Yeah, it feels like a junior engineer fresh out their undergrad algorithms course. The business isn't going to grind to a halt and wait until you build the perfect solution.
Regardless of whether pornography is, or should be legal, average exposure is now 11 years old. That’s average, many kids are even younger.
If this even prevents 95% of kids from accessing pornography until they’re 15 and get a debit card to buy a VPN, that’s a win in the eyes of most parents and legislators. It doesn’t need to be perfect, or even perfectly force you to be 18, to get the primary job done. Pointing to “a 16 year old can get around it with a VPN” is missing the point. It’s not a surprise why that argument falls on deaf ears.
Or, another one, “just use parental controls,” have you even tried this? Almost all parental controls are horrifically buggy, full of loopholes, and these kids can just borrow each other’s technology. Apple’s parental controls predate HTML5 (literally, HTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert fluent in Microsoft, Apple, Google, Nintendo, and other products all at once. You might as well get CompTIA certified. That argument also falls on deaf ears.
> Apple’s parental controls predate HTML5 (literally, XHTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert. That argument also falls on deaf ears.
The solution, then, ought to be to pass a law requiring some sort of standardized parental controls that allow trivial set-and-forget management. Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode. Does this not solve the "prevents 95% of kids from accessing pornography" threshold of effectiveness while being infinitely less invasive?
> Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode.
Wouldn't even need to develop anything new for this outside of a simplified UI over an MDM. Devices already support an incredible amount of monitoring and control, even iDevices, via MDMs.
But MDMs are for now only business/enterprise products, and are priced as such.
Makes me wonder if there's a market there for someone to just package up a consumer-focused, dead simple to use MDM. Enroll with QR code, set up some default policies, etc.
> The solution, then, ought to be to pass a law requiring some sort of standardized parental controls that allow trivial set-and-forget management. Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode. Does this not solve the "prevents 95% of kids from accessing pornography" threshold of effectiveness while being infinitely less invasive?
This feels like an idea out of a previous era; where a lone family computer sat in the living room. There are so many devices now, we can't assume we control or know about all devices our children may have access to.
> There are so many devices now, we can't assume we control or know about all devices our children may have access to.
This is specifically a solution for a world with many personal devices. The devices a child has access to are their own (in child mode), someone else's being lent to them (the analog loophole, not solved by child mode or proof-of-age), and public devices at schools, libraries and the like, which are typically locked down.
Not at all, it's extremely forward-looking, due to its distributed nature, clean separation of responsibilities among sites, manufacturers, and parents, each doing their part to influence the end result to the appropriate extent. Sites should inform clients about the nature of the content, clients should be configurable to accept or reject various kinds of content, and parents should enforce configurations on devices their children use.
Parents cannot abdicate responsibility for what their children are exposed to.
It’s a better argument, and would gain more political ground, than do nothing.
However, there’s one major problem: Most families aren’t actually using the multi-user capabilities of their devices. Many devices, like iPads or iPhones, just don’t support multi-user at all.
The result? Either parents are tech experts again, or have deep pockets to get everyone a device, or you’re going to have a bunch of kids logged in as their parents on their devices (as is already the case). Of course, that defeats the policy goal. That’s a non-starter, unless we agreed that a device manufacturer could force a biometric check when accessing an age-verified device account.
Nobody has proposed such a thing; but if there was a good way of making sure that the age-verified user is the actual person engaging with the age-verified account, then we might have progress in that direction.
Personally though, I would really prefer to not have the government get any ideas whatsoever about dictating firmware or OS security or OS parental control requirements. Do you really want your Linux distribution mandated to implement an age check firmware with phoning home requirements to a government parental control server?
That's not a major problem. Also, how does age verification fix things in that scenario if a child is using their parents device?
If a parent can't be bothered to pin-lock their device or flip it into child mode then there is no technological solution. Now you're the one looking for the perfect solution that doesn't exist.
> Also, how does age verification fix things in that scenario if a child is using their parents device
Because the age is verified at the time of access; instead of once during initial setup. Odds are that the former will catch far more flies than the latter.
Your employer probably does the same. Do they have you log in once when you set up your laptop, then comfortably happily say it’s you for the next three years; or do they have you sign in every morning?
> Because the age is verified at the time of access; instead of once during initial setup.
Is that really how it works? Every single time you visit any website on the Internet or launch any app it's going to age ID you? I don't think that's right. You validate your account and then you login and you're good. If someone else uses your account, they are you.
And as you said, people share devices but it's also usually one account per app per device. You have to go out of your way to sign out of each individual app or website.
> Regardless of whether pornography is, or should be legal, average exposure is now 11 years old.
You make it sound like historically it was much later but actually even in the 1980s 11 years old was common. In fact, that matches my own personal experience from that era.
> Or, another one, “just use parental controls,” have you even tried this?
