> cat - 18+, prints the porn you found directly to your terminal.
Sound good in theory, until you realise that any teenager knows perfectly well how to trivially get around the lack of `cat` to read their terminal smut:
$ while read -r LINE; do echo $LINE; done <my_porn_file.sext
I'm not so sure, who knows what woke UEFI and edgy motherboard vendors are putting up as splash screens these days. And the law doesn't even consider those since they aren't part of the OS!
There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place." There are just too many examples. For instance:
- Microstamping requirements for guns—printing a unique barcode on every bullet casing (Glock gen3 cannot be retired, thus, the auto-mode switch bug cannot be patched...)
- 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems
- Now, you need to verify your age... on your microwave?
At this rate, California should just go back to the Stone Age. Modern technology is simply not compatible with clueless politicians who are more eager to virtue-signal than to solve any actual problems or even borther to study the subject about the law they are going to pass. There will be more and more technology restrictions (or outright bans on use) in California because it's becoming impossible to operate anything here without getting sued or running afoul of some overreaching regulation.
The incentives are all wrong. You can serve up to 6 two-year terms in the Assembly or up to 3 four-year terms in the Senate, but regardless of which combination you do, nobody in the California legislature can serve more than 12 years combined across both Houses of the legislature.
So we don’t have professional legislatures with long-term electability incentives or leadership goals, we have a resumé-building exercise that we call the legislature. They’re all interchangeable and within 12 years, 100% of it will be changed out.
> So we don’t have professional legislatures with long-term electability incentives or leadership goals
Raises an interesting question of who is less popular, the Californian government or the US Senate. The experiments with long-term professional legislatures have generally not been very promising - rather than statesmen it tends to be people with a certain limpet-like staying power and a limpet-like ability to learn from their mistakes. In almost all cases people's political solution is just "well we didn't try my idea hard enough" and increasing their tenure in office doesn't really help the overall situation.
That's a non sequitur. Creating long-term professional politicians is not going to create legislators competent in the various domains they legislate on. It's going to create politicians competent at being elected long term, whatever the means.
It is interesting that this is a mainstream existing thing in the US (at the state level), but more of a fringe proposal in the rest of the English-speaking world.
I think the answer may be that the difference in political systems (parliamentary vs presidential) and party systems (less two-party but with greater party discipline) solves many of the problems term limits are intended to solve in completely different ways.
Maybe a better answer would be for US states to adopt the parliamentary system? Although there is some debate about what the "republican form of government" clause means, it arguably doesn't rule out parliamentary republicanism, and Luther v Borden (1849) ruled the clause wasn't justiciable anyway. Added to that, the widespread practice in first half of the 19th century, in which governors were elected by state legislatures, was de facto the parliamentary system. I don't think there is any federal constitutional obstacle to trying this – it is just a political culture issue, it currently sits outside the state constitutional Overton window.
While you could adopt the Australia/Canada model of a figurehead state governor/lieutenant governor with a state premier, I think just having a premier but calling them "the governor" would be more feasible
Decisions should be made by people who are the most informed about the subject matter. By definition you cannot have someone who is the most informed about everything.
I’m more curious in the genesis of these laws, whether their sponsors received written suggestions or ghostwritten bills, etc. as a form of parallel construction.
It seems all at once, everywhere that many groups that have a vested interest in forcing precedent and compliance of non-anonymous access across the computer world. It smacks of something less-than-organic.
> This bill, sponsored by the International Centre for Missing and Exploited Children and Children Now, seeks to require device and operating systems manufacturers to develop an age assurance signal that will be sent to application developers informing them of the age-bracket of the user who is downloading their application or entering their website. Depending on the age range of the user, a parent or guardian will have to consent prior to the user being allowed access to the platform. The bill presents a potentially elegant solution to a vexing problem underpinning many efforts to protect children online. However, there are several details to be worked out on the bill to ensure technical feasibility and that it strikes the appropriate balance
between parental control and the autonomy of children, particularly older teens.
The bill is supported by several parents’ organizations, including Parents for School Options, Protect our Kids, and Parents Support for Online Learning. In addition, the TransLatin Coalition and The Source LGBT+ Center are in support. The bill is opposed by Oakland Privacy, TechNet, and Chamber of Progress.
This law doesn't do anything that prevents non-anonymous access. Here's how you would access things anonymously if you bought a new computer that implemented this.
1. When you set up your account and it asks for your birthdate, make up any date you want that is at least far enough in the past to indicate an age older that what any site you might use that checks age requires.
2. Access things the way you've always done. All that has changed is that things that care about age checks find out you claim to be old enough.
The only people it actually materially affects on your new computer are people who cannot set up their own accounts, such as children if you have set up permissions so they have to get you to make their accounts.
Then if you want you can enter a birthdate that gives an age that says non-adult, so sites that check age will block them.
From a privacy and anonymity perspective this is essentially equivalent to sites that ask "Are you 18+?" and let you in if you click "yes" and block you if you click "no". It is just doing the asking locally and caching the result.
> It seems all at once, everywhere that many groups that have a vested interest in forcing precedent and compliance of non-anonymous access across the computer world. It smacks of something less-than-organic.
I think you’ve nailed it here. How many of these people campaigned on this issue? Where were the grassroots to push this? Where did this even come from?
Somebody, somewhere - with a heck of a lot of money - wants to see this happen. And I don’t think they have good intentions with it.
Conservatives discovered a cheat code to get: (a) people to have to identify on the computer everywhere and (b) control what they can do with and without this identification.
Death threats mainly. Personally I think it would be easier if they just made it so that platforms ran a tiny LLM against the content that will be posted - determined if it is a death threat, then require them to be identified before it's posted, then it would solve a lot of these problems.
TLDR: Evil people be doxxed internally not everyone.
The California part is partially to highlight the fact that its a very liberal state and this is the kind of laws that liberals pass, but people fail to realize that all of these laws come from Republican lawmakers, as there are plenty of right wing people in California.
> they pass laws to regulate things they have zero clue about
While you are correct with this statement in this context, I would say it applies to most things in government in general.
The vast majority of lawmakers have zero experience solving any real world problems and are content spending everyone else's money to play pretend at doing so.
The reality is, most government "solutions" cause more problems than they solve, after which, they blame their predecessors for all the problems they caused and the cycle continues.
> The reality is, most government "solutions" cause more problems than they solve
The "reality" is that propaganda heavily encourages you to ignore the government successes and only focus on the failures. I'll leave it as an exercise for the reader to determine who benefits from that.
I see Massachusetts as sort of the non-insane liberal counterpoint to California.
Things work here and nobody seems to be passing the "oops my unintended side effects and clueless regulations messed things up horribly." Or, if they do, it is at something like 1/10th the level.
We didn't start warning label spam everywhere. We don't have weird propositions that are causing run-away housing prices. There aren't bar codes on our 3d printers, or cookie banner requirements on every website. Well, ok we do, but that nonsense all came in from other places.
We did pass laws to lower PFAS/PFOAS. That seems reasonable. Government can work.
most government "solutions" cause more problems than they solve
Zero basis in fact. We’re in the wealthiest nation on the planet. Most of us live better than any previous generation. To claim all that success is completely in spite of government is ridiculous.
It's true, and yet there are real market failures that even a very ineffective government can improve on dramatically, like innovation & research output via basic science.
> - Microstamping requirements for guns—printing a unique barcode on every bullet casing (Glock gen3 cannot be retired, thus, the auto-mode switch bug cannot be patched...)
I don't know much about guns, but I assume that would be on the hammer? Couldn't you remove that "microstamping" by lightly filing down the hammer or just using it a bunch and causing some wear?
For most modern guns, it would be the firing pin, also called the "striker". Nobody manufactures microstamped guns, but if they did, the striker is a $20 part you can replace in ten minutes - or you could just spend half an hour on target practice at your local range, because 200 rounds are apparently enough to wear the etching down to illegibility.
It's not a coincidence the equally clueless citizens are asking for these laws. Like in business, sometimes it's better to do "some thing" when you're not smart enough to do the right thing. Maybe you get there, maybe you don't, but inaction is not looked upon kindly.
i did not even think of that! As the current law reads, will smart devices with OSes require age verification? Many IoTs are just tiny Linux versions running on a small processor. This makes all smart GE washing machines, dryers and refrigerators illegal in California.
come to think of it, maybe there is something good about this law. :D
And what part makes you think you need to verify your age, as opposed to just specifying it? Nobody is requiring any verification. The only requirement is on there being an interface for you to input whatever age you want to input.
So essentially California is becoming more and more like EU? It's curious to see how it pans out. Maybe EU's model turns out to be better than a more laissez-faire world like the US. Who knows.
What's even more curious is that the California voters seem not care at all. As long as the government can collect more taxes with more altruistic slogans, the voters will stay happy.
Some people think all problems should be fixed with regulation.
Some people think all problems should be fixed with free market / responsibility.
California and liberals tend to lean to the former. A place like Texas and conservatives tend to lean to the latter.
I think both camps are crazy because it’s a case-by-case basis where you need to consider second and third order effects. But man talk to a die hard regulation supporter or die hard free market supporter and you just want to say “the world isn’t just simple rules like that.”
Democracy rewards mass appeal, and that in turn encourages demagoguery and gives a platform for stupidity. It's been an unavoidable problem with the system since Athens.
What I'm reading of this law is that it requires OS developers to require users select their age (really their age bracket) when making a user account, and an interface for applications/websites to read that user-provided field. I.e. not age verification, but just a standard way to identify if a user is on a child account. If that understanding is correct, how is this bad at all? It's a way to put to rest people's concerns and pearl-clutching over children accessing adult content without every individual app and service provider contracting with Palantir to scan you and guess your age. Instead they can just read the IsAdult header and call it a day. What's the cost to user-freedom? You have to be presented a Date of Birth field or I Am an Adult / Teen / Child selector when setting up a device... a thing that every operating system impacted by this law already does.
> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
Developers are still liable if they have reason to believe someone is underage, even if the age signal says otherwise.
The only way to truly minimize that liability is forcing users to scan their faces and IDs, that is why age verification systems are already implemented that way.
Why should it be law? I am a developer in California, and a long time Linux nerd. If I were to release a hobby on my GitHub for fun, without age verification, am I now subject to fines? Imprisonment? Why should their be a legal requirement?
How is this good at all for a free society? You are basically making a "what about the children?" argument. its the parent job to protect their children. why should anyone suffer this b.s.?
Yeah, the commercial firms invented them all on their own just to keep tracking customers and oversharing whatever data they gather with random third parties while still getting to complain about stupid laws that require them to do so [0].
A Spanish venture-backed firm is developing some vaporware called Print&Go and has convinced the NY DA's office that it'll permanently solve the Luigi problem.
The best part? This company is drooling at the possibility of getting a permanent rent-seeking license for printers they didn't design, for nonexistent vaporware software that reduces its capabilities.
They frame it as "enhancing 3D printer capabilities," the way a slaveowner would frame putting chains on a slave's wrists as an "employee retention innovation."
