by cianmm on 1/7/24, 4:16 PM with 259 comments
by hn_throwaway_99 on 1/7/24, 5:48 PM
Slightly sidestepping the issue of needing an ID for porn in the first place, though, I wanted to comment on the extreme shortsightedness of any sort of ID verification laws (most specifically, financial KYC laws) that require that each individual company verify and store your identity documents themselves. This is quite simply a data breach hackers dream. For example, when Stripe released their Identity product, which captures ID images and selfies, people were at first surprised that the businesses needing ID verification had full access to the ID images (after all, this is contrary to their credit card processing services where businesses never can get access to full credit card numbers, which is great as it keeps those businesses out of the most arduous requirements of PCI rules). But Stripe explained they had to give every end-business access to all the full image data for regulatory compliance reasons.
It would make much more sense to rewrite the regulations so that 99% of companies would never need to store identity verification info themselves, but could just delegate that to an approved provider who has much more stringent security checks (or better yet, allow people to cryptographically sign info to prove their identity without giving up their whole passport image, but that's a ways off). I'm not saying this would solve all issues (big companies get hacked, after all), but I hope by now we've put to bed the idea that companies, generally, can secure their data against determined hackers.
by cabalamat on 1/7/24, 5:42 PM
I'm sure this data would never fall into the wrong hands or be misused :-)
by janice1999 on 1/7/24, 6:49 PM
Examples include knowingly illegal phone record collection and use in dubious murder cases [0], using medical and school records to pressure parents of disabled children to settle court cases against the state when most vulnerable (and lying about it until caught) and secretly recording all calls to police stations including non-emergency numbers likely to catch whistleblowers [2].
That doesn't include all the private sector scandals, like data breaches that went uninvestigated and unpunished.
[0] https://www.theguardian.com/law/2022/apr/05/mobile-phone-dat...
[1] https://www.irishtimes.com/news/ireland/irish-news/dossiers-...
[2] https://en.wikipedia.org/wiki/Garda_phone_recordings_scandal
by James_K on 1/7/24, 5:53 PM
by highwaylights on 1/7/24, 6:03 PM
This seems much easier to police, gives 80% of what the legislators are trying to achieve, and doesn't require entrusting KYC to a bunch of dodgy websites.
Sure, it won't block VPNs and there would be problems at the start while things migrate, but if realistically your goal is to keep kids off adult websites then it's at least more reasonable than this proposal to entrust the parents/guardians with some amount of responsibility to make sure the safeguards can't be circumvented on their kids' devices.
by grork on 1/7/24, 6:01 PM
We don’t need stupid headlines to make this idea sound dumber, and kinda distracts from the real issue of biometric verification for websites being a stupid idea.
by dachworker on 1/7/24, 5:53 PM
by brvsft on 1/7/24, 6:03 PM
The linked article from Irish Examiner has a more accurate title:
> Porn sites may require passport details in order to stop children from using them
by malux85 on 1/7/24, 5:44 PM
Even if the big sites farm this out to third parties, unscrupulous imitators could harvest personal info on an enormous scale for sale on the dark web.
by karaterobot on 1/7/24, 6:36 PM
by Lapalux on 1/7/24, 5:42 PM
by antiquoom on 1/7/24, 5:56 PM
Submitting one's identity documents to access such websites is of course very easily avoided, by simply choosing not to consume pornographic materials online.
by AlbertCory on 1/7/24, 5:53 PM
by throw0101d on 1/7/24, 6:06 PM
* https://en.wikipedia.org/wiki/Platform_for_Internet_Content_...
* https://www.w3.org/2007/powder/
Throw some <meta> tags in and browsers can parse: then have a password-protected "filter controls" area in settings (and perhaps a GPO for corporate environments).
