People who live in authoritarian states like North Korea or California can (and arguably should) ignore the fact that GrapheneOS is illegal where they live and use it anyway.
As the complexity of a system increases, the number of single points of failure also tends to increase. Sometimes you can make sure that several subsystems need to fail before the whole system fails. Often, the best you can do is swap one SPoF (e.g. unreliable power grid) for another, more robust SPoF (unreliable UPS).
"Actual malice" is confusingly not about if the defendant was acting maliciously. It is specific legal jargon meaning that the defendant knowingly or with reckless disregard for the truth made the false statements.
Going on the stand and stating that you "don't know" whether the allegedly defamatory statements you are suing over are true or not is a... bold legal strategy.
The ACLU called it a SLAPP lawsuit. If true, they probably didn't care if they won or not.
That said, going on stand when your opponent has proven they can and will use your words and actions against you in the court of public opinion is a... bold strategy.
Honestly it was pretty ballsy of Afroman to release songs during the trial (which did come up, but I think they sort of ignored due to some law that changed in 2024?)
>Going on the stand and stating that you "don't know" whether the allegedly defamatory statements you are suing over are true or not is a... bold legal strategy.
if the statement is true, that's a defense against defamation.
if the statement is not believable, that is also a defense against defamation.
it actually was legal strategy designed to dance around the legal strategy behind those questions being asked, taking the air out of your insult
Are you saying you believe the cop who said, under oath, he "doesn't know" whether his wife could be having an affair with afroman chose to do that as part of a deliberate legal strategy? And that you think this casts him in a more positive light than merely being clueless?
That wasn't actually what I was implying. Just that if the plaintiff isn't even willing to assert that the statements were false, what are you wasting the court's time for?
> He falsely claimed my wife is cheating on me!
> So you assert that your wife didn't cheat on you?
> No.
> ???
If there's no information provided beyond proof-of-age, what's stopping my friend's 18 year old brother from lending his ID to every 14 year old at school? IRL that's negated by the liquor store clerk looking at the kid who is obviously underage and seeing that his face doesn't match the borrowed card he just nervously presented.
> what's stopping my friend's 18 year old brother from lending his ID to every 14 year old at school?
MitID is 2fa. You log in with username, then you have to open the app, enter password or scan biometric, then scan the QR code of the screen* and you are logged in.
He would need to be next to you every time you log in. I think that is too high friction to make it feasible on large scale.
* Assuming you open the website on the Desktop, and MitID on phone. If both on phone, skip this step.
If people have to go through OS auth flow each time they open a website, that will drive everyone mad. One of the key motivators for politicians is not making everyone mad, so the polls don't drop.
Also, I reckon most children know the password for their parent's phone or computer, and many more will find out if there is a highly motivational factor for doing so. How many exhausted parents just toss their phone to their child to stop them whining?
I suppose it could be a biometric sign-in with facial recognition or fingerprint, but again, that's a tonne of friction for the whole web.
That's how the user interface works. What is it doing at the protocol level? What stops someone from building a service that mints anonymous verification codes on a massive scale and distributes them to anyone who asks? Maybe with the user interface being an app kids can download to scan any QR code and pass verification.
I don't know. I would assume the account gets blocked if you do it on a larger scale, so you have to rotate account, which gets expensive fast as it's not easy to steal them?
The automated attack setup I'm envisioning is something like:
18 year old buys a cheapo laptop + phone and connects the two over ADB or some purpose built automation app (think appium). 18 year old puts the phone on a tripod pointed at the laptop screen.
14 year olds at school pay $10 a year for use of the service and install a browser extension that forwards the QR codes from whichever service they wanna use to the 18 year old's computer. Changing every couple of seconds is not an issue here, they all live in the same city and have <10ms ping.
The only high friction part of this is that someone needs to write the software for it, but that doesn't seem like all that difficult of a project and open source solutions are likely to appear within weeks of social media requiring it. If there really is no information shared with the other party beyond "yup, user is over the age of maturity" you could even run this as a free public TOR service without fear of ever getting caught.
Mhh, but then the Danish Agency for Digitisation will see that the 18 year old does a lot of age request on all day and night long. And block his account. And then he can't use his own banking, health, postal apps.
High risk, low reward.
If he throttles request to stay under a threshold, if the agency knows about it service they could use it and see which account does age requests at the same time.
Ah, so it does leak your identity through the timing side channel. In other words, your anonymity is only dependent on the govt not coordinating with service providers to de-anonymize users. I assumed the 2fa app just held cryptographic keys and did some 0kp magic to show that the cert belongs to a government-attested adult. Phoning home all the time makes it trivial for the government to abuse people's privacy; they can just compel service providers to provide logs of logins.
Well right now THAT service does not even exist. The SSO exist, the anonymous age verification was an idea from another user here. Instead of sending (face)data to a private 3rd party.
For video games it is pretty bad, because reading back a page from disk containing "freed" (from the application perspective, but not returned to the OS) junk you don't care about is significantly slower than the OS just handing you a fresh one. A 10-20ms delay is a noticeable stutter and even on an SSD that's only a handful of round-trips.
There's a lot of bad tuning guides for minecraft that should be completely ignored and thrown in the trash. The only GC setting you need for it is `-XX:+UseZGC`
For example, a number of the minecraft golden guides I've seen will suggest things like setting pause targets but also survivor space sizes. The thing is, the pause target is disabled when you start playing with survivor space sizes.
Overall if java hits the swap, it's a bad case. Windows is a like special beast when it comes to 'swapping', even if you don't truly needed it. On linux all (server) services run with swapoff.
You could verify the ID of an adult who vouches for the child they are a legal guardian of. That way, if it turns out that Brayden(M12) is actually Linda(F45) you know who to send law enforcement to to ask some very pointed questions.
That said, I don't think online ID verification is effective and even if it was, it wouldn't be worth the level of mass privacy invasion. If your goal is actually to help kids who are victims of abuse, your efforts are much better spent elsewhere. For example: making child abuse report hotlines/websites more easily accessible and widely known, fixing social services so that they actually provide better help when requested instead of making things worse, better education for children about what is and is not OK behavior even from "trusted" adults, and how to get help from someone who isn't a relative when you need it. "Stranger danger" hysteria catches all the outrage and public discussion, but is the least common source of abuse.
> fixing social services so that they actually provide better help when requested instead of making things worse
Agreed, and I wish more people would realize this. When I was a kid, one of my friend's brothers was accused of molestation. The accused kid was around 8 or 9 and the victim was around 5 or 6. The social services came in and immediately got the mom fired from her job (she was a school teacher), put the family through tens of thousands of dollars in legal fees, utterly disrupted the lives of the entire family, got the accused kicked out of school and put in a special school for troubled kids (which itself brought a whole host of issues), and nearly ripped the family apart. There was no evidence at all of the crime, other than the word of the accuser (a 5 or 6 year old child). Fast forward a few years later and the accuser apologized profusely and admitted that it had never happened. Oh and also the accused was at a friend's house at the time of the supposed molestation, and the friends' parents had told the investigators that. Law enforcement dropped the case having determined it not likely to be true and certainly nowhere near the evidence for prosecution (in fact, there was evidence that the event never happened), but social services proceeded with all of the above anyway. So yeah, there's a lot of work to do to make anybody want to trust them to help rather than make everything worse.
First, children also have a right to free speech. It is perhaps even more important than for adults, as children are not empowered to do anything but speak.
Second, it's turn-key authoritarianism. E.g. "show me the IDs of everyone who has talked about being gay" or "show me a list of the 10,000 people who are part of <community> that's embarrassing me politically" or "which of my enemies like to watch embarrassing pornography?".
Even if you honestly do delete the data you collect today, it's trivial to flip a switch tomorrow and start keeping everything forever. Training people to accept "papers, please" with this excuse is just boiling the frog. Further, even if you never actually do keep these records long term, the simple fact that you are collecting them has a chilling effect because people understand that the risk is there and they know they are being watched.
> First, children also have a right to free speech.
Maybe I'm wrong (not reading all the regulations that are coming up) but the scope of these regulations is not to ban speech but rather to prevent people under a certain age to access a narrow subset of the websites that exist on the web. That to me looks like a significant difference.
As for your other two points, I can't really argue against those because they are obviously valid but also very hypothetical and so in that context sure, everything is possible I suppose.
That said something has to be done at some point because it's obvious that these platforms are having profound impact on society as a whole. And I don't care about the kids, I'm talking in general.
Under most of these laws, most websites with user-generated content qualify.
I'd be a lot more fine with it if it was just algorithms designed for addiction (defining that in law is tricky), but AFAIK a simple forum where kids can talk to each other about familial abuse or whatever would also qualify.
> but AFAIK a simple forum where kids can talk to each other about familial abuse or whatever would also qualify.
I'm currently scrolling through this list https://en.wikipedia.org/wiki/Social_media_age_verification_... and it seems to me these are primarily focused on "social media" but missing from these short summaries is how social media is defined which is obviously an important detail.
Seems to me that an "easy" solution would be to implement some sort of size cap this way you could easily leave old school forums out.
It would no be a perfect solution, but it's probably better than including every site with user generated content.
> I'd be a lot more fine with it if it was just algorithms designed for addiction (defining that in law is tricky)
An alternative to playing whac-a-mole with all the innovative bad behavior companies cook up is to address the incentives directly: ads are the primary driving force behind the suck. If we are already on board with restricting speech for the greater good, that's where we should start. Options include (from most to least heavy-handed/effective):
1) Outlaw endorsing a product or service in exchange for compensation. I.e. ban ads altogether.
2) Outlaw unsolicited advertisements, including "bundling" of ads with something the recipient values. I.e. only allow ads in the form of catalogues, trade shows, industry newsletters, yellow pages. Extreme care has to be taken here to ensure only actual opt-in advertisements are allowed and to avoid a GDPR situation where marketers with a rapist mentality can endlessly nag you to opt in or make consent forms confusing/coercive.
3) Outlaw personalized advertising and the collection/use of personal information[1] for any purpose other than what is strictly necessary[2] to deliver the product or service your customer has requested. I.e. GDPR, but without a "consent" loophole.
These options are far from exhaustive and out of the three presented, only the first two are likely to have the effect of killing predatory services that aren't worth paying for.
[1] Any information about an individual or small group of individuals, regardless of whether or not that information is tied to a unique identifier (e.g. an IP address, a user ID, or a session token), and regardless of whether or not you can tie such an identifier to a flesh-and-blood person ("We don't know that 'adf0386jsdl7vcs' is Steve at so-and-so address" is not a valid excuse). Aggregate population-level statistics are usually, but not necessarily, in the clear.
[2] "Our business model is only viable if we do this" does not rise to the level of strictly necessary. "We physically can not deliver your package unless you tell us where to" does, barely.
reply