To limit access to addictive feeds, this act will require social media companies to use commercially reasonable methods to determine user age. Regulations by the attorney general will provide guidance, but this flexible standard will be based on the totality of the circumstances, including the size, financial resources, and technical capabilities of a given social media company, and the costs and effectiveness of available age determination techniques for users of a given social media platform. For example, if a social media company is technically and financially capable of effectively determining the age of a user based on its existing data concerning that user, it may be commercially reasonable to present that as an age determination option to users. Although the legislature considered a statutory mandate for companies to respect automated browser or device signals whereby users can inform a covered operator that they are a covered minor, we determined that the attorney general would already have discretion to promulgate such a mandate through its rulemaking authority related to commercially reasonable and technologically feasible age determination methods. The legislature believes that such a mandate can be more effectively considered and tailored through that rulemaking process. Existing New York antidiscrimination laws and the attorney general's regulations will require, regardless, that social media companies provide a range of age verification methods all New Yorkers can use, and will not use age assurance methods that rely solely on biometrics or require government identification that many New Yorkers do not possess.
In other words: sites will have to figure it out and make sure that it's both effective and non-discriminatory, and the safe option would be for sites to treat everyone like children until proven otherwise.
No, no, no, it's super secure you see, they have this in the law too:
Information collected for the purpose of determining a covered user's age under paragraph (a) of subdivision one of this section shall not be used for any purpose other than age determination and shall be deleted immediately after an attempt to determine a covered user's age, except where necessary for compliance with any applicable provisions of New York state or federal law or regulation.
For scenario one, they totally need to delete the data used for age verification after they collect it according to the law (unless another law says they have to keep it) and you can trust every company to follow the law.
For scenario two, that's where the age verification requirements of the law come in.
I do get the argument though that if no improvement will ever be good enough for some people, then what incentive do they have to change for the better if it won't make a difference to those people either way?
Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA....
By observing that when someone visits site X, it loads resources A, B, C, etc in a specific order with specific sizes, then with enough distinguishable resources loaded like that someone would be able to determine that you're loading that site, even if it's loaded inside a VPN connection. Think about when you load Lemmy.world, it loads the main page, then specific images and style sheets that may be recognizable sizes and are generally loaded in a particular order as they're encountered in the main page, scripts, and things included in scripts. With enough data, instead of writing static rules to say x of size n was loaded, y of size m was loaded, etc, it can instead be used with an AI model trained on what connections to specific sites typically look like. They could even generate their own data for sites in both normal traffic and the VPN encrypted forms and correlate them together to better train their model for what it might look like when a site is accessed over a VPN. Overall, AI allows them to simplify and automate the identification process when given enough samples.
Mullvad is working on enabling their VPN apps to: 1. pad the data to a single size so that the different resources are less identifiable and 2. send random data in the background so that there is more noise that has to be filtered out when matching patterns. I'm not sure about 3 to be honest.
I think it was more targeting the client ISP side, than the VPN provider side. So something like having your ISP monitor your connection (voluntarily or forced to with a warrant/law) and report if your connection activity matches that of someone accessing a certain site that your local government might not like for example. In that scenario they would be able to isolate it to at least individual customer accounts of an ISP, which usually know who you are or where to find you in order to provide service. I may be misunderstanding it though.
Edit: On second reading, it looks like they might just be able to buy that info directly from monitoring companies and get much of what they need to do correlation at various points along a VPN-protected connection's route. The Mullvad post has links to Vice articles describing the data that is being purchased by governments.
The trust in the unknown systems of the VPN provider may still be better than the known practices of your local ISP/government though. You shouldn't necessarily rely on it too heavily but it's good to have the option.
Internet Archive's other projects like the Wayback Machine may be good but how they handled their digital lending of books during the pandemic was not. They removed the limit on the number of people that can borrow a book at a time, thus taking away any resemblance to traditional physical lending. You can argue that copyright laws are bad and should be changed (and I'd agree) but that doesn't change the facts of what happened under the current law.
To do that they need to make sure they have adequate funding and make sure they don't incur some huge financial liabilities somehow. The Internet Archive failed at that last part when they decided to lend out ebooks that are under copyright without many limits (and potentially with their Great 78 Project regarding music as well).
Laws can very well be wrong, in a moral sense, and quite a few of them still in existence today are, but trying to argue that in court is usually a bad idea.
The Internet Archive refused to follow industry standards for ebook licensing, because they aren’t a library.
It's worse than that. They did use "Controlled Digital Lending" to limit the number of people who can access a book at one time to something resembling the number of physical books that they had. And then they turned that restriction off because of the pandemic. There is no pandemic exception to copyright laws, even if that would make sense from a public health perspective to prevent people from having unnecessary contact at libraries. They screwed themselves and I can only hope that the Wayback Machine archives get a home somewhere else if they do go under.
For me it's not boot licking but recognizing that IA made a huge unforced error that may cost us all not just that digital lending program but stuff like the Wayback Machine and all the other good projects the IA runs.
New York bans “addictive feeds” for teens ( www.theverge.com )
Microsoft is reworking Recall after researchers point out its security problems ( arstechnica.com )
the company says that Recall will be opt-in by default, so users will need to decide to turn it on
Open source ebook reader recommendations?
Currently I'm using Google Play books and there are few things I'm used to and can't live without:...
Google must face £13bn advertising lawsuit - UK court ( www.bbc.com )
From the article:...
Big Tech to EU: "Drop Dead" ( www.eff.org )
How Airbnb accidentally screwed the US housing market and made $100 billion ( www.arktrek.shop )
Mullvad VPN: Introducing Defense against AI-guided Traffic Analysis (DAITA) ( mullvad.net )
Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA....
Novel attack against virtually all VPN apps neuters their entire purpose ( arstechnica.com )
The Internet Archive's last-ditch effort to save itself ( lunduke.locals.com )