RU version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
53% Positive
Analyzed from 12282 words in the discussion.
Trending Topics
#age#content#kids#should#header#children#don#linux#internet#law
Discussion (497 Comments)Read Original on HackerNews
The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside. This knocks out two issues with one fix. Small children don't see much if any adult content and they are kept off social media until the admin (parent or legal guardian) approves it.
If a site is not adding the RTA header then progressively fine them into oblivion. If they accept the fines as the cost of doing business then seize everything and put everyone in GenPop. An intern could enable the header in 5 minutes.
All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. The focus should be on small children as teen share porn, warez, movies and such within Rated-G games.
[1] - https://news.ycombinator.com/item?id=47950091
This could all be handled by settings in the browser, only if the sites themselves listened to the users' browser preferences.
If you build a website without all that tracking stuff and without 'free' services from the data collection companies Google and Facebook, then you have a pretty good chance of not requiring a banner at all, because for logins, etc., you are allowed to use cookies et al. without requiring an opt-in.
But I never saw anybody at the OMR being proud about the state of cookie banners they created...
Ultimately there’s no good excuse for the banner solution.
It’s not written the way it’s written because they’re oblivious it’s written the way it’s written because it’s plain lobbying writing the bill.
For example, there’s little in the way of protections in how the age verification would be protected or prevent the analytics from being sold
They can't do anything today as it is a federal holiday but they could do something tomorrow.
But then again if it was to protect children, better support for voluntary age control would be so much more useful as most minors use devices managed/owned by their parents.
But then similar to cookie banners it is just about enabling surveillance
Do binary search and you don’t even need that many calls.
1. Is person older than 50? 2. Older than 25? 3. Older than 18? 4. Older than 9? 5. Younger than 14? 6. Older than 16?
It's our duty as informed persons to educate the general population to exert pressure on policy makers to act in the common good - otherwise indeed nothing will change but increasing corruption.
The problem is that people generally want functional and often performance cookies, and then you end up with the stupid cookie banner regardless of marketing cookies.
Instead, the default should be, that if there is no header or it cannot be parsed, then the content is unsafe. And if there is a header, it describes the page rating, like what kind of dangerous content it may contain. The header may be added to any displayable content like HTML, text, images, audio or videos, but not to machine-readable content like JS files or AJAX responses.
So only those who wants their site to be accessible by minors, have to add headers. For social networks, the user might have an option to mark his content as "safe".
This means that with my proposal existing site operators need not to do anything to mark their sites as "unsafe" - all sites are "unsafe" by default. This means that millions of site operators need to spend 0 dollars to adapt their sites. How great is that?
The browser on a device with parent mode, should not allow displaying any content which doesn't have a header or that is marked as unsafe, or that contains header with invalid value. The parents may whitelist some sites.
There should be a reponsibility for intentionally marking unsafe content as "safe". We should also think what to do with foreign operators, intentionally putting invalid headers for unsafe content. Maybe they should be added to some kind of blacklist that the browsers would periodically update.
Search engines like Google could work by default in "safe" mode, but add "unsafe" header if the user wants to turn off restrictions.
> If a site is not adding the RTA header then progressively fine them into oblivion.
I think my proposal is better because it requires only fining those who intentionally misrepresent content safety.
That's something the client should be doing. You can configure your own device (or your kid's) to have whatever default you want.
The actual problem is that classifying the entire firehose of user-generated content is precarious and uneconomical, so the default tag is going to be whatever minimizes liability. If untagged implies "unsafe" and "unsafe" minimizes liability then the majority of content will be untagged. If untagged implies "safe" then the majority of content will end up explicitly tagged as unsafe, because tagging it as unsafe minimizes liability.
But either way if you disable "unsafe content" you'll end up disabling almost everything, specifically including the huge amount of "safe" content which isn't tagged as safe because accurately classifying it is uneconomical.
I think that's okay. The need for regulation is incentivizing capitalism in its amoralism to favor your regulated morality.
Corporations very much like targetting impressionable kids with content to sell stuff. If that adds a liability cost to moderate and make sure that content is "safe" (whatever that means in your jurisdiction), then isn't that what you would want?
I've never let my kids out on youtube, or the internet without either of us parents (yet at least). I hear you can now whitelist channels on youtube premium for child accounts, which sounds exactly like I want, but of course that doesn't scale. While I'd want to curate the entire internet for them until we've instilled enough judgment/their brains have developed enough to do it themselves, it's obviously impossible. Adding a liability risk or moderation cost to target kids seems like a fairly aligned incentive.
