Hacker News new | past | comments | ask | show | jobs | submit login

If it's possible to click through a form with all defaults retained, you should assume that some users will do so. It's probably also safe to assume that deleting their account and all of their uploaded content is not the typical user expected behavior from doing so.

I don't think the problem was defaulting to the current date. No default is probably better in general for this sort of thing, and in hindsight it definitely would have been better in this case. But for a field for which you really need the user to provide a value, if you're going to set a default, that default should be obviously and universally invalid (the current date qualifies for that when you're asking for DOB), and you should have logic in place to deal with obviously invalid inputs.




Sure. But even if they did that form right, they'd still have some adults flip the year a few years, some falling short of 13. At that point they get banned because that's what the FTC requires, so what procedure do you use to let them appeal? Asking for an ID seems reasonable to me.


I agree that the appeals decision is a little bit tricky and that asking for an ID is probably the best option in those cases. But I'd bet that some very basic, sensible validation would have reduced the number of those cases by orders of magnitude.


You could ask for a CC or something like that, which wouldn't be bulletproof but probably reasonably good enough. But I think you'd still have the EFF complaining that not everybody has a credit card, particularly teenagers, just like they object to the photo ID requirement.

Asking for a photo ID was probably easier for them than asking for a credit car though, since with the credit card method they now have to worry about PCI compliance. Getting themselves out of one regulatory shithouse by walking into another probably wasn't something they were eager to do.

They could ask the appealing user to upload a quick video of themselves requesting the appeal, and then use common sense to grant the appeal to people who reasonably appeared to be adults. That might make the FTC upset with them a second time though, since you'd doubtlessly have kids filming and uploading appeal videos, which would probably put TikTok back in violation of COPPA...

I don't think asking for a link to other social media like facebook would help, because even though Facebook is presumably in compliance with COPPA, somebody having an account on Facebook and being in compliance with COPPA doesn't necessarily mean they are >13 years old; their parent or legal guardian could have given them permission to use facebook, but not tiktok. So you can't assume that control of a facebook account means they're >13 or have parental approval to use your service.

There might be other ways out of this mess, but I can't think of any at the moment.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: