Script updating gh-pages from 2447bd1. [ci skip]

ID Bot · ID Bot · commit f4f521eebbbb · 2025-08-04T04:32:41.000Z
diff --git a/draft-nottingham-iab-age-restrictions.html b/draft-nottingham-iab-age-restrictions.html
@@ -1207,11 +1207,19 @@ <h3 id="name-centralization">
 <p id="section-2.1-6">Even when multiple parties provide verification services, centralization can emerge if there is too much friction against user switching between them. For example, if Web sites rather than end users select the verification service used, this does not create a market that respects end user preferences; it only respects the self-interest of sites.<a href="#section-2.1-6" class="pilcrow">¶</a></p>
 <p id="section-2.1-7">Age restriction systems can also have secondary effects that lead to centralization. For example, if an age restriction system requires use of a particular Web browser (or a small number of them), that effectively distorts the market for Web browsers.<a href="#section-2.1-7" class="pilcrow">¶</a></p>
 <p id="section-2.1-8">Thus, centralisation is a primary consideration for age restriction systems. Internet infrastructure is designed in a way to avoid centralization where it is technically possible, or to mitigate centralization risks where it is not. Since there is nothing inherently centralized about determining a person's age -- i.e., there are many ways to come to that conclusion -- centralization should be avoided, not merely mitigated, in these systems.<a href="#section-2.1-8" class="pilcrow">¶</a></p>
-<p id="section-2.1-9">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
-* Avoid reliance on a single party to provide age verification services
-* Provide some mechanism for easy switching between verification services by end users
-* Avoid requiring use of an arbitrarily limited set of operating systems, Web browsers, client programs, or other software or hardware<a href="#section-2.1-9" class="pilcrow">¶</a></p>
-<p id="section-2.1-10"><span>[<a href="#CENTRALIZATION" class="cite xref">CENTRALIZATION</a>]</span> explores these issues greater detail.<a href="#section-2.1-10" class="pilcrow">¶</a></p>
+<p id="section-2.1-9">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:<a href="#section-2.1-9" class="pilcrow">¶</a></p>
+<ul class="normal">
+<li class="normal" id="section-2.1-10.1">
+            <p id="section-2.1-10.1.1">Avoid reliance on a single party to provide age verification services<a href="#section-2.1-10.1.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.1-10.2">
+            <p id="section-2.1-10.2.1">Provide some mechanism for easy switching between verification services by end users<a href="#section-2.1-10.2.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.1-10.3">
+            <p id="section-2.1-10.3.1">Avoid requiring use of an arbitrarily limited set of operating systems, Web browsers, client programs, or other software or hardware<a href="#section-2.1-10.3.1" class="pilcrow">¶</a></p>
+</li>
+        </ul>
+<p id="section-2.1-11"><span>[<a href="#CENTRALIZATION" class="cite xref">CENTRALIZATION</a>]</span> explores these issues greater detail.<a href="#section-2.1-11" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="privacy-and-security">
@@ -1228,13 +1236,25 @@ <h3 id="name-privacy-and-security">
 <p id="section-2.2-7">Furthermore, exposing information beyond age to services creates additional privacy and security risks. For example, an age verification system that also exposes the country a person is a citizen of allows sites to discriminate against that attribute, which is beyond the purpose of age restriction.<a href="#section-2.2-7" class="pilcrow">¶</a></p>
 <p id="section-2.2-8">Finally, even on its own a simple attribute like 'age in years' or 'birthdate' can be used to add entropy to an identifier for the end user, creating a new tracking vector when exposed to services that collect such information. See <span>[<a href="#TRACKING" class="cite xref">TRACKING</a>]</span>.<a href="#section-2.2-8" class="pilcrow">¶</a></p>
 <p id="section-2.2-9">In all cases, the privacy and security of an age restriction system needs to be proven: considerable experience has shown that merely trusting assertions of these properties is ill-founded.<a href="#section-2.2-9" class="pilcrow">¶</a></p>
-<p id="section-2.2-10">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
-* Avoid over-collection of information by age verifiers
-* Avoid sharing information about service usage with age verifiers
-* Avoid sharing information other than age information with services
-* Minimise the amount of age information shared with services (e.g., using age brackets)
-* Be based upon publicly available specifications that have had adequate security and privacy review to the level that Internet standards are held to<a href="#section-2.2-10" class="pilcrow">¶</a></p>
-<p id="section-2.2-11">See also <span>[<a href="#PRIVACY" class="cite xref">PRIVACY</a>]</span>.<a href="#section-2.2-11" class="pilcrow">¶</a></p>
+<p id="section-2.2-10">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:<a href="#section-2.2-10" class="pilcrow">¶</a></p>
+<ul class="normal">
+<li class="normal" id="section-2.2-11.1">
+            <p id="section-2.2-11.1.1">Avoid over-collection of information by age verifiers<a href="#section-2.2-11.1.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.2-11.2">
+            <p id="section-2.2-11.2.1">Avoid sharing information about service usage with age verifiers<a href="#section-2.2-11.2.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.2-11.3">
+            <p id="section-2.2-11.3.1">Avoid sharing information other than age information with services<a href="#section-2.2-11.3.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.2-11.4">
+            <p id="section-2.2-11.4.1">Minimise the amount of age information shared with services (e.g., using age brackets)<a href="#section-2.2-11.4.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.2-11.5">
+            <p id="section-2.2-11.5.1">Be based upon publicly available specifications that have had adequate security and privacy review to the level that Internet standards are held to<a href="#section-2.2-11.5.1" class="pilcrow">¶</a></p>
+</li>
+        </ul>
+<p id="section-2.2-12">See also <span>[<a href="#PRIVACY" class="cite xref">PRIVACY</a>]</span>.<a href="#section-2.2-12" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="barriers-to-access">
@@ -1246,9 +1266,15 @@ <h3 id="name-barriers-to-access">
 <p id="section-2.3-2">Imposing these requirements means that some number of people will be disenfranchised from full use of the Internet – especially if age restriction becomes pervasive across many services. At the scale of the entire Internet (or even in a single country), this can be a large number of disenfranchised people.<a href="#section-2.3-2" class="pilcrow">¶</a></p>
 <p id="section-2.3-3">For example, many people only have Internet access from public computers (such as those in libraries), and do not have exclusive or reliable access to a smartphone. Others lack government-issued identity documents that some schemes rely upon.<a href="#section-2.3-3" class="pilcrow">¶</a></p>
 <p id="section-2.3-4">While such restrictions may be palatable in a closed system (such as on a single platform or in a single jurisdiction), they are not suitable for Internet-wide deployment.<a href="#section-2.3-4" class="pilcrow">¶</a></p>
-<p id="section-2.3-5">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
-* Avoid requiring hardware capabilities not widely available in desktop and mobile computers globally, both in terms of overall performance and specific features
-* Avoid relying on a single mechanism for proving age<a href="#section-2.3-5" class="pilcrow">¶</a></p>
+<p id="section-2.3-5">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:<a href="#section-2.3-5" class="pilcrow">¶</a></p>
+<ul class="normal">
+<li class="normal" id="section-2.3-6.1">
+            <p id="section-2.3-6.1.1">Avoid requiring hardware capabilities not widely available in desktop and mobile computers globally, both in terms of overall performance and specific features<a href="#section-2.3-6.1.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.3-6.2">
+            <p id="section-2.3-6.2.1">Avoid relying on a single mechanism for proving age<a href="#section-2.3-6.2.1" class="pilcrow">¶</a></p>
+</li>
+        </ul>
 </section>
 </div>
 <div id="fragmentation">
@@ -1260,10 +1286,18 @@ <h3 id="name-fragmentation">
 <p id="section-2.4-2">Fragmentation is a growing concern for the Internet: various local requirements are creating friction against global deployment of new applications, protocols, and capabilities. As the Internet fragments, the benefits of having a single, globe-spanning networking technology are correspondingly lessened. Although a single factor (such as diverging approaches to age restriction) is unlikely to fragment the Internet on its own, the sum of such divergences increases the risk of fragmentation greatly, risking the viability of the Internet itself.<a href="#section-2.4-2" class="pilcrow">¶</a></p>
 <p id="section-2.4-3">In the context of age restriction, fragmentation is most concerning if someone were to need to understand and interact with (possibly after some onboarding procedure) a new system for each jurisdiction they visit. This would represent a significant barrier for users who travel, and would also present increased complexity and regulatory burden for businesses, potentially leading to further lack of competitiveness in some industries by increasing costs.<a href="#section-2.4-3" class="pilcrow">¶</a></p>
 <p id="section-2.4-4">Fragmentation is best addressed by adoption of common technical standards across jurisdictions. However, it is important to recognise that the mere existence of an international standard does not imply that it is suitable for deployment: experience has shown that voluntary adoption by implementers is important to prove their viability.<a href="#section-2.4-4" class="pilcrow">¶</a></p>
-<p id="section-2.4-5">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
-* Be based upon internationally recognised, open technical standards
-* Be based upon technical standards that are voluntarily adopted by implementers
-* Be coordinated across jurisdictions wherever feasible<a href="#section-2.4-5" class="pilcrow">¶</a></p>
+<p id="section-2.4-5">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:<a href="#section-2.4-5" class="pilcrow">¶</a></p>
+<ul class="normal">
+<li class="normal" id="section-2.4-6.1">
+            <p id="section-2.4-6.1.1">Be based upon internationally recognised, open technical standards<a href="#section-2.4-6.1.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.4-6.2">
+            <p id="section-2.4-6.2.1">Be based upon technical standards that are voluntarily adopted by implementers<a href="#section-2.4-6.2.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.4-6.3">
+            <p id="section-2.4-6.3.1">Be coordinated across jurisdictions wherever feasible<a href="#section-2.4-6.3.1" class="pilcrow">¶</a></p>
+</li>
+        </ul>
 </section>
 </div>
 <div id="an-age-gated-internet">
@@ -1274,9 +1308,15 @@ <h3 id="name-an-age-gated-internet">
 <p id="section-2.5-1">The Internet is designed to be used without permission, both be servers and clients. Easy-to-use age restriction mechanisms risk creating a ‘papers please’ Internet, where a credential is required to access large portions of the Internet's services. Such an outcome would amplify the other harms listed.<a href="#section-2.5-1" class="pilcrow">¶</a></p>
 <p id="section-2.5-2">This risk is heightened if there are incentives for sites to deploy it, such as increased access to non-age data.<a href="#section-2.5-2" class="pilcrow">¶</a></p>
 <p id="section-2.5-3">Access to more granular age information also heightens many risks, because it makes a restriction system simultaneously useful in a broader variety of cases, and more attractive for misuse, because it offers more information about users.<a href="#section-2.5-3" class="pilcrow">¶</a></p>
-<p id="section-2.5-4">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
-* Make the use of age restrictions visible to end users
-* Have a structural disincentive for deployment of age-gated services online<a href="#section-2.5-4" class="pilcrow">¶</a></p>
+<p id="section-2.5-4">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:<a href="#section-2.5-4" class="pilcrow">¶</a></p>
+<ul class="normal">
+<li class="normal" id="section-2.5-5.1">
+            <p id="section-2.5-5.1.1">Make the use of age restrictions visible to end users<a href="#section-2.5-5.1.1" class="pilcrow">¶</a></p>
+</li>
+          <li class="normal" id="section-2.5-5.2">
+            <p id="section-2.5-5.2.1">Have a structural disincentive for deployment of age-gated services online<a href="#section-2.5-5.2.1" class="pilcrow">¶</a></p>
+</li>
+        </ul>
 </section>
 </div>
 </section>
diff --git a/draft-nottingham-iab-age-restrictions.txt b/draft-nottingham-iab-age-restrictions.txt
@@ -150,11 +150,17 @@ Table of Contents
    should be avoided, not merely mitigated, in these systems.
 
