[cosmos0072]

I am from EU, and contrary to age verification laws in general.

My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.

Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS

[heavyset_go]

> Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS

To be honest, I worry that the framing of this legislation and ZKP generally presents a false dichotomy, where second-option bias[1] prevails because of the draconian first option.

There's always another option: don't implement age verification laws at all.

App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried.

[1] https://rationalwiki.org/wiki/Appeal_to_the_minority#Second-...

[ndriscoll]

> App and website developers shouldn't be burdened with extra costly liability

Why not? Physical businesses have liability if they provide age restricted items to children. As far as I know, strip clubs are liable for who enters. Selling alcohol to a child carries personal criminal liability for store clerks. Assuming society decides to restrict something from children, why should online businesses be exempt?

On who should be responsible, parents or businesses, historically the answer has been both. Parents have decision making authority. Businesses must not undermine that by providing service to minors.

[Ray20]

> Why not?

This implies the creation of an infrastructure for the total surveillance of citizens, unlike age verification by physical businesses.

[ndriscoll]

Spell it out: how do ID checks for specific services (where the laws I've read all require no records be retained with generally steep penalties) create an infrastructure for total surveillance? Can't sites just not keep records like they do in person and like the law mandates? Can't in-person businesses keep records and share that with whomever you're worried about?

How do you reconcile porn sites as a line in the sand with things like banking or online real estate transactions or applying for an apartment already performing ID checks? The verification infrastructure is already in place. It's mundane. In fact the apartment one is probably more offensive because they'll likely make you do their online thing even if you could just walk in and show ID.

[pixl97]

>create an infrastructure for total surveillance

I mean, we're talking about age verification in the OS itself in some of these laws, so tell me how it doesn't.

Quantity is a quality. We're not just seeing it for porn, it's moving to social media in general. Politicians are already talking about it for all sites that allow posts, that would include this site.

So you tell me.

[ndriscoll]

App and website developers having liability is an alternative to OS controls. Mandatory OS controls are OS/device manufacturers having liability. I agree that's a poor idea, and actually said as much like a year ago pointing out that this California bill was the awful alternative when people were against bills like the one from Texas. It's targeting the wrong party and creates burdens on everyone even if you don't care about porn or social media.

[gzread]

Knowing if the user's over 18 doesn't imply total surveillance, it only implies a user profile setting that says if they're over 18.

[vaylian]

It implies that the user has access to the technical infrastructure that supports age verification. Sucks to be you, if you can't afford a recent Apple or Android device to run the AgeVerification app.

There is also the problem of mission creep. Once the infrastructure is in place, to control access to age-restricted content, other services might become out of reach. In particular, anonymous usage of online forums might no longer be possible.

[gzread]

That technical infrastructure: a drop-down menu on the user's account settings

[pc86]

Do you know what the word "infrastructure" means?

[gzread]

Do you know what "total surveillance" means? It doesn't mean a checkbox for over 18

[MonkeyClub]

> Physical businesses have liability if they provide age restricted items to children.

Ok, suppose the strip club is the website, and the club's door is the OS.

Would you fine the door's manufacturer for teens getting into the strip club?

[jerf]

Dueling physical analogies is never a productive way to resolve a conversation like this. It just diverts all useful energy into arguing about which analogy is more accurate but it doesn't matter because the people pushing this law don't care about any of them and aren't going to stop even if the entire internet manages to agree about an analogy. This needs to be fought directly.

[johnnyanmac]

>This needs to be fought directly.

How do we fight? It seems like agree or disagree, this isn't going to stop. There's so much money behind it in a time where the have nots can barely survive as is.

[ndriscoll]

The OS is not the club's door. The OS is unrelated. The strip club needs to hire someone to work their door and check ID, not point at an unrelated third party. They should have liability to do so as the service provider.

[scythe]

For one thing, it's fairly uncommon for children to purchase operating systems. As long as there is one major operating system with age verification, parents (or teachers) who want software restrictions on their children can simply provide that one. The existence of operating systems without age verification does not actually create a problem as long as the parents are at least somewhat aware of what is installed at device level on their child's computer, which is an awful lot easier than policing every single webpage the kid visits.

[ndriscoll]

So I agree that operating systems and device developers should not be liable. That's putting a burden on an unrelated party and a bad solution that does possibly lead to locked down computing. I meant that liability should lie with service providers. e.g. porn distributors. The people actually dealing in the restricted item. As a role of thumb, we shouldn't make their externalities other people's problems (assuming we agree that their product being given to children is a problem externality).

