How is hitting the library an act of rebellious defiance? Getting a library card requires an ID and proof of address. The library then tracks which books you've signed out. Unless you're reading the books inside the library without signing them out.
Certainly, but I think you need to have a library card to use the computers.
I do see folks who look homeless using the computers, so I assume there must be a special accommodation for them.
But, if you’re just a regular middle class joe looking for anonymity on the internet, I don’t think the library is the place for you—it’s tied to your library card which knows your address, and anyway what would you want to be private that you would be ok to broadcast in an open library setting? Nobody watching corn or browsing whatever successor to Silk Road.
Usually the login screen says something about fairly restrictive terms of use, even for the WiFi on a personal device, and I don’t know if you can install software on the library computers.
When I look around at library patrons using the computers, it’s usually lower income folks applying to jobs or similar, and people playing chess.
You can. You just have to ignore all the privileged people being annoyed that they have to see you. They love posting on Nextdoor about how much they hate homeless people.
My library, at least, is fanatical about their patron's privacy.
I don't know what their retention time is on circulation records, but beyond aggregate statistics for culling materials that aren't circulating I bet it isn't too long. Now I want to go check.
My library also only keeps 24 hours of video surveillance because they didn't want to be able to fulfill requests from the cops for footage of patrons. I really liked that.
Edit: In the patron portal it permits me to disable "borrowing history" and says it permanently deletes my records. I do contract IT work for them so next time I'm engaged I'll ask about the details. They're moving to Koha later this year (free / open-source ILS) so I could go look at the code to see what it does (which is nice).
On the theme of their privacy fanaticism:
Over a decade ago the library got a grant to do outdoor public WiFi in the park behind their building. As part of that grant they needed to report the number of distinct users using the WiFi each day. Their UniFi controller tracks MAC addresses of associated stations. I used a query against the underlying MongoDB to get the usage reports to satisfy the grant.
To minimize the potential of tracking individual users the library director had me write a script to grovel thru MongoDB, do a SHA-1 hash of each public MAC address tracked concatenated with a randomly-generated salt for that day, then write back the first 48 bits of the hash over the original MAC. The library gets their daily statistics and long-term traffic trend data, they don't double-count associations for the same device in the same day, but they can't track individual people over a span of multiple days.
Now that devices randomly-generating MACs are mainstream it's much less necessary. I thought it was really cool she thought this. (The whole salting/hashing bit was my idea. She just wanted to be able to fulfill the grant reporting requirements amd be unable to track people.)
A library is supported by local property taxes, so requiring proof of residence serves a practical purpose. Of course they are going to track loaned books too. This is not the same thing, by any stretch. If they are somehow making that information available beyond the scope of the library system it is a breach of trust.
The anti-authoritarian, anti-government, anti-fascist, anti-capitalist music genre punk rock? Always right wing?
I mean, Nazis have always been attracted to punk because they like the loud noise but are too stupid to understand lyrics, but they tend to get their shit kicked in by punks more often than not. I don't think that's the same thing.
The Ramones were divided politically, if I remember rightly. One of them was on the moderate right.
In the UK, there was also the Rock against Communism movement which came out of the far right faction of punk and was a response to Rock against Racism.
Has always been anarchical, so in essence it's in opposition to any form of authority that's predominant at the time. It makes zero sense to call it left or right wing.
I'm not sure "social media" is the best example. You've never had complete freedom of speech on there.
It's been true for decades in the USA that if they want to arrest you, they will. The age verification doesn't make this situation better, but at this point it's almost just a formality.
Freedom of speech is contextually misunderstood. It's about political speech and the commons. Social Media is overwhelmingly private space, subject to contract terms and conditions. It may be a de-facto commons to some people but I do not believe this axiomatically, or legally makes it so, for the purposes of law and constitution. Law and constitutional bounds on speech online hit the international nature of the media very quickly.
Extra-territorial issue are huge here. What is the limit of the boundary on a given nations constitution and law? How much does the economy of the user, the hosting company, the owning company, the receiving parties matter?
Social Media has advertising and publishers. It has people who can effect editorial control over what is seen and by who and to who it is "said" -And that imposes obligations on them, and on people lodging content. Differentially depending on their economy, the reach of law, registration of legally incorporated entities.
All of this is being implemented somewhat haphazardly internationally, enforced differently, subject to legal and financial and social pressures differently depending on the times and the context.
If you want to ask questions about America, about Americans, using American companies, speaking to Americans, believe me you don't neccessarily have a simpler task here. It may well be clearer to some of you, but to me, its just as fraught.
It's just not clear to me "free speech" is the bastion rule which applies here. The EFF may think so, I don't think they have actually demonstrated it all the way to the end.
My privacy is already decimated. For 2 decades we’ve already known about the NSA slurping up everything[1] on top of the Snowden leaks.
Then you have the mega corps like Facebook who can figure out every detail about you even from merely _not_ using their system because of the hole you leave in your social network that does use them.
The only privacy left is from anonymous troll farms claiming to be an American while talking about how the Texas oblast is valuable for its warm water ports.
I am fine for privacy on consumption of content, but you should be forced to identify yourself for posting so the common man at least has a chance to evaluate your statements instead of being misled, all while, as stated above, our governments and corporations don’t have that limitation.
Can you link said research? I have never seen anything but division pushed by anonymity.
Also again, the corporations and governments(for certain levels of government like the members of the Five Eyes) can pierce this veil of anonymity, the people who have a lot to lose already are risking it by speaking.
Edit: this also isn’t a newly diagnosed phenomena, I remember seeing this satirical description of the behavior as a kid back when Web 2.0 and social media was starting to change the internet[1]
> ...you should be forced to identify yourself for posting...
The Supreme Court has repeatedly held that the right to anonymous speech is inherent in the first amendment [1] [2]. See also The Federalist Papers or Common Sense, without which the US might not exist at all.
That’s pre the ability for foreign actors to engage in our public square en masse. I think technology has changed the situation.
Free speech absolutism that ends up in creating an environment where real speech is drowned out by lies is not valuable to me. It’s like the paradox of tolerance.
The first amendment doesn't have a clause that exempts Americans from anonymous speech if it's possible a foreigner could inadvertently take advantage of the freedom too.
You may as well advocate for no one to be allowed to drive cars because of the possibility of someone getting into a car accident.
Or (in case you're a fan of the second amendment) - advocate for guns not being allowed to be sold to law-abiding citizens because of the possibility of the gun later working its way into the hands of someone who would use it for a mass shooting.
Freedoms exist with the understanding that both positive and negative consequences can result from them. The argument is that the good vastly out-weighs the bad and are worth preserving.
> The first amendment doesn't have a clause that exempts Americans from anonymous speech if it's possible a foreigner could inadvertently take advantage of the freedom too.
Cool, ignore my point about technology changing the situation. I assume you’ll ignore Jefferson talking about how the constitution should be changed every 19-20 years because the world changed.
> You may as well advocate for no one to be allowed to drive cars because of the possibility of someone getting into a car accident.
That’s the literal reality with mandated car insurance. If you don’t have car insurance you can be banned from driving. What was your point here?
> Or (in case you're a fan of the second amendment) - advocate for guns not being allowed to be sold to law-abiding citizens because of the possibility of the gun later working its way into the hands of someone who would use it for a mass shooting.
I’m not an advocate for the 2nd amendment since the majority of people I’ve met advocating for it as a defense against tyranny are full throated proponents for the tyrannical leaders because they don’t like the cultural norms of anyone outside their tribe. I can’t think of a single 2nd amendment advocate who is ready to stand up to the government against rights violations and would be happy to hear from you of an example.
> Freedoms exist with the understanding that both positive and negative consequences can result from them. The argument is that the good vastly out-weighs the bad and are worth preserving.
Yea, the freedom to swing your fist ends at my nose. Freedom of speech to explicitly lie like Steve Bannon organized and many others using the “flood the zone” strategy seems to the be at the end of my nose. If you are actively lying to manipulate me or others knowledge of reality, that is not feee speech, that’s Machiavellian manipulation.
> Cool, ignore my point about technology changing the situation. I assume you’ll ignore Jefferson talking about how the constitution should be changed every 19-20 years because the world changed.
The Constitution doesn't have a "except when technology gets advanced enough" clause either. I checked.
You wanting the Constitution to change is something else entirely - and that's not what you're advocating for.
> That’s the literal reality with mandated car insurance. If you don’t have car insurance you can be banned from driving. What was your point here?
I fail to see what car insurance analogizes to here.
>Yea, the freedom to swing your fist ends at my nose. Freedom of speech to explicitly lie like Steve Bannon organized and many others using the “flood the zone” strategy seems to the be at the end of my nose. If you are actively lying to manipulate me or others knowledge of reality, that is not feee speech, that’s Machiavellian manipulation.
Speech is not violence. Comparing it to violence diminishes the suffefing and harm faced by people who have been a victim of violence.
You have the freedom to pay attention to whatever you want to - as do media outlets and political consultants.
Why should the entire country suffer because the media frequented by political-news-saturated people is so easily disatractable? They have the option to just...not...cover irrelevant nonsense.
It's not the option they choose to take though. See: The reflecting pool news cycle.
And I _can_ climb to the top of Mount Everest theoretically but it’s highly unlikely given the real world constraints.
I’d prefer a pragmatic solution and there is no pragmatic solution that gives us privacy back given the government and megacorps ability to pierce the vast majority of forms of privacy. The only thing anonymous speech is getting us currently is being manipulated by bad actors who are lying about their position.
I fundamentally do not want a world where I get the bad ends of both sides of semi anonymous speech where the government and megacorps know everything about me, but I just have to trust the account I am speaking to isn’t a bot or a worker in some foreign psyop shop, or even domestic psyop shop, lying to me.
I do not value free speech if it functionally disabled via the amount of lies permeating it. Free speech is useless if it’s nothing but a sea of “flood the zone” lies with the intent to make the truth unknowable, like how Russia or actors like Steve Bannon have manipulated the public square to be.
So much bad speech / misinformation is not anonymous, look at the kind of stuff the US President, Admin, and Gov't are proud posting, or the left/right-wing influencers. Forcing "papers please" on everyone is not going to meaningfully change the situation (imo). It will give the autocrats an inch and then they will take more. Eventually they will be able to police online speech.
---
From: On Tyranny by Timothy Snyder, Chapter 1 title & intro
Do not obey in advance.
Most of the power of authoritarianism is freely given. In times like these, individuals think ahead about what a more repressive government will want, and then offer themselves without being asked. A citizen who adapts in this way is teaching power what it can do.
I am not obeying in advance. My privacy was obliterated with the government before I could even vote, with the data science of mega corps, and with the double digit number of times companies leaked my data based on have I been pwned numbers.
I am not under the impression I have any sort of privacy on the internet anymore, other than from other regular civilians.
What I have to deal with is bots, foreign actors, and domestic actors all flooding the zone with lies that I cannot discern from the truth but that companies and the government can.
Making posting a non anonymous activity equalizes the playing field between me and governments/corporations.
If you are arguing that we should keep this thin skin of anonymity that doesn’t stop the bad actors, then I assume you just want them to keep power or that you don’t actually believe that they have managed to track our behavior.
> My privacy is already decimated. For 2 decades we’ve already known about the NSA slurping up everything[1] on top of the Snowden leaks.
If you were correct, there would be no need for them to push these new laws. The fact is, you will have less privacy after these identification requirements are fully enforced.
I’m glad this is finally becoming the cause célèbre du jour. This feels like THE FIGHT or at least one of the TOP 3 THE FIGHTS and it hasn’t had even a fraction of the public’s attention until now.
>I’m glad this is finally becoming the cause célèbre du jour.
It really isn't, though. Don't mistake the internet for reality. The majority of people in the US and Europe support laws like these, and most of the rest don't care.
Even on Hacker News the consensus is mostly in favor of anything from age restriction to making all social media illegal.
The main issue is that they are very careful not to frame it like that. In broader contexts, it's always framed as something like "do you favor limiting children's access to social media" without a word on what it would cost to actually institute such a ban.
You can end all wars and eliminate hunger if you point the Death Star at us and kill all life on earth. If someone objects to the collateral damage, remind him that when you said "world peace and no hunger at all costs," you meant all costs.
You don't necessarily have to be in favor of any measures which reduce adult privacy to be in favor of that. Logically speaking, the liability for minors accessing age-gated products and services is the person who provides those products and services to the minor. In the case of the internet, that person is the parent, not the ISP or the website. It is the parent who contracts with the provider and then forwards the product to the unauthorized user, the child. A parent who purchases, say, access to porn and then provides that access to their child is no different than a parent who buys booze and provides access to it to their child.
> if anything we are seeing what a good idea taking kids off social media is and how crazy we allowed this to all happen for so long
We're not seeing anything of the sort, and couldn't possibly for some time yet.
What we are seeing, as evinced by the article, is how ineffective these laws are at actually keeping kids off social media, and how effective the mass collection of identity data is at creating an environment for scammers, hackers, data brokers and the means for widespread political oppression.
Exactly. You frame these things in the general case and HN is against it because obviously it's evil.
You frame it as "we've come up with a composite score (social credit) that lets us more efficiently enforce [stuff HN likes but the population likes way less]" and it's mostly all cheering and the one guy with principals is downvoted and flagged.
>The majority of people in the US and Europe support laws like these
okay then, show us a poll where the majority answers "yes" to an unambiguous question like "are you in favor of having to provide your ID or scan your face to access the Internet?"
"The majority of people in the US and Europe" support laws against drugs, for example, but would likely object to having their cavities searched three times a day.
It won't be an issue until mainstream media makes it one. Since the media is owned by right wing billionaires, that media will reflect the biases and interests of those billionaires - many of which own internet platforms that would benefit from knowing the exact identity of every single user.
So if they know, then why all the fuss and the the need to enforce ID on the Internet? Just for the heck's sake?
Ah, that's for legitimization. In other words, "by producing your digital ID, you herein fully acknowledge the fact that you're a slave to the system in which all we knew about you illegaly, is now known legally"?
There are at least some technological solutions here, such as anonymous credentials. [1] Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users.
Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats.
>Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users.
If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?
No, I'm meant me, using my 18+ ID to generate a bunch of tokens that can't be linked back to me, and then giving it to random < 18 year olds for the lulz.
There are multiple approaches. One, which the Europeans use, hardware-locks the token. Each age attestation is unlinkable, but the cryptographic credentials you need to make the attestation aren't portable. Of course, this model requires a big statist apparatus that does implementation certification, but it does achieve the narrow goal of unlinkable, privacy-preserving age attestation that doesn't instantly decay to mass copying.
Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.
There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.
> as anonymous digital currency and use cryptographic penalties like slashing
Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for any buyers to trust any sellers.
The best outcome here is going to rest on getting people to agree that "good enough" is the best outcome. We want a system that gets the broad social results (e.g. less brain-rot in the kids) without being so impossibly strict and overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.)
> At least until the issue become important enough
I'm not talking about minimizing effort or deferring decisions.
What I mean is that there are conflicting and competing goals, where you need to accept that one of them must not be prioritized over all the others, because the overall outcome will be worse.
I'm not familiar with this, but what your describing sounds similar to the hardware DRM keys used for protecting 4K streams from being downloaded from Netflix.
If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here.
I'm probably wrong on this though I'm out of my depth
Because those <18 year olds will immediately flip and identify you to the cops to try to lighten their punishment.
The anonymous crypto token scheme does not have any trace-back mechanism like this at all. If there's no way to track those tokens back to you, why not sell them for $1 each on the internet to make some extra money?
Yes, this breaks the whole scheme. Anyone promoting it as a solution is delusional. There's a triangle of "robust", "private", and "practical" and you can only pick two. This one omits robust. The various mitigations people might suggest in response will have to sacrifice one of the other dimensions.
This seems to come up in every discussion, in practice it’s irrelevant both because it’s too complicated for normal people to understand, and because the point of all this nonsense really is identification so anything that defeats that will be a non starter.
It doesn't have to be too complicated for normal people to understand.
Majority of people understand their SIN or SSN number or whatever, they understand they have a drivers license number. This could be built in such a way that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested
Every government has been working on ways to identify and target individuals online since as long as the internet has existed. Governments are incentivized to continuously increase control. Why would you assume this is not yet another escalation towards their goal of being able to track and silence anyone who pushes back?
I didn't comment at all on what the governments goals are
Edit: I agree with you 100%, but the fact that governments want to track people online has no bearing on how technically possible it is to build a system where they can't
An anonymous internet auth system (probably) won't get built, but it is possible to build
> that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested
During COVID, there were protests about "vaccine passports" and masks. My state legislature tried introducing bills that would outlaw such things. In 2024, in several states (including mine), legislators introduced bills that would outlaw mRNA (and every vaccine made from it) [0]. REAL ID took almost 2 decades to get every state to implement it until the feds threatened to close all (commercial) airports in states refusing to implement it.
Notes:
0 - every year one of my legislators introduces a bill to outlaw chemtrails. This year, he added the plot of Termination Shock to his bill.
As you say, it's doubtful governments want it to be private. So we should expect them to not use these kind of elegant solutions, and the public is generally not sophisticated enough to distinguish between the options already.
There's two strong incentives - deanonymization for law enforcement is pretty useful so that's one. You want to make it easier to subpoena information about posters for various reasons, access to stores on different dates etc. Lots of reasons for that.
And you want to satisfy voters who are worried about children online or have heard scary things about anonymous criminals. You want to be seen to do something about those.
A distant third is that you want the system to be cheap and built up fast and relatively easy so voters don't complain about it.
All together this leads you to something like "any time a site needs to verify your age (based on this broad list of requirements) put in your government ID number / picture". The infrastructure already exists for that, banks need it, social media needs it, and the current president has agitated for it a few times now. If you're really aiming high you set up some digital ID attached to it that's easier for the users.
>There's two strong incentives - deanonymization for law enforcement is pretty useful so that's one.
When you say it like that it sounds less scary than "deanoymization so the government can track down people saying things it doesn't like." Let's not forget the UK has more people in jail for things they said on the internet than Russia and China put together.
Yeah the wording is a little broad, but the UK would call that law enforcement too.
Depends on your state and laws and you can look around at how that's going - maybe you'll have brought a first aid kit to the wrong event or helped print some zines and they want to check up on you now.
The problem is that you still have to trust something you don't control and can't verify that the technological solutions are correctly implemented and applied.
Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.
There is no in-between for ZKP validating someone's age.
the truth is that the two extremes you listed can be titrated.
if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another.
What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?
Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?
ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.
the same thing that prevents them from doing reuse right now: platform detection mechanisms. the difference is that right now the identity of the subject is known whereas with ZKP (nullifier approach) only the dirty token is known and where that token was used.
So....what exactly would platform detection mechanisms be basing their decisions off of that wouldn't defeat the entire privacy-preserving premise of ZKP?
Wait - so you're advocating for use of a persistent identifier tied to a person? How is that any different than what advertising networks do right now beyond giving them additional guaranteed information of your age bracket?
To clarify - it's not cryptographically necessary to present the same token for each and every transaction and serves to categorically defeat the entire privacy guarantee of ZKP.
It also makes it trivial to associate your ZKP token with your real identity.
I do see folks who look homeless using the computers, so I assume there must be a special accommodation for them.
But, if you’re just a regular middle class joe looking for anonymity on the internet, I don’t think the library is the place for you—it’s tied to your library card which knows your address, and anyway what would you want to be private that you would be ok to broadcast in an open library setting? Nobody watching corn or browsing whatever successor to Silk Road.
Usually the login screen says something about fairly restrictive terms of use, even for the WiFi on a personal device, and I don’t know if you can install software on the library computers.
When I look around at library patrons using the computers, it’s usually lower income folks applying to jobs or similar, and people playing chess.
I don't know what their retention time is on circulation records, but beyond aggregate statistics for culling materials that aren't circulating I bet it isn't too long. Now I want to go check.
My library also only keeps 24 hours of video surveillance because they didn't want to be able to fulfill requests from the cops for footage of patrons. I really liked that.
Edit: In the patron portal it permits me to disable "borrowing history" and says it permanently deletes my records. I do contract IT work for them so next time I'm engaged I'll ask about the details. They're moving to Koha later this year (free / open-source ILS) so I could go look at the code to see what it does (which is nice).
On the theme of their privacy fanaticism:
Over a decade ago the library got a grant to do outdoor public WiFi in the park behind their building. As part of that grant they needed to report the number of distinct users using the WiFi each day. Their UniFi controller tracks MAC addresses of associated stations. I used a query against the underlying MongoDB to get the usage reports to satisfy the grant.
To minimize the potential of tracking individual users the library director had me write a script to grovel thru MongoDB, do a SHA-1 hash of each public MAC address tracked concatenated with a randomly-generated salt for that day, then write back the first 48 bits of the hash over the original MAC. The library gets their daily statistics and long-term traffic trend data, they don't double-count associations for the same device in the same day, but they can't track individual people over a span of multiple days.
Now that devices randomly-generating MACs are mainstream it's much less necessary. I thought it was really cool she thought this. (The whole salting/hashing bit was my idea. She just wanted to be able to fulfill the grant reporting requirements amd be unable to track people.)
Write your own books.
Make your own music.
I mean, Nazis have always been attracted to punk because they like the loud noise but are too stupid to understand lyrics, but they tend to get their shit kicked in by punks more often than not. I don't think that's the same thing.
In the UK, there was also the Rock against Communism movement which came out of the far right faction of punk and was a response to Rock against Racism.
What???
- Brother Mouzone / Ed Burns & David Simon, The Wire (2003) S2E10 "Storm Warnings"
The scene is apparently on YT, though ... you'll have to sign in to confirm your age to view it best I can tell:
<https://www.youtube.com/watch?v=pCioIwagYxM>
(If this link works, you'll get the full unbowdlerised quote. For those unfamiliar with the series, the speaker is Black.)
It's been true for decades in the USA that if they want to arrest you, they will. The age verification doesn't make this situation better, but at this point it's almost just a formality.
Extra-territorial issue are huge here. What is the limit of the boundary on a given nations constitution and law? How much does the economy of the user, the hosting company, the owning company, the receiving parties matter?
Social Media has advertising and publishers. It has people who can effect editorial control over what is seen and by who and to who it is "said" -And that imposes obligations on them, and on people lodging content. Differentially depending on their economy, the reach of law, registration of legally incorporated entities.
All of this is being implemented somewhat haphazardly internationally, enforced differently, subject to legal and financial and social pressures differently depending on the times and the context.
If you want to ask questions about America, about Americans, using American companies, speaking to Americans, believe me you don't neccessarily have a simpler task here. It may well be clearer to some of you, but to me, its just as fraught.
It's just not clear to me "free speech" is the bastion rule which applies here. The EFF may think so, I don't think they have actually demonstrated it all the way to the end.
Then you have the mega corps like Facebook who can figure out every detail about you even from merely _not_ using their system because of the hole you leave in your social network that does use them.
The only privacy left is from anonymous troll farms claiming to be an American while talking about how the Texas oblast is valuable for its warm water ports.
I am fine for privacy on consumption of content, but you should be forced to identify yourself for posting so the common man at least has a chance to evaluate your statements instead of being misled, all while, as stated above, our governments and corporations don’t have that limitation.
[1] https://en.wikipedia.org/wiki/Room_641A
Also anonymity can actually improve social media polarization (see Chris Bail’s research)
Also again, the corporations and governments(for certain levels of government like the members of the Five Eyes) can pierce this veil of anonymity, the people who have a lot to lose already are risking it by speaking.
Edit: this also isn’t a newly diagnosed phenomena, I remember seeing this satirical description of the behavior as a kid back when Web 2.0 and social media was starting to change the internet[1]
[1] https://www.penny-arcade.com/comic/2004/03/19/green-blackboa...
The Supreme Court has repeatedly held that the right to anonymous speech is inherent in the first amendment [1] [2]. See also The Federalist Papers or Common Sense, without which the US might not exist at all.
[1] https://www.law.cornell.edu/supremecourt/text/362/60
[2] https://www.law.cornell.edu/supct/html/93-986.ZO.html
Free speech absolutism that ends up in creating an environment where real speech is drowned out by lies is not valuable to me. It’s like the paradox of tolerance.
You may as well advocate for no one to be allowed to drive cars because of the possibility of someone getting into a car accident.
Or (in case you're a fan of the second amendment) - advocate for guns not being allowed to be sold to law-abiding citizens because of the possibility of the gun later working its way into the hands of someone who would use it for a mass shooting.
Freedoms exist with the understanding that both positive and negative consequences can result from them. The argument is that the good vastly out-weighs the bad and are worth preserving.
Cool, ignore my point about technology changing the situation. I assume you’ll ignore Jefferson talking about how the constitution should be changed every 19-20 years because the world changed.
> You may as well advocate for no one to be allowed to drive cars because of the possibility of someone getting into a car accident.
That’s the literal reality with mandated car insurance. If you don’t have car insurance you can be banned from driving. What was your point here?
> Or (in case you're a fan of the second amendment) - advocate for guns not being allowed to be sold to law-abiding citizens because of the possibility of the gun later working its way into the hands of someone who would use it for a mass shooting.
I’m not an advocate for the 2nd amendment since the majority of people I’ve met advocating for it as a defense against tyranny are full throated proponents for the tyrannical leaders because they don’t like the cultural norms of anyone outside their tribe. I can’t think of a single 2nd amendment advocate who is ready to stand up to the government against rights violations and would be happy to hear from you of an example.
> Freedoms exist with the understanding that both positive and negative consequences can result from them. The argument is that the good vastly out-weighs the bad and are worth preserving.
