The site would only know that the user’s age is being vouched for by some government-approved service. It would not be able to use this to track the user across different devices/IPs, and so on.

The service would only know that the user is requesting that their age be vouched for. It would not know for what. Of course, they would have to know your age somehow. EG they could be selling access in shops, like alcohol is sold in shops. The shop checks the ID. The service then only knows that you have login credentials bought in some shop. Presumably these credentials would not remain valid for long.

They could use any other scheme, as well. Maybe you do have to upload an ID, but they have to delete it immediately afterward. And because the service has to be in the EU, government-certified with regular inspections, that’s safe enough.

In any case, the user would have to have access to some sort of account on the service. Activity related to that account would be tracked.

If that is not good enough, then your worries are not about data protection. My worries are not. I reject this for different reasons.

Strictly speaking, neither needs to know the actual identity. However, the point is that both are supposed to receive information about the user’s age. I’m not really sure what your point is.

But this proposed data center is so big, it would have its own dedicated energy from gas generation and renewable sources, according to Collins and company officials.

The “depending on how you count” probably refers to the renewables.

There are 3 parties:

1. the user
2. the age-gated site
3. the age verification service

The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.

A phone can also be shared. If it happens at scale, it will be flagged pretty quickly. It’s not a real problem.

The only real problem is the very intention of such laws.

The key doesn’t have to be on your phone. You can just send it to some service to sign it, identifying yourself to that service in whatever way.

Been wondering myself. It’s certainly part of the general right-ward trend. Societies are becoming more illiberal. It’s not just the right that is moving to the right.

Obscenity laws have always been about enforcing the “correct” sexuality. Protecting minors meant preventing them from becoming “confused”; ie becoming LGBTQ.

You also have growing nationalism. In Europe, people are saying we should enforce “our laws” and “our values” against meddling foreigners (ie Big Tech). It often sounds a lot like the rants against the “globalists” that have been a staple among the US far right for decades. Age verification is part of that.

For example, Germany has long enforced age verification within its borders. It’s part of the whole over-regulation thing that makes competitive tech companies almost impossible in Europe. For some reason, Europeans have trouble accepting that. You can see it here on Lemmy. The solution must be to enshittify everything to level the playing field.

The VCs can hop on a plane and invest the money in the EU, if they think that’s what makes them a profit.

I know some people that regulations should be changed so that European banks can make riskier investments and do VC funding. I don’t see why they would invest in Europe and not in the US, like anyone else. They are all chasing the same profits. European VCs can hop on a plane to Silicon Valley and dump the money there.

I don’t know if deregulating banks is a good idea. I’m skeptical because I remember the 00s. But I don’t have the qualifications to judge.

Yes. Germany had StudiVZ. It shows that regulation isn’t the only problem. The fragmentation caused by language barriers is a serious problem. Still, regulation is the problem that could be easily addressed. StudiVZ was forced to split its user base; to segregate users under 18. That didn’t help.

Today, AI could help a lot with the language barriers. That’s also something the Americans don’t think about much. It’s no coincidence that DeepL, an early AI company, is European. But with the regulatory headwinds, I’m really pessimistic about their future.

Ahh. That’s how you’re part of the industry. People without a financial interest aren’t quite so keen on embracing cyberpunk dystopias.

Thanks for the reply. One thing that baffles me about Lemmy communities is how some contradictory opinions exist side by side without argument. Some praise the open nature of the Fediverse, while others call for the strictest rules on data sharing. Actually, I’m not really sure what the latter group does here.

I would consider that the perfect solution.

One problem is that a solution isn’t obvious. The copyright industry hasn’t succeeded in making a truly effective DRM system. The missing link is lots of surveillance. You need to look for signs of tampering and then arrest people. It’s like with a burglary. Locked doors and windows can’t even stop an amateur for more than a few seconds. But maybe someone notices a window being broken. The world and Europe are moving in that direction but we are not nearly there.

An additional technical problem is that European data rights are complicated. You need to determine who has what rights in the data. AI may be very helpful here.

But the real problem is not technical. The Americans build services that people want to use. European policymakers don’t care if anyone wants to use it. The only concern is to make sure that the wrong use can be stopped. It’s enshittified by design.

It’s certainly not bad. I didn’t mean to sound critical. I just wanted to point out that it very much exists. Even Meta offers e2ee, and, I think, faced some legal criticism.

Here’s an unpopular opinion: This won’t happen because the policymakers don’t want it to happen. It’s fundamentally opposed to what they want. And I’m not spinning some conspiracy tale here. Listen…

The debate involves many ambiguous terms that people like him interpret one way but which actually mean something entirely different. The correct understanding is ultimately the legal definition. That’s the one that determines if armed people (ie the police) will come and take away your computer.

the AT Protocol allows users to own their data

To a copyright person, this would mean functioning DRM. It means complete control over what happens to their content, regardless of where and how it is stored. They have the law on their side and the policymakers. Mind that the media is part of the copyright industry and they have outsize influence over public opinion. As far as they are concerned, the problem with Big Tech is that they are not paid enough for their rights.

Many people on Lemmy feel the same way about GDPR. Unfortunately, Lemmy’s hive mind is dominated by misconception about GDPR. But it is true that it is far-reaching and would be well served by the same perfect DRM of which copyright people dream.

The ideal European internet is one that has DRM built-in from the bottom so that everyone can exercise their legal rights under copyright law, the GDPR, the data act, and possibly others.

A freewheeling federated network is legally problematic. Even insofar that it is legal, it is fundamentally opposed to what policymakers and much of the public want. Free speech is an American value and emphatically not European.

If you don’t believe me, you can look at tax-funded projects like Gaia-X and then imagine what the social media equivalent looks like.

People i haven’t met should not be able to see anything I post, even if we share friends. I’d make it so you’d have to connect with NFC or something before they could see your stuff.

Sounds like you want an E2E encrypted group chat rather than social media.

What you mean by “connect with NFC”? Like meet in person to connect?

And also, PSA:

LVMH is owned by Bernard Arnault, the richest man in Europe and the 5th richest in the world, according to Forbes. In many years, he was the richest, ahead of the American tech founders.

I know many people have been bamboozled into thinking that Europe doesn’t have oligarchs. Well, now you know.

I believe that no one should be as rich as the people who top the Forbes 500. But many people on the list have made their wealth through a reasonable contribution to human progress. EG making a well-functioning search engine as Google used to be was a laudable achievement. Luxury clothes are purely extractive.

I know what you mean. Apparently, finance people use “bazooka” to mean radical, drastic measures of any kind. I don’t know any finance people, but I’ve also seen the term used in relation to central bank policy.

The ACI really does include some very serious stuff. It’s not just for ordinary trade disputes but for, basically, economic war.

What wording do you mean? “Trade bazooka” is actually an established nickname.

The idea is that companies are bartering service for data. That would mean that they would have to pay VAT, just as if money had been exchanged. Seems pretty stupid. I doubt it will go anywhere.

Of course, the GDPR does turn personal data into a kind of intellectual property. It seems to be the general mood in the EU to turn all data into intellectual property. I wish I knew why such neo-feudal ideas are on the rise.

This is closer to the idea: https://www.w3.org/TR/1999/WD-Micropayment-Markup-19990825/

1. Clickbait is one of the bigger problems on the net. I don’t want to pay for more of it.

2. I am much less opposed to being tracked than some people here. But the complete and unavoidable surveillance implied by such a scheme takes it a bit far.

Actually, given Lemmy’s usual knee-jerk reaction to tracking and commercialization, I can only assume that people aren’t thinking through this proposal.