undefined | Better HN

0 pointsinkysigma8d ago0 comments

Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.

I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.

I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.

0 comments

bink8d ago

Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.

inkysigmaOP8d ago

Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.

Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.

pocksuppet8d ago

Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple. Why am I rate limited though? Dang must hate this opinion.

Aeolun8d ago

It’s because you are a sockpuppet.

nemomarx8d ago

I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).

Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.

davorak8d ago

It gives the parents the tools to age restrict things, but does not require parents to use them or use them well.

somethoughts8d ago

From a parent's perspective, that's the great part about bubbling it up to the OS user account level.

Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.

You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.

Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.

That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.

MarsIronPI8d ago

> You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.

On what OS? Microslop Windows? On my computer no one is notified when an account is created. And the account list isn't visible when I log in. I log in to the TTY.

Now, granted, I am not the norm. But my OS falls under these regulations. So what is my OS vendor supposed to do? For that matter, who is the vendor? What if I were using LFS? Who even would be the vendor for LFS? It's not even a distro!

1 more reply

autoexec8d ago

It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.

1 more reply

lich_king8d ago

So you're advocating for stronger and more invasive controls?...

I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?

The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.

autoexec8d ago

> I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop.

It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.

If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.

With 3rd party software parents are controlling what software is used, they have the ability to decide which kinds of content are appropriate for their children and can be allowed and which types of content should be blocked. They can black/whitelist as they see fit. All of the power is in the parent's hands. This law gives parents one choice only: "Do I honestly tell my OS how old my child is". That's the end of the parent's involvement and the end of their power.

17186274408d ago

I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.

phicoh8d ago

There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.

1 more reply

enoint8d ago

I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.

nullpoint4208d ago

Yeah, let's just boil the frog here. Makes sense.

MarsIronPI8d ago

Except how is this done on GNU/Linux or FreeBSD or Haiku? Who's going to implement it, who's going to ensure it can't be bypassed and who's going to be responsible if it's not?

secabeen8d ago

I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.

j / k navigate · click thread line to collapse

0 comments

bink8d ago

inkysigmaOP8d ago

Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.

pocksuppet8d ago

Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple. Why am I rate limited though? Dang must hate this opinion.

Aeolun8d ago

It’s because you are a sockpuppet.

nemomarx8d ago

I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).

Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.

davorak8d ago

It gives the parents the tools to age restrict things, but does not require parents to use them or use them well.

somethoughts8d ago

From a parent's perspective, that's the great part about bubbling it up to the OS user account level.

Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.

Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.

MarsIronPI8d ago

On what OS? Microslop Windows? On my computer no one is notified when an account is created. And the account list isn't visible when I log in. I log in to the TTY.

1 more reply

autoexec8d ago

1 more reply

lich_king8d ago

So you're advocating for stronger and more invasive controls?...

autoexec8d ago

> I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop.

17186274408d ago

phicoh8d ago

1 more reply

enoint8d ago

I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.

nullpoint4208d ago

Yeah, let's just boil the frog here. Makes sense.

MarsIronPI8d ago

Except how is this done on GNU/Linux or FreeBSD or Haiku? Who's going to implement it, who's going to ensure it can't be bypassed and who's going to be responsible if it's not?

secabeen8d ago

I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.

j / k navigate · click thread line to collapse