[HN Gopher] Users claim Discord's age verification can be tricke...
___________________________________________________________________
Users claim Discord's age verification can be tricked with video
game characters
Author : mediumdeviation
Score : 141 points
Date : 2025-07-26 04:23 UTC (18 hours ago)
(HTM) web link (www.thepinknews.com)
(TXT) w3m dump (www.thepinknews.com)
| dylan604 wrote:
| If it works for video game characters, why not just any random
| actor? There's going to be plenty of footage available of them in
| various positions to get around the can't use just one image
| "security" feature.
| ethan_smith wrote:
| The fundamental issue is that these verification models are
| trained on datasets containing fictional characters and
| celebrities, so they're essentially being asked to distinguish
| between inputs that were part of their own training
| distribution.
| dylan604 wrote:
| Yet TFA shows the character used to beat the verification is
| a game character based on the likeness of an actor famous for
| the role he pays the game character is based. So you're
| saying what, that the system isn't aware it was trained on
| this person, the training isn't looking that person is known
| to the training, or the system just doesn't work as
| advertised?
| moritonal wrote:
| The fact another story on the front page is about a User
| Verification site having a massive leak is pretty relevant
| (https://news.ycombinator.com/item?id=44684373)
| jhgg wrote:
| > government passes law that requires companies to age verify
| users > said government provides no way to actually
| verify a human's age > hilarity ensues
| brogufaw wrote:
| It's intentional to give them wiggle room to define truth as
| needed case by case.
|
| Not saying it's good or bad. Just that it's intentional.
| Culonavirus wrote:
| My bank has an API endpoint that (basically) returns your
| name and age (in this use case). It can return more for
| signing electronic docs etc. and is basically your digital
| ID.
|
| https://en.wikipedia.org/wiki/BankID
|
| Need to buy "toys", vape products, alcohol... anything adult
| online?
|
| There's a 3rd party web app (you rightfully don't trust) as
| an age check in the shopping cart / user account of any of
| these adult shops, and this has multiple ways of verifying
| your age - and one of them is the bank's api, you pick it,
| your bank's identity sharing page loads, you log in, it shows
| exactly what information will be shared in a bullet point
| list, you tap OK, immediately a request like "this app wants
| to know your age, please verify" pops up in your smart
| banking app on your phone, you tap ok, fingerprint scan,
| DONE.
|
| Problem solved. The 3rd party app knows just what it needs
| to. All of this takes maybe a minute and your personal info
| is perfectly safe (unless you don't trust your bank at which
| point you have bigger problems to worry about...)
| cronin101 wrote:
| As a Brit that relocated to Norway a decade ago, trust me
| when I say you cannot fathom the lack of organization
| around identity that the UK (somewhat intentionally) has.
| (It's constantly used for political Godwin's-law fear-
| mongering)
|
| There is no centralized ID number, the closest is your
| social security number but this is basically only outbound
| for PAYE tax and haphazardly correlated to your pension
| payments in late life.
|
| Everything operates on a "trust system" where you often
| present paper (!) with whatever address you claim to be
| living at as proof you are real (e.g. opening bank
| accounts).
|
| Passport loss is rectified by seeking out "professionals"
| with government-approved occupations that are not related
| to you that can vouch you are actually the person you are
| trying to replace a passport for.
|
| The entire thing is a mess and living in digital-identity-
| native Europe is a dream come true that you should be
| extremely thankful for.
| jonathantf2 wrote:
| B-but... if we have an ID card the "government" will be
| able to track us! /s It does annoy me how much people get
| away with scaremongering, I just read a comment of
| someone who's against digital payments because "then the
| government will be able to work out how much tax you
| owe"????
| The-Old-Hacker wrote:
| The mess around voter ID is a case in point. A badly-
| implemented "solution" to a problem that didn't exist.
| gambiting wrote:
| >>There is no centralized ID number, the closest is your
| social security number
|
| Until you find out that due to a cock up years ago the
| National Insurance numbers are not guaranteed to be
| unique, and you realize that somehow the best proof of
| identity British people have is a humble driving licence
| because DVLA is at least somewhat competent.
| pasc1878 wrote:
| Unfortunately I don't have a driving license as I am
| physically unable to get one by law.
| vidarh wrote:
| It's even worse now: A lot of places now accept PDF's of
| things like bank statements, since so many people don't
| get paper copies any more.
|
| It's not that it was hard to fake before if you wanted
| to, but when you can just get a real PDF as a starting
| point, and edit it slightly it's just theatre.
| astrange wrote:
| It doesn't have to be perfect. This is how financial
| regulation works in the US too, but it does work. The
| idea is that every individual step is weak, but it's a
| crime to bypass any of it. So the deterrence is you can
| catch things probabilistically and most people don't want
| to commit a whole bunch of crimes at once because they
| all have individual punishments.
| dfghjk4 wrote:
| Identity shouldn't be tied to a private institution that
| requires you to have a bank account to login.
