Computer Scientists Caution Against Internet Age-Verification Mandates (reason.com)
- Reference: 0180906080
- News link: https://tech.slashdot.org/story/26/03/04/197220/computer-scientists-caution-against-internet-age-verification-mandates
- Source link: https://reason.com/2026/03/04/computer-scientists-caution-against-internet-age-verification-mandates/
> Effective January 1, 2027, providers of computer operating systems in California will be [2]required to implement age verification. That's just part of a [3]wave of state and national laws attempting to limit children's access to potentially risky content without considering the perils such laws themselves pose. Now, not a moment too soon, over 400 computer scientists have signed an [4]open letter warning that the rush to protect children from online dangers [5]threatens to introduce new risks including censorship, centralized power, and loss of privacy . They caution that age-verification requirements "might cause more harm than good."
The group of computer scientists from around the world cautions that "those deciding which age-based controls need to exist, and those enforcing them gain a tremendous influence on what content is accessible to whom on the internet." They add that "this influence could be used to censor information and prevent users from accessing services."
"Regulating the use of VPNs, or subjecting their use to age assurance controls, will decrease the capability of users to defend their privacy online. This will not only force regular users to leave a larger footprint on the network, but will leave a number of at-risk populations unprotected, such as journalists, activists, or domestic abuse victims." It continues: "We note that we do not believe that trying to regulate VPN use for non-compliant users would be any more effective than trying to forbid the use of end-to-end encrypted communication for criminals. Secure cryptography is widely available and can no longer be put back into a box."
"If minors or adults are deplatformed via age-related bans, they are likely to migrate to find similar services," warn the scientists. "Since the main platforms would all be regulated, it is likely that they would migrate to fringe sites that escape regulation." With data on everyone collected in order to restrict the activites of minors, data abuses and privacy risks increase. "This in itself increases privacy risks, with data being potentially abused by the provider itself or its subcontractors, or third parties that get access to it, e.g., after a data breach, like the 70K users that had their government ID photos [6]leaked after appealing age assessment errors on Discord."
Instead of mandated age restrictions, the letter urges lawmakers to consider the dangers and suggest regulating social media algorithms instead. They also recommend "support for parents to locally prevent access to non-age-appropriate content or apps, without age-based control needing to be implemented by service providers."
[1] https://slashdot.org/~fjo3
[2] https://tech.slashdot.org/story/26/02/26/233213/colorado-lawmakers-push-for-age-verification-at-the-operating-system-level
[3] https://news.slashdot.org/story/25/10/13/1617250/three-new-california-laws-target-tech-companies-interactions-with-children
[4] https://csa-scientist-open-letter.org/ageverif-Feb2026
[5] https://reason.com/2026/03/04/computer-scientists-caution-against-internet-age-verification-mandates/
[6] https://yro.slashdot.org/story/25/10/08/2259252/discord-says-70000-users-may-have-had-their-government-ids-leaked-in-breach
And in Brazil... (Score:2)
And in Brazil its March 17. You have 12 days and a few hours to comply with the law of your Brazilian overlords. And the penalities are insane.
Stupid idea (Score:2, Interesting)
What a brain-dead idea to put the age-verification into the operating system. It's gonna have to rely on some external service for the verification anyway, so is this mandate to just require that the OS has a secure local cache for this information it obtains from an external source? At times the device will not have Internet access, so that's the only way to make it work. This whole identity-verification discussion that's been going on for years is incredibly stupid anyway. There's a very simple fix for i
Re: (Score:2)
> What a brain-dead idea to put the age-verification into the operating system. It's gonna have to rely on some external service for the verification anyway, so is this mandate to just require that the OS has a secure local cache for this information it obtains from an external source? At times the device will not have Internet access, so that's the only way to make it work.
To be fair, as long as the only purpose is to gate access to Internet sites, not having Internet access would mean that it doesn't need to work.
It has to be either in the OS or in the browser. Porn sites and browsers A. have perverse incentives to sell your privacy rights to the highest bidder and B. know what sites you are visiting. However, the browser at least has the technical ability to prevent the actual identity from ending up in the hands of the porn site. The porn site itself likely doesn't, and
Re: (Score:1)
> ...With your approach, the website knows who you are, knows what kind of porn you watch, because your identity is tied to your web browsing, and can take advantage of that to show very specific targeted porn ads for you when you visit other websites, can use it to extort you, etc.
> Mandating an approach like that would violate California's constitutional right to privacy, and any OS vendor or website that tried to do it that way could be held civilly or criminally liable.
No, with my approach the user would get bounced over to their chosen age verification provider (their bank), they'd authenticate, then the bank would give them an auth token signed by the bank with a claim that says they are '18 or over' and that's it. No name, no address, no nothing EXCEPT that they are indeed a legal adult. The browser would present that token to the over-18 only website which could verify the digital signature on it and trust the claim in it and let them in.
Computer Scientists Caution Against... (Score:2)
Erm, is it because they're O(n^2) ?
