| ▲ | ekr____ an hour ago | |||||||
> The only device mandates that should be taking place is for the default installations of web clients should be checking to see if parental controls are enabled. This only impacts the major browsers. An intern at each browser company could add this check in minutes. If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1]. If present, prompt for a override password and also give the option for the admin to approve-list the domain at that time. That's it. Not perfect, nothing is or will be. It's useful to contrast this with the various device-based mandates that have been created in order to get a sense of what legislators seem to be trying to do. With that in mind, a few points: * What you are proposing allows parents to opt in via parental controls, but age assurance mandates (both device-side and server-side) tend to require positive action to enter unrestricted modes. In some cases (CA AB 1043, for instance), this is just a matter of entering your age. In others, you actually need to demonstrate your age via some technical mechanism. * While many age assurance mandates focus on adult content, which is primarily consumed via the Web, others (e.g., Australia's Social Media Minimum Age) focus on social networking, which is primarily consumed via apps, so anything that is Web only will not be effective. * Site-level granularity isn't really fine enough in some cases. For example, the New York SAFE for Kids act prohibits certain behaviors such as algorithmic recommendations when a user is a minor, but doesn't require blocking minor usage entirely. It's potentially possible to implement this with something like RTA, but it would have to at minimum be at much finer granularity. Section VI of https://kgi.georgetown.edu/wp-content/uploads/2026/01/Age_As... goes into quite a bit more detail about various architectures (disclaimer, I'm an author). None of this is an endorsement of age assurance techniques; I'm just trying to help flesh out the situation. > All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. It's a bit late for that, given that around half of US states already have some kind of age assurance mandate. | ||||||||
| ▲ | Bender an hour ago | parent [-] | |||||||
It's a bit late for that, given that around half of US states already have some kind of age assurance mandate. Perhaps late to solve this globally but parents can still install parental control software if they so desire and can still intervene locally to prevent sharing data with 3rd parties. At worst this means small children might not get to visit social media and other assorted sites and I am fine with that. I think a number of parents would be fine with that as well. Sites can voluntarily label as some do. It just means that parental controls would have to default to blocking everything until approved and while sub-optimal maybe that's what people will have to do in order to avoid the evil pattern of sharing data with all the websites that will ultimately leak, or "leak", be sold, stolen, etc... Good parents will not participate in the evil patterns of sharing their children's personally identifiable information. When the PII of children is ultimately shared with evil people the children once adults will resent their parents for not protecting them. - To all parents here, your children have no idea what risks are out there including devious companies that want their data. They will one day be adults if all goes well. Protect your children as corporations and governments will not. They will thank you when they find out all their friends data was shared, leaked or otherwise abused forever. | ||||||||
| ||||||||