this post was submitted on 09 Mar 2026
44 points (100.0% liked)

Privacy

9189 readers
209 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
44
US state laws push age checks into the operating system (www.theregister.com)
submitted 1 day ago by floofloof@lemmy.ca to c/privacy@lemmy.world
17 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Zagorath@aussie.zone 17 points 1 day ago (3 children)

In the OS is where it belongs. But not like this.

Parental controls is the answer. The OS should be required to support robust APIs that allow parents to set the age of their child and prevent children from accessing apps or sites (via browser APIs that hook into the OS APIs) that are out of the age range. The only actual "verification" should be parents choosing to type in the number.

[–] ParlimentOfDoom@piefed.zip 5 points 1 day ago* (last edited 1 day ago) (2 children)

There should be no mechanism broadcasting age information. Flip it, make websites contain content tags, browsers/OS would then block based on opted out content. Parents get controls, we get to keep our privacy.

[–] girsaysdoom@sh.itjust.works 1 points 1 day ago

I was literally just thinking this right before reading your comment. There is no justification for this implementation outside of controlling and tracking your citizens.

Also, it's nearly impossible to implement how they want since IOT devices exist so it doesn't really make any sense as ruled.

[–] Zagorath@aussie.zone 0 points 1 day ago* (last edited 1 day ago) (1 children)

Honestly, that is how I would prefer it be done. But it isn't what OP asked for.

It would have to be set at an operating system level, with the OS providing an API for the browser to use, while the os itself restricts installation of unapproved apps (and to work, installation of apps would have to use an allow-list or a similar age-tagging system, where any app that includes general web access has to be 18+ unless it also implements age-gating correctly).

But yes, this would be the best system. Parental controls have never been very successful in the past, but I think part of the reason for this is that they've never been properly supported up and down the stack. The government should mandate that it is supported the whole way, so that parents really have the tools they need to enforce parental controls.

Edit: I thought this was a comment in another thread. My reply here only makes sense in that context.

[–] ParlimentOfDoom@piefed.zip 1 points 17 hours ago* (last edited 17 hours ago)

Regardless, we should not be pre settling for a terrible policy just because it's better than an even worse policy. It's not up to us to solve how to do something that is indefensible. Not when the started goal has a much better solution that isn't an assault on privacy.

[–] psycotica0@lemmy.ca 3 points 1 day ago

For sure. If we wanted to protect kids with no intrusion we'd just make an HTTP header that was "user age" and then let the sites decide what to show and what to block. Porn sites don't want to show dicks to 6 year olds, it'd be 10 seconds to make an nginx rule that says "if user age < 18, show static error page".

And that's it, easy peasy. If we wanted to, at that point we could start suing individual sites that choose not to use that information in order to get compliance, but probably we don't need to, since it's pretty easy to support and like I said, there's no money in showing these things to kids anyway.

But that's not what it's about.

[–] The_Decryptor@aussie.zone 2 points 1 day ago (1 children)

That's effectively all the Californian law requires, and it doesn't even expose the age details to apps that ask for it.

[–] snooggums@piefed.world 1 points 1 day ago (1 children)

The California law requires everyone to show their age, not just kids.

Forcing companies to respect voluntary parental controls is not even close to demanding everyone to prove their age.

[–] The_Decryptor@aussie.zone 0 points 1 day ago* (last edited 1 day ago) (1 children)

The California law requires everyone to show their age, not just kids.

No it doesn't, at all. In fact it specifically says it only applies in the case where it's a parent setting up a device for a child.

You can read the actual law, it's short.

(a) (1) “Account holder” means an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state.

(2) “Account holder” does not include a parent of an emancipated minor or a parent or legal guardian who is not associated with a user’s device.

(d) “Child” means a natural person who is under 18 years of age.

(i) “User” means a child that is the primary user of the device.

(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.

[–] snooggums@piefed.world 1 points 1 day ago (1 children)

(b) “Age bracket data” means nonpersonally identifiable data derived from a user’s birth date or age for the purpose of sharing with developers of applications that indicates the user’s age range, including, at a minimum, the following:

(1) Whether a user is under 13 years of age.

(2) Whether the user is at least 13 years of age and under 16 years of age.

(3) Whether the user is at least 16 years of age and under 18 years of age.

(4) Whether the user is at least 18 years of age.

Number 4 wouldn't be a thing if it didn't apply to everyone.

[–] The_Decryptor@aussie.zone 1 points 1 day ago (1 children)

If the API can't respond with "is an adult", how should it respond when an adult is using it?

[–] snooggums@piefed.world -1 points 1 day ago (1 children)

The API should work like parental controls: Is a kid and age bracket/meets minimum age. Anything else is a NULL or no age value.

If you have to say you are 18 then it applies to everyone.

[–] The_Decryptor@aussie.zone 2 points 1 day ago (1 children)

Then that is the 18+ age signal. "This user is not covered by age restrictions" implies they're older than 18.

And as the law says...

(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:
(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.
(B) Share the signal with a third party for a purpose not required by this title.

[–] snooggums@piefed.world 0 points 1 day ago

Parental controls don't apply to anyone not using parental controls.

This applies to everyone.

Do you get how those are two very different things?