Comment by lesostep
9 days ago
I want to agree with you, but if it's my system and my browser reporting my bracket, wouldn't it be trivially easy to inject an http-header with the age I want to report?
And by "trivially easy" I mean "somebody already posted how-to for windows to stackoverflow"
You're trivializing how difficult tampering with OS internals in locked down secure boot environments can be. Just look at the state of Android custom roms. Devices that are years old can be impossible to modify the OS on.
Look at projects like byeDPI. Essentially, it's just a VPN service that runs on the phone itself. You phone connection is passed to this VPN that modifies http-headers.
I kinda did forgot about Android, yeah. You can't exactly rewrite OS rules there. But it's no less trivial* on Android, you just have to solve it from different angle.
* assuming someone will just write the app, and share it. But since similar projects exist, it wouldn't be a reach to say that it's doable and some folks would be interested to do it.
I admire your optimism.
All I can do is encourage you and others like you to ponder upon:
Google is trying to force all devs to have verified identies
Google and Apple and Microsoft already ban applications they simply don't like (violates their "policies") from their app stores
There will be attempts to close the holes when they come to the attention of "stakeholders"
The UK already wants to ban VPNs
And the aforementioned, you can't really enforce laws or policies like this without locking down the OS and hardware.
There's probably more indicators of what's coming down this path. It doesn't look good.
1 reply →
The problem is not that it's hard to cheat (it's easy), the problem is it makes you officially a liar and liable for "illegal app use".
It might not be a problem for you, but some underage kid, who lied about their age, gets addicted to a game with in-game purchases and gets into financial trouble now has no recourse against the company who made the addicting game.
There's no liability in the law for a child who uses an over-18-signaled account and accesses over-18 content, nor for a parent who gave that account to the child. It's all the parent's decision if the child should be restricted or not.
As noted in my other reply to you as well, this is false.
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml...
Does this imagined underage kid that right now lies about his age in UI-form have a case because it wasn't on OS level?
I genuinely don't know, and it's hard to see what's the differences between those two cases are.
I'm not a lawyer, but it's clear that this changes the narrative. If some technical restriction is in place (OS level age statement with apps who enforce it) and the kid circumvents that, it's easy for a company to claim that they did their part and all blame is on the kid. Without that, it's trickier for the company who intentionally created some addictive product to prove that they did enough to protect the kid.