The main problem with the "report your age to the website" proposals is that they're backwards. You shouldn't be leaking your age to the service.

Instead, the service should be telling your device the nature of the content. Then, if the content is for adults and you're not one, your parents can configure your device not to display it.

My objection to all this stuff is the requirement to share government ID / biometrics / credit card info etc with arbitrary third party sites, their 228 partners who value my privacy and need all my data for legitimate interest, and whatever criminals any of those leak everything to, and also give the government an easily searchable history of what I read when those sites propagate the info back.

Any scheme that doesn’t require this won’t get pushback from me.

As an alternative: I already have government-issued ID and that branch of government already has my private info; have it give me a cryptographic token I can use to prove my age bracket to the root of trust module in my computer; then allow the OS to state my age to third parties when it needs to with a protocol that proves it has seen the appropriate government token but reveals nothing else about my identity.

Other alternatives are possible.

> if we don't do something, the trajectory is that ~every website and app is going to either voluntarily or compulsorily do face scans, AI behavior analysis, and ID checks for their users

You're going to get that, anyway. Platforms want to sell their userbases as real monetizable humans. Governments want to know who says and reads what online. AI companies want your face to train their systems they sell to the government, and they want to the be the gatekeepers that rank internet content for age appropriateness and use that content as free training material.

Age verification across platforms is already implemented as AI face and ID scans. This is where we're already at.

> I agree. I also agree with S76 that some laws regarding how an operating system intended for wide use should function are acceptable. How would you react to this law if the requirement was only that the operating system had to ask the user what age bracket it should report to sites? You get to pick it, it isn't mandatory that it be checked, and it doesn't need to be a date, just the bucket. Is that still too onerous?

What's the point in doing any of this if it doesn't result in materially better outcomes?

Exactly the same way as i do now for such laws.

It's pointless, does not increase security, does increase complexity of every interaction, and introduces a lot of weird edge cases.

What i want is full anonymity enshrined in law, while at the same time giving parents, not governments, but parents, options to limit what their children can do on the internet.

> How would you react to this law if the requirement was only that the operating system had to ask the user what age bracket it should report to sites? You get to pick it, it isn't mandatory that it be checked, and it doesn't need to be a date, just the bucket. Is that still too onerous?

Isn't that what the CA law is?

The push to do biometric data collection is entirely the result of entrepreneurs trying to get ahead before laws are passed. Their behavior is the result of the push to restrict the open internet. If we don't do anything, they will stop. You don't always have to do "something". Sometimes the harm comes by trying to do something.

> Is that still too onerous?

Isn't it just pointless?

I'm getting upset by face scan creep too. I do not like it. No sir. But mandating a self-reporting mechanism feels about as useful as DNT cookies, or those "are you 18? yes/no" gates on beer sites.

What makes you think this is going to stave off that world? More likely you'll get both, since I doubt this API is going to satisfy other states' age verification requirements.

Sadly, the only real response here is non-compliance. Recently, credit card company wanted me to provide ID upon login ( I was amused -- while my setup may not be common, it has not changed for years now ). So I didn't and just ignored it. I checked on it this month and it suddenly was fine. But then.. one has to be willing to take a hit to their credit and whatnot.

The point remains though. They have zero way to enforce it if we choose to not comply. Just saying.

Totally agree, but I think we are heading to a full intrusion system in every aspect. And this is just the beginning. Even decentralized identity systems are not that decentralized, of course.