If they're able to get a burner phone unsupervised then I think they could also pay an adult to do the face scan for them or borrow your ID from your purse to authenticate an account. What level of security would you need to totally prevent that kind of thing? Unless it checks your age every time you log in with biometrics I don't see it.

(Of course adding any level of friction will deter some kids, but needing to get a whole new device other than the one their parents gave them is already a lot of friction, isn't it?)

We could e.g. try saying it's sufficient that the user makes ongoing credit cards payments as a proof of age. Or sure maybe you need to verify with every purchase, which is how e.g. alcohol works.

Don't currently take payments for your business model? Probably what you're doing is anticompetitive and we shouldn't allow it anyway.

What about non businesses, like nonprofits, hobbyist groups, or individuals offering a service out of their own charity?

What service? The social media regulations I recall seeing have a size threshold, so hobbyists don't seem relevant. For something like porn, after having actually thought about it some, I don't really see how we've decided that anonymous porn isn't blatantly public indecency, so frankly I don't see how hobbyists openly sharing their work with anyone without knowing who they're giving it to wouldn't be committing a crime.

> I don't really see how we've decided that anonymous porn isn't blatantly public indecency

That one seems pretty obvious. The point of public indecency laws is so that your family can go to McDonald's and not encounter some couple fornicating on the table. Whereas if you go to a private house where someone lives with a reputation for not being very selective about who they take their clothes off in front of, that's not a public establishment.

A privately owned PC connecting to a privately owned server is a private connection, not a public place. It's something you get by going there. You're not required to go to the frat house.

A private business that serves the general public is a public establishment though, even if it's run out of your home. The criteria is whether you restrict access to some private group, not whether it is a privately owned space. I'm not seeing how a server that responds to any traffic without any selectivity (KYC, basically) is not analogous.

It doesn't matter if you're not required to go to the frat house. It matters whether the frat house lets the public in while exhibiting their fornication, or has filters at the door.

You are gliding past the crucial difference: detecting that someone is a minor in person is magnitudes easier than doing so online.

I'm not seeing how that affects my framing. Yes, it is more difficult. That sounds like a problem for businesses that want to offer restricted services online, and we should ensure it stays their problem, not everyone else's.

> In person, we expect stores won't sell cigarettes to kids. We should simply expect companies won't provide age restricted services to kids.

Stores won’t sell cigarettes to kids because doing that will probably get you arrested and shut down pretty quickly.