How could/would/should the Fediverse do age verification if required in the EU?
18d 21h ago by lemmy.world/u/General_Effort in fediverse
The question is prompted by the age verification app that the EU has just presented.
Some EU countries want to ban social media for young people. If that were to happen, what then?
I would only ever sign up for an instance that is not subject to it, or does not comply, or at least maliciously complies. And by malicious compliance I mean something where it's implemented in such a "buggy" way that it's easy to bypass.
But really I'd just go for instances hosted outside the EU.
How on earth would the EU possibly do this given the entire structure is federated?
They likely don't even know what Lemmy is.
Good point. European governments keep churning out the digital regulation, but have hardly any qualified people to enforce them. That has protected the Fediverse, so far.
But a straight age-gating requirement would require no particular qualifications to spot. Would you be willing to face a hefty fine just for the privilege of running an instance?
This is precisely the point of literally all the recent new laws regulating online platforms, including this.
To kill smaller ones that can't comply with those laws, so that only large ones remain (if at all) and it is easier to censor and surveil the users there.
I just hope that at some point, people will figure out how wrong politicians of the 2020s were to do all of this, and a new free and open Internet will rise from the ashes as long as any remain.
Unfortunately, the general public has no idea whatsoever of the Fediverse and doesn't care about the monopoly of information, mega platforms abusing your data, privacy, and so on and so forth. I'm old enough to finally have come to the conclusion that progress is not made by the masses but by smart, motivated and usually underappreciated individuals. Sadly.
I was already posting on web forums (also wikis) before Facebook or Twitter became popular, when the Internet was not yet very established and posting things on it oneself was something only few people thought of doing.
I was outright excited when I saw "social media" becoming more mainstream. I thought at the time, at least more people are using the Internet, even if it's "just" Facebook or Twitter (which I didn't and still don't see much value in), at least it's the Internet, that's a good thing because the Internet is a great and exciting thing for society and a wonderful source of entertainment!
Now we live in a world where the general public mostly only knows how to operate social media apps, otherwise has no tech proficiency at all, doesn't even know what else is out there on the Internet, and doesn't know or care how the social media apps they're using are designed to manipulate them. And politicians are busy working to make it harder for good idealistic people to solve those problems. :(
Small platforms are excluded but don't let that get in the way of your hysteria
Small platforms are excluded today
Yeah that's how laws work, if it included them it would be a different law or a significantly different proposal.
From some things maybe. Plenty of recent "online safety" style laws around the world have no exceptions based on platform size.
We are talking about a specific thing: https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops
You are talking about the DSA.
There is no reason to believe that future social media bans will have such exceptions. VDL said explicitly that the app means that there are "no more excuses".
The DSA excludes small platforms from some rules, so as not to overwhelm start-ups with bureaucracy. Clearly, such considerations are to be neutralized in the future.
It should not. Fuck the police.
If they make the fediverse illegal, then it will be illegal. There's not much that can be done about it. Obviously we cannot do "age verification."
It would look really bad, politically, so they probably won't go that far right now — they'll just slowly push things in that direction until it seems feasible.
There's not much that can be done about it.
According to many lemmings the elegant solution is to simply ignore the law entirely and pretend that will be ok
How is it they can meaningfully enforce it?
The notion that every single user-to-user service should incorporate invasive age-ID tools in itself is deranged and dystopian.
I'm not arguing it being an insane law. But it would be enforced by fining companies within applicable jurisdictions. Companies like system 76 or anyone else profiting from distributing an operating system, or anything else they can argue it applies to.
Oh we're talking about OS, not user-to-user services online.
There are so many variants of Linux they could never get on top of it.
I mean yeah you could never get to 100% enforcement, like with every other law. But it wouldn't be hard to have a huge impact against the big guys. Ignoring the law as one of those is not going to be smart. Unless you move your ops somewhere not impacted. But realistically it would be easier to just follow the law.
I mean I simply don't think they will bother regarding the many Linux variants.
Same reason they won't bother the Threadiverse. I doubt they even know what it is.
I agree. Although over time some of the things we don't expect to be impacted may be. I hope I'm wrong.
Personally I'd want to see at least some instances behind i2p or tor as it's really the only answer to all the censorship coming.
Doubtful it ever will happen I mean that stuffs had a lot of time to take off and hasn't as yet.
I wish the fediverse would allow federating with Tor-protected instances
What prevents this? Is it just that you would a need a server that is a bridge on both networks?
I think it's doable if the server can connect to the onion network on its side
Not at all.
Protest any age verification laws by not regarding them.
Move servers to a country without stupid laws and ignoring the notices/threats. Sure, they might block you in that country, but people will find a way.
Pretty sure 4chan still hasn't paid fines to UK and doesn't plan to as UK can't really enforce such things abroad, they can just block you in their own country if you refuse.
It shouldn't, just host it somewhere else where legislation doesn't apply.
To consider the possibility is part of accepting that it will happen, making it much easier to actually happen. First, I think, people should pressure so it doesn't get to pass, as they seem to be against it. If the worst scenario does come, then people can consider what's the least bad route of actions.
We shouldn't go down without a fight, out plan A must be to prevent dystopia. And you are right that asking "what if"s can encourage a feeling of defeatism by distracting from plan A, however it's generally not bad to think about a plan B ahead of time.
A related question that comes to mind is what jurisdiction's laws should we all be exploring to avoid age verification completely?
I'm not suggesting we all get legal degrees or dispense legal advice, but as conscientious people who are also literate: Should the Fediverse identify lists of these jurisdictions for its community of small to very large instances, and resources to help decide whether those laws of favourable jursidictions should be adopted and some common pitfalls?
We all see the headlines of countries exploring bans on under 16s for social media in the name of improved ad and online surveillance. Which are the countries who are saying no or will resist this?
First of all we should submerge the EU parliament with protests, as we did for the chat-control question. Then protest marches, strikes, and so on. Then simple non-compliance. Whatever is undemocratic has automatically null morally legal validity.
I think we can still use the https://fightchatcontrol.eu/ platform for this. Just need to change the text and protest against age verification.
I'd sign and send an email for sure.
“Fuck you, make me”
@vzqq@lemmy.blahaj.zone @General_Effort@lemmy.world Famous last words
No offence to those that run various instances but the LAST thing I would want is for any of them to deal with this stuff on their own servers. that's just a massive can of worms I would assume even they wouldn't want to open.
The DSA isn't a one size fits all. It uses a tiered system where the most intense rules—like mandatory age verification—are aimed at the Very Large Online Platforms (VLOPs). The law was clearly designed with Big Tech monoliths in mind, so it doesn't really fit the decentralized nature of the Fediverse. Small instances largely gets a free pass; the focus is on targeting the platforms that actually have the scale to cause systemic risk. I think the limit is drawn at 45 million users. No instance in the EU will (hopefully) become that big!
I hadn't considered if existing legislation might already require implementing an age verification when l posed the question. Now that you bring it up, I fear it does.
The DSA has exceptions for small companies. But I would caution that there is no case law that supports your interpretation that users should be counted on a per-instance basis. Courts are often not very receptive to attempts to avoid rules through such formalities. Bear in mind that the DSA is supposed to protect the "fundamental rights" of Europeans, which may not include running an instance.
Other laws do not have such exceptions. This app seems poised to become the required age verification mechanism, wherever age should be known. Either use the app or show you have something better.
In January, a Berlin court ruled that TikTok was in violation of the GDPR for not doing enough age checking. It's being appealed. It remains to be seen how much of that case will be applicable to the Fediverse. But there is a good chance, that even without new laws, age-gating will become mandatory through case law.
Today
And the winner for first slipper Nipple post is you.
yeah a different law or amended law could be different, it could punish posting by death, let's stick to the actual law being proposed
A prompt at sign-in:
"Are you 18 or older?"
Yes: let's you in
No: lets you in
I wish it was so simple
Is it implemented the same way beer company websites ask for your age?
I would be completely fine with this version of it.
Centralized platforms, including the big federated ones, might be required to institute this. We'll have to wait and see. Usually laws define the words they use. So they'll have to define "social media" and "age verification" and what does and does not apply. After it's out, then it's up to the courts.
I've been watching the Section 230 discussions in the US, and they don't want to wipe away what's there because they want to protect smaller platforms, but they are looking to amend it to add additional wording for size, revenue, etc.
Also, there's NOTHING stopping you from running your own service and hopping on. Honestly this is why I want to see self hosted plug and play devices for the Fediverse. You don't need age verification if you run it for your family and know everyone's age.
These age verification laws will work on some folks, but I think the vast majority of folks will just be pushed to the outskirts. And honestly, we're it. This could be a boon for the Fediverse.
You don’t need age verification if you run it for your family and know everyone’s age.
You could run your own family forum just fine. The problems start when you want to federate. Let me be crass to make the point. Say someone posts child porn and that gets federated to your instance. You think you can just declare that someone else's problem to avoid legal complications?
The way I expect this would work, is that instances would become responsible for who they federate with. If an instance allows your family instance to federate, they would allow your users to indirectly use their instance. We'll have to wait what lawmakers or courts do, as you say. But I think, federation would only be by manual approval after some sort of check for compliance, or maybe even a legal contract similar to how it goes in GDPR. Actually, such GDPR contracts might be required anyway, but who cares.
Age verification aside, the likelihood is that eventually the Threadiverse, if it grows, will change as to require manual approval of new instances anyway just on a pure spam issue and abuse level.
Maybe, but letting a new instance federate doesn't create a bigger abuse risk than allowing account creation. Going through a compliance checklist takes more effort.
It might split the Fediverse in compliant and non-compliant, where compliant servers don't talk to the others.
I mean I don't see how it's plausible how government regulatory bodies even go to the level of trying to micromanage a network that had 40k monthly visitors tbh
You tell anyone asking that they can suck your dick. Being that they must be an adult to have that job and ask that question, you must be an adult to be able to give consent to them.
Age = verified.
Implement portable actors and tell them to get bent
It's easy. I would stop going to those servers who want to spy on me. I don't have time to waste on such bullshit. I would read more books and still have fun.
Will every website out there start doing age verification? Doubtful
Just the ones we will quit.
They can try to force me adding that for my single user instance, but I don't think they can:
- Force the developers of GoToSocial to add this feature
- And force me to add that to my instance (I don't live in the EU no US)
Do do this, they need to enforce cryptographically verifiable age verification everywhere. It would require forcing big instances to only cooperate with small instances that poof they do age verification and if you're selfhosting then the hoster needed to verify you? Not really possible.
Of course big applications and servers could choose to add age-verification freely to avoid scrutiny. Won't be cheered on in the Fedi I'm sure.
I'm more worried about the proposed OS-level verification, which will be harder to circumvent if you're not using a FOSS OS. Especially since I can imagine a global effort on this by US, EU, China.
Edit: hypotecially, if we ask how could it be added, a zero-knowledge proof that you're >18, without revealing anything else, would be the way to go.
Like this https://lemmy.ml/post/46011830
Does the App allow random platforms to do verification? Or do we need to be some registered business, do contracts, likely pay for the service...? For the App to speak to our instances?
Good questions. I haven't seen any info about the economics yet. I think that's up to the member states?
I found some info here: https://ageverification.dev/
But that's difficult to read, very technical. And mostly written from the user perspective. It looks to me like they're (for once) trying to come up with a proper solution. Everyone can be an Attestation Provider, Relying Party or repurpose the white-label App. At least in theory. It's all specified and in the open. And then the European Union contributes some list of trustworthy Attestation Providers (governments, banks, mobile network providers...)
I think due to the project structure, it'll be more like the Covid-Certificate App, which could be customized by every member state and it's theoretically possible to use it as one uniform solution.
So unless there's some certification for "Relying Parties" which I missed while skimming the documentation, I'd say in theory it'd be possible to use it on a technical level. Of course it's still a preview so the EU has lots of opportunity left to mess it up.
Everyone can be an Attestation Provider,
Maybe everyone can apply to become one, but there will be some certification process. Anything else would defeat the purpose. So you have the question of how much that would cost and who pays for that.
I agree that, on a technical level, it should be possible to implement support for the app.
I wonder if a checkbox is enough
[ ] 18 or more?
It's not up to me to hunt down unlawful people? And if it is so, how on earth can that fly legally?
Law in some (many?) European countries already requires more intrusive age checks. The EU also has some explicit requirements. There is also push to ban social media for people under a certain age (maybe 16).
The EU has just presented an age verification app. That app would become a required standard through new laws. or even through case law from court judgments.
Does it require it to be good? Like an audited service working with government databases and some kind of PKI system or is it just heuristics? If it's the latter, then half ass a local vision model running client side during registration that trys to determine age, and defaults to "sure". Have the age range the guess falls into (6-12, 13-18, 18-25, 25-999) be random number tables pick a fake number in the guess age range and move on. If a user WANTS to be precise let them. Maybe a test on "adult" questions like what is your favorite brand of toilet paper, what did you last pay for eggs, when cleaning a rug what method do prefer, etc (localized to region maybe just so people unfamiliar with a thing don't get stressed by these bs questions).
Even better federation if we could have a concept for the federated servers so that they have a concept of what info actually needs passed along (as in above 18) and pass just that info if the user allows. Useful idea for other bits imho anyways. Pick and choose what actor metadata we share, allow servers to share data calculated on metadata without sharing it, etc.
Otherwise as others have said, Tor, i2p, and maybe freenet? The best case is servers in free countries support all three clearweb, tor, and i2p, and local server behind the wire support just the secure one that works in their security environment.