Australia’s parliament has passed a law banning social media for children under 16, putting tech companies on notice to tighten security before a cut-off date that’s yet to be set.

There are existing systems that use a digital token created with the ID document. Only this token that confirms the user’s age is sent to the social media site, which means its minimally privacy invasive. Unfortunately, it seems like nothing like this is planned to be used in Australia.

Todd Bonzalez
link
fedilink
323d

I can’t see how that would ever work.

What if I lose my token? How do I get a new one? Does the old one stop working?

If the old one stops working when I get a new one, then neither was ever anonymous.

If the old one works forever even after I get a new one, then there will be a booming black market for fake IDs.

I should have mentioned that these tokens are one time only.

Amju Wolf
link
fedilink
423d

Someone still needs to create that digital token from your ID, which means someone’s still using and storing your data, and potentially selling it or having it leaked.

That’s just the reality of doing business on the Internet. This is by far the best way of doing it right now, not that this information appears to have made it down under so far.

While Australia’s new legislation is ham-fisted and poorly thought out, the intent isn’t wrong and there’s broad consensus for it (77% approval in Australia). We need to do something about the uncontrolled exploitation, manipulation and endangerment of minors by social media services. Corporations are clearly not interested in protecting them and parents are obviously incapable of it as well (although I could have told you the same thing 20 years ago). That’s precisely the kind of issue where the government is supposed to step in with regulation of some sort.

Amju Wolf
link
fedilink
English
220d

That’s just the reality of doing business on the Internet.

That’s just not true. You can absolutely get by on the internet remaining pretty much anonymous, as it is. Very few services need (and verify) your personal data; when they do it’s basically always when it’s government-mandated, and it’s for things that have a “physical” equivalent.

i.e. creating a bank account online requires your actual ID, but so it would if you tried to do it “offline” in a physical bank (and you largely have a choice on whether or not you do it online).

Then you have stuff like online shopping and such where most people probably use their actual personal information but you don’t have to and it’s generally not checked.

This is an unprecedented change, where suddenly for access to a free service someone needs to ask for and validate some very private details. And it fucking sucks.

While Australia’s new legislation is ham-fisted and poorly thought out, the intent isn’t wrong and there’s broad consensus for it (77% approval in Australia). We need to do something about the uncontrolled exploitation, manipulation and endangerment of minors by social media services.

That’s the issue though; I agree that something needs to be done, but you need to do it more or less correctly on the first try or you’ll probably make it even worse.

Letting natural consequence play its part is better than accidentally making things worse. And doing things right the first time, in a skilled and quick manner, is better than letting a mess remain as it is.

shastaxc
link
fedilink
4
edit-2
23d

And you need a central online API to validate the token, like oauth, which means any system using it needs to be connected to the Internet, and that API needs to be very reliable, kept up-to-date, and DDOS resistant.

Or require the user to enter a PIN like with x509 certs, but then you also need a way for people to reset their PIN when it gets forgotten or compromised which means a huge bureaucratic burden and expense. And between the time of needing a reset and getting it, you’ll be unable to access any services requiring your ID token which will almost definitely cause some people from making payments (if banks change to requiring a digital ID token) and who knows what else.

There will also be a requirement for hooking this death records in order to disable people’s tokens when they die to prevent identity theft. That’s going to require cooperation from private corporations (hospitals) and the government. I get that this is already done to an extent, but there are likely other processes like this that need to be established for this system to work and it’s not trivial.

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 59 users / day
  • 200 users / week
  • 637 users / month
  • 2.07K users / 6 months
  • 1 subscriber
  • 3.48K Posts
  • 69K Comments
  • Modlog