Some ideas re: age verification (sh.itjust.works)

submitted 1 month ago by mrnngglry@sh.itjust.works to c/privacy@lemmy.ml

23 comments fedilink hide all child comments

There has been a lot of swirl around various pieces of age verification legislation and how different platforms and operating system developers are responding. I believe strongly in privacy and that the responsibility for the online activities of children is that of the parents. That said, as a parent, I think we need better tools available, especially for those who are less technically inclined. Here are my ideas:

A standard needs to be established that is open source and cross platform.
It should run at the OS level.
It should be controlled by someone with administrator access to the device / OS (a parent in the case of devices used by children).
It should be completely optional for that administrator whether they want to turn it on or not.
The only input should be birth year of the child whose account is being set up. No other personally identifiable info should be included.
All relevant sites/apps/platforms such as social media and NSFW sites should be required to honor the age indicator.

It needs to be assumed that at some point, any kid who really wants to learn will find a way to circumvent any controls but parents do need better tools.

all 24 comments

sorted by: hot top controversial new old

[-] MagnificentSteiner@lemmy.zip 12 points 1 month ago

Aren't parental controls already in place on most mainstream things?

I'm not sure how much more accommodating for the less technically inclined it can get than settings > parental controls > enable.

[+] Ghostie@lemmy.zip 14 points 1 month ago* (last edited 2 weeks ago)

[deleted]

[-] queermunist@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

What is to be done about parents who do not give a shit about what their children are exposed to on the internet?

They're not technologically illiterate. They're neglectful shitheads.

Do we mandate adult controls on machines and punish the parents that don't use them? Because that's actually not all that different from age verification laws.

[-] Chais@sh.itjust.works 10 points 1 month ago

Child neglect is not a problem that can be solved in software.

[-] queermunist@lemmy.ml 0 points 1 month ago* (last edited 1 month ago)

Holding parents accountable for what they allow their children to be exposed to would, in fact, reduce the number of children being exposed to harmful things. The question is, do we focus on the punishment side or the prevention side? On the punishment side we find the parents that let their children watch idk ISIS gore videos and imprison them. On the prevention side we force parents to install parental control software, like mandating locks on gun safes if there are children in the home.

[-] WhyJiffie@sh.itjust.works -1 points 1 month ago

not imprison them, but maybe taking away or limiting child support. but that will 100% not work with the rich.

forcing the parents to install parental control software.. that would be like, here are these approved options, and you like it or not you must use them despite their privacy policies.
instead commercial operating systems (windows, googlified android) could be required to have parental controls built in, and free software systems could apply for funding to implement it, or some other kind of collaboration.

but this is not capitalistic so it wont happen.

[-] Chais@sh.itjust.works 2 points 1 month ago

You seem opposed to the idea of parents doing actual parenting.
But for that matter, apparently so do many parents. They'd rather outsource the issue to the government, the operating system, the operator of whatever platform the kids happen to be using, complete strangers, literally anyone but themselves.
Anything to avoid talking to their offspring about porn, violence, drugs or whatever else.

[-] WhyJiffie@sh.itjust.works 1 points 1 month ago* (last edited 1 month ago)

how will the parent do the parenting when the kid can do whatever on the phone given to them when the parent is not around?

parental control software is (supposed to be) what it says it on the tin: software that lets the parent to set up limitations on the device.

built in parental controls are supposed to be options, that the owner can opt into and out of it.

[-] queermunist@lemmy.ml 1 points 1 month ago

We already outsource parenting to the government when we send our kids to public school. We send children to complete strangers to be educated because we don't have time to do it ourselves.

Are you opposed to school too?

[-] Chais@sh.itjust.works 1 points 1 month ago* (last edited 1 month ago)

Nice attempt at reductio ad absurdum. Here, let me try, too:
Since we already outsourced all the parenting, I guess you think we should all proliferate like rabbits to further feed the machine. How's that?

OK, now that we got that out of our respective systems, no I'm not opposed to school.
I think as a species we've moved well past the point where a single person could reasonably possess, let alone teach all the knowledge that might be relevant to any single person's life.
I'd also argue that, while adjacent, education is not parenting. Someone can be a teacher to someone without being their parent. Literal well as figurative.
But educators definitely require parents' help and support, otherwise teaching easily turns into an uphill battle against unwilling brats.

The point I was alluding to is, that I think it's impossible to shield children from all the "harmful information" on the internet. Not without turning it into a totalitarian nightmare, and even then I'm not convinced you could fully prevent children occasionally setting "something bad". But you'd surveil the entire population and criminalise perfectly harmless actions in the process.
Instead I think it's the parents' responsibility to prepare their children and contextualise the information they'll doubtlessly come across. They can maybe delay the inevitable with parental control software, but that's their responsibility and if they're technologically inept that's also their problem. Existing laws are perfectly sufficient, if not already overreaching.

I refuse to give up civil liberties because you're afraid to talk to your kids about porn.

[-] WhyJiffie@sh.itjust.works 1 points 1 month ago

afaik parental controls do not exist on degoogled android. windows has it with third party tools, linux does not have any

[-] TaviRider@reddthat.com 6 points 1 month ago

I think you described what Apple implemented for its Declared Age Range API. The API has one additional privacy protection, which is that the API only gives age bracket information rather than precise age.

[-] detren@sh.itjust.works 5 points 1 month ago

100% for better tools for parents. I helped set up the Google parental control on the phone owned by my ex’s sister and it was so buggy with the app not even scaling properly on their mum’s iPhone 6S back then.

[-] artwork@lemmy.world 4 points 1 month ago* (last edited 1 month ago)

There are numerous options to choose from already existing... Yet, some should just consider that the recent "age verification" were initiated for another purpose than a general age verification process. Have you checked out the recent Persona source code exposed?

Regardless, some civilian approaches to be mentioned is how the verification is handled in Baltic countries, that is Lithuania, Latvia, and Estonia, for example:

Smart-ID is the easiest, safest and fastest way to authenticate yourself online, register in e-services and sign documents...
Smart-ID can be used to log in to e-services, for online banking and for signing documents.

Source: https://www.smart-id.com/

---

Smart-ID itself has no age restrictions for its users – but age limits have been set by identity providers and depend on the Smart-ID account type and authentication method chosen...

Creating a Smart-ID account for a minor requires a parent/legal guardian to authenticate their account...

Don’t just click “continue”: read the instructions on the screen carefully and double check that all the information you enter is correct, and the whole process will be easy and stress-free... The child cannot continue with their registration until we’ve got one parent approval...

Source

For the API, for instance:

# Where can I find users date of birth?

Birth of date is encoded into personal identity code. Latvian new personal identity code format is exception though. Special birth of date field will be added to Smart-ID certificates in stages and only for Qualified accounts.

For convinience smart-id-java-client and smart-id-php-client have special function getDateOfBirth... for that. For getting that info directly from certificate see getDateOfBirthCertificateAttribute and getDateOfBirthFromCertificateField.

Source

Similar to Latvia, the number of Estonia and Lithuania has the date of infinitely magnificent event as someone's date of birth, too!

The ways in which such a system is implemented vary among countries, but in most cases citizens are issued an identification number upon reaching legal age, or when they are born...

In Estonia, a Personal Identification Code (Estonian: isikukood, abbreviated as IK) is formed on the basis of the sex and date of birth of a person...

In Lithuania the Personal Code (Lithuanian: asmens kodas) consists of 11 digits, and currently is in the form G YYMMDD NNN C, where G is gender & birth century, YYMMDD is the birthday, NNN is a serial number, C is a checksum digit...
/* ... */ C = lt_nin_checksum("3840915201");

Source

Therefore, there should be an option to verify the age without the personal identification code. And if not, just a personal number got within the age verification scope, transferred within secure government session channel, should be enough. The government, in turn, won't share such information with untrusted services - access to the API.

Related: Age verification online (...can be done safely and privately. Here's how...)

[-] detren@sh.itjust.works 2 points 1 month ago

Your last link gives a 404 error :/

[-] artwork@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

Thank you! Fixed!
It had a redundant character > in the URL path I accidentally added during the formatting.

[-] bacon_pdp@lemmy.world 1 points 1 month ago

Make 3 non-profit companies that provide verification but just always return true

[-] originalucifer@moist.catsweat.com 1 points 1 month ago

we can barely get adoption of nsfw tagging/metadata..

that said, this is prolly somewhat already trivial by setting an os/global environment var. and just having that bubbled up to the browser/app level. theres already paths for this to be used, but again.. adoption is far more difficult than the technology required.

[-] moopet@sh.itjust.works 1 points 1 month ago

The only input should be birth year of the child whose account is being set up. No other personally identifiable info should be included.

Found a bug. You're trying to reduce the information, but you can't extrapolate someone's age from their year of birth. You need the full date to compare with the current date. Storing someone's full DOB is obviously more PII but it's essential.

[-] Ltcpanic@lemmy.world 4 points 1 month ago

From a policy perspective, one compromise is building in this kind of ambiguity, for privacy sake. When policy specifies 13 years+1, the tradeoff is a max of +364 days in the worst case: someone who we know is born in 2015, is def 13 in 2029

[-] mrnngglry@sh.itjust.works 1 points 1 month ago

That is intentional. It provides a reasonable approximation of age while maintaining privacy. The big gaping hole someone pointed out to me is who gets to determine what is blocked? I don’t have a great answer for that. I imagine it would be the type of thing settled in courts. Personally, my biggest concerns are social media and access to AI. I think those two things are more harmful to the development of young minds and their mental wellbeing than anything NSFW.

[-] moopet@sh.itjust.works 1 points 1 month ago

If your local laws say you need to be 18 to be considered an adult, then depending on the year, you're either going to be denying an adult access for (average) six months, or illegally letting a child have access for (average) six months.

[-] mrnngglry@sh.itjust.works 1 points 1 month ago

The laws can be written to reference the approximate age. Antoine who will be 18 by December 31st of that year could be considered 18 for the purposes of the law.

[-] moopet@sh.itjust.works 1 points 1 month ago

That's never going to fly. Imagine that person posting nudes, which would be considered illegal by that same lawmaker.

this post was submitted on 01 Mar 2026

12 points (77.3% liked)

Privacy

48213 readers

345 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS