You add draconian client-side enforcement via parent controls. You can even mandate that stores ask for whom the device will be and provision it accordingly with the flag being automatically removed in the future when the person is of age.
I don't think it'll need draconian enforcement, parental controls on iOS and Android can co-exist with Linux. Having the option to enable specific filters on a client side and requiring a pass-code or OS level permissions to change them seems like a realistic way to tackle this that doesn't end in dangerous government power concentration.
As always with security, perfect is the enemy of good. A good set of hard to change - for children - client-side filters would do wonders in terms of real improvement. As much as I'm tired of the LLM hype, they might actually be a good fit for such tasks.
I don't even understand what you're getting at; as if RBAC is an alien concept? Do you think everyone should have root access to any machine they touch?
It's the parent's computer and they have a right to put a password on the BIOS and a child lock on the system that forces these types of headers, with no available bypass for the child account. Or, if they do please, have the router filter any website outside of a whitelist without a password.