Ultimately the problem is the provider knows what category the content is and the parent knows what the content policy is. Providers can't say whether it's "safe" or "unsafe", only what standards it complies with. Some parents will have weird policies like "only G-rated movies or any Jim Carey movie" that can't even be delegated in any reasonable way to providers.
So the header has "PG-13, US-legal" because it's a movie rated PG-13 and constitutionally-protected legal content in the US, and whatever other markets you want to open up. Providers could even include AI ratings so as to mass-tag their content at low cost, and parents can decide if a particular AI rating is okay.
Parental controls could even restrict official ratings to country of origin, so if you approve PG-13 it'll block that content from countries where you can't sue them for lying about it.
The only hard part for the web is that a site could lie since there is no gatekeeper, but some black lists can help with bad actors.
Websites by default are ‘true’ for every category, unless they specify.
Categories are, for example of some: nudity, sexual, violence, etc.
It doesn’t have to be perfect but sites will have to err on the side of caution.
We could even create an html tag <restricted type=violence> for example, and the browser can simply not render that portion of the page of the user has that type disabled.
And we could give companies a pass for best-effort categorization using tech to assess user-generated content, along with allowing users to flag their own content as “safe”
There's no reason a simple, standardized header can't be used to communicate any number of classifications simultaneously.
Edit: It occurs to me that if you oppose all age related measures then my above response isn't entirely fair to you. I still think it's an absurd objection but the comparison I made no longer applies.
For example, it would be insane if every website and blog in the world to had to run logic to detect and prevent Elbonian males under 16 lunar years from seeing ankles except on Thursdays.
The core problem is the lack of buy in. Unfortunately that likely needs to be forced. I think it's not unreasonable to legally require people to make a claim about the nature of what they are serving up. They already need to be aware of the legal status of what they're doing anyway so it hardly seems as though making such a determination should pose a burden when you consider that it's an alternative to either requiring ID, requiring the client send age bracket information, or other heavy handed interventions. The choice here isn't "the status quo vs a header" but rather "some other age related regulation vs a header".
An easy way to enforce this "voluntarily" (ie coerce) without sending government agents after every small time website operator would be to require that mainstream browsers and other client software (based on MAU or similar metrics) refuse to process content that does not send a classification header. Doesn't matter what the header says or what the status of the user account or parental controls or whatever else is, it has to send the header regardless or it will be blocked without exception. That would presumably trigger broad compliance with the relevant regulations.
What about spoken words?
What makes online speech different, from the perspective of the Constitution that limits the power of the state?
Parents today can accomplish what you are suggesting by installing parental control software and only allowing access to things they explicitly approve.
This can also be done via headers explicit blocking of all the things and was suggested in another thread. [1] Some people liked the idea.
[1] - https://news.ycombinator.com/item?id=47952999
I'd actually go somewhat further though and ask whether it's a good idea to even do this via web pages at all. We have a great potential system for this already: DNS. Do something useful amongst all the ridiculous vanity and spam TLDs for once and set up a ".kids" gTLD, or ccTLD for that matter so that different countries can set their own regulatory standards naturally (ie, .kids.us, .kids.uk etc). Domains could also be used for some broad buckets for people who don't want to drill in, ie, .1-6.kids, .7-12.kids, .13-17.kids, or whatever is deemed appropriate, but simple age brackets that would offer some sane defaults. 1-6 could simply not allow any ads, user generated content or algorithmic feeds whatsoever for example. There are a lot of knobs to turn. And then at the registry level it can be ensured from the get-go that anyone getting a .kids domain is fully identified, located in the country in question, has valid ID, has specific credentials or is an accredited organization, or whatever other criteria makes sense.
But ultimately the point would be to create something that is built right from the ground up, and in turn that doesn't interfere with what has already been built at all. Something that can also be worked with at the gateway and thus cover every device on a LAN, and for that matter can easily be plugged into the vast number of powerful tools we have for working with that stuff. It'd be easy to put a nice UI on all this, even to make it higly automated. For example, have a setup wizard where you enter children, put in date of birth for each, and it'll spit out a password for each one. This then auto-provisions the network such that each kid has their own VLAN (password for PPSK or even wired connection) and is automatically limited to the domain groups of their age bracket, which then changes as their age changes.
Parents should be able to dig further in and get more granular with content categories, metadata for which could be required for anyone hosting a site within that domain, but I think there is the potential to make something both pretty bullet proof and pretty accessible, using existing tech stacks, and without impinging on the present internet at all including privacy and anonymity.
