(This is a follow-up question from How to make sure my website complies with things like COPPA?)
COPPA stands for Children's Online Privacy Protection Rule.
In their FAQ they say "yes, you can block children under 13 from visiting your website if you choose to" (assuming the website is not directed to children - and for the sake of this question, indeed it is not). Great! But later on they say that I should ask their age in a certain manner that confuses me.
Quoting FTC's COPPA FAQ:
G. GENERAL AUDIENCE, TEEN, AND MIXED-AUDIENCE SITES OR SERVICES
3. Can I block children under 13 from my general audience website or online service?
Yes. COPPA does not require you to permit children under age 13 to participate in your general audience website or online service, and you may block children from participating if you so choose. By contrast, you may not block children from participating in a website or online service that is directed to children as defined by the Rule. See FAQ D.2 above.
If you choose to block children under 13 on your general audience site or service, you should take care to design your age screen in a manner that does not encourage children to falsify their ages to gain access to your site or service. Ask age information in a neutral manner at the point at which you invite visitors to provide personal information or to create a user ID.
In designing a neutral age-screening mechanism, you should consider:
Making sure the data entry point allows users to enter their age accurately. An example of a neutral age-screen would be a system that allows a user freely to enter month, day, and year of birth. A site that includes a drop-down menu that only permits users to enter birth years making them 13 or older, would not be considered a neutral age-screening mechanism since children cannot enter their correct ages on that site.
Avoiding encouraging children to falsify their age information, for example, by stating that visitors under 13 cannot participate or should ask their parents before participating. In addition, simply including a check box stating, “I am over 12 years old” would not be considered a neutral age-screening mechanism.
In addition, consistent with long standing Commission advice, FTC staff recommends using a cookie to prevent children from back-buttoning to enter a different age. Note that if you ask participants to enter age information, and then you fail either to screen out children under age 13 or to obtain their parents’ consent to collecting these children’s personal information, you may be liable for violating COPPA. See, e.g., the FTC’s COPPA cases against Path, Inc., Playdom, Inc. and Sony BMG Music Entertainment.
This is looking weird to me. So I can block children under 13, but I can't tell them that?
Please re-read this part:
In addition, consistent with long standing Commission advice, FTC staff recommends using a cookie to prevent children from back-buttoning to enter a different age. Note that if you ask participants to enter age information, and then you fail either to screen out children under age 13 or to obtain their parents’ consent to collecting these children’s personal information, you may be liable for violating COPPA.
Their suggestion about using a cookie can be easily bypassed. For example: if a child tries to register and gets blocked for being too young, the child can use another computer and then claim to be older (this was just an example, there are thousands of ways to bypass that).
Then what is the correct way to block children under 13 to access my website and still comply with COPPA?
Note: I have read this question, and I think its answer might be incomplete, considering my question here.