[gzread]

What if all the useful apps refuse to run on the childproof operating system?

[anthk]

Then ditch propietary software completely and join free as freedom OSes.

[scythe]

I think the market is pretty good at situations like that.

[MSFT_Edging]

> Physical businesses have liability if they provide age restricted items to children.

These are often clear cut. They're physical controlled items. Tobacco, alcohol, guns, physical porn, and sometimes things like spray paint.

The internet is not. There are people who believe discussions about human sexuality (ie "how do I know if I'm gay?") should be age restricted. There are people who believe any discussion about the human form should be age restricted. What about discussions of other forms of government? Plenty would prefer their children not be able to learn about communism from anywhere other than the Victims of Communism Memorial Foundation.

The landscape of age restricting information is infinitely more complex than age restricting physical items. This complexity enables certain actors to censor wide swaths of information due to a provider's fear of liability.

This is closer to a law that says "if a store sells an item that is used to damage property whatsoever, they are liable", so now the store owner must fear the full can of soda could be used to break a window.

[ndriscoll]

That's not a problem of age verification. That's a problem of what qualifies for liability and what is protected speech, and the same questions do exist in physical space (e.g. Barnes and Noble carrying books with adult themes/language).

So again, assuming we have decided to restrict something (and there are clear lines online too like commercial porn sites, or sites that sell alcohol (which already comes with an ID check!)), why isn't liability for online providers the obvious conclusion?

[MSFT_Edging]

> That's a problem of what qualifies for liability and what is protected speech

The crux is we cannot decide what is protected speech, and even things that are protected speech are still considered adult content.

> why isn't liability for online providers the obvious conclusion?

We tried. The providers with power and money(Meta) are funding these bills. They want to avoid all liability while continuing to design platforms that degrade society.

This may be a little tin-foil hat of me, but I don't think these bills are about porn at all. They're about how the last few years people were able to see all the gory details of the conflict in Gaza.

The US stopped letting a majority of journalists embed with the military. In the last few decades it's been easier for journalists to embed with the Taliban than the US Military.

The US Gov learned from Vietnam that showing people what they're doing cuts the domestic support. I've seen people suggesting it's bad for Bellingcat to report on the US strike of the girls school because it would hurt morale at home.

The end goal is labeling content covering wars/conflicts as "adult content". Removing any teenagers from the material reality of international affairs, while also creating a barrier for adults to see this content. Those who pass the barrier will then be more accurately tracked via these measures.

[gzread]

However there are also parts of the internet that are clear cut, like porn.

[MSFT_Edging]

What about nude paintings/photography that aren't made with erotic intent?

Anatomical reference material for artists with real nude models?

What about Sexual education materials? Medical textbooks?

Women baring their breasts in NYC where it's legal?

Where is the clear cut line of Pornography? At what point do we say any depiction of a human body is pornographic?

[gzread]

Some things being unclear doesn't mean all things are unclear.

[NoMoreNicksLeft]

>Plenty would prefer their children not be able to learn about communism

Plenty of people would prefer that children not learn about scientology from pro-scientology cultists too. It's not that they can't know about scientology (they probably should, in fact, because knowledge can have an immunizing effect against cults)...

And it's not that they can't know about communism (they probably should, in fact, because knowledge can have an immunizing effect against cults)...

[MSFT_Edging]

Would you also be against learning about Capitalism from the Heritage foundation?

This is a comment section about large corporations lobbying against our ability to freely use computers and you break out the 80's cold war propaganda edition of understanding a complicated economic system that intertwines with methodology for historical analysis with various levels of implementations from a governmental level.

You're either a mark or trying to find a mark.

[inetknght]

> Physical businesses

Physical businesses nominally aren't selling their items to people across state or country borders.

Of course, we threw that out when we decided people could buy things online. How'd that tax loophole turn out?

[ndriscoll]

But when they do, federal law requires age verification (at least with e.g. alcohol).

It turned out we pretty much closed the tax loophole. I don't remember an online purchase with no sales tax since the mid 00s.

[mindslight]

ZKP methods are just as draconian as they rely on locking down end user devices with remote attestation, which is why they're being pushed by Google ("Safety" net, WEI, etc).

The real answer to the problem is for websites/appstores to publish tags that are legally binding assertions of age appropriateness, and then browsers/systems can be configured to use those tags to only show appropriate content to their intended user.

This also gives parents the ability to additionally decide other types of websites are not suitable for their children, rather than trusting websites themselves to make that decision within the context of their regulatory capture. For example imagine a Facebook4Kidz website that vets posts as being age appropriate, but does nothing to alleviate the dopamine drip mechanics.

There has been a market failure here, so it wouldn't be unreasonable for legislation to dictate that large websites must implement these tags (over a certain number of users), and that popular mobile operating systems / browsers implement the parental controls functionality. But there would be no need to cover all websites and operating systems - untagged websites fail as unavailable in the kid-appropriate browsers, and parents would only give devices with parental controls enabled to their kids.

[Terr_]

> The real answer to the problem is for websites/appstores to publish tags that are legally binding assertions of age appropriateness, and then browsers/systems can be configured to use those tags to only show appropriate content to their intended user.

Agreed, recycling a comment: on reasons for it to be that way:

___________

1. Most of the dollar costs of making it all happen will be paid by the people who actually need/use the feature.

2. No toxic Orwellian panopticon.

3. Key enforcement falls into a realm non-technical parents can actually observe and act upon: What device is little Timmy holding?

4. Every site in the world will not need a monthly update to handle Elbonia's rite of manhood on the 17th lunar year to make it permitted to see bare ankles. Instead, parents of that region/religion can download their own damn plugin.

[mindslight]

Good list of more reasons! I focused on what I consider the two most important.

To expand on your #3, it also gives parents a way to have different policies on different devices for the same child. Perhaps absolutely no social media on their phone (which is always drawing them, and can be used in private when they're supposed to be doing something else), but allowing it on a desktop computer in an observable area (ie accountability).

The way the proposed legislation is made, once companies have cleared the hurdle of what the law requires, parents are then left up to the mercy of whatever the companies deem appropriate for their kids. Which isn't terribly surprising for regulatory capture legislation! But since it's branded with protecting kids and helping parents, we need to be shouting about all the ways it actually undermines those goals.

[verisimi]

> There's always another option: don't implement age verification laws at all.

Where do you go to vote for this option?

[Bender]

App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried.

App and website operators should add one static header. [1] That's it, nothing more. Site operators could do this in their sleep.

User-agents must look for said header [1] and activate parental controls if they were enabled on the device by a parent. That's it, nothing more. No signalling to a website, no leaking data, no tracking, no identifying. A junior developer could do this in their sleep.

None of this will happen of course as bribery (lobbying) is involved.

[1] - https://news.ycombinator.com/item?id=46152074

[andrepd]

The concern is ubiquitous all-pervasive surveillance, control, and manipulation of algorithmical social media and its objective consequences for child development and well-being. Not "kids reading a bad word". Disagree all you want, but don't twist the premise.

Surely you can find a rationalwiki article for your fallacy too.

[ori_b]

If you want to avoid all pervasive surveillance, it might be wise to not mandate all pervasive surveillance in the OS by law.

In fact, I suspect adults, and not just children, would also appreciate it if the pervasive surveillance was simply banned, instead of trying to age gate it. Why should bad actors be allowed to prey on adults?

[gzread]

Luckily some of these laws, which we're rallying against, make it illegal to pervasively surveil.

[ori_b]

I must have missed that. Which of them prevent pervasive data collection on all ages?

[gzread]

The California age input law says that the OS shall not give more data than necessary.

[johnnyanmac]

>Disagree all you want, but don't twist the premise.

The 2 billion dollars are the one twisting it.

[heavyset_go]

You mean the same social media companies that want this legislation and wrote it themselves? The same legislation that introduces more surveillance and tracking for everyone, including kids?

Also, I heard the same thing about video games, TV shows, D&D, texting and even youth novels. It's yet another moral panic.

From the Guardian[1]:

> Social media time does not increase teenagers’ mental health problems – study

> Research finds no evidence heavier social media use or more gaming increases symptoms of anxiety or depression

> Screen time spent gaming or on social media does not cause mental health problems in teenagers, according to a large-scale study.

> With ministers in the UK considering whether to follow Australia’s example by banning social media use for under-16s, the findings challenge concerns that long periods spent gaming or scrolling TikTok or Instagram are driving an increase in teenagers’ depression, anxiety and other mental health conditions.

> Researchers at the University of Manchester followed 25,000 11- to 14-year-olds over three school years, tracking their self-reported social media habits, gaming frequency and emotional difficulties to find out whether technology use genuinely predicted later mental health difficulties.

From Nature[2]:

> Time spent on social media among the least influential factors in adolescent mental health

From the Atlantic[3] with citations in the article:

> The Panic Over Smartphones Doesn’t Help Teens, It may only make things worse.

> I am a developmental psychologist[4], and for the past 20 years, I have worked to identify how children develop mental illnesses. Since 2008, I have studied 10-to-15-year-olds using their mobile phones, with the goal of testing how a wide range of their daily experiences, including their digital-technology use, influences their mental health. My colleagues and I have repeatedly failed to find[5] compelling support for the claim that digital-technology use is a major contributor to adolescent depression and other mental-health symptoms.

> Many other researchers have found the same[6]. In fact, a recent[6] study and a review of research[7] on social media and depression concluded that social media is one of the least influential factors in predicting adolescents’ mental health. The most influential factors include a family history of mental disorder; early exposure to adversity, such as violence and discrimination; and school- and family-related stressors, among others. At the end of last year, the National Academies of Sciences, Engineering, and Medicine released a report[8] concluding, “Available research that links social media to health shows small effects and weak associations, which may be influenced by a combination of good and bad experiences. Contrary to the current cultural narrative that social media is universally harmful to adolescents, the reality is more complicated.”

[1] https://www.theguardian.com/media/2026/jan/14/social-media-t...

[2] https://www.nature.com/articles/s44220-023-00063-7

[3] https://www.theatlantic.com/technology/archive/2024/05/candi...

[4] https://adaptlab.org/

[5] https://pubmed.ncbi.nlm.nih.gov/31929951/

[6] https://www.nature.com/articles/s44220-023-00063-7#:~:text=G...

[7] https://pubmed.ncbi.nlm.nih.gov/32734903/

[8] https://nap.nationalacademies.org/resource/27396/Highlights_...

[rectang]

Practically, instead of requiring that sites verify age, require that they serve adult content with standardized headers. Devices can then be marketed as "child-safe" which refuse to display content with such headers.

[himata4113]

Yes! This is the way, give parents the ABILITY to advertise the users age to browsers, apps and everything in between. Only target cooperations, do not target open source projects. Fine websites for not using this API (ex: porn sites). Assume an adult if not present.

[fn-mote]

> Fine websites for not using this API (ex: porn sites).

Recent posters here are clear that porn sites are setting every available signal that they are serving adult-only content.

According to them, you are targeting the wrong audience.

Facebook/Instagram studying how to get young users addicted should be of greater concern. I have my doubts about the effectiveness of age-based blocking there, though.

[troyvit]

> Facebook/Instagram studying how to get young users addicted should be of greater concern. I have my doubts about the effectiveness of age-based blocking there, though.

Yeah quite the opposite. Once they have that formalized attestation they will move in like sharks.

[edgyquant]

Both are problems, porn sites have also targeted children and any non-enforced age “verification” on these sites is simply plausible deniability that isn’t plausible at all

[XorNot]

In what way have porn sites targeted children? They have no disposable income to target and the product is literally self age gated in appeal.

[fivetomidnight]

No. This is not the way.

> give parents the ABILITY to advertise the users age to browsers, apps and everything in between.

Accounts and Applications to services that provide countent are set to a country-specific age rating restrictions (PG, 12+, 18+, whatever). That's it.

None of the things you mentioned have any point to concern themself with the age or age-bracket of the user in front of the device. This can and will be abused. This is very obvious. Think about it.

[ryandrake]

Why should the applications get to decide if they are appropriate for a particular age? Shouldn't that be up to the parent? I shouldn't need to tell my kid: "Well, to use this compiler software, you need to set your age to 18 temporarily, because some product manager 3,000 miles away decided to rate it 18+. But, set it back to age 13 afterwards because you shouldn't be on adult sites." It's stupid.

[fivetomidnight]

I get what you mean, but I might have miscommunicated a bit.

Clarification: "are set to" means by the parent. "Accounts and Applications to services that provide countent" like media content providing apps like discord, netflix, etc. that ARE able and/or bound to rate their content.

Package Manager and Software Installation in general are usually locked behind root/admin passwords anyway. Especially on kids' devices their user should be non-admin, no?

So, when any piece of software is installed, it is by choice of the parent.

That's not unreasonable then?

[himata4113]

That is what I meant by age(-rating), you are correct. However, drop country specifics - too complicated. Age brackets are enough: child, preteen, teen, adult. At around 16-17 these should be dropped anyway since at that point people are smart enough to get around these measures anyway and usually have non-parent controlled devices.

[idiotsecant]

This is a great solution to the stated problem. The issue is that nobody is actually trying to solve the stated problem. This is a terrible solution to the real 'problem' which is the lack of surveillance power and information control.

