alt Hacker NewsMeta Platforms: Lobbying, dark money, and the App Store Accountability Act
Comments
I'm incredibly dubious of the conclusions of this researcher. Claude Opus was used to gather and analyze all of the data.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
Does this surprise anyone, just over a decade ago there was a whistleblower who said the government was spying on its own citizens. The president and half the country called him a traitor. The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification. That includes working any job that also requires the use of that tech(Basically all jobs). The only thing that talks is money and when half your workforce is not working(or buying anything because they aren't working) then things will get changed real quick. But most people don't want to do that because no one is willing to suffer short term for long term gains. The govt and 1% know this that's why they increment it slowly overtime with generic causes like "save the children"
It's easy to lie to an OS about your age because it's a single-user experience, and if your parents allow you to lie (or don't know), that's all it takes. Social networks are so much better equipped to estimate age because they have a simple double-check, which is that most kids follow other kids in their grade level.
The patches on top of this are really bad. For instance, we are seeing "AI" biometric video detectors with a margin-of-error of 5-7 years (meaning the validation studies say when the AI says you're 23-25 you can be considered 18+), totally inadequate to do the job this new legislation demands.
I'm not sure I fully grok the hypothesis that Meta is materially advantaged by pushing for OS-level age verification. I suppose its another intelligence signal for ad targeting, but they have to believe that at least on platforms like iOS this signal is going to be obfuscated from them. Its hard to believe it'd be any more valuable than the other non-verified heuristics they're already gathering.
Arguably they would be more materially advantaged if they were forced to KYC/validate ages, not the platform; because sure, there's a cost to doing it, but presumably having hard data on who your customer actually is, with age and address and everything, is worth a lot more than the verification cost. And being able to say "We're legally required to gather this" gives a lot of PR cover (even though it'd be followed with "but we're giddy to do so and we will abuse this data and you every way we possibly can. No one at Meta believes you are human. We hate you as much as you hate us, but we're stuck in this together, endlessly loathing the supernatural force that keeps us working together.")
But, On the flip side: I also don't doubt that Meta is doing this, because the purpose of a system is what it does, and the leadership at Meta has done nothing in the past four years to demonstrate that they're capable of cogent thought and execution. We want to believe there's some evil plan, and maybe there is, but in all likelihood one day we'll learn that they're just... unintelligent.
Age verification is merely the background task to set up infrastructure for OS to provide many many other signals about who's using the device.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
For a project attempting to track these and coordinate technical resistance, see: https://github.com/AntiSurv/oss-anti-surveillance
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
Main takeaway:
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a "grassroots" child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta's apps face zero new mandates.
What I'm confused about is how the proposed bills would apply to servers.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
Every single Linux kernel currently operating within the borders of any of these states should turn itself off and refuse to boot until an update is installed after these bills are rolled back.
We should also update all FOSS license terms to explicitly exclude Meta or any affilites from using any software licensed under them.
The same sort of thing is happening for the 3d printer laws. Some company is trying to legislate its own software into ubiquity (guns first, then copyright enforcement) and then double-dip by charging both IP holders and printer manufacturers for their "services".
Bravo, some actual journalism! I wish a professional media organization had done this research. It seemed obvious this was a coordinated wave but I always figured it was moral busybodies.
EDIT: why is it deleted now?
Only 26 million is way way lower than I expected, especially given how much these companies make in profit
It was removed. Here is the archived version:
https://web.archive.org/web/20260313125244/https://old.reddi...
Damn, had to scroll a couple of comments to find this:
Anthropic donated $20 million to Public First Action, a PAC that promotes Republican Senator Marsha Blackburn and her sponsored Kids Online Safety Act (KOSA), a bill that will force everyone to scan their faces and IDs to use the internet under the guise of saving the children.
The legislative angle taken by companies like Anthropic is that they will provide the censorship gatekeeping infrastructure to scan all user-generated content that gets posted online for "appropriateness", guaranteeing AI providers a constant firehose of novel content they can train on and get paid for the free training. AI companies will also get paid to train on videos of everyone's faces and IDs.
As for why Blackburn supports KOSA:
Asked what conservatives’ top priorities should be right now, Senator Blackburn answered, “protecting minor children from the transgender [sic] in this culture and that influence.” She then talked about how KOSA could address this problem, and named social media platforms as places “where children are being indoctrinated.”
If Anthropic, the PACs it supports and Blackburn get their way with KOSA, the end result will be that anything posted on the internet will be able to be traced back to you.
When I moved from Sweden to Ireland and realized the Swedish central address registry makes moving fantastically easy, I started dreaming of a central registry where consumers and producers could meet. I can give my supplier access to exactly the information they need, and nothing else. I can revoke access when I feel like it. Like OAuth2 for personal data. They can subscribe to updates. It could be a federated protocol.
Not saying I think it's a good idea to provide the year of birth to all sites, but (session ID, year of birth) is the only information they would need. The problem is proving who's behind the keyboard at the time of asking, which would require challenge-response, and is why I think this should be an online platform, not a hardware PKI gadget with keys inevitably tied to individuals.
Age verification is surveillance. The organized campaign to push age verification is not actually trying to protect children. You can’t do age verification without identity verification. You can’t have internet privacy and identity verification.
The OP’s point can be interpreted as describing the automation and mechanization of this kind of targeting, which would likely become necessary if the scope of prosecuting so-called “thought crimes” continues to expand.
O great more big money warping our lives for the worse.
I’d write my senator but they won’t do shit. Is there anything that can seriously be done?
the post getting mass-reported off reddit twice is the best evidence that the research is accurate lol
The primary goal of these efforts is to control communication and the flow of ideas. Information is a control mechanism, since we act on what we believe.
In history we had four media revolutions (printing press, radio, television, Internet), each greatly disrupting and reshaping society. This is the fifth (social media and maybe AI).
All these revolutions had the same theme: increased reach of information, increased speed of transmission, increased density (information amount per unit of time), and centralization of information sources. Now we seem to reach the limits of change. No more reach, since our information networks span the entire globe. No more speed, since transmission times are close to how fast we can perceive things. The only things left to change are even more centralization and tighter feedback loops (changing the information based on how the recipient reacts).
Given all that, this media revolution might be the last one, so there is a gold rush among the elites to come out on top.
How is this preventing anyone booting up an old pc and sharing a usb key data. This is utter nonsense made to control people and instigate fear and self censorship... this is 'the system' discovering the internet in slow motion and immediately pushing its boot over it. We live in an artificial moral panic that should have no place in the minds of smart people.
This feels like a waste of time and money. Why are people so interested in tracking people who on average can't read or write better than a 12 year old child? By my count, I'm assuming things will be increasingly degraded for about the next 8-10 years or so.
Wrote to my state representative this morning.
Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you're over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor's cloud. The EU's Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don't act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.
The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.
I don't understand why nobody in the comments is freaked out about this. This isn't just "oh Google knows my age", or "oh politicians being corrupt again!" This is "the government made a law that every computer in the world must track every person's identity and send it to the cloud".
No offline devices. Commercial vendors get your biometric data (and the equivalent of your driver's license / SSN). Every application on the OS can query your data.
If you think it stops with one bill, after they get all the infrastructure for this in place? You're fooling yourself. The whole point of this is to identify you, on every web page you visit, every app you open, on every device you own. Once bills are passed, it's very hard to get them revoked or nullified.
This is the most aggregious, authoritarian, Big Brother government surveillance system ever devised, and it's already law. I am fucking terrified.
(Yes, the EU has a less horrifying version of this. But Google, Apple, and Microsoft still control most of the devices in the world, and they are US companies.)
Here is an Archive: https://arctic-shift.photon-reddit.com/search?fun=ids&ids=t3...
I don't understand it . There are so many ways to child-proof a device . Google Family Link and the Apple equivalent . Use cloudflares Family dns (blocks porn websites etc ..)
Instead of just creating a course that explains how to child-proof a device, we have to surveil everyone.
This discussion, being so timely and important, inspired me to draft an article that explains a possible third way that might not have been fully considered. I would be humbled and honored to receive any feedback:
https://www.robpanico.com/articles/display/presence-derived-...
(posting link because it would be too much for a comment)
The idea that it might cost "someone" $2 every time a user opens and app AND it sends a bunch of private data to a 3rd party is completely dystopian, let alone everything else.
And a serious question: with deepest respect to the author for their extraordinarily impressive time and effort in this investigation... Why was this not already flagged by political reporters or investigative journalists? I'm not American so maybe I don't understand the media structure over there but it feels like SOMEONE should have been all over this way before it's gotten to the point described in this post.
for ~2 decades i have attended events, written to my representatives, proposed solutions to whoever i can, and encouraged my students to do the same as various attempts are made to strip regular people of their privacy. for ~2 decades now, i have been trying to fight this fight.
one scary observation is that each year, less and less people care. at least, this is true among my students. plenty of them believe the 'protect the children' line and are more than willing to do whatever the government/big tech suggests. or they just shrug ("what difference would i make?").
for context, i teach at a college level, in tech. a few of my classes are from the cybersec program, one of the programs that should understand and care about the implications of bills like these, and even the majority of them do not care about this stuff anymore. they grew up with instagram and facebook and cameras everywhere. they grew up knowing that any little fuck up they have is recorded and posted online. they know that by the time they go to college, all of their data has already been leaked a few times. they never really had an expectation of privacy in the first place, so it just isnt a big deal.
as someone who interacts with this next generation of "hackers" on a daily basis... the concept of cypherpunk is gone. i got into this field because of my beliefs. they are going into this field because they want a chance at buying a house some day, and know that big tech has big bucks.
i am tired. and i recognize that this is exactly what they (lobbyists, meta, etc.) want! but i am tired and discouraged. more and more i find myself having to actively fight the urge to give up. i am not ready to give up just yet... but, i am sorry to say that as someone closer to retirement than i am comfortable admitting, i only have so much energy left.