|
| Two of the well-used solutions to identity in the U.S. are
| login.gov (government-managed) and id.me (private, but used
| by government). Basically to get setup, at some point you
| have to have physical presence to get an actual government-
| approved physical ID, which can still be a barrier to some,
| but it doesn't require a bank account.
|
| Just don't implement your own like Discourse and Tea.app.
| hnthrowaway7483 wrote:
| > Discourse
|
| Another victim of auto-correct!
| masklinn wrote:
| > Just don't implement your own like Discourse and
| Tea.app.
|
| FWIW discord did not implement their own (sensibly), but
| since the british government does not provide this
| service it basically mandates possibly dodgy middlemen.
|
| My understanding is that discord uses (contracted?)
| https://www.k-id.com/
| close04 wrote:
| Whether it's a government controlled or private identity
| provider which can or has to provide data to the
| government, in the end it's still the perfect way to
| control what people do online. It's age restricted stuff
| at first, but can just as well be applied to any store or
| social media. Not so eager to express your dissent if it
| has your name stapled to it.
| morkalork wrote:
| >Identity shouldn't be tied to a private institution
|
| This right here. Just look at what happened with
| visa/mastercard _this week_ , private institutions can
| and will cave to special interest groups advocating to
| block access to legal content.
| W3zzy wrote:
| This is the way. Belgian banks joined forces years ago to
| create such a platform for identity verification and
| private companies can get granular acces when needed and
| after they are vetted. It's all based on the 2014 eIDAS
| regulation.
|
| https://en.m.wikipedia.org/wiki/EIDAS
| W3zzy wrote:
| Actually, they could release a platform quite easily that only
| delivers age verification, without anything else.
|
| For example, our id's have a qr on it that contains some basic
| info. Why not provide a platform for age checks with that qr?
| Anyway, fuck them. Education goes a lot further than trying to
| force identity verification on private companies when there is
| no real life threat in play.
| cedws wrote:
| That's exactly what pisses me off about it. The government
| could have at least devised a technical solution to verify the
| age of people privately. Data breaches happen all the time, do
| they just not care about the consequences when millions of
| peoples' porn watching habits are inevitably leaked?
| progbits wrote:
| Because that's their goal. Make you scared about using things
| that are even legal but private/embarrassing.
| Telemakhos wrote:
| It's a great first step toward making criticism of the
| government scary. Porn, hate speech, and other "legal but
| private/embarrassing" speech are the sharp end of the
| spear. When it's okay to restrict those, it becomes more
| easier to restrict political opposition.
| immibis wrote:
| Hate speech is only "legal but embarrassing" in the USA.
| Almost everywhere else it's illegal.
| astrange wrote:
| Nobody in the UK cares about "criticism of the
| government". That's a paranoid concept that only makes
| sense in a presidential system like the US.
|
| In Westminster systems you can kick out the government
| all you want and often do. The point of the
| constitutional monarchy is to separate the people you
| "shouldn't criticize" from the people who actually have
| any power.
|
| The reason they're doing this is that British people hate
| themselves, hate their children, and the purpose of the
| country is to take everyone's money and give it to
| pensioners.
| msla wrote:
| https://www.vice.com/en/article/queen-dies-protesters-
| arrest...
|
| > A man who was arrested by police in England for asking
| who elected King Charles III says he's worried that his
| arrest could have a "chilling effect" on freedom of
| expression in the country.
| astrange wrote:
| That's my point. King Charles isn't the government.
| Nobody thinks he is either.
|
| Keir Starmer is "the government" if you want someone. And
| he's at 27% popularity.
| tim333 wrote:
| It's to reduce kids exposure to porn and the like. Does it
| really matter if it can be hacked?
|
| In the old days the put the porno mags on the top shelf so
| kids couldn't read them. That was hackable too but it didn't
| matter much.
| Hamuko wrote:
| EU is also gonna require companies to verify ages but there's a
| white label application that EU member states can use.
|
| https://ageverification.dev/
|
| If I've understood it correctly, Pornhub can't see anything
| except that you've turned 18 (no names, no date of births,
| nothing) and your local government can't see that you've signed
| up for Pornhub using the app.
| stavros wrote:
| Yes, this is correct. As I understand it, the server asks the
| application some questions ("is the user above 18?" "are they
| a resident of country X?" or whatever), you confirm that you
| want to share the answer, and the application just gets "yes"
| or "no" to each question.
| Xelbair wrote:
| Yet it is still not a perfect solution. Arguably worse, for
| possible freedom of speech aspects, than current state.
|
| https://www.eff.org/deeplinks/2025/04/age-verification-
| europ...
| dom96 wrote:
| This really deserves a digital solution. Let me get a
| government account and generate tokens that websites can ingest
| to confirm I'm an adult (and other optional details about me).
|
| Having to use passports or poor solutions like face scanning
| isn't good enough. I guess the reason they don't do this is
| because they fear the cost, anything governments price up these
| days seems to be in the billion range. So the politicians who
| don't understand how cheap it is to build software assume it's
| way out of their price range.
