take credit card numbers even without being able to generate certificates.
Yes a fraudster will happily take a stolen card but it will be of no use to them if they try to use it via Stripe for instance to post a charge but Stripe requires a cryptographic signature for a certificate for the card :)
So sure the card processor has to require the signatures to make it effective. In other words the secrecy of the card number becomes irrelevant if it requires a certificate signature before it can be used, only the owner of the card has the private key on their device to generate the signature. Secrecy is still useful for privacy.
Thanks for the explanation, still for my own sanity I hope this is not the digital future.
Also still doesn't address that if a minor needs an age proof for xyz.com they couldn't use mine. Whereas at least a photo ID in the real world would require some similar looks.
The reason it comes up is because it's the proverbial wolf in sheep's clothing. Conservatives have an agenda to remote porn from the internet at all costs. They also want to kill anonymity on the internet and if you frame it properly then you can push through their agenda.
Between canada and the eu, they're taking away small slices of free internet at a time.. Let's not forget that the wild west internet is why all of us are here..
If it's not a zero knowledge system, it's a bad system. I know i will trigger the ancaps here, but this is typically a case where the government has to be on it, and _has_ to be great.
Like a secret, digital ID that will allow you to generate a code easily (with both an app for the ease of access, and a website where you just have to input your ID and a validation code that change every X years and that you receive with your voter ID or something).
This code is an auth token to an API that will just respond "OK" if the token is a valid token, but should have no idea who issued it.
The advantage is that if you extends it to be send before an online purchase, or to be send SM to limit some features before like, 16 yo, you can make it so that even if the government lies and tries to identify who generated the auth token, if multiple private companies use a third party SaaS to handle it, the government can't know why the token was used.
Sure let’s start with age verification and get the infra and social expectation in place for blacklists on *any* parameter they choose (for the sake of “safety”, of course).
While it's true that there's a correlation between age and maturity in childhood and adolescence, there's also some variability. Nevertheless, the law typically treats age as a proxy for maturity, because it's an objective, easily verifiable trait. If that disadvantages certain children and teens who are mature beyond their physical age, society is mostly OK with that drawback.
Yet over the past several decades, we've seen a change in society attitudes about another personal attribute, sex, which was previously treated as an objective characteristic but is now largely (both socially and in the law) treated as a subjective characteristic, meaning the only way to determine whether someone is male or female is through their own assertion.
I am curious whether we will see a similar shift in attitude toward age. The idea that "age is just a number" and "you're only as old as you feel" has been around forever, but I'd be interested to see if the law codifies that somehow.
What do you think the odds are that someone will give you a state token attesting to you being 18+ and that the issuer won't keep a "paper trail" back to your identity so they can prove they did their due diligence?
I'll give you a hint. It's 0%.
The recurring theme in all these systems is that everything you do online can be tracked backed to your real world identity. What happens when all the major tech platforms require some kind of attestation to participate and publish information? Can you still criticize politicians and rich people after that?
At that point I'd rather just go to BestBuy and buy a "not a bot" card for $100 cash.
The insurance on what I linked is that the issuer cannot see who redeemed the token, so the issuer can’t link an individual to what sites they visited.
> The publisher site makes a request to the issuer to redeem the trust tokens.
They don't explain it very good because that makes it sound like they're asking the issuer to validate a token which implies the potential to correlate it to the user.
That whole scheme seems pretty bad IMO. It looks like it boils down to sites sharing trust data which means huge platforms are going to become the arbiters of who's good vs bad. Even if the system works well and sharing trust info reduces bots and bad actors, it's going to have a negative effect on new market entrants because it's likely they'll have to buy trust data rather than having some kind of peering arrangement.
It seems like big tech companies are hellbent on controlling every minute of our lives. It's disappointing.
This might hide identity from the person requesting the info, but not from the trusted authority. In theory the authority could collect data on where requests are coming from, or where the certs are used. To my knowledge, there's no way to completely hide identity while also verifying an attribute and ownership.
There are actually ideas using crypto to provide proof of properties without a trusted entity having to know what the proof will be used for, and without the requester of the proof being able to learn more about the identity. E.g. (in french) https://linc.cnil.fr/demonstrateur-du-mecanisme-de-verificat...
