undefined | Better HN

0 pointsPolizeiposaune3d ago0 comments

The second requirement of the California law is that there be an API available to all apps that returns the age band a user is in -- one of:

age < 13

age >= 13 && age < 16

age >= 16 && age < 18

age >= 18

A non-maliciously compliant implementation would need to retain a date of birth or equivalent until the user was over 18.

A maliciously compliant API could just wait 18 years after account creation before yielding an answer. (remember folks: "real time" does not mean "fast").

One of the oddities about the way the law is phrased is that it requires the age band information about the user be provided to "the developer" rather than to the application.

0 comments

WhyNotHugo2d ago

> One of the oddities about the way the law is phrased is that it requires the age band information about the user be provided to "the developer" rather than to the application.

So, expose it via a Unix socket only accessible to the account named "developer"?

Only half joking.

ErroneousBosh3d ago

> The second requirement of the California law is that there be an API available to all apps that returns the age band a user is in -- one of:

Is anyone actually going to bother to do this though? Why would they?

j / k navigate · click thread line to collapse