I think we don't want mandatory age verification or banned encryption for everything. However, you can't hide behind "it's not the law" as a shield for everything. Thanks to ubiquitous spyware, Meta knows damn well the age of almost all of its users, and if someone who's 40 is sending first-contact messages to 10 unknown 13-year-olds every day, it seems important to know what those messages say. They know this stuff is happening and they care about not being liable, not about your security.
We can assume Meta has backdoored its E2EE somehow anyway.
Those two things are unrelated to each other. And yes, we can do without age verification and we can have E2E encryption. Age verification is causing more harm than good. It also doesn't meaningfully help with any of the problems mentioned in the article.
Well, assuming you won't also think it's okay for Meta to just be held liable anyway.
There are people who are against age verification just on principle and others who are against it because they know any realistic implementation is going to be abused.
Can one be opposed to age verification in the OS and yet totally happy that Meta got this fine? There is a very big difference between e2e encryption /telephone and social media. Social media is more akin to a phone book. I do not recall there ever being any phone books listing minors. That's completely unacceptable and unnecessary. I am totally OK with phonebooks (or their modern digital equivalents which enable people discovery and user generated content discovery) to abide by the same KYC rules as banks. And be only for adults. Your kids using e2e encrypted messaging to communicate with their friends whom they have met in person? Nothing wrong with that, we all have the right to privacy. Kids listing their contact information publicly? Absolute no.
When you see traffic between 40 yo man and 12 yo girl which don't have any common social connections and the messages are initiated by the man, you don't have to crack e2e to suspect dickpicks.
So you want the platform to be creepier and investigate connections more intensely? And you want to intercede on an arbitrary method you just made up, without examining all traffic first?
I seem to recall someone taking pictures of their baby, naked, because it was sick, and emailing them to the doctor -- and having their Apple account terminated. Terminated, with the father being labeled a pedophile, and the police contacted (all automatically).
Everyone was quite upset. Everyone felt it was too intrusive.
Frankly, communication platforms have no business trying to police anything at all. I wouldn't want the phone company recording all my conversations, hunting for trigger words, and then contacting the police or cutting off my phone if I sad "bad word".
Yet somehow it's OK to have this level of intrusion because.. um "computers".
The state has no business listening in on private citizen's communication.
Corporations have no business doing so.
To protect the 12 year girl, something called "her parents" need to pay attention and watch what she does. That's their job. They're her guardian.
Some random corporation has no business in that. Some random corporation has no business being an 'algorithmic parent', an automated machine with no appeal.
Here's something I'd support -- a way for parents to prevent children from registering for accounts, and, to be able to examine children's accounts.
But... then we get into ID verification. Of course, surely you support ID verification for platforms, because if you support platforms knowing the age of people (40 and 12, you listed), then you therefore must support a way to verify those ages.
" And you want to intercede on an arbitrary method you just made up,"
No, they literally identified a plausibly sensible policy flag, not some arbitrary action.
These flags are used in literally every system imaginable.
They they don't conform to some hard criteria, to your criteria, or to some working or ideological group's criteria is a bit besides the point.
Every system has these for good reason.
We have laws and regulations for all sorts of things to help people - including children and parents - in a complex society.
"The state has no business listening in on private citizen's communication."
The absolutely do, depending on circumstances. While Facebook is not a place for state monitoring, it's definitely in the public interest if they flag something that is 'very bad' by some reasonable criteria, so that the state can then act if necessary. They do so within the boundaries of the law subject to judicial oversight.
Facebook is a popular social network, a place that they want people to feel imminently safe. It's a Starbucks lounge without coffee - not a 'personal hyper protected zone'.
Other places, such as Signal, Telegram etc. can have different levels of privacy aka e2e given the different offering and expectations of privacy.
Facebook more or less wants to offer a relatively safe place where the kids can hang out, where they know crazy people are not going to attack their kinds. It's a community centre not a hacker zone.
If we can get past that, then we can move onto basic issues of privacy, advertising etc. which are damaging to everyone, especially young people, for which Facebook has perverse incentives.
"The state has no business listening in on private citizen's communication."
The absolutely do, depending on circumstances.
So primary is this concept of privacy, that it requires an entire legal framework, evidence of potential wrongdoing, proof that there is no other method to achieve the goal of validating guilt, proof that the crime is severe, and not a hunting expedition, approval via a warrant after a judge has examined that evidence, and strict controls around the entire usage of that warrant.
Wikipedia says:
Lawful interception is officially strictly controlled in many countries to safeguard privacy; this is the case in all liberal democracies.
Using this edge case as "depending on circumstances" is clearly not the generic I was referencing. The statement that
"The state has no business listening in on private citizen's communication."
Is valid, correct, accurate. Listing edge cases, is not invaliding the rule. It is the exception to the rule, and considering the sheer volume of communication, compared to the volume actively tapped in a legal means, it is the most edge case of edge cases.
There is no reason I would deem a mega-corp to somehow be OK to do what I would demand the state not. That our democratic societies have deemed that our states should not.
To highlight that, the phone companies of old would be in infinitely hot water, should they listen to communication between customers, in any fashion.
A platform is not a parent, should not police, should not act as an arm of the state, or as an arm of parents, except as I stipulated, by direct request of the parents, and only to enable the parents to be a guardian. Under no circumstances should that involve the platform scanning anything, instead, the platform could simply give parents direct access to a child's account.
" that it requires an entire legal framework, evidence of potential wrongdoing, proof that there is no other method to achieve the goal of validating guilt"
No it doesn't.
Life is no Reddit, lawyers and technicalities.
It's made up of regular people in communities.
If you see some guy creeping on 10 year-olds, you can notify the police and Facebook will do that as well - for the same reason.
It may not at all need to involve 'state surveillance', and Meta can probably hand over whatever they want to the police in that circumstance.
The police can make a decision as to how to proceed.
A bit like if someone was harassing someone on the street.
Or if an unknown person starts hanging out outside by a schoolyard in a way that seems inappropriate.
We don't want to transgress people's rights but we also are going to look at 'negative signals'.
With e2e encryption, the signals you have are pretty minimal.
Let's say a 40 y/o man finds a phone on the ground, sees a name stuck on it, googles "name + town" and finds the facebook of a 12 y/o girl, and messages "Hey I found this phone, do you recognize it? <photo>"
With e2e encryption, you can't easily tell the difference between that and a creep.
This thread is advocating that exactly that case should result in a police visit with the assumption of guilt.
You build the strallman to destroy. We are not talking state, we are talking the social network which advertises itself as safe to children, absolutely has metadata for approximate age and social connections, where one can identify as minor deserving protections, and which social network prefers to increase engagement at *any* cost to its users.
So nice of you to know what I want without me even implying it using examples that are contrary to the conversation making arguments that you've invented for purposes that only you can imagine.
But just imagine that kids' accounts are coming with restrictions and privileges and when one account is marked as such, accounts marked as adult cannot initiate contact and the kids's data is automatically private, and those accounts cannot be comercialized under any shape or form.
So nice of you to know what I want without me even implying it
Yet you did imply it, as I said, by mentioning the age of the persons involved.
There is no accurate way to know age, without some form of identity or age verification. Presuming a child will have an account marked "child" is folly, for kids can just sign up without a parent's knowledge, creating a second account. If the goal is to actually protect and be a pseudo parent for the child, then actually ensuring that a child cannot have an adult account is part of that.
My point is, TSA style "we're doing things which look secure, but are not helpful and only inconvenient" isn't going to help. It will only give the appearance, not the actualized result of security.
No, the child can mark itself as a child. The implication is in your imagination. There are lots of children (even most) which do not feel the need to upage themselves on the internet, but where they get only the downsides of children accounts and get utilized by the platform.
This is one of the first times the court found the platform itself can be liable, overruling frequent industry claims that they just host content and are never responsible for the content.
$375 million sounds big but is peanuts compared to their annual revenue. And of course Meta will appeal and then try to drag everything out for years and years. Expect copycat lawsuits.
These platforms expose minors to predators and bad actors, and Meta was proven lying about safety.
[dupe] Discussion: https://news.ycombinator.com/item?id=47509984
We don't want age verification, and we do want E2E encryption. Yet, because Meta is an evil company, we cheer on this judgement.
Reality, folks: you can't have both.
I think we don't want mandatory age verification or banned encryption for everything. However, you can't hide behind "it's not the law" as a shield for everything. Thanks to ubiquitous spyware, Meta knows damn well the age of almost all of its users, and if someone who's 40 is sending first-contact messages to 10 unknown 13-year-olds every day, it seems important to know what those messages say. They know this stuff is happening and they care about not being liable, not about your security.
We can assume Meta has backdoored its E2EE somehow anyway.
Those two things are unrelated to each other. And yes, we can do without age verification and we can have E2E encryption. Age verification is causing more harm than good. It also doesn't meaningfully help with any of the problems mentioned in the article.
Well, assuming you won't also think it's okay for Meta to just be held liable anyway.
There are people who are against age verification just on principle and others who are against it because they know any realistic implementation is going to be abused.
Can we just agree we just don’t want Meta?
Can one be opposed to age verification in the OS and yet totally happy that Meta got this fine? There is a very big difference between e2e encryption /telephone and social media. Social media is more akin to a phone book. I do not recall there ever being any phone books listing minors. That's completely unacceptable and unnecessary. I am totally OK with phonebooks (or their modern digital equivalents which enable people discovery and user generated content discovery) to abide by the same KYC rules as banks. And be only for adults. Your kids using e2e encrypted messaging to communicate with their friends whom they have met in person? Nothing wrong with that, we all have the right to privacy. Kids listing their contact information publicly? Absolute no.
$375M - That’s it?!
It should be a couple of billions or 15% of the profit.
So... end to end message encryption means meta can't see messages child molesters are sending to children.
As it should. If they can read those messages they can read anyone's messages.
When you see traffic between 40 yo man and 12 yo girl which don't have any common social connections and the messages are initiated by the man, you don't have to crack e2e to suspect dickpicks.
> which don't have any common social connections
How would you actually know this? Facebook is a surveillance company, but they are not omniscient.
So you want the platform to be creepier and investigate connections more intensely? And you want to intercede on an arbitrary method you just made up, without examining all traffic first?
I seem to recall someone taking pictures of their baby, naked, because it was sick, and emailing them to the doctor -- and having their Apple account terminated. Terminated, with the father being labeled a pedophile, and the police contacted (all automatically).
Everyone was quite upset. Everyone felt it was too intrusive.
Frankly, communication platforms have no business trying to police anything at all. I wouldn't want the phone company recording all my conversations, hunting for trigger words, and then contacting the police or cutting off my phone if I sad "bad word".
Yet somehow it's OK to have this level of intrusion because.. um "computers".
The state has no business listening in on private citizen's communication.
Corporations have no business doing so.
To protect the 12 year girl, something called "her parents" need to pay attention and watch what she does. That's their job. They're her guardian.
Some random corporation has no business in that. Some random corporation has no business being an 'algorithmic parent', an automated machine with no appeal.
Here's something I'd support -- a way for parents to prevent children from registering for accounts, and, to be able to examine children's accounts.
But... then we get into ID verification. Of course, surely you support ID verification for platforms, because if you support platforms knowing the age of people (40 and 12, you listed), then you therefore must support a way to verify those ages.
" And you want to intercede on an arbitrary method you just made up,"
No, they literally identified a plausibly sensible policy flag, not some arbitrary action.
These flags are used in literally every system imaginable.
They they don't conform to some hard criteria, to your criteria, or to some working or ideological group's criteria is a bit besides the point.
Every system has these for good reason.
We have laws and regulations for all sorts of things to help people - including children and parents - in a complex society.
"The state has no business listening in on private citizen's communication."
The absolutely do, depending on circumstances. While Facebook is not a place for state monitoring, it's definitely in the public interest if they flag something that is 'very bad' by some reasonable criteria, so that the state can then act if necessary. They do so within the boundaries of the law subject to judicial oversight.
Facebook is a popular social network, a place that they want people to feel imminently safe. It's a Starbucks lounge without coffee - not a 'personal hyper protected zone'.
Other places, such as Signal, Telegram etc. can have different levels of privacy aka e2e given the different offering and expectations of privacy.
Facebook more or less wants to offer a relatively safe place where the kids can hang out, where they know crazy people are not going to attack their kinds. It's a community centre not a hacker zone.
If we can get past that, then we can move onto basic issues of privacy, advertising etc. which are damaging to everyone, especially young people, for which Facebook has perverse incentives.
"The state has no business listening in on private citizen's communication."
The absolutely do, depending on circumstances.
