If Facebook and TikTok can’t keep kids safe, maybe Apple can

What if the key to protecting kids online lies not in the hands of apps and websites, but device makers themselves?

A teenager playing on a tablet.

if Facebook can't solve the problem, it might be well past time to start thinking about who could.

Photo: SDI Productions via Getty Images

At a moment of almost frightening technological advancement, the tech industry's best defense against children accessing websites and apps that they legally shouldn't are pop-up windows asking for their birthdays. For any kid old enough to fib, cracking these remarkably flimsy age gates is so easy that, well, a child can do it.

Knowing this, tech platforms like Instagram and TikTok try to algorithmically divine which of their users are underage and boot them from their platforms by the millions, while simultaneously writing rules to make the stuff all other users see a little less awful. But, as recent reporting shows, those interventions have hardly solved the problem.

It's little wonder, then, that lawmakers looking for a fix are forever introducing bills to impose new requirements on social media companies and demanding the leaders of those companies testify before Congress. On Thursday, Facebook's head of global safety will do the honors.

But for all of the attention on what social media platforms can and should be doing, lawmakers in Washington, and indeed around the world, have devoted far less time to the role device and operating system makers — namely, Apple and Google — should play in keeping kids safe online.

Alex Stamos, director of the Stanford Internet Observatory and Facebook's former chief of security, called attention to this regulatory blind spot in a Twitter thread this week, following Instagram's announcement that it would pause development on a kid-friendly version of the app in the wake of heightened scrutiny about Instagram's impact on teens' mental health.

Kids, Stamos pointed out, are already using social media — and a lot of times, their parents are letting them. If lawmakers really wanted to keep kids off of those apps in a way that wasn't so easy to circumvent, they might be better served focusing on a different point in the tech stack.

"Require mobile devices (phones and tablets) sold in the US to include a flow, triggered during initial setup, that asks if the primary user is a child and stores their birthdate locally. The calculated age (rounded to year) should be provided via API to every app," Stamos suggested. If device makers required ages at setup, Stamos wrote, then app stores could use that likely more reliable information to filter out underage users, rather than relying on their own insufficient age gates.

Lawmakers could also require apps that allow kids on their platforms to publish "child safety plans" that vary based on how old the user is, Stamos added. A 6 year old, after all, needs different guardrails than a 16 year old. "We are way too early in the field to have a unified set of product features that work for everybody," he wrote, "but we can at least encourage thoughtful design."

It's a Twitter thought experiment that would obviously need some fleshing out to address complexities like what to do about devices that are shared among family members. But few proposals for fixing online platforms are without their complications. Stamos' plan is relatively modest as compared to, for example, lawmakers' frequent and sweeping suggestions that Section 230 be gutted or overturned.

The most shocking thing about this proposal is perhaps that it's not already a big part of the conversation about keeping kids safe on social media — or even part of the conversation at all. Instead, both existing laws like the decades-old Children's Online Privacy Protection Act, or COPPA, and more recent proposals like the KIDS Act, focus on securing kids' data, preventing harmful content from being shown to kids and limiting manipulative marketing practices. All the focus is on the online services themselves.

"What's in front of us can often suck up a lot of the air in the room, because it's so outrageous," Ariel Fox Johnson, senior counsel for global policy at Common Sense Media, said, explaining why so much regulatory focus falls on online platforms and not on hardware makers. Johnson said she's not aware of any bills that have been proposed in the U.S. that would require device makers to do more age-gating, though she said she "would be supportive of device makers and others giving that as an option."

It's not that device makers aren't trying to implement parental controls. Apple and Android both offer parents ways to restrict apps on a device, set time limits for apps and limit access to apps and other content based on their age ratings. But those settings aren't on by default and don't trigger age-appropriate experiences inside the apps themselves once launched. Access is either on or off, with no in-between.

Previous efforts by device makers to institute more controls haven't been without controversy. When Apple launched Screen Time in 2019 and began kicking other parental control apps out of its store for alleged privacy violations, those apps accused the tech giant of anticompetitive behavior, and eventually Apple backed down from the crackdown.

Apple also pumped the brakes on a more recent plan to curb child exploitation by alerting parents of kids under 13 when their children were about to send or receive images Apple's algorithms determined to be sexually explicit. That plan prompted an immediate outcry from activists who said Apple's proposal would put vulnerable kids, particularly LGBTQ+ youths, at unnecessary risk. Within weeks, Apple said it would delay the plan in order to "collect input and make improvements."

Still, while people objected to the notion that Apple might inadvertently endanger kids by ratting them out to abusive adults, the concern largely had nothing to do with Apple knowing which of their users are kids in the first place. And that's where a proposal like the one Stamos floated begins.

Apple declined to comment on Stamos' idea, but pointed Protocol to its existing parental controls in Screen Time and the fact that, in the U.S., users have to be 13 to create an Apple ID.

Facebook has previously said it wants to work with "operating system (OS) providers, internet browsers and other providers" on ways they can share information with apps about users' ages, without violating their privacy. "While it's ultimately up to individual apps and websites to enforce their age policies and comply with their legal obligations, collaboration with OS providers, internet browsers and others would be a helpful addition to those efforts," a July blog post read.

None of this is to say that putting limits on online platforms themselves isn't an important part of any solution. The FTC is reportedly considering proposing a new online privacy rule, in lieu of federal privacy legislation that has still failed to materialize despite years of debate.

Advocacy groups like Common Sense are pushing for laws that would require platforms to more clearly identify advertisements and limit ad targeting, all interventions Johnson said could curb some of the more manipulative aspects of social media — not just for kids, but for everyone.

That's another often-overlooked aspect of the debate around child safety online, said Evan Greer, director of digital rights advocacy group Fight for the Future. "It may be convenient or enticing for lawmakers to pass legislation that they can say is protecting kids," Greer said. "It would be better if they would pass legislation that protects everyone, and helps build a more open, democratic and safe world for our kids to grow up in."

Prioritizing kids' safety shouldn't preclude kids' participation in social media entirely, Greer added. Despite the well-documented dark side of kids' experiences online, young people have also used social networks to build important social movements like the March for Our Lives. And for LGBTQ+ youths feeling isolated or depressed, Greer added, social media can be "a lifeline."

"We should be fighting for a world where young people are safe online, but also a world where young people can harness the power of the internet to fight for a better world," Greer said.

Facebook has sought to frame its now-paused Instagram for kids product as exactly that: an age-appropriate alternative to its main app that still offers kids the upside of social media. But given the company's track record — and its obvious self-interest in hooking another generation of users — both lawmakers and children's advocacy groups are understandably wary of letting Facebook build its own fix.

"To the extent we're going to trust a company to make a compelling and healthy and safe kids' product, Facebook would not be the first company on our list and could easily be one of the last," Johnson said.

Of course, if Facebook can't solve the problem, it might be well-past time to start thinking about who could.

This story has been updated to include Facebook's comment.



Thousands of U.S. businesses sold more than $50 billion worth of their products to Chinese consumers with Alibaba last year. Alibaba provides the tools and infrastructure that U.S. businesses need to build their brands in China and reach local consumers.



Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories