In the OS is where it belongs. But not like this.
Parental controls is the answer. The OS should be required to support robust APIs that allow parents to set the age of their child and prevent children from accessing apps or sites (via browser APIs that hook into the OS APIs) that are out of the age range. The only actual “verification” should be parents choosing to type in the number.
There should be no mechanism broadcasting age information. Flip it, make websites contain content tags, browsers/OS would then block based on opted out content. Parents get controls, we get to keep our privacy.
I was literally just thinking this right before reading your comment. There is no justification for this implementation outside of controlling and tracking your citizens.
Also, it’s nearly impossible to implement how they want since IOT devices exist so it doesn’t really make any sense as ruled.
Honestly, that is how I would prefer it be done. But it isn’t what OP asked for.
It would have to be set at an operating system level, with the OS providing an API for the browser to use, while the os itself restricts installation of unapproved apps (and to work, installation of apps would have to use an allow-list or a similar age-tagging system, where any app that includes general web access has to be 18+ unless it also implements age-gating correctly).
But yes, this would be the best system. Parental controls have never been very successful in the past, but I think part of the reason for this is that they’ve never been properly supported up and down the stack. The government should mandate that it is supported the whole way, so that parents really have the tools they need to enforce parental controls.
Edit: I thought this was a comment in another thread. My reply here only makes sense in that context.
Regardless, we should not be pre settling for a terrible policy just because it’s better than an even worse policy. It’s not up to us to solve how to do something that is indefensible. Not when the started goal has a much better solution that isn’t an assault on privacy.
For sure. If we wanted to protect kids with no intrusion we’d just make an HTTP header that was “user age” and then let the sites decide what to show and what to block. Porn sites don’t want to show dicks to 6 year olds, it’d be 10 seconds to make an nginx rule that says “if user age < 18, show static error page”.
And that’s it, easy peasy. If we wanted to, at that point we could start suing individual sites that choose not to use that information in order to get compliance, but probably we don’t need to, since it’s pretty easy to support and like I said, there’s no money in showing these things to kids anyway.
But that’s not what it’s about.
That’s effectively all the Californian law requires, and it doesn’t even expose the age details to apps that ask for it.
It has never been about protecting children. It’s about surveillance and control.
George Orwell would be inspired.
If you fail to do this negligently, there’s a $2,500 fine; if you do so intentionally, it’s $7,500. That’ll intimidate all those dotcom billionaires.
It’s also about driving the players they can’t control (e.g. volunteer open-source developers) out of the tech world. Only corporations will be allowed to develop software.
Combine this with Google locking down Android development, the moves to make it unaffordable to own hardware, and the attempts to prevent the use of E2EE and VPNs, and it’s a multi-front global push to take computing out of the hands of the people. We are supposed to rent our tech from corporations with thorough surveillance in place, and use it only in the ways they permit. Anything else is considered subversive and a threat.
