If I’m not mistaken, Meta has been lobbying heavily for all of these age-verification bills lately.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
It should be externalized to a degree. Facebook shouldn't be the ones verifying age, but there should be a trusted 3rd party service that does that, which just tells facebook "yes this user is old enough to use your service" or "no they're not old enough".
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
Or, and hear me out, _maybe our computers shouldn't spy on us in the first place_?
So which situation do you want instead of anonymous age verification:
A) 18+ content is behind a pinky swear
B) 18+ content is behind a parental control (what this bill would do)
C) The internet can't have 18+ content anymore
D) Some other system? Please describe it.
(A), honestly.
You might think you can keep 16 year olds from looking at porn, if they want to. You can't. You have never been able to. All you can do is teach them that the law is stupid and pointless, and they should treat rules with contempt. But they'll still be able to look at porn.
What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
Yeah, I agree with this. I think age-related content moderation is a losing fight and one that will create more contempt for laws, more surveillance, and much more PII surface area that will be exploited.
There are really two "core" issues at play:
1. The prudish nature of US society
2. The fact that we don't have data privacy laws and restrictions on digital surveillance by private companies
Does "the government doesn't get to decide what people can look at on the internet" count as C or D to you? It is the situation we've been in technically for 20 years now anyway; the world hasn't ended and it generally seems to be pretty workable. The status quo isn't an especially radical one.
I'm reminded of a video essay I watched about AI once, which took a side tangent into surveillance capitalism:
"Google's data harvesting operation became a load bearing piece of the Internet before the public understood digital privacy. And now we can't get rid of it."
The public has been conditioned to expect web services free at point of use. Legitimately it's hard to monetize things like YouTube without ads, and I get that. But turning our entire ecosystem of tech into a massive surveillance mini-state seems like an astonishingly shitty idea compared to just... finding a way to do advertising that DOESN'T involve 30 shadowy ad companies knowing your resting blood pressure. My otherwise creative and amazing industry seems utterly unwilling to confront this.
Edit: Like, I don't know, am I crazy for thinking that simply because we can target ads this granularity, that it simply must be that? I get that the ad-tech companies do not want to go back to blind-firing ads into the digital ether on the hope that they'll be seen, but that's also plus or minus the entirety of the history of advertising as an industry, with the last 20 or so years being a weird blip where you could show your add to INCREDIBLY specific demographics. And I wouldn't give a shit except the tech permitting those functions seems to be socially corrosive and is requiring even further erosion of already pretty porous user privacy to keep being legally tenable.
You are not crazy for thinking that.
However it appears that it takes pretty disasterous consequences for us to be able to walk anything back.
“Impossible to get a man to understand a thing, when his paycheck depends on his not understanding it.”
> It should be externalized to a degree.
Why?
We don't externalize age verification when buying alcohol or visiting the strip club. It's on the responsibility of those establishments to verify age.
> Why?
I think that main goal would be to keep the ability to have accounts be anonymous or pseudo anonymous.
If social mean company has to verify an accounts age themselves they then have to use some for of official government identification and with that any chance of anonymous or pseudo anonymous access.
Facebook has less than zero interest in allowing people to use their platform anonymously. They very much want to know everything about their users including their age and they would never back a law that would stop them from collecting that data. Now that you know that facebook isn't pushing this law to protect anyone's anonymity why do you think they're doing it?
> Now that you know that facebook isn't pushing this law to protect anyone's anonymity why do you think they're doing it?
My comment was not about what I knew/know about facebook or not. I was answering the question of why age verification should be externalized to a degree and in this case externalized means the power stays with the user and parents rather than being in the hands of say facebook/meta.
I was not talking about why facebook/meta would want it or not want it. Large companies want lots of different things. Sometimes it is required to know their motivations to discuss or decide on something. I think it can be detrimental to do that though without discussing/analyzing a topic/idea on its own merits first or at least parallel. My comment was focused on the merits not the motivations or desires of companies like facebook.
The point is that you can't just externalize age verification and expect that data to never be sent to facebook because facebook needs that data to do anything (good or bad). It doesn't matter if your OS broadcasts that your child is 6-9 to facebook or if facebook has to ask the government to tell them that same information, either way, in the end facebook will know that your child is 6-9. The power is then in facebook's hands. Facebook won't see a copy of their government issued ID, but what difference does that make when they've got their age, their selfies, and a list of every friend and family member.
In those in-person contexts, the identification document is still externalized - they're checking a government-issued photo ID in the vast majority of situations.
It works for the in-person context because it's a physical object, making it easier to control access to it. A high resolution picture of the same ID is a privacy problem as it can be copied, shared, transferred, etc without the knowledge of the ID holder.
[dead]
Do we make contractors do age verification on their supplies when building a liquor store or strip club? The OS is a tool used by Meta, just like the utilities and the compute itself.
Meta Apps can have age verification but it should be at the point of service, not the supply chain.
And even if we were to agree to this, uploading your IDs to an untrusted third party is asking too much.
uploading your IDs to an untrusted third party is asking too much.
So have the government do it? They already know who we are and when we were born.
It's not enough for the government to know. Platforms, websites, and advertisers want to know. That's why the law facebook has been pushing for doesn't have a simple "is 18+" flag but instead has a long list of age buckets so that advertisers and platforms can target specific demographics even when they are minors.
isn't that necessary because they have different protection levels?
The law doesn't require any protection levels at all. It just requires your OS to tell every website you visit which bucket your children fall into. Every website and platform can use that information in whatever ways they want, even if it's just to adjust how best to groom a victim or to decide which ads to push at a child. They could also use it to say that a 9 year old can't watch a certain video that a 13 year old can, but that would be entirely their choice.
That requires trusting a government with a power that is likely to be abused.
But they already know my age (and my address, and my SS#, and my income, and a whole bunch of other stuff).
The power to tell people how old someone is?
The power of correlating your real ID with your browsing activity on the internet.
I mean, as much as I don't want the Government to be able to do that, I don't want private industry to be able to do that even more tbh. Though both options are pretty horrendous privacy-wise.
I'm surprised that people think this is some new 'save-the-children' thing ? Didn't Zuck say like 10 years ago, you should not be allowed to be anonymous on the internet ? This just seems on-brand at this point.
Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
It gives the parents the tools to age restrict things, but does not require parents to use them or use them well.
Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple. Why am I rate limited though? Dang must hate this opinion.
From a parent's perspective, that's the great part about bubbling it up to the OS user account level.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.
I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.
There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.
Barriers like that for accessing 18+ sites would be so much better than nothing.
And cheat devices can be taken away as soon as the parent notices them.
So you're advocating for stronger and more invasive controls?...
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
> I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop.
It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.
If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.
When parents are controlling the software they can decide which kinds of content are appropriate for their children.
I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.
I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.
Yeah, let's just boil the frog here. Makes sense.
> it's seems to solve the user journey
There is software that does this already. Concerned parents do not actually lack for options in any sense.
> It's effectively just standardizing parental controls.
You could _literally_ just standardize parental controls instead.
> trusted 3rd party service
So we have to pay some 3rd party service to hoard information about Children? Why we want to set that up? Why would we want to take that power from the parents and give it to some company?
I guess the point is: delegate to kernel, then “oh, people with root can bypass with modules? Secure Boot!”
And just which third party do you trust with your identity?
> but there should be a trusted 3rd party service that does that
No, there shouldn't be any such thing; everyone pushing for any shape of this should just bugger off.
I want to be able to hire a licensed Identity Service Provider that gets all of my verified identity data in an encrypted token and let me register it with the OS, and control what amount of the data I expose to apps, with age verification being one of the lower levels of access.
I pay the company to verify me, I am their customer. They take on the liability of the OS makers and app makers of age verification.
If you have a valid token signed by a licensed IDS that verified your age in your OS, that's all anyone needs to know.
> Facebook shouldn't be the ones verifying age
So, they want to profit off children, but do nothing to protect them?
> but there should be a trusted 3rd party service that does that
Gee, if only Facebook would use their incredible might to create this, rather than trying to rob our representative government from underneath us.
> It abso-fucking-lutely should not be at the OS level though
It's not my problem. It shouldn't involve me at all. I don't use social media and I think if you let your kids on there unsupervised you have a screw loose.
A different approach that would keep incentives properly aligned is for Facebook (et al) to publish labels in website headers asserting the age (and other) suitability of content on various sections of the site. It would then be up to client software (eg a browser) to refuse to display sites that are unsuitable for kids on devices that have been configured for kid use.
As there has been a market failure for decades at this point, it would be reasonable to give this a legislative nudge - spelling out the specific labels, requiring large websites to publish the appropriate labels, and requiring large device manufacturers to include parental controls functionality. The labels would be defined such that a website not declaring labels (small, foreign, configuration mistake, etc) would simply not be shown by software configured with parental controls, preserving the basic permissionless nature of the Internet we take for granted.
But as it stands, this mandate being pushed is horribly broken - both for subjecting all users to the age verification regime, and also for being highly inflexible for parents who have opinions about what their kids should be seeing that differ from corporate attorneys!
Sometimes even things that are good for Meta are good for the rest of us. This law, and the one in California, mean that liability is disclaimed as long as the parent selects an age above 18 for the child. It's like a section 230 for age protection. Meta supports this because they won't be liable for wrong age inputs, and we should also support this because it doesn't verify age in any other way.
