This also isn't helpful, but I think the sudden push of urgency isn't helping. The internet has existed without any kind of age verification or safety measures for about 30 years. We could have used that time to have a sensible conversation about policy trade offs, but instead we've waited till now to decide that everything has to be rushed through with minimal consideration.
That's the flow that California's age verification system uses. Personally, I'm opposed to any age verification beyond the current "pinky promise you're 18" type deals, but California's is the least intrinsically offensive to me.
Doing this doesn't accomplish anything in terms of protecting children from the harms of the internet. In fact it feeds your child's age to marketers and child predators.
Every website will get to decide how to handle the age data our devices will now be supplying them. In the case of facebook, it's not as if they had no idea the children endlessly posting selfies and posting "six seven" on their service weren't adults. Facebook was 100% aware that the children using their service were children. They knew what schools those kids went to, who their parents were, which other kids they hung out with. Facebook knew they were children and they took advantage of that fact.
The law California (and other states) passed doesn't define what content has to be blocked for which ages and doesn't give parents any ability to decide what content their children should or shouldn't be allowed to see. It takes control away from parents. As a parent, I might think that my 16 year old should be allowed to look up information on STDs but the websites that collect my child's age could decide they can't and I'll have no say in it.
No, but it's a framework that would allow other laws to do so. Because...
> it's not as if they had no idea the children endlessly posting selfies and posting "six seven" on their service weren't adults.
...you can make statements like that which sound like common sense, but it would be incredibly hard to regulate based on "if you know, you know" (or "you should have known"/"you had to have known"). The law has to provide (guarantee) a way for them to know in order to actually require them to take action based on it.
> As a parent, I might think that my 16 year old should be allowed to look up information on STDs but the websites that collect my child's age could decide they can't
This is a different problem. It sounds like you're essentially wanting to guarantee access to certain things, not just for your own 16-year-old, but for everyone else's, too (because if it was just yours, you could look it up for/with them if necessary). It'd be difficult to compel businesses to provide services to audiences they don't want to. But again, that's a separate problem that doesn't necessarily conflict with the rest of the system.
I worry that's it's the start of a lot of "other laws" which will limit the ability for children and adult's to maintain even pseudo-anonymity online.
> The law has to provide (guarantee) a way for them to know in order to actually require them to take action based on it.
That sounds like an argument for even stronger proof of age than what the law calls for. Online platforms should do what nearly every other publisher does and provide a rating for their content. Netflix doesn't need to know how old I am. They provide a "kids" profile populated with their own curated content if that's the kind of thing I want and for everything else they provide ratings (PG, R, TV-14, etc.) It would be easy enough to push a rating to clients, they could even use HTTP headers for it. If lawmakers really felt the need to interfere in all of our operating systems it could require some means to collect and act on those ratings.
> It'd be difficult to compel businesses to provide services to audiences they don't want to.
This is the norm. It's what every business does apart from those who demand ID for every transaction. It's useful for businesses to give people their opinion or intention for who they're targeting, but it's entirely inappropriate for every website and online service to force their opinion onto others. They aren't qualified to know what's appropriate for a specific child and platforms like facebook have repeatedly demonstrated that they absolutely can't be trusted to put our children's interests above their own.
That only happens to "publications" of particular forms where state regulation has mandated it, or enough noise was made about state regulation mandating it (or simply censoring content) was made that the industry adopted a rating system as a way to discourage that (and in the latter case, there are always plenty of publishers that don't make use of the industry rating system, either at all or at least for selected publications in the field to which the ratings nominally apply.)
> They provide a "kids" profile populated with their own curated content if that's the kind of thing I want and for everything else they provide ratings
Netflix does not provide ratings for "everything else". Most of what they carry has either MPAA or TV Parental Guidelines ratings, and if it has such ratings they provide them. But they have content which does not have such ratings, which is simply noted as not being rated. (Of course, if "not rated" as an option is a valid to comply with your "you must have ratings in an HTTP header" law HTTP header, then it is trivial to comply and provide the "not rated" header for every piece of content, but this doesn't actually achieve anything.)
That's fine, but it needs an enforcement mechanism, or we're back to where we currently are ("click here if you're 18").
> It would be easy enough to push a rating to clients, they could even use HTTP headers for it. If lawmakers really felt the need to interfere in all of our operating systems it could require some means to collect and act on those ratings.
I would completely agree it seems reasonable at a glance to have websites push ratings and have the enforcement be done e.g. at the web browser level (with the web browser knowing how to enforce based on the OS's supplied age bracket), rather than making websites read the age bracket and act on it directly. Although it does still run into questions about how you handle websites with content from multiple brackets (like Reddit or X)-- what's the UX supposed to look like if a child attempts to access adult content on one of those platforms? If the platform can't know what's happening (due to your privacy/safety concerns), then you're limited to the web browser entirely breaking the interaction or somehow redirecting them somewhere else.
It'd be dead simple to tell if a website returned a rating or not, just pull the http headers and if it isn't there fine them or warn them first and then fine them or whatever. You could even have browsers just refuse to load pages that didn't include a rating header in their response and enforcement would take care of itself.
> it does still run into questions about how you handle websites with content from multiple brackets
I think it'd be up to reddit (or mods) to either set ratings for each subreddit and moderate accordingly. Pages at /r/MsRachel/ would return a different rating than /r/watchpeopledie.
Same with twitter I guess. Every user can specify if their account was intended for children or not. Elmo's twitter account would be shown to everyone, while accounts that don't intend to self-censor wouldn't.
> what's the UX supposed to look like if a child attempts to access adult content on one of those platforms?
browsers that detect a rating higher than authorized can just throw up an about:blocked page telling kids to talk to their parents for access to the page they wanted or click the back button to return to the page they were on.
The platforms would see that a page was requested, and they'd transmit the data to the client along with the rating header. They wouldn't get any signal that the page was blocked. It'd look no different on the server side than it would if the user had clicked a link and then closed their browser/tab/window. If you wanted to be sneaky, you could actually have the browser load the page in the background to avoid platforms guessing between a closed tab and blocked access.
This not only solves the privacy/safety concerns, most importantly it puts parents back in control of what their children can access. Parents would even be able to run software that would log the times/urls of blocked pages, and let them override a rating based on URL or domain. Parents could block roblox.com even though it returns a "for kids" header if they didn't want their 8 year old playing in an ad infested online pedo playground but still allow their mature 10 year old access to plannedparenthood.org even though it has an adult rating without exposing them to adult everything else on the internet.
There are countless better alternatives to what facebook wants us all to be subjected to, but facebook couldn't care less about our interests they are only looking out for themselves and lawmakers are happy to take their bribes and eager to erode our ability to browse without an ID attached to our every action.
On HN itself, no way. Too many people here make far too much money on ads to want that. It seems the other part that want freedom also want so much freedom it gives huge corporations the freedom to crush them.
>things than a digital age verification that doesn't track every time you use it.
The big companies that pay the politicians don't want that, therefore we won't get that.
There is always a conversation, but it is often not the popular one and gets drown out by whatever everyone is excited about at the moment. You can find it if you seek it out.
Lawrence Lessig’s book “Code” (1999), for example, talks about how a completely unrelated internet is an anomaly, and that regulation will certainly be necessary, and advocates that it be done in a thoughtful manner.
It's really either they can't track you or they will track you.
The ideal scenario would be everyone choosing not to engage with these predatory platforms. Going from there, the right question to me is what steps we have to take as a society for that to become even remotely realistic and, subsequently, what role governments can or should have in that.
For starters, I would be in favor of fines that actually hurt the bottom line instead of this "cost of business" bullshit. We have handed these corporations unprecedented access to and control over our lives, to the point that they erode democracy and the social fabric itself. The inevitable abuse of that power when it comes with barely any strings attached needs to be punished in a way that makes it unattractive as a business model at the very least.
Instead of lowering the attack surface by locking out kids, and in turn introducing mass surveillance which at best also lends itself to abuse, the root issues of ruinous greed and lack of accountability need to be addressed. The whole concept that there is no price too high for profits needs to burn. Social media is just one of the more recent manifestations of it.
Unfortunately, social media users don't have billions of dollars to spend on lobbying and related activities around the world.
These lawsuits and regulations are against the industry, not the users.
The regulations and lawsuits are driving the pressure to ID check users and remove end-to-end encryption.
Instead we are saying "only adults should use this" which, while technically regulating the industry, places the restriction on users.
We're treating it like tobacco or alcohol (2 industries who have similarly spent millions upon millions of dollars in lobbying efforts) but we should be treating it like asbestos.
Just because I don't know how to write a law that can prevent it doesn't mean that I can't recognize an actual issue when I see it.
It's all Trump style "believe me I know how to fix it" and you will vote for the person that pushes your buttons regardless of whether they have a plausible solution or not.
Forcing the users to verify their age changes nothing. It gives the illusion of "doing something" but it just gives facebook data they already had. What's still needed is regulating social media platforms themselves to place explicit limits on what they can do to hurt their users, including children.
Especially since, when you look at the behavior of younger people, they're way more careful about social media than millennials were. My teenage child an their friends keep all of their conversations in a massive but private group chat. Any social media consumed by them, is basically 'read only'. They don't post online, none of them of have social media accounts where they post pictures of themselves etc.
Same with all of my younger gen-z coworkers. If they have socials the post very selectively and all content is work friendly.
The people I see that need "protection" are aging millenials that don't really understand how wildly they're exposing themselves and families. I cringe when I see the amount of personal photos and information shared by the view millenials I know who still need their ego-boost from these platforms (and that number itself is much smaller).
Younger people don't share their opinion and anything resembling private photos online any more.
Absolutely are a lot of gen z who avoid social media, but to pretend most are privately hunkered away is completely ignorant of today's social media usage.
The “think of the children” angle is the perfect angle to pressure companies to make communications readable by the government. And here tech audiences are welcoming it and applauding because they couldn’t read past the headline and they think anything that hurts Zuck is good.
How anyone can see this happening and not draw the connections to Discord and other services also pushing ID checks is beyond me. Believing that this will only apply to services that don’t effect you is short sighted.
I unlurked and made a thread last night, but I think it might be hidden due to account age: https://news.ycombinator.com/item?id=47511919
I have read the OSINT report from Reddit. The data it has is being interpreted as Meta orchestrating a global lobbying scheme.
However the data is equally if not more supportive of Meta simply taking advantage of global political sentiment to position itself better.
I’ve mentioned this elsewhere, but the HN zeitgeist seems to be resistant to the idea that tech is the “bad guy” today.
I work in trust and safety, and have near front row seats to all the insanity playing out today.
Critically think about this for a second before believing some ChatGPT generated "OSINT" report on reddit. Otherwise, you'll allow corpos to use your mob hatered against you
Even your point - meta is not after mandated IDs, but they see the way public opinion is moving and are using it to their tactical advantage. They are lobbying to push the regulatory burden on app stores and operating systems.
There is no conspiracy the general public is faced with a crisis and they are desperate for a solution.
The teen suicide statistics do not lie.
Teen suicide rates in the US are lower now than they were in the 1990s.
This idea of teen suicide painting a clear picture about the impact of social media just isn't borne out by the data. And lastly, people ought to remember that teens have the lowest rate of suicide among any age cohort.
I think there is a logical fallacy here. Social media has not remained stable since 2008. For one thing, 2008 social media used the chronological timeline. For another, it didn't show "recommended" (or sponsored) content in your feed. There was no TikTok. Facebook was relatively new and MySpace was not even really feed-based as I recall.
The platforms continue to optimize for engagement (i.e. addiction.)
Anyway you can go on HN and deny there is a problem but you will lose public opinion and crucially the voting booth.
I'm sorry but if you don't think there's a conspiracy I have a bridge to sell you. It was already unveiled that Meta has lobbied billions towards promoting this legislative change
> This has been a problem for at least a decade.
I get you're point, but anyone that doesn't is asking "Which is it?"
I think everyone can see there is problems. Is there a crisis? I don't think so. Same problems we've always had, but on a computer.
People that know tech, know these laws cross a MAJOR line. Not a little slippery slope thing, this is off a cliff. But I don't think most people, that are already used to having to sign in with an online account on every device they use, even their TV, see it as that big a step. They don't even realize how predatory it is that they are required to sign in. What they need to see is that the sign in requirement was a choice by the vendor. These are LAWS, demanding no one ever be given the choice to not reveal personal information about themselves to use ANY computer. That's the point that needs to be driven home.
Its been decades of work to even get social media to court.
No one wants to talk about this or look at the issues when it’s not sexy.
$@&$$ - I’ve been at conferences and had safety teams cry on my shoulder about how THEY don’t get engineering resources if they ask for it.
Tech platforms suppress so much research and hold so much data hostage, that an entire research coalition based on independence from tech.
Zuck and tech as a whole pivoted to drop safety investments the moment this government came to power.
And this is for user in frikking America !
The shit that is going down in the rest of the world is a curse. The sheer amount of NCII that exists, with zero recourse for people whose lives are destroyed is insane.
I think the question to ask here is, if both Meta and the current administration don't care about child safety, why is the age verification stuff going so smoothly? Is helping them do this really the right move?
For the rest of the world this has been brewing for more than a decade.
Australia was the actually the one to tip the first domino. This is just a US state verdict on willful harm by a firm. Its not even about age verification.
For meta, shifting regulatory burdens to OS / app stores, reduces regulatory burden.
For governments, part of it is actually trying to come to grips with an impossible safety imperative and another part of it is happy to gain more control and power.
The power grab needs to be curtailed, and the people actually trying to help kids need better technical solutions.
> The fake child accounts were allegedly contacted and solicited for sex by the three New Mexico adult men who were arrested in May of 2024. Two of the three men were arrested at a motel, where they allegedly believed they would be meeting up with a 12-year-old girl, based on their conversations with the decoy accounts.
and
> “The product is very good at connecting people with interests, and if your interest is little girls, it will be really good at connecting you with little girls,” Bejar said.
This is what it's about right? The article doesn't make it seem like encryption is meaningfully part of this case at all.
> Midway through trial, Meta said it would stop supporting end-to-end-encrypted messaging on Instagram later this year.
There's no indication that that decision, or the announcement, are directly related to the trial, just they just happened at the same time? It's a link drawn by CNN, without presenting any clear connection
However there is another possible explanation
> Tom Sulston, head of policy at Digital Rights Watch, said rather than acceding to law enforcement demands, the move was more likely due to Meta deciding against moving messaging on WhatsApp, Facebook and Instagram to a single platform.
Got away with it again, good profit, will repeat.
The legal system does not seek to destroy the business, or individual criminal. Instead it wants them to be able to continue doing their other non-criminal stuff.
EDIT: I see I'm mixing up the New Mexico case yesterday on sexploitation with the addiction case in Los Angeles I thought we were talking about here.
But, specific to this article and ignoring my personal beliefs - I still find this judgement to be severely lacking. I don't think this judgement is nearly noticeable enough to Meta to actually provide a significant impact on the way they do business outside of tidying up some specifically egregious corners and making sure they internally communicate moving forward in a way that appears to comply with the judgement. The judgement was enough when applied to this pool of users to make these specific users unprofitable in retrospect (e.g. Meta would have more money if it had refused to even do business with these users) but I'm also concerned that the pool of considered victims was so narrow that it excluded a significant number of similarly harmed victims and that the amortized damages end up being negligible.
As I've aged, I've entered new-to-me territory where a good society needs to reflect the world as it is, so that its members have high survivability.
At the local family level for instance. When my kids were young. I had dreams of being super financially successful so that I could give them lots of nice things. I just don't want that for them anymore. Protection, and pandering, does not make a good lineage IMO. It's something of a leap I'm asking of you to connect this to my position here on Meta, but I've got other work to do, and I hope it's enough to convey my point.
That is a decision you had the freedom to make for yourself and your family. In this case, the millions of children didn’t get to make that choice and meta knowingly exploited that. I hope you see our point of view as to why meta doesn’t get the benefit of doubt here.
Meta knowingly hurt children for profit. It worked.
If we are in any way serious about technocratic solutions to social problems, this would be untenable, the company would be bankrupted, a new company would fill its place. No tears would be cried, nothing of value would be lost, half of hacker news would be chafing at the bit to build a better alternative for the newly opened market.
But that's not what happened. We allowed children to be knowingly hurt for profit.
The system is functioning as intended.
Your comment has the effect of being flippant, condescending, and seemingly callous to the subject matter. When called out, you have backed up to an alternative explanation which is, again, massively condescending (I don't need channeling mate, certainly not from you).
You have not engaged with the content in a good faith manner.
So, standing back and looking at your comment in terms of its effects rather than what it claims to be its effects (AND the effect that making those secondary claims have - doubling down on condescension), it looks more like you're trying to bully me into changing my behaviour and viewpoint without meaningfully engaging with the content.
Ironically, I'm feeling psychological reactance, so your comments polarized me against you (see the Backfire Effect) and deepened my convictions.
I won't engage with bullies any further but to call them out, I'm hesitant to bring the conversation down to this level and give you any kind of air to begin with, but I think it's important to analyze discourse as it happens.
The legal system, to this day, does in fact seek to destroy individual criminals on a regular basis.
Though I respect it as a human opinion.
By coincidence, New Mexico represents 0.6% of America's population.
Reality, folks: you can't have both.
There are people who are against age verification just on principle and others who are against it because they know any realistic implementation is going to be abused.
We can assume Meta has backdoored its E2EE somehow anyway.
Also, “the total civil penalty of $375m was reached after the jury decided there were thousands of violations of the act, each with a maximum penalty of $5,000. Meta is also involved in a separate trial in Los Angeles, in which a young woman claims that she became addicted to platforms like Instagram and YouTube, owned by Google, as a child because of how they are intentionally designed.
There are thousands of similar lawsuits winding their way through the US courts.”
