Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
if "it" is the middle finger, for sure. "terrifying" is a great choice of word for it.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
The methodology appears to be LLM driven, and the contextual framing which the conclusions are couched in, drive conclusions to a specific direction.
It does not clarify between two readings
1) Meta is driving Age verification efforts
2) Meta is being opportunistic with age verification efforts to further its own goals
The larger macro picture is that voters globally are tired of Tech firms and want something done about it.
The second macro trend is the inability of governments to handle/control tech, and are looking for reasons to bring tech to heel.
That’s context results in a sufficiently different degree of culpability and eventual path to resisting privacy reducing regulations.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
This type of GitHub-based open-source research project will become more common as more people use tools like Claude Code or Codex for research.
This file does not exactly fill me with confidence: https://github.com/upper-up/meta-lobbying-and-other-findings...
In one part of the report, there seems to be this implicit assumption that Linux and Horizon OS (Meta's VR OS) are somehow comparable and that Meta will be better equipped than Linux if age verification is required.
It doesn't explicitly say "This will allow Horizon OS to become the defacto OS and Linux will die out" but that seems to be the impression I'm getting which uhh... would make zero sense.
More broadly, this entire report (and others like it) are extremely annoying in that I've seen some Reddit comments either taking "lots of text" as a signal of quality or asking "Does anyone have proof that these claims are inaccurate" which is
a) Of course entirely backwards as far as burden of proof
b) Not even the right rubick because it's not facts versus lies, it's manufactured intent/correlations versus real life intent/correlations (ie; bullshit versus not)
All of this could be factually true without Meta being smart enough to play 5D chess
In this case they have named individuals and firms as well, without the degree of diligence that such call outs should warrant.
In its current state, I would count it as a prelude to witch hunts.
The Swiss implementation of eID may be hint that governments may/will take the responsibility to implement and maintain the tech, but the multiple intrusions and lobbying by Palantir and friends in the EU gives me the ick.
Firm: Trilligent (APCO Worldwide subsidiary), EU Role: EUR 680K for AI Act, DMA, DSA. US Connection: APCO offices in DC; Meta VP calls them "integrated members of our Meta team".
Firm: White & Case LLP, EU Role: EUR 50-100K. digital markets/services. US Connection: Lead international outside counsel, 70+ lawyer team.
Firm: FTI Consulting Belgium, EU Role: EUR 10-25K. US Connection: Subsidiary of FTI Consulting Inc (NYSE: FCN, HQ Washington DC).
[1] https://web.archive.org/web/20260314074025/https://www.reddi...
[2] https://www.reddit.com/r/linux/comments/1rtd51g/update_i_pul...
This sounds like the mere tip of the iceberg, as it is commented that they maintain two separate networks with no overlap (their age verification lobbying goes through local specialists with no international footprint).
Edit:
https://www.lobbyfacts.eu/datacard/trilligent?rid=5168569461...
Trilligent (APCO Worldwide subsidiary), clients for closed financial year, Jan 2024 - Dec 2024,
- meta platforms ireland limited and its various subsidiaries, 50'000€ - 99'999€: EU Green Deal, EU AI Act, the European strategy for a better internet for kids (BIK+), online safety.
- verifymy limited ( age verification business), 0€ - 10'000€: Digital Services Act; eIDAS Regulation; Strategy for a better Internet for kids (BIK+); EU Artificial Intelligence Act; General Data Protection Regulation.
- user rights gmbh, 0€ - 10'000€: Digital Services Act.
There's more money spent in lobbyism in the EU than anywhere else in the world. Lobbyism and downright corruption: like Qatari bribing EU MEPs [1] and police finding 1 million EUR in bills hidden at a MEP's apartment (in this case a bribe to explain publicly that Qatar is a country oh-so-respectful of human rights).
The EU is way more corrupt than the US and in many EU countries there's little private sector compared to the US. In France for example more than 60% of the GDP is public spending and all the big companies are state or partially state-owned or owned by people very close to the state.
And as to american companies bribing EU politicians: it's nothing new. IBM and Microsoft for example are two names everybody in the business knows have been splurging money to buy influence and illegal kickbacks have always been flying. It's just the way things have always been operating. Today you can very likely add Google and Palantir etc. to the list but it's nothing new.
EU politicians are whores. And cheap whores at that: investigative journalists have shown, in the past, the little amount of money that was needed to buy their votes. Most of them go into politics to extract as much taxpayers money as they can for their own benefit. They of course love to get bribes.
Also to try to not get caught, EU politicians voted themselves special powers and it's very difficult for the regular police to enter official EU buildings. I know an police inspector who went and arrested a MEP for possession of child porn: it required a very long procedure, way longer than usual, and the request of special authorization allowing them to enter the EU parliament (or EU commission, don't remember which but I think it was MEP at the EP).
American companies bribing EU politicians should scare you indeed: it's been ongoing since forever.
> The Swiss implementation of eID may be hint that governments may/will take the responsibility
Switzerland is in Europe but it's not in the EU: it's not representative of the insane corruption present in the EU institutions.
The real driver is as always, ad revenue. This time, advertisers want and need to know a real human is engaging the brand and Meta cannot see any other way in sight to assure this fact save for age verification.
this is just the latest evolution of surveillance capitalism.
The EU has zero knowledge proof age verification systems, e.g. through your bank, which are secure and don't involve sending a copy of your ID and / or face scan to a dodgy US based 3rd party.
Personally I’d rather not see reposts of posts this recent, especially LLM posts.
Or maybe more specifically the structure, idk not much of a writer, but many of the sentences are solid journalist quality yet the right background is not being set nor the right transitions being given etc.
My dissatisfaction mode used to be boring high school newspaper sentences but the kids still seem to _assemble_ the details a tiny bit better.
There's a vocal portion of people which opposes any solution because "privacy, government overreach, surveillance ...". So instead of a solution like e.g. zero-proof age verification, that tries to minimize intrusions on privacy, the result is the worst of all worlds, maximum surveillance (but I guess it's ok if it is not the federal government, but meta), with minimum utility. Just look at the freaking mess that is trying to proof your identity in the US.
Now, what will the platform do with it? Concretely? As in: Name one bad outcome a reasonable parent would care about that's prohibited under these bills. If the bad thing happens due to willful negligence, then there needs to be some actual material consequence to someone at the platform provider.
meta could spend their billions lobbying for that, if they wanted to
edit: to be clear, I do think a government developed and maintained ZKP ID/age system is the best possible compromise, I just don't think we have any chance of getting it
I'm not on board with any of it, but the last thing I want is the government to control it.
Also fundamentally speaking - this does just take away your right to privacy. do you just let your rights be taken away?
I don't want 'minimization' of intrusion of privacy, i want no intrusion of privacy.
A solution to what, though? I oppose any solution because I disagree with your premise: this is not a real problem. We do not need to do anything about it, and any cost would be too high.
These solutions don’t solve anything.
Care to elaborate? I'm not sure what's a mess about a driver's license, social security card. I've never once had any issue with my identity.
To put it in Godwin's terms: you're the one saying that the people denying the Jewish Question are the people enabling the Nazis. If we would just agree to the moderate compromise (fill in the blank), then the Nazis wouldn't have an excuse.
Most importantly, it's also an attack on a strawman. Nobody is arguing agains zero-proof age verification. It's probably possible, but in reality is absolute nonsense. There is no material proposal anywhere for a zero-proof age verification system that prevents individuals from being tracked. There is mathematical speculation, and proposals that vaguely and dishonestly simulate what people are pretending exists somewhere.
All of them involve individuals giving up their privacy, and insidiously substitute protecting your identity from the providers of "adult" information where protecting your identity from the government and the providers of verification services are actually the important parts. I do not give half of a shit whether some porn site knows who I am; the only reason I care at all is because they may share this information with governments and private entities that will use it to track me, manipulate me, or blackmail me.
The reason for this? Governments would lose all interest in age verification if it were possible to do it without invading my privacy. If it is possible in the abstract (which it may well be, mathematically), governments would prioritize sabotaging any company or proposal that could make it happen.
The fake proposals of zero-proofs are offering me something I don't care about in order to trick me into giving up something I value, and calling me unreasonable for not falling for it. No, I'm just not a fool.
The real solution: a legal requirement for "adult" information services to only reply to requests that declare they're from someone over the legal age to consume that information. People who give their children computers could root them to make sure that that header is stripped, you could install browser extensions to make sure that header is stripped, you could make sure that header was stripped at the router, you could make sure that everyone could make a phone call to their ISP to tell them never to allow a packet across that carried that header unless it also included a key or a password that the adults of the household could add onto their own requests.
The above methods don't take any technical sophistication at all, and would solve the problem better than computers that attested age, the computers that 14-year olds would be operating for their often computer-illiterate parents anyway.
Why aren't they used? Because this is a totalitarian game, not a serious proposal to solve a serious problem, and it is just meant to fool morons long enough to screw us all in a permanent way.
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
Or, refuse to participate or use any tech that implements OS age verification (start with communication app Discord).
The reason nothing happened was because Snowden is still a State Dept or CIA asset. He's an actor and/or a limited hangout of some kind to show the US government and claim to be doing absolutely insane bullshit and nobody cares. New Zealand retroactively changed their laws (clearing John Key of any wrong doing for illegally spying on Kim Dotcom), allowing the GCHQ to legally spy on all their citizens.
