←back to thread

Supreme Court's ruling practically wipes out free speech for sex writing online

(ellsberg.substack.com)
693 points macawfish | 6 comments | 12 Jul 25 18:14 UTC | HN request time: 1.242s | source | bottom
Show context
al_borland ◴[12 Jul 25 18:53 UTC] No.44544145[source]
All these ID check laws are out of hand. Parents are expecting the government, and random websites, to raise their kids. Why would anyone trust some random blog with their ID?

If these laws move forward (and I don’t think they should), there needs to be a way to authenticate as over 18 without sending picture of your ID off to random 3rd parties, or giving actual personal details. I don’t want to give this data, and websites shouldn’t want to shoulder the responsibility for it.

It seems like this could work much like Apple Pay, just without the payment. A prompt comes up, I use some biometric authentication on my phone, and it sends a signal to the browser that I’m 18+. Apple has been adding state IDs into the Wallet, this seems like it could fall right in line. The same thing could be used for buying alcohol at U-Scan checkout.

People should also be able to set their browser/computer to auto-send this for single-user devices, where it is all transparent to the user. I don’t have kids and no one else’s uses my devices. Why should I need to jump through hoops?

replies(36): >>44544207 #>>44544209 #>>44544223 #>>44544253 #>>44544375 #>>44544403 #>>44544619 #>>44544667 #>>44544797 #>>44544809 #>>44544821 #>>44544865 #>>44544875 #>>44544926 #>>44545322 #>>44545574 #>>44545686 #>>44545750 #>>44545798 #>>44545986 #>>44546467 #>>44546488 #>>44546759 #>>44546827 #>>44547088 #>>44547591 #>>44547777 #>>44547788 #>>44547799 #>>44547881 #>>44548019 #>>44548400 #>>44548482 #>>44548740 #>>44549467 #>>44560104 #
conradev ◴[12 Jul 25 19:57 UTC] No.44544667[source]
You mean like this?

https://webkit.org/blog/16993/news-from-wwdc25-web-technolog...

It’s a W3C spec led by Okta, Apple and Google based on an ISO standard and it is being rolled out as we speak.

This part

  other iOS applications that have registered themselves as an Identity Document Provider.
Has some fun history: California went with an independent contractor for its mDL implementation, which ultimately pressured Apple into integrating open(-ish) standards to interoperate.
replies(5): >>44545214 #>>44546545 #>>44547146 #>>44547326 #>>44548570 #
al_borland ◴[12 Jul 25 21:13 UTC] No.44545214[source]
This is interesting, but I’d like to go a step further. I watched the first quarter of the video on where they go over how it works. The site requests data from your ID and they get that data. The site chooses which data it needs and if it will store it or it or not. Sites these days have a tendency to ask for more than what they need, and to store it for profiling purposes. The user can deny the request, but then can’t use the site. They are then left with a dilemma. Give up this personal information or not have access at all? Companies are betting on users giving up privacy in exchange for access.

What I’d like to see is for the site’s request to contain their access rules. Must be over 18, must be in country X, etc. Then on-device it checks my ID against that rule set, and simply returns a pass/fail result from those checks. This way the site would know if I’m allowed to be there, but they don’t get any specific or identifiable information about me. Maybe I’m 18, maybe I’m 56… they don’t know, they both simply send a pass. For a simple age check, a user’s exact birthday, name, address, etc are irrelevant, but I bet companies will get greedy and try to pull it anyway.

I see the monkey paw of the ID spec as leading to more companies seeking to get all our data, when they really don’t need it, and have shown they can’t be trusted with it.

I already see this with Apple Pay. When buying a digital item, some companies are awesome and simply take the payment with no other data. Others pull name, address, email, etc to make a payment when none of that is required.

replies(3): >>44545418 #>>44548053 #>>44550006 #
conradev ◴[12 Jul 25 21:39 UTC] No.44545418[source]
The spec is being implemented by Apple, who is sensitive to privacy issues.

The intent of the ISO spec is to allow you to request fine-grained data, like birth year only, but if you read the W3C standard, they explicitly call out privacy as a complex thing that maybe should be regulated.

The spec spells out the complexity: some ID verification processes actually need a lot of info! But some, like an alcohol age check, do not. The spec can do both, but it’s hard to differentiate these technically. The spec does lay out what user agents should do to make it clear which information is going where.

A bad scenario would be designing an API that is too hobbled to replace the invasive “photo of an ID” companies, which this spec seeks to do.

I’d prefer an open web standard that can be abused (with user consent) to a closed App Store-only API or the status quo

replies(2): >>44546122 #>>44548124 #
AnthonyMouse ◴[12 Jul 25 23:29 UTC] No.44546122[source]
> The intent of the ISO spec is to allow you to request fine-grained data, like birth year only, but if you read the W3C standard, they explicitly call out privacy as a complex thing that maybe should be regulated.

Aren't the regulations the problem here? If not for that nobody would be getting pressured to divulge this personal information to every shady app and website in the first place.

Suppose I want to make a service that verifies your age by asking you questions about what life was like before 9/11. Can I do that? And if I can't, is the problem the standards, or the law?

replies(4): >>44546267 #>>44546344 #>>44548080 #>>44550288 #
dcow ◴[13 Jul 25 06:51 UTC] No.44548080[source]
Are you arguing that we should not regulate porn, alcohol, and cigarettes? Or that we shouldn’t have digital ways to do the regulating we’ve been doing for decades?

