This is the wrong way to limit porn to adults. For ages there has been a single line HTTP header that can be added to a site or even to the meta-data in HTML itself to identify adult content. A law could require all user-content sites to implement the header and require all browser apps, operating systems, mobile devices to make a best-effort attempt and requiring a parental control system that approve-lists domains that have the adult content header.
A panel of the best UX designers in the industry could draft the RFC for device/browser updates and the law could reference the RFC. A panel of parents could test the beta versions. This way people can't really say "Its too technically hard to enable parental controls". This could even become part of the device setup such as buying a new phone and going through the setup menu. "Enable parental controls? Y/n" If "Yes" then the setup guides the parent through creating accounts for kids and lets them choose whether or not to allow user-generated/adult content per account.
This puts the control and liability of the approval on the parent and they don't even need to be technically savvy at all. This also puts the liability to self-label a site on the site owner/administrator and they can each have instructions in a standard location on the site how to enable parental controls in apps/devices after such a law requires devices to have this functionality created in a standard and simple way that just looks for the header. Despite being meant for adult content there is nothing stopping this from being used for user-generated content domains. The end goal would simply be to provide a method of parental controls per domain or globally.
Most important, this method provides zero tracking of who is into what and does not leak financial or PII data.
How to enforce this? Crawlers find user generated site, people submit user generated sites. No header? 3 attempts are made to contact the domains admin/technical contact. 4th attempt domain(s) are seized. Domain outside of the U.S. and that government will not cooperate? Sanctions. It's a big hammer but it works.
Could a determined teen get around this? Sure, the same teen that would use a parents credit card or the card of a stranger. In my proposed method credit card fraud is taken out of the picture and people do not have to leak real names.
A panel of the best UX designers in the industry could draft the RFC for device/browser updates and the law could reference the RFC. A panel of parents could test the beta versions. This way people can't really say "Its too technically hard to enable parental controls". This could even become part of the device setup such as buying a new phone and going through the setup menu. "Enable parental controls? Y/n" If "Yes" then the setup guides the parent through creating accounts for kids and lets them choose whether or not to allow user-generated/adult content per account.
In NGinx it looks like this:
In HAProxy it looks like this: I do not know how to add this to Envoy or Caddy.This puts the control and liability of the approval on the parent and they don't even need to be technically savvy at all. This also puts the liability to self-label a site on the site owner/administrator and they can each have instructions in a standard location on the site how to enable parental controls in apps/devices after such a law requires devices to have this functionality created in a standard and simple way that just looks for the header. Despite being meant for adult content there is nothing stopping this from being used for user-generated content domains. The end goal would simply be to provide a method of parental controls per domain or globally.
Most important, this method provides zero tracking of who is into what and does not leak financial or PII data.
How to enforce this? Crawlers find user generated site, people submit user generated sites. No header? 3 attempts are made to contact the domains admin/technical contact. 4th attempt domain(s) are seized. Domain outside of the U.S. and that government will not cooperate? Sanctions. It's a big hammer but it works.
Could a determined teen get around this? Sure, the same teen that would use a parents credit card or the card of a stranger. In my proposed method credit card fraud is taken out of the picture and people do not have to leak real names.