The vast bulk of the internet is child neutral. For example my church a web site, the bakery down the road has one, the local pro sport team has one. They're not designed "for kids", but kids are welcome.
Does StackOverflow need to register a .kids domain just so children might get answers to programing questions?
If my-bakery.co.uk and my-bakery.co.au both want to be visible to 16yo there needs to be at least kids.uk and kids.au.
Does OpenSSL.org or OpenSSL.com get to be OpenSSL.kids?
Sorry but duplicating the entire neutral internet domain space with yet another tld isn't a helpful approach.
And, if we are going to do this the “design” should be global and anticipate a range of cultures.
We really can't have it both ways, that every failure of the child is blamed on the parent for lapsing in their almost totalitarian oversight, while also idealizing the idea that children must make their own mistakes and gradually growing into responsibilities and self-governance. Except having access to the Internet, apparently.
Taking a step back, this all smells like madeleines and a yearning for the good old days when everyone rode bikes and nobody owned smartphones. That's not really a productive stance on anything.
(If you would ask me, and I'm sure nobody would, I would think that there is a sort of trade-off here but with a clear answer: Make clear restrictions about buying cigarettes, alcohol, abusive content and extreme porn. But these restrictions aren't meant to be technically perfect. It's ok that some kids will learn to lift the limits and explore what is forbidden. At least then they would know that there is some reason society collectively considers these things off-limits, and that they soon will be in a mistake of their own making.)
[0] I also know home-schooled people whose parents are far better than any teacher I've ever had and whose education and achievements reflect that obvious fact. Home-schooling itself isn't the issue, and I'd prefer that it remain possible.
This broad rejection without good reasons is borderline sociopathic. ... and parental control is not the gov raising anyone.
but... I would also like to keep my kids from seeing the very worst of the internet before they're ready to handle it. I tried using a PiHole but Firefox DNS-over-HTTPS nullifies that now. It's not realistic for me to be watching over their shoulders 24/7; what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
If the childs account is not able to gain admin privs then their ability to change settings can be disabled.
Like no past generation could stop their kids.
The better question is "Why do I need to give up privacy on my devices that no children ever use and are used for all sorts of mundane things that are entirely unrelated to what you're trying to protect your children from to solve this problem?" The solution being proposed here is to require ID checks at the OS installation level; this would be like requiring me to flash my ID when I walk out of my house because kids would have to go outside if they were going to try to buy alcohol.
However DoH isn't obfuscated and in order to operate the list of resolvers that firefox uses must be published somewhere. It follows that you should be able to filter the major DoH providers at your gateway.
> before they're ready to handle it
You can restrict any access for the network to them. Extra bonus, this will save your child from addiction.
This is the main problem that needs to be addressed. Everything else is just a byproduct of it. If you support the by product of what was created by conditions that are not being address, you only make the problem worse.
Here we talk about use cases for EVERYONE. I don't see how your use case is fine for me, because I personally do not agree with it on any level at all whatsoever. You believe in restriction. I don't. There is no common ground here.
> It's not realistic for me to be watching over their shoulders 24/7
Is this your job? At which age will you stop monitoring them?
> what can I do to keep them away from stuff 99% of people agree isn't for children to see
99%? Where do you get those numbers from?
Besides, what stuff anyway? Even then the issue isn't about your kids. It is about laws for EVERYONE.
Nothing. VPNs exist (including free ones), some of classmates will have unlocked devices, etc.
Next question?
What it fails to account for is that today's internet is qualitatively different from the pre-social-media, pre-smartphone internet. The vast majority of the internet audience, too, is qualitatively different. Incentives are misaligned for an average parent who might want to keep a tight leash on smartphone internet access for their kids, when attempting to do so will generate fierce opposition from their kids and leave them socially out of the loop.
Maybe we should teach parents how to be parents instead of imposing draconian age checks (read: mass surveillance).
That data leaks out is always a given. So, gather less data. Ideally none. But this is not a discussion about data. This is a discussion as to what state actors think they are allowed to do. It is an attack on private life of people. See the combined strike against VPNs.
It is like negotiating with a terrorist that wants to kill you and this is his starting position and then he wants to agree on some compromise, like seriously beating you. There is no negotiation.
Obligatory XKCD: https://xkcd.com/2521/
How do you propose doing age restrictions for social media?
These are broadly popular. (And the evidence supports them.) They are happening. So the question is how to do it best. The project for reversing the consensus isn’t worthless. But it’s a long-term project that will have to bear fruit after these restrictions go into effect, if ever.
The idea is broadly popular but the second you start asking about implementation details (ie showing your ID to post on the web), the actual approval percentage tanks down to the single digits.
But you knew that which is why you construct this rhetorical motte-and-bailey about it being "broadly popular"
The entire site shouldn't be blocked; the browser needs a way to tell the website "my parental controls are enabled and I need to you to filter out age-restricted content".
Alternatively, the RTA header/meta could include a parameter/attribute for an "alternate URL" to load when parental controls are enabled. This could be useful to allow sites to present a custom error-type response, but could also be used to automatically redirect the user to similar, but age-appropriate, content.
Anyway, this all ignores the fact that "protect the children" isn't really the goal here: it's to slowly eat away at our ability to be anonymous (even read-only anonymous) on the internet. Age verification is just a watered-down way of saying they require positive identification, and eventually our hardware will have to cryptographically attest we are who we say we are. I really hope this isn't inevitable, but it's starting to feel that way.
That could be a fingerprinting vector though so maybe depending on privacy settings it just blocks the page. Really these are all solvable problems that web standards orgs have dealt with before; you just need to create the incentive for such systems to exist.
B) How would your RTA header intersect with content rating in different jurisdictions? What if the content is illegal for children in Turkey but legal for children in Kentucky?
For topic (B) companies can set or not set the header based on GeoIP. Not perfect but GeoIP is already used in load balancers, web servers and applications.
For (B), your proposal requires the website have a database over current rules in every country they would be accessible from. Would a website then, in your opinion, be responsible for the accuracy of this database? We have to presuppose an official GeoIP source that would then be legally binding and under democratic control, but given such a database, would a website serving a wrong header to an IP associated with a specific country then be committing a crime in that country? What would the punishment be?
If Meta, Google etc could easily have algorithms in place for determining the age of the person seeing the video - apart from having the override capability via a parental login as you have stated.. but these platforms have consistently refused to limit the type of content they are showing to children.
No harm in people reaching out to their politicians state and federal. The more people that bring it up the better. Let them know your childrens data will not be shared and when the data is leaked you will hold the politicians accountable.
Seems like this would incentivize just all sites to have the header regardless of if it meets the definition since you get fined if you dont but no fine if you have the header unneccesarily.
Especially if your definition is contains user contributed content. That is all sites with a comment field. What really is left? I'm not sure i have even visited a site in the last month that wouldn't fall under this.
This can also be broadly implemented, any other technical solution won't be widely spread anyway.
I don't think authorities care about child protection though. They could have legislated malicious advertising practices and a lot of similar bad influences, but didn't.
https://webmasters.stackexchange.com/questions/140733/how-to...
They stop trying to put everything in a different category and treat RTA as the person under the age of consent must get approval from their parent or legal guardian. Keep it simple.
1. This assumes that websites are under your jurisdiction and can be fined. This is not a valid assumption on the internet. If you want to do this, you need a framework to block noncompliant websites via ISP-side null-routing, putting pressure on payment processors and hosting companies which do operate in your country etc.
2. HTML tags and not HTTP headers. If just a small part of the site contains content which shouldn't be displayed, the web browser should just hide that part.
3. Sometimes, it is genuinely useful to know the user's restrictions ahead of time. Imagine you're a movie streaming site or game store. You have some content which is suitable for the user, no matter their age, but you need to know which bracket they're in to decide what to show them. Without that info, you either default-adult (which sucks for children) or default-child (which sucks for adults).
The problem of hosts in countries that don't give a shit is true for every solution aside from the great all blocking firewall no developed nation would want to have. So no to "ISP null routing" from me. ISPs provide infrastructure. They are not school teachers.
Such a solution implemented today would be tunnelled yesterday and everyone should support evasion attempts.
It's useful to contrast this with the various device-based mandates that have been created in order to get a sense of what legislators seem to be trying to do. With that in mind, a few points:
* What you are proposing allows parents to opt in via parental controls, but age assurance mandates (both device-side and server-side) tend to require positive action to enter unrestricted modes. In some cases (CA AB 1043, for instance), this is just a matter of entering your age. In others, you actually need to demonstrate your age via some technical mechanism.
* While many age assurance mandates focus on adult content, which is primarily consumed via the Web, others (e.g., Australia's Social Media Minimum Age) focus on social networking, which is primarily consumed via apps, so anything that is Web only will not be effective.
