Irish State announce plan to build a porn preference register for most of the EU

The topic of ID verification for porn sites has gotten a lot of commentary on HN recently, e.g. North Carolina&#x27;s law requiring ID recently went into effect.<p>Slightly sidestepping the issue of needing an ID for porn in the first place, though, I wanted to comment on the extreme shortsightedness of any sort of ID verification laws (most specifically, financial KYC laws) that <i>require</i> that each individual company verify <i>and store</i> your identity documents themselves. This is quite simply a data breach hackers dream. For example, when Stripe released their Identity product, which captures ID images and selfies, people were at first surprised that the businesses needing ID verification had full access to the ID images (after all, this is contrary to their credit card processing services where businesses never can get access to full credit card numbers, which is great as it keeps those businesses out of the most arduous requirements of PCI rules). But Stripe explained they <i>had</i> to give every end-business access to all the full image data for regulatory compliance reasons.<p>It would make much more sense to rewrite the regulations so that 99% of companies would never need to store identity verification info themselves, but could just delegate that to an approved provider who has much more stringent security checks (or better yet, allow people to cryptographically sign info to prove their identity without giving up their whole passport image, but that&#x27;s a ways off). I&#x27;m not saying this would solve all issues (big companies get hacked, after all), but I hope by now we&#x27;ve put to bed the idea that companies, generally, can secure their data against determined hackers.

&gt; This is the national internet regulator proposing that it would require that everyone, adult and children alike, would upload their state ID and live selfies, to porn sites to have biometric processing of their facial images performed. Resulting, amongst other things, in an effective register of porn preferences for adults and a collection of selfies of children kept by the porn sites for six years (required to prove they have complied with the regulation, you see).<p>I&#x27;m sure this data would never fall into the wrong hands or be misused :-)

The Irish state has a serious problem with using peoples data and it often uses it maliciously. The Irish Data Protection Commissioner is widely regarded as a joke.<p>Examples include knowingly illegal phone record collection and use in dubious murder cases [0], using medical and school records to pressure parents of disabled children to settle court cases against the state when most vulnerable (and lying about it until caught) and secretly recording all calls to police stations including non-emergency numbers likely to catch whistleblowers [2].<p>That doesn&#x27;t include all the private sector scandals, like data breaches that went uninvestigated and unpunished.<p>[0] <a href="https:&#x2F;&#x2F;www.theguardian.com&#x2F;law&#x2F;2022&#x2F;apr&#x2F;05&#x2F;mobile-phone-data-retention-in-graham-dwyer-case-broke-eu-law" rel="nofollow">https:&#x2F;&#x2F;www.theguardian.com&#x2F;law&#x2F;2022&#x2F;apr&#x2F;05&#x2F;mobile-phone-dat...</a><p>[1] <a href="https:&#x2F;&#x2F;www.irishtimes.com&#x2F;news&#x2F;ireland&#x2F;irish-news&#x2F;dossiers-on-children-with-autism-led-to-crisis-of-trust-charity-chief-1.4527362" rel="nofollow">https:&#x2F;&#x2F;www.irishtimes.com&#x2F;news&#x2F;ireland&#x2F;irish-news&#x2F;dossiers-...</a><p>[2] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Garda_phone_recordings_scandal" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Garda_phone_recordings_scandal</a>

Regulating porn is just stupid. It&#x27;s never going to work and I don&#x27;t get its objectives. Porn probably has a negative effect on children, but much less than something like TikTok. I could at least see the sense in banning children from the entire internet or limiting their access in some way (preferable implemented by ISPs rather than individual websites), but trying to specifically stop them from seeing naked people is pointless. Parents can easily control which parts of the internet their kids have access to, and much more effectively than the state can with the added bonus that it doesn&#x27;t affect people without kids.

