Since a lot of miscellaneous online accounts are reacting glibly to the idea that states like California and Colorado could force Linux to bake forced age verification into the kernel, my instinctual response is to a) disregard the opinions of smug computer guys because they’re usually libertarians and b) consider which vectors these laws will actually be enforced through. There is a clear sweeping effort to implement these policies, so I assume the effect will be somehow tangible.
Since I’m doing self-study for IT certs at the moment, I’ll list out all the ways I can think of off the top of my head, though some, if not most, will be overcomplicated/inefficient. Disclaimer that I am only doing some investigating here and relying on my prior experience/knowledge otherwise (reason: eepy) so do not take this as anything definitive/inherently correct. I’ll try to skip over the ones that have the same vector of implementation/execution (I.E. where are they enforced through?)
- Client-side:
- via hardware/manufacturers - controls on boot loaders via boot-restriction mandates, so that commercial laptops and desktops sold in the US are required to ship with UEFI firmware that refuses to boot un-American operating systems.
- via OS distributors - operating systems/distributions made by companies operating in the US are required to integrate age verification protocols into their onboarding experience in order to continue operating/doing business in the US, or in order to avoid fines. Microsoft, Apple and Google would probably already be on board with this from the jump, so what’s a few rankled Linux distro maintainers going to do? Not comply? Time to pack your shit and move, then! Now you can’t access the consumption core as a market anymore. Sucks to suck!
- via browsers - Browser controls. This is how it could transmit your information reliably to web servers. Google is based in the US, Mozilla is based in the US, Apple is based in the US. Chrome (plus all US-based Chromium forks), Firefox and Safari now ship with a process that verifies you have a digital ID registered on your device, prompts you to register one if you don’t, and locks you out until you do.
- Server-side:
- via websites/applications - All social media (or even all sites/apps) operating out of the US are legally required to validate against a digital ID protocol baked into your operating system, routed in via your Freedom-Compliant Browser as a mandatory fingerprint that you can’t not expose. If the digital ID is determined to be not present, either through subversion or non-compliant software, you cannot access the site. This would probably be selectively enforced w/ regards to penalizing the sites themselves, because otherwise Silicon Valley throws a tantrum, but it would force your browser to expose your age at best and your identification hash (or however they would decide to implement the protocol such that you are a traceable entity) at worst.
- Social enforcement:
- on an individual level - Even if it’s not ‘truly enforceable’ if you find a hack that lets you bypass it because you know how your device works, it could be used as a charge-stacking/pinning vector for dissidents, call it Digital Identity Fraud.
- on a corporate level - Most of them will pre-comply, but if they don’t, just declare their products non-compliant with the law and treat them accordingly, killing their legitimate revenue and forcing all non-compliant systems underground so laymen decide it’s not worth the trouble of navigating even if it’s better for them, like piracy
Ultimately this is just me theorizing with my limited half-finished A+ cert study knowledge and general tech understanding, but I tried to engage the thought experiment on how this could be turned into something tangible as best I can.
I’d like to turn this over to people who might know more than me here. Is my idea of how this might be implemented (if done competently) consistent with the underlying tech, or am I misunderstanding some things? What other vectors might be used here? If these new bills pass, does anything change for us? What could our approach be individually/as a site/as a movement? What behavioral changes should we implement with regard to our internet usage as precaution? Would appreciate answers to any of these bits, even individually. Thus far the only approach that I can think of on 5 hours of sleep is the correct approach and has always been the correct approach and that is to 
but I’m curious if and how we can struggle against the furthering of the panopticon as targets of it.
Be ready to cease all illegal/incriminating activities on the internet. No more fedposting, anything illegal in your jurisdiction which could include posting/reading about trans healthcare and womens healthcare.
Be ready to delete your social media accounts, and ones that you might not care about (especially corpo social media) you should probably delete soon if you haven’t already. Especially if you are engaged in the above sorts of activities.
Get ready to print and share physical media for agitation, education, and propaganda. Do such activities off a computer that is not connected to the internet.
Organize now.
It absolutely blows my mind that people still have real corporate social media accounts as their actual selves.
I don’t think it’s feasible tbh, not without killing self-assembled pc as such, and offline installations are requirements in some fields, so like eh.
Browsers might be more viable, but then again - if a price of absence of id verification is google docs don’t work - whatever, shitty css readers can be done with a box of scraps
Phones are absolutely possible, despite efforts, i don’t think even f-droid will bypass some hardware locks, but i use my phone as a normie simulator anyway, banks/bills/news/music/games
What is more hopeful, there is nothing better on the horizon of hardware physics, after 16a by tsmc there is basically abyss of 3% improvements via infinite money, carbon nanotubes are fucked for now, germanium is nuts both from thermal and price, optical stuff is nowhere near ready or feasible for logics, so like next hardware could easily be as good as it gets for a decade (although you can see that already in gpu, if one ignores upscaling, which is software side anyway, outside of fp8 buildout logics, to say you got more teraflops), and might all be snatched up by data center perverts anyway.