* Site-level granularity isn't really fine enough in some cases. For example, the New York SAFE for Kids act prohibits certain behaviors such as algorithmic recommendations when a user is a minor, but doesn't require blocking minor usage entirely. It's potentially possible to implement this with something like RTA, but it would have to at minimum be at much finer granularity.
Section VI of https://kgi.georgetown.edu/wp-content/uploads/2026/01/Age_As... goes into quite a bit more detail about various architectures (disclaimer, I'm an author).
None of this is an endorsement of age assurance techniques; I'm just trying to help flesh out the situation.
> All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion.
It's a bit late for that, given that around half of US states already have some kind of age assurance mandate.
Perhaps late to solve this globally but parents can still install parental control software if they so desire and can still intervene locally to prevent sharing data with 3rd parties. At worst this means small children might not get to visit social media and other assorted sites and I am fine with that. I think a number of parents would be fine with that as well.
Sites can voluntarily label as some do. It just means that parental controls would have to default to blocking everything until approved and while sub-optimal maybe that's what people will have to do in order to avoid the evil pattern of sharing data with all the websites that will ultimately leak, or "leak", be sold, stolen, etc... Good parents will not participate in the evil patterns of sharing their children's personally identifiable information.
When the PII of children is ultimately shared with evil people the children once adults will resent their parents for not protecting them.
- To all parents here, your children have no idea what risks are out there including devious companies that want their data. They will one day be adults if all goes well. Protect your children as corporations and governments will not. They will thank you when they find out all their friends data was shared, leaked or otherwise abused forever.
Certainly parents can install parental control software, but what does this have to do with children's PII being shared with sites?
Just so we're on the same page, the way AB1043 works is that the OS determines the user's age and then shares the age bracket with apps. No PII is shared with sites (this is not to say that the age isn't sensitive, but it's not PII as usually regarded). Is your concern here that sites get access to children's information because children visit certain sites regardless of legislation? That's a real thing, but it seems mostly orthogonal to age assurance.
An intern could also just delete the product which would also "solve" this "issue". The fact that it's easy or cheap is not significant to the problem at hand.
> should be doing is setting an RTA header
Many sites will just set the header by default. Now you've created a problem.
> then progressively fine them into oblivion.
This does nothing. See: Ofcom vs 4chan.
> device mandates
Mandate that the device provide an API for child protection software. Then it's up to individual parents to decide to install that software or not. Then we also get competition in this market rather than relying on whatever solution an intern cooked up one day.
Many sites will just set the header by default. Now you've created a problem.
I am not seeing a problem. Kids need not access those sites unless the parent or legal guardian approves it. Sites meant for children would not be adding the header.
[1] - https://news.ycombinator.com/item?id=47953096
Is Wikipedia "meant for children?" Should they be fully denied access to it? Should Wikimedia be fined if they make a mistake? If they get fined often enough do you think they'll just turn the header on everywhere in order to avoid risk?
Replace Wikipedia with any other mixed content site you prefer.
- Browser detects header. Prompts for local password to access site.
- Child does not know password, picks a different site or begs parent for access.
- This is now between small child and parent. No third parties, no tracking, no telling website the users age, no local or remote API's sharing data.
- At some point if all goes well the child will be an adult and will thank their parent for looking out for them when all their friends data was sold and abused.
Your cite is an earlier post of yours which says
> The one and only method I will participate in is server operators setting a RTA header [1]
and that cites a still earlier post of yours
> I stand by my repeated statements of how this could have been solved simply using an RTA header [1]
which finally actually cites¹ something that explains what the heck on RTA header is.
It would be quite a bit more reader friendly to cite https://www.rtalabel.org/page.php rather than make the reader traverse a linked list of comments to get there.
¹https://www.rtalabel.org/page.php
The problem is that the point is to root everyone's devices. Anyone explaining how easy this is would be pushed out of the conversation as fast as if they were advocating for single-payer healthcare.
edit: I've been advocating the nearly identical but opposite solution - restricted access sites shouldn't respond to requests that lack an appropriate age/content restriction header. If they do, jail them.
They're literally going to have to do this anyway. Rooting people's devices to force them to lie about their age when they install their operating system is an absolutely fake pretendy solution; the only way it works is if you have to verify your age with some government agency when you install an operating system, in order to make that OS age official. The point is the identification.
It's still a stupid unconstitutional law, but I see what the aim is, even without strawmanning it.