Now i think it is still either a dangerous slope, or it will end up inefficient, because of credential sharing; the typical modern idea to avoid that is to require the user to have a locked smartphone, wich is quite an intrusive requirement.
This is close. But I believe an attacker could use the signature to tie it back to a user if the gain access to the trusted authority information. There's no way to do it truly anonymously. Even the article recognized its pseudonymous.
I don't see anything in that link explaining how one could verify age while remaining anonymous to all parties. How does one verify the age is correct and associated with the true person? It also seems the cert is for specific sites. So doesn't that mean the identity provider (trust anchor?) who verified the age now has a list of which sites you're using your certs on sinc eyou must define a reciever (recipient domain?)? Maybe you can explain the flow in an example?
>So doesn't that mean the identity provider (trust anchor?) who verified the age now has a list of which sites you're using your certs on sinc eyou must define a reciever (recipient domain?)? Maybe you can explain the flow in an example?
When a trust anchor does verification and issue you the certificate, you get a PEM file, their connection to the process is done. Yes they know who you are but can't track what you do with the certificate after they issue it to you.
On the other hand if you were to use that certificate to commit a crime, the signature will provide access to the trust chain, thus law enforcement could use it to find you by reaching out to the issuer. This is a feature not a bug, it combines privacy and accountability, no different from conventional non-digital world expectations.
The use of receiver id, happens after you have the certificate, the issuer is not involved. The receiver id is for the benefit of the receivers of signatures from your certificate, it allows them establish a sticky anonymous cryptographic identity for you without knowing who you are, this is a way again to have privacy while having accountability. This demo touches on the approach: https://www.youtube.com/watch?v=92gu4mxHmTY
Reach me via my profile if you're interested in knowing more.
Yeah, so the government can track you, and really anyone who gains access to the signature and trust chain can track you. The trust anchor also has to verify your identity to verify your age in order to issue the PEM file.
So to answer my original question - no, you can't anonymously verify age. Someone has to verify your identity (a central authority in my comment, which in your system is a trust anchor) and your signature can be tracked back to you (as a fearure).
I missed your concern about pure anonymity in the whole process, the answer is NO.
You can't have such a system that is totally anonymous, it is private but not anonymous. This means it is largely anonymous but for instance law enforcement might be able to track you down...I happen to think this is a good balance though I am sure not every one agrees.
It's not just law enforcement though. With the way the laws are today, you could have the trusted entity selling that data if they're partnered with some consumers. If you save the cert usage (on the consumer side) you could eventually utilize it if the trusted entity changes hands, policies change, etc. The government is also a potential malicious actor depending on which government and how you want to define malicious.
Of course there are other issues in the chain concerning anonymity, like ISPs.
Yes and no. You could prevent most people from accessing the identity and superfluous info including exact age, but that would require a trusted central authority to essentially provide a yes/no answer for a given age threshold.
So the answer is "no", since you are still revealing your identity to the intermediary, and can not subsequently control how they use that information.
True, the answer is always going to be "no" depending on how hard-lined you are about privacy.
But with a few reasonable concessions, you can get a lot of benefit.
For instance, most people believe that the government itself be able to verify your identity, through birth certificates or passports or drivers licenses or tax IDs.
If you're willing to allow the government to verify your identity, how about a trusted private company that you get to select?
If that company is then trusted by others as an identity verifier, then although you may have to reveal your identity to one trusted entity, you don't have to reveal your identity to any of the others that accept their attestations about attributes like age.
There's an easy fix for that: use as an intermediary a service that already knows who you are.
Age verification should involve three parties: you ("the User"), the site that wants to know that you are past a certain age ("the Site"), and the service that actually checks your age by looking at your documents or whatever ("the Service").
Using protocols based on zero-knowledge proofs or blind signatures it is possible to design a protocol whereby (1) all that the Service learns when the User uses them to verify for some site is that the User has asked to verify for somebody but they don't know who, (2) all the Site learns is that the User passed the age check and used the Service to do it, and (3) someone how obtains complete logs of both the Site's age verification communications and the Service's age verification communications cannot figure out how to match them up except by timing.