| parsimo2010 wrote:
| When you place all the requirements on a software product
| like what the government has to, then it's going to be
| expensive. Anyone who thinks that the total cost of a privacy
| protecting, government accredited, widely available,
| reliable, audited, and domestically produced age verification
| system isn't going to be in the hundreds of millions has
| never actually shipped something comparable.
|
| It is literally illegal to slap a few lines of glue code and
| say "there's your age verification, look how cheap it is."
| The public would be happy about saving money right up until
| there's a massive privacy breach and all the ways you cut
| corners are exposed.
|
| I don't know if leaving the standards unspecified is the
| right thing to do (it's probably not), but don't pretend like
| a government verified solution could ever be cheap when
| dealing with citizens' identities.
| criley2 wrote:
| I disagree. This is exactly what happened with the initial
| launch of Healthcare.gov after the Affordable Care Act. The
| government spent hundreds of millions contracting a large
| firm that completely botched the site, it couldn't even
| handle a few hundred users at launch.
|
| Then a small team of highly skilled engineers from
| Google/Facebook etc were brought in to fix it. They
| stabilized and relaunched the system in weeks at a fraction
| of the original cost. It showed that the problem wasn't the
| complexity or the standards, it was how the project was
| managed and who was building it.
| zdragnar wrote:
| IIRC, it wasn't even that it contracted one firm, it
| contracted many, and the individual contracts were
| managed separately. None of the systems were actually
| required to work with each other in letter, only in
| spirit.
|
| The major advantage of bringing in the engineers (only
| one ex-googler, most were oracle and redhat, again IIRC)
| was that they were all already bigwigs and knew how to
| take ownership of large systems, and were given the
| authority to do so.
| kingstnap wrote:
| A small group of closely working skilled engineers would
| produce something more reliable and far less likely to have
| a privacy breach than the typical government contracting
| system.
|
| The idea that a small group of people can't produce
| something that can scale to millions of people is just
| false.
|
| It also wouldn't just be cheaper; it would be better. The
| "government" way of doing things would be far more likely
| to be broken glue code with privacy issues because all
| those committee meetings and bottom of the barrel
| contractor selection don't produce better end results
| hulitu wrote:
| > The idea that a small group of people can't produce
| something that can scale to millions of people is just
| false.
|
| No. Regards, Palantir, Microsoft, HP (and other
| government providers)
| benhurmarcel wrote:
| > A small group of closely working skilled engineers
| would produce something more reliable and far less likely
| to have a privacy breach than the typical government
| contracting system.
|
| Large technological companies are unable to pull this off
| either, it's unrealistic to expect it from a government.
| Spivak wrote:
| What are you talking about? The government gets to cheat
| and use the IRL ID verification they do already for
| licenses.
|
| * You create your account as part of your license renewal
| and have a normal-ass login. As part of that your account
| is manually marked as being 18+ (or just your age) by the
| person behind the counter.
|
| * The government publishes a few public certs which will be
| used to verify.
|
| * Then you go to your account page and click the button to
| generate a certificate signed by one of the government's
| private keys. The cert is valid for say 7 days.
|
| * You upload the cert to the website you want to access and
| the website validates it.
|
| Done. You make it illegal to provide your tokens to minors
| like it's illegal to provide booze to minors. Good enough
| for government work. It's literally just an EV cert.
|
| The problem gets a lot easier when you have a country wide
| IRL ID system already in place and can write laws.
| thfuran wrote:
| When you say "license renewal", you're referring to a
| driver's license? Not everyone has one of those.
| dylan604 wrote:
| > The problem gets a lot easier when you have a country
| wide IRL ID system already in place and can write laws.
|
| every time a country wide ID comes up, people freak the
| fuck out about state's rights and it being a power grab.
| people are already freaking out about RealID. it will
| take a very authoritarian system to force this through,
| yet it's the supporters of that leader that are the most
| vocally against it.
| Terr_ wrote:
| I don't think we can really trust in all those years of
| stated preferences, now that the revealed ones are so
| different. They folks who often say "States' rights" have
| always been the most willing to violate them if it gets
| them what they want.
|
| Meanwhile, the rest of us should have new fears of a
| National ID feature. Republicans in administrator-roles
| recently started corrupting federal databases,
| fraudulently _marking living people as dead_ [0] in order
| to kill their accounts, while firing the people who
| pointed out it was flagrantly illegal.
|
| It doesn't require any imagination for the same bad
| administrators to illegally disable National ID logins
| because you posted something that hurt the cult-leader's
| feelings. The feature cannot be made safe if the
| framework is still open to crooks.
|
| [0] https://www.cbpp.org/blog/trump-and-doge-claim-power-
| to-fals...
| Henchman21 wrote:
| Hard disagree. The Right Wing Noise Machine freaks out.
| That is not what people generally think. That's what
| they're TOLD to think, by people who have an agenda to
| sew discontent.
| Alifatisk wrote:
| Tim Berners lee thought about this solidproject.org
| anon7000 wrote:
| Oh no, then the government will know how old I am!! (/s)
| wood_spirit wrote:
| They will also know your habits and kinks etc.