[simion314]

>This is a great solution to the stated problem. The issue is that nobody is actually trying to solve the stated problem. This is a terrible solution to the real 'problem' which is the lack of surveillance power and information control.

So on the Sony consoles I created an account for my child and guess what they have implemented some stuff to block children from adult content on some stuff.

So if Big Tech would actually want to prevent laws to be created could make it easy for a parent to setup the account for a child (most children this days have mobile stuff and consoles so they could start with those), we just need the browsers to read the age flag from the OS and put it in a header, then the websites owners can respect that flag.

I know that someone would say that some clever teen would crack their locked down windows/linux to change the flag but this is a super rare case, we should start with the 99% cases, mobile phones and consoles are already locked down so an OS API that tells the browser if this is an child account and a browser header would solve the issue, most porn websites or similar adult sites would have no reason not to respect this header , it would make their job easier then say Steam having to always popup a birth date thing when a game is mature.

[necovek]

When one clever teen figures it out, they will share it with 80% of their friend group, making that number 80% and not 1%.

Let's go back to parenting: yes, world is a scary place if you get into it unprepared.

[fsflover]

100% law enforcement is harmful: https://news.ycombinator.com/item?id=47352848

[gzread]

When one teen figures out how to get alcohol without ID, 80% of them will.

[necovek]

From https://www.edgarsnyder.com/resources/underage-drinking-stat...:

  > Nearly 75% of 12th grade students...have consumed alcohol in their lifetimes.

and

  > 85 percent of 12th graders ... say it would be “fairly easy” or “very easy” for them to get alcohol.

So, yes?

[himata4113]

That's why I suggested kernel enforced security (simple syscall) that applications could implement and are incredibly hard to spoof / create tools and workarounds for, but I got downvoted to hell.

Permission restricted registry entry (already exists) and a syscall that reads it (already exists) for windows and a file that requires sudo to edit (already exists) and a syscall to read it (already exists). Works on every distro automatically as well including android phones since they run the linux kernel anyway. Apple can figure it out and they already have appleid.

[simion314]

For linux we have the users and groups concept, the distro can add an adult group and when you give your child a linux a device and create the account you would just chose adulr or minor , or enter a birthdate. No freedom lost for the geeks that install Ubuntu or Arch for themselves and we do not need some extra hardware for the rare cases where a child has access to soem computer and he also can wipe it and install Linux on it. Distro makes can make the live usb default user to be set as not adult. Good enough solutions are easy but I do not understand why Big Tech (Google and Apple) did not work on a standard for this. (maybe both Apple and Google profits would suffer if they did)

[himata4113]

Definitely the latter, exploiting kids (roblox) is very very profitable.

[gzread]

Three states now implement this solution that you just called a great solution, and most of HN still hates it. Are they seeing something that you're not? https://news.ycombinator.com/item?id=47357294

[idiotsecant]

Psst I was talking about zero knowledge proofs. Read twice before talking.

[gzread]

Can't see where you said that. You definitely commented about parental controls.

[mijoharas]

This is what I think. I saw someone else on HN suggested provide an `X-User-Age` header to these sites, and provide parents with a password protected page to set that in the browser/OS.

Responsibility should be on the website to not provide the content if the header is sent with an inappropriate age, and for the parent to set it up on the device, or to not provide a child a device without child-safe restrictions.

It seems very obviously simple to me, and I don't see why any of these other systems have gained steam everywhere all of a sudden (apart from a desire to enhance tracking).

[qup]

Seems simple until you try to figure out what's allowed for what age, which surely will differ by country at a minimum.

[mijoharas]

To me that's a geo-ip lookup on the online service, which they kinda need to do anyways so seems fine?

(if there are further restrictions then it gets messy, but I feel like that's the current state of things anyways? at least for online services which I'm mostly speaking about here.)

Mostly my point is I don't think attestation is required. I think that responsibility should fall upon parents, and I don't want to have to give my ID to any online sites, because I don't remotely trust them to keep that safe. I'm less worried about them storing a number I send them about how old I am.

[qup]

There's ~195 countries with 195 sets of laws.

And 50 US states.

[mijoharas]

Yeah, and frankly if you have a porn site (for example) you already need to deal with the different country restrictions.

Having no restrictions would be great, but since a bunch of countries are passing these laws I'd appreciate having a minimally invasive version instead.

[module1973]

that is correct the parents are meant to pass on morals and parent the child. If the parents fall through, there is the community such as church, neighbors, schools etc. The absolute last resort is government or law enforcement intervention, and this should be considered an extreme situation. But as John Adams noted, "Our Constitution was made only for a moral and religious people" -- in other words, all these laws start to rip at the seams when the fabric of society, the people who make up the society no longer have morals. But I appreciate this article in general, we need to fight against mass surveilance at all costs.

[pixl97]

>all these laws start to rip at the seams when the fabric of society, the people who make up the society no longer have morals

Morals like owning slaves, right?

A moral system that requires everyone to be white Christian males isn't a moral system, it's a theocracy.

[teekert]

"mechanism to enforce that is parental control on devices."

Meh, I use it, but it's super annoying and I think that with my Daughter I'll take a different approach (but it will be some years before that is relevant).

On Android: The kid can easily go on Snapchat (after approval of install of course, and then you can just see their "friends") before Pokemon Go (just a pain to get working, it keeps presenting some borked version which led to a lot of confusion at first). I just lied about his age in a bunch of places at some point. Snapchat is horrible and sick from our experiences in the first week.

On Windows: It's a curated set of websites (and no FireFox) or access to everything. It's not even workable for just school. Granting kids access to our own minercraft servers: My god, I felt dirty about what the other parents had to go through to enable that.

[epiccoleman]

> Granting kids access to our own minercraft servers: My god, I felt dirty about what the other parents had to go through to enable that.

This is a hobby horse of mine to the point that coworkers probably wish I'd just stfu about Minecraft - but holy shit is it crazy how many different things you need to get right to get kids playing together.

I genuinely have no idea how parents without years of "navigating technical bullshit" experience ever manage to make it happen. Juggling Microsoft accounts, Nintendo accounts, menu-diving through one of 37 different account details pages , Xbox accounts, GamePass subscriptions - it's just fucking crazy!

[teekert]

I always wonder about this. I read most dialogs (as I do) but man, the sanity of most people must require that they just next next next this stuff right? Perhaps they even let their kids do it instead.

[bcrosby95]

If you're using something like a fire tablet and you set them up as a kids account that's not how it works. If you next through everything your kid cannot play minecraft online, not even on your own little private server.

Getting an actual kids account to work online with minecraft involves setting the right permissions across 2-4 websites and 1-3 companies. I think it took me around 4 hours of trial and error to get it working.

[epiccoleman]

I might be wrong about this, but at least in my experience you just can't "next next next." There's too much complexity!

I'm essentially the maintainer of a series of accounts for each kid, these days. Woe unto anyone without a password manager!

[Pxtl]

> My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online, and that the mechanism to enforce that is parental control on devices.

Imho there is a place for regulation in that, actually. Devices that parents are managing as child devices could include an OS API and browser HTTP header for "hey is this a child?" These devices are functionally adminned by the parent so the owner of the device is still in control, just not the user.

Just like the cookie thing - these things should all be HTTP headers.

"This site is requesting your something, do you want to send it?

Y/N [X] remember my choice."

Do that for GPS, browser fingerprint, off-domain tracking cookies (not the stupid cookie banner), adulthood information, etc.

It would be perfectly reasonable for the EU to legislate that. "OS and browsers are required to offer an API to expose age verification status of the client, and the device is required to let an administrative user set it, and provide instructions to parents on how to lock down a device such that their child user's device will be marked as a child without the ability for the child to change it".

Either way, though, I'm far more worried about children being radicalized online by political extremists than I am about them occasionally seeing a penis. And a lot of radicalizing content is not considered "adult".

[croes]

You could make the same case for parental control as evil.

"You‘re reading about evolution! Not in my house"

[cosmos0072]

Parents already have a lot of control on children' education.

Examples: most children believe in the same religion as their parents, and can visit friends and places only if/when allowed by their parents.

This is simply extending the same level of control to the internet.

Government-mandated restrictions are completely another level.

[edgyquant]

I have personally worked with parents trying to prevent their children from using social media and it’s nearly impossible. Kids are almost always more tech savvy than their parents and unlike smoking it’s nearly impossible to tell a child is doing so without watching them 100% of the time.

[croes]

Who controls your age if you try to buy alcohol.

Who controls your age if you want to see an R-rated movie?

This is simply extending the same level of control to the internet.

More control for parents is a completely different level.

[heavyset_go]

There are no laws preventing children from seeing R-rated movies with or without their parents, theaters implement that policy by choice.

[jfengel]

Sort of by choice. Often, the municipality won't let you build a movie theater unless you pinky-promise to abide by the rating system.

They rarely enforce it, but if it gets out of hand, the city will start getting on your case about it.