To elaborate on matching records from the Site and the Service, if for example the Site only had one user sign up in the last month who used the Service for verification and the Service was only asked to participate in one verification that month then you can infer the User's identity.
If the Service is doing lots of verifications for a large number of sites, so during the few seconds that your signup or login at the Site is being processed at the Service there are dozens of other verifications also going on there involving dozens of other sites, then someone who gets records from the Site and the Service gets dozens of people who might have been the one who actually used the Site.
We can make it even harder for someone to match things up. First, we can add random delays between the the User initiating a signup at the Site and the User initiating verification with the Service and between the Service's finishing of that and the User using that result to complete signup. So now someone who obtains signup records from the Site and tries to use timing to match them up to users of the Service will need to look at Service records from a wider interval.
Second, the User's client can make random dummy verification requests at random times. That increases traffic to the Service which helps make it harder in general for timing analysis to work. It also makes it so if someone is trying to figure out who signed up at the Site on a specific time and they find you did a verification in the right timeframe and ask you what you were verifying for you can say you weren't...it must have been one of the random dummy verifications.
Third, there should only be a few providers of the ID checking side of this (the Service). It would probably make the most sense for this to be handled by government, probably be the same departments that issue the ID documents you will be using to prove identity. This helps ensure that they are dealing with a large number of verifications, which is the key to protection against timing attacks.
It would be fun to have a committee to decide--regularly, maybe even weekly--what sorts of timely questions should be asked to determine if someone's old enough to view porn. The meetings would be hilarious!
Everyone knows the classics like showing a picture of President Clinton at his desk and asking the question, "How many people are in this picture?" or show them a picture of a pager and ask, "what is this device?" but for such a committee it would actually be cutting edge research! They'd need to keep track of cultural influences that came and went on a weekly basis (or at least monthly).
"Meme Archivist" could actually be considered a respectable and lofty position in government!
The bigger concern for me is not the blocking/censorship angle to this bill (though that is a concern), it's the business angle. Jim Balsillie and his business lobby groups are pushing really hard on this because they smell an opportunity.
In Canada we have a hopeless addiction to bad regulations that strangle all the competition out of our markets through regulatory capture and government-created monopolies. Our wireless market is one of the least competitive and most expensive in the world. Our aviation sector is completely dominated by 2 airlines which are barely competitive at all. Our news media marketplace was recently devastated by Bill C-18 (the Online News Act), another ham-fisted cash grab designed to enrich the big Canadian media companies (PostMedia, Bell GlobeMedia, Rogers Media) which backfired and destroyed a lot of Canadian independent media outlets.
I think this bill, should it pass, will lead to the creation of another regulatory-enforced monopoly. Honestly, it feels like Canada is falling into some kind of neo-feudalism with all this nonsense.
Centralization like this is an unacceptable single point-of-failure, and a dangerous risk for a single point-of-capture.
The solution is technology coming loaded with the tools and features that make it easy for parents to monitor and regulate what their children see - and not by fear mongering by a government-state looking to have their fingers and eyes on everyone, integrated fully into our information channels.
Reminder that Trudeau has said on video that he admires China's - the CCP's dictatorship. Take that for what you will.
Fyi, Canada has a history of leading change in internet standards (Facebook, 2008). Governments around the world are looking for solutions. When Canada gets a reasonable standard out first, its broad principals tend to be adopted by the larger countries/alliances that generally move more slowly.
I don’t think your examples support your claim. A single website/company changing their practices in response to Canada is not evidence that other countries adopt Canadian standards. Do you have any examples of that specifically?
To state the obvious: If you go there (or require diplomas and/or licenses to access material) the requirements won't be static enough to rule out obvious stupid shit being included.
0: I have not seen any data to show this would work. Kids would just buy and sell usb sticks filled with porn.
1: Life is already good in Canada, except for the housing situation and low wages.
2: People have a need to feel special and politicians are people.
3: Some people meet their need to feel special by changing their surroundings.
4: Since Canada is already good, except for wages and housing, and politicians can't figure out a way to fix that, they're meeting their need to feel special by being controversial.
5: Debating controversial subjects makes politicians feel special and important.
