The point is there are much better ways to enforce this - like just setting up proper parental controls on a device.
Kids can’t buy their own phone. So parents can always enforce stuff at a hardware level if they set it up properly. It would be much better to just mandate that phones set up with a kid profile cannot access social media.
The problem isn't an individual kids phone. It's their peers devices, or other ways they can explore the internet that isn't under their guardians control. This is a systemic issue that requires systemic approach. I am not making any claims about the qualities of currently discussed systemic solutions, but I do want to point out that the 'parents can just' argument is missing the mark.
All of the kids will get a fake account and a VPN? Putting barriers in place will likely have some effect in the intended direction.
> This assumes that it will actually solve the problem anyway
I wouldn't expect any policy to _solve_ a problem in such a way that the problem completely disappears from the world, much like theft being illegal doesn't eliminate theft, but it sure distinctiveness it for a lot of people.
You do know that many sites don’t work with a vpn. Like this one. You can’t create an account on HN with a vpn. Also, countries are starting to ban vpn ip blocks entirely. In fact, turkey was monitoring tor entry nodes and disappearing whomever provided them. Banned tor pretty damn fast. Vpns can be turned off in a snap.
I promise you that a hacker news does not have all known public VPN egress IPS blocked.
Even the big commercial providers that are advertising all over YouTube are constantly changing IP space so they can keep their customers able to pop into another Geo region and still get Netflix.
I've been battling with locking down my kid's devices for much of my life.
I haven't found a parental control feature that works: we've tried several, but, generally, nothing survives the 'Hey, I'll just factory reset the device and start with a clean out-of-box-experience' bypass. Kids can figure this stuff out.
Even when we thought that things were under control, kids can easily procure new devices. Many families don't dispose of their old phones; it's not too hard for kids to find an older model that's been sitting around collecting dust, bring it to the schoolyard, and trade it like a baseball card.
I wish I had a good answer, and, distasteful as the age-verification might be, I'm open to such draconian measures at this point. If you say there are better ways to enforce this, I'd honestly love to hear the specifics.
I'm fairly sure that Android requires parent permission to reset a device if it's a managed child device. Overall, the parental controls on Android have been sufficient for what my family has needed.
It seems like it should be relatively easy to create a dead man’s switch that sends you a message after a factory reset, and then you just take away the phone for however long is appropriate. Do most parental control tools just not include that for some reason?
That is definitely a difficult battle to fight, but why do you think kids can't bypass these government-level restrictions just as easily as they can your own? Especially since governments are usually slow to respond to whatever method of bypassing it is used, if they respond at all (especially once it's no longer the topic of the minute).
People can bypass these restrictions with video game character creation tools, with generative AI, with a VPN (something that's very hard to ban in practice because corporations rely on them, and of which some are free), with copy-pasting random ID photos from the internet, with borrowing a parent's or teacher's or other adult's ID, with using a website scraping alternative (some of which can be self-hosted, or hosted by one child for many others) instead of the website itself, and so on. Heck, they can use websites hosted in Russia (or other countries), like a lot of pirates do.
And whatever the easy bypass method ends up being, they'll all end up knowing it, because they go to school and talk to each other, and because they'll always have at least some access to some parts of the internet no matter what.
Meanwhile, these age verifications laws are labeling all the children (who don't bypass it) as children, and that information WILL be leaked, inevitably, as it already has been (from Discord, for example - a service that shamelessly retains and processes every message it hosts, even after the user 'deletes' it).
When ID info is leaked, it leaks the child's age, their real name, and (often) their real address, their phone number, and their appearance. A surprising amount of information might be deducible from any selfie or video that was required. And in combination with an app's other data (or other data about them that has been included in databases and/or leaked and/or shared on the internet previously and which can be matched to them based on email or phone number or username or browser cookies or IP address or etc), it can leak their interests, hobbies, hopes and fears (discussed with friends), favorite hangout spots, the name and location of the school they go to, their regular routines or travel schedules, etc - anything at all that they might have discussed via the app, or whatever might be concluded just by their proximity to their friends (e.g. maybe they don't directly know that a kid lives in X location or plays Y video game, but if every day they talk to a bunch of other kids who definitely live in X location and play Y video game, then they probably live in X location and play Y video game too).
When all that data is leaked, all that data is now available to predators. And it's very, very hard to remove it from the internet after it's out there.
That data, even just from a single leak, could make it so easy for someone to target a specific child, contact them, tailor their lies to seem as trustworthy and likable to the child as possible, anonymously harass them online, threaten them, stalk them, or attempt to persuade them that yes, he does know their parents, and they definitely sent him to pick them up from school.
To me, all these laws seem realistically likely to do is unintentionally but significantly endanger the children they claim to protect. I don't see how it can be anything but a devil's bargain, even if we only "think of the children" and disregard other concerns.
At the least, it should have been proven to be more effective than regular parental controls before even being considered as an option, but so far, it doesn't seem to be so at all. And if there's little to no additional benefit, or we're not sure if there's a benefit or not, or if it's shown to be less effective, then why ever choose it over the regular parental controls that don't carry this huge additional risk?
As to enforcing age limits otherwise, well. I confess I don't think there is any way children won't just find a way around. I think the best defense is just educating children about how to navigate the internet and its potential threats, making sure the children don't see their parents as distrusting of them or oppositional (so that they feel comfortable enough to go to their parents for help or reassurance if there's a problem, instead of hiding the problem because they don't want to be yelled at for being on the internet or such-and-such website at all), and - an element I think a lot of parents miss - making sure they have a lot of appealing options for things to do or ways to socialize outside of the internet. If you occupy their time by indulging their non-internet-focused hobbies and interests (and maybe engaging in them with them, to spend time with them), or letting them visit friends in person, then that's time they're not on the internet and likely don't even want to be. I think that this is the option that best sets up the kid to continue having a healthy relationship with the internet after they turn 18 and are even more out of your control.
That said, as far as device parental controls go: instead of focusing on phone-level controls, I recommend using your router's network-level parental controls, as well as the phone line controls for whatever company you get your data form (if they have a regular smartphone, as opposed to a more limited one, which do exist as an option). For your own wifi network, you can even set it up to use a whitelist of devices so that your kid can't even connect to it from a non-approved device. That doesn't stop them from potentially still sometimes accessing the internet using a friend's phone, but it'd cut down on how the amount time they have that access, and do so more effectively than government age restrictions. And in any case, you also can't always stop them from looking at a dirty magazine that they find at a friend's house, or from reading a hateful tract that someone hands them on the sidewalk, or from watching a terrible channel broadcast on a TV in a diner. But you can potentially influence how they handle it when they encounter these kinds of things.
This is not how any other thing that is banned for children is enforced. It makes no sense.
The person selling the age gated item needs to take lawful measures to ensure they arent selling it to a minor. Their parents have nothing to do with it.
Your solution would be that if a 14 year old walks into a liquor store and doesnt have a note from their parents saying that they arent allowed to drink alcohol, then the store should be able to sell it to them.
The proposed solution though is that all adults going into the store have to provide their full name and address and have it recorded by the store to buy alcohol - or any other +18 product they want to buy. These things are not equal.
And that is where details matter. You can implement age verification in such a way that no data gets transmitted anywhere. Ofc I wouldn't expect Meta to not take a chance of collecting even more user data and blame a law for doing it, but if the law is written well enough, it won't mandate a specific method. If it does, definitely oppose it imo.
Age verification implies that some authority, usually the tech company, checks your age. It's mandatory personal data harvesting. A method that doesn't require data to be transmitted anywhere is just local permissions and filtering. The tech company should broadcast the metadata of the content they're serving, then the decision to filter it should be made on the client-side according to the device owner's preferences. But big tech is constantly trying to sabotage this permission model by removing root from phones, mandating cloud accounts to use your computer, etc.
