New York just proposed the most invasive state-level age verification bill the US has seen. Senate Bill S08102 would extend age verification requirements down to the device itself: internet-connected devices, operating system providers, and app stores would all be required to implement what the bill calls “age assurance” before users can access their own hardware and software ecosystems.
Edit:
Meta is one of the lobbyists for the age verification bill.
Into the Metaverse: The Money and Motivations Behind Meta’s App Store Gambit
In May 2025, Senator Mike Lee (R-UT) and Representative John James (R-MI) introduced the App Store Accountability Act (ASAA), a bill that would require app stores to verify users’ ages and obtain parental consent for users under 18. Meta has bankrolled a wildly expensive lobbying campaign to enact ASAA and its state-level analogs, and instead of recoiling in horror at taking kid privacy advice from Meta, some lawmakers are credulously going along with it.
Confirmed by Bloomberg : Meta Clashes With Apple, Google Over Age Check Legislation
The struggle has pitted Meta Platforms Inc. and other app developers against Apple Inc. and Alphabet Inc.’s Google, the world’s largest app stores. Lobbyists for both sides are moving from state to state, working to water down or redirect the legislation to minimize their clients’ risks.
This year alone, at least three states — Utah, Texas and Louisiana — passed legislation requiring tech companies to authenticate users’ ages, secure parental consent for anyone under 18 and ensure minors are protected from potentially harmful digital experiences. Now, lobbyists for all three companies are flooding into South Carolina and Ohio, the next possible states to consider such legislation.
in addition, there are Over 50 Child Advocacy Groups Unite to Demand App Store Accountability
I hope Mamdani and friends oppose this piece of shit. It exists to erase sexuality that doesn’t belong to the straight white dude, alongside filling the pockets of the wealthy by watching our every move.
This is a good example for how democracy under capitalism tends to serve the interests of the Epstein class above the rest of us.
Woah. Crazy how governments around the world are all doing this in lock-step.
It’s almost like we’re all being ruled by a handful of families haha.
Yep but point it out and you’re the crazy person 🙄
Hell, let’s go one step further and force it on the user level:
Every time you want to access an online service, a government-appointed doctor comes to your house and does an X-ray of your clavicle to determine bone ossification, dental examinations, and a DNA methylation test to determine your biological age.It’s very important that this happens every time, in order to catch anyone who ages backwards.
Benjamin Button starts freaking out
What states aren’t trying to pull this bullshit? There have to be at least a few.
Yeah, because those devices have age-inappropriate content already pre-installed amirite???
Honestly though, how the fuck do they keep justifying the mental gymnastics behind this, from a judicial standpoint? If you were to never set a foot on the internet after buying the device, there’s no need for age verification; and even if you do, as long as you don’t visit any site that hosts inappropriate content, it still doesn’t warrant an age verification.
It’s up to the content platform to ensure that no child visits inappropriate content. Think about it: a store IDs a person when they try to buy alc/tobacco, NOT when they just enter the store.
I can’t believe this passes legislation just like that.
This is like mandating that bicycles require age verification, since someone could bike to the liquor store and lie about their age.
Kudos, that’s an even better metaphor.
Christian fundie groups trying to get rid of porn on the web. Other groups seeking to eliminate anonymity from the web.
Meta is likely going along with it because it protects them from child vulnerability lawsuits.
If they succeed in getting rid of internet porn, there will be only website and it would be www.bringbacktheporn.com
… And based on usage, it’ll be run by a religious group. They consume the most porn, after all, and I bet this kind of bill is virtue-signaling or offloading of responsibility.
:D
This is a clearly coordinated attack on the civilians to get more data to sell and spy on them.
This isn’t a coincidence that these bills pop around at the same time.
Agree. But it’s “citizens” not civilians. “Civilians” are those that aren’t military. Civilians are virtually everybody, police included. The USA started this double-speak ~15 years ago, where they pretend that police are military, and police aren’t civilians. Please stop rewiring your brain by using their language.
“Child advocacy groups”, funded by billionaires.
If you can’t see it, you need to peel back a few more layers.
Weren’t the red hats the ones bitching about “the nanny state”?
The same crowd that needs the second amendment to stand up to tyranny but are nowhere to be found when tyranny is actually happening?
You mean the hypocrite amendment?
Freedom for me, laws for thee
“Conservatism consists of exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect.”
-someone smarter than me
Yay! More places where devs will just say you can’t run their stuff.
I’m pretty sure I don’t need to use anything built by a company so preoccupied with my birthday.
I can’t believe all of you who are opposed to this.
Won’t you think of the poor data brokers who’s entire library of intimate personal details about every person who’s ever used a smartphone is practically worthless without the ability to link it to your actual identity.
Screw the children, think of the shareholders you monsters.
Children aren’t purchasing their devices, adults are, so why would an adult need to prove that they’re over 18? They can just state that the individual receiving the device is under 18…. Oh so you’re saying it’s not actual about the safety of children?
They are infantilising people by making excuses that this is for the children. Teenagers may also be under 18, yet they don’t seem to care - they’re lumped right in with clueless children.
Teenagers are also people, and are closer to adults where they have their needs and wants. This goes against their safety, by duming them down. Its only a while since theyre going to consider under 25s as children as well - “for the peoples own good”.
Fuck these people
You’ll need to verify your age for that too.
Parents can age check their kids manually. We should not identify every user on the internet.
No we can’t. We try, but kids are not 100% of the time in our sight. They are sitting in their chair “doing homework”, but when they see us coming they switch apps - who knows what they are doing. They are getting up at 3am when we are a sleep, again doing who knows what. Even if we put controls on, anytime there is a way to bypass the control (often a website that looks good enough to fool the automated approval system school has set up) that will spread to the entire school and all kids get access to that for a week in school before it is shutdown.
If you want age verification to work, you need a strong legal effort (international!) so that anyone who makes something online that gets kids (intentionally or not) faces a strong enough legal issue (read years in prison) that it is really stops this. Part of that is enough money for investigation so that it is a given you will be caught. I don’t think you can do this, and so the whole effort is pointless.
but kids are not 100% of the time in our sight.
neither is your age verified phone. kids are already stealing parents credit cards to spend on mobile games, this will just add another incentive. but I bet your next idea will be constant age verification with the front camera.
but when they see us coming they switch apps - who knows what they are doing
and how the fuck does this help with that? your issue is that you are fucking lazy to even enable the built in parental control functions in the phone!!!
They are enabled - the kids have found bypasses. Turning on the hotspot and then using their school device for instance
why isn’t the school device locked down? why do you want to lock down everyone’s private devices, instead of making the school to lock down theirs?
I don’t care about your device. The school devices are lockee down - but it isn’t feasable to lock everything down and still have a useful device for the things they need to do.
yes you do! if you weren’t, you wouldn’t be supporting mandatory age verification in the operating system, including my phone, my computer, and that of everyone else!
The school devices are lockee down - but it isn’t feasable to lock everything down and still have a useful device for the things they need to do.
the school curriculum has a pretty defined list of apps and domains used for education. blame them for not doing a good job at filtering on institutional devices
I have never supported mandatory age verification on devices - it cannot work.
i want the same things people who are for is want - but I want a system that works in the real world. I don’t know what that system is. I know parents and schools are hurting because we don’t have a useful solution.
Network level content blockers are really easy to setup and they’d be even easier if bills targeted ISPs instead (requiring gateways have the tech built-in). It takes a pretty smart and determined kid to get around network controls and it can target specific devices so adults still have an unrestricted experience.
It only takes a single determined kid really as long as they can explain to their friends how to do it and their friends are capable of or able to install some software or boot into a live USB OS for example.
A lot of the various censorship circumvention software is designed to be fairly easy to use. I first learned about Tails when I was like 14 or so because I was being abused for being suspected of being LGBT by my parents and also for various other things such as being autistic and having other disabilities and they were abusing me for things I could not help. So I needed a way to ensure that I would stay protected from their potential digital snooping so I could get support online, talk to my online friends because I had nearly no irl friends and the very few I did kinda have just took advantage of me and bullied me most of the time.
