only understand the concept and know where to find a VM.
That’s already smarter than most of my relatives.
I’d argue that controlling / monitoring where a kid goes should already be responsibility of the parent.
If it’s all in the browser then the unprivileged user is at the mercy of whatever rules the installed browser establishes for allowing them access to. So it’s a battle between the parent (helped by the OS) being smarter at setting up local restrictions / monitoring history and the kid being smart enough to break them / act undetected.
I think the idea here would be that the OS would be able to tell the browser (or any app) that the user is only allowed content of a particular target age group, and then the browser (or whichever app) would apply any appropriate restrictions (which could include restricting virtualization primitives like WebVM, other js APIs or even network-level filtering if that’s what it takes).
You can also advocate for making use of the “guest wifi AP” many routers already provide to ensure the access to the internet for their kids is done in an allowlist basis. To the point that the kid would have to be “smart enough” to break through the WPA encryption of the main wifi access point (or find out some other social engineering way to get access to that wifi) in order to have fully free access to the internet and visit websites that allow them to circumvent age restrictions.
I don’t think so. I think it takes 1 kid in the playground to find out about https://distrosea.com/ without understand what a container or VM even is, only discovering that somehow it works, to make us of it.
Then the school admin will block it once there is a peak of traffic through the website, kids will discover proxies, someone will realize there is a business for it, make a free version with ads, etc. It’s going to be an arm race and the most dedicated kids, not necessarily the smartest or wisest, will figure it out. Eventually they’ll get the concepts behind the tools they mindlessly use until then, eventually find much better tools allowing them to bypass a lot more restrictions.
I don’t see how a browser will be able to prevent this kind of usage. They might pass age related information to each page requesting it but it takes a single page to provide the capability without using the information to be enough. If a kid has a computer at home they can setup such a service themselves.
It’s going to be an arm race and the most dedicated kids, not necessarily the smartest or wisest, will figure it out. Eventually they’ll get the concepts behind the tools they mindlessly use until then, eventually find much better tools allowing them to bypass a lot more restrictions.
Well… it depends on how do you define “smart” …but to me, that kind of dedication and resourcefulness is already showing problem-solving skills, regardless of whether they “get the concepts” (many adults don’t fully understand the tools they use either).
I don’t see how a browser will be able to prevent this kind of usage
In Firefox, you can disable websockets (and most other features or about:config settings, but the website you linked uses websockets) through a policy.json setting writable only by root, so it wouldn’t be possible for a user without root permissions to change it.
Funnily enough I just read “A third of children (32%) say they have bypassed age checks, including by
entering a fake birthdate (13%) or using someone else’s login (9%), while others used
more creative methods like drawing on facial hair” from https://www.internetmatters.org/hub/research/online-safety-act-report-2026/ this morning, so they clearly don’t have to be the “smart” or dedicated.
Yeah, that was my point… that’s why I was saying that if a kid is smart enough to to set up a VM like that they are smart enough to find alternative/easy out-of-the-box methods… the “using someone else’s login” in particular is one of the points I made earlier.
This is why I think the control should be local, and with the parents being the ones responsible. Relying on third party authentication and expecting the remote services to be able to determine the age is not gonna work.
That’s already smarter than most of my relatives.
I’d argue that controlling / monitoring where a kid goes should already be responsibility of the parent.
If it’s all in the browser then the unprivileged user is at the mercy of whatever rules the installed browser establishes for allowing them access to. So it’s a battle between the parent (helped by the OS) being smarter at setting up local restrictions / monitoring history and the kid being smart enough to break them / act undetected.
I think the idea here would be that the OS would be able to tell the browser (or any app) that the user is only allowed content of a particular target age group, and then the browser (or whichever app) would apply any appropriate restrictions (which could include restricting virtualization primitives like WebVM, other js APIs or even network-level filtering if that’s what it takes).
You can also advocate for making use of the “guest wifi AP” many routers already provide to ensure the access to the internet for their kids is done in an allowlist basis. To the point that the kid would have to be “smart enough” to break through the WPA encryption of the main wifi access point (or find out some other social engineering way to get access to that wifi) in order to have fully free access to the internet and visit websites that allow them to circumvent age restrictions.
I don’t think so. I think it takes 1 kid in the playground to find out about https://distrosea.com/ without understand what a container or VM even is, only discovering that somehow it works, to make us of it.
Then the school admin will block it once there is a peak of traffic through the website, kids will discover proxies, someone will realize there is a business for it, make a free version with ads, etc. It’s going to be an arm race and the most dedicated kids, not necessarily the smartest or wisest, will figure it out. Eventually they’ll get the concepts behind the tools they mindlessly use until then, eventually find much better tools allowing them to bypass a lot more restrictions.
I don’t see how a browser will be able to prevent this kind of usage. They might pass age related information to each page requesting it but it takes a single page to provide the capability without using the information to be enough. If a kid has a computer at home they can setup such a service themselves.
Well… it depends on how do you define “smart” …but to me, that kind of dedication and resourcefulness is already showing problem-solving skills, regardless of whether they “get the concepts” (many adults don’t fully understand the tools they use either).
In Firefox, you can disable websockets (and most other features or
about:configsettings, but the website you linked uses websockets) through a policy.json setting writable only by root, so it wouldn’t be possible for a user without root permissions to change it.Damn 1month ago.
Funnily enough I just read “A third of children (32%) say they have bypassed age checks, including by entering a fake birthdate (13%) or using someone else’s login (9%), while others used more creative methods like drawing on facial hair” from https://www.internetmatters.org/hub/research/online-safety-act-report-2026/ this morning, so they clearly don’t have to be the “smart” or dedicated.
Yes, sorry I had a busy month :P
Yeah, that was my point… that’s why I was saying that if a kid is smart enough to to set up a VM like that they are smart enough to find alternative/easy out-of-the-box methods… the “using someone else’s login” in particular is one of the points I made earlier.
This is why I think the control should be local, and with the parents being the ones responsible. Relying on third party authentication and expecting the remote services to be able to determine the age is not gonna work.
Pretty much.