Why Canada should avoid Australia’s teen social media ban: A call for better solutions | News - Concordia University
www.concordia.ca

As of Wednesday, all youth under 16 in Australia will be banned from major social media platforms like TikTok, Instagram, Snapchat, YouTube, Reddit, Twitch, and X. For over a decade, whistleblowers, politicians, academics, and experts around the world have sounded the alarm about the online harms people of all ages are exposed to.

The ban does nothing to prepare teens to respond to digital harms. It makes no investments in education, community training, or parental support. Youth will not be magically prepared to address problematic online behaviours or content when they turn 16.

The time and resources spent on the ban could be better spent on things like providing education and support for digital citizenship, media literacy, privacy rights or resource centres.

If social media is problematic for a 13, 14 or 15 year old, it’s still likely to be problematic for a 16, 25, or 80 year old. There is no body of research that establishes 16 as a “safe threshold” for social media use and the age for healthy use can vary across genders.

Under the current model, companies will not be inclined to improve their reporting systems for harmful content. In fact, in response to the ban, YouTube is actually removing a feature that would allow teens to report content they find inappropriate.

Youth under 16 who find ways to use these platforms, despite the bans, will be unlikely to come forward and ask for help if things go wrong. After all, they weren’t supposed to be online in the first place.

The answer to mitigating online harms is not kicking teens offline.

Social media companies also need to be accountable to the ways the platforms are designed and run. These platforms are designed in ways that push certain content and elicit particular engagements.

  • kbal@fedia.io
    51·
    4 days ago

    zero-knowledge proofs, which don’t expose any information to any party other than “I’m at least x years old”

    Not quite. The well-known zkp for age verification used in the obvious way reveals only: 1. “I’m at least x years old” and 2. “my name is y.” The name can be some other unique assigned identifier, but the point is that whatever is used it needs to uniquely identify you.

    There is no way to tell how old people are across the Internet without relying on unprecedented and shocking intrusions into our privacy.

    • Avid Amoeba@lemmy.ca
      3·
      4 days ago

      I read about a cross-signing scheme where diff gov’t agencies can cryptographically sign an ID that allows only partial information to be shared with any one service provider. It was done by some institutions in the nordics.

      With that said, our government is already trusted with our personal ID information. Nothing stops us from creating public service which can be queried for age, which would only provide an answer after the explicit approval by the person through another channel (e.g. email to sign into gov’t portal and approve the age query request). Then require service providers to use it. In fact Equifax already offers such a service without our consent but it costs money to query.

      • MalReynolds@piefed.socialEnglish
        2·
        4 days ago

        Precisely where Australia and England failed, cheaper to dump the responsibility on the Socials. Fox guards henhouse.

    • jaselle@lemmy.ca
      2·
      4 days ago

      I’m not convinced that ZKP requires an identification number or any such deanonymizing data. If there is a ZKP protocol that implements this that is just one possible implementation.

      • kbal@fedia.io
        3·
        4 days ago

        How would you get by without one? If I produce a proof right now that I’m at least 32 years old, how else do you know it’s a proof for anyone in particular and I didn’t get it from my older brother or some random website that sells them?

        • jaselle@lemmy.ca
          2·
          4 days ago

          Well, that same problem exists with many of the proposed verification models, like credit cards (how can you verify this is my credit card?) , photo ID, etc.

          Here’s my proposal: your browser can send a request to a verification body (could be the government directly, let’s say) to respond to the challenge from the website you’re accessing, without sending information about which website is asking for the challenge. The verifier sends a cryptographically-signed approval back. The browser forwards this to the website. To prevent comparisons of timing as a deanonymization method, the browser can wait a random period of time before forwarding the request both ways.

          • kbal@fedia.io
            1·
            4 days ago

            Every time I’ve looked at the details of elaborate schemes resembling the one you imagine, I’m always left with a lot of doubts that they’re secure or practical. Every time I’ve looked at the systems that have actually been implemented in reality, I have no doubt that they suck.

            • kahnclusions@lemmy.ca
              1·
              3 days ago

              I don’t feel it’s elaborate at all. I like these solutions because they are actually quite simple. It’s just signing and verifying requests using asymmetric key cryptography, techniques which are known to be robust and secure. The government never knows which web services you are verifying for, and the web services never know your identity or any more information than they need to. They don’t even learn your precise age, just that you’re over 16/18/21 whatever.

              • kbal@fedia.io
                11·
                3 days ago

                You are suggesting that a system which does not yet exist will be perfectly safe and secure. None of the ones for which I have seen actual design documents are anything like as safe as you imagine.

            • jaselle@lemmy.ca
              1·
              4 days ago

              That’s valid. My preference is for device-side child locks. For instance, a header that says, “I am a child.” There is much to improve there still. But failing that, if the winds of politics dictate we must have verification – why not ZKP?

        • MalReynolds@piefed.socialEnglish
          1·
          4 days ago

          The authorizor, who provides the ZKP to the client, knows, not he client. This should probably be the licensing / ID provider in your country (because if they’re hacked everyone is screwed anyway, no additional risk) and already have your details, if not you’re likely young or a fairly extreme edge case. Facebook et.al. get bupkiss except older than X. Note in this model ZKP is a nice to have.

          • kbal@fedia.io
            2·
            4 days ago

            What do you mean, “no additional risk”? It’s a pretty big additional risk, creating a huge central database of everyone’s ID that will be frequently interacted with through a new interface that’s available to every sketchy website in the world. Even if it isn’t compromised it can collect data about how often your name gets looked up, and it isn’t easy to make a system where there isn’t the additional risk of more personal data being collected if the central authority colludes with Facebook. You’d really need to look carefully at the details to evaluate the risks of such a system, which they have not done at all in Australia.

            • kahnclusions@lemmy.ca
              1·
              3 days ago

              Such databases already exist in the government, in order to provide services to everyone like healthcare, pension, elections, etc…