I also needed to be able to rapidly destroy everything I was doing by pulling out the flash drive wiping the RAM and shutting down the PC. One of the somewhat common use cases for Tails is people under domestic abuse situations they are unable to escape from.
There is a reason why the Trevor Project, a mental health support site for LGBT people has an emergency mechanism for quickly leaving the site while your in the middle of a conversation with a counselor or just browsing the resources too.
https://www.thetrevorproject.org/research-briefs/mental-health-among-autistic-lgbtq-youth-apr-2022/
But regardless after I learned about stuff like that I also helped an online friend from another school access content using bridges as well. I helped another friend at some point too though in that case basic web proxies were enough. Though the latter person I guess was not really a great friend since he only really wanted to talk to me when he needed help with things like that.
Psiphon, another censorship circumvention tool is also fairly easy to use and works on mobile and desktop style OSs.
On my phone I used the Shelter app to create a work profile with a separate password from my devices regular password.
I used various apps like Tor Browser, Orbot, and other free and open source apps such as Bitmask that come with 2 free VPN providers.
In some cases Tor may not even be blocked or if it is you can try obfs4, Snowflake proxies, Meek, and Webtunnel bridges to access it for example.
Also a friend could run a private bridge for you from their home if they are tech savvy and want to help you. For obfs4 for example, out of a lot of services someone could self host, that is relatively easy without as much knowlege required as self hosting something more complex.
Wireguard is relatively easy to self host once you become accustomed to how to configure it. SSH is even easier than Wireguard IMO though Wireguard tries to be as easy as SSH there are a few issues that can happen with Wireguard that need more troubleshooting sometimes compared to SSH. SSH can be used for tunneling traffic and you can set your web browser to use it’s SOCKS port.
So if you can find a friend with an ISP that isn’t doing the filtering who can self host something or if a person can access Tor, Psiphon or a VPN particularly one with a variety of anti censorship options this type of network censorship isn’t going to be trivial.
There is also DNS tunneling and a variety of other methods.
Edit: The last thing I will likely say in this particular comment is that people should really consider who they will be condemning to a much worse situation than they are already in by supporting stuff like this and these privacy invasive age verification tools.
Here is additional info about who these types of bills will impact harshly.
"Age-verification mandates most harshly affect people with disabilities. Facial recognition systems routinely fail to recognize faces with physical differences, affecting an estimated 100 million people worldwide who live with facial differences, and “liveness detection” can exclude folks with limited mobility. As these technologies become gatekeepers to online spaces, people with disabilities find themselves increasingly blocked from essential services and platforms with no specified appeals processes that account for disability.
Document-based systems also don’t solve this problem—as mentioned earlier, people with disabilities are also less likely to possess current driver’s licenses, so document-based age-gating technologies are equally exclusionary."
“For many LGBTQ+ young people, especially those with unsupportive or abusive families, the internet can be a lifeline. For young people facing family rejection or violence due to their sexuality or gender identity, social media platforms often provide crucial access to support networks, mental health resources, and communities that affirm their identities.”
"According to a groundbreaking study by Chapin Hall of the University of Chicago, LGBTQ+ youth are 120% more likely to experience homelessness than their peers. And, while LGBTQ+ youth make up only 7% of the total U.S. youth population, they comprise an astounding 40% of all young people experiencing homelessness in the country.
Often times, youth who make their way to Covenant House do so bearing complex histories of physical, sexual, and emotional abuse. LGBTQ+ youth are further traumatized by rejection in their families, schools, and communities due to their gender identity or sexual orientation. This abandonment leads to no support system, putting LGBTQ+ youth at greater risk of exploitation, human trafficking, physical violence, and suicide"
“Platforms that rely on AI-based age-estimation systems often use a webcam selfie to guess users’ ages. But these algorithms don’t work equally well for everyone. Research has consistently shown that they are less accurate for people with Black, Asian, Indigenous, and Southeast Asian backgrounds; that they often misclassify those adults as being under 18; and sometimes take longer to process, creating unequal access to online spaces. This mirrors the well-documented racial bias in facial recognition technologies. The result is that technology’s inherent biases can block people from speaking online or accessing others’ speech.”
“Age-verification systems are, at their core, surveillance systems. By requiring identity verification to access basic online services, we risk creating an internet where anonymity is a thing of the past. For people who rely on anonymity for safety, this is a serious issue. Domestic abuse survivors need to stay anonymous to hide from abusers who could track them through their online activities. Journalists, activists, and whistleblowers regularly use anonymity to protect sources and organize without facing retaliation or government surveillance. And in countries under authoritarian rule, anonymity is often the only way to access banned resources or share information without being silenced. Age-verification systems that demand government IDs or biometric data would strip away these protections, leaving the most vulnerable exposed”
Also the perspectives of young people are almost never considered in these conversations which is why I am glad the Electronic Frontier Foundation actually took the time to ask when KOSA was being considered but these comments in the following link apply to a lot of these other forms of legislation too.
And good luck for that kid to go online if I confiscate their device.
I can’t - teachers give them homework that must be done on the device all the time.
- Confiscate device
- “Time for homework”
- Give back device
- Do homework
- “Homework done”
- Reconfiscate device
As a gen z, what school that uses online classroom environments and resources doesn’t give kids school-monitored tech? And for my district, our Chromebooks were HEAVILY locked down and monitored. I remeber trying to search the term “guitar latina” for a music project once and getting my search flagged because of “latina.” Most popular sites were firewalled/unaccessable (so .xxx domains were most likely blocked too). The terminal was literally disabled. Several system settings were disabled or unable to be edited. We couldn’t download programs, and most extensions were blocked (I think they eventually blocked them all). Hell, we couldn’t even change our desktop wallpaper.
Basically, at least at my middle and high school, it was very hard to access inappropriate material, and if you did, you were likely to get caught. Use cloudflare’s family dns (they have a whole setup guide) for your home network and any devices that aren’t fully locked down by the school (includes personal devices that aren’t school owned), and put parental control on so your kids can’t touch it.
If they get past all that, then congrats! You have kids who are very good at problem solving, searching the internet for info, and experimenting. All of which are great qualities for future cybersecurity professionals.
the school devices are locked down. However your experience shows why the locks are not good. Too many useful searches could be bad. They are not going to assign a team of humans to review every search result. Either they whitelist things so restricted that you can’t research anything or they blacklist so little things not on the list spread faster than they can block. (Both is a real possibility)
they can do it at the computer that sits in your room.
At what point do I change from a concerned parent protecting my kids to an over protective hellicopter parent?
this is such a disingenuous argument. the situation was kids own devices have been confiscated, for a reason. that’s when you fully supervise their computer use for things they are required to do. Obviously, when they get back their devices, that doesn’t need to be restricted like that.
It takes a pretty smart and determined kid to get around network controls
Proxies and VPNs exist for a reason. If the entire country of China can’t keep up with the number of VPNs and proxies poking holes in their Great Firewall, what makes you think individual parents have the time to do so? You never used a proxy site to access blocked content on a school computer? It doesn’t take a high degree of technical skill. You just google “proxy site” and paste whatever URL you wanted into the site.
an important feature in parental control software is to disable installing random software
And a proxy site doesn’t require installing third party software.
Almost everything is a webpage these days. Or a youtube video
IDK what proxies you use but free ones really suck IMO and they aren’t very obfuscated so they can be easily blocked too. VPNs are trickier but there are methods to detect VPN traffic so that could be blocked too. If you wanted to go ballistic you could even set a whitelist of services and everything else gets blocked.
but free ones really suck IMO
Kids don’t care. They’ll use whatever is available. Free ones are almost undoubtedly collecting and selling your browsing info too, but kids won’t care about that either. Now your attempts at blocking them have made their browsing less private.
and they aren’t very obfuscated so they can be easily blocked too
And now you’ve fallen into the whack-a-mole trap, which is exactly what most parents don’t have time for.
there are methods to detect VPN traffic so that could be blocked too
Methods available on residential ISP-provided modem/routers? That’s the only “networking gear” that most households have. I think you may be falling for the Average Familiarity trap.