As far as refusing to work for these companies, I was on Linux at work for over a decade. But after my last job I was forced to take a .NET role and with a $30k/yr paycut. It'd like to get back into a good role again where I can use Linux, but I'm not sure if I'd be willing to stand my ground on this issue, because I also don't want to lose my house and software jobs are incredibly scares right now. Unlike Snowden, I don't have a government paycheck coming in to continue spreading lies.
Turns out they were right
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
I'm 47, and I started using the internet in my early teens through BBS gateways. I've seen every age of the Internet, and there's always been widely available pornographic materials. Why all of a sudden is this a crisis?
Perhaps I'm missing something?
Pornography is a very convenient pretext. The real target is anonymity and pseudonymity. Both have been abundantly available on the early Internet. Both were and are being gradually squeezed out from it.
Various law enforcement agencies would love to know more, always more. The more the users are required to identify themselves, link their online identity (maybe pseudonymous for other users) to their official offline identity, the easier it is to find and catch criminals. Not only criminals, of course, but even if we assume 0% nefarious intent, and only the desire to catch the evildoers who swindle grandmas out of their life's savings, this still holds.
Operators of big sites also would benefit. Easier to ban disruptive users. Many great ways to turn the precise identity into targeted ads.
The internet has become a very serious, consequential space. More like... the "real world", which was considered separate from the internet in 1990s. Now they are inseparable, so the pressures of the "real world" are equally present offline and online.
What does seem to definitely be having a severe negative impact though is social media.
Because they worked on it for decades, and it's finally showing results.
> I've seen every age of the Internet, and there's always been widely available pornographic materials.
Just because something bad happened in the past, we should stay away from fixing it? Just because you didn't (probably) suffer as much as others, we should continue looking away? And that's leaving out that the world on all levels and corners today has become significant worse than in your youth.
> Why all of a sudden is this a crisis?
It's not all of a sudden. The calls' haven been around for a decade and longer, but research has become better over the years, so it's harder to ignore them. And now there is also AI, which significant speeds up the spreading of fake news, bot messages, sexualized deep fakes, and other very problematic content.
Any reasoning after that is just fluff to get people not looking at it critically to accept it.
I think that I'm biased to think "it shouldn't be a crisis" because I saw that stuff as a kid and turned out ok, it's a prime example of survivor bias, maybe someone who saw that stuff didn't turn out that well. Also one thing I've been wondering I'm not sure if that's the beginning of my everlong cynicism. If it is, then I might have been better off without being exposed to that material that early in my life.
But even then, I think if adults knew what we were up to, maybe they would have lobbied for stuff then too.
For my 10 year old, we don't allow youtube or any other algorithm doomscrolling feed. And no voice chat in online gaming. We plan on waiting until 13 for a phone, or behind-closed-doors internet, and we use parental controls.
I'm not presenting this as an argument for age verification, I think it's a naive solution that comes with major drawbacks and won't work anyway.
But the landscape is very different and I think we should try to understand where parents who support this are coming from, because lobbying from Meta or whatever isn't the only issue.
There are parents who have been making choices for their young kids and have to start letting go at some point as the kids age, and maybe, at whatever point parents stop monitoring, they would like the kids to not be fully in the deep end. I think we should acknowledge that and explain why age verification isn't a solution, rather than pretend the world is the same and pretend don't have any legitimate concerns by saying "well we turned out okay".
(edit: reworked the tone in response to feedback)
It's not just targeted advertising, though you can open youtube kids/instagram/tiktok and see plenty of that and age brackets happen to perfectly align with leaked metas' advertising brackets. (5-10, 10-12) (group A), 13-15 (group B), 16-17 (group C), 18-24, 24-30.
I think it's largely driven by the increasing computing power
Try to start an ISP and/or become a public Certificate Authority.You will quickly run into steep requirement (admin and financial). To buy IP address space, get peering partners for traffic transit, hosting dns, hosting email (good luck getting mail delivered to the big providers without having your own users verified via mobile number). Try to build a mobile app, or phone or runtime - all the key signing, binary signing involved, the entire security model from hardware/firmware, boot, memory access, runtime safety and on and on. Then there are the intelligence agencies and various countries surveillance laws, information laws.
If you add it all together, we are already monitored 100%. They want to linked and prove the monitored device is linked a certain human beyond a doubt. Email, Mobile, Full names are not enough, they want your biometrics too. They want you serial numbers of devices and mac addresses of networked devices and SIM cards. They want it all.They want your children to have devices with camera, mic and gps trackers in. Your kids will be part of kompromat before they reach adulthood and some of them will be blackmailed by government agents and other bad actors throughout life. Some kids will be trafficked with the help of all these tech solutions, because they know exactly where your kids are at every moment.
Add home assistants, smart tv's with cameras, toys with cameras, outdoor cameras, shopping mall cameras everywhere, in-vehicle cameras and mics. Bluetooth beacons everywhere.