I would think that the porn companies throwing some money at web browser developer resources to implement this wouldn't be a bad idea. Every time this idea comes up (again) they can point to it and say "we did our part, now it's up to the parents" (or whatever).
by Blackstrat on 1/7/24, 11:03 PM
by boh on 1/7/24, 7:16 PM
by ortusdux on 1/7/24, 6:02 PM
by rappatic on 1/7/24, 8:37 PM
by yetanother12345 on 1/8/24, 12:28 AM
This is the national internet regulator proposing that it would require that everyone, adult and children alike, would upload their state ID and live selfies, to porn sites to have biometric processing of their facial images performed. Resulting, amongst other things, in an effective register of porn preferences for adults and a collection of selfies of children kept by the porn sites for six years[0]
Anyone see something slightly worrying here? Anyone? Just asking rhetorically.
[0] TFA
[1] Not only porn sites, but any site which allows you to post a video (TFA)
by sacrosanct on 1/7/24, 6:11 PM
One concern is that there are tech-illiterate people who fall victim of such an ID system and don't use a VPN to bypass it. I don't have numbers/stats, but I imagine a good chunk won't be using VPNs.
There is also another concern I have; that this verification database could be breached and people's 'preferences' are exposed. The only way to avoid such a breach is to not collect such data in the first place.
by asylteltine on 1/7/24, 6:30 PM
by righthand on 1/7/24, 8:17 PM
by jimnotgym on 1/7/24, 5:39 PM
by doubled112 on 1/7/24, 5:46 PM
Time for a rewrite.
by matteoraso on 1/7/24, 8:01 PM
by toldyouso2022 on 1/7/24, 8:50 PM
by wkat4242 on 1/7/24, 5:40 PM
A few years ago a hospital even let a woman with a miscarriage die because they didn't want to intervene.
by mulmen on 1/8/24, 4:11 AM
by riffraff on 1/7/24, 6:32 PM
by shikon7 on 1/7/24, 5:49 PM
by dbg31415 on 1/7/24, 6:11 PM
by bArray on 1/7/24, 7:41 PM
It's interesting how quickly the EU went from a Trade Union to a Government consisting of states.
by motohagiography on 1/7/24, 6:27 PM
by jimbob45 on 1/7/24, 5:47 PM
However, I don’t get going after porn before going after casinos. Casinos ruin lives and wreck economies far worse than porn could ever hope to. Going after porn before casinos feels like going after kitchen knives before AR-15s.
by xeckr on 1/7/24, 5:48 PM
by duringmath on 1/7/24, 6:12 PM
by nprateem on 1/7/24, 6:38 PM
I hope this journalist never has to do any actual critical thinking. It goes without saying that obviously children wouldn't upload selfies if they're under 18 and that's the purpose of KYC.
by lowbloodsugar on 1/7/24, 6:45 PM
by beebeepka on 1/7/24, 7:29 PM
by hn_acker on 1/8/24, 5:01 AM
...
> Also, these restrictions won't just limit and record access to porn sites. They can be applied to any sites which contains material the Commission decides may be legal, but on the other hand, oughtn't be seen by children. In other countries, this has been the kind of legal provision which has seen libraries restricting access to books involving LGBTQ+ themes, racial justice themes and anything else you could imagine the Burke family objecting to.
Protecting children is the emotional wedge for introducing age verification requirements. Video sites are the wedge into all internet sites. The legislators' emphasis on porn is a wedge into any speech (including otherwise legal speech) the government claims is harmful for children. That government-mandated age verification would protect children is an assumption, full of uncertainty of the beneficial first-order effects and full of ignorance (willful blindness?) of the obvious detrimental second-order effects. Mandatory age verification requires mandatory data collection, and strangers are going to read that data: some first-party websites will be forced to collect more information than they currently do; third-party websites involved in the collection and verification processes will collect data as well; and the government will get information about the citizens' internet habits from websites. Adults will lose their privacy because people who have no business knowing their internet habits will know them.
Children will lose their privacy, and more. They will grow up learning that it's normal to give their personal information (including but not limited to relatively immutable biological details such as faceprints) to strangers. They will grow up learning that it's normal for the government to know every website a person visits online. The offline analogue is for the government to know every building a person visits offline. No matter how noble the current government's current intentions may be, a stranger has by default no right to know that much about a person's life.
Movie theatres can show childrens' films and adult films. The movie theatre doesn't have to store anything about age other than "minor" and "adult". Libraries and bookstores can contain childrens' books and adult books. Malls contain stores for many audiences. Clothing stores have sections for children's clothes, modest adult clothes, and risque adult clothes. You know what the normal way for a child to visit many such buildings is? A caretaker (maybe a parent, but not every child has a parent) brings the child and supervises. On the other side of the equation, it would not be normal for a mall to collect people's ages at the mall entrance (the adult-only stores inside being a different story).
A website should have the option to verify age, and the alternative option to require no more than a self-reported "are you at least 18? yes no". Government-mandated age verification is burdensome to small websites, especially small platforms for user-generated content. If a website could choose to remove potentially harmful content instead of verifying age, then the burden would still be too large for small websites. Might as well not host user-generated content at all. Large internet companies like Google and Facebook would eat the costs either way. Small websites would have to rely on third-party age verification services. Software for age verification will be predominantly proprietary or not available to the general netizen or both, so the average person won't be able to know how much information the websites collect and store. What's more, lawyers and judges in privacy-related or accuracy-related court cases (especially regarding biometric verification) will have a hard time examining the software.
Making every website collect information the way a bank does is applying a hammer to problems that are not nails. Don't make the entire internet a bank. And as Mike Masnick wrote, "The Internet Is Not Disneyland; People Should Stop Demanding It Become Disneyland" [1]. "Are you at least 18? yes no" paired with proper parenting/caretaking can go a long way. Proper caretaking is not simply knowing what the child does on the internet. It's knowing that the child might visit the internet while the caretaker is occupied. It's teaching the child early on that not all websites are for children. It's setting up parental controls while understanding that parental controls are imperfect, like one slice of Swiss cheese [2]. You are a Swiss cheese layer. By teaching your child what to do if they stumble upon the wrong websites, you will be turning your child from a hula hoop into their own Swiss cheese layer. When you find out that your child stumbled upon porn, you can talk to your child about the incident. As a caretaker, damage control is a necessary part of determining healthy boundaries. Additionally, I don't expect the damage to a younger child from accidentally viewing porn to be as proportionately severe as the damage to an under-21 college freshman from drinking alcohol at a party. You can't talk brain damage from drugs out of someone. But I'm assuming that you can talk the harm from an accidental porn incident out of your child.
I like the idea posed by mjevans [3] to make websites respond to a self-reported "kid mode" - as a header in a web request, I presume - by redirecting to a child-friendly site. Websites could also respond by serving only content manually confirmed to be child-safe according to the website's interpretation of the law's definition of child-safe. As part of supporting the "kid mode" header, the website would have to respond with a "kid mode" confirmed. Parental controls on the device would include the "kid mode" header in all web requests whenever kid mode is on. If the website doesn't return the "kid mode confirmed" header then the parental controls can cancel the website visit. Adults would simply leave kid mode off for themselves. The burden on websites (learning how to send a 301 redirect status code at the simplest) would very low, and would avoid the data collection and other privacy problems of age verification.
[1] https://www.techdirt.com/2022/09/20/the-internet-is-not-disn...
by cynicalsecurity on 1/7/24, 6:02 PM
by antisthenes on 1/7/24, 7:10 PM
Will they make search engines provide relevant porn results for me then? I have to wade through thousands of irrelevant and disgusting stuff that doesn't fit my porn needs.
by hulitu on 1/9/24, 5:52 PM
They (the Irish state - ministers, elected officials) shall do it forst and publish it. Then we will follow suit. /s
by Havoc on 1/7/24, 6:52 PM
Why not just make everyone live stream their wank? /s
by ativzzz on 1/7/24, 5:57 PM
I don't know what a reasonable solution is. We forbid selling alcohol & cigarettes to people under a certain age because we deem it unhealthy for children's development, but we don't have the tools to do that for internet porn on a societal scale. Is digital ID the right solution here? Is there a better way to do this? The HN mentality is to tear down digital walls, and is it even possible without seriously harming the open web or personal privacy & security?