What happens when they move from default dns to ech with pinned dns servers? I was reading about ech a bit yesterday so I could keep up with apps trying to circumvent dns filtering on my kids' devices.

Usually I require a root cert so devices can have their traffic inspected or be isolated into an unsafe network where most nonessential traffic is blocked by default. I suppose letting an iot device connect will become more risky in the future when I can't control the dns resolver or can't confidently block requests through dns alone.

It's either because the non-ad-driven tvs cost more, resulting in too few sales to sustain (because no lifetime revenue from data sales) or the lifetime revenue from data sales is so profitable that companies take the risk on being undercut by a market entrant that will sell dumb tvs.

My guess is that the vast majority of people will trade data for a cheaper price point every time (my wife is certainly one of these people), so the market just can't support the volume of sales necessary to make the price point of dumb tvs competitive.

Doesn't the act of notifying >16 today and >18 tomorrow leak birthdates?

If you want privacy you need to fuzz the transition. Many platforms support that today. Or you can create a separate account when you graduate.

But also, knowing someone's birthday without trying it to other information greatly reduces the risk of harm.

Not unless you actually meant 16<x<18 today and >18 tomorrow.

You can be 30 and verify >16 today and >18 tomorrow, obviously without being 18.

which is nothing in comparison to leaking all of personal information

you can also introduce some jitter like changing age range only once a week/month/year for everyone

Birthday, zip code and gender is enough to uniquely identify most Americans.

Of course you can still break the law. People are complaining that it's now illegal to do what you suggested

1 it requires DOB

2 it requires DOB to be accurate

Lol I remember back in the day when we used to replace the windows logo during boot with our own bitmaps (if I can appropriately remember the file format) at school. We showed kids and suddenly every computer was booting with unexpected media. Admins were not pleased.

But the real fun began when we showed people how to set bios passwords and that cascaded into kids rendering an entire classroom of computers unbootable.

And then there was the time I thought I was really clever because I realized I could open arbitrary files in notepad, so I attempted to edit save files for a learn-to-type program by replacing the score with my own. It seemed to work so I told my friends and then they started copying the same save file into their program files. I don't remember exactly what happened, but I do know the UI update did not propagate to the actual scores and also it introduced a bug into the prodgram which would cause it to crash at distant future epochs, so we destroyed the program for everyone, not just our user profiles. There was an investigation and I think they gave up because the same bad file somehow was on everyone's computer and everyone just told them they got the file from someone else and there was no root of the chain.

This is all to say, any bypass will be identified and implemented at the speed of virality.

This is where parents come into play...

Yes, they can enable the parental controls that, according to the California law, must exist in every consumer OS.

The law necessarily exists for parents that aren't tech literate, since we already have the ability to monitor and lock kids out from adult content.

Do we really think parents will notice that a kid has installed a specific executable? The purpose of this law is to allow parents to outsource caring out which executables are safe, so there is no reason they would check.

Plus a kid can just live boot from a USB if the parent doesn't lock the bios, which would give them an ephemeral session to do whatever they want without the parent knowing unless caught-in-the-act.

And some adults will lie too, assuming they don't need adult content, to avoid being tracked for advertisements, if laws exist that prevent ad targetting on some demo, say <13 year Olds.

Wait until they learn about live booting, VMs, keyloggers, etc. The goal of this bill is to set precedent that this can be regulated by the gov. Five years down the line they will complain it's not working and move to require tpm-based remote attlestation to prove the software isn't altered in order the authenticate with an isp.

I agree with you, but then the implication becomes, "any platform that allows user content must scan all content posted or uploaded by the user to determine if any of it suggests they are a minor".

I adds a bit of burden to all sites under the threat of civil penalties. Say I own a site that allows user posts like HN. If someone mentions they're in grade school in any post and later starts receiving links to adult sites in their DMs, now I'm liable.

But why do we need it at the os level? Couldn't a parent just set a header in the browser for their kid and be done with it?

What happens when the kid installs a different browser?

Agreed. Which is why I think the OS level is dumb. Kids can just live boot or launch a vm or keylog their parents' account.

If it's windows, they can just live boot into the OS and get access to pretty much all the files anyway, if the parent didn't encrypt things.

My point is, if the implementation is trivial to bypass, why do we need this legislation? Just let the parents use the existing tools we have and parent.

Unless the VM app is marked 18+

You'll just get the proliferation of the scammy "free proxies" that claim to host virtual vms for you that are actual vms that just log all your data.