Reporting wrongdoing to the ones doing it doesn't work. Perhaps they relied on Microsoft a bit too much for their livelihood and are just beginning to reevaluate their decisions. It's not so rare for brilliant people to live a life of the mind and not pay enough attention to their material conditions. But defining that as "serious mental health issues" is such a cheap shot.
> Reporting wrongdoing to the ones doing it doesn't work.
Most large companies — including Microsoft [1] — have an internal affairs call center where you can anonymously report issues of malfeasance — assuming that's what happened here.
More open-source forks of OpenWRT and open-schematic router board designs are exactly what we need. It would further raise the cost of planting backdoors in routers at meaningful scale. We're currently too dependent on the OpenWRT project for router firmware. It's a high-payoff target for XZ Utils [0] type of multiyear infiltration by malicious actors.
The StartWrt port supposely adds some nice features, of which VPN chaining looks especially useful. And a better UI will make it more accessible. There are plenty of people out there who are willing to switch out their routers and chain VPNs to escape gov/ISP/big tech surveillance but don't have the technical means to do so. These are welcome improvements to reduce friction if they manage to pull it off.
The specs are not too bad for the price considering this is a startup project. It has 8 cores with per-core performance similar to Cortex-A55 + 4GB LPDDR4 + 16GB eMMC, which is better than most off-the-shelf routers. I wish they released the WIP schematics and code though, because there seems to be nothing at the moment.
I will add, for those that lost the plot: the goal was, and still is, to build a world where anyone can communicate with anyone else without exposing their physical identity and location, and therefore people cannot be physically persecuted for what they think and say.
We're far from achieving this goal, and we underestimated our opponents by a lot. But it would be foolish to blame the Barlows of the world instead of blaming the tyrants and corporate opportunists that go to great lengths [0] to sabotage and interfere.
The unfortunate reality of the internet is that anonymity is abused by troll farms and genuine human interaction is corrupted by their astroturfing and political propaganda. Anonymity in the hands of the powerful is so much more corrupting than the liberty it imparts to the weak.
>Anonymity in the hands of the powerful is so much more corrupting than the liberty it imparts to the weak.
Even if it were so, it is still a win. Without anonymity there is no liberty to the weak at all. And thus for that liberty we must endure all the crap.
Shills don't need anonymity. They can troll and astroturf just fine under their real names, or the names of the people they're paying to shill for them, because there is no one who comes in the night to put a bag over your head for shilling for the establishment.
The people who need anonymity are the people who would be punished for saying things people in power don't like.
Shilling by nation-level actors often involves paying South Asians or Africans to create profiles claiming to be an ordinary person from somewhere completely different. Or people in said countries may not even be paid by a geostrategic rival but are shilling because they identified profit potential in e.g. selling MAGA merchandise. Obvious what they do depends on pseudonymity, and would fall apart if their real names were shown.
I don’t think that’s true, unfortunately. You have lots of cases of major propaganda accounts found to be foreign actors and pretty much nothing happened to them
I am talking about the psychological effect, not the accounts being banned. Accounts pretending to be e.g. bona-fide Red State MAGA Americans are not going to successfully manipulate the American populace or move MAGA merchandise if the name "Ramesh Sharma" or "Goodluck Ngozi" or whatever is shown on every one of the account's posts.
Wouldn't "Ramesh Sharma" just file a name change form with the government and hence be known as "John Smith" when they create their account?
And even that is assuming they need the same person to be writing the posts as lending their name. They could also pay a homeless person or food service worker in Kentucky to sign up for the account and still have a troll farm in another country writing the posts.
The astroturfing relies mostly on anonymous users. The vast majority of trolling and shilling on Twitter and similar platforms is done with fake identities. So you have a few open shills who are using their real names, with massive campaigns enabled by anonymous/fake users
What part of that requires anonymity? You pay some broke college students or unemployed dog washers to shill (or let someone else shill) for the big accounts under their name.
There is not only a massive supply of such people, they have high turnover as the seniors graduate but the new freshmen are broke again and the unemployment rate is fairly stable but the specific people distressed enough to sign their name for a buck are constantly in flux, so it doesn't even matter if they get banned.
How is that supposed to work? The average person is not going to read 1000000 separate posts. They want someone to go on Reddit and see that 10 of the 13 replies to a post about their subject are favorable. They don't need 1000000 accounts for that, they need 10, and getting 10 IDs is elementary for anyone with a corporate or government budget.
Bots are only an issue for public posts, not chat groups and DMs where the most valuable interactions happen. Ideally chats would be encrypted, untraceable, and anonymous, except to the people you're talking to. Anonymity is an overwhelmingly positive feature there.
For public feeds, you seem to assume that only the propagandists can leverage bots effectively, which is the right assumption for the centrally-controlled social media platforms of today. But if we make a platform that is just some protocols that can't be controlled by anyone, you and I would be able to spin up anti-propaganda bots to pwn the propaganda bots without fear of repercussion. Anyone can try to push public opinion in a specific direction, but someone else will simply go the opposite way. There would be no moderator or algorithm to artificially boost one type of noise over another, so we would actually get a less corrupted feed that accurately represents what people are thinking because the noise cancels eachother out. And if you want to customize the feed, we could make client-side filters and algorithms. There could be an open-source algorithm called "Hacker News" that you can just download and install into your open-source social media client.
As for keeping the powerful in check, don't forget that we've kind of lost equality before the law at this point, as shown by the Epstein saga. If we try to remove anonymity from the Internet right now, it will only be used to surveil regular citizens but not the people we need to keep in check. I would happily support a law that selectively enforces the other way around, though: let's mandate real identity for all government personnel online and expose their Polymarket accounts.
> Anyone can try to push public opinion in a specific direction, but someone else will simply go the opposite way. There would be no moderator or algorithm to artificially boost one type of noise over another, so we would actually get a less corrupted feed that accurately represents what people are thinking because the noise cancels eachother out
This has never been true and never will be. Entities with more resources have dramatically more ability to put their perspective out and dominate the messaging.
This is so blindingly obvious just by looking at what is happening...
It's like the believe that markets are inherently efficient and we just need to get rid of all the government interference that distorts the free market.
There is no evidence for it, the theoretical argument is so flimsy it falls apart under the slightest scrutiny, the various ways in which markets are inefficient are several entire subfield of economics. Yet the idea persists...
The notion that you just need a proper free market of ideas and then the best ideas will automatically win, and we just need to get rid of everything that interferes with this free market of ideas is cut from the same cloth...
Maybe it has the same attraction as "blame the immigrants". It gives you an immediate automatic scapegoat for everything you see in society that you don't like.
The belief isn't unjustified though. One of the defining elements of a government is aggression. Spending resources to force someone (specially with violence) to something is more wasteful than if they were to do it by themselves. Furthermore, most, if not all, cited inefficiencies are linked somewhere to distortions created by government action.
That being said, I do agree that there's a dangerous apathy about how the free markets work. The free market, being the product of voluntary action, is anything but automatic.
But I don't see how that is a scapegoating mechanism for "anything you don't like". Anymore than apathy is, at least. I see human rights (specially the right to live and private ownership) being used as scapegoats much more often.
"Entities with more resources" are not necessarily bad, as you seem to assume. In reality, they're not aligned with eachother. This is just as true for nation states as it is for individuals.
When everyone can talk without censorship and fear of persecution, the best ideas might not always win, but the good ones usually will, and the worst ones will always lose. This is why every authoritarian regime needs censorship to survive.
You're not describing a world of freedom and opportunity. You're describing a world where anyone with money can do whatever they want without consequences.
The good ideas do not usually win. The loudest ones tend to win. The worst ones frequently win.
The world I'm describing is one where anyone, rich and poor, can say whatever they want without being silenced or persecuted, without fear. People with more resources will have the means to make themselves louder in public as they do now, but unlike the situation we have right now, they will not be able to monitor other people's private conversations, nor can they censor and compell other people's speech. That's a world of more freedom and opportunity.
The loudest ones are not aligned with eachother. Their efforts to influence public opinion will neutralize eachother, and none of them can gain moderating power over the platform because the platform is just protocols. Ideas will clash, leaving only what people think is good in common. And that is the definition of the common good.
Do you have any better ideas? Or do you think that you possess the superior definition of "good" such that public discourse to search for it is unnecessary?
The law, in its majestic equality, forbids rich and poor alike to sleep under bridges, to beg in the streets, and to steal their bread.
> The loudest ones are not aligned with eachother. Their efforts to influence public opinion will neutralize eachother, and none of them can gain moderating power over the platform because the platform is just protocols
This does not match reality. Those with money and power DO have a lot of goals that are aligned with each other. They're not incompetent, and they understand the power of collusion. If you think they cancel each other out you're living in a fantasy.
> The law, in its majestic equality, forbids rich and poor alike to sleep under bridges, to beg in the streets, and to steal their bread.
The solution, presuming said law to be fair, is to make a world where no one has to sleep under bridges, to beg on the streets and steal their bread. Not getting rid of the rule of law. Of course, that presumes said law to be fair (aside from the last part, it isn't).
> Those with money and power DO have a lot of goals that are aligned with each other. They're not incompetent, and they understand the power of collusion.
Most people share goals, understand the benefits of collaboration, and exploitable conflicts still arise. The problem isn't caused by a lack of shared goals, but the presence of conflicting ones. Even just one can inhibit collaboration and induce sabotage. After all, there is no long-term collaboration to be had if your goals are mutually exclusive.
Also, it think it bears reminding that the alternative, regulation, is enforced through a powerful corporation that is structurally much harder to hold accountable (despite best efforts, although it was always a non-starter), the state.
> But if we make a platform that is just some protocols that can't be controlled by anyone, you and I would be able to spin up anti-propaganda bots to pwn the propaganda bots without fear of repercussion.
How has this worked out with email, text messages, or the phone system, or even postal mail.
I rarely receive messages from kindly anti-propaganda bots, but sure receive a lot of messages from actual propaganda that bypass filters and infect everything like cockroaches.
Assuming that otherwise won’t happen is a basic failure to understand humanity. Spend a few hours with middle school boys and after observing their behavior, try to determine if your protocols will withstand that goofiness, naivety, rudeness, absurdness, sensitivity, callousness, puerileness, unpredictability, and rambunctiousness.
As a parent to several, I see how educational institutions (school) whose job it is to be experts at this exact behavior are failing catastrophically by not understanding this very basic idea. If your protocol something that is designed for well meaning people with good behavior who trust one another, it probably won’t work to well when given to middle schoolers and will work even worse when someone with the slightest bit of malice gets a hold of it.
> How has this worked out with email, text messages, or the phone system, or even postal mail.
Those are centrally controlled systems where propangandists have home field advantage (email is debatable, it's halfway, it wasn't designed with the existence of companies like Google in mind). But even if that wasn't the case, it's not the same phenomenon as bots on social media. The important difference is that on social media, if there is no central moderation, the bots will cancel out eachother's influence. If I make an anti-propaganda email bot, it doesn't lower the ranking of the propaganda that's already in your inbox. But if I have an upvoting bot for their downvoting bot, they neutralize eachother.
Also, ensuring that nobody except the participants of group chats and DMs can figure out eachother's real identity is already a massive win. That alone makes it a lot harder to beat a population into submission.
Do you also suggest to make it illegal to pay someone to publish certain posts/texts? And plan on enforcing this somehow worldwide? Because otherwise, if I have the money to make someone post my opinions, I already have twice the influence of everyone who doesn't have that money. And there are people who have the resources of entire nation states at their disposal and have a big incentive to influence public discourse in their favour.
There are a lot of unexamined assumptions in what you write...
> the goal was, and still is, to build a world where anyone can communicate with anyone else without exposing their physical identity and location
Whose goal is it? The article notes that the goal is immediately dropped whenever it's more profitable to do the opposite. We got tracking pixels, browser fingerprinting, and privacy-focused companies that talk big game about supporting (/selling you?) anonymity online but won't accept anonymous payments.
The anonymous online communication dream is dead. It died after 9/11 when the US government doubled-down on rolling out a panopticon to prevent future "intelligence failures."
It's Barlow's goal as I understood it. The article criticizes corporate opportunists, which is fair. But there are also plenty of other people willing to put short-term profit aside to fix problems and build the future we want to live in. The free and anonymous Internet is not a dream and will be built. It may have been half dead at one point post-911, but it was revived by Snowden and will strike at the panopticon until it shatters.
You don't actually engage with the point of the article at all.
Why is that a desirable goal? What are the societal implications of this? What implicit assumptions is your framing hiding, and are they true? (All communication is good! All opposition to communication is oppression!)
I don't want a world where everyone can send me any ad they want without my consent. Where Billionaires and Autocrats can use their money and power to amplify their lies. Where utterances that no court has ever recognized as protected speech dominate all carefully stated opinions.
Just retreating to exactly the catchphrases and naivete of the 90s is not cutting it anymore.
You already live in a world where anyone can send you any ad they want without your consent, paid for by your tax dollars. The postal service had been trafficking ads direct to your door since before Twitter was a thing.
Billionaires and Autocrats by the very nature of having massive amounts of money can use their money and power to amplify their lies no matter how easy or not it is for normal people to also amplify their own lies. Again, Disney was buying swamp land in Florida through shell companies long before the internet decided forcing Elon Musk to buy twitter would be funny. Or see also that insider trading is illegal for you and me, but if you're a congressman, that's just a perk of the job.
As far as "utterances that no court has ever recognized as speech", I'd be interested in what you think qualifies here, because the recent history (where by recent I mean over the course of the 1900's) has been an ever expansive definition of what sort of things constitute speech. Tinker v. Des Moines found wearing a black arm band is speech. Texas v. Johnson found burning a flag was speech. Brandenburg v. Ohio found advocacy of force and law violations was broadly speech, leaving only a small exception against speech that would induce "imminent lawless action". Hustler V. Falwell found parody of public figures even when that parody intends to cause emotional distress of the person being parodied were speech. Snyder v. Phelps found posters saying things like "Thank God for Dead Soldiers" and "God Hates Fags" outside of a funeral were speech. And let's not forget National Socialist Party v. Skokie, finding that a literal Nazi rally was speech.
It was probably a bad goal anyway. Anonymity turned out to be a great tool for fascists, and privacy is not going to save anyone if the fascist shit properly hits the fan.
That‘s something I believed 10 years ago, I honestly don’t see how that position can still be defended. What happened is the fascists benefited so much more from anonymity than any opposition.
But I also don’t expect that removing anonymity would in itself improve the current world, things are at a point where people living in democracies are openly advocating for the destruction of every single liberal ideals. Sure that’s in part astroturfed by anonymous accounts but way too many people couldn’t care less if they real identity would be linked to those claims
My point is that once we reach fascism, the opposing voices stop mattering. I think it's naive to think that anything happening in the digital world can properly fight that.
And since technological anonymity and privacy are clearly moving us towards fascism, it's not a net good anymore.
Hah, as if the fascists themself are in loving unity. (Or clear on the term itself)
There were and will be opposing voices also in deepest fascism.
More broadly, totalitarism is rather the term, where the whole society is total under control of one ideology. That can be fascism, but also other ideologies strive for that.
But yes, allowing anonymous voices is one way to counter it.
You literally could not be more wrong that opposing voices stop mattering once fascism is reached. Doubly wrong because fascism isn't a binary. Thrice wrong in that you think that a lack of anominity and privacy would somehow be helpful for prevention when fascism already here!
Okay, what fascism are you talking about? I'm talking about the actual rising fascism that we see right now and which has boosted its influence via social media by a lot.
>I don't want to offend you, it is just that your phrase is like straight from "1984" (or from Russia today) - "war is peace" and the likes.
No worries, I've learned not to be offended by people being wrong.
The core issue is simple and uncomfortable: through automatic updates, a vendor can run any code, with any privileges, on your machine, at any time.
-----
If the author is serious about this, then they should make their own program completely open source, and make builds bit-for-bit reproducible.
For all I know, the proprietary Little Snitch daemon, or even the binaries they're distributing for the open source components, contain backdoors that can be remotely activated to run any code, with any privileges, on your machine, at any time.
This is correct, of course. But I currently can't make the entire project Open Source. My other option would be to keep it completely private (wrote it mostly for myself in the first place).
I think it's still better to make it public and only partially Open Source so that some people can benefit from it. If you don't trust us, that's completely reasonable, just don't install it.
The existence of eIDAS itself is already a big problem. They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything. That's when they'll have total power over you because they can simply refuse to issue.
Modern computing and communications technologies can be leveraged to build infinitely stable authoritarian regimes. It's even possible for democracies to stumble into it on their own as they attempt to regulate these new technologies. In hindsight, the Internet was built wrong. It has a top-down structure which all of human civilization is beginning to mirror.
> They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything. That's when they'll have total power over you because they can simply refuse to issue.
The more this signature is necessary the harder it becomes to deny issueing it to somebody.
I don't see how this changes much compared to nowadays. You can already require an ID for all kinds of these and the government already has total control over those. So what changes? China manages to ruin the lives of the people illegally born under the 1-child-policy for decades already, all without systems like eIDAS.
You can't protect yourself from authoritarian regimes with tech or good policy since those will just get ignored. Look at Trumps war with Iran, where did Congress agree to it?
I'm not a fan of these systems either, I also think software should be open and no vendor lock-in should exist. But I don't think this will change much to be honest.
It will matter a lot in the long run. I will outline one concrete way it will matter, which I think is the most critical, but there are other ways it will do damage besides this:
Right now, physical ID is only required for government services, for the most part. But digital signatures can be extended later to gate all services and purchases, both online and physical, including non-government ones. For example, you can't host a website without a gov approved signature for each website.
Under a system like that, you would rarely find out when the gov refuses to issue a signature, or when any kind of injustice happens, really. Websites where people can talk about bad things happening to them will simply be denied a signature to legally operate, so they're given the ultimatum to "voluntarily" censor posts, or be shut down. It becomes impossible to have this very conversation on a public platform with any kind of meaningful reach. And they already have this kind of system in China, since you brought it up. In fact, they have domestic surveillance systems that make the Snowden disclosures look cute.
> They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything.
And in the EU it's already nearly the case. The dystopian horror that KYC/AML has become for honest citizens is beyond belief. And they're of course hiding behind the excuse that "bad guys are laundering money": but going after actual drug dealers, of course they're not doing that. We now have articles wondering if Belgium (where most of the EU institutions do live and where all these totalitarian laws are passed) has become a "narco-state" (where criminals make the rules).
People's life can be ruined when some employee, somewhere, decides he wants to bumps his SAR quota (Suspicious Activity Report): you can have a real-estate transaction fail (and have hence moreover to pay a 10% penalty to the other party) if either a notary, bank employee, real-estate agency employee decided that they've got the nostalgy of the Gestapo-time and decided to act like a good little nazi (yes, Godwin's law: for we're literally talking about totalitarism).
I recently had an notary's employee bother my brother for the source of funds when he bought an apartment... A quarter of a century ago. A quarter of a century ago and he was talking to my brother as if he was a criminal for he didn't have access anymore to the bank wire transfer from 25+ years ago. It's crazy for the exact same controls had already been done 25+ years ago when he bought the apartment. And the notary's employee fully knows that. (regarding that case my brother is currently looking into the national federation of notaries and he's going to file a complaint: he's got emails from that notary's employee that are totally out of line).
The problem is way too much power over the lives of others is put into the hands of petty people: petty bank employees, petty notary employees, petty public servants. The same kind of people who were all too happy to out jews during WWII and who were making sure trains would leave on time.
I previously had a folder where every single money transfer of more than 10 K EUR was saved: I know do it for every transfer below 5 K EUR. And these are to be kept forever for I know that me or my wife or my daughter shall invariably meet motherfuckers asking them "proof of the source of funds from 30 years ago when your father bought that collectible car" (worth less than 20 K back then btw, but worth 6 digits now).
Just fuck these systems and fuck anyone working on it and fuck all the nazis participating in it.
The threat is if you replace your cognitive capabilities with AI, but you don't control entire the system your AI runs on (hardware, firmware, drivers, OS, weights, frontend), then that's equivalent to someone else owning a part of your brain.
Cool project. But why tunnel Telegram specifically? This could be a yet another VPN protocol.
There are some useful ideas from SoftEtherVPN, BitTorrent, Yggdrasil Network, and Tor you could borrow, if you're looking to improve this. The ideal tunneling solution, which doesn't exist yet, is one that not only evades DPI, but also onion bounces you through nodes in a decentralized ad hoc network, and does automatic node discovery.
Nowadays I prefer to have dedicated application solutions, everybody (with security in mind) has some sort of base WG/Tailscale setup, it's annoying to tweak to incorporate those on top, so per-program solution imo makes sense and especially in the AI era where you don't really want to allow agents to tamper with your main network card config, it's safer and cleaner.
What I meant was that you could combine ideas from those 4 projects to build a new VPN protocol, not that you need to tweak your existing tunneling setup to allow those applications through.
There are two things very very wrong with the California law, which you call "age indication".
1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer.
2) The age API is not "completely private". It's a legally-mandated data point that can be used to track a user across apps and websites. We must reject all legally-mandated tracking data points because it sets the precedent for even more mandatory tracking to be added in the future. We should not be providing an API that makes it easier for web platforms to get their hands on user data!
For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside down: https://news.ycombinator.com/item?id=47472805
> For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside down
> 1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer.
FWIW, this is not quite an accurate description of AB1043, in at least three respects:
1. Apps don't get your exact age, just an age range.
2. Websites don't get your age at all.
3. AB1043 itself doesn't mandate any content restrictions; it just says that the app now has "actual knowledge" of the user's age. That's not to say that there aren't other laws which require age-specific behaviors, but this particular one is pretty thi on this.
In addition, I certainly understand the position that the age range shouldn't leave the computer, but I'm not sure how well that works technically, assuming you want age-based content restrictions. First, a number of the behaviors that age assurance laws want to restrict are hard to implement client side. For example, the NY SAFE For Kids act forbids algorithmic feeds, and for obvious reasons that's a lot easier to do on the server. Second, even if you do have device-side filtering, it's hard to prevent the site/app from learning what age brackets are in place, because they can experimentally provide content with different age markings and see what's accepted and what's blocked. Cooper, Arnao, and I discuss this in some more detail on pp 39--42 of our report on Age Assurance: https://kgi.georgetown.edu/research-and-commentary/age-assur...
I'm not saying that this makes a material difference in how you should feel about AB 1043, just trying to clarify the technical situation.
Regarding what to do with algorithmic feeds, instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child. We could implement a password lock for app installation/updates at the OS-level that can be enabled in the phone's settings, that works like Linux's sudo. Every time you install/uninstall/update an app, it asks for a password. Then parents would be able to choose which apps can run on their child's device.
Notice their strategy: these companies make it hard/impossible for you to uninstall preloaded apps, and they make it hard to develop competing apps and OSes, and they degrade the non-preloaded software UX on purpose, which creates the artificial need to filter the feeds in existing platforms that these companies control. They also monopolize the app store and gatekeep which apps can be listed on it, and which OS APIs non-affliated apps can use. Instead of accepting that and settling with just filtering those existing platforms' feeds, we should have the option to abandon them entirely.
We need the phone hardware companies to open-source their device firmware, drivers, and let the device owner lock/unlock the bootloader with a password, so that we could never have a situation like the current one where OSes come preinstalled with bloat like TikTok or Facebook, and the bootloader is locked so you can't even install a different OS and your phone becomes a brick when they stop providing updates. If we allow software competition, then child protection would have never been a problem in the first place because people would be able to make child-friendly toy apps and toy OSes, and control what apps and OS can run on the hardware they purchased. Parents would have lots of child-friendly choices. This digital parenting problem was manufactured by the same companies trying to sell us a "solution" like this Cali bill or in other cases ID verification, which coincidentally makes it easier for them to track people online.
> instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child.
Isn't that how parental controls already work?
There are problems, though:
1. The kids want to use Facebook. If parent A refuses to let their kid use Facebook, then kids B, C, D, E, F... all use Facebook and kid A becomes a social outcast. This actually happens. (Well, now it's other apps; kids don't use Facebook anymore.) This is similar to the mobile-phones-in-schools problem: if a parent doesn't let their kid bring a phone to school, and all the other parents do, that creates social isolation. When the school district bans the phones, it solves the problem for everyone. (So it's a collective action problem, really.)
2. Web browsers. Unless the parent is going to uninstall and disallow web browser use, the kid can still sign into whatever service they want using the web browser. I don't think parental controls block specific sites, and even if they do, there are ways around that, certainly.
I am very often the person who says that parents should actually parent their kids and not rely on the government to nanny them. But in this case I think there actually is value to the government making laws that make Facebook (etc.) less evil. And as a bonus, maybe they'll be forced to be less evil to adults too!
1. The current norm of social siloing apps was created by these tech companies in the first place. What regulators can do is discourage anti-competitive practices that lock users into specific software and hardware platforms. If there's plenty of competition for every kind of social app, and competition for OSes, and users could freely choose and move between them, then not having a particular app would not result in social isolation. This affects adults as well.
2. The OS has a firewall. But it's currently not user-controllable on your phone. Phone companies have decided you don't need that feature. But actually, they can easily implement a nice UI in the settings for the firewall and lock it behind a password, then parents would be able to use it to block individual websites. We can even make it possible to import/export site lists as a txt file so that you can download/share a curated block list that you or other parents made, to block many things at once. You could also do this for your entire home WiFi network in your WiFi router's settings, if your router's firmware has that feature.
And yeah, I agree that we should make the platforms less evil in general. But I think the way to do that is to give people the ability to easily ditch bad platforms and build new ones. Let the platforms actually compete, then the best will prevail. Right now, they don't prevail because of layers and layers of anti-competitive barriers. It would take great technical effort to regulate all the tricks these tech companies use, that's why I propose dealing with it at the root: make it so that all computer/phone hardware manufacturers must open-source their device drivers and firmware, and let the user lock/unlock the bootloader and install alternative OSes. If we do this, then the entire software ecosystem will fix itself over time along with all the downstream problems.
> Phone companies have decided you don't need that feature.Bu actually, they can easily implement a nice UI in the settings for the firewall and lock it behind a password, then parents would be able to use it to block individual websites.
iOS: Settings > Screen Time > Content & Privacy Restrictions > Toggle on
Then same area:
- App Installations & Purchases: disallow all
- App Store, Media, Web & Games > Web Content > Limit Adult Websites > Fill in allowlist and/or denylist, or Only Approved Websites and fill in allowlist
Apple is indeed better than most other companies on #2. But that's because it's the worst offender on #1. Its strategy is to appear to be the model company that cares about user rights and privacy, in hopes of capturing everyone in their closed-source walled garden that's already surveiling you at the OS level.
They're a part of the corp-gov surveillance complex [0]. This is the real threat behind the age verification push. The feds already have mass surveillance capabilities in iOS and macOS, and even Windows and most Android distros, but not on most open-source Linux distros, so they're starting to force it legally in the open. They're desperate because Linux is about to outcompete the enshittified Windows on desktops.
> The kids want to use Facebook. If parent A refuses to let their kid use Facebook, then kids B, C, D, E, F... all use Facebook and kid A becomes a social outcast. This actually happens. (Well, now it's other apps; kids don't use Facebook anymore.) This is similar to the mobile-phones-in-schools problem: if a parent doesn't let their kid bring a phone to school, and all the other parents do, that creates social isolation. When the school district bans the phones, it solves the problem for everyone. (So it's a collective action problem, really.)
If so many people give their kids phones and so few don't, why ban them in the first place? Clearly the vast majority of parents are fine with their kids having one.
You're just inventing a problem then. Or worse, implement a conservative talking point.
It's possible to mandate effective parental controls and then say "it's illegal to give your child access to facebook" and then just see what happens. You don't have to jump straight to making it technologically guaranteed by construction, maybe it's enough to just give parents the tools and an excuse to say no.
We don't need DNA testing locks on cans of beer that won't let you drink from them unless you're an adult, do we? It's perfectly possible for a parent to buy their child all the beer they want, and there's nothing stopping the children from trying to peer pressure them into it, and in many countries it's not even generally illegal to let your child drink beer! And yet almost all parents are able to almost completely enforce a reasonable level of restricted access, simply because society frowns upon it.
If we accept the premise that age restrictions of any kind are good (which, just to be clear, I don't think we should), there are good reasons for tailoring your content based on the user's age.
Imagine you're a streaming service, trying to show a list of movies that a user can watch. If you can only communicate age restrictions to the OS, but can't actually check the users age, you have a choice of showing a list of movies that some users won't actually be able to watch, or a list of movies limited to those appropriate for all ages. Neither are great options.
If you can check the user's age bracket, you can actually tailor the list to what the user can realistically watch.
There are only about 120 versions to target if you pick each individual age - or a handful if you bracket it. You can simply create a lookup table for eachage group and let the user's device decide which one to show.
The user can voluntarily give the platform their age by typing it into their account profile in that streaming app. You can already do this right now. No laws required.
The problem at hand is we have a new law that forces everyone to give their age to every app. It's mandatory personal info collection.
1. I don’t see how that’s better in any real way. You can infer the exact same information as querying the range and it makes dynamic behavior based on age range (ex. access to age restricted chat rooms as an obvious example) completely impossible.
2. Is it meaningfully more identifying than User-Agent? There’s dozens of other datapoints for uniquely identifying a user. If we get a few high profile lawsuits because advertising companies knowingly showed harmful ads to children, I’d consider it a win. Age is not that interesting of a data point.
I wouldn’t focus on whether it’s “identifying” but whether it’s revealing. Young teenagers are a very high-value target for advertisers. They are very impressionable, and they provide a proxy for advertisers for their parents’ money. So this law essentially makes it mandatory to share that information with advertisers. And also by proxy, predators.
It also makes it explicitly illegal to do use it for such purposes. While I agree on the point, I think in practice it changes little. I also think it could be a net positive, because now there’s no plausible deniability about the targets age, opening up a decent amount of liability for exploitative practices targeting children specifically.
It's so much better. In the one case, the OS is leaking age information (even if just an age range) to every service it talks to. In the other case, the OS isn't telling anyone anything, and is just responding to the age rating that the app/service advertises.
How would you implement a feed of mixed content? Say you're YouTube and some videos are about puppies and some videos are about guns? How would you hide only the gun videos from the homepage when the user is under 16?
I'm not even talking about entire sections that feature blatantly pornographic or perverted content, some of which are clearly aimed at a younger audience who might accidentally stumble upon it through keywords you wouldn't expect.
1. Depends on how it's implemented. It won't identify you to individual platforms if the OS filters on a per-app or per-website basis. And yeah, there would be no dynamic behavior based on age, as that would enable tracking based on age. I don't think any kind of API is the ideal solution though, it's just better than the malicious one being mandated in the Cali bill. Instead of an API, it's simpler and more effective to just have an app installation lock (like sudo on Linux) and a firewall for website blocking with a nice UI in the phone's settings, locked behind a password/pin.
2. Other data points like User-Agent are not required by law, and browsers already spoof user agent by default. I agree that there are other data points we need to address, but the problem in this specific case is the slippery slope of legally-mandated data points. And I don't think winning high profile lawsuits is a real "win", it just exposes problem which we already know in this case. Keep in mind those people can get away with the Epstein files.
> The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age.
How would you make that happen? Many websites would not be subject to your jurisdiction.
But even that's still not a great solution. I outline a better solution that doesn't require any legal enforcement at all, in the link at the bottom of my original comment.
We're actually seeing this play out right now with the server-based age assurance systems which are already widely deployed and mandated under the UK Online Safety Act and laws in about 25 US States. In many cases, the sites just comply, presumably because they are worried that the regulators have a way to reach them even if they aren't hosted in the relevant jurisdiction. In some cases, however, the sites just ignore the regulations or tell the regulators to pound sand, as 4Chan is doing with UK OfCom: https://www.bbc.com/news/articles/c624330lg1ko
So? The same problem exists for having the OS broadcast the user's age range to all apps/services/websites: the service outside your jurisdiction doesn't have to actually restrict content based on age.
At least with the reverse system (services broadcast an age rating), you have some nice properties:
1. You can set it up so that if the service doesn't broadcast an age rating, access is denied.
2. You aren't leaking age information (even if it's just a range) to random websites outside your jurisdiction.
Apps need to know the age of the user in order to follow the law. There will always need to be a way for apps to get the age of the user. If the OS does not give anything the apps will have to implement it themselves.
Counter-surveillance is not a binary switch. We can win by forcing the government to use increasingly expensive backdoors and exploits (>$10k per capita per year, beyond which mass surveillance is impractical even with a $1T budget). Hardware backdoor capabilities are costlier to maintain and use than something at the app level. Encrypting content and leaving metadata exposed is still better than encrypting nothing because they'll have less info to work with which means more effort. The point of all this is not to make it impossible for the gov and corps to surveil a targeted individual (of course they'd be able to if they expend enough resources). The point is to ensure that they only have enough resources to do targeted operations rather than blanket mass surveillance. The former is fine for a democracy, but the latter destroys it.
I always remind myself and everyone else that human DNA is "only" 1.6 GB of data, and yet it encodes all of the complex systems of the human body including the brain, and can replicate itself. Our intuitive feel of how much stuff can be packed into how many bits are probably way off from the true limits of physics.
For now, the DNA replication and the synthesis of RNA and proteins using the information stored in DNA are the best understood parts about how a cell grows and divides, but how other complex cellular structures, e.g. membranes or non-ribosomal peptides, are assembled and replicated is much less understood.
We need more years of research, perhaps up to a decade or two, until we will be able to know the entire amount of information describing a simple bacterial cell, and perhaps more than that for a much more complex eukaryotic cell.
Human DNA has 3.2 billion base pairs, and with 2x the information density compared to binary systems (due to 4-letters as opposed 2), that's roughly 800MB of informational data.
Second, what's even more crazy is that roughly 98% of that DNA is actually non-coding.. just junk.
So, we are talking about encoding entirety of the logic to construct a human body in just around 16MB of data!!!
That's some crazy levels of recursive compression.. maybe it's embedding "varying" parsing logic, mixed with data, along the chain.
As another poster has said, much of the "junk" is not junk.
The parts of the DNA with known functions encode either proteins or RNA molecules, being templates for their synthesis.
The parts with unknown functions include some amount of true junk caused by various historical accidents that have been replicated continuously until now, but they also include a lot of DNA that seems to have a role in controlling how the protein or RNA genes are expressed (i.e. turning off or on the synthesis of specific proteins or RNAs), by mechanisms not well understood yet.
It encodes the data on top of locally optimal trajectories in the physical world that were learned in millions of years of evolution. Treat this as context, not weights.
