[inkysigma]

Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.

I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.

I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.

[bink]

Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.

[inkysigma]

Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.

Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.

[pocksuppet]

Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple. Why am I rate limited though? Dang must hate this opinion.

[Aeolun]

It’s because you are a sockpuppet.

[nemomarx]

I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).

Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.

[davorak]

It gives the parents the tools to age restrict things, but does not require parents to use them or use them well.

[somethoughts]

From a parent's perspective, that's the great part about bubbling it up to the OS user account level.

Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.

You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.

Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.

That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.

[MarsIronPI]

> You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.

On what OS? Microslop Windows? On my computer no one is notified when an account is created. And the account list isn't visible when I log in. I log in to the TTY.

Now, granted, I am not the norm. But my OS falls under these regulations. So what is my OS vendor supposed to do? For that matter, who is the vendor? What if I were using LFS? Who even would be the vendor for LFS? It's not even a distro!

[somethoughts]

Yes it doesn't show up probably because you were able to pretty easily mindlessly click through the part where you were asked if this is being provisioned as a child's computer.

When you provision a Windows, Mac or Chromebook these days as a child's device using your parental account, it will require a parental account to enable new user accounts and/or re-enable guest user on the device.

Like I said - my preference would have been for Microsoft, Apple, Google and Meta and TikTok to have made an industry effort to educate parents about the existence of such tools a priori of any legislation, we could have avoided Linux etc. getting sucked in.

[autoexec]

It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.

[somethoughts]

I don't think its quite so easy anymore that I can tell, with parental tools today - on a properly provisioned device you can require parental permission for app installs such as VPN, etc.

[lich_king]

So you're advocating for stronger and more invasive controls?...

I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?

The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.

[autoexec]

> I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop.

It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.

If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.

With 3rd party software parents are controlling what software is used, they have the ability to decide which kinds of content are appropriate for their children and can be allowed and which types of content should be blocked. They can black/whitelist as they see fit. All of the power is in the parent's hands. This law gives parents one choice only: "Do I honestly tell my OS how old my child is". That's the end of the parent's involvement and the end of their power.

[1718627440]

I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.

[phicoh]

There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.

[Dylan16807]

Barriers like that for accessing 18+ sites would be so much better than nothing.

And cheat devices can be taken away as soon as the parent notices them.

[phicoh]

The problem is that these laws tend to escalate. Once a government starts regulating, it doesn't stop.

It is also the wrong model. Instead of creating child-safe devices, just like there is a difference between toys and power tools, this regulation pretends that all devices are child safe and parents have to figure out which ones really aren't.

[Dylan16807]

Well basically nobody is making child safe computers for ages over 7. Sitting around hoping that changes isn't useful.

So trying to force a very very basic child safe mode makes sense.

And I don't think this regulation pretends all devices are child safe.

[enoint]

I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.

[nullpoint420]

Yeah, let's just boil the frog here. Makes sense.

[MarsIronPI]

Except how is this done on GNU/Linux or FreeBSD or Haiku? Who's going to implement it, who's going to ensure it can't be bypassed and who's going to be responsible if it's not?

[secabeen]

I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.