[croes]

Welcome to the world where many countries aren’t the US

[heavyset_go]

The OP is about legislation and companies in the US

[applfanboysbgon]

Disingenuous, but I'm sure you know that and were being intentionally so. The government is not using alcohol age laws as a justification to place a camera in your bedroom to make sure you aren't sneaking booze, but it is using internet age laws as a justification to surveil your entire life in a world which is becoming increasingly digital-mandatory to participate in government services or the economy. Nobody had a problem with internet age laws when "are you over 13? yes/no" was legally sufficient.

[gzread]

Is California doing this?

[applfanboysbgon]

To my understanding no, but California is breaching the rubicon in compelling open-source / non-commercial software developers to include something in their offline software, which is something that I believe has never been done before by any jurisdiction, and opening that floodgate is a clear slippery slope in this environment because the week after that is implemented Texas will be mandating that all operating systems come installed with JesusTracker. Apparently New York is already working on sliding down that slope, in fact, and for good measure wants to mandate anti-circumvention measures too.

[croes]

You‘re missing the point

> Having said that, open-source zero-knowledge proofs are infinitely less evil (I refuse to say "better") than commercial cloud-based age monitoring baked into every OS

Parent prefers more control by parents over zero-knowledge proof

[applfanboysbgon]

If that was your point, I don't think your previous comment did a very good job of making it at all.

I do think parental controls can be and are abused for evil, but they're still better than the alternative. Zero-knowledge proof is not an alternative, and to suggest that it is is misunderstanding the situation. These laws are proposed and funded by people who want complete surveillance of the population. Zero-knowledge proof is, therefore, explicitly contrary to the goal and will never be implemented under any circumstances. Suggesting that it can be muddies the issue and tricks people into supporting legislation that exists only to be used against them.

In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario.

[lynx97]

Same here, EU citizen who thinks parents should do some parenting, after all. However, try to confront "modern" parents with your position. Many of them will fight you immediately, because they think the state is supposed to do their work... Its a very concerning development.

[tasuki]

> My stance is that if somebody is a minor, his/her/their parents/tutors/legal guardian are responsible for what they can/cannot do online

As a parent, sure, that is my stance as well. What... what other stances are there even? How would they work?

[pjc50]

The steelman argument is that parents are not necessarily up to date on the technology, and cannot reasonably be expected to supervise teenagers 24/7 up to the age of 18. Compare movie ratings or alcohol laws, for example: there's a non-parental obligation on third parties not to provide alcohol to children or let them in to R18 showings.

But the implementation matters, and almost all of these bills internationally are being done in bad faith by coordinated big-money groups against technologically illiterate and reactionary populist governments.

(if we really want to get into an argument, there's what the UK calls "Gillick competence": the ability of children to seek medical treatment without the knowledge and against the will of their parents)

[graemep]

In the UK parents can give children alcohol below the age of 18. parents get to make the final decision at home so I do not think its really comparable.

I would personally favour allowing parents to buy drinks for children below the current limits (18 without a meal, 16 for wine, beer and cider with a meal).

The alternative to this is empowering parents by regulating SIM cards (child safe cards already exist) and allowing parents to control internet connectivity either through the ISP or at the router - far better than regulating general purpose devices. The devices come with sensible defaults that parents can change.

[Mchat22]

Suggesting that regulating ISPs or SIM cards or even public WiFi is an alternative to the OSA or age and identity verification is ignoring the reality that mandatory filtering of internet connections has been a legal requirement for a very long time now, and it has been 'voluntary' (by the ISPs themselves, opt-out by customers, pushed on by Cameron) for even longer.

It is not a new or novel concept. There are legal adults taking part in these conversations that are simply too young to have ever experienced internet connections that weren't restricted and filtered mandated by legislation, and they would have been teenagers that were old enough to have a say in the conversation when the Conservatives were debating the OSA in parliament.

Mobile internet connections have been filtered since 2004 even, so it's entirely likely that this would also be true for some people that are pushing 30 today. The debate on whether it's appropriate for internet filters to block access to Childline, the NSPCC, the Police, the BBC, Parliament, etc, is 15 years old at this point. Fifteen.

The false dichotomy that exists between the entirely authoritarian measures of the OSA and the still fairly authoritarian measures of mandatory filtering serves only the interests of borderline monopolistic American tech companies who are in a position to weather such regulations as they stifle and snuff out any possibility of a less harmful web ecosystem, and people will cheer it on as they believe the social media platforms they blame for causing harm will themselves be harmed by the very laws they are writing.

