Yeah, Google's pretty much required to do this by US law though (the Children's Online Privacy Protection Act) - I'll leave the "think of the children" jokes to other folks.
Google's already giving you a free service. Why should Google go through all that paperwork because you didn't read or comply with their Terms of Service? These people need to suck it up and find another way for their kid to talk to his grandparents.
The main complaint of the article is that most social networks have US-centric TOS. It's not just about finding a different provider, it's that they might not be able to find a social network that doesn't enforce COPPA internationally.
Actually COPPA only applies to subjects who live in the U.S., so his point is a fair one. Even so, according to Wikipedia it requires a large amount of paperwork. Although I agree developers have a responsibility to be aware of this, I think these parents have a greater responsibility not to pass this attitude on to the next generation.
The law applies to entities with any commercial presence in the US collecting any personal information from children. It makes no distinction where the children are located or where the data is stored.
COPPA is a US law that applies to US corporations. It's not enforced on the child, it's enforced on Google. The nationality and location of the child is irrelevant (legally).
Correct me if I'm wrong, but the under 13 law (in US and some other places, or "policy" rather than law for Google internationally) is only without a guardian's permission, so if a letter was written on behalf of him, they would reactivate it?
Well, certainly that's the case with the law - as to Google policy, that's where you should correct me if I'm wrong.
Edit, on a side note, if the author is the poster here (or reads HN either way): I really like your writing. The story itself normally wouldn't make me care a huge amount (a short version is "a ten year old can't use a 13 and over service"), but I actually found myself really empathising and feeling upset on his behalf.
Last I remember, they required the parent's permission in the form of a fax or some other annoying format, so many sites just didn't bother accepting permission and banned under-13 users.
This was 4-5 years ago, though. I pretty much got used to lying about my age everywhere (every PHPBB forum had the same age-confirmation form before the registration process, for example), and I guess this kid probably will too. It'll be annoying for him when he actually does turn 13 and has to figure out how to change his DOB on sites (a lot of which don't let you).
You can have free email because Google doesn't have to pay people to manually process and evaluate these kinds of requests. Ignorant, self-serving politicians and their sheepish, easily manipulated constituents are the reason we can't have nice things.
Why is that parents can't give consent to their young (<13y/o) child using Google account?
Parent logs into his/her account, parent creates kid's account, parent states real age (10 years), parent expresses consent, child uses the new account. Is it that complex?
Why is that parents can't give consent to their young (<13y/o) child using Google account?
Because then when <insert bad thing> happens on the internet, the service provider gets blamed, even if the parent obviously should have been watching their child.
> Parent logs into his/her account, parent creates kid's account, parent states real age (10 years), parent expresses consent,
How do you prove that it's the kids parent thats giving this permission and not a random adult the kid asked to pretend being his parent?
> Why is that parents can't give consent to their young (<13y/o) child using Google account?
Because the parents probably have to provide written proof and it costs Google money to process such non-automated requests. You basically have millions of children below the age of 13. If everybody wanted to sign up their kids, Google would have to hire people to do nothing else than to just process the written or faxed permissions. Its way easier and cheaper to just exclude pre-13s from the service.
You don't, but the chain of responsibility is short. You gave a fake age, that is against the rules, your account is suspended for that plus being underage in the first place.
Managing and auditing a longer chain of responsibility, and setting up the rules for what happens if something in the chain becomes known to have been false, can be a royal pain both technically and legally (particularly when you consider that different countries have widely varying laws regarding who can be responsible for what, what rights there are to start with and what you can sign away, and so forth). The complications can multiply up very quickly once are considering more than one entity (the one that sets up the account and is claiming to be doing so truthfully), and once you allow chains like that you could have a chain of many people who each vouched for each other and each could be fake in some way.
How does every other freaking kids' site do this? You're telling me Google is incapable of figuring that out?
The only evidence they have he's less than 13 is his honest answer to their question. The only evidence the law holds them to is billing the parents a dollar, or really, just the assertion that they're an adult. Microsoft manages this for their online properties. Why can't Google? Because Google doesn't care to.
I created a Google Apps account for the family, and simply created sub accounts for my kids. No terms of use anywhere in sight when creating the accounts for the kids. So that basically does what you want.
(Google Apps doesn't work with Google+ yet, but that will surely be fixed)
While that might be the answer for you, it's not a usable solution for me and I guess for most people. Having my mail available from everywhere is an important feature. I guess I could set up my own webmail, but I'll be hard pressed to find something that matches the quality of gmail. Oh well, it's not like RMS didn't warn us ...
You make a good point, but I wonder how quickly a suitable solution would evolve if we could kill the momentum of services like Google Mail a bit.
The tools to do local mail hosting, IMAP, webmail, etc. all exist. From personal experience, configuring them is a pain in the backside if you're not an experienced sysadmin, which of course includes almost everyone. If that could be overcome, the tech is there.
As for hosting, there are various blog platforms where you have a choice between hosting the code yourself, either on your own machine or on a system included with your personal ISP account, or using a site such as wordpress.com where they do the maintenance and in some cases charge money for extras but the software and data formats are basically the same. I see no reason a similar model couldn't work for e-mail, and if a particular e-mail platform started to take off, there is no reason for ISPs not to support it locally; most of them have always offered some sort of included e-mail mailbox and webmail facility anyway, just not of the calibre of Google Mail and not necessarily easily compatible with other systems.
Basically, I think the problems with a better solution that doesn't leave you at the mercy of a big organisation like Google are genuine but not insurmountable. It's more about usability and standardisation/interoperability than about technical issues.
Right. We're talking about a social network here, where other people are interacting with you based on the data you entered. Sure, you can fake your birthday (and interests, gender etc..), but if you do this you're either not grasping the idea of these social networks or you're creating one of these 'I'm just in to snoop on people I know' account.
So I certainly think it makes sense to give out real data, iff you plan to use the service as intended.
That said, the bigger problem is that Google happily accepted his date of birth in Google+, added it to the Google account and afterwards locked him out of every Google service. That's crap. And it just proves once more how Google aggregates all the data about you. If I fill in an innocent field on a 'fun' service, should it really have consequences for (or even be connected to) my main online identity?
I can't speak on how social media is supposed to be used (since I don't even have a facebook account), but wouldn't the kid mostly be in contact with people who know him or her outside of the computer (such as friends and family), making the "displayed age" (you can turn the display off, right?) useless? Faking a birthday seems pretty harmless and I don't see how it would hinder your experience on anything unless you enter the wrong age that gets you banned like this instance. When I was in my early teens I role played on a game and met a lot of people there I'm still in contact with, I interacted with 20+ year olds when I was 13 and there were a few younger people too.
Of course, I didn't fake my interests/gender/etc. but I've never been in the habit of storing age/location info with a private service; it's available publicly anyway, but you have to use inductive reasoning to link the data. If you want people to know your birthday, I don't see why you can't just tell them in person or email or whatever and leave the "official" fake birthday what it is.
My Facebook "friends" don't need to know my birthday if I haven't told them. And I don't give a rat's ass about them wishing me happy birthday on there either.
> That said, the bigger problem is that Google happily accepted his date of birth in Google+, added it to the Google account and afterwards locked him out of every Google service.
Well said, I think the most worrying part is that google didn't even warn us it was going to use this information across all its services, this is the first time I'm actually disappointed by google.
Do not ever do this with outlook.com. A college I do work for setup student e-mail through outlook.com (the edu services were pretty good). One of the students put the current year her birthday. The admin account for the domain then became her "parent" and had to approve all e-mails. To fix this requires calling customer support and getting bitched out by someone from another country (I am not kidding). It was very frustrating.
The fact is, he didn't need to enter a birth date. GMail didn't ask for one. Youtube did. So he only had a GMail account.
He joined Google+ and _could_ optionally add a day of birth, because - well. You want your friends in a social network to post 'All the best' or whatever. So he provided this option freely, to share it with his circles of friends.
Not to link it to his main online identity. I don't think that it is obvious that there's a neat 'Hah! Another one entered his DOB in Google+ and is < 13, let's shut him out' trigger.
And here we have illustration #447 of why people who aren't database administrators neither need nor want universal identity. Gmail did not have to know this kid was a kid. But it spied on his social network and now it knows.
A human exhibiting this same behavior - peeking in his or her customers' windows to see if they're technically
violating terms of service in their private lives - would have been called a nosy busybody.
This is a major reason to avoid Google services. They are learning to better simulate a company that cares about privacy, but it's all still Big Brother at the back end.
Well. True. But as I've said elsewhere in the thread, Microsoft seems capable of handling COPPA just fine with minimal bother, and Google really doesn't give a shit if you're left without recourse.
COPPA gives an (easy?) way out - the parents just have to fax in their consent for their underage son to use their service. There is no law stopping the kid, Google probably just doesn't want to be inundated with such requests.
Fax? Easy? So now you need to go through some pointless, antiquated charade just to indicate that you consent to let your kids use the service? It would cost far more to have someone looking at the faxes and correlating them with the appropriate accounts than they gain by allowing minors to use their site. Google is not a charity; COPPA has made it far to expensive to bother keeping profiles for minors, so they just ban it, like just about every other significant online service.
The relevant information could easily be OCRed from the faxes (even more if they provide a standard form), only requiring a one click human validation.
And those parents seem to be beyond repair. They should be experienced enough about life to not teach their son useless ivory-tower ethis like "dont lie". He will find out about the power of lying sooner or later himself, and every year he tries to abide by their logic, he will be hurt, lied to and deceived by others who have mastered it before him. Depending on how much damage they cause by such a nonsensical upbringing, he might end up hating them later. By telling him to be the only one not to lie, they are basically lying to him about how the "real world" works.
You don't have to lack ethics yourself to be unphased by others' lack of them. I don't know if you're just trolling or something but I think this needs to be addressed either way. Dishonesty has the distinct disadvantage of leaving you with the need to maintain a fabrication; honesty has the huge advantage of meaning you have nothing to hide. If you slip up your reputation is tarnished and even if you don't you have to actually maintain the lie. If you really believe the best way through life is to lie your way through it then I really pity you.
Sometimes lying is necessary though. In this case for instance, while the real solution would be to have Google's policy and the law changed, it's unlikely that's going to happen for a ten year-old kid. My parents have always told me to "pick your battles", and I think this is a clear example of a battle that's easier won by lying.
Morality aside: maintaining a fabrication is also not difficult for some people. You just need to make sure to think your lies through, and maintain two levels of backup explanations in case someone does poke their way through. Weaving details through primary and backup explanations can be difficult, but that's where practice comes in.
If his argument had had points, I'd agree. It's just that it wasn't an argument - it was a screed that the parents should have known better and are entirely at fault, and I reject his standing, as he clearly has no idea what he's talking about.
Agreed. There's a time and a place for everything and white lies make the world go round when used wisely.
However, I think you were voted down because it's difficult to find the line between a child making wise judgments within context and assuming they can lie in every scenario for their own benefit. That's a tricky one to walk, so it's better to play it safe until you're dead sure they can rationalize about the "real world." This is likely to be higher than age 10 for many kids.
To be fair, nobody will ever raise a normal child who does not lie. It's an adaptive behavior brought about in most children by the age of three, but some studies indicate that it develops earlier in more intelligent children[1].
That's not to say that teaching kids that "lying is bad" isn't a noble goal, but you're going to have a really tough time convincing them when they can clearly see the benefits of it in their daily life (an extra cookie when Mom's out of the room, No detention because the dog ate their homework).
Perhaps a more realistic goal is to channel their learning into teaching the difference between lies.
But I think the whole argument is a bit of a "Red Herring" or is mostly irrelevant. The whole argument reeks of flame-war induced fallacies.
I figure that something happened like the following.
- Google enforces mail policies.
- kid cries.
- parents broken hearted, outraged, determined to share outrage
- article posted, misleading, overly emotional linkbait headline included
- internet response: "who cares, just lie"
- parent, embarrassed, defensive & still outraged, formulates weak knee-jerk rebuttal.
- internet response: "flame on"
The parents are IMO wrong, they may or may not also think they're wrong, but are having trouble publicly backing down from the mostly-stupid position that they took, and continue to argue for the sake of arguing.
Or they actually believe it. Which is a bit stupid, but hey, stupid people exist too. I don't think they're dumb, just caught up in the emotions that stir whenever you witness your own child crying.
That may be the idea, but in practice young children are just officially banned from everything because dealing with the law is too expensive and/or risky.
This is most likely an automated trigger that blocked & scheduled for deletion that account. Even for a company as big as Google it's impossible to have these type of things reviewed by humans. What I do hope is that they'll create a channel for complaints if the user should want to.
What I don't understand is the way the parent behaves. He knows he's in the wrong and he still feels outraged because Google blocked the e-mail. Even though nobody reads the ToS it doesn't mean that they are moot. Google didn't make his son cry, his father did.
IANAL, but the TOS is probably moot in the country where he is from (the Netherlands), so he is not in the wrong. Dutch law has several requirements for a TOS to be valid and simply clicking "I agree" is not enough.
But isn't Google subject to American laws, being an American based company? I'm just asking, I don't have experience in these type of legal matters, but it seems to me that they are supposed to do that.
The Netherlands will say it's subject to the Netherlands' laws, and the US will say it's subject to US law. What actually gets enforced is a matter of diplomacy.
A minor is not likely to have immediate spending power, only influence. Google is in the business of making sellers meet buyers. No matter how hard we look at this, that's the fundamental nature of "the Google." It is probable that Google's segmentation of the market shows most minors as being engaged best via TV.
Most of us tend to forget that we are the product that Google is marketing.
I think it's unfair that under 13s aren't allowed to use Gmail. But being able to use email, code in Python and use Powerpoint, doesn't mean he has the maturity to use social networking.
The internet is a cruel place, and hysteria about online predators aside, I think that the biggest risk to kids is from their own peer group. I recently encountered a fake profile on FB that was harassing high school kids, including a cousin, by spreading rumours about them. The rumours seemed silly to an adult, but the reactions of the victims on the perpetrator's wall were telling: begging, swearing, threatening (incidentally, Facebook's abuse system was pretty useless, I got the account killed because I figured out who the bully probably was, and dropped a few not-so-subtle-hints threatening to expose her). If teenagers are so distressed by online bullying, it would be worse for pre-teens.
I have sympathy for Alex and his parents, but I don't blame the law for blocking young children from accessing these services, especially social networking sites.
I disagree with you. I do not believe government regulations in these areas work. 13 is an arbitrary age. Bully happens even after age of 13.
It should be up to the parents to monitor and regulate their kids' internet access. Parents not government has the responsibility of their children's welfare.
Some kids can be a bit more mature at a younger age, some don't.
I agree completely, as a teenager myself despite wanting to stay away from such petty, defaming conversations, you eventually get hauled in, either because one of your friends starts believing them in which case you're social life is at stake, or because any new acquaintances will be sorely misled by those comments.
The issue is not with blocking access to Google+, it is with the (impending) deletion of his ~2 years worth of emails. I don't believe you need to be 13 years old to use email, I know I was using it at around Alex's age.
Interestingly, I've just taken a look at the gmail signup process, and the birthdate field appears when I select location "US" but not when you select "UK"
I'm sure I remember seeing an google advert recently (in the UK) where a father sends emails to his child over several years for the child to receive when they're old enough to use email - and I'm sure the child's email was a gmail account (I may be mistaken, though).
I hate to be that guy that links to xkcd comics, but here it goes anyway: http://xkcd.com/743/
Google is under no obligation to allow 13-year-olds on their service anyway, and I'm sure the age limit comes from legal restrictions, not just ageism on Google's part.
Fortunately, e-mail is already an open protocol, and you can get a working e-mail address anywhere. I understand the attraction of Gmail (it's free, user-friendly and offers a lot of storage) but it comes with some conditions; that's part of the deal.
286 comments
[ 4.9 ms ] story [ 281 ms ] threadhttp://www.ftc.gov/ogc/coppa1.htm
Well, certainly that's the case with the law - as to Google policy, that's where you should correct me if I'm wrong.
Edit, on a side note, if the author is the poster here (or reads HN either way): I really like your writing. The story itself normally wouldn't make me care a huge amount (a short version is "a ten year old can't use a 13 and over service"), but I actually found myself really empathising and feeling upset on his behalf.
