When it comes to 16+ I am not concerned about them at all. Sounds cold, no? But in reality 16 year olds have a network of people in their friend circle that can bypass any restrictions anyone sets on them. In my experience the more money spent trying to isolate them from a perceived harm will just make it more likely their circle/bubble/network of friends have already long since bypassed it sometimes out of spite or just to prove they can.

Case in point, games rated G are what many of them use for watching porn, sharing warez and pirated movies and streaming movies/porn together. This is already a thing in many rated-G games especially but not limited to games that use VR headsets, social games and such. Some of the smaller indie games are how some bypass sanctions, embargoes and more. That is just one of many examples of how teen bypass all perceived restrictions. Some small children will see porn in these games but that is a different problem for a different day.

My focus is entirely on small children and their most common use cases. The 99% problem. Keeping the nastier parts of the internet partitioned from small children is mostly accepted by most parents, is the right time to do it before they such as teens know what they are being locked out of. As the child evolves and develops the parent can decide when it is time to lift parental controls and then sit with the child whilst they explore the nastiest of nastiness together. The parent can answer questions instead of waiting until they are young tweens for their tween friends to incorrectly answer questions and start spreading STD's and/or getting impregnated to learn the hard way. Before someone says it, yes tweens are getting pregnant more often because their bodies are developing earlier now due to chemicals they are being exposed to and they are hitting puberty much earlier, some as young as 8 or 9. Some are getting penetrated as young as 6 or 7 and younger. They need to learn from their parents, not random kids their age or random websites or some GPT.

One simple static RTA header set on a load balancer or accelerator or within server applications is done and dusted. It does not get any easier. A check for that header by the user agent or application on a locked down child account to trigger parental controls is also easy. This was a thing in the early 2000's on MSIE and a few other browsers based on MSIE I think SlimBrowser and a few others. An intern could likely add this check in an afternoon not counting Quality Assurance time. No leaking data via API's, no sharing age or any other identifying attributes. If someone is arguing to gather this data I can not take their ideas in good faith because I have worked along side all the nasty people that want this data and I know they have no ethics and will sell this data with all manor of evil people and evil organizations that would be good bed buddies with Epstein and friends. I am unwavering on this belief. I have whipped this dead horse into micronized dust and will continue long after that micronized dust is broken into Quarks and Leptons.