But still, it's very weird. You'd think this admin want to be able to round up people and disappear them with FISA court rulings, being able to spy on them first is usually the logical path.

They can purchase data from 3rd parties, but it is a felony to wiretap someone without the government asking you to. You need the user's cooperation to install an app with a nasty ToS or something of that nature. Lots of people are using VPNs too. This section is, from what I understand, what allowed them to add a "gag order" to the surveillance demand to companies as well? If they want google or apple to spy on someone without a warrant, this is the only way to force them without them making that information known to the public.

Current admin has demonstrated very clearly that they don't need excuses or plausible deniability. The only law is whoever is willing to stop them, which is, apparently, nobody.

Two - three? - people tried very directly but they were probably staged to justify him getting even more power.

The courts occasionally will stop them but it appears that just committing crimes as fast as possible still accomplishes 99% of their goals without any way to fix the results of the crime.

The courts will occasionally tell them to stop but they won't stop.

what are the chances of them caring so little, but implementing a dedicated signing server, HSM,etc..? even if they sign it, it will probably be done on the same web server.

i think Anthropic is playing too fast-and-loose with the whole "no publicity is bad publicity" schtick.

I think it's more of a workforce reduction technique in some areas. how much is the issue, and lots of "it depends" but even at a higher up-front cost, LLMs have higher value and less liability. Instead of offshoring/outsourcing for example, you can have the same local devs that were leading/managing the offshore teams manage LLMs instead. Or if you have 10 expensive devs making 200k, just halving that is a million/year. even if that million is spent on tokens (even double or triple that) it might not be that much outside of what they would have been willing to pay for more devs anyways if there was the need, except now they have to deal with less people to manage overall. less lawyers, less hr, less lawsuits, less hiring and promption costs, less insurance premiums. Even if the quality of the work is a whole lot less, they only care about a viable product being shipped, and how much the lower quality affects profit margins.

I'll say this, laws and regulation are sorely needed. all this hate against billionaires, ceos, ai-bros, whatever... might or might not be warranted, but it is fruitless. Redirect this energy to your law makers.

In China for example, they made it illegal to use AI for the sole purpose of replacing human workers. The CEOs aren't bad CEOs, they aren't great either, it depends on the outcome. There are scenarios where entire job roles can be replaced by LLMs, but for complex roles like developers, you always need some human devs still, but likewise, almost always less of them than before. However, although less devs might be needed to do the same work, in some cases LLMs open up possibilities that weren't there before, so more devs babysitting LLMs or working on designing/shipping more features is also a strong possibility.

I mean, companies aren't trying to simply save cost on employees, they also want to maximize profits. Less devs per feature isn't the same as less devs period.

Overall, I'll say that demand creates its own supply. The internet itself killed many job roles and reduced the number of people you needed for many others, but it's not like we have the huge unemployment many were afraid of decades ago, if anything it created lots of more jobs. LLMs simply can't do everything people can, so they're not a drop-in replacement, that alone should mean a lot in terms of supply/demand economics.

Have they never heard of "the boy who cried wolf"?

First of all, age verification is not mass surveillance, it is possible to verify your age without disclosing who you are to the site you're visiting, and without disclosing what site you visited to the government. There are even age verification services (and I do despise them fully, this should be a government provided service!) that use only facial features to determine your age (you can call it surveillance, but not "mass").

See, the thing is, no matter how good your intent is, no matter how noble your cause, if you use lies and half-truths to further your argument or resist change, it only serves to undermine it all. For example "They do not deserve surveillance," is so disingenuous, if a site is required to verify age, the only children whose age might be verified are those who might have been exposed to that harmful content otherwise anyways, they're not being selected for surveillance, no one is trying to spy on children (or could possibly benefit from doing so using this method, since it is so unreliable), but they're framing it as it is so.

This isn't like "DRM" or "the nsa is spying on everyone", and there is a big difference between Signal (how are they involved in all this? is this just opportunistic politicking?) being required to verify peer-to-peer messaging from a porn site or or a live-cam site for sex workers requiring both parties to be age verified (where children do get trafficked!!).

Don't get me wrong, I don't like the idea, i really hate it but the prevailing positions in areas of the internet like here is so irrational and unreasonable.

You can't flash your private parts at children, you can't take children to a strip club, they're required by law to check IDs (even night clubs are!!). if that same interaction happens on the internet, suddenly no age verification is needed?

Is it because this problem has been left unaddressed for so long that so many are just too used to "the old way of doing things" despite the ever increasing human suffering caused by lack of regulations and laws like this?

I hope legislators grow a pair and stand up to these tech-crusaders who will burn down the world so long as they feel their corner is safe and secure.

Shame on everyone who refuses to have a nuanced discussion on this and instead takes an all-or-nothing position against any sort of legislature that would reduce (not eliminate) the harm being done. To mean, such people are no different than catholics, teachers, administrators, and anyone else in a position to do something about harm against children but turned the other way because their little world would be too shaken otherwise. Hiding behind "mah privacy!!" doesn't absolve you of the responsibility to at least attempt to be nuanced about it, at least propose an actual solution instead of just "I don't what the solution is, but not this" or "parents are at fault, I don't care" or something lazy like that. I wish I didn't know that when it comes to their own interests, wannabe technocrats like these are ingenious in developing tech like homomorphic encryption, differential privacy and zero-knowledge-proofs; this isn't about anyone's privacy or mass surveillance, it's about preservation of the status quo, apathy and faulty slippery-slope fallacy thinking.

> it is possible to verify your age without disclosing who you are to the site you're visiting, and without disclosing what site you visited to the government.

I can't believe people are really okay with a system where you have to show your real face to access websites. Cameras on phones went from a novelty to a government mandate so you can be observed.

There are various other potential methods to verify one's age, all of which are forbidden by OFCOM. Account age, zero-knowledge proofs, key signing, some kind of OAuth thing, physical tokens that require proof of age to buy, etc. The only permitted ones require your to link your real-life identity. This is a huge boon to the intelligence services and law enforcement.

Even among the few permitted verification methods, there are obstacles. Each site usually provides only one verification method at one verification provider. You may have to trust a company you never heard of before. Sometimes the photo fails (maybe their system thinks you don't look old enough) and they ask for ID too, or the photo fails and you are locked out of verification. Some services only allow credit card verification (e.g. Steam), so if you have poor credit you aren't able to even view the store page despite being of age.

What I say is, we don't need any of this. For thirty or so years we had client-side optional Parental Controls, and it worked fine. Many adult sites voluntarily use a <meta name="rating"> tag to ensure sites are correctly identified. The ability of adults to access adult content was not impeded. Parental Controls work better than verification because 1) many sites will not deploy age verification, and 2) it's trivial to overcome photo-based ID by holding your device up to a picture of an adult on a television set.

> There are various other potential methods to verify one's age, all of which are forbidden by OFCOM. Account age, zero-knowledge proofs, key signing, some kind of OAuth thing, physical tokens that require proof of age to buy, etc. The only permitted ones require your to link your real-life identity.

This is just not true. See 4.17 here, for example [1]

[1] https://www.ofcom.org.uk/siteassets/resources/documents/cons...

> The only permitted ones require your to link your real-life identity. This is a huge boon to the intelligence services and law enforcement.

Then let's talk about THAT!! why is that not the discussion instead of "nah, we'll find a solution some other day, for now, let's not solve anything"??

> Even among the few permitted verification methods,

These laws are still being debated, what's permitted has not been decided, why is Signal not advocating for a privacy friendly alternative. Why are our options lose all privacy to the most horrible people ever who will do us harm versus let the children suffer!

> You may have to trust a company you never heard of before.

Why do I have to? Why can't the government itself issue something as simple as a timestamp CA certificate signature for a secret that expires every few weeks, requiring facial/ID verification directly with the government to generate a new secret? the site only needs to verify that the signature is correct. a signed token you show random sites. and this is the most naive idea i brought up for discussion without things like zkp even considered. Lawmakers aren't being told by the likes of Signal "there is a better way to do this, let's discuss" they're being told "ignore what all the scientists, research, law enforcement, social workers are telling you so we can watch porn in secret".

> For thirty or so years we had client-side optional Parental Controls, and it worked fine.

It absolutley did not work fine! the toll of human suffering is inexcusably abominable! I shudder in confusion between whose head i should rip off or why this damn planet hasn't been burned down to ashes already at the very thought of all that has been perpetrated using this technology. The internet multiplied and empowered many things, chief amongst them is human cruelty and apathy.

> For thirty or so years we had client-side optional Parental Controls, and it worked fine....

Save your breath, even amongst those who genuinely wish to do well, they have employees and user generated content they can't keep up with. There is no excuse for this. Forget about the tiny span in human history that is the past 30 years. How many people died of industrial accident at the begining of the industrial revolution, how many people died because of car accidents before all the car safety and traffic laws were in place. Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet. Just because you don't see it, doesn't mean it doesn't happen. The internet isn't special, it's just a tool, a technology that connects people. Except billions are connected, and now they can abuse and harm each other across national borders , timezones and continents and maximize their profit from it.

HN and tech-world in general is like any other industry that caused massive suffering until it was regulated. I keep making the same simple comparison of a stripper IRL vs live cam porn over the internet, and no one in this thread even wants to attack that simple example that I picked because it isn't overly sensationalized and universally accepted that laws should force strip clubs to check IDs in any country on the planet. I didn't bring up pedos, human trafficking, revenge porn and so much more in between. and that's just the sexual dramatic stuff, not the seemingly harmless stuff that is easier to brush away and dismiss.

People can see your face and make decisions when they interact with you IRL, they can't over the internet. The problem is huge and the fact that the internet has been young and unregulated does not excuse looking the other way.

I can't believe I'm defending politicians' (however ill intended) agendas against HN/tech-world. but here we are. If things progress this route, I would even cheer as everyone (self included) loses any semblance of privacy or democracy because the alternative was these masses keeping looking the other way at human suffering instead of finding sensible middle grounds, especially when the tech is there. This is insane to me! things crypto-bros (both kind!) have been trying to make main stream like zkp and homomorphic encryption and so much more can actually solve a critical fault of the internet, and the choice is to just let people suffer instead of risking a potential slipper slope.

> The internet multiplied and empowered many things, chief amongst them is human cruelty and apathy.

Bare in mind we aren't banning the internet, just kids on social media.

> Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet

A billion people have died from.... the internet? Youve GOT to explain this one lol how exactly?

> Bare in mind we aren't banning the internet, just kids on social media.

It's neither. it isn't social media only, there will be various sites that are age restricted, similar to IRL businesses.

> A billion people have died from.... the internet? Youve GOT to explain this one lol how exactly?

I didn't claim 'died', you assumed. I meant sum total of suffering and pain facilitated by it. The internet is just a "road", except it connected everyone. sex, violence, extortion, slavery, you name it. a decent argument could be made that in the past one or two decades alone more slaves were trafficked and traded than in the entire history of the transatlantic trade, except smartphones, wifi and 5G were used to facilitate trade and allow real-time live HD monitoring of the "merchandize" and advertisement to buyers thereof. think of it in terms of graph theory perhaps, edges and nodes and all. just in the past 30 or so years the planet's population doubled and all those "nodes" have the capability to form edges with all other nodes on demand, interact with and in engage in unregulated commerce (cryptocurrency doesn't help either).

> think of it in terms of graph theory perhaps, edges and nodes and all.

So we should ban letters as well because of all the badness they facilitated? Lots of crime has used telephones, we should also ban telephones yes? Because graph theory's etc?

again, bad faith argument.

as you said, the internet isn't being banned, so why would you stretch what i said to mean "ban letters"? sending letters to minors might require age verification if it were a real problem, you already need to verify your age to open a cell service, children can't sign up for mobile plans. you're trying to make this about something it's not so you can win an argument, I don't care who wins the argument, let's solve the problem. Your whataboutism doesn't have solutions attached to it, only winning of internet points.

> The internet is just a "road", except it connected everyone. sex, violence, extortion, slavery, you name it.

The internet doesn't cause slavery. It's facilitates it in the sense that its a communications network. To say THE INTERNET caused slavery is like saying telephones cause drug dealing because dealers use phones to contact drug users.

> sending letters to minors might require age verification if it were a real problem

Lol

>People can see your face and make decisions when they interact with you IRL, they can't over the internet

Man you're just reaching at this point... Should we ban telephones, and written correspondence also? You're hysterical

phone sex is already banned without credit card verification or if you sound like a minor for example. and you're being disingenuous as well, clearly this entire thread is not about "correspondence", i clearly said "interact", simply talking to kids IRL doesn't require ID verification either. But when you enter a bar, a night club, a sex store, buy alcohol at a convenience store, etc... or hang out at the play ground people can see your face and judge your age. You can't pretend to be another child at a playground as a grown person and fool everyone. If the actuality of people calling or mailing children to groom them like that was a reality, and tech existed to verify age over phone/mail, then absolutely, can you articulate a reason why that shouldn't be done other than you not wanting to be a tad bit inconvenienced?

Speaking of, do you know how common it was by all sorts of middle parties to listen in on POTS phone calls? or paper mail being intercepted by law enforcement? (not that I support either - just putting into context the history of surveillance and societal acceptance of it).

> phone sex is already banned without credit card verification

And so is inciting a minor for sex, internet or not.

we agree.

So you don't need to make any new laws do you? It's covered by existing ones

There's no such thing as private or anonymous age verification. It doesn't exist.

zero knowledge proofs exist, don't they? also it matters "private from whom, and what". You can make what sites you visit private from the government, and your identity a secret from the site, but the inverse isn't true, the government would know the identity, and the site would obviously know someone visited it.

The problem with this whole thing is the expectation of privacy online for interactions where their IRL equivalents don't have such an expectation. Even if there was no harm being done to anyone, it isn't a rational argument if you subscribe to the ideal of equal treatment under the law.

Zero knowledge proofs exist in theory, but none of these age verification laws that are introduced use them, probably on purpose. I'm certain that every government will want to know what sites everyone visits.

but why does it have to be that way. why not have zkp age verification processes anyways, inconvenience aside, what's the harm. If they refuse to let us use them, they need to explain why. I don't disagree with the malicious intent you're talking about but we can have it so that they have no legitimate excuse to require collection of site visit data. all the emotion and fervor aside, why can't we talk about having this as a standardized process that excludes third parties.

Governments are banking on being able to purchase that site visit data anyways, bypassing their own laws that prohibit them to do surveil, we can require them by means of technology to comply with laws and for the last time resolve the "but the children" argument.

ZKP age verification doesn't verify because you can just copy someone else's token.

it works if it is time-scoped and full age/id verification is done directly with the government. if you're malicious that way, you can likewise verify your id/face and just give a minor access after verifying anyways. you can get a zkp token that can prevent the site owner and the government from colluding and revealing your activity. zkp is one of many ways to solve this as well.

You can also... ask someone else to pass selfie-age-verification during an account registration, no?

When it's not zero-knowledge they can see who registered the account and that it's not the same person who seems to be using the account.

How would they know a minor is using an adult-verified Signal or, say, Youtube account?

Face scan to sign in. Or watching cocomelon all day.

> Face scan to sign in.

This is not in any current (proposed) laws I'm aware of.

Thank you for writing this.

Of all the topics I’ve had to work with in my career, this one has caused me by far the most frustration. I like to think the hacker community is generally scientifically-minded and open to rational debate, but online discussion of this subject uniquely tends to cause people to hunker down, refuse to engage productively, and resort to name-calling. This might feel righteous, but ultimately leads to own-goals from us.