If you wanted to go ballistic you could even set a whitelist of services and everything else gets blocked
Sure, and your kid can just buy a cheap prepaid SIM card to keep under their mattress. Data plans are stupid cheap, and kids are resourceful. Hell, I can walk down to the corner store and buy an entire android phone for like $50. Will it be a good phone? Fuck no. But it’ll get access to the internet. And if a neighbor or nearby business has unprotected WiFi, I don’t even need the prepaid SIM card.
If you’re trying to stop a 14 year old from looking at tits, you’re already in a pitched battle against an opponent who will never run out of determination. My original point was simply that parents don’t have the time or resources to constantly play cat and mouse with whatever kids are using to jork it. There are entire private companies and government departments with hundreds of full time employees who specialize in parental controls, and they still struggle to keep up. Parents who work full time (and who probably aren’t tech literate enough to do anything more than click the “Enable AdGuard” button when setting up their router, if their router even supports AdGuard) simply won’t have the time or resources.
Parents who work full time (and who probably aren’t tech literate enough to do anything more than click the “Enable AdGuard” button when setting up their router, if their router even supports AdGuard) simply won’t have the time or resources.
That’s a capability that most routers don’t have, which is the kind of bills we should be passing except there’s zero upside for big business.
I agree with you on that. My original point was simply that expecting every single parent to run their own blocking isn’t feasible, nor effective under real world situations.
Right, so use them to your advantage? Don’t allow unfettered internet access on the device you give your child. Use MDM/Parental controls to lock its internet access to a proxy or VPN that blocks adult websites, as well as other anonymizers. Business have been doing this since forever.
It only takes one kid to figure out the bypass and it spreads all the kids. Some of those kids are talking to kids going to other schools.
every week my kids hear about a new game the school isn’t blocking while they are in class. Sometimes the teachers catch them, but kids are good at hiding what they are doing - and switching to what they should do when the teacher comes near.
As a parent I’m totally up for the cat and mouse game over the prospect of living in a world with only proprietary operating systems. This idea will get worse and worse until only Windows, Android, and Mac operating systems are in compliance with the law.
I’ve been saying for a while that we should start presenting lawmakers with secure ways to do age verification, instead of relying on lobbyists to do it. Lawmakers will inevitably pass these kinds of things, so at least make sure the groundwork is there for it to be done securely instead of just bitching about it when Meta lobbies to be the third-party age verification system.
Have the government set up a database with every single name, DOB, ID number (SSN, for the Americans), and a password that the individual has set up on the provided site. Then have them use a known hash for each one, essentially turning the password into a salt. And the hashes can be stored in a simple database that determines whether or not someone is old enough.
Next, the device hashes the user’s inputs for name, DOB, ID number, and password. If you want to require an ID, that photo can be verified directly on the device, because even phones are powerful enough to do things like OCR nowadays. Now the device sends that hash directly to the government, and asks “hey, does this hash match someone who is over {age of majority}?” The government’s system automatically responds with a simple yes/no.
Your device can now automatically respond to any age verification checks, so there’s no need for individual sites or apps to ask for your personal info. They can simply ask your device, and your device can respond automatically. The user never even needs to see an “are you over {age}” prompt, because it all happens before the site or service even loads.
It’s essentially the same idea that Tor uses, where routing your traffic through three nodes helps ensure security. The first node (the site, in this case) only gets the verification from your device. The second node (your device) can keep your info entirely on the device, so it never needs to send it to any third party. And the third node (the government) never sees your browsing data. The only device that actually sees both your personal info and your browsing data is your device, which you control. You didn’t need to send a third party any extra data about yourself to verify every individual site or service. Everything about your info stays entirely on your device. And the government didn’t get any of your browsing info, because the device was simply asking if you were old enough to be verified.