TLDR: Meta want to push all the age verification requirements onto the OS makers (Apple, Google, everyone else gets caught in the crossfire) so that they don’t have to do anything AND they want it done in such a way that they can use it to profile people to push them targeted ads.
Its like they want to keep being seen as the bad guys.
Jesus. As an American I can do my part, but it’s not much.
$70 million is chump change for Meta, yet is far more money than I’ll ever have and does so much to influence state legislation.
This is really interesting. I can see the concern about accountability in app stores. Curious how you think independent verification of app policies could be implemented.
What I find interesting is how this legislation suddenly leads to some open project give in and submit - see MidnightBSD wishing to spy on people via a daemon now. Linux will probably follow suit via systemd; an appropriate name would be systemd-sniffy, to sniff for user data and warn the authorities "WARNING - 15 YEARS OLD IS WATCHING SOME P..., SHUT DOWN THE HOUSE!!!". And the legislation calls this safety. And freedom.
It is like in the novel 1984. But stupid. Probably more like minority report - but also stupid. All aided by Meta bribing lobbyists to do their bidding.
Oh look, the Heritage Foundation, the ones who wrote up the "Project 2025" agenda for most of the corruption and authoritarianism that has plagued America in the last year.
The very last people you should trust when it comes to "protecting the children."
If politicians care so much about protecting children, then why aren't they going after the rich and powerful child abusers mentioned in the Epstein files?
Just generally, a good piece of context to keep in mind whenever you see electronic surveillance, backdoor, or anonymity-piercing legislation or legal efforts, _particularly_ when they're framed as protecting minors, is that Jeffrey Epstein's primary mode of communication with his co-offenders was Gmail, frequently via a BlackBerry.
See? It was never about children. Never fails.
Corporations literally buy the laws they want and Silicon Valley is the newest lobbying monster. Genuinely terrifying.
I was already on my way to de-internetizing and de-digitalizing my life, this just makes it more of an imperitive.
Have at it Meta, you broke it you most certainly bought it!
Eh... That "[removed]" there means there was something to read and now it's gone?
At least the author posted a link to the dataset in a comment so it survived:
https://github.com/upper-up/meta-lobbying-and-other-findings
The guy posted a Ask HN there:
https://news.ycombinator.com/item?id=47361235
https://github.com/upper-up/meta-lobbying-and-other-findings...
The post looks to be deleted. Anyone know a way to view the original content?
I'm surprised the "laboratory" of the globalist elite, India, hasn't implemented this yet.
Digital-ID (Aadhar) was heavily pushed by USAID and other US-deepstate associates; the same with digital-money and the "demonetization". Bill Gates's org actively tests out things on actual humans like guinea pigs, before globalizing the "solutions". These days all of this is kind of redundant since the phone-number + verification has become essentially a necessity to live in the city in any part of world today.
The prev. Govt. had considered doing this "login with your ID or no internet" scheme (to "protect" people no doubt) back in 2012s - there were explicit statements about disallowing people who would not authenticate with Aadhar, but it was shelved (likely because of their unpopularity).
If our current "Dear Leader" were to propose this, I think a significant population would opt-in simply because of a sense of belonging to a hero-worship-cult.
The state is determined to ensure that every human be their slave.
Am I the only person who recognized that this bill explicitly does not require any sort of id verification? The point is to make apps and websites more accountable.
America will just get behind even more as years pass behind Europe in terms of proper regulation of the digital economy, which benefits citizens instead of companies and rich billionaries.
The reason is that europeans have nothing to win from those "winner-take-all" platforms the US has built in the past decades. Europe has built zero of them.
It contributes very little to Europe's GDP or the overall being of the european. And in some cases, it eats Europe's GDP, moving economic activity back to the US. This is different than for Americans which big tech is a net-positive contributor to society in my POV, mainly because how much economic activity $ it generates.
Big techs provide huge paychecks and made a lot of people rich in the US, and most of its GDP growth in the last decade. But it's a double-edged sword.
They will make laws in favor of them in detriment of the average American, while minting more billionaries than Europe could ever dream of.
Europe will take a long time to get the digital revolution the US already did, but it'll mostly come from regulations and government initiatives. And will be net-positive for humans living in Euope, not for owners of corporations.
Anyone reading this purely as a child safety or campaign finance story might miss the broader architectural war happening here. If you zoom out a little, this is the inevitable, scorched-earth retaliation for Apple's ATT rollout from a few years back.
Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.