| tzs wrote:
| It can be done in a way that prevents that.
|
| Briefly, the government can give you a digital copy of
| your driver's license or passport or whatever that can be
| bound to a hardware security key you have. Most modern
| smartphones have a suitable security key built.
|
| To verify your age for a site a zero-knowledge proof
| (ZKP) can be constructed for the site to prove that you
| have that document, it says your age is above the
| threshold needed for the site, and that you have the
| hardware key it is bound to, and you were able to unlock
| that hardware key. Nothing else is revealed to the site.
|
| Note that once the government issues that digital ID
| bound to your security key they are out of the picture.
| They have no idea what you use that ID for or when you
| use it.
|
| Google has released an open source library to help with
| this kind of system, discussed here [1].
|
| [1] https://news.ycombinator.com/item?id=44457390
| pixl97 wrote:
| > They have no idea what you use that ID for or when you
| use it.
|
| Eh, at least until they require all sites to ensure all
| posts and pictures are signed by a valid digital ID. You
| know, to prevent terrorism.
| beeflet wrote:
| >Most modern smartphones have a suitable security key
| built.
|
| Breaking any security key weakens the whole system
| beeflet wrote:
| not with zero-knowledge proofs!
| Henchman21 wrote:
| What makes you think they don't already?
| immibis wrote:
| Problem: the millisecond this system is rolled out, personal
| data will be attached to it, not least because I'm just going
| to generate unlimited 18+ tokens and sell them for $10 apiece
| Larrikin wrote:
| You don't need to identify the user, just be able to show
| that two tokens are the same user and invalidate, log out
| both users, and make them generate a new token. You can
| sell your license to kids today, but it doesn't scale and
| is a terrible idea to give a kid an ID to a place you
| frequent.
| MBCook wrote:
| The solution is easy. A government national ID.
|
| The US refuses to do this, so we get a mess. Every state has
| different drivers license, Social Security numbers aren't
| secure at this point, most people don't have passports.
|
| But if there was a true national ID, the government could
| provide APIs to verify those. Then these kind of things would
| be easy for the apps/sites.
|
| All of that obviously ignores the problems in privacy from
| doing any of this in the first place, etc. i'm starting to
| think I'm on the side of our national ID given how much of a
| mess everything is with our current patchwork. But I
| certainly wouldn't want to be giving it over to random sites.
|
| We have sort of accidentally set up a system in which
| verifying someone's age is a really really hard problem. If a
| credit card number or trying to use a photograph are the best
| tools we have it's clear this doesn't work.
| brendoelfrendo wrote:
| This is one of my biggest issues with pretty much any ID
| verification legislation. If the Gov wants to enforce ID
| verification, it is incumbent on the Gov to bend over
| backwards to ensure that everyone impacted is given a free,
| secure ID. I refuse to accept any situation where someone
| is excluded from public participation because they can't
| afford or are otherwise unable to acquire an ID.
| MBCook wrote:
| I agree. It's a problem we already have.
|
| Drivers licenses are the de facto one today. You can also
| get an id card for those who can't drive.
|
| But it's fully incumbent on you to do it. You have to
| arrange transportation to get it, have the free time,
| necessary documents, live close enough, etc.
|
| That already causes problems for people, and is getting
| worse as voter ID laws get passed.
|
| "Everyone gets an ID once you've figured out these
| riddles three and gone on a quest" is a stupid system.
| Iulioh wrote:
| If you are trying to find someone who did it, in Italy we
| have "IO" (bad name for SEO purposes but hey....) and
| that's basically it.
|
| It mostly works.
| sapphicsnail wrote:
| I'd rather have a mess than allow the federal government to
| have more power over me. I'm trans and I would have to out
| myself every time I needed to show ID if I had to give up
| my state driver's license. I like not having to worry about
| getting harassed whenever I want to go to a bar.
| MBCook wrote:
| I hear you. I really do.
|
| I like the idea of a way of verifying who you are (in
| that you're a real person) and age (so you could prove
| ability to do 18/21+ things).
|
| I see no reason why random companies/etc would need to
| know gender identity, name, etc.
|
| None of that is relevant to buying alcohol. If they need
| something, e.g. name on a mortgage, then maybe it's
| optionally provided, under my control. I don't know.
|
| I'm not seriously suggesting we do this. They were clear
| downsides _before_ the last 10 years made all of them
| ridiculously clear.
|
| It's more I hate the current mess and wish something
| nicer existed. I think it's fixable _in the abstract_.
| But even if we had a good idea for a better system I
| don't know how we'd get there. Between sovereign citizen
| nuts one side who don't think there should ever be any
| way to prove they ever existed, to people like you with
| very clear and good reasons for fearing changes it just
| seems impossible.
| zahlman wrote:
| My understanding has been that any form of national ID
| (beyond a passport) is a complete non-starter in US political
| discourse, and it's all handled at the state level. Not so?
| 2OEH8eoCRo0 wrote:
| Why should the govt provide a way to verify? They should fine
| companies that violate. Companies will figure how to comply
| because they don't want to be fined.
| vidarh wrote:
| The problem is that said companies have no interest in doing
| more than the barest minimum to keep the details safe.
| DaSHacka wrote:
| Because then you get situations like OP and that happened
| with Tea?
| skybrian wrote:
| The Apple and Google wallet apps have ways to add your id, but
| the web apis aren't widely available yet.
|
| Here's Google's doc:
|
| https://developers.google.com/wallet/identity/verify/accepti...
|
| Looks like it will support zero knowledge proofs?
| MBCook wrote:
| A ton of states also don't support it.
|
| I, for example, couldn't add my driver's license even if I
| wanted to.
| skybrian wrote:
| Yeah, it's more about the future. Maybe in a year or three,
| you'll be able to write a website that does age
| verification using a standard web API, without processing
| any identity documents yourself, and expect it to work.
|
| And sometimes kids will put fake ID's on their phones, or
| borrow a phone, but that's not your problem.
| hhh wrote:
| I think the way discords setup works is reasonable. It's an on-
| device model that only submits the outcome of the scan to the
| platform.
|
| I hope they just improve that performance, rather than see this
| and back out of it entirely and require ID checks.
| edm0nd wrote:
| I think this is the correct way too.
|
| Some of the age verification systems that use digital ids
| (mDLs) do the same thing but people freak out about how they
| work because I think they misunderstand the tech.
|
| They system basically asks the mDL via an api call "is this
| user above the age of 18/21" and the app only responds with a
| yes or no. It doesn't pass the users fulls details over or
| anything like that.
| MattPalmer1086 wrote:
| Do these systems prevent linkability or allow the use of
| pseudonyms?
|
| As in, if I repeatedly ask for age verification to the same
| service, does it know:
|
| 1) the identity of the user making the request, and 2)
| whether repeated requests comes from the same user (even if
| they don't know who it is?)
| rumblefrog wrote:
| Could you point to the source of the on-device model? Moreso
| for curiosity.
| michaelt wrote:
| No, but I can tell you that the moment you open the browser
| console, it stops scanning and marks the scan as failed.
|
| The vendor is https://www.k-id.com in Discord's case
| a2128 wrote:
| That just seems like a standard anti-tampering measure, I
| don't think it necessarily means the model is local or
| anything
| michaelt wrote:
| https://www.k-id.com/post/adapting-discord-for-the-uk-
| online... says that:-
|
| _> Identity documents are deleted after a user's age
| group is confirmed, and the video selfies used for facial
| age estimation never leaves their device._
| Retr0id wrote:
| On-device models are excellent for privacy, but they are
| fundamentally broken from a security perspective. Preventing
| people from spoofing the results would involve locking them out
| of their own devices, via DRM.
| hhh wrote:
| I understand, and think that there's an acceptance criteria
| for some level of fraud tbh.
| FergusArgyll wrote:
| Paging @patio11
| immibis wrote:
| You're treating this as a computer security problem when it's
| actually a political problem. It doesn't _have_ to work to be
| mandated. It doesn 't even have to work, for everyone to get
| a pat on the back and a raise for implementing it. Keeping
| minors away from porn isn't the point, the point is more like
| to scare people about being surveilled so they voluntarily
| won't watch it.
| subscribed wrote:
| Hardware attestation would be enough to clamp down on almost
| anything, ensuring the hardware and the os guarantee the
| outcome is not manipulated.
|
| Not the broken anti-competitive Google play store integrity
| (which is passing for any handset not patched for the last 8
| years but with Google buttplug in it, effectively nullifying
| assurances from the attestation), but a proper hw
| attestation.
| Retr0id wrote:
| You just described DRM
| astrange wrote:
| DRM mostly explicitly does /not/ function that way.
|
| If you jailbreak an iPhone you can still use store apps
| and watch movies. You don't think that's just because
| Apple forgot about it, right? Or because the movie
| studios are merciful? They definitely aren't. It's
| because they think it'd be illegal to lock you out over
| it.
| Retr0id wrote:
| You are mistaken. DRM can work in a variety of ways but
| that is absolutely one of them.
|
| Apple doesn't attestation as part of their DRM (afaik)
| because it wouldn't be very useful. An iOS jailbreak
| requires the kind of exploits that would break
| attestation anyway, so it adds little value.
|
| Movie studios could require strong hardware attestation
| for playback, but in doing so they would limit the set of
| compatible devices. They are in fact a little merciful
| (if only because they care about their bottom line).
|
| > It's because they think it'd be illegal to lock you out
| over it.
|
| I wish.
| Der_Einzige wrote:
| That's the point!
|
| We want a broken and easily bypassable system that only
| exists to make do-gooders think they did good.
| amoshi wrote:
| >It's an on-device model that only submits the outcome of the
| scan to the platform.
|
| And that's why it's been bypassed already
|
| https://x.com/Pirat_Nation/status/1949036664132657225
| leshenka wrote:
| No way discord has enabled devtools haha
|
| On the other note, can one attach chrome devtools to any
| electron application?
| jfyi wrote:
| It was available with ctrl+shift+I for forever in their
| desktop client. It only changed in the last 2 years or so.
|
| Pretty sure it's just a flag somewhere to re-enable.
| codedokode wrote:
| Age verification should be made on OS or firmware level when
| buying a device. And not by sending your passport scan to random
| companies with dubious data collection practices.
|
| A law must mandate that an "adult" version of OS (or device) may
| be sold only to adult users. It is not difficult for
| Microsoft/Apple to implement this yet they do not want to for
| some reason.
|
| This would allow more reliable age verification, without
| revealing identity of account owners. Well, maybe the govt wants
| exactly the opposite.
| herbst wrote:
| I can tell how this would be implemented. Microsoft rolls their
| own awkward standard nobody asked for. Other major companies
| try to use a somewhat common standard.
|
| The Industrie enforces new rules and suddenly it costs $150000
| and has awkward requirements to get your OS certified adult.
|
| For the years to come only the most recent windows versions and
| customer devices like phones will work. No Linux will pay to
| get a standard they haven't asked for. Embed devices will stop
| working as more and more stuff gets simply flagged "adult only"
|
| Just don't ... :)
|
| Edit:// see Silverlight, or why it took years until something
| like Netflix was even legally technically possible
| valenterry wrote:
| Listen to that guy!
| PartiallyTyped wrote:
| Denmark does it by sending you to a government-owned website,
| which then uses two factor authentication and responds back
| verifying one's identity.
|
| I don't understand why other countries can't do the same.
| crooked-v wrote:
| The US in particular doesn't have a national identity system
| in the first place because the Republican party has opposed
| the concept for a long timr for various reasons both
| ideological ("mark of the beast" claims are less of a thing
| these days but have been made in the past) and political
| (having a patchwork of systems makes voter suppression and
| stochastic disenfranchisement of undesireables easier).
| Without that, any kind of unified verification system is very
| unlikely to happen.
| uamgeoalsk wrote:
| It's worth being careful with broad characterizations like
| this. Attributing complex policy opposition to fringe
| beliefs or bad faith motives oversimplifies the issue and
| shuts down good faith discussion. Whatever one's views,
| that kind of framing isn't helpful.
| dpkirchner wrote:
| But in this case it's absolutely true -- I've yet to see
| any other reason for Republicans to be opposed to
| national IDs. Have you?
| astrange wrote:
| The funny thing is voter suppression doesn't actually help
| either party consistently over time. Right now the marginal
| voter is Republican, and so are all the "low-information"
| voters (this is the polite term politics people use for,
| you know.)
|
| So voter ID laws would make them lose every election. But
| of course, that's not permanent either.
| HelloMcFly wrote:
| Would Passports not be considered a "national identity
| system"?
| Yeul wrote:
| The Netherlands has this system but it is ripe for abuse. We
| still have a few Christ clowns and there's a big fascist
| party at the moment.
|
| How about we don't make lists of people visiting porn sites?
| How about we accept that children are part of society and not
| try to put them in little cages like songbirds?
| Etheryte wrote:
| Tangential discussion, one thing I like a lot about the
| Netherlands is that it's not common to flaunt wealth, at
| least not as much as in some other countries. For all their
| other flaws, isn't this something that comes from the
| protestants? Or is there a different historical background
| here?
| PartiallyTyped wrote:
| I am fairly certain it can be done in a zero-knowledge way,
| but regardless, parents should be taking care of this.
| npteljes wrote:
| Children are part of society, but adults need to have their
| space to do their adult things, some of which are actually
| hurting children. The "little cages" are actually supposed
| to aid a healthy mental development.
|
| But whatever age-verification solution I have seen so far
| sucked, really badly. And I can't believe people promote
| something like a government based age check. People need
| their privacy.
| Barrin92 wrote:
| >How about we accept that children are part of society and
| not try to put them in little cages like songbirds?
|
| It's the correct idea but the way it should be done is by
| coming to a democratic consensus that helicopter parenting
| is bad, not by attempting to hobble the infrastructure of
| government. If only for the practical reason that it'll
| simply be outsourced and privatized. In US states where the
| police can't scan license plates, there's a private
| industry doing that and then selling the data back to the
| police. The same result but now you pay a premium.
|
| Lee Kuan Yew was fond of making this point. Weak
| "horizontal" administrations will creep in ways that are
| more opaque and without checks than strong "vertical" ones.
| maccard wrote:
| The UK doesn't have any form of identity that can be used
| like this. There's a very very vocal group of people who
| oppose the idea to the point that it hasn't gained traction.
| ndsipa_pomu wrote:
| I wouldn't describe myself as a very very vocal person, but
| I'm not a fan of the UK introducing identity cards as it
| would almost certainly be misused by the government and the
| data would be leaked as the UK government is utterly
| incompetent (when it comes to computers).
| Jigsy wrote:
| Yeah. They left unencrypted child (benefits?) information
| on a train once.
