[john_strinlai]

>Could you be more specific as to what you're imagining?

sure, i'll put my favorite two. though you'll find much more detailed and thought-out versions of these (and others) in the dozens of other giant threads on the same topic.

- buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.

- websites issue content tags, browsers consume them, you enter your age into the OS during setup.

[donmcronald]

> buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time

Why should I pay continuously to prove I'm an adult? And those cards will be getting sold to kids faster than you can blink. I bet a lot of parents would buy them for their kids.

[drdexebtjl]

> I bet a lot of parents would buy them for their kids.

Good. I should be able to make judgement calls about what my children can or can’t access outside of school.

It’s better if they do it under my supervision than against my back, aided by a predator whose only moat is lending their ID, or their face.

[sdeframond]

> I bet a lot of parents would buy them for their kids.

That changes the default from "anyone can do anything" to "gotta ask parents". Defaults matter at scale. It adds friction.

[john_strinlai]

>And those cards will be getting sold to kids faster than you can blink.

there's a reason i said 90% and not 100% effective. alcohol and tobacco get resold to kids, too.

[fl4regun]

What makes you think this will be close to 90%? Unless these cards are expensive I don't see that happening.

[john_strinlai]

>What makes you think this will be close to 90%? Unless these cards are expensive I don't see that happening.

its obviously just an illustrative guess. but if the penalty of possessing the card is similar to underage possession of alcohol/tobacco, and larger penalties if a store/person is found providing a card to someone underage, i see no reason why it wouldnt have a similar success rate as alcohol/tobacco.

[inigyou]

Why possess the card when you can just buy the UUID on the dark web

[bilkow]

If they have access to the "dark web" they can already do anything that requires age verification there. In the same way you expect that the rule to "not sell UUIDs" wouldn't be respected there, I wouldn't expect other age-verification rules to be respected, no matter the verification method.

[john_strinlai]

sure? i feel like i need to reemphasize the "not going for 100% effectiveness" thing again.

hopefully some parent steps in if their kid is on the dark web trying to make purchases with their parent's credit card.

[CPLX]

Why should you pay for an internet connection, or a computing device with a screen? This isn't a serious counterargument.

[fluoridation]

Because those things cost money to make and to maintain, whereas there's no intrinsic cost to prove one is an adult.

[CPLX]

Yes there is.

You need to pay for a drivers license or a passport and so on. So there is an intrinsic cost to prove who you are where you are from and what your birthday is already.

You have to pay for all sorts of small things to participate in normal society. This isn't a serious criticism.

By definition this is not a life critical thing, it's something that is procured in order to access specific services on the internet, which is not free.

[cogman10]

And honestly, all these should ultimately just be done client side in the browser. After the browser has verified "User is x or user is over 21" there's no reason to then send that information to the website.

Let websites issue a "window.isUserOver(16)" call once and then move forward based on the response to that query.

[Wowfunhappy]

This would require browser attestation, wouldn't it? Otherwise kids are just going to download a custom build of Chromium where `window.isUserOver(16)` is always `True`.

[cogman10]

Some probably will. 99% of them don't even know what "Chromium" is.

This doesn't have to be perfect.

[Wowfunhappy]

Right now, they don't know. They're going to learn very quickly when they want to use some website and they can't.

We agree it doesn't need to be 100% perfect. But it needs to be at least, like, 60% perfect, right? And unless you make it at least a bit hard to bypass, it will stop virtually no one.

[mindslight]

No, it only "requires" browser attestation if we taken it as a given that the onus is on tech companies for verifying who they are talking to - ie identity verification that most of these schemes boil down to regardless of how cute they're dressed up.

To effectively keep adult content away from kids, it merely requires secure boot and closed app stores, which are already widespread. And they are only required on the devices actually given to kids, rather than every single computing device.

But this proposal has another problem: it's easy for a website to run isUserOver(n) in a loop to derive the exact age. And on a persistent account, it can be queried every day to derive an exact birthday! Which comes back to my main point that the only technical schemes we should be considering are ones where information strictly flows one way - the website/app supplies information to the browser/OS, which then [may] implement parental control policy. anything else fundamentally boils down to a mandate for identity verification.

[Wowfunhappy]

> To effectively keep adult content away from kids, it merely requires secure boot and closed app stores, which are already widespread. And they are only required on the devices actually given to kids, rather than every single computing device.

...I guess I don't really see the difference.

Closed app stores are widespread on some platforms but certainly not others, and I for one would really like them to not spread any further.

[mminer237]

This is how California is legislating it—requiring the OS to let an admin set the user's age, then let browsers and through them, websites, to query that setting.

[inigyou]

You can get their exact age by binary search.

[ekr____]

Typically these APIs are designed so you can't make arbitrary queries, but rather there are fixed age brackets.

[utopiah]

> UUID card is non-identifying.

Kids aren't going to trade Pokemon cards in the playground anymore...

[choo-t]

Well, they could trade identifying ones too or even stollen ID cards if you want to go this way.

They could also trade porn-filled thumb drive or old-school glossy paper magazine. There no way to prevent kid's exposure to stuff at a 100% success rate.

There no way to avoid exposure completely

[dana-s]

I'm just left wondering, how would that be different than buying a phone? Most kids also don't have money to spend on devices, that's all coming from adults, how would the UUID work any different? In my view it seems we'll just reach the current state as with phones.