It's not implemented like that because the true goal of these laws has nothing to do with protecting children or age verification, and instead have everything to do with completely eliminating anonymity/pseudo-anonymity online.

They want to ID everyone, and have all user generated content attributed to a known, identified individual.

The problem is that we'd all blocklist advertisers and then they'd all cry. It's like how most mobile distros don't allow you to control relative app volume - if it might hurt ad bucks it can't be allowed.

I think it's a great proposal if we add a slight alteration. Rather than requiring parents to maintain block/allow lists, the OS should allow the parent to lock in a birth-date, and that birth-date is used by the system to generate a user-age header, from there, websites can be legally required to respect the header and maintain whatever restrictions correspond to the applicable laws. This gives sites the ability to dynamically adapt to users, changing features and laws, as well as remove the burden from the parents of having to determine which sites are safe and not.

The goal of these laws isn't to protect children, they just want to further surveillance and control of the population. While there are better ways to handle the "think of the children" concerns being invoked to justify these kinds of laws none of them would satisfy the legislators pushing them.

You've still got it a bit backwards. Websites should be the ones publishing content suitability headers. Those headers are then legally-significant assertions about the content on the site - the type of content, age/moderation policies, etc. Browsers then implement the device's configured policy based on what headers the site returns.

This requires locked down computing on the end device, but all of these proposals inherently do - otherwise a kid can always just install whatever software that sidesteps the restrictions, right? And leaving the responsibility on the device owners/makers only motivates secure boot, which is already pervasive on the most relevant devices - phones and tablets.

Your proposal puts liability directly onto websites themselves, regardless of the end user/device. This would push websites into demanding remote attestation, which is at the early days of being pushed (safetynet, wei, etc), and is the thing that is really primed to destroy general purpose computing. You know all those "verifying your device" followed by endless CAPTCHAs that are everywhere these days? Imagine that, on every site, and no way to get around it besides installing a genuine copy of either Windows 2028 or macOS 28 Pyongyang.

Parental controls have been built into Apple devices forever. Is that not the case for Android and Windows?

The biggest issue is, of course, (4) - how do you plan on enforcing that for sites that don't run out of your country of residence? Implicitly restrict access to only those sites in said country?

Who said it’s about children?! It’s about mass surveillance and building the proper infrastructure using your tax money, both digitally and legally to expand it later with ease. They start usually in a “test bed” states (like Arizona) or countries (like Australia) and evaluate, before fully implementing it.

> Require browsers to respect the device's policy for site allow/blocklist

But then HN would still riot, because you would need to require all apps to be approved by a central authority (no unauthorized browsers) OR you need to lock down browser engines to those that respect the list somehow (maybe by killing JIT, limiting network connections).

I've learned long ago, as have politicians, there is zero solution that makes tech people happy... so move forward anyway, they'll always complain, you'll always complain, there is no tolerable solution but the status quo, which is also untenable.

But how corrupt politicians will make money having such reasonable policies?