Weird. I call myself a developer because I don't have an engineering degree from an abet certified engineering program.
I recognize, in some capacity, that this isn't the norm and in the US "professional engineer" is protected and not simply "engineer", but it feels akin to stolen valor to me.
If there were a license in the US for it, I’d agree with you. But as is, if you are “doing” engineering, you’re an engineer.
If you are a licensed engineer of some kind, you’d state that outright.
The equivalent of stolen valor would be claiming to be a licensed software engineer; except there is no such license so it would also be fraud, misrepresentation, etc.
> If there were a license in the US for it, I’d agree with you.
Yeah, that is basically the thing in my country. You can't call yourself an engineer without passing a test, but I can't take it because there isn't one for software engineering.
Same thing for freelancing. Freelance jobs are defined in a list, and other jobs cannot benefit from the simplified tax rules that freelancers enjoy, but that list was written before software development was a thing.
I'm a software dev in the US and I never call myself "engineer" in that capacity. Always "programmer" or "developer".
I agree. Engineers have to clear a much higher bar. Even though my career was spent in medical diagnostic software where we had to get 510k clearance, I was still keenly aware that this was a fundamentally different activity from actual engineering.
I'm an electrical engineer that moved to software engineering and there's a lot of commonalities between what I do now and what I did previously as an electrical engineer. The bar might seem high, but that's the only way I know how to work, honestly.
On the other hand, with the modern division of labour in a lot of companies and with the rhetoric I see here in HN and in other places: a lot of developers are indeed not even close to being engineers.
You should just determine which carrier hosts the phone number and then go get a job there as a customer service agent or store employee. You'll get full permissions to change accounts, so you'll be able to make the change, fix your gmail, then change it back.
You probably risk some legal fallout though, so be cautious.
This reminds me of the women who sleep with Meta employees to get their accounts unlocked. It's 2026, we gotta do what we gotta do to get our digital lives back.
The cars themselves phone home all the time. You have to physically remove the transceiver to prevent it or run a jammer nonstop at the risk of a felony.
The APL readers still get you without the cars transceiver. Plus if you have automatic tire pressure sensors, those are mandated to communicate in plaintext over rf when sending the data to the car, from my understanding, and you can farm those to track location by setting up radios next to roadways.
Friday 1pm ET markets close, so news doesn't affect stock prices until the following Monday, giving emotions time to settle and everyone an approximately equal opportunity to react.
This doesn't seem like market-moving material, but maybe it's just status quo.
2. If free markets did exist they would not conform to the theory that people are using when they think of what free markets are, since people do behave rationally, power dynamics are real, and no consumer can have all of the information needed to make rational decisions even if that information were available
3. The market is providing solutions to its own failures without fixing the underlying failures because it is more profitable this way. Is buying something from a company that mitigates a problem created by the same company actually a free market, or is it just extraction?
I know that's the final destination, but I didn't see that listed in the requirements page linked above. Any proof of this affecting the current implementation?
I'd rather have to do ID verification at a government site that gives out blindable RSA signatures to browse the web with using open source software, than this overseas tech company needing to lock down the whole device and tech stack and not have to 'show ID' at all. One of these two holds elections...
Music/movie corporations and game developers must look forward to an age where people can't access the cache files or hook up a debugger to their apps anymore
I guess history made us different. Personally I have reasons to be equally distrustful to anyone who wants to know too much about me, but much more afraid of my gov't than overseas entities.
My government has already seen my government-issued ID. If my government hasn't worked out my phone number, they can always ask the phone company. My address is required for the ID, voting, and filing taxes. I don't see how the government learns anything from this?
Conversely, I would like to believe most companies do not have my government-issued ID, nor a lot of the information on it.
In this specific case your government can ban you from the web by refusing to verify. E.g. to punish dissidents abroad Belarusian dictatorship simply nullifies their IDs, and lists them as terrorists in public data. Apparently that's enough to ruin somebody's life worldwide. But at least they can use their browsers, which would be not that easy in a world where gov't-backed verification is norm on the net.
From an American perspective, i don't trust the government with the implementation details, nor do I trust our political climate, misaligned incentives, and general disinterest in good governance to implement something so sensitive.
If I lived in say, Sweden, I feel much more comfortable trusting their government to implement. In America, I feel I must always vote in a way that prevents giving any power to the government that I wouldn't want my political opponents to have over me.
In said US of America, when the government wants to know something about you, they will get everything they want from the companies - it's even written clearly in the US laws. So I'm not sure why (or where) you draw that line...
