[mrmanner]

> On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.

In this scenario the government knows all the age-restricted sites I've visited. I'd argue that is worse than if all the age-restricted sites I've visited know who I am...

(FTR I don't know what I think about age restrictions in general, but I'm pretty sure there's no implementation that comes without negative side effects)

[Ajedi32]

Not necessarily. The age verification proof doesn't need to be site-specific. But again, that reduces the incentive "for the citizen to make sure their authentication isn't shared" because there's nothing tying it to them.

I also kinda hate the whole idea of needing explicit permission from the government to access the open web, regardless of whether or not they know which specific sites they're giving me permission to access.

[immibis]

There's actually a much better idea that's been floating around. Require over-18 sites to set a certain header. Then anyone who wants to can install a browser on their kid's device that will block pages with the header. There's no privacy implications, no surveillance implications, no need to make VPNs illegal as long as they pass it through; it's just a plain old parental block with a regulation keeping it always up to date. Yes, you may have to stop your kid installing random software on the device to bypass whatever blocking you set up, but you had to do that anyway. If it's Apple or Google they could easily enough require everything in the app store to respect the flag when the device is set to kid mode.

(If the government does the incredibly overbearing thing and does not do the simple and effective and unintrusive thing, it proves their motivations are surveillance)

[gjsman-1000]

Already exists; the industry called it RTA (Restricted To Adults). Nobody used it... and it's 19 years old. Complete failure categorized under "we already tried that."

https://www.rtalabel.org

You can use it too, just put this in as a meta tag:

<meta name="RATING" content="RTA-5042-1996-1400-1577-RTA" />

Or send the following header:

Rating: RTA-5042-1996-1400-1577-RTA

[Ajedi32]

Was it legally mandated? I think that's the main idea GP is proposing. Obviously without any incentive to actually implement it there's no point.

[philipkglass]

I don't think that it matters. The big porn sites have served RTA tags for many years. Android, Windows, macOS, and iOS can all be configured to block adult content tagged with this system. That still hasn't stopped a bunch of states from passing age verification laws ostensibly targeted at protecting children from these sites.

[immibis]

Because the laws aren't about protecting children. If they were, they'd say browsers have to enforce this header and sites have to send it.

[stevenicr]

In order to accomplish that working, you'd have to legally mandate parents put the blockers on their kids devices.

Similar things exist that block based upon lists and content keywords and such.

Most parents do not want to block stuff from their kids or they would be.

If thousands of them demanded that devices came with blockers then the market would provide such devices.

Many moons ago you could argue parents did not know what the youngins would find on the internet. Today's parents definitely know, and most do nothing to restrict access.

[immibis]

It doesn't have to be mandated - parents could choose.

Even if it's mandated that kids can only use phones with a special "kid mode" turned on, even if you had to present ID to turn it on or off or buy a phone with it turned off, that would still be way less bad than what's being rammed through parliaments right now.

[namibj]

Germany let's the ID cards themselves mint such proofs in a way similar to how Intel's attestation doesn't leak the CPU's serial number.