95
Why is checking age at os-level that bad?
(lemmy.fait.ch)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 12 Mar 2026
95 points (81.5% liked)
Ask Lemmy
38511 readers
1405 users here now
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, toxicity and dog-whistling are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
founded 2 years ago
MODERATORS
Will you be allowed to lie about the age? If yes, then it's a pointless law. If no, then whoever is checking needs to have more control over your device than you do, DRM style. That's gives them an entry point through which they can put whatever they want without you being able to control it.
The Califirnia law, at least, states the age flag should be set when the account is created, presumably by the controller of the computer, and holds that controller responsible for setting it correctly, and the developer responsible for ensuring it's set and works correctly, at least, that's my reading of it. If it's your computer, that makes you resoonsible for setting your age and that of accounts you create for your children.
and to prove its not actually about safety and instead about control: parents are already responsible for what kids do online and could be charged using existing laws. but… where is the overreach in that?!
Whilst parents absolutely should be guiding and helping the kids determine where they go online, and what they look at, I'm trying to envision where, or how, parents would be liable for them looking at something inappropriately "adult", barring actual child neglect.
A system like this would actually help parents be more confident that little Johnny wasn't going to stumble across something in appropriate, because, yes, in a way this is about control. It's about controlling what kids are exposed to before they are intellectually ready for it. Yes, there are potentially serious issues around that, such as limiting access to LGBTQ+ or other helpful material for young adults, but that should be a discussion around what information is needed at each age, rather than how to indicate that age.
Age gating on the open internet will happen, I don't see any way that it wont, what matters is how it is implemented. We know that submitting government issued ID to every site with potentially contentious content is a terrible idea; this neatly sidesteps the need for that, and actually forbids it.
for ex: if you let your kid look at porn, in the US, the parents are absolutely liable for various forms of “risk of injury to a child “ laws.
To bring charges under those sorts of laws there's going to have to be some external evidence of harm. Either the kid is acting in a way that causes an agency sufficient concern that they investigate the family, or the government mandate much stricter monitoring of exactly who is doing what online. The former case is unlikely, but should probably be persued vigerously when it does hapoen, and the latter case is something I imagine we all very much want to avoid.
By providing a simple, privacy conscious, way of taking some of the burden of vigilence off of the parents (the child is less likely to stumble on inappropriate material) it makes it easier for them to provide actually beneficial guidance, and reduces the risk of law enforecement getting involved to investigate minor transgressions.
putting burden for safety on corps is not a healthy thing.
The burden is still on the parents, but this would actually provide a useful tool for them to address that burden.
have you seen any existing tools be so bulletproof that kids cant get around them?
No, and this wouldn't be impossible to bypass either. I don't think the aim is 100% perfection, so much as harm reduction, and I don't think you'll get more than that no matter how onerous the law becomes. Most kids, most of the time, are not going to be trying to circumvent it, and it would still be up to the parents to look out for cases where they were.
The current proposal requires storing and transmitting a flag that can take one of four values (under 13, 13-16, 16-18, 18+), and prohibits sites using other means of age verification. It'll work adaquately to stop kids accidentally seeing pornography, and hopefully things like andrew tate, giving the parents some space to do their part to help their kids learn how to understand what they migjt be exposed to.
why are the harm reduction methods we have now not being used?
That's a thorny question. The main ways we currently got either involve the sites in question collecting personally identifiable information, such as government issued ID, and making a determination as to what to serve based on the information that contains, or the sites adhereing to a voluntary code, such as RTA, to include an identifying header, and parents installing, configuring and maintaining the software or services to restrict access. The former method is obviously dangerous as it requires handing over your ID, and the latter is all voluntary and so there is little impetus to do it, and the complexity will also act as a deterent for parents. Turning it around and just having the computer send a flag for the age bracket gets rid of the need to transmit personally identifiable information and makes the parents' setup job much easier with a one-shot, tick a box and carry on, process.
if they are claiming the new laws are for kid safety there must be existing already some external evidence of the need, no?
There's fairly clear evidence at a societal level that access to, for instance, hardcore pornigraphic material is harmful to children, but that is very different to having evidence that a particular child is currently being exposed to it.
exactly. so why do we need more laws that also happen to provide massive leak able tracking to corporations and govs without warrants, etc?
I'm not sure what you mean by "massive leak able tracking" in this case. It's literally a flag that indicates the user's age bracket, and means sites don't use the really invassive options.
setting that flag involves the leakable process.
Again, I'm only going by the Californian bill, but that one is pretty clear that the person setting up the account should either supply the user's birth date, or the age bracket they are in. There is nothing indicating this should be validated in any way. I'd agree that, if the machine was compromised, and the user's birth date was used, it would be possible to leak that data, but given those preconditions, it would be one of the least interesting things leaked. I'd certainly prefer to just store the age bracket, and have a way for the computer admin update it as the user grows towards their 18th birthday.
Just because they are responsible doesn't mean the have the means to exert their responsibility. Demanding birth-date upon (local) account creation would allow them to better exert that responsiblity.
no it wont. kids get around shit easier than ever especially with luddite parents.
if the gov actually cared they’d take to charging using existing laws.
Parents of current 8-18 year olds are gen X and millenials, who every survey shows are (on average) significantly more tech literate than gen Z and Alpha.
correct. i am a gen x software engineer and I know for a fact my kid who is now 25 would always find ways around firewalls when he was 14 and horned up.
my point is that we have laws already that are perfectly appropriate to the “concern” stated, “child safety.”
any new laws will only give more access to important data to corporations who are known to do bad things with it.
that does not make it worth it. my opinion would change if there was a legit large inrush of charges using exiting laws that then did nothing to help, then one could argue we need more law. but thats just not the case today.
Right, so the law is pointless, since there is already a thousand different ways to control what children see on the Internet.
I've responded to your duplicated comnent elsewhere, could we take this thread there to avoid duplication?
So that means that kids can't buy computers?
Can't buy a cheap used raspberry pi or old laptop/desktop in order to set up as a server?
I don't think there would be any difficulty with a kid setting up a computer, as in most juristictions the parents are responsible for their childrens' actions until they are adults themselves. So the oarents would still be responsible for what the kid did with the computer in the same way they often are now.
So then the law is pointless as implemented, since parents can already do this. Which leads to the conclusion that there must be some other motivation
Not really, please see my response to towerful's sibling comment to save me duplicating it.
So these "os reporting age bands" laws are useless then.
Cause either the parents are being responsible, at which point there are many parental tools for network and device control.
Or they aren't being responsible, and the kid can easily bypass it or just buy their own device.
These age band laws basically work in the opposite way to the usual parental controls. Rather than having to install and maintain the control software and having the filtering at the client end of the connection, parents need only set a flag and filtering will occur at the source end of the connection.
Will these laws provide perfect protection that eliminates the need for parental oversight of childrens' internet access? No. Will they help stop kids accidentally stumbling into unsuitable content, reducing harm overall? Yes. As a parent, one of the things I worry about is my kids browsing sites such as youtube. Even if they're using it for research for school projects, I can never be certain it wont prompt them to watch an unsuitable video. With a simple "this user is a child, don't show them anything unsuitable" flag, I wouldn't have to spend so much energy monitoring everything and could spend more energy talking to them about what they're actually watching.
One of the key parts of the Californian law is that if the client machine sends the flag, the service must treat it as authoratative, and should not use other means of checking. That is good news, as it means there is no incentive for sites to integrate more intrusive measures such as third parties scanning givernment issued ID.