You can - but currently it’s all just done with random private companies that I would not trust with my email address never mind my passport or adult preferences.
Again - apple’s on device verification is a good idea for this. Apple just sends a ‘yes this is an adult’ message to reddit for example and now I can again participate in chrome up discussions.
mandating devices provide a `NoAdult` setting, so so browsers could check it and then send something like a `x-NoAdult` header would give websites a reasonable method for distinguishing minors (or people that just don't want adult content).
it's the old 80s/90s bead curtain separating the adult movies area from the rest of the video store. it keeps kids reasonably separated, and leans on parents making their kids mind. I think that's a reasonable target.
it would work without forcing every internet user that wants to use a given service from having to submit government identification, go through interviews, or sign up to massive centralized identification systems that will inevitably track every movement people make online.
if history is any indicator, those things will lead to breaches and abuse, and people's privacy will be violated.
if there's a legally mandated way for parents to stop their kids from peeking through the internet's bead curtain, that should be sufficient for most purposes.
if the argument is that bad or foreign websites might not implement it, it's not wrong, but that same problem exists with the mass-surveillance methods as well.
if you keep going down the path of forcing everything, eventually you end up with a national firewall, vpns are illegal, anything that can provide anonymity or pseudo-anonymity online is illegal, no one has privacy, and busybodies will spend all their time hunting folks for liking things they don't want them to like when the inevitable breaches come.
to your last point, sure, a 14 year old shouldn't be able to just wonder into a liquor store, but a 40 year old should.
Many parents don’t have the technical aptitude to set the controls up properly. I am a software engineer and I find it challenging to keep up with the nuances of parental control setup and how to adjust it as kids get older. Content is also imperfectly tagged and smart kids can easily find loopholes in most controls. Having a centralized ID validation system wouldn’t be an ideal solution but having something baked into the Internet itself to help parents shield their kids from inappropriate would be a good thing.
That’s what I mean by adding legislation to make it automatic.
If it’s a kids device, then it should just block social media as required by the law. I agree that right now it’s difficult to set up - but this is a choice from Apple and Google. Just mandate sensible defaults.
A hardware block is much more effective than anything else that can be faked.
Just have the phone ask ‘is this a phone for a child’ and if you select ‘yes’ then it’s done.
> like just setting up proper parental controls on a device
This is literally what is being written into California law. The OS will have an "age flag" that is configured at device setup that passed to other apps. The law explicitly was written such that it wouldn't need identity verification, but that isn't stopping scaremongers claiming it as such.
Wasn't there a (proposed) "standard" in 90s (eMediaMark, I remembered) that just added a Header to HTTP in order to have ancient browsers automatically filter adult content.
That would easily be enforceable by making a "kid mode" enabled and locked down by a parent with a password mandatory on devices. Then you could have something like this:
Make it the law that if a computer account is set up as a kids account it must send some kind of not-adult header with all requests. Enforce that in the OS so it can’t be messed with.
Leave non-kid accounts alone.
Make it the default thing that happens if you set it up as a kids account so anyone can do it.
Thinking aloud here, but perhaps the answer is in the question: general-purpose computers get a free pass. Point being that kids generally don't use such things. Because otherwise I have exactly the same question as you. It's an existential question for software freedom.
Problem now is bunches of parents don’t give a damn. So if your kid gets phone locked up others will make fun of him at school and kid might be outsider.
Other parents are the problem, not technical setups.
For people who buy a Ferrari the price is not part of the equation at all.
Also Ferrari’s whole game is demand and supply manipulation - there are always more people who want a Ferrari than can actually buy one. These will all sell out whatever happens.
Kids can’t buy their own phone. So parents can always enforce stuff at a hardware level if they set it up properly. It would be much better to just mandate that phones set up with a kid profile cannot access social media.
reply