Add it all up and ask yourself, is this truly about child safety? Not at all. I'd argue they would be more exposed. If they wanted children safer, they'd recommend parents and schools to 100% remove kids from the internet or devices with public internet access. Why does a 10 year old need to know how to join a teams meeting and being comfortable on a video call?
Not to mention the access to weird porn and gore sites that WILL traumatize a young mind.
Then contemplate what all this data will be used for in the hands of extremists, nazi's, dictators, the effects on free speech & journalism, the propaganda machines reach on you and your family.
The internet is 10000% cooked and no longer open. It's better to disconnect from it at this point.
As I understand it, the age verification laws are part of a three pronged plan to eliminate privacy, freedom of speech and freedom of expression online.
The goals being to expand current police abuses to include LGBTQ++, reporters, democrats, non-whites, non-christians, demonstrators, etc.
It all is predictable and makes perfect sense if you assume the goal is to hold control over the white house in 2029 while being even less popular than they currently are.
maybe since minors can't enter into a contract they can't agree to TOS and therefore their content is ineligible to be used as LLM training material? just guessing.
Are people in that group powerful, influential and wealthy?
Would that group benefit from being able to use state power against individuals who just won't stop shining light on injustice?
The political planets have aligned in many nations for private industry to lobby for this power, sating their own goals as advertisers and the state's goals as authoritarians. This is an open conspiracy between every tech giant and every government to perpetually identify every action that every person ever makes online for the sakes of advertising, propagandizing, surveiling, persecuting, and imprisoning people.
It is not a coincidence that this is occurring in all western nations at the same time; these economies are incredibly large and active, and these governments have been under attack from the far-right for decades.
America needs another Zappa.
The right has figured out that they can keep queer kids (especially trans kids) in the closet if they don't let them learn what their "difference" actually is. It's "don't say gay" applied to the internet.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Cpt America in the Winter Soldier
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
If not, who has been paying to lobby for these age verification laws ?
That seems a question that we should have an answer to.
Forcing an age check upon linux install seems anti-competitive, and a violation of freedom of speech allowed by the Constitution.
Also impractical and ineffective, unless they plan on some sort of bio-metric confirmation of age.
Will they outlaw computation itself, or constrain a personal quota so that only corporations can access approved LLMs and certainly not run a local AGI ?
As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
Of course they would want this -- as long as the OS reports that the user is over 18 via such a system, then Meta is legally off the hook for any COPPA violations.
Not advocating for this policy but if a critical argument against it is that policymakers can expect an analogous amount of computer innovation migrating out of the US as it saw in the 80s, then I think policymakers won't care remotely. Quite literally I think the lower bound for the proportion of global computer innovation happening in the US is 70%.
This should be easy. Just in one of dialogs ask user to create a file 'me_age.txt' with age inside. No changes to OS at all. This will be the 'interface'. Any program can read the file. As far as I understand that's all California law requires (or will require).
Not sure about other versions. Strict verification would require binding to property software/services. Which is equivalent of reporting every user on every install.
I'm pretty sure most kids older than 12 do have access to kitchen knives. And actively use them too.
I generally agree with your point. But at the same time access to the internet resouces and to gun or a chaisaw is not the same.
I have no problem securing a few items if my home, but I have no control over whatever is available on the net.
Sure, I can write some firewall rules or create "kid's account" on a streaming platform, but I can do this for every single known service, chat, IM group etc.
In this case, it is the data from the website, not the electronic device itself, that is seen as the item being transacted and regulated by age gates, no? The attempts to actually regulate it do feed back into changes on the electronic device, but the real cause of concern (per the protect the kids argument, if that is the real reason is debatable) is a company providing data directly to a child that parents find objectionable. That transaction doesn't have a parent directly involved currently.
Controlling the device itself and saying free game if a parent has allowed them access is a bit like saying that if a parent has allowed a kid to get to the store, there should be no further restrictions on what they can buy, including any of the above three items.
Is this a thing?
My 10yo has used all three of those things. If there were some legislation requiring they be "secured" before my son could be in my presence, obviously I'd oppose it, along with every other reasonable parent.
That requires cooperation, but since most adult websites don’t want children to be visiting them, cooperation shouldn’t be hard to get. Governments can pass a law and businesses can set a config flag. For uncooperative websites, child-locked devices can check a blacklist.
Then it’s up to parents to make sure their kids only have child-locked devices and for stores to not sell unlocked devices to kids. It’s never going to perfect, but it doesn’t doesn’t have to be to change community norms.
We don't need another one, especially one that inverts the polarity by having the browser proactively send information to the site.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”. I think the OS is a better place than the website. (Let security conscious folks use a standalone device too if desired.)
The astroturfing stuff is obviously sus, I don’t have a feel for whether this is egregious by the standards of $T companies or just par.
Of course, the EU option of using proper ZK proofs etc sounds way better as portrayed in the OP. But when you actually dig in, doesn’t the EU effectively mandate OS support too, eg https://eudi.dev/1.7.1/architecture-and-reference-framework-..., https://github.com/eu-digital-identity-wallet/eudi-doc-archi... ? Maybe this isn’t set yet but it seems a likely direction at least.
Perhaps the "overwhelming" sentiment is paid actors? Or people whose jobs depend on not having that risk assigned to their employers?
We should also update all FOSS license terms to explicitly exclude Meta or any affilites from using any software licensed under them.
Heck, Linus Torvalds should just add an amendment to the next release of the Linux Kernel that makes it illegal to use in any jurisdiction that requires age verification laws.
This would obviously cause such a massive disruption (especially in California) that the age laws would have to be rolled back immediately.
This seems like a no-brainer to me but I am admittedly ignorant on this situation. I'm sure there's a good reason why this isn't happening if anyone cares to explain.
If this was somehow introduced without anyone noticing and deployed, imagine the damage it would cause.
If we're fantasizing here, I like to imagine two major OS makers trying to comply these laws, fail miserably, and let FOSS OSes and kernels more recognition in the desktop market.
Ideally, getting these servers to auto turn off the day this goes into effect ("In compliance with this new law, Linux is now temporarily unusable. Please <call to action>.") would be glorious for getting the bill staved off, or killed.
It would hurt some productivity, but that is a risk these lawmakers taking donations are probably willing to make.
What exactly do you think Linux is? I would say that Linux would be forked in like 2 seconds, a bunch of different companies would start offering "attested Linux," and all you'd have to do was change your repos and update.
I would say that, but what would really happen is that we'd find out that Canonical, Red Hat, and a bunch of other distributions had been talking to the government for a year behind closed doors and they're already ready to roll out attested Linux. Debian would argue about it for six months, and then do the same thing. Hell, systemd will require age attestation as a dependency. Devuan and any other stubborn distribution would face 9000 federal lawsuits, while having domain names blocked, and the Chinese hardware necessary to run them seized at the ports with the receivers locked up on terrorism charges.
I have no idea where the confidence of the IT tech comes from. You (we) are something between a mechanic and a highly-skilled janitor.
Update the terms to indicate that you can do what you want, but this OS is probably not compliant with states run by evil dipshits.
Arguably they would be more materially advantaged if they were forced to KYC/validate ages, not the platform; because sure, there's a cost to doing it, but presumably having hard data on who your customer actually is, with age and address and everything, is worth a lot more than the verification cost. And being able to say "We're legally required to gather this" gives a lot of PR cover (even though it'd be followed with "but we're giddy to do so and we will abuse this data and you every way we possibly can. No one at Meta believes you are human. We hate you as much as you hate us, but we're stuck in this together, endlessly loathing the supernatural force that keeps us working together.")
But, On the flip side: I also don't doubt that Meta is doing this, because the purpose of a system is what it does, and the leadership at Meta has done nothing in the past four years to demonstrate that they're capable of cogent thought and execution. We want to believe there's some evil plan, and maybe there is, but in all likelihood one day we'll learn that they're just... unintelligent.
These laws, that attempt to move "age verification" into the OS, 100% absolve Meta (and all the Meta owned "properties") from any legal liability so long as all of Meta's app's follow the law's required "ask the OS for the age signal of the user".
Any "bad stuff" which then gets shown to "underage users" then becomes "not Meta's fault, they followed the legally proscribed way to check the age of the user, and the OS said this user was 'old enough'" and Apple/Google then get to shoulder the liability (and pay out for the class action lawsuits) for failing to provide a proper age signal.
That's the "material advantage" gained by Meta by pushing these laws.
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a "grassroots" child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta's apps face zero new mandates.
Not saying I think it's a good idea to provide the year of birth to all sites, but (session ID, year of birth) is the only information they would need. The problem is proving who's behind the keyboard at the time of asking, which would require challenge-response, and is why I think this should be an online platform, not a hardware PKI gadget with keys inevitably tied to individuals.
It seems dead though...
Anthropic donated $20 million to Public First Action, a PAC that promotes Republican Senator Marsha Blackburn and her sponsored Kids Online Safety Act (KOSA), a bill that will force everyone to scan their faces and IDs to use the internet under the guise of saving the children.
The legislative angle taken by companies like Anthropic is that they will provide the censorship gatekeeping infrastructure to scan all user-generated content that gets posted online for "appropriateness", guaranteeing AI providers a constant firehose of novel content they can train on and get paid for the free training. AI companies will also get paid to train on videos of everyone's faces and IDs.
As for why Blackburn supports KOSA:
Asked what conservatives’ top priorities should be right now, Senator Blackburn answered, “protecting minor children from the transgender [sic] in this culture and that influence.” She then talked about how KOSA could address this problem, and named social media platforms as places “where children are being indoctrinated.”
