Several jurisdictions are passing laws requiring operating systems to implement age verification, including Brazil (effective March 17, 2026), California, Colorado, and New York. The author argues these laws create a privacy trap: proving age requires collecting personal data, which conflicts with data-privacy law. The author critiques both the American approach (device-based guardian permissions) and the European approach (government ID authentication, which ends anonymous internet). Apple has already released an age-range API in response. The author contends that mandating OS-level accounts is misguided, that researchers warn these measures lack proven impact, and proposes a simpler alternative: nonprofit or government-maintained whitelists of age-appropriate sites configurable by parents on children's devices.
Sort: