←back to thread

EFF launches Age Verification Hub

(www.eff.org)
347 points iamnothere | 1 comments | 10 Dec 25 20:35 UTC | HN request time: 0s | source

Also: We built a resource hub to fight back against age verification https://www.eff.org/deeplinks/2025/12/age-verification-comin...
Show context
rlpb ◴[10 Dec 25 22:08 UTC] No.46224574[source]
I'd be OK with an "I am a child" header mandated by law to be respected by service providers (eg. "adult sites" must not permit a client setting the header to proceed). On the client side, mandate that consumer devices that might reasonably be expected to be used by children (every smartphone, tablet, smart TV, etc) have parental controls that set the header. Leave it to parents to set the controls. Perhaps even hold parents culpable for not doing so, as a minimum supervision requirement, just as one may hold parents culpable for neglecting their children in other ways.

Forcing providers to divine the age of the user, or requiring an adult's identity to verify that they are not a child, is backwards, for all the reasons pointed out. But that's not the only way to "protect the children". Relying on a very minimal level of parental supervision of device use should be fine; we already expect far more than that in non-technology areas.

replies(8): >>46224965 #>>46225003 #>>46225048 #>>46225061 #>>46225433 #>>46236425 #>>46236866 #>>46241419 #
hypeatei ◴[10 Dec 25 22:41 UTC] No.46225003[source]
Okay, so the HTTP header idea seems like it would have two issues:

1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18?

2) It seems like it could be abused by fingerprinters, ad services, and even hostile websites that want to show inappropriate content to children.

replies(2): >>46225057 #>>46225393 #
1. rlpb ◴[10 Dec 25 23:15 UTC] No.46225393[source]
> 1) Given that it just says you're a "child", how does that work across jurisdictions where the adult age may not be 18?

So namespace it then. "I'm a child as defined by the $country_code government". It's no more of a challenge than what identity-based age verification already needs to do.

> 2) It seems like it could be abused by fingerprinters, ad services, and even hostile websites that want to show inappropriate content to children.

This is still strictly better than identify-based age verification. Hostile or illegal sites can already do this anyway. Adding a single boolean flag which a large proportion of users are expected to have set isn't adding any significant fingerprinting information.