    Therefore, age restriction systems that are intended to become part
-   of Internet infrastructure MUST: * Avoid reliance on a single party
-   to provide age verification services * Provide some mechanism for
-   easy switching between verification services by end users * Avoid
-   requiring use of an arbitrarily limited set of operating systems, Web
-   browsers, client programs, or other software or hardware
+   of Internet infrastructure MUST:
+
+   *  Avoid reliance on a single party to provide age verification
+      services
+
+   *  Provide some mechanism for easy switching between verification
+      services by end users
+
+   *  Avoid requiring use of an arbitrarily limited set of operating
+      systems, Web browsers, client programs, or other software or
+      hardware
 
    [CENTRALIZATION] explores these issues greater detail.
 
@@ -213,14 +219,20 @@ Table of Contents
    trusting assertions of these properties is ill-founded.
 
    Therefore, age restriction systems that are intended to become part
-   of Internet infrastructure MUST: * Avoid over-collection of
-   information by age verifiers * Avoid sharing information about
-   service usage with age verifiers * Avoid sharing information other
-   than age information with services * Minimise the amount of age
-   information shared with services (e.g., using age brackets) * Be
-   based upon publicly available specifications that have had adequate
-   security and privacy review to the level that Internet standards are
-   held to
+   of Internet infrastructure MUST:
+
+   *  Avoid over-collection of information by age verifiers
+
+   *  Avoid sharing information about service usage with age verifiers
+
+   *  Avoid sharing information other than age information with services
+
+   *  Minimise the amount of age information shared with services (e.g.,
+      using age brackets)
+
+   *  Be based upon publicly available specifications that have had
+      adequate security and privacy review to the level that Internet
+      standards are held to
 
    See also [PRIVACY].
 
@@ -246,10 +258,13 @@ Table of Contents
    suitable for Internet-wide deployment.
 
    Therefore, age restriction systems that are intended to become part
-   of Internet infrastructure MUST: * Avoid requiring hardware
-   capabilities not widely available in desktop and mobile computers
-   globally, both in terms of overall performance and specific features
-   * Avoid relying on a single mechanism for proving age
+   of Internet infrastructure MUST:
+
+   *  Avoid requiring hardware capabilities not widely available in
+      desktop and mobile computers globally, both in terms of overall
+      performance and specific features
+
+   *  Avoid relying on a single mechanism for proving age
 
 2.4.  Fragmentation
 
@@ -284,10 +299,14 @@ Table of Contents
    viability.
 
    Therefore, age restriction systems that are intended to become part
-   of Internet infrastructure MUST: * Be based upon internationally
-   recognised, open technical standards * Be based upon technical
-   standards that are voluntarily adopted by implementers * Be
-   coordinated across jurisdictions wherever feasible
+   of Internet infrastructure MUST:
+
+   *  Be based upon internationally recognised, open technical standards
+
+   *  Be based upon technical standards that are voluntarily adopted by
+      implementers
+
+   *  Be coordinated across jurisdictions wherever feasible
 
 2.5.  An Age-Gated Internet
 
@@ -306,9 +325,12 @@ Table of Contents
    offers more information about users.
 
    Therefore, age restriction systems that are intended to become part
-   of Internet infrastructure MUST: * Make the use of age restrictions
-   visible to end users * Have a structural disincentive for deployment
-   of age-gated services online
+   of Internet infrastructure MUST:
+
+   *  Make the use of age restrictions visible to end users
+
+   *  Have a structural disincentive for deployment of age-gated
+      services online
 
 3.  IANA Considerations
 
