[cogman10]

And honestly, all these should ultimately just be done client side in the browser. After the browser has verified "User is x or user is over 21" there's no reason to then send that information to the website.

Let websites issue a "window.isUserOver(16)" call once and then move forward based on the response to that query.

[Wowfunhappy]

This would require browser attestation, wouldn't it? Otherwise kids are just going to download a custom build of Chromium where `window.isUserOver(16)` is always `True`.

[cogman10]

Some probably will. 99% of them don't even know what "Chromium" is.

This doesn't have to be perfect.

[Wowfunhappy]

Right now, they don't know. They're going to learn very quickly when they want to use some website and they can't.

We agree it doesn't need to be 100% perfect. But it needs to be at least, like, 60% perfect, right? And unless you make it at least a bit hard to bypass, it will stop virtually no one.

[mindslight]

No, it only "requires" browser attestation if we taken it as a given that the onus is on tech companies for verifying who they are talking to - ie identity verification that most of these schemes boil down to regardless of how cute they're dressed up.

To effectively keep adult content away from kids, it merely requires secure boot and closed app stores, which are already widespread. And they are only required on the devices actually given to kids, rather than every single computing device.

But this proposal has another problem: it's easy for a website to run isUserOver(n) in a loop to derive the exact age. And on a persistent account, it can be queried every day to derive an exact birthday! Which comes back to my main point that the only technical schemes we should be considering are ones where information strictly flows one way - the website/app supplies information to the browser/OS, which then [may] implement parental control policy. anything else fundamentally boils down to a mandate for identity verification.

[Wowfunhappy]

> To effectively keep adult content away from kids, it merely requires secure boot and closed app stores, which are already widespread. And they are only required on the devices actually given to kids, rather than every single computing device.

...I guess I don't really see the difference.

Closed app stores are widespread on some platforms but certainly not others, and I for one would really like them to not spread any further.

[mminer237]

This is how California is legislating it—requiring the OS to let an admin set the user's age, then let browsers and through them, websites, to query that setting.

[inigyou]

You can get their exact age by binary search.

[ekr____]

Typically these APIs are designed so you can't make arbitrary queries, but rather there are fixed age brackets.