If the discussion was a question of whether to regulate or not, I’d see more where you’re coming from. But the discussion is about how to effectively respond to the enforcement of existing laws now against websites. Society has grown up and we’re not comfortable giving the internet a pass because digital identity is hard.

replies(3): >>44548328 #>>44548971 #>>44549462 #
1. AnthonyMouse ◴[13 Jul 25 09:55 UTC] No.44548971[source]
> Are you arguing that we should not regulate porn, alcohol, and cigarettes?

Most of the important regulations around these things have nothing to do with the topic at hand. Requiring bourbon not to contain methanol and adult performers to be tested for STDs aren't related to the internet.

And once we're talking about the internet, those things are in a different category because alcohol and cigarettes are physical objects. You can't download vodka from Russia.

Whereas if you want to stop kids from downloading porn from other parts of the world, the police state that would require is the thing wars have been fought against and righteously so. Not because of the porn but because of what it would take to actually make those laws effective, and what it would be used for as soon as it's in place.

But ineffective laws aren't worth having, because they're all costs with no benefits, not least because then people will keep trying to make them effective and the only means to do that is the police state.

> Society has grown up and we’re not comfortable giving the internet a pass because digital identity is hard.

I feel like this kind of language is designed to make people angry. As if you're not an adult if you can look at a trade off against privacy and free speech and say "that's not worth having" instead of implementing every creeping authoritarian proposal specifically because the last one didn't solve the problem.

replies(1): >>44551445 #
2. dcow ◴[13 Jul 25 16:14 UTC] No.44551445[source]
You’re missing the point entirely. I’m talking about age requirements to purchase alcohol and cigarettes and view porn. There is not a world where we decide to restrict purchase by age in meatspace but throw up our hands and say “whelp we just can’t have digital ID presentation that would ruin society I guess we should give up on digital age verification and just let kids do whatever”. Whether the restrictions are justified or not or stupid or not, we’ve decided they should exist (and there are much more “legitimate” use cases for ID verification that happen entirely online with no meatspace concerns like banking and underwriting etc. so it’s somewhat a straw man to get hung up on porn). We’re not going to not apply our laws to the new technology that emerges as time progresses…
replies(2): >>44556368 #>>44558231 #
3. jjk166 ◴[14 Jul 25 04:06 UTC] No.44556368[source]
> There is not a world where we decide to restrict purchase by age in meatspace but throw up our hands and say “whelp we just can’t have digital ID presentation that would ruin society I guess we should give up on digital age verification and just let kids do whatever”

We've been living in exactly that world for decades without issue.

It makes perfect sense for meat space to be treated differently from the internet. A downloaded picture of a cigarette can't be smoked. The only thing that can happen on the internet is the exchange of data, and an ID requirement for that is absurd.

> there are much more “legitimate” use cases for ID verification that happen entirely online with no meatspace concerns like banking and underwriting etc. so it’s somewhat a straw man to get hung up on porn

Amazing how those use cases have survived for these decades without such a law. If I don't need to send a copy of my ID every time I sign into my bank account, what possible argument could be made for the requirement I do so to watch porn?

> Whether the restrictions are justified or not or stupid or not, we’ve decided they should exist

No, we have not collectively decided they should exist. Plenty of laws exist which are unpopular either because of the goal or the execution. Even if a law has majority support, that doesn't mean the minority can't argue against keeping or expanding it. A restriction being unjustified or stupid is a very good argument for not doing additional unjustified or stupid things to enforce that law. It's rather silly that there is a federal law forbidding leaving the country with more than $25 in nickels but it's on the books. Ensuring this law is thoroughly enforced with universal mandatory cavity searches looking for rolls of nickels would be indefensible.

replies(1): >>44557417 #
4. dcow ◴[14 Jul 25 07:42 UTC] No.44557417{3}[source]
Then change the law. I’d probably vote with you. That’s besides the point.

The hacked up solutions for the things existing “perfectly fine” over the last few decades are complete crap. Anybody who’s ever had to take photos of their ID then a confirmation selfie knows this. Anybody who’s had to apply for a loan or open a bank account online knows this. We have wonderfully secure cryptography and you’re arguing we should keep using plastic cards that you can’t even sha256sum.

5. account42 ◴[14 Jul 25 10:03 UTC] No.44558231[source]
> There is not a world where we decide to restrict purchase by age in meatspace but throw up our hands and say “whelp we just can’t have digital ID presentation that would ruin society I guess we should give up on digital age verification and just let kids do whatever”.

Yes there is and we all grew up in that world.

replies(1): >>44562380 #
6. dcow ◴[14 Jul 25 16:55 UTC] No.44562380{3}[source]
And after you take the rose tinted glasses off, it was full of spam and scams and abuse and all the other low reputation poor security crap that happens when anybody can be anybody all the time. And if that world was good/sustainable then nobody would be working to make digital identity possible, would they? We grew up in it, now it seems we’re work working to iron out the kinks.

Not everything needs or should have strong ID. But no I don’t want my children stumbling into a porn site because they got click jacked by unscrupulous advertisements they never consented to being solicited with. I don’t want them learning about the world that way. A simple age check without revealing any personal info supported by the digital credential standards being discussed here would absolutely be an improvement.

Having my age checked at the time of purchase for alcohol rather than having to present my ID to the delivery person would also be an improvement.