[HN Gopher] Google will soon ask Australian users to show ID to ...
___________________________________________________________________
Google will soon ask Australian users to show ID to view some
content
Author : dannywarner
Score : 173 points
Date : 2022-03-20 14:19 UTC (8 hours ago)
(HTM) web link (reclaimthenet.org)
(TXT) w3m dump (reclaimthenet.org)
| moonshinefe wrote:
| > Governments all over the world have started pushing for ways to
| collect ID on social media users, often under the guise of
| providing a safe space for kids online.
|
| Does anyone know how these work on a technical level? Are they
| actually verifying these IDs with some sort of government API?
| What's preventing people from just sending fake IDs?
|
| I'm also curious how non-tech giants are going to implement this.
| It's a big ask for small websites run by single or small groups
| of people. If they face consequences too, it seems like a win for
| the social media sites to keep their market positions.
|
| Finally, what's preventing the children from just using non-tech
| giant sites to get at adult content? If it's literally just for
| Facebook, Youtube and the like, it'll be about as useless as the
| "Click here to confirm you're 18+!" verifications since they'll
| just search elsewhere, on one of the millions of other adult
| content sites...
| zo1 wrote:
| One would imagine, but the state of "KYC" in the wild is much
| less pretty. Some governments don't even have a national
| identity card (USA, UK) to verify. So instead they verify
| driver's licenses, passports, utility bills. Others use credit
| agencies, half-baked and built-up-over-time databases of who
| knows what, facial recognition, etc. Kicker, most border
| control checks are no more advanced than looking up a
| traveler's name surname and date of birth in old lists.
| stavros wrote:
| Don't they already? I've been asked for a credit card or ID to
| watch certain YouTube videos, and I'm not even in Australia.
| Strom wrote:
| Yes this same system is already enforced for Europeans and has
| been since 2020.
| lelandfe wrote:
| Important to note that YouTube added this in the EU back in 2020:
| https://blog.youtube/news-and-events/using-technology-more-c...
| Semaphor wrote:
| For YouTube, that has been the case for a while in Germany.
| Certain videos (usually semi-pornographic, I think I only
| encountered it for black metal music videos) will require age
| verification. And that is despite my Google account being 18
| years old...
| EastSmith wrote:
| Is there a KYC service where I can proof I am 18+, without
| actually revealing my information to Google, Facebook, etc.
|
| Will Google and Facebook support it unless required by law?
| numlock86 wrote:
| > Australian government forces Google to soon ask Australian
| users to show ID to view some content
|
| There, I fixed it. I'm getting tired of every headline trying to
| bash on Google/Facebook/etc. for clicks.
| dessant wrote:
| Age verification is already mandated in the EU, and when you
| provide your credit card details to Google's age verification
| system for YouTube, they create a payments profile for you
| without consent. The Google account is set up for purchasing
| services across all Google properties, without needing to
| provide further payment details.
|
| Google is exploiting the requirement for age verification to
| set up Google accounts for future purchases.
|
| https://news.ycombinator.com/item?id=30699957
| jmole wrote:
| Or, they're using the only consumer-focused credit card
| verification system they have (google pay), and "prevent
| users from using their credit cards" was never on the
| roadmap...
| MereInterest wrote:
| Suppose I asked you if I could borrow your car to get
| groceries. A week later, I take your car again and go for a
| road trip. You would be justified in being mad at me,
| because (1) the consent didn't cover the use and (2) the
| initial consent was for a limited time.
|
| Google has an obligation to verify age. Google also has an
| obligation to limit tracking of personal information to
| usages that have been consented to. Neither of these
| obligations negate the other, and if Google never put it
| onto their feature roadmap, that just means that Google has
| been negligent in fulfilling their obligations.
| MereInterest wrote:
| Isn't that a pretty straightforward violation of the GDPR?
| Consent to track somebody's personal information requires the
| data subject to be informed as to the use of the information,
| and personal information may not be used outside of the
| usages that were consented to.
| srcreigh wrote:
| The consent Google requests could be very broad.
|
| I wonder does GDPR specify different categories of consent
| which must be specifically and separately requested?
| dessant wrote:
| They did not ask for consent to set up a payments profile
| during age verification.
|
| Though what you're describing would also be illegal. GDPR
| does not allow requesting consent for such broad data
| processing just to fulfill a legal requirement to verify
| the user's age, and then denying access to the service if
| the user understandably refuses to give consent.
| justinclift wrote:
| There's "the law", and there's "what big corporations will
| attempt to get away with anyway".
|
| Because whatever happens in court (if it gets that far),
| they'll have _years_ of appeals to go, and that 'll be some
| future Google employee's problem not the current people.
| IMTDb wrote:
| And there is "the law" and "the other law", often times
| the two being incompatible, so you're kinda left in the
| middle trying to kinda please both sides.
|
| Like when governments agencies ask to both "disable all
| tracking of what their employees do on the platform", to
| ensure private data and GDPR like stuff are ok. They also
| ask to specifically "enable full logging of all access to
| their data" for security reasons.
|
| So: "sed -i 's/tracker/logger/g' codebase" and everyone
| is perfectly happy.
| sreevisakh wrote:
| Google's use of payment profiles is much more nefarious and
| exploitative. I recently moved from one country to another.
| There are a lot of apps that provide local services - like
| banking and public transport information. I wasn't able to
| install any of them. Why? My original profile is from the
| country of my previous residence, where I originally bought
| my phone. None of those apps should be geographically
| restricted in the first place - but they are, for some
| unexplained reason. I have found apps that are geographically
| restricted even without the knowledge of the developer.
|
| So then, how do you prove that you are in a different
| country? Easy, right? There are multiple sources of
| information that can prove your location - GPS, mobile
| service provider information, IP geo-location, Wifi SSID
| databases... . But no - none of that is enough. You have to
| add a local payment method! And coincidentally none of the
| payment methods other than credit card information works -
| not even the one provided by mobile service provider. So, you
| are forced to register your credit card information to prove
| your location.