“The jury found that Meta was responsible for violating New Mexico's Unfair Practices Act because it misled the public about the safety of its platforms for young users.”
So the penalty is for misleading around CSAM. Not CSAM per se. (My understanding is the latter are still being adjudicated.)
If all 50 states sue at the same rate, that'll be a 30% dent, and I'm sure states can sue for more than 0.6% too. That would be historic action against malfeasance and would send a strong FAFO single to all corporates.
Let's lobby for it.
By "erasure," I'm not referring to the death of the involved; I'm referring to the elimination of the individual's social capital.
When the privileged lose their ability to influence others, they tend to get rather distressed.
This is really bad for Meta.
Where are you seeing that?
The article says:
> Jurors found there were thousands of violations, each counting separately toward a penalty of $375 million. That’s less than one-fifth of what prosecutors were seeking.
> Meta is valued at about $1.5 trillion and the company’s stock was up 5% in early after-hours trading following the verdict, a signal that shareholders were shrugging off the news.
> Juror Linda Payton, 38, said the jury reached a compromise on the estimated number of teenagers affected by Meta’s platforms, while opting for the maximum penalty per violation. With a maximum $5,000 penalty for each violation, she said she thought each child was worth the maximum amount.
they did $200 billion in revenue and $60 billion in net income last year.
a $3 billion fine would be barely more than a slap on the wrist.
$3m is nothing. 10% of global revenues (not profits) for each year in which this occurred would be something that might actually make them think twice about breaking the law and harming people for money.
Will literally never happen. It's impossible. I'm not talking figuratively impossible. At his level of wealth and influence, there are good odds he could murder someone on live stream and walk away. You are dangerously underestimating the influence the rich have in every aspect of society and law.
I'm hardly the first person to use this logic, but if they make more money breaking the law than they have to pay in fines, then it's not a fine, it's a business expense.
One of the challenges we need to resolve is the race to the bottom for online communities - engagement metrics will always result in a PH level that supports more acerbic behavior.
There’s multiple analyses that you can find, if not your own experience, to believe that we should be able to do better with our information commons.
Just today, I found a paper that studied a corpus of Twitter discussions and found that bad-faith interactions constituted 68.3% of all replies (Twitter data).
The engineer and analyst side of us will always question these types of analyses.
I’ve read enough papers at this point for the methods to matter more than the conclusion.
1) meta, and the other tech platforms need to open up their research and data. NDAs and business incentives prevent us from having the boring technical conversations.
2) tech needs someone else to be the bogeyman - the way we did for tobacco. The profit incentive ensures profitable predatory features pass review. Expecting firms to ignore quarterly shareholder reviews for warm fuzzies is … setting ourselves up for failure.
Regulators (with teeth) need to be propped up so that the right amount of predictable friction (liability) is introduced.
3) tech firms need an opportunity or forum to come clean. The sheer gap between the practical reality of something like content moderation vs the ignorance of users and regulators - results in surprise and outrage when people find out how the sausage is made.
4) algorithm defaults decide the median experience for participants in our shred market place of ideas. The defaults need to be set in a manner that works for humans and society (whatever that might be).
Economies are systems to align incentives to achieve subjective goals.
Meta has always wanted the appearance of caring about safety (helps them attract talent and keep mission-related morale high), while nearly always prioritizing growth (save for tiny blips of time, like in 2017 when the fallout of the cambridge analytica stuff was hitting a crescendo), whereas companies like X are run by people explicitly disinterested in putting significant resources into safety, especially research.
I will also add that, for the past few years, Meta and X both have become extremely hostile to external researchers of their platforms, shutting down access to tools and data.
I seem to recall someone taking pictures of their baby, naked, because it was sick, and emailing them to the doctor -- and having their Apple account terminated. Terminated, with the father being labeled a pedophile, and the police contacted (all automatically).
Everyone was quite upset. Everyone felt it was too intrusive.
Frankly, communication platforms have no business trying to police anything at all. I wouldn't want the phone company recording all my conversations, hunting for trigger words, and then contacting the police or cutting off my phone if I sad "bad word".
Yet somehow it's OK to have this level of intrusion because.. um "computers".
The state has no business listening in on private citizen's communication.
Corporations have no business doing so.
To protect the 12 year girl, something called "her parents" need to pay attention and watch what she does. That's their job. They're her guardian.
Some random corporation has no business in that. Some random corporation has no business being an 'algorithmic parent', an automated machine with no appeal.
Here's something I'd support -- a way for parents to prevent children from registering for accounts, and, to be able to examine children's accounts.
But... then we get into ID verification. Of course, surely you support ID verification for platforms, because if you support platforms knowing the age of people (40 and 12, you listed), then you therefore must support a way to verify those ages.
No, they literally identified a plausibly sensible policy flag, not some arbitrary action.
These flags are used in literally every system imaginable.
They they don't conform to some hard criteria, to your criteria, or to some working or ideological group's criteria is a bit besides the point.
Every system has these for good reason.
We have laws and regulations for all sorts of things to help people - including children and parents - in a complex society.
"The state has no business listening in on private citizen's communication."
The absolutely do, depending on circumstances. While Facebook is not a place for state monitoring, it's definitely in the public interest if they flag something that is 'very bad' by some reasonable criteria, so that the state can then act if necessary. They do so within the boundaries of the law subject to judicial oversight.
Facebook is a popular social network, a place that they want people to feel imminently safe. It's a Starbucks lounge without coffee - not a 'personal hyper protected zone'.
Other places, such as Signal, Telegram etc. can have different levels of privacy aka e2e given the different offering and expectations of privacy.
Facebook more or less wants to offer a relatively safe place where the kids can hang out, where they know crazy people are not going to attack their kinds. It's a community centre not a hacker zone.
If we can get past that, then we can move onto basic issues of privacy, advertising etc. which are damaging to everyone, especially young people, for which Facebook has perverse incentives.
The absolutely do, depending on circumstances.
So primary is this concept of privacy, that it requires an entire legal framework, evidence of potential wrongdoing, proof that there is no other method to achieve the goal of validating guilt, proof that the crime is severe, and not a hunting expedition, approval via a warrant after a judge has examined that evidence, and strict controls around the entire usage of that warrant.
Wikipedia says:
Lawful interception is officially strictly controlled in many countries to safeguard privacy; this is the case in all liberal democracies.
Using this edge case as "depending on circumstances" is clearly not the generic I was referencing. The statement that
"The state has no business listening in on private citizen's communication."
Is valid, correct, accurate. Listing edge cases, is not invaliding the rule. It is the exception to the rule, and considering the sheer volume of communication, compared to the volume actively tapped in a legal means, it is the most edge case of edge cases.
There is no reason I would deem a mega-corp to somehow be OK to do what I would demand the state not. That our democratic societies have deemed that our states should not.
To highlight that, the phone companies of old would be in infinitely hot water, should they listen to communication between customers, in any fashion.
A platform is not a parent, should not police, should not act as an arm of the state, or as an arm of parents, except as I stipulated, by direct request of the parents, and only to enable the parents to be a guardian. Under no circumstances should that involve the platform scanning anything, instead, the platform could simply give parents direct access to a child's account.
No it doesn't.
Life is no Reddit, lawyers and technicalities.
It's made up of regular people in communities.
If you see some guy creeping on 10 year-olds, you can notify the police and Facebook will do that as well - for the same reason.
It may not at all need to involve 'state surveillance', and Meta can probably hand over whatever they want to the police in that circumstance.
The police can make a decision as to how to proceed.
A bit like if someone was harassing someone on the street.
Or if an unknown person starts hanging out outside by a schoolyard in a way that seems inappropriate.
We don't want to transgress people's rights but we also are going to look at 'negative signals'.
"The state has no business listening in on private citizen's communication."
So yes, the concept of privacy is so primary that the it requires an entire legal framework for the state to listen in.
--
In terms of the rest of your post, even though you quoted out of context, what you're saying is fine. But the people noticing things on the street, have nothing to do with those who maintain the roads. You really don't want corporations to have algorithms which mean they have to report trigger words to the police or state.
Instead, as I said, empower the parents. Legal guardians. It's their job to watch.
They already do.
The entire financial system, all of social media, and many organizations past a certain size.
I did not quote out of context - the commenter was missattributing context.
And some things are reported, others are not, point being, yes E2E isn't reported for obvious reasons. Loads of stuff isn't reported on social media; in fact, that's the absurd complaint against Meta!
And regardless of what is done now, that doesn't mean we want it. I didn't say it is or isn't done, I said "You really don't" want that. The more encroachment in that realm, the less free a people are.
We 100% absolutely do want 'basic surveillance' on many systems, and it's not even an argument.
It's like saying 'We shouldn't have police, because they are oppressive!' and assuming things would just carry on and not go to pot.
It's a wild assertion.
Formally - the entire financial system is about attribution, fraud, monitoring and security.
That's probably more than 1/2 of the function.
Your money would not be safe if your bank didn't have good controls, or if we did not have good regulations around those functions.
It's why if you send > $10K overseas, it gets flagged. We generally want this, though obviously within a regulated context.
Less formally, we absolutely, 100% do want the 'Starbucks employees' to have enough common sense to call the police or to flag something if there is some creepshow doing something that may be 'legal' but is obviously not appropriate - within reason.
Starbucks has not only 'policy' around behaviour, but also we have 'common sense' as a society.
It's not even remotely contentious that Starbucks is both private property and can set some 'terms' , but that it's also a regular community locale, with social conventions.
Just as Facebook - and many (most places) like that are 'community hang outs' - subject to regular social conventions, established by the 'owners'.
They're not 'no-identity-hacker-zones' for folks to publish their freak-ware or whatever, with ultra privacy guarantees.
Conversely - yes - it's just as important that if people want to establish their 'hacker-zones' - they can do that. That's important. And obviously Facebook has to be subject to some minimal privacy regulations.
But most places will have some degree of social overview (like literally the grocery store would have) and 'that's normal' in any civil society.
It's already pervasive because it's impossible to have basic social function without them.
Read the story about the former Twitter CEO who talks about this kind of thing pre-Elon Musk. 'Moderation' is most of the job and by far the hardest thing. We think of it as 'back end systems' it has almost nothing to do with that. It's the 'social' part of the 'social network' that's the key part. Moderation.
Let's say a 40 y/o man finds a phone on the ground, sees a name stuck on it, googles "name + town" and finds the facebook of a 12 y/o girl, and messages "Hey I found this phone, do you recognize it? <photo>"
With e2e encryption, you can't easily tell the difference between that and a creep.
This thread is advocating that exactly that case should result in a police visit with the assumption of guilt.
Imagine no e2e for a moment for FB. Policy can be smart enough to pick up that this communication is not represntative or normal. That's part of detection.
Second, a single message to someone on a random phone is not going to flag anything.
Third - there is no assumption of guilt. Not even an arrest is assumption of guilt.
Finally - those are extraordinary corner cases. They will happen, but the get resolved the moment the guy says 'oh, I found this phone' - because that will be 100% clear in that context.
Obviously - things can go awry. Meta flag something as bad, sends it to police - they do not follow procedure, or don't apply something correclty and arrest a guy at his place of work. But in the scenario you described, its literally not a problem - there are 'common sense checks' through the whole thing. The algo, the human making the notification to the police, the police, the judge if a warrant is required. People are not going to be arrested because they found a phone and texted their niece - if that happens, then we have another set of problems.
We can 100% have our 'friendly community' with Facebook.
Now - with an e2e thing like Signal, well, yes, it could theoretically be a problem, but the likelihood of some rando finding a phone, that's not locked, and being able to text some other 12 year old, an effectively 'pose' as their 'contact' - well that's a rare case scenario.
NYT: “A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.” [2022]
But just imagine that kids' accounts are coming with restrictions and privileges and when one account is marked as such, accounts marked as adult cannot initiate contact and the kids's data is automatically private, and those accounts cannot be comercialized under any shape or form.
Yet you did imply it, as I said, by mentioning the age of the persons involved.
There is no accurate way to know age, without some form of identity or age verification. Presuming a child will have an account marked "child" is folly, for kids can just sign up without a parent's knowledge, creating a second account. If the goal is to actually protect and be a pseudo parent for the child, then actually ensuring that a child cannot have an adult account is part of that.
My point is, TSA style "we're doing things which look secure, but are not helpful and only inconvenient" isn't going to help. It will only give the appearance, not the actualized result of security.
It helps to reduce hegemony of large social platforms and promotes privately owned websites. For example, I know everyone who has permissions to post on my website (or pre-moderate strangers comments), and is ready to take responsibility for their posts, what my website publishes.
Currently the legal stance seems strange to me -- large media platforms are allowed to store, distribute, rank and sell strangers data, while at the same time they claim they are not responsible for it.
https://en.wikipedia.org/wiki/Stratton_Oakmont,_Inc._v._Prod....
Zuckerberg has a brain, he decided to take this action, it is absurd he is not being hit with a personal penalty.
You can't realistically make a space that's free from predators. The real answer is teaching children to recognize unacceptable behavior. But most abuse is from inside--typically adults that the parents put in a position of trust or quasi-trust.
I do not fault Meta for there being predators, I fault Meta for pretending they're being kept out.
Now I'm afraid they've screwed everyone over and the idea of an anonymous open internet is now dead- we're gonna see age (read, real ID) verification gating on every site and app soon....
The dumb thing is to look back and see how umimportant it is that Facebook feed algorithm be this addictive. They already had the network effects and no real competitors. They could have just left it alone.
The laws being passed target exactly the wrong thing that wasn't a problem. They should have been passing "duty to care" laws aimed at social media companies not "give me your age" laws.
I may have missed it, but almost all these laws being passed for this issue have been pretty much solely around data collection rather than modifying the behavior of the worst businesses in the game.
It would be like seeing a car wreck kill a bunch of pedestrians and then passing a law that pedestrians need to carry IDs on them.
Now we're just moving on to a kind of moral panic think-of-the-kids kind of moment that is thinly-veiled state surveillance.
You start slow, then push it the limits
Netflix, never ads to some ads, then eventually its just Adflix, after 20 years.
Each new manager wants that comp up. So ads up by 5% every year.
You can purchase a scam ad it'll be up in 10 minutes. Lie to every anxious child they have ADHD and need meth, lie to every dejected boy that they just need to manosphere up and buy supplements.
They think the public is stupid. They might be right.
If you know what the platform is capable of, if you seen how the sausage is made, you're probably not using it.
People are also a little naive in not seeing that these platforms aren't just bad for children, they are bad for adults as well. I'm not oppose to not "selling" them to children, but we also need to label correctly for adults and have rules like those for alcohol, tobakko and gambling, so no or limited advertising. Scrub the public spaces of Facebook logos.
I personally stopped using Facebook because it was annoying me with useless doom and aggressive comments of people on stupid topics. If it would have showed me only cat pictures (like Instagrams does) or reasonable stuff (news, etc.) I would have continued using it.
Lets admit it, in same vein trump is a symptom of current US society, the approach and effects of social networks we allow them to be is a result of how lazy and thus addicted people got. On top of many of the parents doing exactly the same, then don't expect miracles.
One thing that I don't understand - even here, some folks call that sociopathic amoral piece of shit 'zuck' and treat his empire like some sort of semi-charity. When I attacked facebook company in the past, there was always a lot of defense (look at this open sourced stuff, look at that... which I presume came from either direct employees or clueless stock holders). People are people, deeply flawed and often weak without willingness to admit it to themselves.
Though I don't see a link to a specific case in either article, I don't think they're separate cases.
https://www.nytimes.com/2026/03/25/technology/social-media-t...
on this post
That's pretty cheap when it comes to deception.
The eyes of Texas should be upon this, which is 15X the size and should not settle for less than $1000 per person, where deceptive trade practice is much more serious than other places.
Now that would set a $30 billion example which may not be enough of a deterrent either.
But there are probably plenty of people for whom a $5000 one-time payment might not come close to being fair compensation for what's already happened, especially with Meta allowed to continue as an ongoing concern, that's got to be psychologically harmful.
To really fix it each state would have to follow "suit" while greatly upping the ante so there's at least hundreds of billions at stake.
Meta can afford it and who else is responsible for so much widespread sneaky deception at this scale for so long ?
New Mexico is 0.6% of the U.S. population [1].
[1] https://en.wikipedia.org/wiki/New_Mexico 2.13mm
[2] https://www.census.gov/popclock/ 342mm
Their stated reason? Child safety.
Their actual reason? You can figure that out.
They don't care about child safety as long as it doesn't become so bad as to impact their revenue negatively. But they see that governments all over the world push for some kinds of age restrictions, and they know they are a prime target and it is hard for them to push back against that.
The reason they are (not so secretly) lobbying for requiring us to ID ourselves at the device level is that they don't want to be the gatekeepers. They want to make creating an account as effortless as possible and having to prove your age is a barrier that make turn off some people, including adults, and they may instead turn to services that don't require age verification. By moving the age verification in the OS, not only the responsibility shifts to the OS or hardware vendor, but it also removes the disadvantage they have against services that don't require age verification.
For a similar issue, PornHub is currently blocked in France, because they don't want to comply with the law related to age verification. Here is their argument: https://www.aylo.com/newsroom/aylo-suspends-access-to-pornhu...
If you read between the lines, you will see that they have the same stance: "put age verification at the OS level, so that people don't discriminate against us". They know they are not in a position to argue against "child safety" laws, so instead, they lobby for making it worse for everyone instead of just themselves.
[1]: I could be wrong thinking those are benign.
Cancer is a great metaphor because its a perversion of natural, healthy processes. So called social media is nearly that, but actually grotesquely unhealthy.
People are dramatically unwell when they are not social, but that unregulated process is also negative up to and including being lethal.
> But to be clear, there is no evidence DARPA or the U.S. intelligence services had any role in the creation of Facebook.
