Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
why are the harm reduction methods we have now not being used?
That’s a thorny question. The main ways we currently got either involve the sites in question collecting personally identifiable information, such as government issued ID, and making a determination as to what to serve based on the information that contains, or the sites adhereing to a voluntary code, such as RTA, to include an identifying header, and parents installing, configuring and maintaining the software or services to restrict access. The former method is obviously dangerous as it requires handing over your ID, and the latter is all voluntary and so there is little impetus to do it, and the complexity will also act as a deterent for parents. Turning it around and just having the computer send a flag for the age bracket gets rid of the need to transmit personally identifiable information and makes the parents’ setup job much easier with a one-shot, tick a box and carry on, process.
cough
https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/
Yes, this is precicely why a client side flag is so much better than a server side “send your ID documents to a third party” system. As I said, the Californian bill seems to have no requirement that the OS account creation process actually checks the value entered, just that it requires it at setup.
and it’ll be full of holes. gov agencies are not known for bringing “a game” to tech laws… lol