|
| Now that your have proved your location and installed the
| essential apps you need, may be it's time to delete the
| credit card information. What if you accidentally subscribe
| to some service you didn't want? After all, you aren't
| subscribed to any service or bought anything with the newly
| entered card. So it should be easy to delete it, right? NO!
| You are not allowed to delete your only registered payment
| method! [1] Now it's open forever as a payment method for
| online services or Google pay.
|
| Google's tactics here are sleazy, underhanded and
| manipulative. And what of the complaints they receive about
| it? See for yourself - discussion locked and disabled! I
| don't know at what point their behavior is declared illegal
| and anti-social.
|
| [1] https://support.google.com/googleplay/thread/10797082?hl=
| en&...
| wanderingmind wrote:
| Fuck google play and install lineageOS with microg. You can
| install any play store app without geo restrictions.
| sreevisakh wrote:
| I would have preferred that. But many apps - especially
| banking apps don't work on custom ROMs due to android's
| SafetyNet.
| fsflover wrote:
| How about fully leaving Google ecosystem and switching to
| a GNU/Linux phone, Librem 5 or Pinephone.
| bbarnett wrote:
| Interesting about the non delete.
|
| In Canada at least, through Visa and Mastercard, your
| expiry date is automatically updated with various people.
|
| This means that never expire, may be just that.
|
| https://www.bngpayments.net/automatically-update-expired-
| car...
| easrng wrote:
| You could get a prepaid card and switch to that as your
| primary payment method. FWIW, I've removed all payment
| methods from my account before and it worked though I had
| to disable some unused Google Cloud projects I think.
| BiteCode_dev wrote:
| They do also other things like that:
|
| - logging to gmail on a non logged in android ? This logs the
| entire phone to the accounts
|
| - chrome and online google services account are intertwined
| markdown wrote:
| > they create a payments profile for you without consent.
|
| And? I create a "profile" in my mind of every new human I
| interact with, and every human I read about or hear about
| even without interacting with. It's a basic human function.
|
| When I gain a new business client, I create a profile of them
| too. This might start with a phone number, but over time,
| expand to include an email address, knowledge about their
| location, work hours, bank of choice, etc. Most businesses do
| this and always have.
|
| Consent isn't required for this.
| mkl wrote:
| Storing my credit card details permanently should require
| separate consent. Even if a credit card is used to verify
| my age, once they've seen it one time, they should delete
| it unless I tell them to store it - it's not like I'm going
| to get younger or anything.
| BiteCode_dev wrote:
| It is with a business in Europe, and rightly so.
|
| Corporations may be legally people, but they are not
| individuals. They are not human. And we should not treat
| them as such.
| tehwebguy wrote:
| Nobody misunderstood headline this as it was written
| coolso wrote:
| Kind of a bad look for Google when its workers refuse to work
| on projects for the US Military, and then when Trump wins they
| hold a meeting where top level execs are tearing up and
| emotional while unpacking the situation... but when things like
| this happen, seemingly, nothing but crickets from those brave
| workers.
|
| Tired of people defending Google at every turn despite them not
| deserving the benefit of the doubt for many years now.
| Ansil849 wrote:
| Do you also have this same opinion on Google's Project
| Dragonfly (Google's censored Chinese search engine)? That is,
| that people shouldn't have "bashed" Google, since it was the
| Chinese government "forcing" them?
| OrlandoHakim wrote:
| Google has a choice here. Just as they chose to _not_ to do
| business in China.
|
| I find it disingenuous to claim that one of the largest and
| most powerful companies in the world has no agency in this
| situation.
|
| Remember how hard Google fought the Australian laws about
| search engines paying news organizations.
|
| Not to say the Australian government is guilt-free here. There
| are no good guys here.
| DaltonCoffee wrote:
| Needing gov't ID to follow search links is dystopian, and
| antithetical to the original spirit of the Internet.
|
| Google should flat out refuse when governments make these
| requests.
| tzs wrote:
| It looks like it is for YouTube and Play content, not search
| links.
|
| If so, I don't see how it is any more dystopian than the ID
| requirements that have long been in place for non-internet
| media. I don't recall anyone calling it dystopian back in the
| '70s for instance when we had to show ID to rent movies from
| the "adult" room at the local video rental store.
| BiteCode_dev wrote:
| When you shown ID to the local video store, no record is
| made. And the video stores usually were not connected to a
| global interconnected graph of customers data.
|
| Worst case scenario, you had a paper card somewhere in a
| drawer with your name on it.
| car_analogy wrote:
| After showing ID, did the rental place record it, the video
| you rented, when you rented it and for how long, then store
| that information in a database shared with other outlets of
| the giant multinational conglomerate which it belongs to,
| sell it to advertisers and corporate security, and make it
| available on request to governments of the world?
|
| And was this process duplicated for every other piece of
| media you consumed, to create a full profile of your
| interests?
|
| A large change in quantity changes quality as well.
| mechanical_bear wrote:
| Agreed, and not sure why the early downvote wave you
| experienced there. I am surprised to see this sort of
| sentiment downvoted on HN.
| oblak wrote:
| I've done my part to correct this injustice. I am curious
| what kind of person downvotes such opinions
|
| edit: point taken. I had read the "google should flat out
| refuse to follow the law" bit. oops
| hn_throwaway_99 wrote:
| I'll explain why I downvoted - because I get a little bit
| sick of these slippery slope arguments that every time
| Google has to follow a law that, while controversial, is
| not exactly the last breath of a despotic regime, that
| people love to decry Google as "being evil".
|
| The fact is, there are gray areas. When it comes to
| government regulations, tech companies essentially have 2
| options: comply or leave the country in question (note
| Google has _already_ tried to lobby against the law in
| question). While "leave" sometimes _is_ the only moral
| option, I totally disagree that this law warrants Google
| leaving Australia.
| DaltonCoffee wrote:
| Then we agree, at least in principle.
|
| I don't know the details of this legislation but I have
| viewed Australia as a beta test for new tech legislation
| and worry this sort of authorization barrier could become
| more common place in Western countries.
| mechanical_bear wrote:
| I disagree, but appreciate the explanation rather than
| vote and run.
| giveupitscrazy wrote:
| Consider then if Google had decided to leave it would
| have had a huge negative backlash on the law, given the
| usefulness of Google.
|
| Instead Australia can now get what it wants and the
| backlash is minimal at best. Meanwhile they can go on to
| celebrate their dystopian law as working because of the
| endorsement Google gave them by capitulating.
|
| Short term yeah it'd suck for Australia to lose Google
| but then the law gets changed back, Google comes back,
| and everyone wins. Well except for the Australian
| government.
| hn_throwaway_99 wrote:
| I find this reaction, well, odd. It is basically arguing
| that we want giant multinational corporations to have
| _more_ power than democratically elected governments.
|
| I see diatribes all the time on HN bashing companies like
| AirBnB and Uber for "blatantly ignoring the law" to get
| what they want, and here are a bunch of people wishing
| for Google to blatantly ignore the law to get what they
| want.
| oonerspism wrote:
| You have a point. However I don't believe anyone here's
| advocating that Google ignore or break laws. But rather,
| to (as done with China) voluntarily withdraw certain
| services in response to arguably-unacceptable duress.
|
| [note: that is not _my_ position here - I 'm merely
| clarifying part of the discussion]
|
| I must add, being relatively familiar with Australia's
| tech sector and it's people, that there is not a great
| deal of respect in the sector for the tech choices made
| by Australia's incumbent government of recent years.
| Whether or not that sentiment is ethically trumped by the
| fact of that government's democratic election by the
| general populace, is up to the reader...
| medo-bear wrote:
| > I totally disagree that this law warrants Google
| leaving Australia
|
| I think most people have this opinion, but I wonder if
| they would have the same opinion if the country in
| question is a non-Anglo non-West but democratic country
| like India or Brazil
|
| For the record, i think Google should leave
| hn_throwaway_99 wrote:
| > I wonder if they would have the same opinion if the
| country in question is a non-Anglo non-West but
| democratic country like India or Brazil
|
| I for one would have the same opinion. India and Brazil
| may have lots of corruption but they are still
| functioning democracies.
|
| If it were Russia or China I would have a different
| opinion.
| BigJono wrote:
| So are all the Fox News idiots that wanted to come and liberate
| us from authoritarianism going to do it already? Or is that just
| for liberal state governments with barely any power that don't
| share your political views?
| kQq9oHeAz6wLLS wrote:
| They're waiting for all the liberal actors to move home from
| Canada after Trump got elected.
| extheat wrote:
| First step is to go after censorship
| wutbrodo wrote:
| Uh, in the eyes of a Fox News viewer, doesn't Australia count
| as "a liberal state government that doesn't share [their]
| political views"?
|
| What does this comment even mean? It reads like GPT-1 spent too
| much time on /r/politics
| BigJono wrote:
| State as in not federal. Not state as in nation.
|
| 1/8th of the country takes a different approach to a public
| health crisis and suddenly every hot take American
| conservative talks about invading the country. But the
| federal government uses us as a testing ground for
| technological authoritarianism for the better part of a
| decade and it doesn't get reported at all, even within
| Australia, except for on tech sites and other left-leaning
| places.
|
| If you, as an American, are worried about authoritarianism
| within your own country, stamping this steady ramping of it
| out in other allied western nations should be a key priority.
| But the only time I've ever heard an American news network
| even talk about Australia was about the Melbourne lockdowns,
| with completely incorrect facts everywhere, making an
| absolute mountain out of a molehill.
| simion314 wrote:
| We really need to have the OS and browser cooperate on this,
| otherwise we will need to show our ID to each website we visit.
| But browser makers are busy with chasing benchmarks or other less
| relevant stuff that are fun for devs to work on or that might
| make more money.
| overboard2 wrote:
| No, we don't need browsers cooperating with this.
| simion314 wrote:
| Why? it would not be forced on you but think about this super
| easy scenario.
|
| 1 I buy a device for my child and I set it up and enter his
| birthday, say he is under 13
|
| 2 I buy me a device , setup my account and enter my credit
| card to use the Store , the OS now is 100% sure I am an adult
|
| 3 The browser on our devices knows our ages now
|
| 4 13+ , 18+ webpages will mark this in the header , the
| browser on the child phone knows to not just allow the child
| to click "I am 18+ old" , the browser on my device would
| check my settings and say if I am a religious guy I tell the
| browser not to show the pages to me.
|
| 5 if you can't or won't tell your OS or browser your age
| either send your ID card to all websites or don't go there,
| big websites will respect local laws so maybe you can have
| luck with a VPN or some small website that does not care
| about local laws in a different country.
|
| I suggest this idea as an alternatives to having to send ID
| card copy to each websites, I am not advocating for UK or
| Australian laws to be made default everywhere.
| flerchin wrote:
| Sure it could come in via user agent. I would worry that
| governments would then attempt to regulate and lock down
| browsers such that Free Software is no longer viable, or
| even legal.
| simion314 wrote:
| I think most of us know that clicking "I am 18+" is a
| joke, governments will eventually look into this and not
| because politicians want to make it harder for them to
| access this pages but because activists and religious
| groups will put pressure on them (I seen with my own eyes
| religious people exiting from a party because the
| leadership allowed gays to have a parade in the city, and
| if in your region/country there are many religious people
| like this the politicians will try to get their votes) ,
| so the tech sector needs to find a solution for this that
| is privacy friendly. At this moment I can use my bank and
| PayPal from Linux so there is no technical reason that
| prevents open source software to implement it.
| int_19h wrote:
| Any open source solution would be trivial to disable, by
| definition. Hence OP's point that pursuing this to its
| logical conclusion means banning F/OSS.
|
| (See also: Vernor Vinge's "Rainbows End")
| simion314 wrote:
| >Any open source solution would be trivial to disable, by
| definition. Hence OP's point that pursuing this to its
| logical conclusion means banning F/OSS.
|
| And you think that you can't "mod" some proprietary
| application? The only exception is locked down devices so
| not only FOSS would be affected but also non locked-down
| and DRM devices, if UK or Australia will demand only DRM
| devices to exist so all laws are followed then we are
| fucked anyway.