Different states, countries, and multi-country organizations that have legislated in this area or are working on legislating in this area have went with many different approaches. These differ in their scope, how age is verified (or even if age is actually verified), what documentation is required (or even if documentation is required), whether they apply to the web or to apps or to both, whether they make anonymous use harder or not, how much if any sensitive information they disclose to the apps/sites that need to check age, whether they could allow government to track your usage, and in other ways.
Most ridiculous are the comments that after saying how bad it is (clearly talking about things not in the California law) then say how it should work and describe something close to the California law.
It is kinda silly to read comments that do what you mention at the end (have a seemingly novel idea to fix the issue at hand and their solution is the one from TFA). That's just embarrassing.
But I feel like the rest of the discussions are fair game.
this act is pushed by the NGO 501c3 called Common Sense Media, their donors include Bezos, zuckerberg, and other rich people.
The same NGO also created a platform called Bandio that provides age verification services. How convenient.
Legislate restrictionist policy today that manufactures demand for age verification service, and then rollout the solution for $$$.
How convenient, muh free market capitalism.
Common sense media also earns $15 mln revenue from licensing its content rating technology.
Did someone write California Internet legislation without consulting any California Internet companies?
Did some California Internet companies write California Internet legislation?
Did some other party write California Internet legislation?
Meanwhile, while the overall writing clearly indicates the author has a very narrow view of "computers", the definitions of the terms is so broad that every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
Why do I keep seeing this bullshit exaggeration? It doesn't help anything to make such ridiculous statements. Nobody's microwave oven has an app store.
Meanwhile, Samsung refrigerators can have an app store.
https://captaincompliance.com/education/meta-is-spending-2-b...
I still get downvoted for pointing it out and trying to ground the conversation in facts. As you noticed the story continues to thrive on bad news sites and social media.
It’s amazing how that one AI slop project that made this claim got so many people to believe this number.
Spreading this disproven AI slop around isn’t helping. It just makes opposition look like uninformed conspiracy theorists who can’t fact check anything.
During the meeting, Meta executives, including Antigone Davis, global head of safety, are understood to have argued that any age checks should be handled on a smartphone operating system rather than by the likes of Meta.
https://www.yahoo.com/news/politics/articles/meta-urges-labo...
Source: Some guy on Reddit, trust me bro
Why would it affect the entire world?
One technological backwater is Having A Massive Sad over people using rude words on the internet, so they think they can tell everyone else what do to?
The bill is written 'do good, stop bad stuff by establishing a committee or group to make sure fund good stuff, bad stuff doesn't happen' then the law passes and lobbyists write the details that fund the programs that tax the people that generate the income for companies that donate to the politicians that sell their votes to the lobbyists and interest groups.
California politicians start with the end goal "maintain power, secure revolt, obtain capital, deny failure".
It goes beyond lying to your face. They will be convincingly genuine, heartfelt, while finding a way to extract as much as possible for themselves, by extension their party, by extension the 'government' and do absolutely anything to keep the illusion that you have a choice, a vote, and a voice.
I lived here my whole life. These politicians are evil. Lie, cheat, and steal - deny if caught, punish if provoked.
This is the classic "what we're trying to do is bullshit on a fundamental level so we're gonna just exempt random things until it becomes a niche issue and we can just do what we want and from there we'll just close all those exceptions over time" move.
Give it 5yr and you'll have idiots in the comments talking about how the "linux loophole" was a mistake and should be closed.
Source: history
If OSes that don't verify the age of their users are a genuinely unsafe for children, why should they be allowed just because they are open source? That doesn't seem to mitigate dangers associated with age in any away I can identify.
It's kind of a hard problem and legislators are inclined picking the lowest hanging fruit. Their primary concern is to not be smeared as child predators by their political opponents at the next election, eg "jwitthuhn voted to give gambling websites, pronographers, and pedophiles easy access to YOUR children - s/he OPPOSED age verification laws on internet sleaze!! Who's jwitthuhn really working for - you, or the people who want to exploit your kids?!!"
One can point out that such electoral pitches are dishonest bullshit until one is blue in the face, but the fact is they work on a lot of voters because most of them are not smart and don't have the energy or inclination to research every issue. And it is true that there are a lot of hustlers on the internet who are willing to either passively or actively exploit kids, and the anonymity, non-locality, and technical complexity of the internet makes that relatively easy to do and hard to prosecute. Legislators offer simplistic solutions because that's what a most of the public wants, and people often make their voting decisions based on emotional factors rather than cold rationality.