I actually think the .xxx TLD plan from a few years ago was about the best version of this legislation that could exist - essentially adult content would be limited to a certain subset of blockable TLDs. If a site is showing adult content and <i>not</i> on an adult TLD, it risks a state-level block until it&#x27;s compliant.<p>This seems much easier to police, gives 80% of what the legislators are trying to achieve, and doesn&#x27;t require entrusting KYC to a bunch of dodgy websites.<p>Sure, it won&#x27;t block VPNs and there would be problems at the start while things migrate, but if realistically your goal is to keep kids off adult websites then it&#x27;s at least more reasonable than this proposal to entrust the parents&#x2F;guardians with some amount of responsibility to make sure the safeguards can&#x27;t be circumvented on their kids&#x27; devices.

IMHO, this is a misleading headline: They are not building a “porn preference register”, they just going full-dystopian nightmare collecting live biometric data that could be used to _infer_ your porn preferences.<p>We don’t need stupid headlines to make this idea sound dumber, and kinda distracts from the real issue of biometric verification for websites being a stupid idea.

Limiting porn exposure for children and early teenagers is probably a good thing, but this is the wrong way to do it, and a weak justification to create a blackmail registry.

Highly misleading title. Although I disagree with the plan either way, the state is not building a &#x27;porn preference register.&#x27; This concept is introduced in this particular article, but there technically are ways to store user preferences separate from their PII.<p>The linked article from Irish Examiner has a more accurate title:<p>&gt; Porn sites may require passport details in order to stop children from using them

Upload biometric data to porn sites? That seems like a phishers dream come true.<p>Even if the big sites farm this out to third parties, unscrupulous imitators could harvest personal info on an enormous scale for sale on the dark web.

Bearing in mind that it is practically impossible to both operate a publicly accessible website and avoid getting hacked if someone wants you bad enough, who gets sued when this incredibly sensitive PII is inevitably stolen? Websites who didn&#x27;t want to store it in the first place, but were legally required to do so, or the government who required them to? I&#x27;m not an Irish lawyer, but I have a guess.

Misrepresentation of the actual intent of the Irish government, but as result they will end up creating what title says.

This is false, they&#x27;re not building a &quot;porn preference register&quot;, they&#x27;re requiring age verification for pornographic websites.<p>Submitting one&#x27;s identity documents to access such websites is of course very easily avoided, by simply choosing not to consume pornographic materials online.

Pro tip for Gov&#x27;t bureaucrats: if the news stories about your initiative begin with &quot;this is not a joke&quot; -- you may want to rethink things.

Web pages are all about tags with data and metadata. It shouldn&#x27;t be hard to add metadata about content type. I never quite understood why labeling initiatives never gained traction:<p>* <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Platform_for_Internet_Content_Selection" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Platform_for_Internet_Content_...</a><p>* <a href="https:&#x2F;&#x2F;www.w3.org&#x2F;PICS&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.w3.org&#x2F;PICS&#x2F;</a><p>* <a href="https:&#x2F;&#x2F;www.w3.org&#x2F;2007&#x2F;powder&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.w3.org&#x2F;2007&#x2F;powder&#x2F;</a><p>Throw some &lt;meta&gt; tags in and browsers can parse: then have a password-protected &quot;filter controls&quot; area in settings (and perhaps a GPO for corporate environments).<p>I would think that the porn companies throwing some money at web browser developer resources to implement this wouldn&#x27;t be a bad idea. Every time this idea comes up (again) they can point to it and say &quot;<i>we did our part, now it&#x27;s up to the parents</i>&quot; (or whatever).

When the government starts requiring ids to vote or immigrate or stops companies from fraudulently controlling the narrative, eg Facebook, then I’ll take them seriously. If a person is underage on a porn site that’s on the parents not the provider company. The internet needs to be freed from further government restrictions.

For the commenters taking the question of efficient ID solutions seriously, you&#x27;re missing the point. Simply put, this is an anti-porn bill. The legislatures are fully aware of the ridiculousness of the requirements--that&#x27;s the point. No one in their right mind is sending passports and videos of themselves to the shadiest corners of the internet. An outright ban would be difficult to achieve, a set of requirements to protect children from offensive material is much easier.

Direct link to document - <a href="https:&#x2F;&#x2F;www.cnam.ie&#x2F;wp-content&#x2F;uploads&#x2F;2023&#x2F;12&#x2F;Draft_Online_Safety_Code_Consultation_Document_Final.pdf" rel="nofollow">https:&#x2F;&#x2F;www.cnam.ie&#x2F;wp-content&#x2F;uploads&#x2F;2023&#x2F;12&#x2F;Draft_Online_...</a>

Digital age IDs should be equipped with a way to perform a zero-knowledge proof that the bearer is indeed 18 without betraying their identity. Perhaps a full-fledged blockchain is a bit much but a decentralized way to perform basic verification tasks like this makes sense.

Please note: Ireland<p><pre><code> This is the national internet regulator proposing that it would require that everyone, adult and children alike, would upload their state ID and live selfies, to porn sites to have biometric processing of their facial images performed. Resulting, amongst other things, in an effective register of porn preferences for adults and a collection of selfies of children kept by the porn sites for six years[0] </code></pre> So, all these PII data and sensitive data points[1] would be hosted on American-owned datacentres, which Ireland is densely populated with?<p>Anyone see something slightly worrying here? Anyone? Just asking rhetorically.<p>[0] TFA<p>[1] Not only porn sites, but <i>any site which allows you to post a video</i> (TFA)

The tech savvy will just use VPNs to get around geo-politics such as this, at least a VPN should work in theory to get around verification measures by the Irish State. This advice has been echoed countless times when this issue crops up.<p>One concern is that there are tech-illiterate people who fall victim of such an ID system and don&#x27;t use a VPN to bypass it. I don&#x27;t have numbers&#x2F;stats, but I imagine a good chunk won&#x27;t be using VPNs.<p>There is also another concern I have; that this verification database could be breached and people&#x27;s &#x27;preferences&#x27; are exposed. The only way to avoid such a breach is to not collect such data in the first place.

This is fucking crazy! Keep the government out of the internet.

So I’m a kid who uses my dad&#x2F;mom&#x2F;uncle&#x2F;neighbor’s ID to watch porn then. Totally useless. At best this will just charge people up to create a new set of internet protocols. Then all the adults will be stuck regulating the old net, while porn industry and kids will use the new net.

What if you don&#x27;t have a passport?

Wasn&#x27;t there a tool&#x2F;bot to confuse search engines by submitting a bunch of random terms?<p>Time for a rewrite.

How far can you take this? Porn is on Facebook, Reddit, and Youtube. Will you need to verify your ID for social media as well? That&#x27;s not even getting into Stable Diffusion and other tools that could be used to create your own porn on demand.

Just ban minors from using smartphones. Works even better for their growth than trying to block them from seeing porn. And it&#x27;s a very simple law to write, no need for useless bureaucrats to make money (but maybe that&#x27;s the problem).

Wow I thought Ireland was changing now, they even voted for gay marriage. But the Catholicism still reigns strong there :(<p>A few years ago a hospital even let a woman with a miscarriage die because they didn&#x27;t want to intervene.

How does Ireland define porn for the purpose of age restriction? Is it a &quot;I know it when I see it&quot; standard or something concrete enough that content creators can go right up to the line?

Having grown up in a time where porn was illegal for minors but trivially obtained by anyone who cared in VHS, I honestly don&#x27;t understand why anyone thinks this scheme would be useful for anything.

Why would minors be required to take part in this? To access age-restricted material suitable to them (not 18+ but maybe 13+), or would this registration be mandatory for everyone?

Relevant<p><a href="https:&#x2F;&#x2F;m.youtube.com&#x2F;watch?v=fUspLVStPbk" rel="nofollow">https:&#x2F;&#x2F;m.youtube.com&#x2F;watch?v=fUspLVStPbk</a>

&gt; The Irish State announced [..]<p>It&#x27;s interesting how quickly the EU went from a Trade Union to a Government consisting of states.

There is no reasoning with these people. What, if any, are the alternatives to a war against totalitarian entryists?

The far right is going hard against porn in multiple countries right now. I don’t agree but I get where they’re coming from.<p>However, I don’t get going after porn before going after casinos. Casinos ruin lives and wreck economies far worse than porn could ever hope to. Going after porn before casinos feels like going after kitchen knives before AR-15s.

This will predictably lead to coomers putting on their pirate hats en masse.

So who&#x27;s behind these porn laws that are popping all over the place?

&gt; and a collection of selfies of children kept by the porn sites<p>I hope this journalist never has to do any actual critical thinking. It goes without saying that obviously children wouldn&#x27;t upload selfies if they&#x27;re under 18 and that&#x27;s the purpose of KYC.

Do I need to walk around with a yellow star or pink triangle?

What&#x27;s Minecraft and how do you tame a horse in it?

&gt; But wait! That&#x27;s not all! The CnaM Executive Chairman wanted to talk about porn sites because that&#x27;s the least popular class of entities covered by this regulation. But the age-verification requirement actually can cover any video-sharing platform under the jurisdiction of the Irish State (link to the designation notice under section 139E and section 139G of the Broadcasting 2009 Act). That&#x27;s a list that includes Facebook, WhatsApp, XTwitter and YouTube, just to pick four household names (because of Section 5 of the Online Safety and Media Regulation Act 2022). It might also mean homegrown platforms such as Mastodon.ie, the most prominent Irish part of the Fediverse, who also allow videos to be shared.<p>...<p>&gt; Also, these restrictions won&#x27;t just limit and record access to porn sites. They can be applied to any sites which contains material the Commission decides may be legal, but on the other hand, oughtn&#x27;t be seen by children. In other countries, this has been the kind of legal provision which has seen libraries restricting access to books involving LGBTQ+ themes, racial justice themes and anything else you could imagine the Burke family objecting to.<p>Protecting children is the emotional wedge for introducing age verification requirements. Video sites are the wedge into all internet sites. The legislators&#x27; emphasis on porn is a wedge into any speech (including otherwise legal speech) the government claims is harmful for children. That government-mandated age verification would protect children is an assumption, full of uncertainty of the beneficial first-order effects and full of ignorance (willful blindness?) of the obvious detrimental second-order effects. Mandatory age verification requires mandatory data collection, and strangers are going to read that data: some first-party websites will be forced to collect more information than they currently do; third-party websites involved in the collection and verification processes will collect data as well; and the government will get information about the citizens&#x27; internet habits from websites. Adults will lose their privacy because people who have no business knowing their internet habits will know them.<p>Children will lose their privacy, and more. They will grow up learning that it&#x27;s normal to give their personal information (including but not limited to relatively immutable biological details such as faceprints) to strangers. They will grow up learning that it&#x27;s normal for the government to know every website a person visits online. The offline analogue is for the government to know every building a person visits offline. No matter how noble the current government&#x27;s current intentions may be, a stranger has by default no right to know that much about a person&#x27;s life.<p>Movie theatres can show childrens&#x27; films and adult films. The movie theatre doesn&#x27;t have to store anything about age other than &quot;minor&quot; and &quot;adult&quot;. Libraries and bookstores can contain childrens&#x27; books and adult books. Malls contain stores for many audiences. Clothing stores have sections for children&#x27;s clothes, modest adult clothes, and risque adult clothes. You know what the normal way for a child to visit many such buildings is? A caretaker (maybe a parent, but not every child has a parent) brings the child and supervises. On the other side of the equation, it would not be normal for a mall to collect people&#x27;s ages at the mall entrance (the adult-only stores inside being a different story).<p>A website should have the option to verify age, and the alternative option to require no more than a self-reported &quot;are you at least 18? yes no&quot;. Government-mandated age verification is burdensome to small websites, especially small platforms for user-generated content. If a website could choose to remove potentially harmful content instead of verifying age, then the burden would still be too large for small websites. Might as well not host user-generated content at all. Large internet companies like Google and Facebook would eat the costs either way. Small websites would have to rely on third-party age verification services. Software for age verification will be predominantly proprietary or not available to the general netizen or both, so the average person won&#x27;t be able to know how much information the websites collect and store. What&#x27;s more, lawyers and judges in privacy-related or accuracy-related court cases (especially regarding biometric verification) will have a hard time examining the software.<p>Making every website collect information the way a bank does is applying a hammer to problems that are not nails. Don&#x27;t make the entire internet a bank. And as Mike Masnick wrote, &quot;The Internet Is Not Disneyland; People Should Stop Demanding It Become Disneyland&quot; [1]. &quot;Are you at least 18? yes no&quot; paired with proper parenting&#x2F;caretaking can go a long way. Proper caretaking is not simply knowing what the child does on the internet. It&#x27;s knowing that the child might visit the internet while the caretaker is occupied. It&#x27;s teaching the child early on that not all websites are for children. It&#x27;s setting up parental controls while understanding that parental controls are imperfect, like one slice of Swiss cheese [2]. You are a Swiss cheese layer. By teaching your child what to do if they stumble upon the wrong websites, you will be turning your child from a hula hoop into their own Swiss cheese layer. When you find out that your child stumbled upon porn, you can talk to your child about the incident. As a caretaker, damage control is a necessary part of determining healthy boundaries. Additionally, I don&#x27;t expect the damage to a younger child from accidentally viewing porn to be as proportionately severe as the damage to an under-21 college freshman from drinking alcohol at a party. You can&#x27;t talk brain damage from drugs out of someone. But I&#x27;m assuming that you can talk the harm from an accidental porn incident out of your child.<p>I like the idea posed by mjevans [3] to make websites respond to a self-reported &quot;kid mode&quot; - as a header in a web request, I presume - by redirecting to a child-friendly site. Websites could also respond by serving only content manually confirmed to be child-safe according to the website&#x27;s interpretation of the law&#x27;s definition of child-safe. As part of supporting the &quot;kid mode&quot; header, the website would have to respond with a &quot;kid mode&quot; confirmed. Parental controls on the device would include the &quot;kid mode&quot; header in all web requests whenever kid mode is on. If the website doesn&#x27;t return the &quot;kid mode confirmed&quot; header then the parental controls can cancel the website visit. Adults would simply leave kid mode off for themselves. The burden on websites (learning how to send a 301 redirect status code at the simplest) would very low, and would avoid the data collection and other privacy problems of age verification.<p>[1] <a href="https:&#x2F;&#x2F;www.techdirt.com&#x2F;2022&#x2F;09&#x2F;20&#x2F;the-internet-is-not-disneyland-people-should-stop-demanding-it-become-disneyland&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.techdirt.com&#x2F;2022&#x2F;09&#x2F;20&#x2F;the-internet-is-not-disn...</a><p>[2] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Swiss_cheese_model" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Swiss_cheese_model</a><p>[3] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38903965">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38903965</a>