Ya, but ... (Score:3)
From TFA
> The California law requires, in part, that any "operating system provider" must "provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device ...
> Writing for PC Gamer, Andy Edser noted, "that's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure."
And the birth date / age you entered is verified how? This will be the sticking point on any OS. Verification for older teens and adults will require an official ID, which younger people won't have and elderly people may not have -- and it will have to authenticated somehow. Is everyone suppose to get a "ID.me" account just to use their home PC?
Re: (Score:2)
They are not verified. They throw a penalty for lying in ($2,500 per "accidental" violation and $7,500 per intentional), and there is a provision for allowing vendors to ignore the token if someone is obviously lying about age, but the actual token is never verified and there are no provisions to do so.
The primary goal of CA's bill isn't to stop underage kids from accessing content for adults. That's what it looks like on the surface, but the *actual* goals are:
1. Eliminate liability and complexity from mar
Re: (Score:2)
> The primary goal of CA's bill isn't to stop underage kids from accessing content for adults.
AKA: Nanny State. It would be one thing if adult (type) content was being forced on those underage, but it's not. So much for people taking responsibility for their own actions - and responsibility for their children.
What are the deepest floors of hell ? (Score:2)
I will tell you: These are floors full of Helen Lovejoys who think of the children. They have their special place there.
People want to be unfettered (Score:3)
You get to choose, but keep in mind that if you don't have any way to control the communication medium it will inevitably turn to shit as a kids trying to be edgy, corporations trying to profit, and governments trying to topple each other get involved without restraint.
In the end you won't really have the freedom you wanted, because the medium you wanted it in will be rendered useless.
Re: (Score:1)
> You get to choose, but keep in mind that if you don't have any way to control the communication medium it will inevitably turn to shit as a kids trying to be edgy, corporations trying to profit, and governments trying to topple each other get involved without restraint.
> In the end you won't really have the freedom you wanted, because the medium you wanted it in will be rendered useless.
Then all that will be left is a small cabal of social media platforms, a couple to a few media streaming networks and an OS to intravenously feed it all to you because "you don't know what's good for you anyway" while some other "network" hosts all the meaningful work?
Tech Laws (Score:2)
It's easy to make rules when you don't think about the consequences. These people think they'll be seen as the "defender of children" and not "the person who is making people sign into a fucking calculator".
Universal ? (Score:2)
Also whatever system will not work out because it will not be compatible with more or less exotic people, or people whose ID happen not to be from the USA (around 8 billion people...). The people making those laws are retarded. And voted by retards too.
The "think of the children" excuse (Score:1)
I suspect the downfall of a great many things have been and will be dismissed by "think of the children" buffoonery.
Not Enough (Score:2)
It's Not Enough to "Caution Against".
That language is TOO PASSIVE.
The correct and appropriate phrase is "HELL NO" and start tossing out 1st, 4th, 5th amendment claims IN COURT.
Functional Age-Verification for minors (Score:2)
would require the end to anonymity for all.
sumnub (Score:1)
somebody should point out to Noobsome that the liberals are supposed to stand for inclusivity and this is just stupidity
also who the fuck do you think you are, telling linux what to do.
Well, that's the point (Score:4, Insightful)
"[T]hose deciding which age-based controls need to exist, and those enforcing them gain a tremendous influence on what content is accessible to whom on the internet."
Never has the phrase, "it's not a bug, it's a feature" been more appropriate.
Re: (Score:2)
It's hard to keep one's kids safe on the internet. The little brats find ways of getting where they aren't supposed to be whenever you aren't around.
So, all parents have a natural incentive to make the Internet safer for kids. It makes things so much easier on them! And it aligns with their sense of decency too (you have so many other ways to get your hands on smut and violence and dangerous toys, you don't need all that on the internet too).
This does not mean that all parents push for legislation that w
Re: (Score:2)
This argument is so tired and so silly.
Look yes there are lazy parents that don't have a clue what their kids are doing, and are always seeking ways to dump the problem of raising their kids off on others. I am not going to dispute that.
There are lot more parents that want to be responsible, but lack any effective tools to do. Right now parental controls availible on inconsistently applied at best, snake oil at worst, and not aligned to their partents actual goals/views in a lot of cases. Sure their is Yo
Re: Well, that's the point (Score:2)
Amen. I've been screaming this at the wall of neckbeards on here for a long time.
Re: (Score:2)
There are lot more parents that want to be
responsible, but lack any effective tools to do.
Well, gee whizz... If only someone had thought of this problem already and created toolsets that can remotely manage devices. In fact, it'd REALLY be nice if *multiple* companies had already thought of this and rolled out multiple competing products. Of course... that's last-century thinking. Now that laptops and smartphones are ubiquitous, someone should ALSO have thought of a way to manage these mobile d
Re: (Score:1)
Or maybe, if you are not responsible, able, and prepared enough to be a competent parent, just wait to have kids until you are. There is no rush. Half the population has forty years. The other half has their entire lives.
Not about kids. It's about identity. (Score:2)
it's identity control, not age verification.