You don't need mustache-twirling villains saying 'let's impose burdensome techn regulations that perpetuate oligopolies and allow me to make another trillion dollars, a few million of which I'll send your way, mwhahahaha' to get shitty legislation (which is not to say they don't exist). It will emerge naturally by default if other conditions are right.
Banning or limiting addictive features like algorithmic feeds would be regulating the companies.
Desktop and mobile Linux is an extreme niche and alternatives to Linux are practically nonexistent. I'm not surprised law makers might not have known that there are operating systems not made by for-profit companies.
Maybe it should say, the software 'code' - requiring open source code - and to do it all 'for free'.
Where does it say that? Not in the GGP.
Sure, make it easy for users to do so, but it's a users choice.
Kids don't buy phones or computers, their parents do, and during initial setup, parents could choose "this pc is used by a child" option, input some override password to disable this in the future, and the phone could block whatever needs to be blocked.
It wouldn't take much for a kid to buy a phone or computer.
Really, my main complaint comes down to: I completely disagree with what these services choose to restrict for kids and what they allow.
They block my kids from doing things I have no problem with them doing and they allow things I would never want my kids to do in 1000 years. It is incredibly frustrating.
Often times, there is literally no way for me to bypass some stupid restriction they put on my kids, so the only way I can get it to work is to help my kids lie about their age… and at that point, I lose the ability to actually block things I care about.
These laws are just going to make it worse. I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself, and you can choose some presets for parents to use, but don’t force me to use your definition of age appropriate.
I agree. Parental controls have been the norm for thirty years. The adult who owns the device should have control over it, not Microsoft or California.
New Mexico Child Safety Case ($375 Million) was an actual judgment.
US class-action privacy lawsuit was a $725 million settlement, with no judgment.
These laws were proposed as soon as it was clear Facebook would not win. They move the liability to the Operating System, exempting Facebook.
My main thing is I want to be able to opt in or out of various filters. I don’t mind if my kids want to listen to music that has swear words, but I don’t want them watching videos where they give horribly sexist pickup artist advice.
This isn’t just about what I feel is age appropriate, either. It is also about what I know about my kids.
My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her. On the other hand, my 7 year old is obsessed with scary things and I don’t mind if he plays zombie video games.
The difference between this and the usual "parental control" mechanisms is that what you're describing here is something the child wants to cooperate with, voluntarily. In which case, you don't need a mechanism that makes it absolutely impossible; you need a mechanism for helping them not see things they don't want to see. That's something some adults also want (e.g. tools for preventing oneself going to Facebook, or going to TVTropes for too long).
Do you want to alter behaviors or lock children in a gilded cage?
Would you say the same of eg: parents giving alcohol or smoking to their teenagers?
I would never tell another parent they were wrong for choosing not to allow their kids to use the internet or consume certain types of media. Those are very personal choices.
My wife and I have deliberately have chosen what to allow our kids to do, and continually have talks with each other and with the kids about our internet usage.
I don’t feel the need or desire to seek advice or approval from random internet commenters.
What is maddening is how often people think such laws are about limiting the influence of "big tech." Big tech isn't going anywhere because of these laws, you are.
Megacorps seize the demand for regulation (to regulate them) in order to write regulation that purportedly does that, but in practice mostly closes the doors behind them and cementing their stranglehold on society. For Microsoft, Apple, and Google it's a small thing to agree to age verification if that means all the potential competitors will have to do so too.
The cheapest time to shut down a competitor is before they get to market.
Steam itself does age verification, which when you first boot a steamdesk, afaik it forces you to log into steam before you can do much of anything without some initial hackery. That said, once in there's nothing stopping them from launching into desktop mode, launching firefox, and watching pr0n that way.
Sadly the solution is still for parents to do real parenting, but that's like saying stupid people shouldn't breed.
The reason is simple: the pattern I see hints that there is:
a) money spent, to push through age-sniffing, and b) it is happening almost globally.
I am not necessarily saying that all this can be singularized down to one bribe-using company, be it Meta, Google or what not, or state actors becoming beyond Evil. But just as the butterfly effect is used as analogy how a strong wind can be created further downstream, I see the situation here VERY similar. To me it is not confined to age-sniffing. Remember the sudden declaration of war by the UK against VPN. This is in my opinion connected here. The goal is not "protect the children" but instead spy more on people than before. A gradual extension of this. And some companies and private interests will benefit. See also the recent Palantir claim made against London aka "the major is responsible for more robberies when he refused to obey to our rule". These companies are greedy - and insolent.
