It may often times be trickier than that - content often mixed of course. My 10 y/o hit me with a request yesterday to play Among Us where the age verification system wanted my full name, address, email, AND the last 4 digits of my SSN. I refused.
If the content is mixed, it makes even more sense to have the content supply the age data. This is how it has worked with broadcast media pretty much forever. TV shows and movies gain their ratings based on the worst case on display. IE: a show doesn't have to consist entirely of swearing to gain a "language" warning, it just has to have some. Definitively mixed content.
I think your example exemplifies this. Among Us is not inherently adult-only, but since it's multiplayer, they don't control what other player say and do. Definitively mixed content. They should not be asking you to verify, they should be telling you and letting you decide if your kid can play.
I kinda can't beleive their lawyers decided to go that route and assume all the PII responsibility that comes with collecting that data, instead of just making the "it's online and there might be d-bags on our servers" rating much more obvious and explicit.
They can profit off of the personal data they collect, so it's no surprise they'd take any opportunity and use any available excuse to collect more of it. From their perspective there is effectively zero responsibility to secure that data properly and handle it safely because there are effectively zero consequences for companies when they fail to.
There's a good chance that they're never going to verify any of the information you give them, in which case it's another download for Mr M Mouse of 1375 E Buena Vista Dr, 32830, with a SSN that ends in 1234.
I made the mistake of providing my date of birth as being 1/1/1900 on multiple websites, and have been receiving marketing material from the AARP in the mail for many years.
My "birthdate" is the same as yours. It was fine when I started using it in the late 90s, but has become increasingly awkward over the past few years - lots of sites seem to assume a maximum age of 120.
If I ever turn uBO off, the ads I get are mostly for funeral plans or incontinence products, with a smattering of "126 year old mom lost 30 lbs of belly fat - click to see how!" (yeah, decomposition's a bitch...)
> If I ever turn uBO off, the ads I get are mostly for funeral plans or incontinence products, with a smattering of "126 year old mom lost 30 lbs of belly fat - click to see how!" (yeah, decomposition's a bitch...)
And, for the record, it's way better to get ads for BS like that than stuff that may actually influence you.
That's not a mistake. You'd be getting spam marketing anyway, why not make sure it's something obvious? I always pick the oldest possible age when asked, just to mess with their data, because they shouldn't fucking care.
Don't limit, notify.
Has worked for TV (and movies to an extent, though theaters do limit somewhat, must have been some litigation around that...) pretty much forever.
I disagree. Giving fake info adds noise to the mechanism, makes it useless. Ultimately I'm inclined to believe that privacy through noise generation is a solution.
If I ever find some idle time, I'd like to make an agent that surfs the web under my identity and several fake ones, but randomly according to several fake personality traits I program. Then, after some testing and analysis of the generated patterns of crawl, release it as freeware to allow anyone to participate in the obfuscation of individuals' behaviors.
> You might want to take a look at differential privacy
Differential privacy is just a bait to make surveillance more socially acceptable and to have arguments to silence critics ("no need to worry about the dangers - we have differential privacy"). :-(
It may often times be trickier than that - content often mixed of course. My 10 y/o hit me with a request yesterday to play Among Us where the age verification system wanted my full name, address, email, AND the last 4 digits of my SSN. I refused.
The bad actor still gets ROI, eg 'paid', for another bit of user data.
Making the overall system less useful is good. However, not allowing a company to profit, and giving fake info still allows for that, is paramount. EG, even with fake info, many metrics on a phone are still gamed and profitable.
That's why they're collected, after all. For profit.
> I disagree. Giving fake info adds noise to the mechanism, makes it useless.
There's no such thing as useless info. Companies will sell it, buy it, and act on it regardless of how true it is. Nobody cares if the data is accurate. Nobody is checking to see if it is. Filling your dossier with false information about yourself won't stop companies from using that data. It can still cost you a job. It can still be used as justification to increase what companies charge you. It can still influence which policies they apply to you or what services they offer/deny you. It can still get you arrested or investigated by police. It can still get you targeted by scammers or extremists.
Any and all of the data you give them will eventually be used against you somehow, no matter how false or misleading it is. Stuffing your dossier with more data does nothing but hand them more ammo to hit you with.
I would assume its fake and an attempt at identify theft at some level of the system. Is their PC infected at the OS level or just a fraudulent browser extension or something more like a popup ad masquerading as a system dialogue? A less trusting person would assume any request made by a computer is totally non-fraudulent and would gladly submit any requested private information.
"Dad, I can't do my math homework, a pop up says you need to provide a copy of your bank statement, your mom's maiden name, and a copy of your birth certificate, SS card, and drivers license, and can you hurry up Dad, my homework is due tomorrow morning." And people will fall for this once they get used to the system being absurd enough.
Awesome. Now you have a system where every blog entry, every Facebook post needs a lawyer consultation.
Around 20 years ago, Germany actually made a law that would have enforced such a system. I still have a chart in my blog that explained it, https://www.onli-blogging.de/1026/JMStV-kurz-erklaert.html. Content for people over 16 would have to be marked accordingly or be put offline before 22:00, plus, if your site has a commercial character - which according to german courts is every single one in existence - you would need to hire a someone responsible for protecting teenagers and children (Jugenschutzbeauftragten).
Result: It was seen as a big censor machine and I saw many sites and blogs shut down. You maybe can make that law partly responsible for how far behind german internet enterprises still are. Only a particular kind of bureaucrat wants to make business in an environment that makes laws such as this.
Later the law wasn't actually followed. Only state media still has a system that blocks films for adults (=basically every action movie) from being accessed without age verification if not past 22:00.
> Now you have a system where every blog entry, every Facebook post needs a lawyer consultation.
You have that with any form of any of these things. They're almost certainly going to be set up so that you get in trouble for claiming that adult content isn't but not for having non-adult content behind the adult content tag.
Then you would be able to avoid legal questions by labeling your whole site as adult content, with the obvious drawback that then your whole site is labeled as adult content even though most of it isn't.
But using ID requirements instead doesn't get you out of that. You'd still need to either identify which content requires someone to provide an ID before they can view it, or ID everyone.
That's an argument for not doing any of these things, but not an argument for having ID requirements instead of content tags.
Funnily enough, marking content that's harmless as only for adults was also punishable, though that might have been in context of a different law. That would be censorship, blocking people under 18 from accessing legal content, was the reasoning. Welcome to German bureaucracy.
But you are right. It's an argument that the "just mark content accordingly" is also not a better solution, not that ID requirements are in any way better. The only solution is not to enable this censorship infrastructure, because no matter which way it's done, it will always function as one.
> Funnily enough, marking content that's harmless as only for adults was also punishable, though that might have been in context of a different law. That would be censorship, blocking people under 18 from accessing legal content, was the reasoning. Welcome to German bureaucracy.
That's how you get the thing where instead of using different equipment to process the food with and without sesame seeds, they just put sesame seeds in everything on purpose so they can accurately label them as containing sesame seeds.
I understand they can't say "contains sesame seeds" if it doesn't, but why can't they say "processed on equipment that also processes sesame seeds" like some packages do?
> plus, if your site has a commercial character - which according to german courts is every single one in existence - you would need to hire a someone responsible for protecting teenagers and children (Jugenschutzbeauftragten).
> Awesome. Now you have a system where every blog entry, every Facebook post needs a lawyer consultation.
The alternative is that "just to be safe" you'll mark your entire site as needing age (identity, stool sample, whatever) verification. A single piece of sensitive content sets the requirements for the entire site.
It feels to me that parental controls are seen as another profit centre. If we want to put laws in place, we should be putting in laws to empower parents.
I've been given a Winblows machine in the past. My boss thought he was doing me a favor because it was a powerful machine... Sorry... all I need is ssh...
Yes...? Didn't stop me before. Unless it's some locked down, domain-joined e-waste like I have now. Public sector IT policy literally prevents me from doing certain tasks at my job, and makes others take four times as long. Not even my email works properly.
Last job was a lot of SSH and webshit like Jira, Confluence, Odoo and Google apps. They didn't care if you used Amiga OS as long as your work got done.
Because our IT dept. is both incompetent and paranoid, which is an annoying combination. I keep my own X1 Carbon with Fedora in my backpack, because it's easier than arguing with them.
Sure, life is all about risk - no doubt about that. But I guess I'm not tooling down the highway in a DIY contraption I built in my spare time with little regard for safety from plans I found on an Internet forum and parts bought from Ali Express.
Not to say that _you_ shouldn't do this ... just be careful out there!
It took exactly 24 hours, to the minute, from the time I received the "we're generating an export" file until I got the download link, so guessing they're either batching it or deliberately sending after 24 hours because it adds friction to the account deletion process.
We somehow lost the war of freedom of privacy ... or, maybe the battle still rages
reply