I thought similarly that a minimally privacy invasive set up like sending a âIâm over/under 18â signal that didnât require verifying government ID/live face scans/AI âage approximationâ would be a good idea, but I now think that this system would fall over very quickly due to the client and server not being able to trust each other in this environment.
The client app, be it browser, chat, game etc, canât trust that the server it is communicating with isnât acting nefariously, or is just collecting more data to be used for profiling.
An example would be a phishing advert that required a user to âVerify their Discord accountâ, gets the username and age bracket signal and dumps it into a list that is made available to groomers [1].
Conversely, the server canât trust that the client is sending accurate information. [2]
Even in the proposal linked, itâs a DBUS service that âcan be implemented by arbitrary applications as a distro sees fitâ - there would be nothing to stop such a DBUS service returning differing age brackets based on the userâs preference or intention.
This lack of trust would land us effectively back to âIâm over 18, honestâ click throughs that âarenât enoughâ for lawmakers currently, and I think there would be a requirement in short order to have âeffective age verification at account creation for the age bracket signalâ with all the privacy invasive steps we all hate, and securing these client apps to prevent tampering.
At best, services wouldnât trust the age bracket signal and still use those privacy invasive steps, joining the âDo Not Trackâ header and chocolate teapot for usefulness, and at worst ânon verified clients/serversâ (ie not Microsoft/Apple/Goolge/Meta/Amazon created) would be prevented from connecting.
The allure of the simplicity and minimal impact of the laws is whatâs giving this traction, and I think the proposals are just propelling us toward a massive patch of black ice, sloped or otherwise.
Having said that, I canât blame the devs for making an effort here, as it is a law, regardless of how lacking it is.
[1] I realise âWonât someone think of the children!â is massively overused by authoritarians, give me some slack with my example :) [2] Whilst the California/Colorado laws seem to make allowance for âpeople lieâ, this is going to get re-implemented elsewhere without these exemptions.
Yeah countries and states are relatively happy with the non-privacy systems as they âworkâ.
My principle problem is I cannot see this system âworkingâ to the satisfaction of the seemingly incessant voices who donât want a child to see something that they shouldnât, where âsomethingâ is nebulous and seems to change with who you ask and at regular intervals.
Iâm probably very jaded - Iâd love to be proven wrong and this system works as a least worst option, but Iâm in the UK and we recently seem hell bent on choosing the worst option offered.