The DARPA lifelog project ended the day Facebook was announced by a college dropout no one had ever heard of before. Facebook just happened to have the exact same goals / features as the lifelog project. Must just be a giant coincidence huh?
Your own source says there is none.
I can guarantee you believe in a lot of things that you have no actual evidence of happening - just some perceived authority figure you trust for whatever reason, telling you it happened.
Also -
WHYY.org has received support through NewsMatch partner funds, which often includes contributions from large technology firms like Facebook (Meta) to support local journalism. These funds are generally used to match donations, helping stations like WHYY increase their financial sustainability and support public media.
What a surprise!
No it didn’t. That was just like the first free sample from the drug dealer. Give a “good” free service to rope them in, always with the next steps in mind.
I feel like the Myspace/Friendster and early Facebook were nowhere near as harmful (albeit for addiction, those sites were still vulnerable to grooming) as where we are today.
I call it _anti_social media.
The internet was not a calm and well behaved place before Facebook arrived. The original “Eternal September” was in the early 90s. Usenet, forums, Reddit, comment sections, and every other social part of the internet have been full of bad behavior long before Facebook came along.
That's the whole point: the word exists precisely as a testament to something that used to exist but now doesn't.
Anybody old enough to remember the word when it was common use should realize that it would have been impossible for the term to be coined in 2026.
If you missed that part of the Internet (maybe you were too young or maybe you were focused on other things, like the vast majority of people in the 90s), that's totally fine, but plenty of us did experience it and remember it pretty clearly.
> Usenet, forums, Reddit, comment sections, and every other social part of the internet have been full of bad behavior long before Facebook came along.
You can tell approximately how old someone is by whether they have reached the "everything sucks" part of life yet or not.
It gets continually worse. Agentic AI is another Eternal September. For example, we now have dimwits sending dozens of unsolicited and unreviewed slop PRs to open source projects. Every search result is an affiliate marketing listicle obviously written by a robot.
LLMs are now heralding the Eternal September of even software engineering, and now I am wondering where to hang up my Techpriest robes in search of more elite pastures.
I wonder if this is how the clergy felt once the vulgar were allowed to study scripture not in the original spiritual programming languages of Hebrew or Latin, but English.
I disagree. I'm of the Neopets/Pokemon forums generation. Elitism and selectivity were not what made that era a good balance between the caustic free-for-all we have now and the rich kid's playground from before. It was the technical and practical restrictions on what you could put in and get out of a web experience.
You couldn't upload thousands of thirst traps every month, because storage was limited. You couldn't summon another head of the dropshipping or affiliate marketing hydras with a few clicks, because the infrastructure didn't exist. You couldn't inundate users with dark patterns designed to extract every ounce of attention, data, and cash possible, because the rich web wasn't that rich yet.
You had to deal in text and reasonably-sized images on a CRT with a limited-bandwidth pipe feeding it all. Because of this, many of the techniques developed to transform so many other forms of media and so many other institutions into Capitalist hellscapes and high school, respectively, didn't work online. Until they did.
You meant the "vulgus". "Vulgar" has the same root, but a very different meaning.
This random thought is kinda disconnected from actual human history. "Not allowed to study Scripture" was not a thing: Illiteracy was. There were people that knew how to read and people who didn't, that's it.
I'm trying hard (and failing) to visualize your mental image.
"Dear Father: it looks like the Bible has been translated to English by my dear brothers up at the monastery. I'm sure you understand why I can no longer be a priest"
Remember that you're living in the actual earth timeline, not the 40k one.
Capital and tech improvement will beat anyone chasing that.
FWIW, I like the analogy despite seeing a benefit to knowing the original languages to studying scripture.
Anyways, is there a "just use vue" effort like there is with postgres :)
In the UK, you cannot use App Store and iPhone (your own phone) without verifying your identity:
and makes more sense, Apple and Google have your credit card , or if you are a parent that bought soem phone for you child then at first boot up as a parent should be your job to setup a child account.
Something I would be 100% OK with is some regulation that at first boot, you have to present information about what parental controls are available on the device and ask if you'd like them enabled.
I haven't set up a phone in a hot minute, I only do it once every few years, is this something they already do?
I'd imagine there's a lot of cases where a parent buys a new phone and hands down the old one to their kid without enabling safety features. I don't know if there's a good way to help with that - maybe something like, whenever you go to set a new password, prompt "hey is this for a kid?" and go through the safety features again?
Just spitballing, that last one may not be a good idea, not really sure.
Seems such a simple solution rather then each appa nd website having to figure out a way to do it.
They don't have mine.
Even if they did, having a credit card is not proof of age.
> if you are a parent that bought soem phone for you child then at first boot up as a parent should be your job to setup a child account
Setting up a "child account" shouldn't involve setting some age field. Setting up a "child account" should involve restricting permissions.
Why leave it to the OS or a company to decide what is "age appropriate"? Leave it to the parent to decide what the child should or should not have access to. Extra bonus: that same "child account" can then also be used for other restricted purposes. Want a guest account which limits activity? Want an incognito account? Want a sandbox account? None of these should require setting some age.
I am not paid by a trilion dollar company to decide if it should be a birthday input, or a dropdown where you select your political and religious conviction about what your child should see. Sony figured it out, if Apple pays me I will spend more time to write for them a UX flow so average people could sert the accpunts up and the rest could ask their priest, cousins or other person that can follow instructions to setup the account for them.
The giants shoudl have solved this decades ago and not wait for the fanatic religious to push for this as laws and get the goverments involved, now you will get 25 different laws about this.
Why else would they want to sneakily add facial recognition to smart glasses?! /s https://www.businessinsider.com/meta-ray-ban-smart-glasses-f...
As more and more people essentially lock themselves in with these identitybrokers tho I imagine it has a very stifling effect on speech tho. Imagine getting banned from those.
This is unfalsifiable. Just say what you think it is explicitly.
If so, it is customarily permissible to use rhetoric and sarcasm to more strongly emphasize a point. Or, to leave the conclusion as an exercise for the reader.
There are many interesting ways that the conversation could have been carried forward but there is no way to continue the conservation as the OP doesn't make it clear what they think.
The only thing I can say is: No I cannot figure it out, please tell me what you're trying to say here.
On the contrary, looks like you can:
> (…) sell the user's data (…) use this information to train AI models (…) use this information to serve Ads
They are taking a position that cannot be argued against or even discussed because they don’t make that position clear.
So one of your suggestions of what the OP could mean was something you explicitly don’t think is true and would argue against? That sounds like a bad faith straw man set up.
Perhaps it’s just as well that the OP didn’t provide one specific reason to be nitpicked ad nauseam by an army of “well ackshually” missing the forest for the trees.
You could, as the HN guidelines suggest, argue in good faith and steel man. The distinction between “selling your data” and “profiting from your data” isn’t important for a high level discussion.
Can you truly not see through Meta’s intentions? There are entire published books, investigations, and whistleblowers to reference. Zuckerberg called people “dumb fucks” for trusting him with their data and has time and again proven to be a hypocrite who doesn’t care about anyone but himself.
What prevents you from saying "Yes, and Xyz!!" and another poster "Yup, and Pdq, and Foo too!"
Or, maybe OP is just being a bit lazy, but again, it seems the context is conversation, not formal scientific inquiry where everything must be falsifiable?
The other one was the time I was speaking to my brother in law, who had just paved his driveway, he said "I could have used airport grade tar, but thought it was too much" and we were in front of his Nest security cam is the only thing I can think of, but the very next morning, I'm scrolling through Facebook, and sure enough, someone local is advertising airport grade tar. Why? I didn't google this, I only heard it from them.
There's some serious shenanigans going on with ad companies, and we just seem to handwave it around.
Coincidentally, I remember both experiences very very vividly, because this was the last time I used either platform in any meaningful capacity.
Option A: The Nest camera not only listened to the conversation and picked out "Airport Grade Tar" and decided it needed to show adverts about it to people, but the camera also identified you to the point it could isolate your FB account in order to serve you those adverts.
(I'm making some assumptions but...)
Option B: Your brother had done various searches for airport grade tar from his home (in order to know how expensive it was). You, whilst visiting his home, were on his Wifi and therefore shared the same external IP address, your phone did enough activity whilst at his house (FB app checked in to their servers in the background, or used Messenger, etc) to get the "thinking of buying airport grade tar" associated with his external IP address associated with your FB account that was temporarily on that IP.
I had a friend who was convinced that some device in his house was listening in on his conversations with his wife as he kept on getting adverts for things they'd been talking about buying the day before but he hadn't searched for. (But she was searching for it from their home wifi, which is why it appeared in his adverts afterwards.)
That is, BiL was marked as 'spreader for airport grade tar' based on recent activity, marked as having been in contact with spreadee, and then spreadee was marked as having received the spreading. P(conversion) high, so the ad is shown.
It's just contact tracing, it works well and is really easy even without literally watching what goes on in interactions.