| perihelions wrote:
| This dovetails nicely with Google unilaterally deciding to age-
| restrict things like presidential candidate campaigns.
|
| https://www.lefigaro.fr/medias/la-video-d-eric-zemmour-restr...
| shadowgovt wrote:
| While it is unilateral, it appears that the triggering effect
| for the age restriction is the content of the video, not the
| fact that a politician put it up.
| hanniabu wrote:
| Imo all ads should be age restricted
| XorNot wrote:
| Welp time to re-up a mulvad subscription I guess. The Australian
| government has been embracing cronyism and corruption for a
| while, but until half the country stops rewarding the incumbent
| party with votes while complaining about everything they do
| because "the other guys will be worse" then here we are.
| Semaphor wrote:
| I find it somewhat hilarious that a site "reclaim the net - Push
| back against online censorship, cancel culture, and privacy
| invasion. Informed by principles on digital rights" wants me to
| give them my email for their newsletter on my very first visit.
| Before showing me the article, or anything.
|
| Yes, I would like to reclaim the net. From sites such as that
| one.
| [deleted]
| asdfasgasdgasdg wrote:
| Although the title is correct, it's worth noting that Google is
| not doing this because it thinks it's fun to require
| verification. The Australian government is requiring google to
| take this action.
| Siira wrote:
| Perhaps there is some Chinese influence in this governmental
| decision, as well. They benefit from normalizing oppression.
| dijonman2 wrote:
| China and Australia are very close.
|
| China is Australia's largest two-way trading partner in goods
| and services, accounting for nearly one third (31 per cent)
| of our trade with the world.
|
| https://www.dfat.gov.au/geo/china/china-country-brief
|
| The CCP is evil.
| jaquer_1 wrote:
| Google is taking part, end of story.
| karpierz wrote:
| Headline: Google follows local laws.
|
| Alternate-universe headline: Google uses monopolistic power
| to ignore government regulation for profit.
|
| Which do you prefer?
| falcolas wrote:
| Byline: Uses uploaded validation beyond the scope of the
| law using their patented "improve our services" playbook.
| (from TFA)
|
| Google is going too far.
| hackyhacky wrote:
| How about: Australia forces company to comply with
| oppressive surveillance state restrictions, cynically
| deployed in the name of safety?
| karpierz wrote:
| Maybe in an alternate reality where Rupert Murdoch was in
| the business of informing the people.
| johannes1234321 wrote:
| Google creating attention probably is best that short befor
| an election.
| LewisVerstappen wrote:
| >"If our systems are unable to establish that a viewer is above
| the age of 18, we will request that they provide a valid ID or
| credit card to verify their age."
|
| I don't think Google is complaining too much. Especially if it
| gives them an excuse to collect credit card data (reducing a
| significant amount of friction when they sell YouTube premium /
| google drive subscriptions).
| jimmaswell wrote:
| I had no idea you could actually use a credit card to verify
| age. I thought that was nothing but a scam employed by
| fraudulent cam/hookup sites and catfishers. Google probably
| shouldn't train people that this is a normal thing to do.
| idiotsecant wrote:
| Does a credit card in fact verify age? Anyone at all can go
| buy a prepaid card at the grocery store, right?
| adventured wrote:
| > Does a credit card in fact verify age? Anyone at all
| can go buy a prepaid card at the grocery store, right?
|
| A prepaid card isn't a credit card. Payment processors
| can tell the difference between card types. You have to
| be 18 or older to get a credit card issued in your name
| (although you can add an underage authorized user to your
| card). And there are now other requirements needed if
| you're under 21 in the US, such as proof of income or a
| cosigner.
|
| A prepaid card is also not a debit card (debit cards are
| attached to a bank account). To get a debit card you must
| be either 18 or have a legal guardian who is at least 18
| on the account.
| Symbiote wrote:
| > To get a debit card you must be either 18 or have a
| legal guardian who is at least 18 on the account.
|
| Not necessarily. You can be issued a debit card from age
| 11 in the UK, although it will only do online
| transactions to prevent the account going overdrawn.
|
| Allowing a parent/guardian control of the account is
| optional.
|
| https://www.moneysavingexpert.com/banking/cards-for-
| under-18...
| notRobot wrote:
| > _To get a debit card you must be either 18 or have a
| legal guardian who is at least 18 on the account._
|
| I don't about the US or Australia, but this is definitely
| not true everywhere.
|
| I know for a fact that in some countries children as
| young as 13 can have bank accounts and debit cards that
| are not linked to a guardian.
| lern_too_spel wrote:
| Google could have required people to enter credit card
| details to download apps at all on their phones, following
| the precedent Apple had already set. That hasn't happened.
| citizenpaul wrote:
| They don't do that out of benevolence. The reality is they
| know a huge portion of their customer base are already on
| the lower income side. If required that info upfront they
| would lose millions of customers. Never underestimate how
| many people live on the fringes of society. No bank
| account, no credit cards, no offical address.
|
| Also worth remembering that selling you stuff is not how
| google makes most of their money. The sell you as a
| product. The more people they have on their system the more
| money they make even if they are not buying anything.
|
| I've had an android phone for many years without ever
| putting in a CC to the play store. I've bought apps though
| through Fdroid though.
| reaperducer wrote:
| _following the precedent Apple had already set_
|
| This is false.
|
| You don't need to give Apple a credit card to download
| apps. You do need an iTunes account, which can be created
| without a credit card (I have two with no cards attached).
|
| If you only download free apps, you're good. You can fund
| the account with PayPal or gift cards if you choose to
| download paid apps.
|
| Try to refrain from making stuff up in your defense of
| Google.
| lern_too_spel wrote:
| https://discussions.apple.com/thread/251793338 no longer
| _requires_ a credit card after iOS 6 but is still heavy
| on dark patterns. A credit card isn 't even asked for
| when creating a Google account at all. My point is that
| Apple either requires or tricks you into giving a credit
| card to use Apple services, and the only reason this is a
| big issue for Google is that many Google accounts don't
| have a credit card already.