For shared devices (like desktops) this could be done on an account level. Same basic concept, except the “is over {age}” flag could be set on the user account. “But my privacy” folks start to rabble about this, (because it usually implies something like a Microsoft account) but I can guarantee Microsoft already knows roughly how old you are. So parents can log in with their verified account to watch porn, and kids will get unverified accounts that redirect them back to a “hey it looks like you’re unverified. If you’re old enough to view this content, here’s how to verify your device” page.
For parents, protecting your kids is now as simple as refusing to verify their devices/accounts and protecting that password (so they can’t just use your info to verify themselves behind your back). Hardware verification can be done securely.
I don’t know what it’s all used for but there is a government site for ID verification already: https://id.me/
Even if Trump wasn’t President I’m not all that comfortable with the US government knowing every time I want to rub one out.
There’s a few cryptographic methods to share this data “blindly” (signatures, zero knowledge proofs, verifiable credentials, etc.) so we’re not putting out more and more about ourselves to be taken advantage of.
As you said the biggest problem is the lobbyists. They don’t represent the people, they represent businesses.
Exactly. There are so many people in this thread who really seem to underestimate how much time and effort it actually takes to keep kids from playing the games their peers are playing. Keeping a teenager from looking at tits is a full time job by itself, which would require all kinds of invasive privacy violations. As the old adage goes, the strictest parents make the sneakiest kids.
They are only easy to setup if you don’t care about getting them right. Either you block a lot of useful content (only approved, audited things allowed), or you block only things that are known evil (that is you audited it). Either way the vast majority of the internet is not audited and we have no idea which of that is good vs evil. (nevermind trying to get a consistent definition of good/evil). The name “onlyfans” makes me think of sports fans and thus something I’d allow kids to access - of course I know better, I’ll be there is someone out there who would be setting up the firewall who doesn’t know it is in fact adult content.
There are very comprehensive block lists for this kind of stuff so you don’t have to audit everything yourself.
It’s not on you to know every single website and what it does. All major security providers maintain a classification database of websites that they use to filter the internet. Most major corporations subscribe to those lists, as do schools (I think by law). All you would do is buy one of these services and the blacklist would be managed by them. They’re not 100% perfect, and you child will be able to find a picture of boobs if they try hard enough, but that has always been the case.
One quick and easy way is to change your DNS to 1.1.1.3, which is a public resolver Cloudflare runs which filters out adult domains. This doesn’t scale if you’ve given your child a cellular device that can connect to other networks, but in that case you shouldn’t have done that, or should secure that device with a security solution that can enforce polices across the OS.
Personally I think it should be easier for parents to be able to do this kind of thing without having to learn too much about the tech, but deciding how to raise your child and what to shelter them from is your responsibility. These products have existed for decades. Instead of forcing OS manufactures to confirm ages and identities, we should focus on making sure parents have access to easy to use parental controls.
Every week my kid hears about another game (not boobs) that the school didn’t block and thus they can play when the teacher isn’t looking. There are also a lot of non educational youtube videos they can watch, but since some of their real educational videos are on youtube they don’t block most. (Again youtube will block boobs - but that is not all I’m worried about)
You don’t want kids watching non educational YouTube so your solution is to track what adults are doing online?
OKAY THEN.
in public schools the admins can’t just do their own research and use their judgement to find a good blocklist, but they are told which lists they need to use. and those lists are often not that good, but at least they are tied to an expensive license or something.
My mesh hub can straight up disable the internet at my house from 12am to 6am or any other hours I want.
But not my kids phone that they turned the hotspot on before then. even if I take it their school device can be got from the backpack
Again, stop giving them devices that they have full control over. They either shouldn’t have a smartphone or they should have one that you control.
I have all the parental controls I can enabled - but hotspot is one soften requested feature I can’t block. I can block chrome completely but I can’t unblock it for my kids online piano lesson because they are on youtube which means every video is unblocked despite only one channel of interest. Next thing I know they have been watching youtube shorts slop.
i also can’t control the school issued device which they have do some homework on. Often homework includes watch an educational video on youtube
