Well why haven't all the big tech companies done it then?

They have only themselves to blame. They had years to fix the problem of inappropriate content being delivered to kids and their response was sticking their fingers in their ears and saying "blah blah blah parenting blah blah blah"

And it really should be the opposite. Assume content is not kid-safe by default, and allow sites to declare if they have some other rating.

But does this actually still get used by parental controls?

Some parental control applications will look for it but it is not yet legislated to be mandatory on a majority of user-agents.

All I am suggesting is we legislate the header to be added to URL's that may contain material not appropriate for small children and mandate the majority of user-agents the ones that are default installed on tablets and operating systems look for said header to trigger optional parental controls. Child accounts created by parents on the device should not be able to install alternate user-agents or bypass the controls (at least not easily). Parents should be guided through this on device setup.

Indeed their site is old and rarely touched. The ideas and concepts have not changed. It really could just be a static text site formatted in ways that law makers are used to or someone could modernize it.

Yes, the RTA header was primarily a solution specific to porn sites. The broader problem is that parental controls don't have reliable standardized signals to filter on which has led to the current nonfunctional mess.

So ideally you want a standardized header that can be used to self classify content into any number of arbitrary and potentially overlapping categories. The presence of that header should then be legally mandated with specific categories required to be marked as either present or absent.

So for example HN might be "user generated T, social media T, porn F" or similar with operators being free to include arbitrary additional categories (but we know from experience that most of them won't).

While this would be required by law, I imagine browser vendors might also drop support to load sites that don't send the header in order to coerce global compliance.

That's a good idea. There could be two headers, the existing RTA header that adult sites use today [1] and another static header that explicitly states there shall be no adult content.

[1] - https://www.shodan.io/search?query=RTA-5042-1996-1400-1577-R... [THESE ARE ADULT SITES, NSFW]

I always love seeing pros and cons of whitelist vs blacklist sorts of strategies in different scenarios.

The porn companies already set the RTA header. It was designed by an organisation funded by the porn companies.

https://en.wikipedia.org/wiki/Association_of_Sites_Advocatin...

What, in the same way movie studios wouldn't comply with the Hayes Code, or comic book publishers wouldn't comply with the CCA, or games publishers wouldn't comply with the ESRB? The financial incentive is to police yourself, because government policing is much, much worse.

You’d think that one could simply block sites that don’t have the age header set on child computers. This may block kids from hobbyist sites that don’t bother to set their headers as kid-friendly, but commercial sites would surely set their headers properly. Over time sending proper rating headers would become more normalized if they were in common use.

This still isn’t perfect, as it creates an incentive for legislators to criminalize improper age header settings and legislate what is considered kid-appropriate. But it’s still better than this age verification crap.

What I am suggesting could address most of that. If they do not participate they get fined. The government loves to fine companies. This assumes they put enough "teeth" into a law that prevents companies from accepting fines as the cost of doing business. This would also require legislation that could block sites that operate from countries that do not cooperate with US laws. Mandatory subscriptions to BGP AS path filters, CDN block-lists which already exist, etc... People could still bypass such restrictions with a VPN but that would not apply to most small children. Sanctions and embargoes are always an option.

People were wrong.

We pay money online mostly through credit cards. Credit card transactions can be reversed. If children spend money on porn, those payments are likely to be reversed. This is really bad for the ability of the porn sites to continue receiving credit card payments, and continue making money.

An age header is a trivial step that can reduce the odds of the adult site receiving payments that later get reversed. Win, win.

But if someone is willing and able to pay, then the adult industry wants the choice of whether to access content to be up to them. If government tries to regulate them, they'll engage in malicious compliance - do the minimum to not be sued, in a way that they can still reach customers.

For example Utah tried to institute age verification. The porn industry blocked all IP addresses from Utah. Business boomed for VPN companies in Utah. Everyone, including porn companies, knows that a lot of that is for porn. But if you show up with a Nevada IP address, the porn's position is, "You're in Nevada. Utah law doesn't apply." Even if the credit card has a Utah zip code.

If you live in Utah, and you're able to purchase a VPN, the porn companies want your money.

> Back in the late 90s or so, there was a proposal

This one: https://www.w3.org/PICS/

I disagree. The ability to render a page could simply mean that parental controls were not enabled on the device. Some parents have assessed the situation and trust their children to be psychologically ready for adult situations. The client could be literally any age.

Today devices do not default to accounts being child accounts. Some day this may change and may require an initial administrator password or something to that affect but this can evolve over time.

That's true. But leaking an age threshold is not the same as private companies being able to link all your online activities to a single legal person.

Adults could also use this to filter out unwanted content without needing to rely on outdated filter lists.

One possible method [1] though I am sure the network and security engineers here on HN could come up with simpler methods. Just blocking domains on the popular CDN's would kill access for most people as by default most browsers are using them for DoH DNS.

[1] - https://news.ycombinator.com/item?id=47950843

That would also amount to compelled speech.

I disagree. The legal requirement to apply a warning label is a well known, understood and accepted process that is applied to a myriad of hazards to children and adults. As just one example businesses in some states, most notably California are compelled to add warning labels to foods and other products that could cause cancer.

Clients could refuse to show content that does not have headers set.

On other hand servers might choose to lie. After all that is their free speech right.

So maybe you need some third party vetting list. Ofc, that one should be fully liable for any damages misclassification can cause... But someone would step up.

Compelled to disclaim facts is good compelled speech, though.

Such censorship shouldn't exist in the first place.

I could be misunderstanding the context but to me that sounds like a moderation issue assuming we even want small children on social media in the first place. There should probably be a dedicated child-safe social media site that limits what communication can take place for small children and has severe punishments for adults pretending to be children for the purposes of grooming.

This is assuming children should be on social media at all, which I for one would debate.

I think that initially the onus would be on Youtube to figure this out. They have some very intelligent engineers. For example, if the Youtube client is receiving affiliate funds then they are easy to ID and fine. If they are random people then Youtube would have to share the violation data with the other countries and the US or UK would have to pressure those countries to participate in fining the end user. There could be financial incentives for the foreign country to participate. They can also just force label a video to be adult as they do today when enough people report it which is admittedly not uniformly applied.