Don't kid yourself, Meta already knows the age of all its users, at least within the broad categories that this bill defines.
If a company relies on self reported ages, they don't "know" it well enough to satisfy COPPA. Probably. I'm not a lawyer but I do keep up with the latest in privacy enforcement and I think this is the way things are headed.
For the record, I'm against age verification laws. But I think companies are pushing for them because of liabilities they face under other laws, not because they would actually like to have the data.
Legally, there's a difference between "knowing" and "accurate enough for loose cannon advertisers".
Yes, but they want to show children content that is not appropriate, then claim ignorance.
He doesn't want to have to stand up, turn around and apologize to parents on behalf of an asleep at the wheel Congress again.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
https://youtu.be/yUAfRod2xgI
How should they do it? Surely they don't have a responsibility to do something that nobody knows how to do?
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
>They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
OS-based age verification would also have to use a government ID. There is no alternatives to a government ID for such verification.
>OS-based age verification would also have to use a government ID.
Source? Another commenter claims the opposite: https://news.ycombinator.com/item?id=47416653
I see no such claim that comment said that the parent verifies the child. That that means that the parent must be verified. I don't see that approach having any chance of succeeding. It would be a much more invasive process to both verify the parent and the relationship with the child.
> They could require government ID to sign up and an adult sponsor to certify accounts for kids.
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it as an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
I think the public in general woul be happier with the office on the moon idea than compulsory Government ID requirements to use services.
It's only required for services that require it. The states are also regulating which services those are.
All you have to to to become a member of tautology club is to join tautology club.
It's up to parents to parent. It's not up to the government, and Facebook pushing this shit is evil.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
bad take man. these companies don't care about kids; they just want to take the responsivity off of themselves. they don't actually put any money towards child safety.
But the parent comment didn't say anything about companies caring. So you're not disagreeing with them, unless you think any selfish corporate action should be automatically opposed. And that would be a bad take; it's way too generic and applies to both sides of most issues.
What does this bill have to do with age verification?
It legally mandates the existence of a required "age" field in user account records, a user interface to populate it during account setup, a mechanism for service providers to read this field, and that providers act as if it has been populated accurately.
As someone who has been the de facto "system administrator" for my family's computer systems since kindergarten, this has to be one of the stupidest policies I've ever seen gain traction.
With all the LLM bots they need a new way to sort out the people from the machines to not lose ad revenue and to help their spook friends.
It's better for them if this "responsibility" rests with another organisation, they don't get blamed as much when the information leaks and it is replaceable.
Is there a problem with this? Most users are using an iPhone and most iPhones already know the accurate age of their user
I’ve heard Android is a more common OS. In any case, if your OS fails to ask a user their age, it’s banned.
Okay, sorry yes that was an oversimplification. Android does ask your age as well, so that's all of them for mobile phones.
Android doesn't ask your age, Google does for an account. You can use an android phone without a google account. Most people don't but the distinction is important because degoogled android phones will also have to comply.
No, unless the law mandates it.
So for example operating system that does not ask this question could simply declare itself "inappropriate"/"illegal" in the jurisdiction.
Say, GrapheneOS can explicitly disallow image downloads from Californian IPs and not sell phones with preinstalled GOS there.
You don't need to be complaint with the Mongolian law to sell in Burkina Faso.
Similarly they don't need to be complaint with Ohio law if they do not operate and have presence there.
American companies that decide to surveil users ont heir websites with pervasive tracking without consent would only contravene the European GDPR if they allowed EU users to use them. Block the EU (famous http/451), and they're in the clear.
IMO, but IANAL.
What about OSes that power shared devices you use in public, like airline ticket kiosks and bank ATMs?
I'm fine with default settings:
> for all users that the operator has actual knowledge to be a minor, the operator shall use specified default settings for the minor.
I just think it should be opt-in. Applications should presume <13 unless the user opts in.
That's the correct strategy, if anyone sues meta, meta can bring their age verifier into the lawsuit and blame them. It makes sense from a business perspective, insurance perspective. etc...
Yes
https://www.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a...
Really, I’m surprised that for all of the discussions on HN around these individual statewide acts that I see so little discussion of Meta as a primary force pushing them.
There are probably many more people that would profit off of it on HN.
I wonder if Meta monitors their employees comments on HN?
They don't but frankly no one who matters actually gives a s#it about HN anyhow.
HN is also much less representative of the demographics within the American tech industry now as well - almost all the references I see on here are stuff only men in their late 30s to 50s would recognize, and an increasing amount of users appear to be based in Western and Central Europe.
Heck, I'm on the younger end by HN standards (early/mid 30s) and when I introduced HN to my peers over a decade ago (this is my throwaway) even back then they complained that it was "toxic", "snooty", and "unhelpful". And it's reputation amongst the younger generation has only gotten worse.
