Hacker News new | past | comments | ask | show | jobs | submit login

The last time I encountered a COPPA opt-in was on the register.php page of a vBulletin forum where you had to enter your birthdate.

It doesn't boggle my mind. I'm sure very few services online would stand up to scrutiny. It's just that such few platforms are ever in that position.




Are you sure your not just mentally filtering it out? I see "[checkbox] I agree that I am 13 years old or the legal guardian blah blah blah" pretty frequently on signup pages.


That's possible, but not that I can tell. Neither Twitter.com, Reddit.com, nor Pornhub.com ask, for example.

Though, TikTok is a video platform with immense popularity among children. Put those two together and you're bound to be first on this sort of COPPA chopping block, so I suppose I do see how OP's mind could be boggled after all. Maybe it's "just" a fine of $5.7 million.


(1) In determining whether a Web site or online service, or a portion thereof, is directed to children, the Commission will consider its subject matter, visual content, use of animated characters or child-oriented activities and incentives, music or other audio content, age of models, presence of child celebrities or celebrities who appeal to children, language or other characteristics of the Web site or online service, as well as whether advertising promoting or appearing on the Web site or online service is directed to children. The Commission will also consider competent and reliable empirical evidence regarding audience composition, and evidence regarding the intended audience.


In other words, nothing substantial about whether it's actually used by children...


> The Commission will also consider competent and reliable empirical evidence regarding audience composition

It seems pretty clear that userbase demographics are a factor. It's the best evidence you can have.


In law, intent matters


> Neither [...] nor Pornhub.com ask, for example.

Funnily enough, I think it's fair for pornhub to assume their audience is 13 or older.

Porn sites used to make you affirm that you were at least 18, though. I wonder what happened to that.


They (pornhub) do ask people about their age, depending on the country they're visiting from. For Russians they even tied confirmation process to one of local social networks (source in Russian): https://tjournal.ru/flood/46247-kak-rabotaet-proverka-vozras...


Reddit terms that you agree to when creating an account say:

“Children under the age of 13 are not allowed to create an account or otherwise use the Services.”

https://www.redditinc.com/policies/user-agreement


TikTok allows users under 13 with some requirement that the person signing up should have their parent review these terms.

“If you are under age 18, you may only use the Services with the consent of your parent or legal guardian. Please be sure your parent or legal guardian has reviewed and discussed these Terms with you.”

https://www.tiktok.com/en/terms-of-use


That IMO was TikToks downfall... They should have simply said "No children under 13" and made a date of birth selector making it impossible to select a date younger than 13.

Children would then have to ignore the terms and lie to the date of birth screen (fraud) to gain access, yet I'm sure that wouldn't stop most of them.

TikToks as a company can publish age stats from the data 'proving' they have nobody under 13, and all of the above should satisfy FTC


> "They should have simply said "No children under 13" and made a date of birth selector making it impossible to select a date younger than 13."

I don't believe the FTC would consider this compliance, since such a dialogue is designed to encourage children to lie.

>3. Can I block children under 13 from my general audience website or online service?

> Yes. COPPA does not require you to permit children under age 13 to participate in your general audience website or online service, and you may block children from participating if you so choose. By contrast, you may not block children from participating in a website or online service that is directed to children as defined by the Rule. See FAQ D.2 above.

> If you choose to block children under 13 on your general audience site or service, you should take care to design your age screen in a manner that does not encourage children to falsify their ages to gain access to your site or service. Ask age information in a neutral manner at the point at which you invite visitors to provide personal information or to create a user ID.

A bit more to the point:

> In designing a neutral age-screening mechanism, you should consider: Making sure the data entry point allows users to enter their age accurately. An example of a neutral age-screen would be a system that allows a user freely to enter month, day, and year of birth. A site that includes a drop-down menu that only permits users to enter birth years making them 13 or older, would not be considered a neutral age-screening mechanism since children cannot enter their correct ages on that site.

https://www.ftc.gov/tips-advice/business-center/guidance/com...


> Children would then have to ignore the terms and lie to the date of birth screen (fraud) to gain access

Out of curiosity - is that really fraud? It doesn’t sound like it hurts the company.


Falsifying information to trick a company into doing something illegal (collecting data on a minor) for personal gain (ability to use service) sounds like fraud to me.


If you're considered too young to have the right judgement to vote, drink, die for your country or be married off (excepting the US states that still allow marriage from age 12[0]), you should also be too young to be held liable for fraud.

[0]https://en.wikipedia.org/wiki/Age_of_marriage_in_the_United_...


Isn't that the point, you pass off the legal liability to the user who can't be held liable and so bypass the need to restrict your service to over-13s.


lying isn't the same thing as fraud.


Yes, but exactly: it's on some user agreement policy along with all the other rules nobody ever reads.

I bet TikTok had the same thing. But look at TikTok's attempt at complying in TFA: they didn't just make a /policy edit. They started asking birthdate upon register/login but managed to botch that, so they started asking users for scans of their government-issued ID.

If these are the sorts of measures that the FTC needs to see, then who actually is compliant under scrutiny?

You can upload selfie image/videos directly to Reddit. Wouldn't Reddit be just as incapable of deleting all content from users that were <13yo at time of upload like TikTok was ordered to do?

Don't get me wrong, I think "Are you over 13?" is about as useful as "Are you over 18?" and "Do you agree with our cookie policy?"


And children "under the age of 13" are supposed to be reading terms of use?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: