Fuck off with your device based verification system. That’s just the same service, but as a more invasive app installed on your phone.
Instead of scanning a face or ID and uploading it to a service, we’re expected to run unverified closed source code on the device we carry everywhere in our pockets?!
Fuck off with your device based verification system. That’s just the same service, but as a more invasive app installed on your phone.
not necessarily. you give a phone to your children. you partly lock it down by setting it up as a child account, with its age. you make sure to install a web browser that supports limiting access to age appropriate content according to the age set in the system, maybe taking a parent allowed whitelist. the website is legally obliged to set an appropriate age limit value in a standard HTTP header.
that way, the website does not know your age. the decision is on the web browser.
the web browser checks the configuration in the system, that only the parent can change. it does not send it anywhere, only does a yes/no decision. if the site is not ok, it’ll show a thing like when the connection is not secure or it was put on the safebrowsing list, except that you can’t skip it, only option is to request parent permission.
and finally the age is set in the operating system, without verifying its truthiness, but once again requesting lock screen authentication.
oh and app installs need parent approval for kid accounts, like it should almost always be.
this way it’s as private as it can get. the only way a website can find out information about you from this, is to log if your browser loaded the html but not any other resources, because that means you were caught in the age filter. but that’s it.
there’s multiple pieces in this that is not yet implemented, but they should be possible with not too much work.
this is all possible with open source code, if you make sure the kid can’t install anything without parent approval. stores like fdroid could have some badge or something if a browser supports this kind of limitation.
All’s well until other countries try to implement this and you will very quickly see how nearly none of them agree with each other on which age limit goes where. In my opinion, the best way to ensure that children don’t go to certain places on the internet is to either not give them access to the internet at all or to only let them use whitelisted websites that you review yourself before adding.
how nearly none of them agree with each other on which age limit goes where.
that’s the task of the website to figure out, the device does not have to be aware of the laws. but I think is still much easier to manage than id verification.
I habe an other idea. don’t make the websites send agelimit http headers, because as you said that can easily vary by country. instead send http headers that tell what kind of content is available there. only the categories that could be questionable. that way the device (actually the browser) would decide if with the kid account’s age that kind of content is accessible.
that way the browsers need to know the age limits, and maybe it’s easier to handle it this way.
In my opinion, the best way to ensure that children don’t go to certain places on the internet is to either not give them access to the internet at all or to only let them use whitelisted websites that you review yourself before adding.
ok, and I agree, but only very few parents will do that unfortunately. especially considering that their kids could be discriminated against by their limited clasates who don’t have their access so broadly limited.
and then, you still need such a whitelisting capability, which I think does not really exist today in firefox and such browsers. addons cant solve this because they can be removed.
Fuck off with your device based verification system. That’s just the same service, but as a more invasive app installed on your phone.
Instead of scanning a face or ID and uploading it to a service, we’re expected to run unverified closed source code on the device we carry everywhere in our pockets?!
not necessarily. you give a phone to your children. you partly lock it down by setting it up as a child account, with its age. you make sure to install a web browser that supports limiting access to age appropriate content according to the age set in the system, maybe taking a parent allowed whitelist. the website is legally obliged to set an appropriate age limit value in a standard HTTP header.
that way, the website does not know your age. the decision is on the web browser.
the web browser checks the configuration in the system, that only the parent can change. it does not send it anywhere, only does a yes/no decision. if the site is not ok, it’ll show a thing like when the connection is not secure or it was put on the safebrowsing list, except that you can’t skip it, only option is to request parent permission.
and finally the age is set in the operating system, without verifying its truthiness, but once again requesting lock screen authentication.
oh and app installs need parent approval for kid accounts, like it should almost always be.
this way it’s as private as it can get. the only way a website can find out information about you from this, is to log if your browser loaded the html but not any other resources, because that means you were caught in the age filter. but that’s it.
there’s multiple pieces in this that is not yet implemented, but they should be possible with not too much work.
this is all possible with open source code, if you make sure the kid can’t install anything without parent approval. stores like fdroid could have some badge or something if a browser supports this kind of limitation.
This is kinda genius
All’s well until other countries try to implement this and you will very quickly see how nearly none of them agree with each other on which age limit goes where. In my opinion, the best way to ensure that children don’t go to certain places on the internet is to either not give them access to the internet at all or to only let them use whitelisted websites that you review yourself before adding.
that’s the task of the website to figure out, the device does not have to be aware of the laws. but I think is still much easier to manage than id verification.
I habe an other idea. don’t make the websites send agelimit http headers, because as you said that can easily vary by country. instead send http headers that tell what kind of content is available there. only the categories that could be questionable. that way the device (actually the browser) would decide if with the kid account’s age that kind of content is accessible.
that way the browsers need to know the age limits, and maybe it’s easier to handle it this way.
ok, and I agree, but only very few parents will do that unfortunately. especially considering that their kids could be discriminated against by their
limitedclasates who don’t have their access so broadly limited.and then, you still need such a whitelisting capability, which I think does not really exist today in firefox and such browsers. addons cant solve this because they can be removed.
To be fair, this already applies to any baseband blob.
Who said the device based service has to be closed source?
It doesn’t have to be, but the businesses making it claim it needs to be.