Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
I don’t necessarily have an issue with that - as long as it can truly be done in a way where the only information the platform gets about me is whether I’m of age (they don’t even need to know my exact age). But I don’t have faith that it can actually be done like that, and I see it as a slippery slope toward even more surveillance.
They can have one bit. I’m ok with one bit.
As soon as they ask for a byte, they are gathering too much information about me.
I can accept that this is a significant issue, and if knowing that I’m an adult is required for certain online activities, I’ll go along, but we all know damned well this will creep.
What ever elements need to verify who I am stay private client side, and they can have a single flag that verifies I’m what I claim to be.
So you’re ok about your official ID being broadcast everywhere you go on the internet? Every step you take can be tracked by the government, google, Meta and more? No more fucking privacy what so ever?
Yes. That’s exactly what I’m saying.
and to prove its not actually about safety and instead about control: parents are already responsible for what kids do online and could be charged using existing laws. but… where is the overreach in that?!
It can be done like that, but then it’d be (trivially) fake-able by anyone with root permissions on their own computer. But then, my point is that kids shouldn’t be root of their computers, so let’s just parents vouch for children’s age, and leave everything more complicated out.
From what I understood, the rules (in California?) would be : a) Every operating system provider must collect the user’s age or date of birth during the initial account setup process. b) The OS must classify the user into one of the four defined age brackets: under 13 years old, 13–15 years old, 16–17 years old, or 18 years and older. c) This information must be made available to application developers through a real-time API as soon as an application is launched or downloaded.
Unless I’ve missed something, I could definitely live with that. I haven’t seen anything more acceptable when it comes to age verification. Point a) doesn’t need to prove age or date of birth.
Now there is a small issue that came to my mind since my first post, which might be quite problematic : if ANY website is able to tell whether ANY user is a child, it’ll be as easy to keep children out of certain sites that it’ll be easy to keep adults out of others.
Imagine a bulletin board with highly disturbing/predatory content which would ONLY show to kids? Whenever mom or dad checks, website is all normal. And that would be real bad, probably worse than our current, no age verified situation.