To me (a Canadian), there's been an implicit shift in the base expectation of privacy over the years — one might call this an "erosion of our un-formalized, but natural, right to privacy."
I don't think this is anything in the cultural zeitgeist. There's been no shift in the desire for privacy; the public hasn't become more concerned over time with snooping on their neighbours. We've just gradually had the privacy we wanted taken away. This is something the state has been doing to us, through the passage of law.
But, crucially, I also don't think that this has been the plan of any particular political party. "Eroding privacy" isn't on any party's platform; nor even is any benefit to which "eroding privacy" is the cost. This is not the effect of partisan politics. Privacy erosion has been happening just the same no matter who's been in charge.
Rather, I think what's been happening to privacy, has been happening almost by accident, by an inherent flaw in the "internal architecture" of our informal political institutions — not the executive/judiciary/etc, but the political parties, the "deep state", and so forth. This is what I think is happening:
• Politicians are in some ways "public figures" and have no privacy; but in other ways have already had their lives engineered systematically to ensure their privacy (coincidentally, in the name of national security) — down to being told what apps they can and can't install, using special secure phones, having meetings in special secure rooms, being driven around in the back of sound-proofed limousines, etc. Politicians have an entirely out-of-whack experience of "privacy" compared to anyone else, and so don't really understand that "privacy" is, for the average citizen, something maintained these days mostly by making market purchasing choices to use "privacy-preserving" technologies instead of "privacy-violating" ones; and that the existence of these privacy-preserving technology products/services are not enshrined in law, and can easily be annihilated by accident by bills that seek to do something else (e.g. protect children.)
• Along with this, those in the "deep state" that politicians speak to about technology and privacy issues, are themselves in the strange position of having been thoroughly picked over (security-cleared) as having absolutely nothing interesting about them that they would need to keep private. Departments entirely composed of such individuals, will have extremely skewed views on the need for privacy. (Thus why such departments elsewhere, had no internal revulsion to implementing e.g. PRISM — nobody in the room had anything to hide that PRISM would expose!)
• And also, the political parties, the "deep state", and any associated parts of government (e.g. an appointed judiciary) are all generally seniority-based systems. Which means that, inevitably, the people at the top who make most of the long-term decisions and "steer the ship" (not the Prime Minister, nor the MPs — but rather, party leaders, and the long-serving heads of departments working directly below cabinet ministers, etc) are all quite old. These "old hands" generally no longer attempt to keep up with the rapid pace of technological progress, and have fallen far-enough behind the curve that they have no sense for the current technological landscape having a major dividing axis of "privacy-violating" or "privacy-preserving" that a citizen might feel the need to care about. Instead, these "old hands" just feel a kind of Amish-like hesitance toward all technology — fear for what technology could do/enable. They hear reports from citizens about what some (usually privacy-violating) technologies have done; and rather than this moving them to opinions regarding privacy, this instead reinforces their beliefs about technology itself as being a modern boogeyman — with technology companies not serving the public good, and therefore technology-sector lobbyists and their pet issues being actively deprioritized vs other lobbies (esp in this case: the crime-reduction lobby.) Which means that these "old hands" are tuning out the words of Google and Meta (probably for the best!) but also tuning out the words of the EFF (very bad!)
---
I'm sorry to say that I personally have no suggestions for what to do about any of these effects. They seem pretty inherent in the design of the informal institutions themselves.
We could perhaps formalize these institutions, such that they could be regulated? Reify "political parties" and "executive departments" as their own concepts in law, and legislate their leadership structure and selection processes, to prevent them from defaulting to seniority? But I feel like this would be throwing the baby out with the bathwater — there's a lot we gain by having short-serving elected politicians (who can say what the public wants these days), working together with long-serving public servants and appointees (who have seen all this before, and can keep long-term-project balls in the air.)
It seems somewhat obvious to me that even doing nothing, generational shift will help. Once the leaders of these institutions pass on, and are replaced by leaders who grew up in the current technological milieu, a concern for privacy might arise, with the government then seeking to backpedal on the erosion of privacy that has come before. This might take another 30 years, though. And although they'll then be conscious of privacy, something else — something that is only coming into the public consciousness as an issue today, and which likewise won't have an effect on the political class — will likely be left to erode in its place, due to those politicians having no foundational experience with it.
Technology has evolved and users don't control their stuff any more. All kinds of things like parts serialization, cryptographic attestation, etc. are finally getting to the point where it's impossible to bypass the controls.
As those solutions get polished and become more accessible, we'll see a rapid increase in products and services where users never truly have control over them.
Even worse, I'd say that between businesses and people that want to keep their kids safe, the majority of people will opt-in to boot-locked PCs if they're marketed for safety.
Give it a bit and I bet Microsoft will start offering some kind of secure or safety mode for Windows PCs. The TPM requirement on Windows 11 must have some long term goal associated with it, and perfectly locked down devices doing attestation is likely part of their identity play. Whether it's attesting for or against the user is another question.
"An entire generation learning to obey big brother for face the consequences sounds like a good thing, the youth need to learn their place. I support this" your unstated counterargument.
Where are all the Blockchain peeps at? That should be right down their alley... Oh wait maybe not enough surveillance potential or just straight up doesn't work
So many people will put up with the most heinous and blatant rights violations in the name of safety or health but as soon as you start making it more difficult to get unlimited free pornography, that's when it suddenly becomes a problem.
Canada is turning into Totalitarian state with no freedoms or ability for privacy. As an expat I’m really sad to see how spineless my fellow Canadians are at standing up to Justin Trudeau and his fascism. I admired the truckers but the fact Trudeau used the War Measures Act or whatever it’s called now to trample their freedoms makes me sick. The fact a tribunal said they were wrong to use it is cold comfort years after the fact and no one was held accountable.
I’m anxious for Polivore but worries he will be exactly the same instead of rolling back the policies Trudeau put in place.
If you worry that party B will be just as bad as party A in your measure of concern, then why are you using partisan language to describe your concern in the first place?
Privacy seems pretty orthogonal to partisan politics to me — it's not something that appears on any party's platform, nor is it something that any voter I know of has ever said is their highest concern for choosing an MP to elect (and how could it be, if candidates aren't even expected to hold public positions on the issue?)
Because the Liberals are the ones that have fucked up the last 9 years. The PCs fucked it up under Stephen Harper, the most anti-Canadian PM in history until Justin Trudeau. I could have tolerated his sickening virtue signaling but his use of the War Measures Act is the most fascist anti-Canadian act in history and I will never forgive him.
The underlying problem is that every government gets lobbied by special interest groups and it has a significant impact on policies and legislation. That's exactly what's happening here. A lobbying organization is trying to convince politicians we need this legislation and the underlying motive is that the people funding the lobbying group are going to be the ones selling the solutions needed to comply with the law.
The article says "the government has called the bill “fundamentally flawed”, but there may be sufficient House support to turn it into binding legislation"
Sounds like Trudeau is not the problem in this instance?
Just like last time this was posted, I'm here to remind you that the Liberals are the only ones not supporting this bill. It was introduced and enthusiastically supported by the Conservatives. Your hatred has blinded you.
I went to the U.S. and am making more money than I ever could have in Canada and living in a house that I never could have afforded. The tuition per kid that I’m paying right now for elementary school is more than my salary that I was earning in Canada.
The Canadian brain drain is real and that’s because the politicians completely fucked up what we had previously which was a dominance in telecommunications. Ottawa could have truly been a “Silicon Valley of the North” but they fucked it up and couldn’t get around the idea that you have to grow prosperity, not tax people to death.
25 years later the gap between Canada and the U.S. is immense in terms of technical excellence and I don’t regret my decision at all to leave. I’m not going to sit around and become a slave to the worthless politicians, both Liberal and PC so they can siphon all my wealth like the Matrix in some delusional belief that it’s “patriotic”.
Ah yes those cowards -- like all the multicultural immigrants that built Canada and have made it a prosperous country. Cowards to leave their counties, etc /s
It dawned on me the other day that millennial men, being the first generation with access to seemingly unlimited amounts of porn from a young age, are not a bunch of sexually deranged rapists. In the same way we aren't a generation of murderers despite growing up on golden eye and counter strike.
You probably don't want your kids looking at porn, but I also think it's miles (kilometers?) from the point where we want a surveillance state in order to stop it.