Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
It gives the parents the tools to age restrict things, but does not require parents to use them or use them well.
Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple. Why am I rate limited though? Dang must hate this opinion.
From a parent's perspective, that's the great part about bubbling it up to the OS user account level.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.
So you're advocating for stronger and more invasive controls?...
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
> I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop.
It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.
If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.
When parents are controlling the software they can decide which kinds of content are appropriate for their children.
I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.
There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.
Barriers like that for accessing 18+ sites would be so much better than nothing.
And cheat devices can be taken away as soon as the parent notices them.
I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.
I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.
Yeah, let's just boil the frog here. Makes sense.
> it's seems to solve the user journey
There is software that does this already. Concerned parents do not actually lack for options in any sense.
> It's effectively just standardizing parental controls.
You could _literally_ just standardize parental controls instead.