Comment by jwr

> App and website developers shouldn't be burdened with extra costly liability

Why not? Physical businesses have liability if they provide age restricted items to children. As far as I know, strip clubs are liable for who enters. Selling alcohol to a child carries personal criminal liability for store clerks. Assuming society decides to restrict something from children, why should online businesses be exempt?

On who should be responsible, parents or businesses, historically the answer has been both. Parents have decision making authority. Businesses must not undermine that by providing service to minors.

App and website developers shouldn't be burdened with extra costly liability to make sure someone's kids don't read a curse word, parents can use the plethora of parental controls on the market if they're that worried.

App and website operators should add one static header. [1] That's it, nothing more. Site operators could do this in their sleep.

User-agents must look for said header [1] and activate parental controls if they were enabled on the device by a parent. That's it, nothing more. No signalling to a website, no leaking data, no tracking, no identifying. A junior developer could do this in their sleep.

None of this will happen of course as bribery (lobbying) is involved.

[1] - https://news.ycombinator.com/item?id=46152074

Practically, instead of requiring that sites verify age, require that they serve adult content with standardized headers. Devices can then be marketed as "child-safe" which refuse to display content with such headers.

ZKP methods are just as draconian as they rely on locking down end user devices with remote attestation, which is why they're being pushed by Google ("Safety" net, WEI, etc).

The real answer to the problem is for websites/appstores to publish tags that are legally binding assertions of age appropriateness, and then browsers/systems can be configured to use those tags to only show appropriate content to their intended user.

This also gives parents the ability to additionally decide other types of websites are not suitable for their children, rather than trusting websites themselves to make that decision within the context of their regulatory capture. For example imagine a Facebook4Kidz website that vets posts as being age appropriate, but does nothing to alleviate the dopamine drip mechanics.

There has been a market failure here, so it wouldn't be unreasonable for legislation to dictate that large websites must implement these tags (over a certain number of users), and that popular mobile operating systems / browsers implement the parental controls functionality. But there would be no need to cover all websites and operating systems - untagged websites fail as unavailable in the kid-appropriate browsers, and parents would only give devices with parental controls enabled to their kids.

> There's always another option: don't implement age verification laws at all.

Where do you go to vote for this option?

The concern is ubiquitous all-pervasive surveillance, control, and manipulation of algorithmical social media and its objective consequences for child development and well-being. Not "kids reading a bad word". Disagree all you want, but don't twist the premise.

Surely you can find a rationalwiki article for your fallacy too.

> Fine websites for not using this API (ex: porn sites).

Recent posters here are clear that porn sites are setting every available signal that they are serving adult-only content.

According to them, you are targeting the wrong audience.

Facebook/Instagram studying how to get young users addicted should be of greater concern. I have my doubts about the effectiveness of age-based blocking there, though.

No. This is not the way.

> give parents the ABILITY to advertise the users age to browsers, apps and everything in between.

Accounts and Applications to services that provide countent are set to a country-specific age rating restrictions (PG, 12+, 18+, whatever). That's it.

None of the things you mentioned have any point to concern themself with the age or age-bracket of the user in front of the device. This can and will be abused. This is very obvious. Think about it.

This is a great solution to the stated problem. The issue is that nobody is actually trying to solve the stated problem. This is a terrible solution to the real 'problem' which is the lack of surveillance power and information control.

This is what I think. I saw someone else on HN suggested provide an `X-User-Age` header to these sites, and provide parents with a password protected page to set that in the browser/OS.

Responsibility should be on the website to not provide the content if the header is sent with an inappropriate age, and for the parent to set it up on the device, or to not provide a child a device without child-safe restrictions.

It seems very obviously simple to me, and I don't see why any of these other systems have gained steam everywhere all of a sudden (apart from a desire to enhance tracking).

>all these laws start to rip at the seams when the fabric of society, the people who make up the society no longer have morals

Morals like owning slaves, right?

A moral system that requires everyone to be white Christian males isn't a moral system, it's a theocracy.

> Granting kids access to our own minercraft servers: My god, I felt dirty about what the other parents had to go through to enable that.

This is a hobby horse of mine to the point that coworkers probably wish I'd just stfu about Minecraft - but holy shit is it crazy how many different things you need to get right to get kids playing together.

