| ▲ | hypeatei 3 days ago |
| Okay, so the HTTP header idea seems like it would have two issues: 1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18? 2) It seems like it could be abused by fingerprinters, ad services, and even hostile websites that want to show inappropriate content to children. |
|
| ▲ | phantasmish 3 days ago | parent | next [-] |
| > 1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18? It's a client-side flag saying "treat this request as coming from a child (whatever that means to you)". I don't follow what the jurisdiction concern is. [EDIT] Oooooh you mean if a child is legally 18 where the server is, but 16 where the client is. But the header could be un-set for a 5-year-old, too, so I don't think that much matters. The idea would be to empower parents to set a policy that flags requests from their kids as coming from a child. If they fail to do that, I suppose that'd be on them. |
| |
| ▲ | hypeatei 3 days ago | parent [-] | | The concern is that websites have no way to tell the actual age in this scenario so you'd be potentially inconveniencing and/or blocking legitimate users (according to the server jurisdiction's rules) It doesn't seem sufficient, and would probably lead to age verification laws anyway. | | |
| ▲ | embedding-shape 3 days ago | parent [-] | | No, it doesn't seem like that be a problem. Say you're a parent, with child, living in country A where someone becomes an adult when they're 18. Once the child is 18, they'll use their own devices/browsers/whatever, and the flag is no longer set. But before that, the flag is set. Now in country B or in country C it doesn't matter that the age of becoming an adult is 15 and 30. Because the flag is set locally on the clients device, all they need to do is block requests with the flag, and assume it's faithful. Then other parents in country B or country C set/unset the flag on their devices when it's appropriate. No need to tell actual ages, and a way for services to say "this is not for children", and parents are still responsible for their own children. Sounds actually pretty OK to me. | | |
| ▲ | addaon 3 days ago | parent [-] | | Except that if you're in country B, which has a law that says "you may not make information available to children that discloses that Santa Claus is made up," and the age of becoming an adult in your country is 18 -- knowing that a person accessing your site from country A is an adult in country A (which means, say, ≥ 16) is not sufficient to comply with the law. | | |
| ▲ | quailfarmer 3 days ago | parent [-] | | I’m not sure why the age of majority in the region of the server would be relevant. The user is not traveling to that region, the laws protecting them should be the laws in their own region. | | |
| ▲ | addaon 2 days ago | parent [-] | | > why > should I don't know if "should" is intended as a moral statement or a regulatory statement, but it's not at all unusual for server operators to need to comply with laws in the country in which they are operating… |
|
|
|
|
|
|
| ▲ | rlpb 3 days ago | parent | prev [-] |
| > 1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18? So namespace it then. "I'm a child as defined by the $country_code government". It's no more of a challenge than what identity-based age verification already needs to do. > 2) It seems like it could be abused by fingerprinters, ad services, and even hostile websites that want to show inappropriate content to children. This is still strictly better than identify-based age verification. Hostile or illegal sites can already do this anyway. Adding a single boolean flag which a large proportion of users are expected to have set isn't adding any significant fingerprinting information. |