| zarzavat wrote:
| There's three groups:
|
| First, a vocal minority of security freaks lead by Tony
| Blair who think that forcing everybody to carry ID cards
| around is a proportionate way to protect Britain from
| terrorists, illegal immigrants and other foes.
|
| Second, a large proportion of the country who think that
| the introduction of optional ID cards is a slippery slope
| towards the first group getting what they want.
|
| Third, another large proportion of people who think that
| the risk of the first group getting what they want is
| overblown, or else think that the convenience of being able
| to prove identity more easily outweighs the inconvenience
| of having to carry an ID card around everywhere.
|
| In the great ID card battle of the late-00s, the second
| group won decisively and politicians have been too scared
| to take up the issue ever since. Except for Blair, but
| having the face of your political campaign be a war
| criminal is of negative value to that cause.
| subscribed wrote:
| Voter ID rears its ugly head.
|
| It's compulsory now so it's doable. Especially since voter
| registers are available to certain companies* regardless of
| the voters' consent.
|
| *eg political parties, credit bureaus.
| codedokode wrote:
| This is a first step to shutting down anonymous accounts -
| here in Russia for example the account must be linked at
| least to a phone number or to a government ID and I see no
| reason why other governments don't want to do the same.
| valenterry wrote:
| Oh god no. We need to _absolutely_ stop making OSs more
| restrictive than they already are. There are better solutions.
| snerbles wrote:
| The California legislature is already working on forcing
| operating systems to attest the age of the user at the
| account level. See the recent _gut-and-amend_ of AB1043 [0],
| which was a privacy bill [1] just a few months ago:
|
| > _This bill would require, among other things related to age
| verification on the internet, a covered manufacturer to
| provide an accessible interface at account setup that
| requires an account holder, as defined, to indicate the birth
| date, age, or both, of the user of that device for the sole
| purpose of providing a signal regarding the user's age
| bracket to applications available in a covered application
| store and to provide a developer, as defined, who has
| requested a signal with respect to a particular user with a
| digital signal via a real-time application programming
| interface regarding whether a user is in any of several age
| brackets, as prescribed. The bill would define "covered
| manufacturer" to mean a person who is a manufacturer of a
| device, an operating system for a device, or a covered
| application store. The bill would require a developer to
| request a signal with respect to a particular user from a
| covered manufacturer when that user requests to download an
| application._
|
| > _This bill would punish noncompliance with a civil penalty
| to be enforced by the Attorney General, as prescribed._
|
| [0] https://legiscan.com/CA/text/AB1043/2025 [1]
| https://legiscan.com/CA/text/AB1043/id/3134744
|
| If you want to know more about this lovely bait-and-switch
| tactic used by the Golden State's legislature, see here:
| https://californiaglobe.com/uncategorized/gut-and-amend-
| bill...
| supriyo-biswas wrote:
| I've often talked about in private settings about how
| running open source OSes and DRM-free setups would likely
| become illegal in the future. With every passing day this
| vision seems closer to reality.
| LocalH wrote:
| The slowly boiled death of general-purpose computing
| beeflet wrote:
| A slow-boiled GNU with a hardened kernel, and a side of
| salted hashes please
| subscribed wrote:
| _" you must be a terrorist or a child abuser if you're so
| afraid of security... Unhackable phone? What are you
| hiding? "_
|
| Add several big TV shows, op-eds in national press and
| it'll start shifting even without the laws.
|
| My money is on the UK leading the charge.
| codedokode wrote:
| First, there are too many brackets, second, I think the age
| should be set by a store, not by the user because obviously
| all kids will state that they are over 18.
| codedokode wrote:
| Uploading your passport to a random company is a worse
| solution, and it is being rolled out now.
| can16358p wrote:
| Am I the only one who sees website appear for a split second and
| become completely blank white?
|
| (iOS Safari)
|
| Okay turning off content blockers did the trick. AdGuard was
| blocking the whole site for some reason.
| jimbobthemighty wrote:
| No - on a chromebook as well
| nottorp wrote:
| The one good thing about the stupid age verification is it
| stimulates thinking outside the box in kids :)
| IshKebab wrote:
| Not really - only _one_ kid has to think outside the box. They
| others just copy.
| avodonosov wrote:
| Who can think submitting biometrics online is in user's interest?
| userbinator wrote:
| Ironic that this comes at a time when AI-generated pictures are
| getting better and better.
|
| Personally, I will never use Discord and they just gave me
| another reason not to.
| silisili wrote:
| Maybe I'm old. Well, no, I am relatively old.
|
| Either way, when I see a person or business advertise a Discord
| link, I immediately think of either as immature.
|
| I miss the days of forums, and wish something like them could
| thrive again instead of rather private, but importantly
| ephemeral chats.
| ekianjo wrote:
| its seems even more self defeating when its a FOSS project
| whose only way to connect with the community is a Discord
| space.
| michaelt wrote:
| _> I miss the days of forums, and wish something like them
| could thrive again instead of rather private, but importantly
| ephemeral chats._
|
| Open source projects have long had ephemeral chats, private
| to the people in the chat at that moment - it just used to be
| called IRC.
