Full Report
Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.
Analysis Summary
# Main Topic
The necessity and implications of shifting internet services, particularly social media, towards a standard of verified user identities, spurred by new legislation in Australia banning social media use for those under 16.
## Key Points
- Australia's new legislation banning social media for under-16s serves as a test case for the effectiveness of age restrictions and prompts a global reassessment of online identity standards.
- Banning access may inadvertently increase demand for illicit access and push minors toward potentially more dangerous alternatives ("Denial fuels demand").
- The core issue is protection from harmful content, abuse, and fraud, applicable to all users, not just minors.
- Identity verification technologies being proposed include real-time facial determination, use of government-issued ID, or financial documents, all raising associated privacy concerns regarding data collection and storage.
- The current system allows anonymity, which facilitates bullying, abuse (including extreme examples like death threats against sports figures), and cybercrime without accountability.
- A key proposed solution is distinguishing between verified and unverified users, which would allow users to filter out abuse originating from the unverified population.
- Verification does not equate to removing anonymity in terms of public presentation (e.g., users can still choose a pseudonym), but it ensures attribution to a real, verified individual for law enforcement purposes.
- Extending verification concepts could also benefit email inboxes by filtering communication from unverified senders to mitigate spear-phishing and targeted attacks.
## Threat Actors
- **Cybercriminals and Fraudsters:** Mentioned broadly as actors engaging in phishing, romance scams, and financial fraud, utilizing the current lack of accountability online.
- **Abusive Users (Unattributed):** Individuals employing extreme verbal abuse, including death and rape threats, often directed at public figures (e.g., Premier League managers/players).
- **Note on Anonymity:** While specific threat actor groups are not named, the analysis heavily implies that the *ability* to remain anonymous without identity linkage is the primary enabler for malicious behavior.
## TTPs
- **Abusive Posting:** Directed harassment campaigns on social media, sometimes involving extreme threats (death/rape).
- **Deception/Fraud:** Utilization of anonymous accounts to conduct phishing, romance scams, and financial fraud.
- **Circumvention of Controls:** Under-16s attempting to circumvent age bans, potentially using fraudulent age declarations.
- **Evasion:** Use of VPNs to make tracking difficult for abusers.
## Affected Systems
- **Social Media Platforms:** Directly impacted by the new Australian legislation requiring enforcement against under-16 users.
- **Internet Services/Apps:** The broader scope of the discussion includes any platform that relies on user interaction, exposing users to abuse or fraud.
- **Email Systems:** Suggested as an area where verification filtering could mitigate spear-phishing attacks.
## Mitigations
- **Regulatory Enforcement:** Implementing legislation that bans specific age groups (e.g., Australia's social media ban for under-16s).
- **Identity Verification Implementation:** Integrating technologies that verify a user's identity against real-world documentation, even if profiles remain pseudonymous.
- **User-Side Filtering:** Allowing users to filter interactions to only receive content or communication from verified senders (similar to email inbox filtering).
- **Platform Accountability:** Ensuring that verified users who make extreme threats face legal consequences, as their identity is no longer anonymous to the platform/authorities.
## Conclusion
The current decentralized and anonymous nature of online identity is increasingly proving inadequate for protecting users from wide-scale abuse, fraud, and harmful content. While direct content bans (like Australia's) are unlikely to solve the root problem, implementing a tiered system distinguishing verified from unverified traffic offers a significant potential mitigation layer. This shift requires balancing user freedom with the necessity for accountability, as verification ensures that malicious actions are attributable to a real individual, adding a crucial layer of deterrence against cybercrime and online harassment.