The real alternative is not having mandatory filtering but instead voluntary filtering by the parents themselves, which is what everybody seems to think they are arguing for, and that conversation is long since dead. It is entirely beside the point, but contrast it with alcohol laws. The UK is one of the few countries in Europe that has consumption laws both in private(+) and in public, whereas half of Europe only has consumption laws in public while the other half has no consumption laws in either private or public. America on the other hand has many states that prohibit under-21s from drinking alcohol even in private. A better comparison may be content ratings, which are largely entirely voluntary and not a legal requirement.

(+) It's 5+ so there may as well be no laws on private consumption.

[_heimdall]

That steelman still stands on a core assumption that its both the state's responsibility and right to step in and parent on everyone's behalf.

Maybe a majority of people today agree with that, but I know I don't and I never hear that assumption debated directly.

[antonvs]

> I never hear that assumption debated directly.

The idea of the "nanny state" has been debated a lot, and this seems like a very literal example of that. But once some status quo is firmly entrenched, debate about it tends to die down because the majority of people no longer care enough about it.

[gzread]

The point of having a state at all is to create a framework where people are set up to succeed.

[heavyset_go]

Everyone shouldn't have to lose their privacy just because you're too lazy to use parental controls or give your kids devices that are made for children.

[gzread]

Entering your child's age when you create their user account is a loss of privacy?

[_heimdall]

Where exactly are you getting that goal of a state from? Maybe that's one of the goals today, historically I don't think it was anywhere on the list.

[edgyquant]

Then frankly you haven’t seen many debates around age verification as it’s the main thing discussed every time it’s brought up

[_heimdall]

You are correct, I didn't pay close attention to any EU debates that may have happened, I haven't lived there in years. In the US I haven't seen much debate at all, regardless of the bill really we don't seem to have leaders openly and honestly debate anything.

[edgyquant]

The other stance is that most parents are not capable of winning a battle against tech giants for the mind of their children, just as parents were not capable of winning this fight with tobacco and alcohol companies.

[heavyset_go]

The tech giants want this. They drafted the bill. They paid tens of millions of dollars to promote it. Think about that for a minute.

[hackinthebochs]

They want it because it absolves them of responsibility for what their app does to kids. They can then just point to the existence of an already working mechanism for parents to intervene. The alternative would be for each app to implement stringent age verification or redesign itself to avoid addictive patterns. Neither option is good for their earnings.

[duskdozer]

If this had anything to do with reigning in tech giants, it would be done for adults as well, without restricting anyone's rights (well, aside from the people-corporations' of course). The issues are the manipulative algorithmic datafeeds, advertising, and datamining. Age verification does nothing for any of this and only provides the tech giants and governments the means to secure even more control over people.

[Markoff]

ignore parent, outsource parenting to gov verification authority

TBH many parents done exactly that by giving phones/tablet already to kids in strollers

[graemep]

The latter is true, but we cannot regulate the vast majority of parents on the basis of the worst.

[soulofmischief]

I'll go further. As a human being, I am responsible for myself. I grew up in an extremely abusive, impoverished, cult-like religious home where anything not approved by White Jesus was disallowed.

I owe everything about who I am today to learning how to circumvent firewalls and other forms of restriction. I would almost certainly be dead if I hadn't learned to socialize and program on the web despite it being strictly forbidden at home. Most of my interests, politics and personality were forged at 2am, as quiet as possible, browsing the web on live discs. I now support myself through those interests.

We're so quick to forget that kids are people, too. And today, they often know how to safely navigate the internet better than their aging caretakers who have allowed editorial "news" and social media to warp their minds.

Even for people who think they're really doing a good thing by supporting these kinds of insane laws that are designed to restrict our 1A rights: the road to hell is paved with good intentions.

[duskdozer]

This is obviously where it's going to go, at least in the US. Things that are non-religious, non-Christian especially, pro-LGBT, and similar will be disproportionately pulled under "adult content" to ensure that children are not able to be exposed to unapproved ideas during formative years.

[tokai]

That has already been going on for decades, with satanic panic and banning of library books.

[soulofmischief]

The scary thing about legislation and software is that they can negatively reinforce each other if not properly designed and implemented. We run the risk of codification of morality-of-the-week becoming embedded deeply embedded into the compute stack, which will not self-correct until there is a great political movement for liberation of compute.

[soulofmischief]

Exactly. Having lived through it already, I know what it did to me and I would never wish that upon another child. The internet saved me from being a religious, colonial, racist piece of shit like the rest of my family.