If Anthropic, the PACs it supports and Blackburn get their way with KOSA, the end result will be that anything posted on the internet will be able to be traced back to you.
Every time I point it out, including with actual quotes from the research showing the problems with it, I get downvoted on HN.
This headline is becoming one of those “too good to fact check” clams because the people posting it know it will drive traffic.
Doing ID or this fake age verification with anything other than a physical secure element is a dumb regulation that going to create its own regulatory arbitrages and spawn very powerful and profitable black and grey markets. Poor laws create criminal economic opportunity, and digital id is just creating a massive one.
Between Meta being behind a digital id initiative under the pretext of alleged "age verification" and the Debian project leads pivoting to political objectives, it appears gen Z now has a cause to build tech against and fight for. These are dying organizations that cannot innovate and they've attracted a pestilence that is pivoting them to the easier problem of political maneuvering. as it's easier to militate for what nobody wants than to make something anyone actually wants.
The upside is that people get to be hackers again. Tools to cleanse our networks and systems of Meta and other surveillance companies and the influence of these compromised organizations are an OS install and a vibecoding weekend away.
What does this mean? Free software was always a politics of itself.
However this is the kind of investigation that Reddit is famous for, which ends up causing more harm than good, like the Boston bombing investigation.
Age verification, for example, is coming no matter what - there’s a big enough chunk of voters tired of tech globally.
Governments are also tired of dealing with tech and want to bring them to heel.
These macro forces are far more significant than the amounts identified on lobbying in this investigation (~$63 mn iirc)
Given the title, the reading of the article implies Meta is driving age verification.
The content of the investigation, reads more as meta taking advantage of the push for age verification to move it to the OS layers.
https://web.archive.org/web/20260313125244/https://old.reddi...
EDIT: why is it deleted now?
most platforms won't voluntarily adopt privacy-preserving verification when the surveillance version gives them more data. Regulation would need to mandate the privacy-preserving approach specifically, not just "verify age somehow.
Of course, when money becomes a significant portion of how the second one happens, things can get complicated.
The issue that should rather worry you is that people
- don't delete their Meta/Facebook/WhatsApp/Instagram/Threads/... account because of this proposal,
- don't strongly urge friends and colleagues to do the same.
And for a lawmaker who is considering retirement, "become a lobbyist" is often the most lucrative career option.
Now who are you imagining will pass effective laws against lobbying?
Presidential Candidate Mitt Romney
Power corrupts.
The research has a lot of these:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So the “research” isn’t some groundbreaking discoveries by a Redditor. It’s an afternoon worth of Claude Code slop where they couldn’t even take the time to get the real documents into the local workspace so Claude Code could access them. It’s now getting repeated by sites like Theo gadgetreview.com because the people posting to these sites aren’t reading the report either.
The reason is that europeans have nothing to win from those "winner-take-all" platforms the US has built in the past decades. Europe has built zero of them.
It contributes very little to Europe's GDP or the overall being of the european. And in some cases, it eats Europe's GDP, moving economic activity back to the US. This is different than for Americans which big tech is a net-positive contributor to society in my POV, mainly because how much economic activity $ it generates.
Big techs provide huge paychecks and made a lot of people rich in the US, and most of its GDP growth in the last decade. But it's a double-edged sword.
They will make laws in favor of them in detriment of the average American, while minting more billionaries than Europe could ever dream of.
Europe will take a long time to get the digital revolution the US already did, but it'll mostly come from regulations and government initiatives. And will be net-positive for humans living in Euope, not for owners of corporations.
I’d write my senator but they won’t do shit. Is there anything that can seriously be done?
Do you know how democracy works? There are these people called representatives. They are hired by you. They pass laws. They only get to continue having a job if people like you vote for them. When you tell them "I don't like the law you are passing", they are hearing "the people who hire me are angry with me". The more people that are angry at what they're doing, the more their job is at risk.
They do what the lobbyists say because somebody else is doing the work, and they get paid (by the lobbyist). But they won't have a job to get paid for if the voters don't vote for them again. So your entire defense against tyranny and bad laws is you speaking out. If you never talk to your reps (or vote), you're telling them you don't care what kind of government it is, and they really will do whatever they want.
You have to tell them how you feel, along with all the rest of us. That's the only power we have.
In addition to that, tell everyone you know. Your friends, family, coworkers, the dude running the local gas station. Explain to them why government-mandated surveillance of everything they do on a computer is a bad idea. Ask them to talk to their reps.
https://news.ycombinator.com/item?id=47361235
https://github.com/upper-up/meta-lobbying-and-other-findings...
The biggest shocker to me has been just how "cheap" a lot of people are to buy off. Mandelson is complaining about air miles FFS. So much of this is a few thousand here, some fancy tickets there, a jet ride elsewhere, etc. In my mind it was always much, much bigger sums that people were selling their countries & souls out for, sadly, it turns out a lot of people, even in really high positions, are shockingly cheap.
[1] https://en.wikipedia.org/wiki/Relationship_of_Peter_Mandelso...
Instead of just creating a course that explains how to child-proof a device, we have to surveil everyone.
No offline devices. Commercial vendors get your biometric data (and the equivalent of your driver's license / SSN). Every application on the OS can query your data.
If you think it stops with one bill, after they get all the infrastructure for this in place? You're fooling yourself. The whole point of this is to identify you, on every web page you visit, every app you open, on every device you own. Once bills are passed, it's very hard to get them revoked or nullified.
This is the most aggregious, authoritarian, Big Brother government surveillance system ever devised, and it's already law. I am fucking terrified.
(Yes, the EU has a less horrifying version of this. But Google, Apple, and Microsoft still control most of the devices in the world, and they are US companies.)
Because it's hopeless? It's been proven time and time again there's nothing the average person can do to fight this sort of thing.
It's just better to sit back and watch as everything gets ruined.
Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you're over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor's cloud. The EU's Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don't act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.
The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.
https://en.wikipedia.org/wiki/Qualified_website_authenticati...
When a company such as meta pursues mass-sniffing, is it still a company or is it just a spy-agency? Meta isn't even hiding this anymore. I am glad to finally understand why these "age verification" is pushed globally. Meta pays well.
Quis custodiet ipsos custodes?
0: https://www.yahoo.com/news/articles/reddit-user-uncovers-beh...
"You implemented a law that enables vibe-coding pedophiles to deploy apps that find all the children. Please resign."
I'm on a short phone break and this is the first I've heard about this. Commenting to ask if anyone can explain this. If not, it'll be a reminder for me to research later.
I'm not sure I'm on board with age verification, but I'm certainly opposed to all forms of identity linkage and tracking. Maybe this is a middle ground?
I'd still prefer if parents disciplined their own kids by limiting device access and controlling their peer groups instead of putting us all into a rats nest of surveillance.
Its like they want to keep being seen as the bad guys.
The patches on top of this are really bad. For instance, we are seeing "AI" biometric video detectors with a margin-of-error of 5-7 years (meaning the validation studies say when the AI says you're 23-25 you can be considered 18+), totally inadequate to do the job this new legislation demands.
one scary observation is that each year, less and less people care. at least, this is true among my students. plenty of them believe the 'protect the children' line and are more than willing to do whatever the government/big tech suggests. or they just shrug ("what difference would i make?").
for context, i teach at a college level, in tech. a few of my classes are from the cybersec program, one of the programs that should understand and care about the implications of bills like these, and even the majority of them do not care about this stuff anymore. they grew up with instagram and facebook and cameras everywhere. they grew up knowing that any little fuck up they have is recorded and posted online. they know that by the time they go to college, all of their data has already been leaked a few times. they never really had an expectation of privacy in the first place, so it just isnt a big deal.
as someone who interacts with this next generation of "hackers" on a daily basis... the concept of cypherpunk is gone. i got into this field because of my beliefs. they are going into this field because they want a chance at buying a house some day, and know that big tech has big bucks.
i am tired. and i recognize that this is exactly what they (lobbyists, meta, etc.) want! but i am tired and discouraged. more and more i find myself having to actively fight the urge to give up. i am not ready to give up just yet... but, i am sorry to say that as someone closer to retirement than i am comfortable admitting, i only have so much energy left.
Because social media already has the age info exactly?
I think an OS and a web platform with accounts are different product categories. Not even sure what an interpretation of the bill that would affect meta would be.
It is like in the novel 1984. But stupid. Probably more like minority report - but also stupid. All aided by Meta bribing lobbyists to do their bidding.
"Do such breaches make it trivial to lie to age and identity verification systems?"
"1B identity records exposed in ID verification data leak" https://news.ycombinator.com/item?id=47348440#
Microsoft has a trillion dollars in liability now because every historical OS is illegal, and every adult user of that historical OS (that you don't ask for their age) is a monetary fine.
$2500 fine for Microsoft for letting me continue use Windows 10 in Colorado, cause they never asked my age.
Also hilariously the law openly FORBIDS checking the user's identity to verify age. It says you MUST NOT collect any more information than is necessary to comply with the law. And complying with the law only requires that you ASK the user to TELL YOU their age, so my non-lawyer take is that if you do anything else like checking ID you can and probably will be prosecuted
$70 million is chump change for Meta, yet is far more money than I’ll ever have and does so much to influence state legislation.
It says apps must use the age signal as proof the user is a minor, and then behave according to all California laws regarding that. (I'm not a lawyer, but that's my read.)
So, does this apply to applications that run locally? What if an under 13 year old tries to read a text file with lots of swear words or ascii b00bs? Does emacs need to stop them? cat? xterm?
‘The “child safety” rhetoric masks a competitive strategy that shifts liability from platforms to operating system makers.’
https://www.robpanico.com/articles/display/presence-derived-...
(posting link because it would be too much for a comment)
I don't see it as coincidence that with all these laws passing, suddenly he announces a secure, "controlled", "locked down" version of systemd. Why, RedHat and Ubuntu can simply drop in this new variant, pay a small fee, and be done with compliance.
Psychology has a higher success rate...just tell them that their parents use it....
There are many systems where accuracy is loose and that is its core feature...for example postal addresses worldwide...I can a mistake in the address but the letter or package will still get there...
The very last people you should trust when it comes to "protecting the children."
And a serious question: with deepest respect to the author for their extraordinarily impressive time and effort in this investigation... Why was this not already flagged by political reporters or investigative journalists? I'm not American so maybe I don't understand the media structure over there but it feels like SOMEONE should have been all over this way before it's gotten to the point described in this post.
Corporations literally buy the laws they want and Silicon Valley is the newest lobbying monster. Genuinely terrifying.
Have at it Meta, you broke it you most certainly bought it!
I looked at the original analysis and it was fraught with language that leads to specific conclusions. It was most certainly LLM aided, if not generated.
I am not ascribing malice, but the author seems inexperienced with the repercussions of making assertions out of partial knowledge.
Also: Good grief, this article is also written via LLM! Human+machine comes up with theory that goes viral, and then Humans+machines amplify it? Is this the brilliant future we have to look forward to?
Clicking through to the "findings" shows that they didn't even try to feed proper data into Claude when the AI bot was blocked or couldn't access the documents. Some examples:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
So Claude then goes on to propose "Potential Role" that postulates connections might exist, but then caveats it by saying that no evidence was found:
> This negative finding is inconclusive due to inability to access Schedule I grant detail data in the actual 990 filings (PDF downloads returned 403 errors, and ProPublica's filing viewer loads data dynamically).
This is what happens when you try to lead an LLM toward a conclusion and it behaves as if your conclusion is true. Hacker News is usually quick to dismiss incomplete and lazy LLM content. I assume this is getting upvotes because it's easy to turn a blind eye to the obvious LLM problems when the output is agreeing with something you believe.
And it snowballs, the more favorable laws someone buys, the more favorable their position, and the more they can buy in the future. The transition from "democratic facade" to "outright oligarchy" will be swift and seamless.
Digital-ID (Aadhar) was heavily pushed by USAID and other US-deepstate associates; the same with digital-money and the "demonetization". Bill Gates's org actively tests out things on actual humans like guinea pigs, before globalizing the "solutions". These days all of this is kind of redundant since the phone-number + verification has become essentially a necessity to live in the city in any part of world today.
The prev. Govt. had considered doing this "login with your ID or no internet" scheme (to "protect" people no doubt) back in 2012s - there were explicit statements about disallowing people who would not authenticate with Aadhar, but it was shelved (likely because of their unpopularity).
If our current "Dear Leader" were to propose this, I think a significant population would opt-in simply because of a sense of belonging to a hero-worship-cult.
The state is determined to ensure that every human be their slave.
In history we had four media revolutions (printing press, radio, television, Internet), each greatly disrupting and reshaping society. This is the fifth (social media and maybe AI).
All these revolutions had the same theme: increased reach of information, increased speed of transmission, increased density (information amount per unit of time), and centralization of information sources. Now we seem to reach the limits of change. No more reach, since our information networks span the entire globe. No more speed, since transmission times are close to how fast we can perceive things. The only things left to change are even more centralization and tighter feedback loops (changing the information based on how the recipient reacts).
Given all that, this media revolution might be the last one, so there is a gold rush among the elites to come out on top.
These are the same governments that file criminal charges when you compare lying leader to Pinocchio (Germany). The UK records something like 30 arrests per day for social media posts. Just imagine how much better they could do, if you were not pseudo-anonymous in the Internet!
Why is this never relevant politically? Its the same with the Epstein files, terrible things happen and we just hand-wring. It seems like the US electorate, doesn't know, doesn't care or is otherwise distracted. I don't see how the US is ever going to get shit together if it accepts this sort of corruption.
> A Reddit researcher just exposed
>The technical reality hits harder than policy abstractions.
> Here’s where the lobbying gets surgical.
At least the author posted a link to the dataset in a comment so it survived:
https://github.com/upper-up/meta-lobbying-and-other-findings
I want to open my wallet. It should be the top comment.
That's when you know the new world has begun.
Zero-knowledge proofs are the way to go for this type of thing, I find it mind-boggling that the US lets itself be bamboozled into complete lack of privacy.
https://github.com/upper-up/meta-lobbying-and-other-findings
Why does Apple always get a free pass?