So, if I understand right, basically they assume its correct unless given significant evidence otherwise?

That’s how it reads to me this morning. Assuming by “given” you meant “they have at all”.

So like, if this flag is enabled and I visit a website and don’t directly provide personal information, then they have to assume I am a child under CCPA and thus can’t share my data. Right?

Based on the CA AG’s page at www.oag.ca.gov/privacy/ccpa , I don’t see how “the browser reports the user as a child” gives a substantial additional burden on website developers. Presumably, the most they’d have to do to comply is use the flag to change “do you agree for yourself” to “PARENT OR GUARDIAN: Do you agree for the user of this account…”

I’m missing the part where an adult setting their age category incorrectly for themselves would do more than get a stronger porn block and a bunch of “go get your parent” pop-ups instead of “click here if you’re over 18.”

Presumably, if Microsoft and Google and Apple don’t get the Digital Age Assurance Act blocked in court, we could see a broad adoption of it as a way to skip paying for third-party age validation for sites like Reddit, BlueSky, and Lemmy, and all of the porn sites on the internet would just ask for the flag in lieu of their current “do we have a cookie where this user clicked that they’re at least 18” code.