alt Hacker NewsOkay, so the HTTP header idea seems like it would have two issues:
1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18?
2) It seems like it could be abused by fingerprinters, ad services, and even hostile websites that want to show inappropriate content to children.
Replies
> 1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18?
So namespace it then. "I'm a child as defined by the $country_code government". It's no more of a challenge than what identity-based age verification already needs to do.
> 2) It seems like it could be abused by fingerprinters, ad services, and even hostile websites that want to show inappropriate content to children.
This is still strictly better than identify-based age verification. Hostile or illegal sites can already do this anyway. Adding a single boolean flag which a large proportion of users are expected to have set isn't adding any significant fingerprinting information.
> 1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18?
It's a client-side flag saying "treat this request as coming from a child (whatever that means to you)". I don't follow what the jurisdiction concern is.
[EDIT] Oooooh you mean if a child is legally 18 where the server is, but 16 where the client is. But the header could be un-set for a 5-year-old, too, so I don't think that much matters. The idea would be to empower parents to set a policy that flags requests from their kids as coming from a child. If they fail to do that, I suppose that'd be on them.