Currently, websites and apps are supposed to ensure they don't have kids under 13, or if they do - that they have the parents permission. That's federal law in the US.
These laws make the operating system or app store (depends on the particular law) responsible for being the age gate.
This doesn't stop the federal law from being enforced or anything, but the idea is apps/websites don't handle it directly, that's handled by the operating system or app store.
So now - companies like Meta can throw up their hands and say "hey, the operating system told us they were of age, not our fault." It also makes some things murkier. Now if Meta gets sued, can they bring Google/Apple/Microsoft in as some kind of co-defendent?
I think that murkiness is the point. They don't need to create the most bullet-proof set of regulations that 100% absolves them of all responsibility, they just need to create enough to save some money next time they get sued.
I can think of a ton of regulations we could create to better help protect kids. We could mandate that mobile phones, upon first setup, tell the user about parental controls that are available on the device and ask if they'd like to be enabled. Establish a baseline set of parental controls that need to be implemented and available by phone manufacturers, like an approval process that you need to go through to hit store shelves.
We could create educational programs. Remember being in school and having anti-drug shit come through the school? It could be like that but about social media (and also not like that because it wouldn't just be "social media is bad," hopefully).
Again all these laws do is take what should be Meta's burden, and make it everybody else's burden.
Now the easiest law change - that wouldn't required anyone to change anything - would be to revoke Section 230. This would make service providers liable. Everything else is a band-aid. I doubt that this verdict will survive appeal (due to Section 230). But if it does, then again there is no need for any new regulations. The tort lawyers will solve the problem for us.
If we do have device age verification, then it still doesn't shield Meta. The lawyers will sue everyone involved, and disclosure will show if Meta had data that will have shown that user should have been blocked.
The purpose of age verification is to avoid all this. Of course the current proposals suck and won't achieve this. The market will not accept an approach that would work - which would be for anything with a screen or speaker to be permanently tied to an individual user. "OS verification" cannot succeed - it must be one-time hardware attestation. Even a factory reset wouldn't remove the user assignment.
You’re conflating different things. The OS-level age setting proposals are not the same as scanning IDs and faces.
I’m anti age check legislation, too, but the misinformation is getting so bad that it’s starting to weaken the counter-arguments.
> Their stated reason? Child safety.
> Their actual reason? You can figure that out.
We’re commenting under an article about one $375M lawsuit over child safety and many more on the way. They are obviously being pressured for child safety by over zealous prosecutors. This is why they reversed course and removed end-to-end encryption from Instagram because it was brought up as a threat to child safety.
Also your “you can figure that out” implication doesn’t even make sense. The proposal to move age verification to the OS level would give Meta less information about the user, because the OS, not Meta apps, would be responsible for gating age content. I’m not agreeing with the proposal, but it’s easy to see that it would be more privacy-preserving than having to submit your ID to Meta.
I find it hard to believe that meta doesn't already have a pretty good age estimate for 95%+ of their users.
What offloading the responsibility to the app stores (or OS vendors) gives Meta is exactly that, offloading responsibility. In a future lawsuit, they can say that someone else provided them with incorrect information.
Also, parents have in fact full control of snail mail.
where does this "perfect surveillance" idea come from? i teach my children how to get acquaintances; first in more direct, more supervised way, later let them more and more self-driving. like anything else in parenting, eg. bicycle. but i guess urbanization diminished that skill as well. no need for "perfect surveillance"; no parent wants it. it's not only easier to pass on basic principles, but also makes supervision gradually less neccessary over time.
> parents have in fact full control of snail mail
what? children using e-messaging can just as do snail mails completely on their own (of course they don´t but it's not about going back to analogue world but to form the digital world on the same principles). well, i can imagine in highly urbanized environment, where children are forbidden to go outside, but locked down together with family even making them more isolated, and trusting them "to the phone" to cope with the daily frustration, may easily lead to a situation where phone usage and e-messaging is completely unattended and undisclosed by and with parents, while posting an evelope is at a level of expertise for them. parents ability to be in control of e-messaging is as much as of snail mails.
Since the dawn of the Internet era, we've had a legal principle that platforms are relatively shielded from liability for what their users do.
It's the Internet. There's sexual content and sketchy characters on it. Occasionally people will encounter them -- even if they're under 18.
Anyone who grew up in the mid-1990s or later, think back to your own Internet usage when you were under 18. You probably found something NSFW or NSFL, dealt with it, and came out basically OK after applying your common sense. Maybe it was shocking and mildly traumatizing -- but having negative experience is how we grow. Part of growing up is honing one's sense of "that link is staying blue" or "I'm not comfortable with this, it's time to GTFO". And it seems a lot safer if you encounter the sketchy side of humanity from the other side of a screen. Think about how a young person's exposure to the underbelly of humanity might have gone in pre-Internet times: Get invited to a party, find out it's in the bad part of town and there are a bunch of sketchy people there -- well, you're exposed to all kinds of physical risks. You can't leave the party as easily as you can put your phone down.
I stopped logging onto Facebook regularly around 2009; I only log in a couple times a year. I hate what Facebook has become in the past decade and a half.
But giving a site with millions of users a multi-hundred-million-dollar fine because some of those users behave badly seems...asinine.
If your kid is old enough and responsible enough to be given unsupervised Internet access, you'd better teach them how to deal with the skeevy stuff they might encounter.
Letting companies sell addiction has pretty significant negative externalities. That’s why we regulate gambling and drugs. Facebook sells addiction, so it makes sense to regulate it like we do drugs and gambling.
But who gets the $375 million dollars? Anyone know the cut the law firm will get from this incredible amount of money?
These platforms expose minors to predators and bad actors, and Meta was proven lying about safety.
The state will ask Biedscheid to direct Meta to make changes to its platforms, including adding effective age verification
Are the kids alright?
I don't like Meta in any sense of the word and I think they've degraded humanity and society as a whole significantly for generations now to come. But I hope my conspiratorial mind is just over reacting.
They very much want to push this liability off onto someone else...
As far as end-to-end encryption, on SM sites (social media or SadoMasochism, however you want to read it) I don't really see the need.
You don't see any benefit to allowing people to encrypt their private communications in a way that can't be accessed by the company?
It's weird to see tech news commenters swing from being pro-privacy to anti-privacy when the topic of social media sites come up.
There's a difference between E2EE between friends who want to remain secure, and E2EE between strangers in an attempt for the platform to avoid legal liability for spam.
The references I saw showed Meta had lobbied for some of the laws that require age verification be done by the site or by third party ID services. They did not show that Meta lobbied for any of the OS bills.
Some showed that Meta had lobbied in some of the states with those bills, but they just showed Meta's total lobbying budget for those states.
Online child exploitation should be a strict liability offense.
https://news.ycombinator.com/item?id=47519625
One is a story by a journalist at CNN, the other is a story by a journalist at the LA Times
Multiple articles on the same topic can sometimes offer different facts and opinions, different perspectives
I would love to see some justice.
You think they need this to know your age? Your gender? Your home, your birthplace, your political stance?
Stopping misleading advertisments and mental health issues while claiming to be protecting children is not on the parents. The parents were given the false information to believe their kids would be safe.
Naming and shaming won't do much good. It could backfire and serve as a positive mark on their resume for other morally corrupt leaders.
Unfortunately, as we found out recently, Meta's lobbyists are a powerful force to contend with and I do not trust our governments to stand up to them.
It all boils down to consent.
I might want to take some drugs that have some harmful side effects. But i knew about them and i willingly made the choice because I valued the high more.
Contrast this with, I knew about the harmful side effects and told you they didnt exist and you should take more. And then i change the drug so its even MORE harmful because it also makes you BUY more. That's what these social media sites do.
They use engineered sociology and psychology to create addictive products, and then refine them to maximize profit at the cost of anything they can pull a lever on.
What bothers me the most is not the vampires at the top sucking out every dollar they can extract out of vulnerable people, but the fact that so many engineers are supporting this. So much for engineering ethics. Why even bother teaching it anymore?
If you want to punish Meta then you have to punish the wonder boy who runs it. Not even share holders can fight off the guy spending 80B on the metaverse.
This fine is somewhat larger, at $375 million, but the other one (https://www.msn.com/en-us/health/other/meta-and-youtube-fine...) basically open the gates for millions of people suing.
Sadly I don't think it's enough for Meta to change, because they have no business model if they are forced to be serious about online safety. That's probably also why they are pushing so hard for age verification, make safety a problem for someone else.
All that to say: I don't think "objectivity" should be the (main) factor resulting in existence of adequate punishment.
[a] https://dictionary.cambridge.org/us/dictionary/english/peanu...
> The New Mexico case also raised concerns that allowing teens to use end-to-end encryption on Instagram chats — a privacy measure that blocks anyone other than sender and receiver from viewing a conversation — could make it harder for law enforcement to catch predators. Midway through trial, Meta said it would stop supporting end-to-end-encrypted messaging on Instagram later this year.
The New York case has explicitly gone after their support of end-to-end encryption as a target: https://www.reuters.com/legal/government/meta-executive-warn...
