alt Hacker NewsJust a reminder of what liability the CA age verification law imposes upon developers and providers.
It's not enough to adhere to the OS age signal:
> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
Developers are still burdened with additional liability if they have reason to believe users are underage, even if their age flag says otherwise.
The only way to mitigate this liability is to confirm your users are of age with facial and ID scans, as it is implemented across platforms already. Not doing so opens you up to liability if someone ever writes "im 12 lol" on your app/platform.
Replies
I read it the exact opposite way: you are forbidden from using facial and ID scans solely for age verification (as the OS-provided signal shall be the primary indicator of age), but if you already need to obtain the user's age for other reasons using more reliable means (say, a banking KYC law requiring ID scans) you are not required to discard this more reliable source in favor of the OS-provided signal.
How do you know all this before any court decided upon it?
> if they have reason to believe users are underage
The law requires "clear and convincing information", not merely "reason to believe". And since the law requires developers to rely on the provide age signal as the primary indicator of the user's age, developers are not incentivized to create a system that uses sophisticated data mining to derive an estimated age. If someone posts a comment on a YouTube video saying "I'm twelve years old and what is this?", that would absolutely not require YouTube to immediately start treating that account as an under-13 account.