Parental Controls is the right answer but absolutely agree that parental controls suck. As a parent, I'd love just any level of better control. I don't even care if I have different controls per manufacturer as long they're pretty complete and capable.
If the EU can mandate USB-C, they can mandate all technologies include powerful and capable parental controls.
There is no need for age verification -- parents know how old their children are. Parents are providing children with the devices and often the means of connectivity as well. This is and has always been a parenting problem. If the government wants to assist parents, I'm all for that. But age verification is not the answer.
> Parental Controls is the right answer but absolutely agree that parental controls suck. As a parent, I'd love just any level of better control. I don't even care if I have different controls per manufacturer as long they're pretty complete and capable.
> If the EU can mandate USB-C, they can mandate all technologies include powerful and capable parental controls.
> There is no need for age verification -- parents know how old their children are. Parents are providing children with the devices and often the means of connectivity as well. This is and has always been a parenting problem. If the government wants to assist parents, I'm all for that. But age verification is not the answer.
We no longer live in the era of a single family computer. Parents don't know about all devices their children will use to access the internet, so filters aren't going to cut it.
A good implementation of age verification would assist parents, as you suggest, while denying control to the government. IMO parents should always be able to bypass the block for their children. If the government wants to "block" Wikipedia, the parents should be able to give it back to their kid.
> Parents don't know about all devices their children will use to access the internet, so filters aren't going to cut it.
Parents own their network. They can easily issue root certs to devices on their network or deny access to non allowlisted sites. They can require a proxy to hit anything outside the allowlist too.
Then they can not only see what sites their kids visit, but they can also set up some models to check all media for naughty content. It's not a hard thing to solve as a parent and prevents mass surveillance outside your local network.
> We no longer live in the era of a single family computer.
In that era, there were always other family's computers.
> Parents don't know about all devices their children will use to access the internet
That's why we need the parental controls! That's the entire purpose. All devices that all children have everywhere were given to them by an adult. If they have Internet access, some adult somewhere is paying for that service. We simply want more control over those things that is easier to manage.
It's not parental control; it's governmental control. Yes, parents can bypass it for their children but that doesn't mean it's parental control. When you have to provide your own ID to access a site your parents are not involved.
> mandate all technologies include powerful and capable parental controls
That is, until Linux is also forced to come into compliance with said parental control standard, complete with all centralized reporting and remote restriction capabilities.
> This is and has always been a parenting problem.
What do governments do when everyone has the same parenting problem? Listen to industry idealists, like those who would call teenage smoking a “parenting problem,” or crack down?
> That is, until Linux is also forced to come into compliance with said parental control standard, complete with all centralized reporting and remote restriction capabilities.
Linux is fine. Someone can build the ultimately perfect parental control software for Linux and I'll use it. The same cannot be said for Windows, Android, or iOS -- third party system cannot exist for those platforms that are sufficient unless they're made by Microsoft, Google, or Apple respectively. Perhaps we just have to mandate an open standard. In fact, I would prefer that.
> What do governments do when everyone has the same parenting problem?
> Linux is fine. Someone can build the ultimately perfect parental control software for Linux and I'll use it.
You can't build a perfectly secure system and still respect the user's freedom. The perfect parental control system is by definition also going to be the ultimate rootkit - or else you'd just boot your own kernel which perfectly fakes the parental controls.
In such a world you wouldn't be allowed to build your own OS, only boot a pre-approved image. The Linux community is not exactly likely to participate in this.
No solution is perfect but we already have secure boot. It doesn't even have to mandate some pre-approved image; it just has to be an image that I approve and lock. This is already a well solved problem for corporate environments.
You miss the point. I want all the power. Let me install and configure a Linux image of any sort and then lock it down. I am root. My kid is a mere user.
There is nothing terribly difficult or even controversial about that.
This is no lie: My son brute-forced the parental control pin on his iPhone. For over 6 months, he would just try random combinations while in bed at night. One night, I don't know when, he found the right pin.
I'm not sure how long he had it bypassed before we figured it out.
> Almost all parental controls are horrifically buggy, full of loopholes, and these kids can just borrow each other’s technology.
... and the centrally imposed, one-size-fits-all, politics-first age verification system you want will of course be free of bugs, loopholes, opportunities to borrow devices, or whatever.
That's good, since you want to apply it to every single person on the Internet.
> Regardless of whether pornography is, or should be legal, average exposure is now 11 years old. That’s average, many kids are even younger.
Okay, then don't give your kids access to the internet if you're so concerned, in the same way you wouldn't leave the liquor cabinet unlocked.
People did it for millenia. It worked fine. We don't need any solutions, the solutions already exist.
The problem is that you're not happy with parents not caring. You want to repress parents rights, and do it yourself, because you are greedy and have delusions of grandeur.
To me, if the parents of the actual fucking children don't care, then why should I? They're not my kids. They're your kids. Do something about it. If you do nothing, then I'm going to assume it's not a real problem at all and this is just some sort of society wide delusion.