I genuinely have no idea how parents without years of "navigating technical bullshit" experience ever manage to make it happen. Juggling Microsoft accounts, Nintendo accounts, menu-diving through one of 37 different account details pages , Xbox accounts, GamePass subscriptions - it's just fucking crazy!

The steelman argument is that parents are not necessarily up to date on the technology, and cannot reasonably be expected to supervise teenagers 24/7 up to the age of 18. Compare movie ratings or alcohol laws, for example: there's a non-parental obligation on third parties not to provide alcohol to children or let them in to R18 showings.

But the implementation matters, and almost all of these bills internationally are being done in bad faith by coordinated big-money groups against technologically illiterate and reactionary populist governments.

(if we really want to get into an argument, there's what the UK calls "Gillick competence": the ability of children to seek medical treatment without the knowledge and against the will of their parents)

The other stance is that most parents are not capable of winning a battle against tech giants for the mind of their children, just as parents were not capable of winning this fight with tobacco and alcohol companies.

ignore parent, outsource parenting to gov verification authority

TBH many parents done exactly that by giving phones/tablet already to kids in strollers

Parents already have a lot of control on children' education.

Examples: most children believe in the same religion as their parents, and can visit friends and places only if/when allowed by their parents.

This is simply extending the same level of control to the internet.

Government-mandated restrictions are completely another level.

This is obviously where it's going to go, at least in the US. Things that are non-religious, non-Christian especially, pro-LGBT, and similar will be disproportionately pulled under "adult content" to ensure that children are not able to be exposed to unapproved ideas during formative years.

There are many ways to not have a state or national ID document in the USA. You might simply not have a driver license or passport. That's totally legal. You might be in the country temporarily for business or as a tourist. The constitution applies to all of these people.

> why should rest of society cater to them?

Because these undocumented people are still humans. They deserve access to information services. It's as simple as that.

I don't think it's "catering to them" to avoid passing laws that impose undue burden. For example, if you passed a law requiring a US passport to buy food in the US, and made it so all restaurants and grocery stores are required to check passports before selling food to anyone, I would be opposed to that law, and part of the reason is that I don't think it should be hard for anyone to get food, whether they have a US passport or not.

"Undocumented" doesn't mean "residing illegally" anyway, it just means "lacking documents", which is a state that many perfectly legitimate US citizens find themselves in. But we should want people who are here illegally and everyone else to be able to use the world wide web and computers regardless of their legal status, just like everyone should be allowed to eat and buy food regardless of their legal status, because that's just basic humanity.

What if they are supposed to be in the country, but they are undocumented?

This means "not having documents". It's not a synonym for "illegal immigrant".

You fail to mention big Israel money, when 98% of US congress members are taking donations from AIPAC. Strange omission on your part.

Oh, that's a different topic: as someone from and living in eastern Europe, there's not a single doubt in my mind that the biggest threat to any civilization is russia by a long shot. The alarming part is that the current US administration hasn't got a single clue of history, suffers from chronic incompetence and the whole superiority complex and fanboying russia as a consequence - those pose a threat. In the context of the conversation, the incompetence is arguably the biggest facepalm moment.

Applying is one thing. Giving unrestricted access to anyone, which contains a ton of private information, be it of a deceased person, is not OK. Going back to my original statement: fake name, fake email, untraceable payment.

The older cousin case doesn’t scale. True ZKP could be fully automated to dispense verification tokens from a website to every visitor. If the proofs are truly zero knowledge there is no way to discover who is giving millions of kids their ID.

When we hear about “zero knowledge” ID checks in real proposals they’re not actually zero knowledge altogether. They have built in limits or authorities to prevent these obvious attacks, like requiring them to interact with government servers and then pinky promising that those government servers won’t log your requests.

The people proposing these laws presumably think imperfect enforcement is better than no enforcement at all. In the non-zero-knowledge case, it's possible to revoke falsely shared credentials.

The one where the root user can enable parental controls requires the kid to know their parent's password or save up to buy their own device.

That's why this whole thing is stupid. The smokescreen of "protect the children", and meanwhile a child will just use find another device. Maybe an older one.

Its billions of lobbying for state surveillance under a smokescreen you bypass with basic human interaction.

Countercounterpoint: It's privacy destruction creep and it always has been.