I believe that the rise of new age verification laws is a direct result of the failure of the technical community to provide an alternative. We rightly see that these laws reek of overreach, censorship, and surveillance, but we fail to answer the fundamental question: how is a normal parent supposed to protect their kids?
We recommend blocking DNS, but this has drawbacks. It is too easy to change and can be bypassed without much effort. Additionally, DoH will quickly cause this method to be ineffective. Besides, this already is asking too much technical understanding for a parent who just wants to protect their kids.
For sites with a mix of child friendly and nsfw content DNS filtering does not work and you must rely on the parental controls of the site. Sometimes these are adequate, supporting children accounts to get permission from parent accounts to change age related settings, and sometimes there is only a dropdown to state your birth year. Each platform must be handled, or blocked, on a case-by-case basis.
There are more drastic solutions. In some cases you can MiTM the traffic. You can use AI tools to classify content as nsfw. You can filter based on SNI. You can detect and block VPNs and proxies.
This amounts to building your own small censorship operation. Far too much for a non-technical parent to handle, and way more work than it should be.
My proposed solution: put a content description/rating in the response http headers. When a browser receives the content it decides, based on the header, wheather the content is appropriate for the user. Every site is responsible for self labelling each page.
X-Content-Warning: None, Pornography, Nudity, Sexual-Content, Gambling, Substances, Profanity, Gore
# these are draft categories and need refinement
For adult users, the browser does no filtering unless asked for. For child users, the browser can filter based on the content that the parent allows.
Governments then could regulate the websites, enforcing correct content labelling instead of forcing ID verification or other worse measures.
There are many upsides to this system. Websites do not know if an adult or child is visiting them. No form of ID is ever sent to any party. Parents have full control without requiring technical understanding of the internet. Governments do not get to decide what you or your child are allowed to see. Platforms with mixed content can label each page, chatroom, or post separately. Sites who choose not to present a content description will never be presented to children.
However, this is not a perfect system. It puts the onus of labelling content on the site owners, and a malicous site could purposefully mislabel. Additionally, it can be hard to agree on edge cases. Is this image pornography or art? Moreover, by normalizing content labelling there is room for scope creep to include labelling for politics, religion, etc.
I believe this is an imperfect solution that finds middle ground between lawmakers, parents, website owners, and privacy advocates.