* Classifying accounts as child accounts (moderated by a parent)
* Allowing account moderators to review content in the account that is moderated (including assigning other moderation tools of choice)
In call cases transparency and enabling consumer choice should be the core focus.
Additionally: by default treat everyone online as an adult. Parents that allow their kids online like that without supervision / some setting that the user agent is operated by a child intend to allow their children to interact with strangers. This tends to work out better in more controlled and limited circumstances where the adults involved have the resources to provide suitable supervision.
At the same time, any requirements should apply only to commercial products. Community (gratis / not for profit) efforts presumably reflect the needs of a given community.
So no we can't just tell parents to deal with it.
There has to be a middle ground.
There's probably a much better solution than "adults vs children" but very few with our expertise seem seriously interested in solving for safer children, which essentially leads to inexpert solutions gaining popular support.
1. Limit child accounts to "classic" social network functionality. They get to see things from mutual friends. No algorithmic feeds, kids aren't in the user search, and no way for messages to be sent/received unless both sides have consented.
2. Disable chat for child accounts. How many chat apps do children really need? Each one is another potential vector for issues that parents would need to monitor.
I'm sure there is a monkey paw here, but either option seems better than no end-to-end encryption for anyone, at a time when government surveillance is a bigger issue than ever.
Frankly, I think option 1 would be better for all users, not just children. Go back to classic "social networks". This "social media" experiment has failed.
I feel like I can think of lots of situations where society puts in to protect children rather than leaving it to the parents (age ratings on films and games, YouTube Kids, regulations around advertising to children, the whole concept of school, reduced speed limits around playgrounds to give a few examples off the cuff).
History shows its not necessary always the case.
depends on your culture.
(Yes, I read your comment history. I was tryinna figure out if you were in fact that guy and saw a bunch of conspiracy-ass right wing misinformation.)
Its not reactionary to say you dont want the state to interfere too much in your child éducation.
Whether you are left or right its fine as long as the state aligns with you. But if you open an history book, you will sée it VERY OFTEN happened that states get crazy / ideological or just plain eugénist / liberticide.
Its dangerous to give too much power to the state
> Surveys by Britain’s tech regulator, Ofcom, find that among children aged 10-12, over half use Snapchat, more than 60% TikTok and more than 70% WhatsApp. All three apps have a notional minimum age of 13: https://archive.ph/y3pQO
Once you get the classification correct — and AI cannot it do this — only via community ombudsman/age verifiers, in a privacy first way*, the app stores can easily tell the app devs what accounts are sensitive and filtering should be much more effective.
*Basically once your age is verified by a real human for your device(using device local encryption to verify biometrics) you are set. No kid should be able to bypass and install apps it on devices that their parents hand to them. There will always be black market devices with these apps, but there are ways of beating those to be very minimal by existing tech.
Why do you need any third parties whatsoever? Just have the parents do it. They configure a setting in the kid's device which the device uses to determine what content to display. All you need from the app/service is a rating for the content. No third parties should never have to know anything about the user, because the user's device knows that, and the device knows it because the parents do.
Who verifies that the person verifying the child's age is actually authorised to do that? Who verifies that verification? And so on up. This needs a chain of trust that can only end up at government. And that chain of trust will then be open to being abused by shitty politicians.
What mechanism in (e.g) Linux is responsible for implementing this age verification so that it cannot be tampered with (or trivially overruled by a sudo call)? Which organisation is legally liable if that mechanism doesn't do its job? How can we stop someone from overwriting that mechanism with their own, in an open OS that is deliberately designed to allow anyone with root to change anything on it?
What you propose here is the death of open computing. And I personally believe that we would be much better off as a species if we kept open computing and just taught our kids how to handle social media better.
This one is easy. You just don't require all devices to do that. The parent isn't required to give the kid a general purpose computer. You don't need to prevent every device from running DOOM, only one device, and then parents who want to impose such restrictions get the kid one of those.
- The line between "general purpose computer" and "not that" is weird. Android is an implementation of Linux, after all. Probably the best example is a Steam Deck. It's just Arch Linux, you can get to a desktop on it no problem, and you get sudo access and can install whatever you like on it. Are you saying that Responsible Parents should not get their kids a Steam Deck?
- And that raises the point of how responsible are we making parents for technical decisions that they do not necessarily have the knowledge to implement? If a child works out how to circumvent the age restriction and look at boobies (or whatever) and an authority finds out, are the parents liable? Are they likely to be prosecuted? Isn't this just adding more burden and bureaucracy to the job of parenting?
I'm saying Authoritarian Parents should not get their kids a Steam Deck. If the kid can run arbitrary code then they can get a VPN and access websites hosted in Eastern Europe and then any of this is moot because there is no law you can impose on Facebook to do anything about it.
> If a child works out how to circumvent the age restriction and look at boobies (or whatever) and an authority finds out, are the parents liable?
No, because the parents rather than the "authorities" (who TF is that anyway?) should be the ones in charge of the decision whether the kid can look at boobies to begin with.
so the school takes on that responsibility, as deputized by the parents.
Kids don't get unfettered access to the streets while at school. They can't take their bikes and ride out at will. What makes the internet and devices any different? The devices provided by the school should be lockdown-able, and kids should not be provided their own device unless there's a parental lock (which is enabled during school hours, and is similarly locked down).
Each school brews its own system more or less.
ok then make it work so. i feel it's like this thought flow:
- A causes B. and B is a problem.
- why not do C which causes not B.
- ahh, this wont work because it's A what is now, and C is not.
Google is basically its own private internet. It caches content so you can access all sorts of terrible stuff just from Google.com (and its related domains).
But if you cut Google you cut Google Classroom - which is required.
And Google Classroom itself has many workarounds.
This isn’t just a Google problem. The centralization of the Internet around a few mixed content domains really kills conventional filtering.
Paradoxically, there are so many centralized domains that even if you can block one, it’s just a game of whack a mole.
Eventually you just block the whole internet - and then what’s the point? Take away the 20 most popular mixed content platforms, messaging, etc, and you’re effectively blocking the whole internet.
The kids can’t contact their friends, watch educational videos, or any other legitimate use.
Notice also that even if you do this, you still don't need the service to be able to decrypt the content, only the parent.
This could even be generically useful, e.g. you have a messenger used by business and then the messages can be read by the client company's administrator/manager but not the messaging company's.
Why is the answer people seem to arrive at being "mandatory collection of blackmail material that will ruin careers and relationships" when it comes to the Internet?
Just behave
To hell with gay kids growing up in very traditional religious areas in much of the world.
That person who made a racist joke on Discord when they were 13 years old? That should be able to ruin them when they're 30!
Someone confiding to a friend over social media DMs that they're in an abusive relationship with someone violent? Well - she shouldn't be surprised when her partner beats her within an inch of her life when he finds out. If only she did what she was told, right?
And let's not forget the cringiest or most sexual thing you've ever said online - make sure that your every utterance in private would pass scrutiny by your employer's HR department!
Seriously...I don't understand people like you. What a small, listless, and unusually safe world you must live in.
You may as well have asked why can't everyone think and act like you as well as live in your particular region of the world with the same friends, family, romantic, and professional opportunities that you've been provided throughout your life.
Not guesses. Not is told about and takes on trust. Knows.
There's nothing to stop a kid creating a fake adult account and using it as an adult, perhaps creating their own kid account for "official" use.
Ultimately this is an unsolvable problem without a single source of truth for verified ID and user age.
The only responsible way to do that is to create a global "ID escrow" agency, where ID details are private and aren't available to governments or corporations without a court order, but the agency can provide basic age checks and other privacy services of a limited nature.
Good luck with that idea in this culture.
Meanwhile we have the opposite - real ID is known to governments and corporations, personal habits and beliefs of all kinds can be tracked, there is zero expectation of privacy, and kids still aren't protected.
It's ok to drive Dad's truck unless he catches you and tells you no.
Dad should either know his children would never drive the truck without permission, or keep his keys as safe as his wallet (and if he can't trust his kids with keys, you bet his wallet needs protection).
Given how current parental controls work, kids are not getting access if their device is under parental control (the default for open web access is off). So Facebook still won't see any child-locked devices, even before this ruling. My guess is that this ruling applies to parents who aren't making sure their kids get access only via child locked devices.
So even if 95% of kids have responsible parents locking down access, there will still be this 5% that will continue to drip horror stories that motivate knee-jerk regulation.
Trying to approach it from the direction of websites determining if you are an adult is a privacy nightmare and provides a huge attack surface. (Which is what the government wants--the ability to monitor.) Flipping it over is much, much safer--but fails the real mission of exposing dissent.
(On-device security, the credential of the adult is loaded onto the device but not transmitted anywhere, it can only be obtained locally. The device simply responds as to whether it has a credential loaded. Bad guys are unlikely to want to sell such devices as the phone could be traced back to them.)
And the parents can select a strict child lock, or permitted but copies forwarded to the parent.)