Yea, the freedom to swing your fist ends at my nose. Freedom of speech to explicitly lie like Steve Bannon organized and many others using the “flood the zone” strategy seems to the be at the end of my nose. If you are actively lying to manipulate me or others knowledge of reality, that is not feee speech, that’s Machiavellian manipulation.
The Constitution doesn't have a "except when technology gets advanced enough" clause either. I checked.
You wanting the Constitution to change is something else entirely - and that's not what you're advocating for.
> That’s the literal reality with mandated car insurance. If you don’t have car insurance you can be banned from driving. What was your point here?
I fail to see what car insurance analogizes to here.
>Yea, the freedom to swing your fist ends at my nose. Freedom of speech to explicitly lie like Steve Bannon organized and many others using the “flood the zone” strategy seems to the be at the end of my nose. If you are actively lying to manipulate me or others knowledge of reality, that is not feee speech, that’s Machiavellian manipulation.
Speech is not violence. Comparing it to violence diminishes the suffefing and harm faced by people who have been a victim of violence.
You have the freedom to pay attention to whatever you want to - as do media outlets and political consultants.
Why should the entire country suffer because the media frequented by political-news-saturated people is so easily disatractable? They have the option to just...not...cover irrelevant nonsense.
It's not the option they choose to take though. See: The reflecting pool news cycle.
I’d prefer a pragmatic solution and there is no pragmatic solution that gives us privacy back given the government and megacorps ability to pierce the vast majority of forms of privacy. The only thing anonymous speech is getting us currently is being manipulated by bad actors who are lying about their position.
I fundamentally do not want a world where I get the bad ends of both sides of semi anonymous speech where the government and megacorps know everything about me, but I just have to trust the account I am speaking to isn’t a bot or a worker in some foreign psyop shop, or even domestic psyop shop, lying to me.
I do not value free speech if it functionally disabled via the amount of lies permeating it. Free speech is useless if it’s nothing but a sea of “flood the zone” lies with the intent to make the truth unknowable, like how Russia or actors like Steve Bannon have manipulated the public square to be.
---
From: On Tyranny by Timothy Snyder, Chapter 1 title & intro
Do not obey in advance.
Most of the power of authoritarianism is freely given. In times like these, individuals think ahead about what a more repressive government will want, and then offer themselves without being asked. A citizen who adapts in this way is teaching power what it can do.
https://ia801505.us.archive.org/11/items/on-tyranny-twenty-l...
I am not under the impression I have any sort of privacy on the internet anymore, other than from other regular civilians.
What I have to deal with is bots, foreign actors, and domestic actors all flooding the zone with lies that I cannot discern from the truth but that companies and the government can.
Making posting a non anonymous activity equalizes the playing field between me and governments/corporations.
If you are arguing that we should keep this thin skin of anonymity that doesn’t stop the bad actors, then I assume you just want them to keep power or that you don’t actually believe that they have managed to track our behavior.
If you were correct, there would be no need for them to push these new laws. The fact is, you will have less privacy after these identification requirements are fully enforced.
It really isn't, though. Don't mistake the internet for reality. The majority of people in the US and Europe support laws like these, and most of the rest don't care.
Even on Hacker News the consensus is mostly in favor of anything from age restriction to making all social media illegal.
That doesn't sound right. Put up a poll. I'd put money on 90%+ choosing some flavor privacy/anonymity on the internet.
https://m.youtube.com/watch?v=ahgjEjJkZks
We're not seeing anything of the sort, and couldn't possibly for some time yet.
What we are seeing, as evinced by the article, is how ineffective these laws are at actually keeping kids off social media, and how effective the mass collection of identity data is at creating an environment for scammers, hackers, data brokers and the means for widespread political oppression.
You frame it as "we've come up with a composite score (social credit) that lets us more efficiently enforce [stuff HN likes but the population likes way less]" and it's mostly all cheering and the one guy with principals is downvoted and flagged.
I can only say what I've observed from numerous threads - people's advocacy for privacy on the internet here does not extend so social media.
But OK this could be fun let's put my keyboard where my mouth is: https://news.ycombinator.com/item?id=48680434
Social media is full of astroturfing.
okay then, show us a poll where the majority answers "yes" to an unambiguous question like "are you in favor of having to provide your ID or scan your face to access the Internet?"
"The majority of people in the US and Europe" support laws against drugs, for example, but would likely object to having their cavities searched three times a day.
So if they know, then why all the fuss and the the need to enforce ID on the Internet? Just for the heck's sake?
Ah, that's for legitimization. In other words, "by producing your digital ID, you herein fully acknowledge the fact that you're a slave to the system in which all we knew about you illegaly, is now known legally"?
Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats.
[1]: https://blog.cryptographyengineering.com/2026/03/02/anonymou...
If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?
Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.
There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.
Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for any buyers to trust any sellers.
The best outcome here is going to rest on getting people to agree that "good enough" is the best outcome. We want a system that gets the broad social results (e.g. less brain-rot in the kids) without being so impossibly strict and overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.)
I'm not talking about minimizing effort or deferring decisions.
What I mean is that there are conflicting and competing goals, where you need to accept that one of them must not be prioritized over all the others, because the overall outcome will be worse.
If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here.
I'm probably wrong on this though I'm out of my depth
I'm surprised anyone considers this viable.
It would limit access to those sites to a limited set of acceptable devices and operating systems.
I couldn't use my laptop, desktop, or a jailbroken phone.
Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.
"Use this exact tor/vpn server"
>It would also throttle the number of identifications
So I can only wank off 5 times a day, or grant access to porn sites for 5 kids?
So I'm constantly grabbing new tokens from the government every time I go from work WiFi to my cellular internet to the train WiFi and then home?
Sounds like a fantastic point for capturing more tracking data.
> /geolocation.
Which means I have to send my geolocation data to apps to confirm I can use my token?
Don't want that either.
> It would also throttle the number of identifications,
And if I move around too much in one day or change networks too often, I'm unable to log into anything until tomorrow?
Every time you set up an account, would generally be the idea. So relatively infrequently.
No, you don't need to send it there.
The anonymous crypto token scheme does not have any trace-back mechanism like this at all. If there's no way to track those tokens back to you, why not sell them for $1 each on the internet to make some extra money?
You don't need to do anything technical. Log in, and hand over your phone.
<https://en.wikipedia.org/wiki/Straw_purchase>
Majority of people understand their SIN or SSN number or whatever, they understand they have a drivers license number. This could be built in such a way that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested
Edit: I agree with you 100%, but the fact that governments want to track people online has no bearing on how technically possible it is to build a system where they can't
An anonymous internet auth system (probably) won't get built, but it is possible to build
During COVID, there were protests about "vaccine passports" and masks. My state legislature tried introducing bills that would outlaw such things. In 2024, in several states (including mine), legislators introduced bills that would outlaw mRNA (and every vaccine made from it) [0]. REAL ID took almost 2 decades to get every state to implement it until the feds threatened to close all (commercial) airports in states refusing to implement it.
Notes:
0 - every year one of my legislators introduces a bill to outlaw chemtrails. This year, he added the plot of Termination Shock to his bill.
Bill to make "pureblood" a thing:
https://web.archive.org/web/20250118232059/https://apps.legi...
Bill to outlaw chemtrails & Termination Shock:
https://apps.legislature.ky.gov/record/26rs/hb60.html
And you want to satisfy voters who are worried about children online or have heard scary things about anonymous criminals. You want to be seen to do something about those.
A distant third is that you want the system to be cheap and built up fast and relatively easy so voters don't complain about it.
All together this leads you to something like "any time a site needs to verify your age (based on this broad list of requirements) put in your government ID number / picture". The infrastructure already exists for that, banks need it, social media needs it, and the current president has agitated for it a few times now. If you're really aiming high you set up some digital ID attached to it that's easier for the users.
When you say it like that it sounds less scary than "deanoymization so the government can track down people saying things it doesn't like." Let's not forget the UK has more people in jail for things they said on the internet than Russia and China put together.
Depends on your state and laws and you can look around at how that's going - maybe you'll have brought a first aid kit to the wrong event or helped print some zines and they want to check up on you now.
https://pa.media/blogs/fact-check/fact-check-international-d...
Don’t think that the claim stands up to scrutiny, since its comparing unlike things.
Checkpoint Charlie directly ahead, not that far down the road.
If you venture into No Man's Land you could be shot on sight.
Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.
There is no in-between for ZKP validating someone's age.
the truth is that the two extremes you listed can be titrated.
if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another.
there are some other trade offs that can be made.
What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?
Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?
ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.
tying multiple accounts and services together isn't ideal but its inarguably better than tying your real world identity to every single service.
To clarify - it's not cryptographically necessary to present the same token for each and every transaction and serves to categorically defeat the entire privacy guarantee of ZKP.
It also makes it trivial to associate your ZKP token with your real identity.