| umbauk wrote:
| I set up my 9 year old's apple watch yesterday. I had to
| enter my credit card details to add it to my Family. I
| didn't have to do this when linking my child's fitbit.
| digitallyfree wrote:
| iOS does not require CC info to download free apps. It's
| only needed to pay for paid apps (same as Android).
| lern_too_spel wrote:
| This is not straightforward on iOS, even after iOS 6
| stopped strictly requiring it.
| https://discussions.apple.com/thread/251793338
| digitallyfree wrote:
| Ah I created the account on the device during initial
| setup, so that explains why I was never asked for CC
| info. Though from reading through the help page it
| appears they have an option for "none" for CC info when
| you create the account later. There are no screenshots on
| the page but I found some on Youtube.
|
| https://imgur.com/a/9v1bkle
| BiteCode_dev wrote:
| Which is not a good proof. You can use one from somebody
| else, it doesn't prove that it's yours. Only that you have
| access to it. As long as you don't make any paiement, I
| suppose you will be fine.
| bushbaba wrote:
| Also lets them easily join in credit card purchases to user
| info.
| cmckn wrote:
| Does google actually save this payment information for use in
| subsequent transactions? Or is it just used as part of the
| age verification process?
| cute_boi wrote:
| Should we even guess? Google is already trying hard to
| store payment information filled in form.
| seanmcdirmid wrote:
| Chrome will save credit card data on request, it's
| incredibly convenient if you do a lot of online food
| ordering.
| Drdrdrq wrote:
| Convenience is often the biggest enemy of privacy.
| seanmcdirmid wrote:
| The current system where we can choose between security
| and convenience is good enough for me. I loath those who
| would take that choice away from me.
| Drdrdrq wrote:
| First of all, I said _privacy_ , not security. Huge
| difference.
|
| That aside, I am not advocating for less choice, merely
| observing that in many cases users willingly give up
| their privacy (or other rights) for convenience. Your
| reaction to my observation actually proves my point.
| AlexCoventry wrote:
| In the article, someone from google claims the data will be
| deleted as soon as it has been used for verification, FWIW.
| jotm wrote:
| I'll guess that they will be using an automated system,
| i.e. no human eyes involved. Which isn't that much
| better, I guess.
|
| I'd say it's best to photoshop the info/photo, because
| "deleting" the photo doesn't mean they won't scrape it
| first.
| dessant wrote:
| They are lying. I have recently verified my age on
| YouTube with a credit card, and they've created a
| payments profile without my consent. I have discovered
| what happened a couple of weeks later when I've signed up
| for Google Cloud and my payment data was already listed
| in the form of a payments profile that could be selected.
| dudul wrote:
| The answer to "does Google save X?" is "yes" for all
| possible values of X.
| MomoXenosaga wrote:
| The credit-card as a viable ID is hilarious. I don't have a
| CC nor do I want one. So I just used someone else's so that
| Google doesn't bitch when I want to watch an 18 plus video.
|
| I do have a passport that everyone is legally required to
| have in this country but trying to upload a picture of that
| was a fucking nightmare so I said fuck it take these numbers
| you clowns. Now if I can do this I'm sure every kid on the
| planet can just take their mom's CC so what is the point of
| this law anyway?
| whimsicalism wrote:
| Not sure how you concluded that from this quote
| RobertMiller wrote:
| A simple "the law requires us to" somewhere in that quote
| would have gone a long way to convey displeasure at their
| arm being twisted. But nothing in that quote suggests any
| arm twisting, and why should google of all corporations be
| given the benefit of the doubt? They look like eager and
| willing collaborators.
| emteycz wrote:
| So why they didn't try to require ID for all the previous
| years until laws required it?
| RobertMiller wrote:
| If they want us to believe they're displeased at this
| requirement, why don't they say so? Google has certainly
| complained and protested about other laws before.
|
| > _In response to multiple complaints we received under
| the US Digital Millennium Copyright Act, we have removed
| 15 results from this page. If you wish, you may read the
| DMCA complaints that caused the removals at
| LumenDatabase.org:_
| MiroF wrote:
| You're comparing a quote from an article clearly being
| written in the context of this Australian law to the
| actual quote from Google's implementation of DMCa law.
| There is nothing in your quote indicating they are
| "protesting" DMCA law.
|
| Here is the full quote.
|
| > Over the coming month, we will also be introducing a
| new age assurance step on YouTube and Google Play. This
| added step is informed by the Australian Online Safety
| (Restricted Access Systems) Declaration, which requires
| platforms to take reasonable steps to confirm users are
| adults in order to access content that is potentially
| inappropriate for viewers under 18.
|
| > This is in line with the actions we took in the
| European Union in response to the Audiovisual Media
| Services Directive (AVMSD).
|
| > As part of this process some Australian users may be
| asked to provide additional proof of age when attempting
| to watch mature content on YouTube or downloading content
| on Google Play. If our systems are unable to establish
| that a viewer is above the age of 18, we will request
| that they provide a valid ID or credit card to verify
| their age. We've built our age-verification process in
| keeping with Google's Privacy and Security Principles.
|
| Pulling out a quote and then saying "they don't mention
| the law", when they actually do mention the law a few
| lines above is frankly... a bad objection.
| RobertMiller wrote:
| They aren't required to disclose any DMCA removals, but
| choose to anyway, citing the law by name. Pointing out
| that a law is requiring them to do something is the least
| anybody can do if they object to that law's requirements.
| The omission of such a statement is sufficient evidence
| to conclude they are willing collaborators. A tech
| corporation like Google does not deserve the benefit of
| the doubt anyway.
| MiroF wrote:
| Are you still not following that this "omission" is
| something you've entirely made up in your own mind by
| selectively copying one quote from an entire article?
| RobertMiller wrote:
| The text you quoted does not seem to convey any
| displeasure at the law. Think what you like.
|
| > _This added step is informed by_
|
| Why so passive? Why not _" required by"_?
|
| > _We've built our age-verification process in keeping
| with Google's Privacy and Security Principles._
|
| Why not omit this apologia?