I think the framework here is to have community driven age verifiers( i recall there is an EU effort for digital wallets which besides it's bad parts has some of these good parts) which can verify ages for people and link them to( local biometrically encrypted) devices for pinning. This would be privacy preserving. The only downside is a mandate for all devices have a built-in hardware biometric encryption like a finger/face print so phones can't be just(used) with these apps installed.
The verification part is a job that could be done by all the teachers and coaches and ofc parents. Any one verifying identities would be cryptographically nominated/revoked by a number of more senior members of the community. A prent always get the right to say ok for their kid ofc but so could teachers or legal guardians..
We(legally) need a mandate for smart devices to have local device only biometric verification. The law should be to have these apps follow device app store protocols.
Children who are smart enough to get access to a given vice without getting caught are more likely to be mature enough to be able to cope with that vice.
Kids with low parental supervision who steal uncle Roy's marlboro are more likely to be able to cope with tobacco addiction?
Do you have any reasons to think this might be the case? Studies, research, a well thought-out article?
We're just optimising for kids with shitty family at this point.
I only disagree with the just-so notion that kids who have an Uncle Roy are somehow better able to cope with the consequences. Ability to access something is (IMHO) pretty uncorrelated with the ability to cope with the consequences.
"As with smoking, alcohol, sex, drugs etc
Children who are smart enough to get access to a given vice without getting caught are more likely to be mature enough to be able to cope with that vice."
There are at least two problems here. The one I've focused on first that you seem so keen to dispel, is an assumption that there are smart kids overcoming a challenge. 'Roy' is an extreme, but there is a whole spectrum of low-oversight conditions that are likely to lead to kids getting access to alcohol, tobacco, drugs, having sex etc, which are nothing to do with smartness or challenges and are much more to do with shitty parenting and neglect.
Then there's the second problem. Let's focus on tobacco but I believe it's likely to hold for other drugs - even if we allow that children getting access to tobacco are 'smarter' than those who don't figure it out, and are overcoming various obstacles, that doesn't actually imply that they'll be better able to deal with the consequences. Just like how a high IQ doesn't always mean someone is necessarily good at crossing the road safely or tieing their shoelaces.
In fact there's a variety of research about nicotine's effect on developing brains and how the earlier people are exposed the more likely they are to be more addicted for longer. This is the opposite outcome to the original claim, kids who start earlier are in fact demonstrably less likely to be able to 'cope' with the vice.
The whole claim is nonsense.
[0] https://pmc.ncbi.nlm.nih.gov/articles/PMC3615117/ [1] https://www.tobaccoinaustralia.org.au/chapter-6-addiction/6-...
(edit - I'm not making specific claims about cybersecurity or access to tech here, I just think the analogy is pretty seriously wrong in itself)
Let's consider the four combinations of the two variables here. You have dumber and smarter kids, and worse and better parents. The kids with the worse parents will have access to the vice regardless of whether they're dumb or smart, but the kids with the better parents will only have access if they're smart enough to figure out how against parents actively trying to prevent it. Therefore the two of the four quadrants with smarter kids can get access but the dumber kids only can when they have worse parents, implying that two thirds of the quadrants with the ability to do it are the smarter kids.
> even if we allow that children getting access to tobacco are 'smarter' than those who don't figure it out, and are overcoming various obstacles, that doesn't actually imply that they'll be better able to deal with the consequences.
That's assuming the way they deal with it better is by trying the drug and then somehow not getting addicted rather than by choosing not to try the drug to begin with even though they could access it if they wanted to, or otherwise making more measured choices if they do decide to try something, like finding a source more likely to be providing the expected amount of the expected substance instead of who knows how much of who knows what. Or just hesitating a while so their first time comes at an older age.
But only one of those involves overcoming anything.
And unless you have information on the relative sizes of those quadrants, it’s meaningless in terms of the overall picture and being able to confidently assert that access to such contraband allows you to draw any inferences about intelligence whatsoever.
And the rest appears to be some serious mental gymnastics to avoid the point, which I don’t believe for a second was meant to encompass “children who are smart enough to get access to do a thing but don’t actually do the thing because they’re so damn smart”. Nor do I believe that 14 year olds who find a willing drug dealer are more likely to take sensible precautions than their peers, having proven their smarts by finding one!
The whole premise is laughable.
It seems a bit silly to think security abstinence is the solution.
All imperfect solutions, but they slice original huge problem into much smaller chunks which are easier to tackle with next approach.
> Surveys by Britain’s tech regulator, Ofcom, find that among children aged 10-12, over half use Snapchat, more than 60% TikTok and more than 70% WhatsApp. All three apps have a notional minimum age of 13.
https://archive.ph/y3pQO
What are you talking about. Have you really never rented a car before?
Some establishments, as part of their business practice, require identification.
It honestly looks like an emotional panic. People who take seriously slippery slopes aren't to be taken seriously themselves.
Social media is like e-cigarettes in the sense that the shift toward nicotine salts (think Juul) around 2015 resulted in e-cigarettes becoming more dangerous and thus more age-restricted.
It's also like consumer credit cards. Remember that in 1985 Bank of America just mailed out 60,000 unsolicited credit cards to residents of Fresno, CA without application, age verification, or identity check. They just landed in people's mailboxes, including those of minors. Eventually a predatory lending industry developed and we increased the age and ID requirements. My point is that systems can, and do become more dangerous overtime. Not all, but not none.
Algorithmic feeds, online advertising, and attention engineering are the nicotine salts of social media. The product's changed, so should the access.
Do we not? Sellers often don't just look at IDs now, they scan them into their system, and naturally, keep and sell your identity info, purchase data, and anything else they have access to.
>Algorithmic feeds, online advertising, and attention engineering are the nicotine salts of social media. The product's changed, so should the access.
This basically makes it clear. The problem is not that children are on social media. The problem is that "social media" has been allowed to become a platform for exploitation and manipulation by their owners. Adults aren't free from this either.
> Eventually a predatory lending industry developed and we increased the age and ID requirements
I have no idea if you're arguing for or against verification. You dismissed the idea that age verification is a slipper slope to more stringent ID requirements. Then provided an example where the exact opposite happened.
Even more, my point is that rules, regulations, and requirements adapt when these changes become unbearable. That has happened with social media, therefore a change in rules, regulations, and requirements is deserved.
Firms have a fiduciary duty to shareholders and profit.
On the other hand, You ultimately decide the rules and goals that operate government organizations, and do not have a profit maximization target.
They aren’t the same tool, and they work for different situations.
The E2EE slippery slope is a different challenge, and for that I have no thoughts
We are at a point where we are picking and choosing collateral damage targets.
That ship has sailed
It is actually terrifying . If you write something out of context or upload an image out of context you can be in big trouble.
If you don't support this you're obviously a pedo nazi terrorist.
It is better for them to be forced to turn off the security theater so people that need actual privacy can research alternatives.
"research alternatives" meaning what exactly? You think open source is somehow not susceptible to the same issue, plus all of the malicious updates?
Proprietary software solutions are unable come close to that level of accountability.
Not all published source code is secure but all secure software has published source code.
Harm to kids is actually happening, and this is always going to be a hot button topic.
E2E is critical for our current ability to communicate online, but will be a lower priority when pitted against child safety.
Fighting the good fight is one thing, fighting for the sake of it, without a plan that addresses the tactical reality is another altogether.
Personally, I think E2E will be defended, but it’s becoming a lightning rod for attention. As if removing encryption will solve the emerging issues.
I suspect providing alternatives to champion, such as privacy preserving ways to verify age, will force a conversation on why E2E needs to go.
We know that this isn't really going to reduce harm for children, we know Meta is not seriously going to suffer or change, and we know this is going to be used as a cudgel to beat down privacy and increase surveillance.
We don't need all this privacy invasion if we just didn't give kids a smartphone with a data plan.
Absolutely. Particularly where they've been found to be guilty.
> but we should be aware that these cases are one of the key reasons why companies are backtracking from features like end-to-end encryption
Why _social media_ companies are backtracking. I'm extremely nonplussed by this outcome.
> concerns that allowing teens
Yes, because that's what we all had in mind when considering the victims and perpetrators of these crimes.
Whatsapp and messenger are still fine, then.
The Meta ruling gives the government an effective stick, First Amendment notwithstanding: if you facilitate communication that the government cannot break into, and someone abuses a child with help from your secure platform, you could be liable for contributing to the abuse of that child. A safe harbor from liability will be provided—by adopting key escrow based encryption (if you support encryption at all). This does not interfere with protected speech about cryptosystems, but it makes using cryptosystems difficult in practice due to the chilling effects.
The 1990s were interesting times.
The business case was to be able to say “we don’t know”. That case is gone.
Also, so an aspiring pedo who gets a job at the service can now read the messages of all the underaged kids?
We all know Meta can still read E2EE chats (otherwise they wouldn't do it) and they're using E2EE as an excuse to avoid liability for the things their platform encourages. Contrast this with something like Signal where the entire point is to be secure.
That can't be true, otherwise in what sense is it E2EE?
Has anyone actually audited it?