1. if they have to subpoena each site each time they need user data, it reduces mass surveillance risk. I'm okay with cops getting a warrant to access someone's gmail. I'm not okay requiring everyone to use email.gov.
2. I use a VPN and pseudonyms. they could unmask me if they cared to, but it'd be annoying. it'd be a lot more annoying if they wanted to unmask every VPN user all the time.
In a general case, your own government can literally have a gun to your head if they happen to decide they don't like you. A foreign one needs some extra steps.
And governments change. Any one might look benign now, but one election away might be different.
> My government has already seen my government-issued ID.
If you have a government ID and all you use it for is voting and paying taxes, then they know that you vote and you pay taxes.
If you have to use it for accessing the internet then they know everything you do on the internet. What you read, who you talk to, what you post, when you sleep, where you are at any given time -- it's very much not the same thing as just having a picture of you and your name.
No they do not. A properly designed government app that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age to a consuming site is manifestly different than Google adtech hoovering up as much of your activity as possible.
Oof, that's not a great premise to take as a requirement right out of the gate. More counterexamples than examples for that one.
> that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age
If it's actually deniable/anonymous then how would it work for rate limiting? If you can't correlate their activity then you don't know if the million requests are a million people or one bot with a million connections. If you can correlate their activity then it's not anonymous.
Moreover, it's a false dichotomy that we should be doing either of these things. The better alternative to corporate surveillance isn't government IDs, it's no surveillance.
A site can still choose to have a login system if it wants to. Sites can still rate limit based on IP address or cookies or whatever they use today.
The idea would be to use ZK proofs to demonstrate that "yes, this anonymous request is from a client acting on behalf of an adult human EU citizen" - that's something that is not easy to do today.
> A site can still choose to have a login system if it wants to. Sites can still rate limit based on IP address or cookies or whatever they use today.
So then you don't need either attestation or government IDs, right?
> The idea would be to use ZK proofs to demonstrate that "yes, this anonymous request is from a client acting on behalf of an adult human EU citizen" - that's something that is not easy to do today.
But how is that even useful? Is it good to exclude real people from Korea or South America? Do we really expect criminal organizations or for that matter even children to be unable to find a single adult EU citizen willing to anonymously loan them an ID?
It's about as plausible as criminals being unable to run their code on a device that can pass attestation. They're both authoritarians with a conflict of interest trying to foist a hellscape on everyone under a pretext their proposal can't even really address.
> It's about as plausible as criminals being unable to run their code on a device that can pass attestation. They're both authoritarians with a conflict of interest trying to foist a hellscape on everyone under a pretext their proposal can't even really address.
How is the system proposed by GP authoritarian? It's not actually giving away any real PII.
We could just argue that it would make Internet less usable for "illegal" immigrants who don't have a Gov ID - whcih can be seen as a problem already in itself, but still doesn't make that solution "authoritarian".
> How is the system proposed by GP authoritarian? It's not actually giving away any real PII.
These proposals have two major flaws.
1) They're predicated on a secure implementation, but any government-mandated system is going to be instantaneously ossified. Everyone will have to interface with it and then lobby heavily to prevent it from changing and requiring them to do more work. The initial implementation therefore has to be perfect. Free of not just current but also future vulnerabilities. That has never happened before and isn't likely to. But then you're proposing something with an extremely high probability of permanently compromising everyone's security as required by law.
2) They're structurally authoritarian.
Suppose the initial implementation was actually secure. I can even propose one: Every adult ID has the same QR code on it which you have to scan to be let in. There is no way of distinguishing any of them since they're completely identical even between different IDs, but only the adult IDs have them.
Great, now you just have to scan your ID to be let in. Papers, please. Are ordinary people going to be able to distinguish this from what comes immediately after, when they say the anonymity is causing kids to be let in so they're going to make the QR codes unique, allowing them to track everyone and find out who is lending a kid their ID? Then the infrastructure is already in place. All they have to do is change the implementation out from under you and it's an instant panopticon. Turnkey mass surveillance is authoritarian even if you haven't turned it on yet.
> We could just argue that it would make Internet less usable for "illegal" immigrants who don't have a Gov ID
We're talking about the internet here. People are required to be neither immigrants nor illegal for them to be citizens of another country.
You're moving the goalposts. I was responding to your claim that any verification system involves the government getting a complete record of all online activity.
If you're willing to admit this is entirely possible from a technical standpoint, there's a separate question about how useful/valuable it is.
Making it harder for children to access extreme pornographic or violent content seems useful to me. Many advertisers want to be able to say they've shown ads to a human not a bot. Humans in WEIRD* countries have more valuable eyeballs than humans in the developing world.
If you don't solve for those use-cases in a privacy preserving way, adtech will do it in an intrusive way - which is what Google are doing in the OP.
*"Western, Educated, Industrialized, Rich, and Democratic"
I have not seen any government adopt such a standard.
some EU countries claim to provide anonymous age verification services, but those only hide your identity from the relying party. the site you visited is logged to the government's database along with your identity, before you're redirected to the target site with an "anonymous" token.
one of these also rounds up people and sends them of to overseas concentration camps without due process. I think maybe white people still don't get what the rest of the world is living or experiencing.
There's more than two sides here. None of the 14 parties with >1 seat in parliament fully represents my best understanding of how to improve the country and world on any time scale (long or short), but quite a few of them come reasonably close and I would vote for them without much hesitation
(Heck, I wish there were fewer parties, like if five single-topic good parties (bij1 against racism, pirate party for internet freedoms, volt for international collaboration, party animals for environmental welfare, etc., plus greenworkersparty as the current overarching big boy) would band together, it'd be a much easier choice!)
That not every country is so lucky (not all of them have free elections, or elections at all) is a shame indeed, but at least for countries like mine I'd be much happier to have a government arrange a system than a tech corporation and foreign laws. Presuming that the 2-party system you speak of is the USA's, at least both corps are governed by your own laws, that's something!
Some Western European democracies have a well-functioning democracy. The people voting are still humans, a substantial portion votes for racist parties that economically only benefit big corporations and not them, but the damage is limited because there is no winner-takes-all. Everyone has to accept compromises.
Like, most that I'm aware of? I could start naming them all but like, is there a particular feature they all have in common that you take issue with or where should we start this conversation..?
I'm sure many are tempted to dismiss this comment, but I think it's actually great. It's incredibly easy to complain about the options out there, really easy to vilify any or all of the parties as controlled by satan/evil corporations/communists/fascists.
What's harder?
Convincing enough people to matter (in some kind of election-based system) to get behind your platform - either with you as a candidate, or working to promote a candidate or party or movement that you do believe in.
People talk like their changemaking ideas are very widely held - the way people talk it's like they believe 75%+ of the country must actually agree with them - but then they don't run for office on such a popular platform that it should be a sure election win, yes even with countervailing forces such as electoral college, Senate, etc.
It's not even Gerrymandering, a company you willingly bought stock from has always had this setup.
Contrast that to most American's experience of their vote just not mattering outside of a few swing states. Having to move across states is such a more drastic requirement than just not buying Google A stock.
Sorry, I trust Google more than my government for my data. I mean I trust photos, youtube, music, gmail, wallet, keep, etc. what is that I have left anyway? It's sad that we started from open web, but we ended up in the hands of few. Apple/Samsung, Google, Microsoft, Amazon decide basically how I live my life. I don't want to (and sometimes I try to hard), but I don't want to give up the convenience also, but not only mine, also for my family is in the same pot.
Given the chance, Google would kill you by accident.
"We're very sorry, your access to G-Pacemaker was accidentally revoked when your accounts were closed for suspicious behavior after watching a YouTube video without subtitles in a language we hadn't realized you were learning. Unfortunately, there no is appeals process as your heartbeat was terminated immediately."
To date I haven't seen an implementation that preserves privacy and doesn't allow for easy bypass because person A generated infinite tokens and hands them out via a rest request.
I have seen implementations that preserve privacy. But fundamentally it means that an adult could give a token to a kid, as you say. But how bad is that? We don't need a perfect system, we just need it to be good enough that it prevents most kids from accessing stuff they shouldn't access. Some kids will always find a way anyway.
A simple solution to "generate infinite token and hands them out via a rest request" could be one of:
* Rate-limit the token generation. Nobody needs thousands per day, right?
* Make it illegal to distribute tokens. The server sees if you request an abnormal amount of tokens, and... it knows who you are. Not too hard to investigate.
* Make "honeypots" that scare the children when they try to access/buy the token.
I don't think it makes the concept completely useless.
But you can't preserve privacy while rate-limiting token generation unless you have a way of identifying someone, which could be as simple as requiring an account.
And even if it's illegal to hand them out, it's not hard to set up a tor site to do it. I would be first in line to counter the state with such an implementation of this is the path we tread.
I think you misunderstand what "privacy-preserving" means here. The whole point is that they CAN identify you (to verify your age), but in... well a privacy-preserving manner :-).
That is, one side knows who you are, but not what you do; the other side knows what you do, not who you are.
> And even if it's illegal to hand them out, it's not hard to set up a tor site to do it.
If a kid can use Tor to get a token, they most certainly can download with torrent or use a VPN to bypass the verification. But again, it doesn't have to be perfect, it just has to be effective for enough kids.
> I would be first in line to counter the state with such an implementation of this is the path we tread.
In a functioning democracy, people should vote instead of vandalising stuff. In a non-functional democracy, I guess don't complain if someone burns your car "to counter the state" some day if you think like this.
My point is that we should fight for privacy-preserving solutions. And the first step is to get informed about whether or not it is possible to verify the age in a privacy-preserving manner. Not to prepare for vandalism.
Thanks. I appreciate the link. One thing I wasn't able to fully understand from the Kagi article: how does this solve the problem of "token handoff"? For example, if User A generates a token (from an unlimited search acct) and hands it to User B, whom has no association with Kagi, how does Kagi block User B's access? Or do they just assume it's fine because the token count is capped at a low enough value as to make it unprofitable for me, as a user, to purchase an unlimited search plan and then resell my plan at a lower price (making a profit on volume) by handing out my precomputed tokens to my resold subscribers to use?
I don't think that there is a need for a technical solution to that, though. In the Kagi example, probably they trust that their users won't do that, and someone could already resell searches this way (e.g. write some kind of proxy). Similarly, an adult can already help a kid get access to stuff they shouldn't. But the point is to make it harder for kids to do it on their own, for their own sake.
It's not computer security, where your system is "as weak as the weakest part". We don't care if a few kids access social media: the goal would be to make it such that the norm, for kids, is to not have social media.
Thank you. This helps my understanding, and I would find this solution the proper one if we determine that this road must be walked.
But I still have reservations that this would be the "foot in the door", because people like me will generate and publish tokens publicly, and then lobbyists will use this as the reason why we can't allow the use of private keys unless the website receiving them can certify they belong to the user presenting them, thus forcing a rework of the implementation.
I think there is a sane debate to have around whether or not we want privacy-preserving age verification, indeed. And how much of a "foot in the door" it is (is it building more surveillance technology, or is it actually building privacy-preserving technology that will counter it?).
My concern is that "society" may want to control social media for kids, and if we say "either you don't do it or you leak the IDs", it may end up on "ok then let's leak the IDs" without even considering the better way.
I am just very frustrated because right now, even in a place like here where it's supposed to be around tech-savvy people, the discussion feels like kids repeating what they heard: "it's like ChatControl, it's fundamentally stupid and impossible".
Makes sense and apologies if I came off that way. I just skip to the logical conclusion, which is that there is no way this is going to happen without a race to the bottom, ending by forcing privacy violations. But maybe I'm wrong. I'll be a bit more cautious with my posts.
Part of the reason we had the internet we did when we were kids was because it was so new and open. It still is just as new and open! It's mostly that large sites have emerged, and people have decided they like those more than forums, etc.
I have no idea why tbh! But I think an age gated internet is far worse a solution than parents simply enabling device management on mobile phones and filtering on their home networks.
Because you also cannot counsel anyone on how to rob a house, or steal a car, or commit arson.
You can teach them how to start a fire, and fire safety rules for the home, and you can teach them how to secure their cars and point out common vulnerabilities, but you can't actually counsel people on how to commit a crime or do something illegal.
Well, you can and I guess that is your "free speech" but the judge is also going to show you the schedule of fines and penalties.
Sure. But that means you can't make it illegal for a site to show you what a VPN is, how to use it, and explain that one shouldn't use it to circumvent a law but could, right?
Picking a lock is not necessarily illegal. You could be a locksmith in training; you could be picking your own locks. You could be just in a lab or a classroom or a manufacturer that does this stuff.
He even sells all the necessary tools to assemble a burglary kit.
I feel like his channel is some psyop honeypot to get all the criminals with Dunning-Kruger to buy his tools and then Google calls the cops before they can even jimmy a lock.
The catch with the LPL is that a lot of skill and experience also goes into picking locks. He does it reliably and quickly and efficiently because he knows how. If some goober tried to replicate his success wearing a balaclava at 3am, it may prove a bit more thorny a problem.
I recognize, in some capacity, that this isn't the norm and in the US "professional engineer" is protected and not simply "engineer", but it feels akin to stolen valor to me.
reply