Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
On what OS? Microslop Windows? On my computer no one is notified when an account is created. And the account list isn't visible when I log in. I log in to the TTY.
Now, granted, I am not the norm. But my OS falls under these regulations. So what is my OS vendor supposed to do? For that matter, who is the vendor? What if I were using LFS? Who even would be the vendor for LFS? It's not even a distro!
When you provision a Windows, Mac or Chromebook these days as a child's device using your parental account, it will require a parental account to enable new user accounts and/or re-enable guest user on the device.
Like I said - my preference would have been for Microsoft, Apple, Google and Meta and TikTok to have made an industry effort to educate parents about the existence of such tools a priori of any legislation, we could have avoided Linux etc. getting sucked in.
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.
If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.
With 3rd party software parents are controlling what software is used, they have the ability to decide which kinds of content are appropriate for their children and can be allowed and which types of content should be blocked. They can black/whitelist as they see fit. All of the power is in the parent's hands. This law gives parents one choice only: "Do I honestly tell my OS how old my child is". That's the end of the parent's involvement and the end of their power.
And cheat devices can be taken away as soon as the parent notices them.
It is also the wrong model. Instead of creating child-safe devices, just like there is a difference between toys and power tools, this regulation pretends that all devices are child safe and parents have to figure out which ones really aren't.
