@[email protected] @[email protected] @[email protected]

The Brazilian flavor of age checking explicitly prohibits self-declaring (“vedada a autodeclaração”). Estimation of age via selfie or behavioral analysis, as well as the need for government-issued IDs, perhaps validation via credit card microtransactions, are some of the accepted age verification mechanisms for Lei 15211 (“ECA Digital” or, more informally known as “Lei Felca” due to the involvement of a YouTuber sub-celebrity on getting this thing to Brazilian lawmakers). Doing age bracketing via self-declared mechanisms, such as birthdate input or the usual consent button, risks fines and other provisions.

KYC (“Know Your Customer”) is, deep down, what these laws are going to be about, ID checks as sine qua non part of purposefully vague-worded laws with broad and outreaching enforcement, so tech organizations and companies worldwide, especially the smaller ones, will eventually find themselves in a situation where they are legally compelled to implement everything that’s being pushed as part of these dystopian laws. After all, it’s far from being just a Brazilian or a Californian thing.

Currently, yes, we’re seeing this law-concept restricted to a handful of places such as some USian states, as well as countries such as UK, Australia, Canada, now Brazil… Zoom out, however, and you’ll realize how this thing is gradually spreading worldwide because this is the only way for age verification to get effectively enforced.

You read it correctly, those laws are very likely getting to more and more countries, eventually turning KYC into part of international, industrial standards. Nothing too hard for big corps to do on their own, such as Google and Microsoft, even Canonical and Red Hat which are large companies, but small companies will end up being pushed into relying on non-free third-party KYC services in order to comply with age verification.

Such situation would end up benefiting the big players, with KYC services such as Persona becoming the new ubiquitous Cloudflare when it comes to this digital landscape. KYC gates, in this sense, would become the new CAPTCHA, Biometrics-as-a-service would become the new normal, true FOSS projects would become unlawful a priori while large corporations would thrive with another data point for tracking and advertising, and as the tolerance bar gets lowered, people will end up used to it, because any attempt to be against it will lead, at best, to social ostracization…

I don’t know, maybe I’m being overly pessimistic about it, but I can’t help but notice how dystopian things, some of which were long foretold and were warned about, are slowly taking away our privacy and freedom…