|
| Also, that statement about the DMCA is on every single
| search page with DMCA omissions. Do you think Google is
| going to cite the ID law by name on every page requiring
| it? I guess we'll find out, but I'm not holding my breath
| for this.
| MiroF wrote:
| Wait, but they _do_ point out the law requires them. And
| as you said,
|
| > Pointing out that a law is requiring them to do
| something is the least anybody can do if they object to
| that law's requirements
|
| Generally, I prefer comments blatantly contradicting each
| other to at least be a little more spaced out than yours
| are.
|
| Have a good day.
| zuminator wrote:
| 1) For Google to "complain" about the law and then still
| enforce it is just a toothless objection, virtue
| signaling. At least in the case of the LumenDatabase.org
| notice, their complaint actually serves a valid purpose
| of subverting the law (by allowing the user to see the
| offending domains.)
|
| 2) Google is a US corporation. If it is unhappy with US
| laws, it could be considered perhaps reasonable or even
| responsible for it to voice its concerns as a "corporate
| person" while it continues to fulfill its legal
| obligations. But it's a guest in Australia. If it doesn't
| want to obey the laws enacted by the people of Australia
| in Australia, it doesn't have to. After exhausting any
| judicial remedies, it can simply choose to leave
| Australia voluntarily. But to continue to reap Australian
| dollars while being demonstratively surly about it, could
| come across as disrespectful to the people of Australia.
| It would be as if someone came as a "plus one" to an
| exclusive party at your house, and then vocally
| complained the entire time that they were "forced" to
| remove their shoes.
| syshum wrote:
| Large Corporations will often have government enact laws
| they know would be unpopular policies for a variety of
| reasons... Many times companies will even publicly
| opposes the very laws they actually support behind the
| scenes.
|
| Not saying that is the case here, but it pretty common
| for corporations to use government as their tool
| nojs wrote:
| Ok, so what's the real reason the government wants this?
| kQq9oHeAz6wLLS wrote:
| Well, the Australian government has shown it's willing to
| throw people into camps against their will, so...greater
| control of the population would be my guess.
|
| You know. To keep kids safe.
| forum_ghost wrote:
| They want us to live in Utopia:
| https://www.youtube.com/watch?v=vJYaXy5mmA8
| RobertMiller wrote:
| The "Five Eyes" anglosphere establishment uses Australia as a
| testbed for authoritarian measures that may later be
| implemented in the others.
| aaa_aaa wrote:
| For the greater good. </s>
| wutbrodo wrote:
| The ~only reason gov't ever does anything is because they
| think it looks good to voters.
|
| And any given voter doesn't have "wants" or "beliefs", just
| violent mood swings and social performance.
|
| This isn't really even a bug of government's! Government
| action is very often valuable and necessary. But the
| incentive structure is such that modeling the gov't as a
| somewhat-rational entity with well-formed desires is usually
| not the correct frame to start with, IMO
| codewithcheese wrote:
| "because the voters want it" is just how they spin it, the
| reason is to have a chilling effect on expressing
| dissatisfaction with whatever party is in power.
| forum_ghost wrote:
| "Princeton University study: Public opinion has "near-zero"
| impact on U.S. law.":
| https://act.represent.us/sign/problempoll-fba/
|
| The government does the bidding of the economic elites.
| Economic elites don't vote, they buy influence.
| zo1 wrote:
| I think we also need to realize that those in power
| aren't necessarily plain old rich like the monocle guy
| from Monopoly or Mr Burns from the Simpsons. They're just
| connected, powerful, to a degree rich, and sometimes
| plain old skilled orators that can convince a lot of
| people.
| zo1 wrote:
| If that's the case, then we should be able to do a
| referendum for legislation this "big" to go through, right?
| I'd argue that the lack of a robust, accessible and easy
| form of referendums means we're not fundamentally different
| to a dictatorship.
| mikem170 wrote:
| I admire Switzerland's system, where the people can
| petition for a referendum to delete any law they don't
| like.
|
| This forces the politicians to negotiate with motivated
| minorities before creating new laws.
|
| Instead in the U.S. we allow rich people and corporations
| (who are not voters!) to give money to politicians. In
| most other democracies this is illegal and considered to
| be corrupt.
| int_19h wrote:
| Swiss system also allows people to _pass_ any law that
| they like. For example, the infamous law banning
| construction of minarets.
|
| I'm also not sure how this is supposed to help minorities
| (motivated or otherwise), since the referendum is
| country-wide.
| citizenpaul wrote:
| You are not the voter anymore. Watch the second half of GCP
| Greys. Rules for Rules on youtube, or read the book its
| based on if you want to understand. The video is a really
| good summary though.
| moltke wrote:
| The incentives of the two organizations are aligned. It makes
| sense and is very unfortunate that they capitulate so easily.
| It's yet another example of why you shouldn't rely on anything
| from Google.
| superkuh wrote:
| That's interesting. Is the Australian government requiring me
| (superkuh) to take action to follow their absurd laws for my
| dot com website too? I definitely have Australian users.
|
| I guess what I'm asking is if this is something Google is doing
| pro-actively to cover their asses after a general law was
| passed, or if the Australian government has _explicitly_
| contacted Google (alphabet) about this?
| jdrc wrote:
| Age verification sounds like an application of zero-knowledge
| proofs
| WinterMount223 wrote:
| Could you explain further?
| iso1210 wrote:
| Imagine you are visiting hacker news, and for some reason you
| have to prove your age, but you don't want HN to know who you
| are, nor your age identity site to know you're going to HN
|
| One way to do this off the top mf my head would be
|
| HN issues a unique number (say 4096 bit) to you when you
| create an account
|
| You send that number to your identity provider along with
| confirming proof of age
|
| The identity provider signs that the number is valid and
| posts it to a public source
|
| HN downloads a list of 4096 bit numbers posted in the last 5
| minutes and confirms the one associated with your account is
| on the list
|
| HN will know that "Identities-r-us.com" has proven your age,
| but nothing else
|
| IRU know you had to age approve a site, but there are many
| sites downloading the lists so they don't know which one
| sva_ wrote:
| But this way ppl could falsely verify their age by using a
| shared identity, unless the identity provider saves the
| identity (and shares it with other such providers)?
