Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
It one of the reasons I like the way the California bill has been written, it’s very clear that you set the flag, or provide a date, and not only makes no mention of verifying it in any way, but also requires that anything using it trusts it and may not perform any other checking. A service using that data is also explicitly not liable if it’s wrong, so they have no insentive check any further.
It is, obviously, possibly that laws will change in future, but it seems to me that having something like this in place actually makes it harder to implement anything more intrusive later.
Yeah I’ve heard of similar systems in Europe. It’s similar to two factor authentication. Hopefully something like this could also screen out bots, making influence campaigns more difficult. But regardless, however its implemented I hope it will be easy for not-for-profit operating systems (such as linux distros) to operate