Coming to a website near you this summer: the European Commission is close to a ‘solution’ that could force people to use their government-issued ID to get online. EDRi and EFF’s concerns about threats to everyone’s privacy and data protection, a chilling effect on access to information, and digital exclusion – harming the already most marginalised in society - remain unsolved.
Another episode of EU trying to kill internet. People are already switching from websites to chats because websites are not usable after all those laws, if they ban chats people will switch to something else. The number of protocols are unlimited.
Visits website.
“Age verification req-”
Closes website, never visits again.
Or
Turns on VPN to connect from Australia
No it won’t. Stop flooding the instance with garbage.
This is to track and identity online dissent
Hey EU? Do you remember when you forced every website to ask for permission to store cookies and made the entire web immeasurably worse to use without in any way having a positive impact on people’s right to some fucking privacy?
Yeah.
The problem with the cookie law wasn’t the concept of it, it was the EU’s failure to crack down on malicious compliance.
They should’ve revised the law to make it opt-out by default.
If you make it opt out by default, They could just design the software to not let you enter the page unless you opt in. Often get the page opt out get a nice advertisement for the service.
Even using cookies to help with load balancing is a pain in the ass these days. There’s a fuck ton of legitimate reasons to use cookies, If you want to stop tracking, Make it illegal to track people and sell advertising data based on it.
A massive number of people would just not engage with the website if that happened, and they’d give in very fast.
Agreed. The sentiment was fine, the execution terrible.
you’ve never had to ask for permission to store cookies that are required for your site to work. you have to ask for permission for third party trackers to store cookies when people use your site. it’s just that web developers either can’t read or can’t live without letting google track their users’ every move.
That’s also not entirely correct.
you’ve never had to ask for permission to store cookies that are required for your site to work
You don’t need to ask permission for cookies that are strictly necessary for your site to work. They can contain personally identifiable information (PII) but only to the extent that is strictly required for the functionality to work. If your “required” cookie does anything more than what is strictly necessary (such as collecting more PII than it needs or has built in tracking) you need to ask consent.
you have to ask for permission for third party trackers to store cookies when people use your site.
If you’re using something like on premise tracking, like Matomo, then you still have to ask permission. There are some exceptions like if you don’t use cookies and you don’t track PII.
And just for extra clarification, if you are collecting PII (for example into logs) you need to ask permission even when you’re not storing any cookies.
yeah but that’s gdpr, not the cookie law.
My bad. For some reason I associate all the consent pop-ups with GDPR as I don’t remember any pop-ups prior to GDPR.
yeah the cookie law was way earlier, like 2010. gdpr was 2016.
we both know it’s the second one :P
What’s wrong with being able to opt out of cookies? This does not seem comparable at all.
The following:
If companies are indulging in abusive use of cookies (or index DB, local storage, plugins or other things) then ban those abusive use of cookies and fine companies that transgress until they stop. The EU essentially caves to industry pressure and put the burden on the individual visitor, which just allowed the companies to make it very, very annoying to opt out. Have you noticed how ‘allow all’ is always a single click, but allow none isn’t, if the option exists at all? Regardless, those settings? Guess where they’re stored: Cookies. Which means that those of us who were already preventing local storage of data are now having to deal with those lovely “choices” over, and over and over. Every visit to youtube, every newspaper article we try to read.
This was not an improvement in my quality of life. And I doubt the practical efficacy to boot. Can’t track user behavior and Internet usage patterns by way of cookies anymore? Fingerprinting to the rescue.
Nope. Happy to identify myself with credentials to specific service or content providers, but not for general internet access.
For example, in Australia I use a government issued identification service to identify myself to government sites, like our tax office, or medical cover. That’s fine.
Obviously not going to use a government id number to identify myself to facebook or whatever though.
This would fit “A Boring Dystopia” well. I think protecting data isn’t the way to go. The effects of it can already be seen:
All the burocracy for common people, no burocracy at all for Big Tech. No IP, no robots.txt. They are trusted and can do whatever they like, starting on your phone. It honestly looks like another form of aristocracy.
How could this possibly be GDPR compliant?
fun fact, governments don’t have to care about gdpr.
Actually they do. They can’t just process your data without your consent. The exceptions where they can process your data without consent are (at least to my knowledge) legal obligation (for example processing your income to calculate your taxes) and public interest (for example doing statistics on households), both requiring some legal work before actually being allowed to be used without your consent.
Technically they can do so that they don’t have to care about GDPR but then it also has to become public knowledge that they don’t want to care about GDPR and it becomes the responsibility of the citizens to oppose such moves.
EDIT: Forgot to add that in this case it most likely would become part of the law so yeah, they wouldn’t have to care about GDPR in this circumstance.
So I’ve actually looked into the EU wallet stuff quite a bit. The article talks about age verification. The way the EU wallet works is that you can share individual attributes, you don’t need to share your identity at all. When you load your government ID into the wallet, one of the fields is
over_18which has a boolean value (true or false). Any service that requires you to be 18+ would only need to request this single attribute, nothing more. No names, no other personal information, just the fact that you’re over 18.
Fuck you I wont do what you tell me.
I never wanted to commit Identity fraud, but if the EU makes me, I wont have a problem with torrenting a bunch of Child pornography under the name of eu officials.
You will, it’ll be protected and the police will come for you.
All those “I won’t have a problem” imply you’ll be strong enough, they will be ready for you.
goes to rotary phone, calls ISP - Cancel my service
My non-existent child is 16 year old. They are old enough to consume adult stuff.
So they can’t.All those ipad kids. Where are your parents?
I once remember reading either an article or a comment here somewhere about a different solution that could be easier for nearly everyone.
Despite every country having their own laws/standards about how old people must be to view certain things on the internet, we can all at least agree on what categories we may want to restrict (e.g adult content, social media, user interaction, etc.). After defining all of these categories, we could add a HTML tag in the header of all of our websites that tell us which of these categories apply. The only thing that would need to happen on the user side is for them to instruct their browser which of these tags should not allowed to be loaded. Instead of each of these websites needing to collect IDs and face scans to verify an age, they could simply tell the user which categories of content they are, have the client device compare it to the list of restricted content and act accordingly.
A quick example: Client connects to Instagram -> Instagram’s HTML header contains the tag “social_media” -> Client’s browser sees that “social_media” is in the blocklist -> User only gets a restricted content screen
While the technical side would be easy, this solution still relies on the websites to be honest about their category and for the user to enforce this blocklist. The Australian government would not have a hard time making sure that Instagram and other widespread social media websites are honest about their website content, but the sheer volume of other websites on the internet would be impossible to enforce. This would either require trust in the goodwill of others (which is not easy to find in an enormous anonymous space) or to have automated crawlers try to guess the tags or just to rely on the many public blocklists to fill in the gaps. The second half of this solution is for the tags to actually be blocked by the browsers. Since these restrictions only ever apply to children, we should task their parents with ensuring that their children can only use web browsers with these blocklists enabled. I assume that any operating system worth their salt has options to restrict installation of other software, so the only change that would need to be made is for browsers to also come with parental controls that allow parents to set these blocklists and prevent them from being changed without permission. “User interaction” and the names of the other tags are likely alien phrases to many parents out there, so the browsers should probably offer simple blocklists that state their purpose, e.g “Australian social media restriction for children under 16”. If parents really want their children not to be on social media, they shouldn’t expect technology to do all of the parenting for them. We can give them simple, safe and secure tools to allow them to control their children’s access to their devices, but they should still be responsible with actually using them and ensuring that they aren’t being circumvented.
What do you think about this? Can we rely on websites honestly tagging their content, devices coming with working parental controls and parents properly using them? Or must we really scan everybody’s face and ID before letting them use social media? My solution does place a lot of (maybe misguided) trust in websites and parents, but I think that this is the easiest way for every restriction on children using certain parts of the internet to be enforced, while still respecting people’s privacy.
we can all at least agree on what categories we may want to restrict
nope, we can’t. lgbtq+ friendly spaces? copyrighted content? dissenting political views? some countries criminalise that, how should we tag it?
we could add a HTML tag in the header of all of our websites
broski, we had to relax the standard for what is allowed in html because nobody does it correctly. good luck enforcing this.
The only thing that would need to happen on the user side is for them to instruct their browser which of these tags should not allowed to be loaded.
who are “they”? are you suggesting direct government access to the browser? or, if it’s on the user, why would they do it?
Since these restrictions only ever apply to children
says who? porn is straight up illegal in some countries.
We can give them simple, safe and secure tools to allow them to control their children’s access to their devices
we already have those and parents are not using them.
You’re entirely correct, I discussed this with someone else after writing my comment and they raised the exact same points. Banning and blocking won’t solve the problems, only education will.
i don’t know if that actually helps either…
also, reading over my reply it came across as a bit aggressive, so sorry about that. not my intention
To be fair, it’s a pretty rage-inducing proposal.
I don’t like the idea but look where anonymity has gotten us. Lots of hate and false bravery hiding behind an alias.
Now there can be lots of hate and false bravery but with doxxing.
I can’t wait to get SWAT’d because I said something bad about white supremacy.
I didn’t notice there to be less hate in spaces mostly without anonymity, or less false bravery.
However, being “anonymous”, but identifiable with some work is still better than being identifiable immediately.
It’s the opposite of security, people create tools to have perfect forward secrecy, ephemeral keys, deniability - all for good reasons, now someone wants put a metaphorical gun to everyone’s heads telling we’ll be safer.
It’s really better to not say anything approving in that direction. Every word matters.
I preferred the pre-tech “phonebook” stage where all you had was your name (and whatever else was attached to it based on one’s own behaviour).
But that’s also what we had in early 00s. A bunch of emails, a bunch of ICQ numbers, other such things, but ultimately your only persona to contact with others was your real one.
