Comment by dredmorbius
24 days ago
What's ... boggled me about this issue since forever is that:
1. Most people access online content through either a personal or business broadband service (residential, mobile, or place-of-work).
2. Those services ... bill directly. Which means that it should be possible to specify an age preference for the service account as a whole, and/or subsets of it. The service can specify whether or not age-bounded online services are acceptable or not, as well as specific classes of age-bounded services. E.g., a workplace service would generally allow for >18 access, but might restrict usage of gaming, gambling, pr0n, or related sites. A household might request no age gating at all (all >18 or whatever minimum age is mandated) or several classes of service, say, if adults and children are present.
3. Where it's necessary to specify multiple preferences, multiple network segments could provide this logically (e.g., an IPv6 block with unrestricted and age-gated ranges), with distinct devices being allocated appropriate gateway addresses.
4. Effectively, the connectivity provider then attests for age, without requiring any finer-grained identity disclosure.
Why ...
A. Would this not work?
B. Is it not being generally proposed?
To be blunt, because it sounds insane and simultaneously solving the problem at the wrong abstraction level, and based on criteria that have nothing to do with age. Age-based IP ranges? This sounds like a recipe for reinventing the entire internet in a non-backwards-compatible way. Networks are not people. Why would we treat the network as your identity?
What strikes you as unreasonable?
What I'm suggesting for different service levels is simply to map a specified access / age-verification level to a specific network access point. This is better suited to IPv6 which has a much larger address space than IPv4, and often allocates a range of addresses rather than a single IP, though NAT or IP shenanigans might be possible for the latter as well.
The point is to put the heavy lifting of age validation at a level at which who is getting the service has already been vouched through service account provisioning.
It's less that there is something unreasonable sounding about it and more that there's almost nothing that sounds reasonable about it. It's like you suggested that instead of setting speed limits, we directly tie the maximum speed of a car to how far the driver's seat is from the steering wheel.