| macintux wrote:
| Except there were open, archival solutions for IRC for
| projects to take advantage of. Are there any for Discord?
| foresto wrote:
| And they have also long had places for collecting
| persistent, searchable information alongside their IRC
| presence; usually public bug trackers and/or forums.
|
| It has become all too common for a project to offer _only_
| Discord, which not only makes all community-collected
| information more or less ephemeral, but also locks it away
| behind some corporation 's ever-changing terms and
| conditions, some of which are onerous.
|
| GP's complaint is not that ephemeral chats exist, but
| rather that there is often nothing else.
| soulofmischief wrote:
| I've been hired and have hired people through the Discord
| community. It's no different than Hacker News in this
| respect, where I've done the same. Professionalism is
| orthogonal, though I will agree that ephemeral chats have
| serious drawbacks for project-oriented communities.
| hofrogs wrote:
| You can read HN without an account, and making an account
| doesn't require providing a phone number. (Discord in some
| cases locks you out of an account entirely if it thinks
| that you are "suspicious" until you provide a one-time sms
| code from a phone # that satisfies them)
| DecoySalamander wrote:
| If this story reflects poorly on anyone, it's on Britain, not
| Discord.
| subscribed wrote:
| Could me MUCH, MUCH worse, they could use Epic's service like
| Bluesky does.
|
| This Epic, which famously had to pay half of billion USD
| settlement when they got caught for law breaking (collecting
| personal data without consent. Clearly against the law, because
| they knew they're collecting details of children) :
| https://www.exterro.com/resources/blog/data-privacy-alert-ft...
| pacifika wrote:
| Several articles say that Ofcom has said platforms must not host,
| share, or permit content encouraging the use of VPNs to bypass
| age checks, adding that parents should be aware of how VPNs can
| be used to bypass the Act.
| makerofthings wrote:
| All those parents that couldn't use parental controls to limit
| what their children see in a browser are not suddenly going to
| start policing VPNs. This is terrible legislation wrapped in
| terrible advice.
| ndsipa_pomu wrote:
| That annoys me as the VPN isn't necessarily bypassing the age
| check, but instead is allowing the person to pretend that they
| don't live in a country with stupid laws. I mean, Ofcom might
| as well warn parents about cheap holiday websites that
| encourage people to bypass the age checks by flying to a sane
| country.
| immibis wrote:
| Yes? I expect that "take a weekend to France to bypass age
| verification" and "subscribe to NordVPN to bypass age
| verification" are both legal while "take a weekend to France
| to see the Eiffel tower" and "use NordVPN to increase your
| security" are both legal.
|
| Did you never wonder why VPN ads don't really list any actual
| use cases, yet they're wildly popular? If you know what you
| need it for, the ad doesn't have to tell you - just has to
| tell you which company to give your money to.
| jrockway wrote:
| VPN ads do list actual use cases. The most popular one I've
| heard is geolocation-based pricing on airline tickets.
|
| (I still don't really know what people are _actually_ using
| VPNs for.)
| hofrogs wrote:
| For instance, VPNs are popular in Russia, people use them
| to access YouTube, Instagram and other platforms banned
| by the regime.
| IshKebab wrote:
| VPN ads talk about bypassing streaming region locks all the
| time.
| IshKebab wrote:
| Yeah the funniest thing is that Ofcom said:
|
| > Concerned parents, it said, should block or control VPN
| usage.
|
| Hilarious. I wonder if they realised...
| mgaunard wrote:
| I've seen formerly free content platforms now require a payment
| of 2 GBP to prove your age.
|
| Ridiculous.
| johnisgood wrote:
| Pocket change. :D
|
| And yeah, absurd.
| 2OEH8eoCRo0 wrote:
| Something that's occurred to me is that we are already
| deanonymized and tracked everywhere online but most people are
| fine with it because it's done secretly and transparently (you
| don't notice). Age verification w/ something like a license
| online brings the issue front and center. It's not hidden that
| you are not anonymous online and people freak out.
| phendrenad2 wrote:
| There's a lot of hype around age verification by letting AI look
| at the user's face. But everyone has met someone who was 28 and
| looked 16, or vice versa. It's not exactly uncommon. A few genes
| go wrong and you get some weird facial features that throws off
| our perception of age. Guess what? Our brains are just neural
| nets trained on data. So AI will fail in exactly the same way.
| isoprophlex wrote:
| "Open your mouth to verify your age"
|
| Not that different from "Drink a verification can to continue".
| Hilariously dystopian.
| beeflet wrote:
| The best part is that this is going to work for about 5 days
| until someone develops a computer model of a face that can
| simulate the inside of the mouth. Then we have two problems!
| marcosdumay wrote:
| Oh, very soon only computers will be able to generate
| "realistic" enough images. Just like solving captchas.
| zahlman wrote:
| Part of the point of the "verification can" story is that users
| were being forced into additional consumption (in multiple
| senses).
___________________________________________________________________
(page generated 2025-07-26 23:01 UTC)