The Do Not Track header didn't die because of an arms race, it died because there wasn't any legislation making it criminal to track people who had explicitly indicated to you that they did not wish to be tracked.

Kids (especially ones close to the age of legal access anyway) will try (and succeed) in bypassing any sort of restriction on adult content including any of the digital ID garbage. There are any number of software scams targeting everybody, and your hypothetical just be another one; I doubt that it would increase the total number of such scams.

But requiring sites with adult content by law to require what would sort of be the opposite of Do Not Track flag (Let Me In?) would at least mean that kids would have to do something illicit on the client side to access adult websites that they would have to hide from their parents. If you made sure their phone or Chromebook was nerfed, you could make sure they couldn't install extensions or software that added the flag, you could strip it from their network requests; you could even strip it at the router. [edit: you could even opt-in with your phone company to strip it from your kid's phone's network requests.] You as a parent, and people who have nothing to do with kids, could trivially opt-in.

> The Do Not Track header didn't die because of an arms race, it died because there wasn't any legislation making it criminal to track people who had explicitly indicated to you that they did not wish to be tracked.

That was the first big problem. The second was that some versions of MSIE set the header by default, without the user having taken any action to request it. This made it infeasible for any major web sites to honor the header - by doing so, they'd break functionality for most MSIE users. (MSIE was, at the time, still the dominant desktop web browser.)

In a case like this, perfect is the enemy of good.

A locked down iPhone or Chromebook is going to thwart everyone but the most determined without compromising any privacy.

sure, but plenty of software already exists for those devices to block adult content and social media. it works just fine without a header. its actually even better, because that software can even block nefarious websites that would never comply with adding a header

Blocklists are useful, but a hint from the website that, actually, they don't want to cater to children would be useful when those blocklists aren't up to date.

Yeah, DNS blocking and browser lists are simple too. Sure. So why problem are the politicians trying to solution for?

> 1) software that makes it easy to do for the layman (browser extensions etc.), and

It's already a given that this only works on a locked-down device. Making it a simple binary "is this device owned by a minor" switch means parents will actually be able to understand it.

> 2) scams and malware that target children offering a "bypass" to access adult websites

And advertising to children should also be banned, so they won't be exposed to such scams, among other things. Thankfully this header lets the site know if they're breaking the law by showing scam ads, which makes prosecution super easy.

> I think this would end up similar to the Do Not Track header which ultimately no one cared about or took seriously.

Oh, of course none of this works unless it has the teeth of law to back it up.

Also it already exists. It's called the RTA header; and it was invented by the porn industry decades ago to try and appear as a responsible self-regulating industry. (Total failure at that.)

RTA seems reasonable to me, on a technical level. But the porn industry can't force anyone to implement the client side of it. Legislators itching to "do something" should've focused on that.