this post was submitted on 15 Jun 2023
22 points (86.7% liked)

Technology

34806 readers
226 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

US States enforcing new age verification for adult content—how could this be done properly?

@technology

Seeing the news about Utah and Virginia over in the US, there's been a lot of discourse about how unsafe it is to submit government ID online. Even the states that have their own age-verification portals are likely to introduce a lot of risk of leaks, phishing, and identity theft.

My interest, however, focused on this as an interesting technical and legislative problem. How _could_ a government impose age-verification control in a better way?

My first thought would be to legislate the inclusion of some sort of ISP-level middleware. Any time a user tried to access a site on the government provided list of adult content, they'd need to simply authenticate with their ISP web credentials.

Parents could give their children access to the internet at home or via cellular networks knowing this would block access to adult content and adults without children could login to their ISP portal and opt-out of this feature.

As much as I think these types of blocks aren't particularly effective—kids will pretty quickly figure out how to use a VPN—I think a scheme like mine would be at least _as effective_ as the one the governments have mandated without adding any new risk to users.

What do you all think? Are any of you from these states or other regions where some sort of age-restriction is enforced? How does this work where you are from?

Edit:

Using a simple captive portal—just like the ones on public wifi—would probably be the simplest way to accomplish this. It's relatively low friction to the end-user, most web browsers will deal with the redirect cleanly despite the TLS cert issues, and it requires no collection of any new PII.

Also, I don't think these types of filters are useful or worth legislating, I'm just looking at ways to implement them without harming security or privacy.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 1 year ago (2 children)

This problem is always approached from the wrong angle (requiring verification of adults to view adult material) instead of the more freedom- and privacy-preserving method of requiring child-friendly sites to advertise to the browser that they are suitable for child web browsers.

What I mean by this, and the way that I would solve this problem, is to introduce an HTTP header such as X-Child-Friendly: true or X-Content-Rating: E and to put the onus on parents to set the child's web browser to only allow browsing sites which return this header. Every browser would need to have a "Parental Control" mode that restricts browsing to sites that return this header, but this could easily become a standard. Instead of having every adult site implement your legislative controls, now you just need child-friendly sites to add a header to their responses.

The whitelist approach is less likely to allow adult sites to slip through the net, compared to the blacklist approach.

For those who say that children would find a way around this by installing a different browser or unlocking the parental controls: it should be the responsibility of parents to monitor their child's access to the internet and installation of software. The current approach of trying to enforce age-verification on adult sites just shifts the problem to other adult sites that are not under the jurisdiction of the legislation.

Forcing age-verification for adults also has a huge bureaucratic cost and potential for abuse and loss of privacy. I think we know why legislators prefer this approach, and it isn't to protect the children.

[–] [email protected] 4 points 1 year ago (1 children)

Couldn't this be done theoretically with a Pihole and an updated DNS list?

Seems like the issue is that people aren't parenting their kids and expecting the government to parent for them.

[–] [email protected] 4 points 1 year ago

Your DNS whitelist will need to be maintained by somebody and regularly updated. The benefit of the approach that I suggested is that sites report their own content suitability. A new site could be created and immediately be made accessible/inaccesible to restricted browsers without anyone having to maintain a database of allowed/disallowed sites.

[–] jasparagus 3 points 1 year ago

This seems to me like a much smarter solution, and it's more in line with how (e.g.) YouTube kids and the Play Store work (content with ratings, but a separate ecosystem with non-earnarked content that parents could always approve). Crafty kids will always find a way around stuff, especially if they're unsupervised.

This strategy seems like it would be much less obtrusive, with the bonus of probably being a lot safer for kids in practice. Nobody is ever going to successfully blacklist all the adult content the internet can generate... that's a Sisyphean task.