Firstly, to make one thing clear, it’s _absolutely_ possible to do age verification in a privacy-preserving manner. A technology called Privacy Pass exists that separates the roles in the age-verification question. This would make it possible to have a solution where the government can attest to your age without knowing what website you’re trying to visit (e.g. pornography, or an online casino, or just purchasing alcohol online). This is just a matter of fact. I’d recommend reading RFC 9576 for more details on the separation of roles here, it’s a really nice protocol.

There seems to be some misconception that privacy-preserving solutions for age verification aren’t permitted under various legislations. I don’t know where this comes from, but certainly Ofcom _mandates_ the minimisation of unnecessary data collection. This doesn’t mean that suboptimal technologies aren’t in use, but there’s certainly nothing precluding the use of fully privacy-preserving solutions.

We should be pushing for privacy-preserving age verification. It’s easy and convenient to say it’s the job of parents, and label anyone who doesn’t use parental controls as a bad parent, but at the end of the day, a government’s job is to look after its citizens regardless of whether they have good parents. If instead of engaging productively we stonewall the topic based on a vaguely-directed-but-intense distrust of Government, then governments will implement it anyway, and the solutions will be bad. We know this is the case, because it already happens.

I participated in a very productive workshop last year with representatives from government as well as various privacy-conscious companies, including Mozilla. I was pleasantly surprised at how productive we could be when we all worked together on this. We all walked away with a much better understanding of some of the problems, some of the nuances involved, and some possible paths forward.

why isn't russia, china, india?

Sports are artifacts of culture. Although the US does remarkably well in soccer despite soccer not being a mainstay of american culture. The question should be, how come the US does so well in soccer, despite it still being a niche sport (even then mostly for older generations).

Soccer is much more popular with gen-alpha and to an extent gen-z (thank youtube).

A lot of the top national teams have players that play in the premier league or some other european league. The American national team (last i recall, haven't kept up) typically only play in the MLS where even then the foreign players treat it as a last stop before retirement when they do have premier league experience.

iron sharpens iron, competition is what it's all about, year round. I wonder why the premier league didn't expand to the US, Canada and beyond? it has global popularity but with not logistical or technical inhibitions, it still is a europe only (keep in mind, europe is still a bunch of countries, so international) club. There aren't enough matches to make a 1-2 6-8 hour international flights a week that big of a deal (assuming a day of recovery afterwards), and/or matches can be scheduled so that they move to one side of the atlantic after a few weeks and back after a few more instead of lots of back and forth.

I would say the NFL and the NBA dominate US culture, but today, the MLS and NHL are about the same level with younger generations as soccer -- if you include all of soccer as one thing instead of just the MLS.

LLMs mean less devs are needed, not no devs. even after serveral more decades, they'll need steering. I've seen agents stuck chasing one issue, when to me the issue was obvious, but I can see how the model would rule out the obvious easily and move on, but my instinct/experience tells me that's where I need to focus time on. This translates into costly token-waste. Secondly, it isn't simply "quality", the LLM might generate something that's good quality from its perspective, but it simply won't consider things unless it's explicitly told to in excruciating detail, and even then! understanding things from a simian point of view can't be perfected without that simian experience as part of its training. It can come very close but not quite.

Think of it this way, who needs engineering managers, project managers, scrum masters,etc.. if they're employable then surely actual devs that can tell what good architecture is vs bad, good code vs potentially bug code is are also employable.

But the number of devs needed, that demand will obviously decline dramatically. At the same time though, there are other careers that require programming and software dev as part of your skill set. Simply integrating LLM-enabled solutions into real world workflows is a new area that's very young and immature.

Let's not act like we're suddenly in some sort of post-scarcity utopia where all problems are solved by LLMs, where tech can solve problems, there is demand for those who can use technology to do so. However, I see a lot of people attacking the technology and resisting change a lot, and to those I suggest they look up every single technological revolution and see about the fate of such people.

This is one reason it's hard to trust science, they start of with a bias and confirm it, but make it look like it was objective. You'd need decades of research to even come near a conclusion on something like this. "suggests" is doing a lot of the heavy lifting there, but the general public, policy makers, executives, hr, etc.. will read "it's a fact", and I suspect whoever funded this knew exactly what they're doing.