This was 4-5 years ago, though. I pretty much got used to lying about my age everywhere (every PHPBB forum had the same age-confirmation form before the registration process, for example), and I guess this kid probably will too. It'll be annoying for him when he actually does turn 13 and has to figure out how to change his DOB on sites (a lot of which don't let you).
Question is: written to whom? What is the channel for that?
There seems to be none. No way to explain and no recourse. And that's why we can't have nice things.
Parent logs into his/her account, parent creates kid's account, parent states real age (10 years), parent expresses consent, child uses the new account. Is it that complex?
Because then when <insert bad thing> happens on the internet, the service provider gets blamed, even if the parent obviously should have been watching their child.
How do you prove that it's the kids parent thats giving this permission and not a random adult the kid asked to pretend being his parent?
> Why is that parents can't give consent to their young (<13y/o) child using Google account?
Because the parents probably have to provide written proof and it costs Google money to process such non-automated requests. You basically have millions of children below the age of 13. If everybody wanted to sign up their kids, Google would have to hire people to do nothing else than to just process the written or faxed permissions. Its way easier and cheaper to just exclude pre-13s from the service.
Managing and auditing a longer chain of responsibility, and setting up the rules for what happens if something in the chain becomes known to have been false, can be a royal pain both technically and legally (particularly when you consider that different countries have widely varying laws regarding who can be responsible for what, what rights there are to start with and what you can sign away, and so forth). The complications can multiply up very quickly once are considering more than one entity (the one that sets up the account and is claiming to be doing so truthfully), and once you allow chains like that you could have a chain of many people who each vouched for each other and each could be fake in some way.
In the same way they "know" the kid is 13 because he happened to select that from a pop-up menu somewhere.
That is to say, why should that proof require rigor that doesn't exist in the original html form that got him into this mess in the first place?
So if I fat-finger my birthday when setting up google+ I'm going to have my gmail shut down until I can somehow prove to them I just messed up?
Weak.
The only evidence they have he's less than 13 is his honest answer to their question. The only evidence the law holds them to is billing the parents a dollar, or really, just the assertion that they're an adult. Microsoft manages this for their online properties. Why can't Google? Because Google doesn't care to.
They generally get fined.
Here: http://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Pro...
This is the law.
(Google Apps doesn't work with Google+ yet, but that will surely be fixed)
My 2012 project is going to be to quit gmail somehow and get back to imap with local storage.
Why not buy the kid his own domain name and teach him how to set it up and use a local email program (Thunderbird?)
The tools to do local mail hosting, IMAP, webmail, etc. all exist. From personal experience, configuring them is a pain in the backside if you're not an experienced sysadmin, which of course includes almost everyone. If that could be overcome, the tech is there.
As for hosting, there are various blog platforms where you have a choice between hosting the code yourself, either on your own machine or on a system included with your personal ISP account, or using a site such as wordpress.com where they do the maintenance and in some cases charge money for extras but the software and data formats are basically the same. I see no reason a similar model couldn't work for e-mail, and if a particular e-mail platform started to take off, there is no reason for ISPs not to support it locally; most of them have always offered some sort of included e-mail mailbox and webmail facility anyway, just not of the calibre of Google Mail and not necessarily easily compatible with other systems.
Basically, I think the problems with a better solution that doesn't leave you at the mercy of a big organisation like Google are genuine but not insurmountable. It's more about usability and standardisation/interoperability than about technical issues.
So I certainly think it makes sense to give out real data, iff you plan to use the service as intended.
That said, the bigger problem is that Google happily accepted his date of birth in Google+, added it to the Google account and afterwards locked him out of every Google service. That's crap. And it just proves once more how Google aggregates all the data about you. If I fill in an innocent field on a 'fun' service, should it really have consequences for (or even be connected to) my main online identity?
Of course, I didn't fake my interests/gender/etc. but I've never been in the habit of storing age/location info with a private service; it's available publicly anyway, but you have to use inductive reasoning to link the data. If you want people to know your birthday, I don't see why you can't just tell them in person or email or whatever and leave the "official" fake birthday what it is.
This could be fixed by using the correct date but putting an earlier year.
Well said, I think the most worrying part is that google didn't even warn us it was going to use this information across all its services, this is the first time I'm actually disappointed by google.
I press page down a few times when I tab to the year field myself!
He joined Google+ and _could_ optionally add a day of birth, because - well. You want your friends in a social network to post 'All the best' or whatever. So he provided this option freely, to share it with his circles of friends.
Not to link it to his main online identity. I don't think that it is obvious that there's a neat 'Hah! Another one entered his DOB in Google+ and is < 13, let's shut him out' trigger.
A human exhibiting this same behavior - peeking in his or her customers' windows to see if they're technically violating terms of service in their private lives - would have been called a nosy busybody.
This is a major reason to avoid Google services. They are learning to better simulate a company that cares about privacy, but it's all still Big Brother at the back end.
Also, they operate with this age requirement even for people who don't live in and have never been to the country where this law exists.
What an appalling user experience—and on so many levels. It should have at least warned him that by setting his age he was in violation of the TOS.
http://www.sunpig.com/martin/archives/2011/07/03/google-made...
Morality aside: maintaining a fabrication is also not difficult for some people. You just need to make sure to think your lies through, and maintain two levels of backup explanations in case someone does poke their way through. Weaving details through primary and backup explanations can be difficult, but that's where practice comes in.
However, I think you were voted down because it's difficult to find the line between a child making wise judgments within context and assuming they can lie in every scenario for their own benefit. That's a tricky one to walk, so it's better to play it safe until you're dead sure they can rationalize about the "real world." This is likely to be higher than age 10 for many kids.
That's not to say that teaching kids that "lying is bad" isn't a noble goal, but you're going to have a really tough time convincing them when they can clearly see the benefits of it in their daily life (an extra cookie when Mom's out of the room, No detention because the dog ate their homework).
Perhaps a more realistic goal is to channel their learning into teaching the difference between lies.
But I think the whole argument is a bit of a "Red Herring" or is mostly irrelevant. The whole argument reeks of flame-war induced fallacies.
I figure that something happened like the following.
The parents are IMO wrong, they may or may not also think they're wrong, but are having trouble publicly backing down from the mostly-stupid position that they took, and continue to argue for the sake of arguing.Or they actually believe it. Which is a bit stupid, but hey, stupid people exist too. I don't think they're dumb, just caught up in the emotions that stir whenever you witness your own child crying.
[1] http://psychcentral.com/blog/archives/2008/02/11/why-do-kids...
http://www.srcd.org/journals/cdev/0-0/Talwar.pdf
Avoids COPPA hassles and issues with deletion.
Note: I worked on this issue for a Fortune 100 company when COPPA was passed.
Most of us tend to forget that we are the product that Google is marketing.
The internet is a cruel place, and hysteria about online predators aside, I think that the biggest risk to kids is from their own peer group. I recently encountered a fake profile on FB that was harassing high school kids, including a cousin, by spreading rumours about them. The rumours seemed silly to an adult, but the reactions of the victims on the perpetrator's wall were telling: begging, swearing, threatening (incidentally, Facebook's abuse system was pretty useless, I got the account killed because I figured out who the bully probably was, and dropped a few not-so-subtle-hints threatening to expose her). If teenagers are so distressed by online bullying, it would be worse for pre-teens.
I have sympathy for Alex and his parents, but I don't blame the law for blocking young children from accessing these services, especially social networking sites.
It should be up to the parents to monitor and regulate their kids' internet access. Parents not government has the responsibility of their children's welfare.
Some kids can be a bit more mature at a younger age, some don't.
Like many prohibition laws, this one won't work.
I'm sure I remember seeing an google advert recently (in the UK) where a father sends emails to his child over several years for the child to receive when they're old enough to use email - and I'm sure the child's email was a gmail account (I may be mistaken, though).
He probably doesn't want to make the long-distance call to his congressman, given that he's in the Netherlands.
Google is under no obligation to allow 13-year-olds on their service anyway, and I'm sure the age limit comes from legal restrictions, not just ageism on Google's part.
Fortunately, e-mail is already an open protocol, and you can get a working e-mail address anywhere. I understand the attraction of Gmail (it's free, user-friendly and offers a lot of storage) but it comes with some conditions; that's part of the deal.
Link for those who don't know what I'm on about: http://www.youtube.com/watch?v=R4vkVHijdQk
On the internet you can and should lie, cheat and steal, just don't harm real people.