Phones are evolving, but like due to material advances with oleds and folding, cameras are basically same with neural networks doing the lift (some of which i can even be describe to be neutral, but something like samsung upscaling pixelated moon from screens already shows we are going into platogooncaves), batteries are slowly improving, but processors are all stalled out. Although we are getting satellites guided
dronesphones, but that again is infrastructure outside of the phone itselfEmbrace boomer side and don’t change shit for 2 decades is what im saying.
They’re already here. When my drivers license expired I had to go in to the office to get a new one even though I had been assured it could be renewed online.
The RealID act requires facial ID scan. The last time I entered the US I didn’t even have to have my passport inspected. I just held it up so they could see it was blue and I was in the right line and walked right on in. Used to be the officer would ask you a few questions just to see if you sweat.makes me wonder about server infrastructure implications too. are companies that use dozens or hundreds of servers for large-scale services gonna have to submit an id to each of them…??? who’s id?
there’s so little thought that goes into the enforcement of this
I imagine the requirement will be that you’ll have to get verified with one of the major SSO providers (Microsoft, google, Facebook), and there’d be a de facto legal requirement that most services will have to support SSO through them.
Europe already has a digital ID system that just uses public key cryptography. It doesn’t require a central server other than the government signing server when you create the digital ID. I think the US might have something sort of similar that isn’t as well known. https://ec.europa.eu/digital-building-blocks/sites/spaces/EUDIGITALIDENTITYWALLET/pages/712508927/Security+and+Privacy
Yeah, but I don’t see the US implementing anything unless it enriches big tech or a military contractor.
Exactly lol! All the stuff the US has implemented so far is just insecure, anti-privacy, poorly designed crap. The digital ID stuff Europe developed is the obvious system if your goal was actually just providing age verification.
I think you forgot a level. Imagine you can buy an age verification token at the local supermarket or liquor store. You need to be 18+ (or 16+ or whatever the age requirement is in your country), and they hand you a piece of paper with a QR code printed on it. You scan that QR code on your device and it gets a code that proves you’re old enough. The device then forwards that code to any app that wants to check your age.
Advantages:
- It’s fully anonymous. You buy the code at the supermarket, where they hand you a random code and don’t scan the individual code’s code; So at a later time, even if law enforcement tried, they could not figure out what code was handed out to what person at the supermarket cashier.
- It’s cheap. Both for the supermarket and the user. It’s a piece of paper, what could it possibly cost? And the user has to go grocery shopping anyways, so that’s on the way.
Disadvantages: None. I can’t think of any.
Why bother with any of that?
If it was about age verification instead of surveillance, it’s all very easy:
- Require websites to respect a parental controls token sent by the browser. They’re already requiring websites to do age verification, this is much less intrusive.
- Require browsers to send a parental controls token if set by the parent.
- Require browsers to use an OS-level parental controls token if set.
- That’s it. There’s no reason to require that every OS supports OS-level parental controls.
And if a kid happens to buy a laptop out of the back of a car without their parents knowledge specifically to look at porn, why the hell would anyone ever care.
The theoretical disadvantage is that you could very easily purchase them for other people to use who aren’t 18. Of course this whole premise is bonkers so anything that undermines it is good.
You have the same problem with alcohol today. How is that being dealt with?
This is a made up problem for a made up solution whose actual goal is the creation of a personal data panopticon. My preference is the strangulation of this thing in its crib, but it goes without saying that the people in charge who are forcing this shit wouldn’t want such an obvious workaround to exist.
These laws mark the official shift from hegemonic neoliberalism toward full on technofeudalism, attempting to ever address them in good faith is a major mistake.
Well, if we were operating in good faith, we would make standardized parental control protocols that can interface with devices, accounts, browsers and websites and allow parents to input the ages of personal device/account user ages in their “family” and take on community-recommended age-gating suites. Like a uBlock filter list for restricting content. Then we would fund childcare resources and community centers/activities in order to dampen and share the burden of parenting for people who cannot dedicate enough time to monitoring their child’s internet activity, or are too drained to do so after their work day. We would treat this as the isolation and time/energy problem it is, rather than having the sites manage you and yours.
I am assuming they are operating in bad faith because the current implementations of this standard are being backed by Peter Thiel. Therefore, I think this is a means to strengthen the surveillance state and is an attempt to kill internet pseudonymity in order to create a chilling effect for dissent/track and subvert dissidents, as Palantir and DHS are already trying to do with ELITE and ICE. Per another co-founder of it, Palantir is an explicitly political corporation aimed at killing communists:
which, if they have their way, will semantically creep into anyone who believes in anything that constricts or punishes or even criticizes the actions of anyone in the Epstein Files.
Imagine you can buy an age verification token at the local supermarket or liquor store. You need to be 18+ (or 16+ or whatever the age requirement is in your country), and they hand you a piece of paper with a QR code printed on it. You scan that QR code on your device and it gets a code that proves you’re old enough.
Maybe I’m missing something, but I’m not sure why the legislation would be written in such a way that this meets the requirements. It feels like it bypasses all the things the state would want out of it.
This is indeed very clever