| amelius wrote:
| Why not let the user download the signed proof-of-age, and
| post it back to HN?
| iso1210 wrote:
| Why not indeed
| AlexCoventry wrote:
| You can do even better than that. IRU could proxy your TLS
| connection to the identity provider, and you could prove to
| IRU in zero knowledge that the decrypted transcript
| verifies that your age is over some threshold, without IRU
| ever seeing your age, and without the provider having to
| run a signature service. Then IRU is the one who signs the
| attestation on your age.
|
| https://eprint.iacr.org/2020/934.pdf
| WinterMount223 wrote:
| That sounds better if you don't trust the websites but
| worse if you don't trust the government or the central
| checker.
| iso1210 wrote:
| The central checker knows you've proven your age, but not
| where you've proven it.
|
| As someone else points out, you send a message to your ID
| provider 17 requesting the minimum required fields and an
| anonymous token provided by HN, the ID Provider returns
| that (over18=yes, token=1234567....) which is signed, you
| then send the returned payload to the server you're
| asking, saying "I used Identity provider", and HN
| (assuming it trusts your ID provider) can confirm that.
|
| HN knows the IP you're connecting from and the identify
| provider (say the Austrailian government)
|
| The Austrailian government doesn't know where you're
| connecting to, just that you are trying to prove you are
| over 18. The unique random number HN provides confirms
| it's not someone else's token, but it doesn't link to HN
|
| I assume there's a proper standard which does this
| tootahe45 wrote:
| They'll want to collect the data for themselves which is why we
| don't already see this for things like KYC.
| batch12 wrote:
| I am curious if the ID will be validated somehow or just dates
| checked. If the former, I wonder of this endpoint would be given
| to any site owner to validate age. If the latter, I can imagine
| someone creating a "this ID does not exist" service to fill this
| need. More likely VPN providers are about to get a bump in
| clientele.
| bl4ckneon wrote:
| It would probably be an automatic system somehow just looking
| at the dates. Imagine someone wanting to watch a video and then
| submitting their ID and getting the message back "thank you,
| you will be able to access this content in a few hours once we
| have verified your ID".
|
| You would have just lost that person for a long time.
| codedokode wrote:
| In theory, IDs can be verified against government-owned
| database. That's how online ID verification for payment systems
| works in Russia.
| dannywarner wrote:
| The Australian government made a big push to make Google and
| Facebook pay Australian news sites for links to content on their
| platforms.
|
| Google made a number of moves to head that off, including pumping
| money into local initiatives and a deal with the local media
| companies.
|
| Not fighting back hard against the current social conservative
| government's moves on censorship and cracking down on online
| rights is consistent with Google's other moves to protect profits
| and avoid paying media companies for links.
| pkaye wrote:
| Maybe they saw it was inevitable since the EU is already doing
| this. Maybe a majority the citizen of these countries are okay
| with the tradeoffs.
| BLKNSLVR wrote:
| Semi-ironically, the site pops up a full screen "subscribe with
| email address" window upon loading.
|
| There's an easily visible link to close it without subscribing
| but fuck it's tone deaf for a site called "reclaim the internet".
| dimitrios1 wrote:
| I used to believe, at least in the early days, that these tech
| companies were successful in upholding the values of freedom of
| expression, speech, and exchange of information, subsequently the
| values that the early internet itself formed around. They were
| anti-authoritarian.
|
| Now it seems they willingly accept being pushed around, succumb
| to any request to compromise its values in the interest of
| shareholder value, and willingly collude with authoritarian
| requests from governments.
|
| It's all so typical, in a way. Whatever shred of idealism I had
| left for these companies is now completely gone.
| ludamad wrote:
| The problem is that the more a company wants to draw a line in
| the sand against a government, the more it must be a monopoly
| of some kind otherwise be replaced by someone who doesn't
| dimitrios1 wrote:
| I find the reverse to be true. It is only when a company
| becomes a monopoly does it begin acting in this way. It
| becomes hellbent on maintaining that monopoly.
| codedokode wrote:
| Regarding adult content, don't you think that there is a better
| solution? Websites could add a HTTP header containing content
| rating; if the header is missing then it is considered 18+
| content. Browsers use this header to restrict access according to
| OS settings.
|
| This way the problem can be solved without any IDs and credit
| cards.
|
| Also I don't understand why age verification is needed for Google
| Play. Isn't adult content already banned there?
| kzrdude wrote:
| Since EU already has this, it's been very few videos on yt where
| this has been asked. I just avoid them.
| bleuchase wrote:
| > Since EU already has this, it's been very few videos on yt
| where this has been asked. I just avoid them.
|
| Do you think that may be part of the purpose of such a system?
| kzrdude wrote:
| Nope, it's an unintended consequence, I think the political
| motivation is naivistic. It turns into a kind of censorship,
| but was conceptualized as a speed bump.
| ailef wrote:
| I've noticed the restriction on some YouTube video as well.
| With one account of mine I'm able to see them though, even if I
| don't remember giving my credit card details or ID. I created
| this account a long time ago so I might be wrong. I think they
| asked for my phone number for verification instead.
| manytree wrote:
| Sounds like exact quandary that the emerging DID spec
| (Decentralized Identifiers) [https://www.w3.org/TR/did-core/] is
| hoping to solve. I.e. you can submit your proof of age to an
| attestation service (in this case, perhaps the australian
| government itself) and receive an anonymous DID from which you
| can issue proofs of age without revealing other aspects of your
| identity.
| klabb3 wrote:
| Yes, but I find this unlikely to be endorsed by governments in
| the short term.
|
| It'd be great if the law said that it's (very) illegal for the
| verifying party to share or store any of the PII, including
| with the government.
| tomjen3 wrote:
| Would that also work the other way around? Ie would it mean the
| Australian government wouldn't know anything other than you
| wanting to prove your age to somebody?
|
| Otherwise it seems a terrible idea.