HN has "SlashDot"ified, because most people are either in private groupchats on signal/imessage/discord or meeting each other with Luma invites.
Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
Don't get me wrong, it's good to know but it's not earth shattering information.
>Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
How does getting the OS to do age verification "get rid of anonymity online" or help "sell ads"? Assuming the verification is implemented in a competent way (ie. it's not just providing an id scan for any app to read), it's probably one of the more privacy friendly ways to implement age verification, that's also more secure than an "are you over 18" prompt on every website.
You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate our privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
> implemented in a competent way (ie. it's not just providing an id scan for any app to read)
What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
>You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate your privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case. The popular sentiment that smartphones and social networks are harming kids (thereby necessitating bans/verification) has been boiling over for a while now (eg. "The Anxious Generation, 2024", and the recent social media bans in Australia), and meta is just trying to get ahead of this with laws that favor them.
>What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
Probably less likely to cause vulnerabilities than web usb or web bluetooth , both of which gets some pushback here but nowhere as much an API that returns a number.
> If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case
No, I'm saying the exact opposite: Meta is just one player in a campaign from intelligence agencies and other tech companies who want to normalize mandated prompts in your OS that collect information. Right now it's "just a DOB field bro" turns into "well... people can lie with the DOB field, let's just add a ID check step in that dialog" and build on it from there. Of course the pot has been boiling for a while and it's not just Meta looking for regulatory capture.
> Probably less likely to cause vulnerabilities
I don't care about likelihoods, this "feature" inherently introduces more risk and for something I don't even want on my computer. Even a small chance that this can be abused is unacceptable.
I find it odd when people write off policies as using “save the children” or “protect women” as if this isn’t something people are really capable of thinking. You fail to understand why the Overton window has shifted because you fail to understand people really are worried about their children
I don't know of any surveillance state act that used "protect women" as their top line, but maybe I missed it.
> because you fail to understand people really are worried about their children
No, I completely understand but that doesn't give anyone the right to start mandating that we give up our privacy in pursuit of that. That's sorta the joke with "save the children", it's meant to tug at your emotions and make you look like a bad person for not consenting to massive overreach.
> Why does it matter specifically that Meta is doing it?
Their entire top leadership has shown a multi-year tendency towards psychopathy and lying. Knowing Meta is pushing this bill makes me want to understand why my views and theirs randomly agree as well as carefully read the bill text for any signs Adam Mosseri was within 500 feet of it.
> my views and theirs randomly agree
That's probably a sign that you should reevaluate your views.
> That's probably a sign that you should reevaluate your views
On its own? No. We probably agree on the need to drink water, that doesn’t mean I should now die of thirst.
I think? the most recent version of that post is https://web.archive.org/web/20260314074025/https://www.reddi..., which is "awaiting moderator approval"
I've seen skepticism about the veracity of the claims, in part as various sources cited in the git repo pointed to todo files not actual data[1] (in that example was only just hours ago a source file was added, when the project still claims part of the conclusions are based on data said to be contained there).
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
[1] https://web.archive.org/web/20260317184359/https://lobste.rs...
Meta is definitely helping to push this, but they aren't having to push very hard because its already in the zeitgeist. It's a classic moral panic. Millennials are raising kids and turning into their boomer parents.
Millennials had their hippie era in their 20s (same stuff their parents did rebranded as "hipster" instead of "hippie," where instead of building a lifestyle of free love and bong hits in the Haight-Ashbury, they built a lifestyle of free love and bong hits in Williamsburg Brooklyn).
Now in their 30s-40s they've moved to the suburbs, they're voting Reagan, and are falling for hysterical media-driven moral panics about "what kids these days are up to" just like their Boomer parents did in the 80s-90s.
What's even more funny about all these "social media is evil" legislative proposals, they're motivated by the idea of what social media used to be when millennials were in college...which doesn't even exist anymore.
The classic narrative that teens are depressed because they're seeing what parties they didn't get invited to is wildly outdated now. Social media isn't social anymore (see Tiktok), it's just algorithmic short form TV. Nobody is seeing content from their peers anymore.
In reality, most modern research on social media finds little to no affect on teen mental health. But of course, if you have ulterior motives to undermine privacy or shirk corporate responsibility under the cover of "saving the kids," this moral panic is an already burning flame waiting to be stoked.
It's amazing how many things We The People want our government to do that go ignored year after year, but the moment corporations want something laws get pushed through at lightning speeds. Does anyone actually think that masses of regular people in Illinois were begging their government to force operating systems to tell every website and advertiser how old their children are? They weren't. A small number of corporations with lots of money wanted that though. Bribing matters a lot more than voting.