… doesn’t that excuse Android and possibly XNU, too?
Or, they can have a license like the Business Source License where you can copy, redistribute, and modify the software but you can't use it commercially. This goes against OSI's open source definition.
We emailed this amendment to Buffy Wicks's staff:
§1798.504(f) This title does not apply to[...]:
(4) An operating system or application that meets both of the following conditions:
(A) The operating system or application is distributed under license terms that permit a recipient to copy, redistribute, and modify the software, including for commercial purposes and without payment of a royalty or fee.
(B) The operating system provider or developer does not, by technical or contractual means, prevent the recipient from installing modified versions of the software on a device on which the unmodified version operates, and does not restrict the functionality or interoperability of modified versions.
> copy, redistribute, and modify the software
Shouldn't that specify the code not or not only the software? For example, the corporate Windows license allows the corporation to copy, redistribute (internally), and modify (via group policy, APIs, or development on the Windows platform) the software. The big difference between that and Linux is licensees can't access the code. FOSS requires free access to, use of, modification of, and redistribution of the code.
I think we have our answer.
Of course this also means that the nerds who use linux or lineageos get to win cool points because they can access more adult stuff
It reminds me of clients wanting some stupid feature from app developers which does not fit into anything, and makes no business sense, and therefore creates only problems.
Likewise, you'll have Microsoft and maybe Apple pushing for Linux to be included for, again, entirely self-serving reasons. Microsoft is never one to miss an opportunity to benefit Windows.
All that's going on here is competing corporate interests. Likely nobody in power actually cares the actual end users.
As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online. Advertising to children, harmful impacts of social media, cyberbullying, addictive behavior and selling the data of minors needs to stop. How we get there is unclear. Meanwhile, everyone responsible is just trying to limit and shift their legal liability and that's it.
[1]: https://www.politico.com/news/2025/09/13/california-advances...
[2]: https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b...
In jurisdictions taking the California approach Meta does not need to ask for anything like that. Their app just has to ask the OS, which reports the age bracket that was entered when the user account was made on the device, and the OS gets that information from whoever set up the account. The OS trusts whatever is entered at that time. No driver's licenses or passports or face scans or videos are involved.
> As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online
...and this is pretty much the way to do it with the least impact on privacy and anonymity possible without first building up some high tech cryptographic infrastructure that would likely include hardware requirements that would, at least at first, exclude users who do not have an iOS/iPadOS or Android device that has a secure hardware element.
Let's be clear what this means, "Meta is going to require" something. They'll require it to continue to do something, which is namely to be a bad company, running bad services, without pivoting to something else.
Of course, no one requires Meta to continue to be Meta. We'd protect people by requiring companies like Meta to request PII outright, because then the user is explicitly prompted to decide whether using Meta's services is worth surrendering their privacy. And if consumer sentiment and market forces mean anything anymore, that will incentivize Meta to replace their bad services with better ones, ones that don't cause them tricky liability issues.
In other words, forcing operating systems to demand PII from users from the get-go, regardless of the quality of that signal, and to broadcast that to any website, is not, as you put it, "the way to do it with the least impact on privacy and anonymity possible", etc etc. The "way to do it" is to phase out this rotten era of surveillance apparatus disguised as social media companies.
Sorry for being irate, it just feels like so many people these days arrive too quickly (for my taste) at conclusions without testing certain popular assumptions about the inevitability of tech oligarchy.
Just cuz today's ad-supported social media is bad for kids, doesn't mean everyone should have to verify their identity to use it. You can just make it 18+ and if kids lie to get around it that's not the end of the world. And in general, regulations that would make these things better for everyone would be better rather than just saying kids can't use it and not fix the actual problems with them
- an "extended machine": provide usable abstractions over the hardware to reduce complexity to a manageable level
- a "resource manager": provide for an orderly and controlled allocation of the processors, memories, and I/O devices among all the various programs wanting them.
By that definition, Linux is very much an operating system... unless by "Linux" you meant the kernel only without the additional tooling (systemd, libc, coreutils, shell, etc.) that distros ship with.
[0] https://en.wikipedia.org/wiki/Andrew_S._Tanenbaum
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
As for what drove him instead.. I suppose we will never know.
All we can know for certain is that the whole thing felt _very_ inorganic and not like something a reasonable human being would just start doing out of the blue.
(Corporate) politics love plausible deniability, so maybe it was just inherently human randomness. I'm sure it was. Please move along.