| manytree wrote:
| Yeah, the DID you receive from the attestation service can be
| used multiple times, and is assumed to be immutable, so you
| sign messages with your private key to prove ownership of the
| DID but generally reveal no other information. One concern
| would be that a backend integration might exist between the
| Australian government's attestation service and Google's
| system, in which case there might be benefit to the existence
| of an alternative public institution that is committed to
| privacy which has the demonstrated authority to verify age.
| proactivesvcs wrote:
| Ironic headline for a site which immediately throws up a full-
| page interstitial asking for my email address.
| jjice wrote:
| Email and government ID are very different, and the headline
| isn't coming off as a hit piece, so I don't think this is
| ironic.
| josephcsible wrote:
| Will Google in Australia have a button that lets you skip the
| identification process but see the content anyway? No, so those
| aren't even remotely similar.
| quickthrower2 wrote:
| Yeah that pattern makes me think "this is spam"
| nmilo wrote:
| How is that ironic?
| reaperducer wrote:
| The same way "rain on your wedding day" is ironic.
|
| It's not.
| mechanical_bear wrote:
| Oooh oooh, do the spoons one next!
| rabuse wrote:
| Almost every invasive thing in our lives is because of "think of
| the children".
| vimda wrote:
| https://en.m.wikipedia.org/wiki/Four_Horsemen_of_the_Infocal...
| inter_netuser wrote:
| somehow i don't think the invasive measures will go away with
| artificial placentas and factories that pop out healthy and
| ready 25-35 year old professionals/drones.
|
| what will we think of then?
| yakshaving_jgt wrote:
| ...A very different approach to the dating scene?
| dudul wrote:
| You can sometimes substitute with "to fight terrorists" if you
| need to vary your discourse a bit.
| gruez wrote:
| Or more recently, "to fight anti-vaxxers"
| chickenpotpie wrote:
| Can you give an example? Not sure what you mean.
| gruez wrote:
| 1. vaccine passports (the QR code kind, because it
| invites the possibility of mass data collection)
|
| 2. freezing "freedom convoy" participants' bank accounts
| without a court order
| jmrm wrote:
| What kind of problem solves this measure? If someone think that
| minors won't access adult content that person is pretty naive.
| Only with TV shows, series, movies, music, and games they are
| going to watch a lot of violence and sex scenes, and most of us
| knows there are a lot of easy ways to access to this kind of
| content outside mass media.
|
| Letting the usefulness of this measure aside, I think there
| should be other ways to get your age without using your ID, like
| using a credit card for example. I don't know if there is any way
| to get the age of a person using the credit card, to be honest,
| but at least is an identification method with a expiring date and
| possibilities to cancel in any moment, not a unique number you
| can't never change in your whole life (at least in most Western
| countries I know).
| jlund-molfese wrote:
| I don't disagree with anything you said, but some countries,
| like the US, don't have a national ID system. So we usually
| have the option of using one of several different ways to
| verify our identities[1] for commercial services. Unfortunately
| most still do give you fixed numbers that don't change unless
| you move to another state.
|
| 1. https://help.id.me/hc/en-us/articles/360017833054
| Broken_Hippo wrote:
| _but some countries, like the US, don't have a national ID
| system_
|
| This is.. not quite true. Social security numbers are used
| this way (even if they aren't intended to be such a thing)
| and passports are essentially a national ID system. My
| passport is the only valid ID that I have - of course, I live
| outside the US and have to have the nearest US embassy renew
| it. (I don't qualify for Norwegian IDs yet, and my
| immigration card is a supplement to my passport instead of
| actual ID)
| jlund-molfese wrote:
| Passports _are a federal ID_ , but they're not mandated in
| the same way that other countries like Estonia mandate
| national IDs.
|
| SSNs? Sure, they're (optionally) used as an identifier. But
| they're primarily used in the financial world, along with
| your credit score. Most state and federal agencies won't
| require an SSN for official business (again excepting taxes
| & payments). A hotel will accept a Global Entry card for
| check in. UPS will accept a non-driver's license to pick up
| a package. You can vote with a student ID in some states.
|
| And don't forget people who are undocumented immigrants or
| on F-1 and J-1 visas who don't even have a SSN, but still
| need to open US bank accounts, pay taxes, get US driver's
| licenses, and vote in municipal elections.
|
| Identification is complicated in the US!
| inetknght wrote:
| > _SSNs? Sure, they're (optionally) used as an
| identifier._
|
| They're _misused_ as an identifier. They 've also been
| leaked to fuck and back.
| seanmcdirmid wrote:
| An American passport ID number changes every ten years,
| causing lots of problems when foreign banks (like Chinese
| ones) try to use it as a stable ID number. Source: personal
| experience.
| Broken_Hippo wrote:
| I've had absolutely no issues with it here in Norway, but
| Norway gives folks a number much like a SSN, which is
| used more widely than a SS# in the US alongside a picture
| ID.
| seanmcdirmid wrote:
| China uses foreigner passport IDs in place of a Chinese
| ID number. Which is kind of dumb since that number
| changes, which caught the bank by surprise. I had to
| carry around both my old and new passport for awhile
| after my first renewal.
| cr1895 wrote:
| > passports are essentially a national ID system
|
| Not very helpful as a national ID if they are a relative
| rarity
| Broken_Hippo wrote:
| That is only because the average person is priced out of
| it, honestly. If I remember correctly, it cost around
| days work if you make minimum wage.
| NoSorryCannot wrote:
| Right, but I think the concept of a national ID
| necessarily has the property of everyone (as close as is
| feasible) having one because it is required and they
| should be stable across time. Passports are optional,
| they expire, and they aren't stable. Not everyone can get
| an American passport (e.g., non-citizens).
|
| Tax IDs are as close as we've got.
| sharken wrote:
| It adds a layer of control which is very much the way
| legislation is going right now.
|
| Gone are the days where parents could educate their children on
| how to behave on the net it seems.
|
| We should not accept slogans such as "For the children", doing
| that leads to ever more restrictions and control.
|
| I don't have any solution to turn the tide, other than making
| sure to vote for a party that supports freedom on the net.
___________________________________________________________________
(page generated 2022-03-20 23:01 UTC)