New York just proposed the most invasive state-level age verification bill the US has seen. Senate Bill S08102 would extend age verification requirements down to the device itself: internet-connected devices, operating system providers, and app stores would all be required to implement what the bill calls “age assurance” before users can access their own hardware and software ecosystems.
Edit:
Meta is one of the lobbyists for the age verification bill.
Into the Metaverse: The Money and Motivations Behind Meta’s App Store Gambit
In May 2025, Senator Mike Lee (R-UT) and Representative John James (R-MI) introduced the App Store Accountability Act (ASAA), a bill that would require app stores to verify users’ ages and obtain parental consent for users under 18. Meta has bankrolled a wildly expensive lobbying campaign to enact ASAA and its state-level analogs, and instead of recoiling in horror at taking kid privacy advice from Meta, some lawmakers are credulously going along with it.
Confirmed by Bloomberg : Meta Clashes With Apple, Google Over Age Check Legislation
The struggle has pitted Meta Platforms Inc. and other app developers against Apple Inc. and Alphabet Inc.’s Google, the world’s largest app stores. Lobbyists for both sides are moving from state to state, working to water down or redirect the legislation to minimize their clients’ risks.
This year alone, at least three states — Utah, Texas and Louisiana — passed legislation requiring tech companies to authenticate users’ ages, secure parental consent for anyone under 18 and ensure minors are protected from potentially harmful digital experiences. Now, lobbyists for all three companies are flooding into South Carolina and Ohio, the next possible states to consider such legislation.
in addition, there are Over 50 Child Advocacy Groups Unite to Demand App Store Accountability
Proxies and VPNs exist for a reason. If the entire country of China can’t keep up with the number of VPNs and proxies poking holes in their Great Firewall, what makes you think individual parents have the time to do so? You never used a proxy site to access blocked content on a school computer? It doesn’t take a high degree of technical skill. You just google “proxy site” and paste whatever URL you wanted into the site.
an important feature in parental control software is to disable installing random software
Almost everything is a webpage these days. Or a youtube video
And a proxy site doesn’t require installing third party software.
IDK what proxies you use but free ones really suck IMO and they aren’t very obfuscated so they can be easily blocked too. VPNs are trickier but there are methods to detect VPN traffic so that could be blocked too. If you wanted to go ballistic you could even set a whitelist of services and everything else gets blocked.
Kids don’t care. They’ll use whatever is available. Free ones are almost undoubtedly collecting and selling your browsing info too, but kids won’t care about that either. Now your attempts at blocking them have made their browsing less private.
And now you’ve fallen into the whack-a-mole trap, which is exactly what most parents don’t have time for.
Methods available on residential ISP-provided modem/routers? That’s the only “networking gear” that most households have. I think you may be falling for the Average Familiarity trap.
Sure, and your kid can just buy a cheap prepaid SIM card to keep under their mattress. Data plans are stupid cheap, and kids are resourceful. Hell, I can walk down to the corner store and buy an entire android phone for like $50. Will it be a good phone? Fuck no. But it’ll get access to the internet. And if a neighbor or nearby business has unprotected WiFi, I don’t even need the prepaid SIM card.
If you’re trying to stop a 14 year old from looking at tits, you’re already in a pitched battle against an opponent who will never run out of determination. My original point was simply that parents don’t have the time or resources to constantly play cat and mouse with whatever kids are using to jork it. There are entire private companies and government departments with hundreds of full time employees who specialize in parental controls, and they still struggle to keep up. Parents who work full time (and who probably aren’t tech literate enough to do anything more than click the “Enable AdGuard” button when setting up their router, if their router even supports AdGuard) simply won’t have the time or resources.
That’s a capability that most routers don’t have, which is the kind of bills we should be passing except there’s zero upside for big business.
I agree with you on that. My original point was simply that expecting every single parent to run their own blocking isn’t feasible, nor effective under real world situations.
Right, so use them to your advantage? Don’t allow unfettered internet access on the device you give your child. Use MDM/Parental controls to lock its internet access to a proxy or VPN that blocks adult websites, as well as other anonymizers. Business have been doing this since forever.
It only takes one kid to figure out the bypass and it spreads all the kids. Some of those kids are talking to kids going to other schools.
every week my kids hear about a new game the school isn’t blocking while they are in class. Sometimes the teachers catch them, but kids are good at hiding what they are doing - and switching to what they should do when the teacher comes near.
As a parent I’m totally up for the cat and mouse game over the prospect of living in a world with only proprietary operating systems. This idea will get worse and worse until only Windows, Android, and Mac operating systems are in compliance with the law.
I’ve been saying for a while that we should start presenting lawmakers with secure ways to do age verification, instead of relying on lobbyists to do it. Lawmakers will inevitably pass these kinds of things, so at least make sure the groundwork is there for it to be done securely instead of just bitching about it when Meta lobbies to be the third-party age verification system.
Have the government set up a database with every single name, DOB, ID number (SSN, for the Americans), and a password that the individual has set up on the provided site. Then have them use a known hash for each one, essentially turning the password into a salt. And the hashes can be stored in a simple database that determines whether or not someone is old enough.
Next, the device hashes the user’s inputs for name, DOB, ID number, and password. If you want to require an ID, that photo can be verified directly on the device, because even phones are powerful enough to do things like OCR nowadays. Now the device sends that hash directly to the government, and asks “hey, does this hash match someone who is over {age of majority}?” The government’s system automatically responds with a simple yes/no.
Your device can now automatically respond to any age verification checks, so there’s no need for individual sites or apps to ask for your personal info. They can simply ask your device, and your device can respond automatically. The user never even needs to see an “are you over {age}” prompt, because it all happens before the site or service even loads.
It’s essentially the same idea that Tor uses, where routing your traffic through three nodes helps ensure security. The first node (the site, in this case) only gets the verification from your device. The second node (your device) can keep your info entirely on the device, so it never needs to send it to any third party. And the third node (the government) never sees your browsing data. The only device that actually sees both your personal info and your browsing data is your device, which you control. You didn’t need to send a third party any extra data about yourself to verify every individual site or service. Everything about your info stays entirely on your device. And the government didn’t get any of your browsing info, because the device was simply asking if you were old enough to be verified.
For shared devices (like desktops) this could be done on an account level. Same basic concept, except the “is over {age}” flag could be set on the user account. “But my privacy” folks start to rabble about this, (because it usually implies something like a Microsoft account) but I can guarantee Microsoft already knows roughly how old you are. So parents can log in with their verified account to watch porn, and kids will get unverified accounts that redirect them back to a “hey it looks like you’re unverified. If you’re old enough to view this content, here’s how to verify your device” page.
For parents, protecting your kids is now as simple as refusing to verify their devices/accounts and protecting that password (so they can’t just use your info to verify themselves behind your back). Hardware verification can be done securely.
I don’t know what it’s all used for but there is a government site for ID verification already: https://id.me/
Even if Trump wasn’t President I’m not all that comfortable with the US government knowing every time I want to rub one out.
There’s a few cryptographic methods to share this data “blindly” (signatures, zero knowledge proofs, verifiable credentials, etc.) so we’re not putting out more and more about ourselves to be taken advantage of.
As you said the biggest problem is the lobbyists. They don’t represent the people, they represent businesses.
Exactly. There are so many people in this thread who really seem to underestimate how much time and effort it actually takes to keep kids from playing the games their peers are playing. Keeping a teenager from looking at tits is a full time job by itself, which would require all kinds of invasive privacy violations. As the old adage goes, the strictest parents make the sneakiest kids.