This is not just beyond idiotic, this is straightforward evil and dangerous.

Good.<p>Will they make search engines provide relevant porn results for me then? I have to wade through thousands of irrelevant and disgusting stuff that doesn&#x27;t fit my porn needs.

&gt; Irish State announce plan to build a porn preference register for most of the EU<p>They (the Irish state - ministers, elected officials) shall do it forst and publish it. Then we will follow suit. &#x2F;s

&gt;live selfie<p>Why not just make everyone live stream their wank? &#x2F;s

I&#x27;m pretty libertarian when it comes to things like drugs or sex work, but it&#x27;s hard for me with porn. Maybe because I&#x27;ve been addicted to it for 20 years at this point so it&#x27;s personal for me. You can call it a parenting failure or whatever, either way I&#x27;m addicted to porn and I think it will stay with me forever simply due to my lifestyle of remote tech worker. Luckily, it&#x27;s not totally crippling, but it&#x27;s definitely hampered my development<p>I don&#x27;t know what a reasonable solution is. We forbid selling alcohol &amp; cigarettes to people under a certain age because we deem it unhealthy for children&#x27;s development, but we don&#x27;t have the tools to do that for internet porn on a societal scale. Is digital ID the right solution here? Is there a better way to do this? The HN mentality is to tear down digital walls, and is it even possible without seriously harming the open web or personal privacy &amp; security?