So primary is this concept of privacy, that it requires an entire legal framework, evidence of potential wrongdoing, proof that there is no other method to achieve the goal of validating guilt, proof that the crime is severe, and not a hunting expedition, approval via a warrant after a judge has examined that evidence, and strict controls around the entire usage of that warrant.
Wikipedia says:
Lawful interception is officially strictly controlled in many countries to safeguard privacy; this is the case in all liberal democracies.
Using this edge case as "depending on circumstances" is clearly not the generic I was referencing. The statement that
"The state has no business listening in on private citizen's communication."
Is valid, correct, accurate. Listing edge cases, is not invaliding the rule. It is the exception to the rule, and considering the sheer volume of communication, compared to the volume actively tapped in a legal means, it is the most edge case of edge cases.
There is no reason I would deem a mega-corp to somehow be OK to do what I would demand the state not. That our democratic societies have deemed that our states should not.
To highlight that, the phone companies of old would be in infinitely hot water, should they listen to communication between customers, in any fashion.
A platform is not a parent, should not police, should not act as an arm of the state, or as an arm of parents, except as I stipulated, by direct request of the parents, and only to enable the parents to be a guardian. Under no circumstances should that involve the platform scanning anything, instead, the platform could simply give parents direct access to a child's account.
" that it requires an entire legal framework, evidence of potential wrongdoing, proof that there is no other method to achieve the goal of validating guilt"
No it doesn't.
Life is no Reddit, lawyers and technicalities.
It's made up of regular people in communities.
If you see some guy creeping on 10 year-olds, you can notify the police and Facebook will do that as well - for the same reason.
It may not at all need to involve 'state surveillance', and Meta can probably hand over whatever they want to the police in that circumstance.
The police can make a decision as to how to proceed.
A bit like if someone was harassing someone on the street.
Or if an unknown person starts hanging out outside by a schoolyard in a way that seems inappropriate.
We don't want to transgress people's rights but we also are going to look at 'negative signals'.
With e2e encryption, the signals you have are pretty minimal.
Let's say a 40 y/o man finds a phone on the ground, sees a name stuck on it, googles "name + town" and finds the facebook of a 12 y/o girl, and messages "Hey I found this phone, do you recognize it? <photo>"
With e2e encryption, you can't easily tell the difference between that and a creep.
This thread is advocating that exactly that case should result in a police visit with the assumption of guilt.
You build the strallman to destroy. We are not talking state, we are talking the social network which advertises itself as safe to children, absolutely has metadata for approximate age and social connections, where one can identify as minor deserving protections, and which social network prefers to increase engagement at *any* cost to its users.
>~~Apple~~
NYT: “A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.” [2022]
as linked- https://news.ycombinator.com/item?id=45447606
So nice of you to know what I want without me even implying it using examples that are contrary to the conversation making arguments that you've invented for purposes that only you can imagine.
But just imagine that kids' accounts are coming with restrictions and privileges and when one account is marked as such, accounts marked as adult cannot initiate contact and the kids's data is automatically private, and those accounts cannot be comercialized under any shape or form.
So nice of you to know what I want without me even implying it
Yet you did imply it, as I said, by mentioning the age of the persons involved.
There is no accurate way to know age, without some form of identity or age verification. Presuming a child will have an account marked "child" is folly, for kids can just sign up without a parent's knowledge, creating a second account. If the goal is to actually protect and be a pseudo parent for the child, then actually ensuring that a child cannot have an adult account is part of that.
My point is, TSA style "we're doing things which look secure, but are not helpful and only inconvenient" isn't going to help. It will only give the appearance, not the actualized result of security.
No, the child can mark itself as a child. The implication is in your imagination. There are lots of children (even most) which do not feel the need to upage themselves on the internet, but where they get only the downsides of children accounts and get utilized by the platform.
> No, the child can mark itself as a child
and, an adult can mark itself as a child.
This is one of the first times the court found the platform itself can be liable, overruling frequent industry claims that they just host content and are never responsible for the content. $375 million sounds big but is peanuts compared to their annual revenue. And of course Meta will appeal and then try to drag everything out for years and years. Expect copycat lawsuits.
These platforms expose minors to predators and bad actors, and Meta was proven lying about safety.
The state has a solution - force age verification for everyone on the platforms.
The state will ask Biedscheid to direct Meta to make changes to its platforms, including adding effective age verification
After you’ve been complicit in genocide, lesser charges are just not that shocking.
They immunised us.