Is everyone involved with promoting this software and these laws lying? Of course.
Headline is wrong, and you didn't read the article. There is no verification requirement. You are a bad HN poster and should feel bad.
All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.
> There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place."
There's an obvious theme with HN posters about politics—they make cheap drive-by comments about regulations they have zero clue about, based on articles they haven't actually read, cheer for themselves, and declare, "There! I've shown why I'm smarter than all these politics people."
> All this does is require the user to select a non-verified age bracket on first boot.
This is the age verification requirement which you rudely and incorrectly said doesn't exist. Nothing is done with the data (for now) but age is in fact verified on the assumption that the user doesn't lie.
Instead of lengthy condescending missives about the behavior of other users, you should instead write "I'm sorry for being negative and bringing down the quality of discussion."
There is a name for it, feel good policies and cali is not unique.
People who dont understand the problem must pass a solution that makes people feel good. Clean needles, homeless hotels, etc. If they dont make things worse, that is a win.
Eh, sounds kinda reasonable. Ammo already has unique serial numbers embedded in the butt of every cartridge (in some countries, not sure about the US), and guns do leave somewhat unique marks on the bullets upon firing so... sure, why not. Surprised it took that long TBF, the necessary technology has been commercially available since the early 90s, I think?
> 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems
Yeah, this one's seems unnecessary. Is weapon manufacturing without a license a crime? If yes, then whoever 3D-prints a gun can be prosecuted normally.
> Now, you need to verify your age... on your microwave?
Or on your gas stove. A travesty, really: I was taught how to operate a stove when I was in the second grade and never burned any houses down, thank you very much.
The micro stamping law is in no way reasonable because removing the micro stamping from the end of a firing pin is laughably trivial. The only people who won’t do this are people who weren’t going to break the law in the first place.
Even people who didn’t want to break the law might find themselves on the receiving end of law-enforcement if the firing pin wears such that the micro stamping is no longer identifiable.
The micro stamping law does nothing to prevent the flow of guns to people who should not have them, and does everything to prevent the use or purchase of guns by people who can lawfully own them - which is the whole point of a law like this. The people who make these laws are well aware of this.
The age verification law, coupled with the proposed hardware attestation that our good friend Lennart poettering is working on will ensure that anonymity on the Internet is gone. This is precisely what lawmakers are aiming for. And just like the micro stamping law, the intent of the law is not the literal word of the law.
I'm, again, glad to run linux. The distro I run has no affiliated online "account" at all, and I would expect this exempts it from the requirement.
I'm no democrat, although I'm sure as hell no republican, and as a resident of the state, I'm also a routine critic of the California state government.
I agree that a lot of their activities are indeed, performance art in nature.
However I do agree with the identification requirements on guns and ammo.
You can't shoot someone with a computer, no matter what OS you run.
The idea that lethal weaponry is the same as any other consumer product is just not accurate.
Political office in general attracts the sort of people who like the "performance art" parts of it. It doesn't attract the sorts of people who like "getting things done" because the political process by design moves at a snail's pace, and if you actually solved problems you would remove issues run on in the next campaign.
This doesn't have anything to do with democrats and republicans, considering that this bill passed unanimously through every committee and both chambers.
It's about as easy to restrict the proliferation of firearms and ammunition as it is to restrict the proliferation of open source software. Anyone can make functional firearms out of supplies from any hardware store, this is true regardless of how many laws you pass. Look at the weapon that was used to assassinate Shinzo Abe. That was manufactured and used in a country with gun control laws that basically make California's gun control look indistinguishable from Texas. No number of laws have ever or will ever stop criminals with a rudimentary grasp of basic physics and basic chemistry.
You can't put the genie of firearms back in the bottle any more than Hollywood can put the genie of p2p file sharing back in the bottle. Trying to do so is like trying to unscramble eggs. It doesn't matter how valid your desires or justifications for attempting to so are, it's an act of banging your own head against the cold, hard wall of reality.
> You can't shoot someone with a computer, no matter what OS you run.
No, you can just target-lock them. The computer database (and now, LLM) is probably the biggest threat to freedom in existence. You can keep your popgun. They'll know where it is, and come with bigger ones.
China be doing some pretty heavy-duty damage with computers, but age-gates won't stop them.
I think they demonstrate a welcome and sophisticated understanding of technology. Their solution to age verification maximizes privacy by not sending any data off the computer besides a simple signal of age category (if I understand the design). They show more sophistication than the parent commment:
> 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems
Color scanners and printers have long had algorithms to recognize currency and prevent its reproduction, implemented with the technology of decades ago. It seems relatively simple to implement gun part recognition today, especially with the recent leap in image recognition capability.
(Rants and takedowns, IME, may entertain fellow believers, but signal a comment that's going to go well beyond any facts.)
3d shape classification is different from matching a set of well-known, mostly fixed patterns (like eurion constellation) necessary to detect currency.
With 3d shapes of non-governmental origin this is at best difficult and at worst intractable. Consider the fact that many parts of a gun can be split into multiple printable pieces to be later assembled, making it very nontrivial to decipher the role of the shape.
With currency, the government has the controls for the supply of the target shape (it can encode hidden signals onto banknotes) and effectively controls the relroduction side (through the pressure on printer manufacturers). But it cannot control the supply of gun-part-shapes (it is not the only source for it), and since the problem is likely intractable - neither can it enforce the control on the 3d printing side.
Paper money being almost non-fungible is a great achievement, but is it as easy to make any mesh nonfungible as well?
> It seems relatively simple to implement gun part recognition today, especially with the recent leap in image recognition capability
And it's sits fine with you because you are the one who wouldn't pay the price for this "simple image recognition capability". Except you would pay of course, indirectly but at least you wouldn't know for sure so your conscience would feel at ease.
Reaction 1: how would this even work with embedded systems that have no UI to input this data?
Reaction 2: it's open source, make the lawmakers do submit the changes.
Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions, or even older versions of distributions? When there's no exchange of money, a law like this is seems like it would be suppression of free speech.
Reaction 4: Someone needs to maliciously comply, in advance, on all California government systems. Shutdown the phones, the Wi-Fi, the building access systems, their Web servers, data centers, alarm systems, payroll, stop lights, everything running any operating system. Get everyone to do it on the same day as an OS boycott. And don't turn things back on until the law is repealed.
While there are some enforcement questions here, especially around non commercial OSes, most of your reactions are clearly based on the headline alone.
It defines operating system in the law. This wouldn’t apply to embedded systems and WiFi routers and traffic lights and all those things. It applies to operating systems that work with associated app stores on general purpose computers or mobile phones or game consoles. That’s it.
Enforcement applies as civil fines per-child usage. So no suppression of speech by banning distribution.
(Also it’s not age verification really, it’s just a prompt that asks for your age to share as a system API for apps from above app store, no verification required)
It defines the following terms: "account holder", "age bracket data", "application", "child", "covered application store", "developer", "operating system provider", "signal", and "user".
> This wouldn’t apply to embedded systems and WiFi routers and traffic lights and all those things. It applies to operating systems that work with associated app stores on general purpose computers or mobile phones or game consoles.
Presumably, this based on reading the language that in the definition of "operating system developer", and then for some reason adding in "game consoles" (the actual language in both of those includes "a computer, mobile device, or any other general purpose computing [device".
(I've also rarely seen such a poorly-crafted set of definitions; the definitions in the law are in several places logically inconsistent with the provisions in which they are applied, and in other places circular on their own or by way of mutual reference to other terms defined in the law, such that you cannot actually identify what the definitions include without first starting with knowledge of what they include.)
" It applies to operating systems that work with associated app stores on general purpose computers or mobile phones or game consoles. That’s it"
Everything is a general purpose computer. Just look at how many things have been made to run doom. I haven't read the law specifically but if it actually does say this then that language is useless and means practically everything.
> (Also it’s not age verification really, it’s just a prompt that asks for your age to share as a system API for apps from above app store, no verification required)
It's not enough to adhere to the age signal:
> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
Developers are still burdened with additional liability if they have reason to believe users are underage, even if their age flag says otherwise.
The only way to mitigate this liability is to confirm your users are of age with facial and ID scans, that is why age verification systems are implemented that way: doing so minimizes liability for developers/providers and it's cheap.
Is a repository on a linux machine an app store? Are custom repositories app stores? Does this mean that now most automated deployments are now not automated? If they can be automated, does that mean that having the automation by default makes sense?
The language in the bill says operating system “or” application store. Isn't that then implying any operating system that would download applications, even if it doesn’t come from a store. But IANAL.
Seems to me this would include TVs, cars, smart devices, etc. The Colorado version of this bill excludes devices used for physical purchase, so your gas pumps and POS systems would be excluded in CO. But I didn’t see that in the CA bill.
They’re both overly broad, ill-considered, frankly terrible bills that make as much sense as putting your birthday into a brewery site or Steam. Enter your birthday and we trust you. Now do that for every single one of those 100 VMs you just deployed…
Continually surprised by politicians wanting an OS to do what a parent should be doing. Why not just mandate that all devices with access control capabilities implement parental controls, and then mandate that all adults enable controls before handing a device to a minor? For devices that are incapable of user access control, the same rules as a knife, chainsaw or gun apply.
Only wealthy parents (upper middle class or better) have the time or energy to do anything other than work, put food on the table, and do basic child care.
Most parents lack the technical expertise to police digital devices.
This isn’t so heavy handed. The purpose of age signaling is so that a parent can set in one place an age, and then federal privacy protections under COPPA and state protections under the AADC kick in.
The big three will love this. They'll implement the feature, then they get to dob in Linux and friends and get them buried in regulatory lawsuits.
All three already have identity linked accounts. Windows practically shoves it down your throat on install, for example. They'll love the excuse to finally disallow web-free accounts.
> I doubt the california legislature knows what a Linux even is.
All Congress critters have staff to help write the bills and fill out the policy. You can bet your sweet bippy that there are people on staff in the California legislature who know what a Linux even is.
Exactly. This is obviously targeted at these three, and in those cases will be a massive improvement over forcing every site operator to start collecting photo ID.
> Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions, or even older versions of distributions? When there's no exchange of money, a law like this is seems like it would be suppression of free speech.
That's not what will happen. We've already seen examples of what will happen. So let me just list them instead:
1. The Secure Boot chain for UEFI initially mandated that only OS that were signed by Microsoft would be allowed to boot on PCs where SB is enabled. This was partially rolled back after public backlash.
2. iOS devices and majority of Android devices already don't allow you to install an alternate OS or distro.
3. Platform attestation proposals like Web Environment Integrity and its Android version.
4. Mandate that every developer must register with and pay an MNC to be able to release any app on their platforms.
Basically, they'll just take away your ability to control your device in any way. Don't be surprised if it turns out that these MNCs were behind such legislations. But this legislation is especially dangerous in that it will effectively kill user-controlled general-purpose computing, even from vendors like Pine64, Framework, System76, Fairphone and Purism who are willing to offer those.
Considering the amount of damage caused by these sort of legislative BS, those who propose and vote for such bills should be investigated publicly for corruption, conflict of interests and potential treason. They should be forced to divulge any relationship, directly or indirectly, with the benefactors of these bills. On the other side, rich corporations should be banned from 'lobbying' or bribery more appropriately, in matters that they have a stake in. And they should have stiff penalties for any violations. Not those couple of million dollar slaps on their wrist. At least 5% of their annual global profits, incarceration of top executives and breaking up the company. There has to be a consequence that's uncomfortable enough, for any fairness to be reestablished. This should apply even more for those professional lobbying firms and 'industry advocacy groups'.
People also need to start strongly opposing, rejecting and condemning justifications like this that rely on the cliche tropes of CSAM, terrorism, public safety, national security, etc. None of those measures are necessary or even useful in preventing any of those. Insistence on the contrary should be treated as an admission of inability and incompetence of the respective authorities in tackling the problem. In fact, why do they assume that kids, especially teens, are unimaginative and incapable of working around the problem? They should at least be starting with awareness campaigns to get the kids and the parents on their side and empower parents to enforce parental controls, instead of reaching for such despotic measure right away. This is like banning drugs before the problem of drug addiction is addressed. Black markets exist, even for cyberspace. It will just make the problem a whole lot worse.
And finally, don't let people without clearly proven vested interests anywhere near such regulations. And choose professionals or at least competent people for taking such decisions. You can't rein in this attack on ordinary people without stemming the uncontrolled corruption in the public offices that deal with it.
>> An operating system provider shall [...] provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user [...]
>> “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
Your hypothetical "embedded system" almost certainly neither has an account setup process in the first place, nor is it a general-purpose computing device, a mobile phone, or a computer.
> Reaction 3: how would this ever be enforced?
Pretty easily? They enforce it against the OS vendor for not providing such a process. They aren't enforcing the correctness of the age, nor are they claiming to.
> Someone needs to maliciously comply, in advance, on all California government systems.
...what? This is a law demanding compliance from OS vendors. Whose compliance is it even demanding in government systems for them to be malicious about it?
This term doesn't seem defined in the law at all. How general is general?
Graphing calculators that support apps and Python? Of course, they don't usually have "accounts" either. But to a technologist it's a "general purpose computer" insofar as it can run new code that the user loads into it, it can definitely run games that it didn't come from the factory with, etc. It's a tiny multipurpose computing device.
> Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions
They can outlaw you from using those distributions and/or scare the maintainers so there won't be distributions anymore. And if you want to use a desktop computer rent one from an hyperscaler, tied to a credit card and access it from a tablet with age verification. I don't know if I should add /s
Ignoring all the tedious 'no, you're a bad person for having different priorities and beliefs to me' comments that this will inevitably inspire, I have to ask: why does the operating system need to be involved in this? The intended target of the regulation seems to be app stores.
I think the answer is quite simply: Follow the money. General-purpose computing is scary to big, soulless corporations. They want you to rely on them, not to be able to do stuff yourself. (They want to keep that power for themselves.)
Age verification is the quickest road to ending general-purpose computing, because it plays on people's knee-jerk emotions. It won't do it by itself, but it'll goes a long way towards it.
> why does the operating system need to be involved in this?
The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.
Let say the the age questions happen when you install the app store. That means if you can install the app store while logged in as the child account the child can answer whatever they want and get access to apps out side of their age range. The law could require the app to be installable and configurable from a different account then given access or installed on the child account, however at a glance that seem a larger hurdle than an os/account level parental control features.
The headline calls this age verification, but the quote in the article "(2) Provide a developer who...years of age." Make it sound way different and much more reasonable than what discord is doing.
I would much rather have OSs be mandated with parental control features than what discord is currently doing. I am going to read the bill later but here is how discord age verification could work under this law.
During account creation discord access a browser level api and verifies it server side. discord no knows if the OS account is label as for someone under 13 years, over 13 and under 16, over 16 and under 18, or over 18. Then sets their discord account with the appropriate access.
No face scan, no third party, and no government ID required.
> The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.
That sounds like an OS feature that parents would like to have. Probably has some market value. Maybe just let the market figure that one out.
Or, we could have an overbroad law passed that torpedoes every open-source OS in existence. If I were MS, Google, or Apple, that'd be a great side benefit of this law. Heck, they probably already have this functionality in place.
The problem here is legally-mandated age verification, not where it is placed (although forcing it into all OSes is absolutely ...). The gains are minimal for children and the losses are gigantic for children and adults. I'm not keen to have children avoid blisters by cutting off their feet.
Put control back with the parents. Let them buy tech that restricts their children's access. This law doesn't protect children from the mountains of damaging content online.
And let all the adults run Linux if they want to without requiring Torvalds to put some kind of age question in the kernel and needing `ls` to check it every single run.
I agree. The headline says "all operating systems, including Linux, need to have some form of age verification at account setup", which is pretty inaccurate.
It's just asking for some OS feature to report age. There's no verification during account setup. The app store or whatever will be doing verification by asking the OS. Still dumb to write this into law, but maybe not a bad way to handle the whole age verification panic we're going through.
Because it's the lowest common denominator between the user and every online interaction. The bill basically says provide a date-of-birth as metadata to accounts and provide an API to query the age bracket, not even the age, of the user to applications. It's a privacy-aware, mostly reasonable approach that shifts responsibility to the owner/administrator of a device to enforce it. It's basically just mandating parental controls.
I'm trying to understand how this is even a bad thing. Where is the privacy invading verification? Surely a given OS can implement the API response however it wants? If you're root, tell me your age. If you're not, (a child account), the admin (their parent) sets the age. Seems fine?
Companies like OpenAI are advocating for this because it shifts the burden of responsibility off them. They don’t have to age verifying Microsoft is handling that for them.
As a startup owner, if there has to be age verification, then I'm all for doing that at the OS level. As a human with privacy concerns, I'll continue using Linux.
Arguably the operating system (or potentially the user-agent) is the exact place to do this.
What I don't get is why it can't just all be client side. An app will just signal "I am going to show 16+ information" and the OS will either show it or not show it. No need to communicate anything.
Giving people the choice to limit a device for their children is okay by me.
I don't know, but arguably the OS version is better for privacy, as each app can just trust the signal sent by the OS instead of collecting a bunch of personal/biometric data.
until they decide that the OS now needs to collect a bunch of personal/biometric data to avoid people lying about their age or tricking the OS into sending a different signal than the OS should.
> why does the operating system need to be involved in this?
Well, the politicians probably meant to say “Apple, Google, Microsoft, plus maybe Sony and Nintendo”
i.e. the companies that already have biometrics, nigh-mandatory user accounts, app stores linked to real identities, parental controls, locked down attested kernels, and so on.
If phones had workable parental controls that let parents opt their kid into censorship, that’s better than the give-your-passport-to-the-porn-site approach the UK have taken.
Of course if they have applied it to every OS, not just the big corporate-controlled options, that’s a dumb choice.
The law defines an operating system provider as "a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general computing device." If the intent were to target mobile vendors or app store vendors, I would be fine with it, but that's not the text. Of course it's the case that US lawmakers often write incoherent or extremely onerous legislation and then turn around and say, like, "Oh that's obviously not what we actually meant. We don't know what any of this stuff is, it just sounded good."
Because that's the first layer that deals with user accounts, and subsequent layers commonly base off of identity information stored in there. Just like how and why every other shared interface exists.
The goal is to lock down anonymous computing and increase control of government and reach of the surveillance state. It isn’t to save little Billy from seeing a titty.
The operating system needs to be involved because its the easiest set of actors to penalize for non-compliance.
There are essentially two desktop operating systems, Windows and macOS. Linux is a decimal point and too fractured to worry about.
There are essentially two mobile operating systems, Android and iOS. And while Android is fractured, Google still has reasonable control they can exert.
This is (weirdly) the smart way to do this type of law.
Make the consumer OS providers add an age signal. That property can be bound to an account with the inability to change it.
Behold, "universal enough" parental controls which will require only a handful of lawsuits to litigate.
Skimming the actual text of the law[1], I don't see anything particularly objectionable. Basically it requires a toggle when creating/editing a local user account that signals "this user is/is not a child". Applications could then tailor their content for child/not child audiences.
Which isn't to suggest that it's a good law, just not really "age verification".
> good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages
could easily be read as meaning "facial recognition technology exists and is available, not using it is a business decision, failure to use it removes the good faith protection".
If the lawmakers didn't intend this, then they didn't need to add all the wiggle words that'll let the courts expand the scope of this law.
My first reaction is that this is an insanely bad law:
* The signal has to be made available to both apps and websites
* So if you dutifully input valid ages for your computer users, now any groomer with a website or an app can find out who's a kid and who isn't. You just put a target on your kid's back.
* A fair share of parents will realize this, and in order to protect their children, will willfully noncomply. So now we'll have a bunch of kids surfing the net with a flag saying they're an adult and it's okay to show them adult content.
* Some apps/websites will end up relying on this signal instead of some real age verification, which means that in places like porn sites where there's a decent argument for blocking access from kids, it'll get harder. Or your kid will get random porn ads on websites or something.
So basically unless this thing is thrown out by the courts, California lawmakers have just increased the number of kids who get groomed and the number of kids who get shown porn.
I'm not sure what the solution is, but to steel man a bit, the alternative is kids have access to all the adult spaces, where they will be groomed. A website/app serving grooming content to a kid is just so incredibly unlikely compared to a kid being groomed as the result of having unrestricted access.
Since I do not see a solution, and you see identifying children as a risk, what do you see as a solution for kids being in the same spaces as adults? Do you see a reasonable implementation to separate them, that doesn't have the "we know which accounts are children" problem? Maybe there's something in between?
Also, I think it's important to understand the life of a modern child, who's in front of a screen 7.5 hours a day on average [1], with that increasingly being social media, half having unrestricted access to the internet [2].
I hate government control/nanny state, but I think 5 year olds watching gore websites, watching other children die for fun, is probably not ok (I saw this at the dentist). People are really stupid, and many parents are really shitty. What do you do? Maybe nothing is the answer?
Instead, websites should voluntarily put content ratings on their own stuff--most would because either they don't intend to harm children, or from societal pressure.
Then, software on the user's computer can filter without revealing any information about the user.
> So if you dutifully input valid ages for your computer users, now any groomer with a website or an app can find out who's a kid and who isn't. You just put a target on your kid's back.
I'm not going to say that's impossible but the number of sites that do the right thing and reduce risk are going to vastly outnumber that. And 90% of those kids already have targets on their backs by virtue of the sites they visit.
> [..] requires an account holder to _indicate_ [..]
i.e. this doesn't require age verification at all
just a user profile age property
> [..] interface that identifies, at a minimum, which of the following _categories_ pertains to the user [..]
so you have to give apps and similar a 13+,16+,18+,21+ hint (for US)
if combined with parent controls and reasonably implemented this can archive pretty much anything you need "causal" age verification for
- without any identification of the person, its just an age setting and parent controls do allow parents to make sure it's correct
- without face scans or similar AI
- without device attestation/non open operating systems/hardware
like any such things, it should have some added constraints (e.g. "for products sold with preinstalled operating system", "personal OS only" etc.)
but this gets surprisingly close to allowing "good enough privacy respecting" age verification
the main risk I see is that
- I might have missed some bad parts parts
- companies like MS, Google, Apple have interest in pushing malicious "industry" standards which are over-enginered, involve stuff like device attestation and IRL-persona identification to create an artificial moat/lock out of any "open/cost free" OS competition (i.e. Linux Desktop, people installing their own OS etc.).
---
"causal" age verification == for games, porn etc. not for opening a bank account, taking a loan etc. But all of that need full IRL person identification anyway so we can ignore it's use case for any child protection age verification law
----
it's still not perfect, by asking every day daily used software can find the birthdate. But vendors could take additional steps to reduce this risk in various ways, through never perfect. But nothing is perfekt.
---
Enforcement is also easy:
Any company _selling_ in California has to comply, any other case is a niche product and for now doesn't matter anyway in the large picture.
> i.e. this doesn't require age verification at all, just a user profile age property
This is usually how they do it though. First make a dumb law with poor enforcement. People don't push back about it because it obviously won't be enforced. Wait a bit, then say "people are flagrantly violating this law, we need better enforcement". At that point it's a lot harder to say "it shouldn't be a law at all!" because nobody complained when it was brought into law.
Isn’t it more of a reflection of the current law? Age gates have long been self service (e.g., “enter your birthday”), and we have laws on the books for quite some time barring minors.
There is certainly a risk of what you’re describing with KYC tech that coming online, but I don’t know if that means it will happen.
To play devils advocate; It’s a reasonable demand from parents to control what their children are exposed to. This seems to support that.
Uh, your slippery slope argument ignores the part where websites, discord, british things, etc are literally already trying to require facial pictures, license scans, even videos of your body.
It's not privacy-respecting at all to create some side channel between your browser and OS to transmit some information about a "user profile." If this were about browser vendors it might make sense but they're targeting operating systems (presumably for the malicious vendor lock-in type of reasons you cite? idk, it's strange). I would like someone to explain how this would even be implemented securely. It's certainly non-trivial.
Sounds to me that this is how kids learn to spin their own operating systems (a la LFS, Gentoo)and apps.
This is how people bought personal computers when the mainframe priesthood banned them.
It appears that very soon, young people will "de facto" need to have this level of competence in order to survive and thrive in a world of "in loco parentis" operating systems and apps.
The latin reveals my age, but one thing about my age:
People my age did exactly that. We built our own hardware when there was none. We compiled (or copied) operating systems and apps. A couple of my friends wrote an operating system and a C compiler.
"My generation" created this entire internet thingy, installed and web-based apps.
Indeed, dumb-asses are going to level up young people.
Meanwhile, all available hardware will only allow attested operating systems that conform to regulations. All hardware that does not conform will be illegal.
Before they do this, it will be easy to lock the internet to only allow attested operating systems online.
I'm sure Xers and millennials are totally going to be okay with a visit from the school cop when their little one is caught with an illegal operating system and looking at charges that could ruin their college and job prospects.
The cheap money will run out long before then, the cop will leave, the school abandoned. There will be forever protests and skirmishes on the long march through collapse.
As noted at the end of the article, I suspect the impact for many OS's is going to be that they add a line in the fine print somewhere saying not for use in California.
You're assuming they don't want this just as much as the government. Still feel fine about self-installed Linux, but every OS and device we don't have control over, even ones powered by Linux, will be very happy to include it, assuming it's not too difficult to add.
Bill text appears to be a copy/paste from a similar Colorado bill that just made the rounds. Methinks there's a special interest group trying to ram this garbage through a bunch of state legislatures.
Stallman has always been right. It's mind boggling just how right he was about everything.
The narratives are changing. All these locks and controls used to be about curbing copyright infringement. Now that AI has more or less rendered copyright irrelevant it's turned into a straight up attempt to control the population. They're barely even making excuses anymore.
> Stallman has always been right. It's mind boggling just how right he was about everything.
Mind boggling right about not allowing GCC to be used as a library, his comments on Jeffrey Esptein, a refusal to in any way compromise (e.g. the GNU/Linux meme), etc...
Oh and a recognition that free software, while nice, does not in any way solve the underlying issues he claims it does. Similarly to how letting everyone walk around their local water treatment facility and perform chemical tests doesn't really work and instead the state regulates and hires experts to monitor the water supply...
> (g) This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains.
So, this makes desktop Linux illegal, but all the software-as-a-service like Microsoft Azure and OpenAI get off scott-free?
Free computers are too subversive. If left unchecked, they can wipe out entire sectors of the economy, and with cryptography they can defeat police, judges, spies, militaries.
The sentence you quoted says that folks who are required to comply with the law are not also required to ensure that the person currently using the device or application is the same one who entered their age or birth date into the OS's "how old are you?" database. [0]
It is true that this law is as bad as the recent Oklahoma one for small, non-corporate Linux distros... but that sentence you quoted has nothing to do with that problem.
[0] If we were speaking in person, I'd love to have you walk me through that sentence and explain to me, piece by piece, how you came to the conclusion that you did. Doing it remotely like this would be too tedious.
Alcohol is harmful, and you want to prevent minors from obtaining it without parental supervision. Do you pass a law requiring every car to log the age of every occupant in case the driver drives to an establishment that sells alcohol? No, that's stupid. You require the person providing the alcohol to check age only when they are about to hand over the alcohol. Until someone actually attempt to access alcohol, they should not be asked their age.
Now exchange "car" for "OS" and "alcohol" for "age-sensitive content"
Letting someone look at a date on an ID to 2 seconds is a lot lower stakes than handing over a scan of your license, face, and who knows what else, to hundreds of companies that will do god knows what with it.
To your point, a user shouldn’t be forced to put in age details just to use an OS. That said, if an OS can send a simple Boolean to an app/site if the user is over 18 or not, I’m guessing more people would rather opt into that system vs handing over extensive details to each and every vendor who asks.
As a person in my 40s, with no kids in my house, I find all of this absurd. Let parents install some nanny software if they want, don’t force it on everyone and use “protecting children” as the scapegoat.
How wouldn't this also apply to things like useradd(8) or simply automated user account setup, e.g. like cups, sshd, etc? Do we need to add this to vi for use in vipw on UNIX?
Worse. Google has to add this to all the machines in their data centers? Imagine the expansion of DevOps BS this will enable:
Vendors will need support stuff like "account holder is 12msec old, and can access adult content". They can even create a special certification for it.
useradd has the Other category at setup. Could you argue that anything which allows arbitrary text information to be input into a user account that could be passed on to other applications technically fulfills the requirement, as the user could indicate age on the account?
The way people ask for things like this is "Young people shouldn't be allowed to do X" and "Websites shouldn't be allowed to collect user data to determine if the people are underage" and so on. The intersection of all the things that "tax paying citizens" want is usually something patently absurd.
I think it's one peg below intel agencies. It's the local gov agencies that want that power. The 3 letter peeps can already tell who writes what, both at scale and targeted.
Interesting theory considering that this California approach does not de-anonymize you, and the approach Germany is working on, as part of an EU wide effort, also does not de-anonymize you.
Certain politicians that are concerned about "the young people are being radicalized online" about certain topics, uncomfortable to said politicians (left / right dialectic doesn't matter, especially not in America). They know that their monopoly over brainwashing children in public schools matters a lot. So, their solution is to shut off any access to any site where you can discuss topics anonymously by forcing more and more regulation to shut down said sites.
Yes, yes, free speech and everything, you just have to first give the OS your phone number, credit card number, drink a verification can and please also... you do want to still keep your job, right?
It's not clear that this applies where the "operating system provider" does not have "accounts". Linux should be OK, but "Ubuntu One" might have problems.
It's a good reason not to put cloud dependencies into things.
this is why I am building a communications software that has no concept of accounts, devices can connect and keys are generated on device and blind to relaying/directing server/network. people can only connect directly with other people/devices. there is no concept of lists of people/devices to connect to, you need to know someone/have access to the device to connect.
no accounts to compromise. no passwords to remember. end point devices control their connectivity. no vpn needed to connect, no intermediary to see all traffic and peer traffic is specifically what is needed/allowed/requested, not a wide open network connection/accounts to be compromised
The bill doesn't define "accounts", so it's entirely possible local users that a human signs into would count.
The saving grace is that obviously they have no idea what a Linux distribution is, and only the Attorney General can bring action, so there isn't much risk of the AG suing Debian.
I've taken trips to California in the past for both personal and professional reasons. I'm seriously reconsidering whether I'll do that again in the future.
What happens if I bring a laptop with an "illegal" OS without this unwanted "feature" into the state? Will I be denied access to public wifi in hotels and restaurants? Or will it grant me access, but snitch on me -- make a call to the state police to come deal with someone with an illegal laptop? Will I be forced to install a different OS while a police officer watches? Will my laptop be confiscated and destroyed as contraband? Will I be thrown in a California prison?
> 1798.503. (a) A person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation or not more than seven thousand five hundred dollars ($7,500) per affected child for each intentional violation, which shall be assessed and recovered only in a civil action brought in the name of the people of the State of California by the Attorney General.
And there are several other provisions that further narrow the circumstances under which this law could be enforced.
If your personal computer is not being used by a child, and you're not distributing software to children or devices used by children, then there are no circumstances under which your actions could violate this law.
As others have pointed out, this is just a foot in the door. There's also a part of the law this article doesn't cover that requires EVERY application to query this information on every launch, regardless of whether or not the application has any age related limitations.
So it looks like the law only requires it on first launch. Which makes sense if the application can only be run from that one account. Apps that can be launched from multiple accounts are not singled out in the law, but the spirt of the law would have you checking what account is launching the app and are they in the correct age range.
I was just at some .gov site from another HN post. It asked are you Over 18, I clicked No out of curiosity. Showed Access Denied, but the buttons stayed. I clicked Yes, and got in. I don't attribute to stupidity that which is clear malice. They'd don't actually give a flying fuck about what "kids" can get to, they only care about controlling everyone, of every age, as much as they possibly can.
I agree, I don’t like it as much as you do. I’m just saying nothing short of a mandated TPM will actually enforce this. I think they know that.
I think this is mostly for show to stay relevant wrt. What is happening in the courts. This is the Same play as it always been for registration “are you over the age of 13?”
I actually prefer an OS-level API for Age verification rather than treating everyone as a child-by-default unless they upload their personal information to some random vendor.
BUT this is obviously not the right way to implement this.
It says users, on account creation, must indicate their age or birth year (or both) and that programs must have access to that info, but I don’t see any requirement about checking whether what the user enters is correct.
What does make it weird is that it requires account holders to enter that data at account creation, and it defines an account holder as ”an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state”
So, kids are allowed to create an account, but then, an account holder has to enter their age or birth year.
To top it of “a parent or legal guardian who is not associated with a user’s device” is not an account holder, so let’s say a 15-year old buys a laptop or smartphone and wants to set it up. There’s nobody associated with the device, so there are no account holders. Who should enter that age info?
On many smartphones, having a grown-up create an account first won’t work, as there’s no way to set up a second account.
How is this an OS concern? Shouldn't age verification be a government concern to implement a system which does a privacy preserving verification? And until such a system exists, there should be no laws about online verification at all?
This is a really strong example of how both the left and the right have been moving away from liberalism (ie, "classical liberalism," the general belief that people should be free to make their own choices and pursue their own interests) for the past 16 years or so. A bill like this could have just as easily come from Texas.
Practically, I think this is tough. How does a business verify their 20k Linux servers in AWS? What prevents Linux users from simply modifying their code such that they no longer do age verification? I think it's easy to imagine circumventing this one law, but this is another brick in the wall. Maybe your bank stops working on Linux. Maybe major websites stop working unless they get your citizen ID and age verification data from your OS. Maybe no one makes a browser that doesn't try to grab that information.
Not joking; stock up on books and keep a collection of media that you own personally. Perhaps your linux computer will start looking a lot like your PC from the early 90s: not connected to the internet, just used for word processing, some installed games, and media.
Is this the end of "smart" washing machines and refrigerators?
I can imagine Samsung asking for the user's age every time you want to grab a snack and refusing to unlock the door otherwise.
Or perhaps... they could add a camera to the fridge and send a stream 24/7 to their servers so they can identify the age of whoever opens the door. For complying with the laws of California, honestly!
Hmm i think at te moment its only Linux that has by default local only accounts except if being used in some sort of SSO environment .
Microsoft has been pushing aggressively to deprecate the local and funnel everyone to Microsoft online accounts , while Android and macOS/iOS are already in such a state by default.
Coupled with the same accounts being used for online login, looks like a feature creep panopticon in the making. With Linux lucking out be default.
Although it appear stupid, maybe an OS level endorsement of user age is actually a more reasonable middle ground than delegating mandatory age verification to data brokers...
It still parents that usually buy the computers and set up the différents user accounts. So the responsibilities would be put back in their hands as machine owners to correctly tag kid's accounts. OS vendors would then only be responsible to accurately transmit this declarative information to requesting App/services.
Of course some smart kids are gonna find a way to bypass that (as any other mesure you can imagine, because kids are smart). But nonetheless we could have a good enough OS level declarative age for 95% uses cases and send to the trashbin all the age verification creep that is the current trend.
It's also completely pointless because users routinely use shared accounts. It was thus on the WinXP machine at home, and still is today on iPads and android tablets. Yes, Apple has made it dysfunctional so that rich people will get one iPad per person, but many children use games and social media apps via their parents accounts. Who is going to set up an AppleID for their 8 year old? (Well I did, but normal people?)
The people who wrote this law work for Microsoft and think people have individual laptops and phones with a cellular plan. They care nothing for user privacy, in fact they want persistent digital identifies for advertising.
I couldn't have said it better myself. My loved ones don't share my opinion, which makes me wonder if I'm sane or if they're not exercising their freedom.
> …requires an account holder to indicate the birth date, age, or both, of the user of that device…
The way I read that, you just have to ask for an indication of age. Like when I'm not logged in to Steam and I want to look at a game with blood, it asks for a birth year and I pretend to be 109. That's not exactly "age verification." Am I missing something?
Who is actively lobbying against the “war on root access”? Which are the NGOs/PACs/non-profits with the best track record of getting results here? FSF and EFF come to mind, but I can’t think of others and don’t know of track records for any of them.
10/13/25 Chaptered by Secretary of State - Chapter 675, Statutes of 2025.
10/13/25 Approved by the Governor.
09/24/25 Enrolled and presented to the Governor at 3 p.m.
I'm under the impression anyone doing nefarious things online are probably more-than tech savvy enough to not install an OS that rats them out...right?
Isnt that literally one of the first rules of the DNM Bible?
Will kids raised on it not know anything different? Seems a path to reduce computer literacy. Then again, being blocked from doing something I wanted is what lead me to find ways around said block. But I already had unrestricted access to the system to bend it to my will. Seems like these kinds of systems won’t allow for the user to learn how to works at all. It’s a mystery box.
One thing that's happening is that attestation is being plumbed into the web itself. CloudFlare and Apple have a collab where Safari will inject tokens that let CF know that the request is coming from a blessed device. In a world where all websites are being crushed by bot traffic, expect that Goog pushes on their own integrity initiative in Chrome in the next year or two.
> apply the privacy and data protections afforded to children to all consumers and prohibits an online service, product, or feature from, among other things, using dark patterns to lead or encourage children to provide personal information beyond what is reasonably expected to provide that online service, product, or feature or to forego privacy protections
My question, is if "the children" are worth protecting, why not adults? I would like to opt into not having to deal with dark patterns. Why not a age independent system, which a user can opt into and which "children" are automatically optd into.
Governments that require age verification for operating systems to protect children also drop bombs on civilian neighborhoods, fight wars that orphan millions and tolerate child labor, exploitation, poverty.
History teaches us governments are the best at protecting children.
Isn't it possible to jam and deny with any remote auth dependency?
Recently after we spent hours getting a Chromebook set up after a "Power Wash" due to remote auth failure, it wanted the old password and there was no option but to wipe the device.
They held our homedir hostage with required remote auth.
We were not able to log into our computer and lost all of our data because of remote auth.
Secure critical systems must not have a centralized remote auth dependency that can be denied.
clearly there's something I don't understand (or is the law just really this stupid?) - but what would this even look like for linux? every user account requires an associated age?
but users don't have a 1:1 mapping to the people that log into them. linux users that aren't used by any particular person, but by a particular _service_ are common. so are linux users that could be logged into by any number of people, and which have no specific single owner.
Little bit picking at straws but I sure would love to find some way to punt this law. Medtronic has an insulin delivery solution which involves the distribution of a custom Android phone with a closed source app. Other fields in medicine do this as well as a matter of course, so that they can guarantee clinical operation on that particular device (rather than risk app operation on Android device fragmentation) and get OK’d by the FDA. The FDA testing process can take upwards of 4 years, and is usually cleared for -specific- operating system versions (which, by the end of testing, can be very old).
I wonder: since that operating system needs to attest and (vaguely) eventually report an age and other identifiers to a government API and app developers, will that report violate HIPAA?
"This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains."
This is obviously a law so poorly written that it'll never pass a court challenge. Assuming anyone brings one.
A new California law says all operating systems, including Linux, need to have some form of age verification at account setup
Curious how they plan to do this. Maybe digital rights management tied to TPM. If so it will take 3 ... 2 ... 1 .... cracked ... spoofed. DVD's were cracked with Perl. Curious what language this will be cracked in.
I know this sounds absurd. But let me try not to be cynical and explain how we got here, according to what I understand:
First, let's admit the push for age verification laws isn't a partisan or ideological thing. It's a global trend. This California law has bipartisan sponsorship and only major org opponent is the evil G [1]. While age verification is unpopular in tech community, I imagine a lot of average adult voters agree that limiting children's access to wilder parts of the Internet is a good thing.
On this premise, the discussion is then who should be responsible for age verification. The traditional model is to require app developers / website owners to gatekeep -- like the Texas and Ohio laws that require PornHub to verify users' IDs. But such model put too much burden on small developers, and it's a privacy nightmare to have to share your PII with random apps.
This is why we see this new model. States start to believe it seems more viable to dump the responsibility on big tech / platforms. A newer Texas law is adopt this model (on top the traditional model) to require app stores to verify user age (but was recently blocked by court) [2]. And this California law pretty much also takes this model -- the OS (thinking as iOS / Android / Windows with app store) shall obtain the user age and provide "a signal regarding the users age bracket to applications available in a covered application store".
While many people here are concerning open-source OSes, and the language do cover all OSes -- my intuition is no lawmaker had ever think about them and they were not the target.
It's not stated here, but is it implied that app platforms that, themselves, have an "app store", would be required to read this datum and pass it to their app store?
For example, I've got a map application on my phone that lets me download maps, widgets, POI lists, etc. from their app store. It seems like enabling that age signal through this exchange is exactly what the politicians are looking for.
> "That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure."
I've been working around the Microsoft user-creation requirement for years. Looks like they were ahead of the game. CA is marching towards private-business surveillance. What could go wrong?
All the law asks is that 'adduser' asks for their birthday; and and age restricted software checks this on installation.
Given we already have software it is illegal to sell to children this seems like an easy win? (Obviously it is still down to the parents to ensure the account is setup correctly)
No. Age verification law is not a partisan or ideological thing. It's a global trend. This law is sponsored by both parties: https://calmatters.digitaldemocracy.org/bills/ca_202520260ab... , and Texas has a newer law (App Store Accountability Act) that requires app stores to verify user ages and obtain parental consent for minors.
There are already "App Store Accountability Act"s present in Texas and Utah. I believe South Dakota is the other state that has one in their House right now. So no, this isn't California being a nanny state. Actually, California's is a lot better than the ones found in other states since literally you're allowed self-attestation of your age bracket (i.e. you don't have to supply an ID or some other such mechanism for independent verification). It's literally the equivalent of what they used to do with porn sites back in the day when they would ask you if you were over 18 -- and if you said yes, well, we tried! (Gold stars for everybody!)
In all seriousness, though, this is the only way where politicians get to pretend they did something and the rest of us get to avoid getting royally screwed. If parents were given dumbed-down versions of the tools that already exist to manage corporate-owned cell phones and laptops then there'd be a lot less for people to complain about (not that it would stop perpetually incompetent parents from pointing the finger at everyone but themselves for their own failings, of course, but at least the vast majority who AREN'T those people would be satisfied).
Will this only apply to an OS with human user accounts? I wonder how autonomous agents that are operating systems running on bare hardware are defined under this strange law. Not all OS are for humans. Consider many uni-kernel applications.
It doesn't require age verification, only age attestation.
More significantly, it does require all applications (from "covered application stores", but which has a definition for that which seems to include not only what you would normally call an app store, but any website or other source from which an app can be downloaded) to check the age signal provided by the OS when the application is "downloaded and launched".
While it is poorly drafted, circular, and self-contradictory on some definitions and other points, it arguably seems to prohibit age verification within the scope of apps it covers, in that:
(1) It requires all OS's to have an age attestation feature,
(2) It requires all applications to use the age attestation feature,
(3) It requires developers of applications to rely on the info from the age attestation feature as the "primary indicator of a users age range for determining the user's age", with the only exception being if the developer has internal (not external) information which is "clear and convincing information" that the user's age is different from what is signalled by the OS.
This thing is so broadly-written, the only thing saving you from needing to give you age to your toaster is that it's not a "general-purpose" computing device. Never mind that it can run DOOM...
If age attestation in the OS becomes law, there's much less friction afterwards to pass another law to have age verification as well. It should not be humored under the mistaken belief that "it's just age attestation in the OS - nothing invasive about that".
Bill text (it’s longer, but the rest is mostly definitions of the terms used here):
1798.501. (a) An operating system provider shall do all of the following:
(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:
(A) Under 13 years of age.
(B) At least 13 years of age and under 16 years of age.
(C) At least 16 years of age and under 18 years of age.
(D) At least 18 years of age.
(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.
(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
(2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.
(B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.
(3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
(B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:
(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.
(B) Share the signal with a third party for a purpose not required by this title.
The definitions of the terms are completely bananas
The language is so broad it seems to cover all software that exists and is accessible via the internet, and every install of an operating system on any kind of machine
> (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
> “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
> “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
So any piece of software you can download from the internet will be required to check this "signal" made available by the os?
> “Covered application store” means a publicly available internet website,
Client side JavaScript can be considered an application, and then ad business would need to first verify that I am over 18 in order to allow me to see their ads.
So my Garmin watch, my Home Assistant OS, maybe even my Shelly devices?
I want to know who is behind these laws like this one and the 3D printer gun verification, that seem to pop up across state legislatures all at the same time.
How does that apply to windows server with active directory for a school ?
Does that mean that the admin will have to manage dob of every student when creating accounts ?
> A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.
>If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
So, I have a button "I'm older than 18" on my app but the signal is "under 13", I can decide that the user is older than 18 ?
So because there is no requirement for the age to be accurate, it would be pretty easy to say "all student accounts are the age of the youngest allowed school entrant for that school year", right? That resolves the age issue and also prevents both PII leakage as well as possible school bullying opportunities.
> Does that mean that the admin will have to manage dob of every student when creating accounts ?
That already happens to some extent although the mechanism by which this happens might depend on the school district, etc. The `dateOfBirth` LDAP attribute is probably the most obvious method (which admittedly should probably not be used due to the ease in accessing this info in the default configuration) but there are others.
In secondary school when my account was set up we were told that our initial password (that we had to change on first logon) was our DOB
Two important definitions that might surprise people:
(a) (1) “Account holder” means an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state.
(a) (2) “Account holder” does not include a parent of an emancipated minor or a parent or legal guardian who is not associated with a user’s device.
(i) “User” means a child that is the primary user of the device.
User is the most surprising here. It really should just be minors, or non-emancipated minors. Further, I think there are interesting ways the definition of account holder and user combined play out in interpreting the rest of the law.
How long until they add a 21+ category to this bill, though? Insofar the use of it would be for gambling and CA doesn't even have mobile sports betting.
Headline is wrong. There is no verification requirement.
All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.
In the US maybe, but where I am you can't fap in peace without using a VPN or have some kind of age verification. Some of them being baroque. Example:
"We analyze your email’s digital footprint (history and reputation) against trusted databases. This is often enough to confirm that you're of legal age."
It seems to come down to whether you expect the next law to be taking the enforcement mechanism away from the parent. If the law was, "major operating systems must ship parental controls that actually work" I doubt you would see much pushback. Parental controls is an oft cited reason to give your kids Apple devices. Expanding that everywhere would be great. But I don't want to have to present my government ID to use my own computer.
There’s a concerted global effort to push this legislation. It’s also been proposed in Colorado and, some version of it’s been passed in the UK and Australia.
Feel free to call me paranoid for seeing patterns where there are none but this to me looks like just one phase of a preparation for a very large event entirely unrelated to every age verification reason given thus far. I won't guess any further. "I'm a good boy."
I really hate this new world where one jurisdiction - California, Europe, wherever - makes a law and suddenly every other jurisdiction has to comply because the law-making jurisdiction is big enough that tech companies can't abandon it.
And since it doesn't make sense to have dozens of different versions of their apps, they write to the strictest jurisdiction's laws.
If everyone has the power to make laws that apply to everyone...it's chaos.
Beige PCs. Made to comply with German workplace-equipment laws. Yes, the Bundestag legislated the color of office equipment. That has always been the way of fhe world.
Wow, TIL. Thanks for mentioning this. I ran across this as I was researching the background:
> The "beige box" era was largely the result of strict German workplace ergonomics standards (specifically the TUV and DIN standards) that became the de facto rules for the entire global industry. The law didn't explicitly say "thou shalt use beige," but the regulations were so specific about light reflectivity and eye strain that beige (or "computer gray") was essentially the only compliant option.
I figured California would have been against the age verification on the adult sites like Texas and some other states are doing but then they go and 1UP them and decide to require age verification on the whole OS
This is a weak read of the situation. I’d sure as fuck rather enter a date of birth or age profile on my computer than send my photo id to random websites to verify my age. One is clearly better from a privacy standpoint.
"Self, are you 18 years old?"
"Why, yes I am."
"OK, self, please fill out a 27B stroke 6 form in your head."
"I've completed it."
"OK, self, I've validated it."
I don’t think the title is correct? All OS must have age profiles that external sources can query. There’s nothing explicit that checks the age itself in the law?
What about embedded RTOS, like WindRiver or Zephyr? What if I write a memory manager and flash storage file manager for a really barebones MCU like a PIC? It didn't even define what an operating system is. What constitutes an update? If a security patch to DOS 6 came out, would it suddenly be required to have this tech? Is z/OS going to have this tech?
Overall, I think don't think it's a bad idea for devices to be able to host an age verification system that offers requestable boolean proof of age, like if porn site demands over 18 to view, the user, regardless of age, is prompted and if they accept, it returns either a positive cryptographic claim or a cancel signal if not of age. If they don't accept the prompt, the same cancel signal goes back. The idea that this feature would need a mandate of law is dumb.
Sure, I'll ask where the user is located, and if they choose California, I'll ask them for their age. And if they choose over 21 I'll scold them for voting for Gavin.
Ask where the user is located and if they choose California tell them that your website/service/OS isn't available for users in CA because you will not be complying with this law and they'll have to go elsewhere.
Are there app stores on Linux? Yes, that's what FlatHub and Snap supposed to be.
So what, should Canonical just block Ubuntu downloads to anyone in the state of California? No security researcher is going to download an operating system that asks them their age for example. I feel like it draws a red line for me also.
This law is so completely insane. It sounds like it was written by some Apple fanboy to whom there is no other operating system other than Apple. The very state that spawned GNU and BSD is the same state that is not only demanding your data but enshrining its use in spyware in law.
The actual age verification is being able to install windows yourself and being allowed to do so by parents. So the next thing is TPM to make sure you can't get the silly idea to reisntall it and set a different date
Feels like they're trying to implement a new wide-reaching protocol/spec by requiring it by law first, then expecting someone to magically develop something, and god forbid it's a different standard than anyone else's.
By next January there will be 30 different methods of age input signalling between OS and application. And then by 2030 we might have the top 3 adopted as established defacto standards.
Remember in that South Park episode where Cartman had a V-Chip[0] installed in his head and he would get shocked if he said big floppy donkey dick?
In all honesty the V-Chip was meant to protect children.
Age verification and identity assurance[1] is meant to reduce online banking fraud and combat terrorism/espionage.
Whats next outlawing encryption with Clipper Chip[2] 2.0 and saying its to save the whales? I guess we have QUIC and other DRM tech to ruin our day so it doesn't even matter.
I would prefer we drop the think of the children[3] charade and act like adults and get serious about online crime/fraud/terrorism and maximizing online banking.
The biggest problem with this thought domain is that the internet is global and we are thinking at regional, national, and state levels. For so many years everyone has heard complaints about the great firewall of China only to build our own? I guess we have no other choice since bad apples spoil the bunch[4].
this looks like law created for age or identity verification providers (persona etc). No one would build it from scratch. It will be passed to these providers.
What a ridiculous law, smells of some sort of frog boiling scheme to me.
step1: "lets see if we can get away with imposing a small easy requirement, you know 'think of the children'"
step2: "now that we have a foot in the door, lets see if we can get some real tracking in place, for the children of course"
Anyhow: as far as I can tell compliance on linux would be as simple as
echo $YEAR_BORN > ~/.config/ca_ab_1043
It's an accessible interface(it is the same user interface many linux programs use), applications can use a well known api to access the data.(using the common unix filesystem interface) and it only presents the minimum needed information to the application.
> Assembly Bill No. 1043 was approved by California governor Gavin Newsom in October of last year, and becomes active on January 1, 2027
It was already approved? This seems wildly invasive, and CA can't even pretend they're doing it to stop porn. CA is just monitoring citizens for the love of the game
I can't keep up with all these attacks on personal computing/libre software/the web.
- AI causing RAM/disk price shocks and shortages
- Google attempting to lock down Android
- The EeYou codifying the Google-Apple duopoly into age-verification legislation
- Age verification requirements spreading rapidly
- AI scraping meaning many sites have WAF rules set to 'max'. It's getting extremely hard to browse the internet with a VPN + privacy features such as WebGL blocking etc. Geoblocking seems to be on the rise too (eg Trenitalia, Aegean Air).
- Governments wanting backdoors on devices
- Broadband price increases (10-25% rises are being baked into annual contracts here in the UK)
It seems in 2026 they've really gone full speed ahead.
What is the future going to look like? A Government-approved Apple OR Google spying device for the things you need to exist as a citizen... and a bunch of paper books/library cards/porn mags?
It’s a shit law, but it’s publisher- and distributor-targeted, so the overly-dramatic armchair-rebels in the forum can calm themselves; nobody’s coming after the person with a Linux machine bc it’s not compliant. Because it’s a state law, Cali will have geo-fenced app stores and this’ll just accelerate the breakout from manufacturer-maintained app stores. Websites that host downloads will just have a user attestation that they’re not Californians and be hosted abroad. There’s also no verification method; it’s literally just a requirement that account creation asks for an age - something websites do all the time and is not remotely burdensome, just ask all the ones convinced my DoB is a year and 4 months after my actual.
Apparently the redacted politicians that were caught raping and murdering little boys and girls in the Epstein files are entitled to a higher level of privacy than either you or me.
This is Big Tech manipulating us to be against regulations on their platforms including preventing pedophilia on Instagram, Twitter, Snapchat, etc. I'm still very much so in favor of regulating them. This smokescreen of a policy isn't going to confuse me.
Aha... Interesting, I'm the sysadmin of myself so I verify myself that I'm entitled to be root on my iron. Sometimes politicians reveal themselves in their future program dreaming things like mandatory online accounts on corporatocracty-controlled servers for all...
California Assembly Bill 1043 requires OS providers (including Linux) to add age verification at account setup, prompting users for birth date/age to signal age brackets to apps in covered stores.
It may violate privacy by enabling data collection/misuse beyond age checks, similar to UK/Discord issues; no explicit civil rights violations noted, but could restrict access for adults/minors if misapplied.
Benefits: Enables age-appropriate app content, protecting minors.
Drawbacks: Privacy risks, enforcement hurdles (e.g., Linux disclaimers like "not for California use"), aligns with global trends amplifying concerns.
An updated deep dive by Mr. AI returned the following analysis:
Official link: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
Revised pros: Enhances child safety via non-PII age brackets for app compliance; data minimization limits info shared; anticompetitive prohibitions prevent misuse; good faith shields from liability.
Revised cons: Setup requires age input, risking misuse despite safeguards; enforcement challenges for open-source OS like Linux; increased developer liability for signals; potential access restrictions from errors or misreports. No clear privacy/civil rights violations for adults/minors, but implementation costs and global trend concerns persist.
My thoughts:
California lawmakers keep turning the screw more and more to the left with AB 1043 being introduced by Democrat Buffy Wicks. Though it has bipartisan co-authors (8 Democrats, 3 Republicans) and passed the Assembly unanimously (58-0), it still feels a bit authoritarian to me. The California Assembly political divide is very left leaning with Democrats controlling 60 seats and Republicans 20 for a total of 80 with Democrats controlling a supermajority.
What's to stop someone from building their own Distro using LinuxFromScratch to bypass this new restriction? Nothing, in my view!
Which I had money cause, Florida looking good about now.
One could cope that this regulation can not apply to Linux or other OSS operating systems. But this is only true unless the bootloaders on consumer devices are mandated to be closed next.
We already have Secure Boot, the infrastructure is in place. It is currently optional, but a law like this can change that.
> (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
This is basically any program.
> (e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
This would include any package manager like dnf/apt/pacman/etc. They facilitate download of applications from third parties.
> (g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
This sounds to me like it would include distro maintainers. They develop and/or control the OS. Also, would this include the kernel devs? How would they be responsible for the myriad of package managers.
The overall law reeks of politicians not knowing what they're legislating.
You know the non-governmental organization "Save the Children"? Maybe it's time to create a new one called "Fuck the Children" to defend people from these laws designed to mine privacy under the pretense of protecting minors.
when you force someone to signal status as a minor, you are forcing them to wear a target, hostiles will not have so much work to find minors, now they only have to contact, groom, and offend.
The fact that bill breaks kids down by specific age groups makes it seem even creepier. Want to target 13-16 year olds? Prefer kids under the age of 13? California is helping predators by making sure they can tell which group every child's username falls under!
Buffy Wicks obviously should not be legislating APIs. But I think it's funny how badly this misinterprets the situation. The local user account on a computer has never been less relevant than it is today.
It puts the infrastructure in place to do all of those things if a future(?), authoritarian regime wants to.
* It also reveals that visitors to any site are children, compromising their privacy and opening them up to targeted advertising
* The data will undoubtedly be added to the accumulated, traded databases so many services use
* The bill makes onerous demands of developers to consider other items that may suggest the user is actually in a different age bracket, like doing websearches for "toys" (child) or "toys" (adult) - which works what percentage of the time, exactly?
* And it's totally ineffective, since kids can look at porn anywhere they want, or internationally, regards of useless bill like this
The most egregious part of this bill is that:
* It legislates that if kids connect to a website, that website can query their age brackets (an "age signal"). This means their approximate age is revealed for kids-specific advertising, manipulation, or even sold to a pedophile group.
A DEVELOPER SHALL REQUEST AN AGE SIGNAL WITH RESPECT TO A PARTICULAR USER FROM AN OPERATING SYSTEM PROVIDER OR A COVERED APPLICATION STORE WHEN THE DEVELOPER'S APPLICATION IS DOWNLOADED AND LAUNCHED.
Basically SB 26-051 creates a mechanism that can be used to harvest the data that certain users are kids and then sell that data to anyone who will pay for it.
Data like this is traded internationally, which makes it tragic that elected lawmakers would waste time pushing a bill whose only mid-term effect would be making Colorado less attractive to developers and software companies.
The irony is that normally your kids would have been protected, by standard practices, from having their age exposed. This bill reverses that, putting your children at more risk.
The bill also would force many devices to provide age bracket data that are surprising to most people, because this part:
"DEVICE" MEANS ANY GENERAL-PURPOSE COMPUTING DEVICE THAT CAN ACCESS A COVERED APPLICATION STORE OR DOWNLOAD AN APPLICATION.
... means anything with Internet access and storage. This includes smart televisions, thermostats, tablets, smartphones, smart watches, some fitness tracking devices, some smart toilets, and so on, all potentially reporting your activity on demand, even if that back-end service has nothing to do with porn.
The bill is also poorly structured. Clearly it's intended to focus on services like app stores (Android, Apple), but by attempting to integrate support for this into operating systems, makes it available to hostile actors for any purpose worldwide. Further, it requires developers to guess whether other available information on a user might mean they're really in a different age bracket, exposing them to fines of $2500 to $7500 per minor "affected" (note: "affected" is not defined in the bill). The exemptions give blanket protection to developers working on for-internal-use software, but give no exemptions to recreational programmers. non-profit personal software, university projects, and so on, casting a chilling effect across software engineering generally.
Lastly, the bill is ineffective. Most of the web runs on Linux, a coöperative international effort, nominally controlled by one man in Finland. There is no chance of this bill's mechanism being implemented in this context. Nor will other developers be especially interested in rewriting software for this Colorado-specific bill. Further, the kids supposedly being protected from all the Colorado native porn sites would just web-browse to nearly any porn site and be outside of Colorado anyway, if not outside the US entirely.
These sponsors aren't alone. Most elected lawmakers are equally bad at technology and protecting democracy from the threats that come from chipping away at privacy protection. Bills like this appear in other states all the time, despite being toothless, easily circumvented by kids (who trivially circumvent even face photo hurdles), or radically compromising the privacy of adults (like this one).
There's also the long game, where these sometimes Democrat-led bills in various states could eventually see a much deeper-reaching federal one, where, instead of a "age signal", the user's computer must send an "ID signal", allowing all personal interactions with the Internet to be tracked, analyzed for political and other biases, and used by backbone firewalls to control exactly what people are allowed to read. Very handy for a dictator who might want to block off "fake news".
This is only a hypothesis, but one has to wonder whether sponsors to such bills even care if the bills work or pass, since either way they still get to claim they Protected the Children! even though the bills themselves violate privacy for everyone, often cause websites about breast cancer to be censored, or pave the way for authoritarian control - something this one stands out for. The only thing really surprising is that this bill wasn't sponsored by MAGA Republicans deliberately to add another paving stone to the road to national censorship.
I urge everyone to get in touch with other Colorado representatives to call for a fight against this travesty of a bill. Further, I would excoriate the two sponsors by email and phone, and tell them now that you will not reward this sort of juvenile lawmaking with your vote. Lastly, tell other people about how Matt and Amy plan to strip away their privacy in a way that puts children more at risk than doing nothing.
Good luck enforcing that in linux, simply because open source community agreed to never agree on anything. The strength of anything is also its weakness, always.
Ok. No more linux in california. Forget silicon valley. Forget all the supercomputers at research establishments. Forget all the smart TVs. Forget all the cars with in-dash computers. Let's see how long california can keep its lights on without embedded linux.
In all seriousness, rather than comply, linux distros should enforce this law. Any linux install that detects itself being in california should automatically shutdown with a loud error message. I give it a week before a madmax situation develops.
It would have to be done at the license level and with litigation. Anything relying on code to be added, would be removed. And probably, trying to do the license thing would force some people to fork the software.
I will start making a list for linux then.
rm - ok for all ages.
grep - 18+, you can obviously use this to search for porn.
find - 18+, see grep.
reboot - ok for all ages.
echo - ok for all ages.
cat - 18+, prints the porn you found directly to your terminal.
sudo - 18+, obviously.
kill - ok for all ages. This is the US, right.
ps - 18+, no peeping at other processes.
> echo - ok for all ages.
> cat - 18+, prints the porn you found directly to your terminal.
Sound good in theory, until you realise that any teenager knows perfectly well how to trivially get around the lack of `cat` to read their terminal smut:
Simply require per-use parental consent for fopen.
I am sick and tired of these teenagers and their sharing of bash oneliners on insta.
2 replies →
rm - between -i and -r this is just a less efficient way to search for porn
reboot - you never know what the sysadmin might have loading on boot, unsafe as it could load porn
echo - ASCII art would like to have a word
kill - I know the US will have mixed feelings, but communicating with other processes might allow them to send you porn
ed - 45+ nostalgics only
rm needs to be 18+, kids could use it to cover their tracks.
The absence of evidence is not evidence of absence.
>reboot - ok for all ages.
I'm not so sure, who knows what woke UEFI and edgy motherboard vendors are putting up as splash screens these days. And the law doesn't even consider those since they aren't part of the OS!
There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place." There are just too many examples. For instance:
- Microstamping requirements for guns—printing a unique barcode on every bullet casing (Glock gen3 cannot be retired, thus, the auto-mode switch bug cannot be patched...)
- 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems
- Now, you need to verify your age... on your microwave?
At this rate, California should just go back to the Stone Age. Modern technology is simply not compatible with clueless politicians who are more eager to virtue-signal than to solve any actual problems or even borther to study the subject about the law they are going to pass. There will be more and more technology restrictions (or outright bans on use) in California because it's becoming impossible to operate anything here without getting sued or running afoul of some overreaching regulation.
The incentives are all wrong. You can serve up to 6 two-year terms in the Assembly or up to 3 four-year terms in the Senate, but regardless of which combination you do, nobody in the California legislature can serve more than 12 years combined across both Houses of the legislature.
So we don’t have professional legislatures with long-term electability incentives or leadership goals, we have a resumé-building exercise that we call the legislature. They’re all interchangeable and within 12 years, 100% of it will be changed out.
> So we don’t have professional legislatures with long-term electability incentives or leadership goals
Raises an interesting question of who is less popular, the Californian government or the US Senate. The experiments with long-term professional legislatures have generally not been very promising - rather than statesmen it tends to be people with a certain limpet-like staying power and a limpet-like ability to learn from their mistakes. In almost all cases people's political solution is just "well we didn't try my idea hard enough" and increasing their tenure in office doesn't really help the overall situation.
10 replies →
That's a non sequitur. Creating long-term professional politicians is not going to create legislators competent in the various domains they legislate on. It's going to create politicians competent at being elected long term, whatever the means.
1 reply →
Your solution to politicians being out of touch with reality is to let them remain in office longer?
4 replies →
It is interesting that this is a mainstream existing thing in the US (at the state level), but more of a fringe proposal in the rest of the English-speaking world.
I think the answer may be that the difference in political systems (parliamentary vs presidential) and party systems (less two-party but with greater party discipline) solves many of the problems term limits are intended to solve in completely different ways.
Maybe a better answer would be for US states to adopt the parliamentary system? Although there is some debate about what the "republican form of government" clause means, it arguably doesn't rule out parliamentary republicanism, and Luther v Borden (1849) ruled the clause wasn't justiciable anyway. Added to that, the widespread practice in first half of the 19th century, in which governors were elected by state legislatures, was de facto the parliamentary system. I don't think there is any federal constitutional obstacle to trying this – it is just a political culture issue, it currently sits outside the state constitutional Overton window.
While you could adopt the Australia/Canada model of a figurehead state governor/lieutenant governor with a state premier, I think just having a premier but calling them "the governor" would be more feasible
5 replies →
And yet, term limits are something many people want in the hopes that it will solve some of the problems in Washington DC.
There, the professional legislators can't get anything right either.
Do you think there's a middle ground of increasing the term limits to, say, 18 or 20 years?
14 replies →
Long term tenure won't help. Look at the Federal government. Eventually you end up with a hospice center as your legislature.
> professional legislatures
That should not be a profession.
Decisions should be made by people who are the most informed about the subject matter. By definition you cannot have someone who is the most informed about everything.
5 replies →
I’m more curious in the genesis of these laws, whether their sponsors received written suggestions or ghostwritten bills, etc. as a form of parallel construction.
It seems all at once, everywhere that many groups that have a vested interest in forcing precedent and compliance of non-anonymous access across the computer world. It smacks of something less-than-organic.
I was curious about your question and googled. Here's the legislative history of the law: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm....
Reading the first analysis PDF:
> This bill, sponsored by the International Centre for Missing and Exploited Children and Children Now, seeks to require device and operating systems manufacturers to develop an age assurance signal that will be sent to application developers informing them of the age-bracket of the user who is downloading their application or entering their website. Depending on the age range of the user, a parent or guardian will have to consent prior to the user being allowed access to the platform. The bill presents a potentially elegant solution to a vexing problem underpinning many efforts to protect children online. However, there are several details to be worked out on the bill to ensure technical feasibility and that it strikes the appropriate balance between parental control and the autonomy of children, particularly older teens. The bill is supported by several parents’ organizations, including Parents for School Options, Protect our Kids, and Parents Support for Online Learning. In addition, the TransLatin Coalition and The Source LGBT+ Center are in support. The bill is opposed by Oakland Privacy, TechNet, and Chamber of Progress.
This law doesn't do anything that prevents non-anonymous access. Here's how you would access things anonymously if you bought a new computer that implemented this.
1. When you set up your account and it asks for your birthdate, make up any date you want that is at least far enough in the past to indicate an age older that what any site you might use that checks age requires.
2. Access things the way you've always done. All that has changed is that things that care about age checks find out you claim to be old enough.
The only people it actually materially affects on your new computer are people who cannot set up their own accounts, such as children if you have set up permissions so they have to get you to make their accounts.
Then if you want you can enter a birthdate that gives an age that says non-adult, so sites that check age will block them.
From a privacy and anonymity perspective this is essentially equivalent to sites that ask "Are you 18+?" and let you in if you click "yes" and block you if you click "no". It is just doing the asking locally and caching the result.
13 replies →
> It seems all at once, everywhere that many groups that have a vested interest in forcing precedent and compliance of non-anonymous access across the computer world. It smacks of something less-than-organic.
I think you’ve nailed it here. How many of these people campaigned on this issue? Where were the grassroots to push this? Where did this even come from?
Somebody, somewhere - with a heck of a lot of money - wants to see this happen. And I don’t think they have good intentions with it.
Conservatives discovered a cheat code to get: (a) people to have to identify on the computer everywhere and (b) control what they can do with and without this identification.
Of course they are copying the play everywhere.
Death threats mainly. Personally I think it would be easier if they just made it so that platforms ran a tiny LLM against the content that will be posted - determined if it is a death threat, then require them to be identified before it's posted, then it would solve a lot of these problems.
TLDR: Evil people be doxxed internally not everyone.
12 replies →
> There's an obvious theme with lawmakers in California
You can remove the in California
Policies enacted elsewhere usually don't have the Brussels Effect.
2 replies →
The California part is partially to highlight the fact that its a very liberal state and this is the kind of laws that liberals pass, but people fail to realize that all of these laws come from Republican lawmakers, as there are plenty of right wing people in California.
Young people generalize everything and end up not solving problems.
Older people have already seen all the patterns, and realize you have to focus on specifics, and that helps clean up the general issue.
2 replies →
[dead]
[dead]
this
Yeah but let’s not and say we didn’t.
2 replies →
> they pass laws to regulate things they have zero clue about
While you are correct with this statement in this context, I would say it applies to most things in government in general.
The vast majority of lawmakers have zero experience solving any real world problems and are content spending everyone else's money to play pretend at doing so.
The reality is, most government "solutions" cause more problems than they solve, after which, they blame their predecessors for all the problems they caused and the cycle continues.
> The reality is, most government "solutions" cause more problems than they solve
The "reality" is that propaganda heavily encourages you to ignore the government successes and only focus on the failures. I'll leave it as an exercise for the reader to determine who benefits from that.
34 replies →
I see Massachusetts as sort of the non-insane liberal counterpoint to California.
Things work here and nobody seems to be passing the "oops my unintended side effects and clueless regulations messed things up horribly." Or, if they do, it is at something like 1/10th the level.
We didn't start warning label spam everywhere. We don't have weird propositions that are causing run-away housing prices. There aren't bar codes on our 3d printers, or cookie banner requirements on every website. Well, ok we do, but that nonsense all came in from other places.
We did pass laws to lower PFAS/PFOAS. That seems reasonable. Government can work.
4 replies →
most government "solutions" cause more problems than they solve
Zero basis in fact. We’re in the wealthiest nation on the planet. Most of us live better than any previous generation. To claim all that success is completely in spite of government is ridiculous.
6 replies →
It's true, and yet there are real market failures that even a very ineffective government can improve on dramatically, like innovation & research output via basic science.
> - Microstamping requirements for guns—printing a unique barcode on every bullet casing (Glock gen3 cannot be retired, thus, the auto-mode switch bug cannot be patched...)
I don't know much about guns, but I assume that would be on the hammer? Couldn't you remove that "microstamping" by lightly filing down the hammer or just using it a bunch and causing some wear?
For most modern guns, it would be the firing pin, also called the "striker". Nobody manufactures microstamped guns, but if they did, the striker is a $20 part you can replace in ten minutes - or you could just spend half an hour on target practice at your local range, because 200 rounds are apparently enough to wear the etching down to illegibility.
2 replies →
How long until we have to scan our assholes to use the coffee machine?
Do you have a term sheet?
we might as well just do a coffee enema at that point
It's not a coincidence the equally clueless citizens are asking for these laws. Like in business, sometimes it's better to do "some thing" when you're not smart enough to do the right thing. Maybe you get there, maybe you don't, but inaction is not looked upon kindly.
I've not met anyone privately who would be in support of this.
There is a layer of indirection at work here. Fake-democracy.
What citizens are asking for age verification? I have met exactly ZERO people who want this. It’s only the authorities who want it.
i did not even think of that! As the current law reads, will smart devices with OSes require age verification? Many IoTs are just tiny Linux versions running on a small processor. This makes all smart GE washing machines, dryers and refrigerators illegal in California.
come to think of it, maybe there is something good about this law. :D
Not just that, but the the copy of Minix in the intel IME of every intel processor.
Not to mention all the printers, routers, etc that run freertos/thread x/vxworks.
> Now, you need to verify your age... on your microwave?
What part of the bill makes you think this would apply to a microwave? https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
And what part makes you think you need to verify your age, as opposed to just specifying it? Nobody is requiring any verification. The only requirement is on there being an interface for you to input whatever age you want to input.
I'm starting to get more and more behind the idea that maybe lawmakers need to be legally accountable for bad laws that they make.
So essentially California is becoming more and more like EU? It's curious to see how it pans out. Maybe EU's model turns out to be better than a more laissez-faire world like the US. Who knows.
What's even more curious is that the California voters seem not care at all. As long as the government can collect more taxes with more altruistic slogans, the voters will stay happy.
Which EU law mandates age verification on my personal computer at home exactly?
Modern technology is simply not compatible with clueless politicians
He may be our next president and this becomes an executive order.
No it’s a mindset thing.
Some people think all problems should be fixed with regulation.
Some people think all problems should be fixed with free market / responsibility.
California and liberals tend to lean to the former. A place like Texas and conservatives tend to lean to the latter.
I think both camps are crazy because it’s a case-by-case basis where you need to consider second and third order effects. But man talk to a die hard regulation supporter or die hard free market supporter and you just want to say “the world isn’t just simple rules like that.”
> Now, you need to verify your age... on your microwave?
Anyone buying or selling a microwave with an app store deserves this mess.
Downvoter (and GP) didn't RTFA. This is addressed in the parts of the law TFA quotes.
Technology is currently worring for a lot of people so the moronic response is to simply reject it.
You can single out California, but I assure you there are asinine laws on the books in most states.
What it takes to become a “successful” politician is typically not what it takes to define good policy.
Democracy rewards mass appeal, and that in turn encourages demagoguery and gives a platform for stupidity. It's been an unavoidable problem with the system since Athens.
Not just 3D printers but all subtractive CNC machines too.
Frankly, look at how hard it was to make a sten. Even just a lathe and a welder is likely sufficient.
What I'm reading of this law is that it requires OS developers to require users select their age (really their age bracket) when making a user account, and an interface for applications/websites to read that user-provided field. I.e. not age verification, but just a standard way to identify if a user is on a child account. If that understanding is correct, how is this bad at all? It's a way to put to rest people's concerns and pearl-clutching over children accessing adult content without every individual app and service provider contracting with Palantir to scan you and guess your age. Instead they can just read the IsAdult header and call it a day. What's the cost to user-freedom? You have to be presented a Date of Birth field or I Am an Adult / Teen / Child selector when setting up a device... a thing that every operating system impacted by this law already does.
It's not enough to just accept the age signal:
> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
Developers are still liable if they have reason to believe someone is underage, even if the age signal says otherwise.
The only way to truly minimize that liability is forcing users to scan their faces and IDs, that is why age verification systems are already implemented that way.
Why should it be law? I am a developer in California, and a long time Linux nerd. If I were to release a hobby on my GitHub for fun, without age verification, am I now subject to fines? Imprisonment? Why should their be a legal requirement?
1 reply →
All the better to do targeted advertisments and underdeveloped minds!
3 replies →
How is this good at all for a free society? You are basically making a "what about the children?" argument. its the parent job to protect their children. why should anyone suffer this b.s.?
4 replies →
At least they did not invent cookie banners.
Yeah, the commercial firms invented them all on their own just to keep tracking customers and oversharing whatever data they gather with random third parties while still getting to complain about stupid laws that require them to do so [0].
[0] https://news.ycombinator.com/item?id=46521179
The printer spyware has an interesting backstory.
A Spanish venture-backed firm is developing some vaporware called Print&Go and has convinced the NY DA's office that it'll permanently solve the Luigi problem.
The best part? This company is drooling at the possibility of getting a permanent rent-seeking license for printers they didn't design, for nonexistent vaporware software that reduces its capabilities.
They frame it as "enhancing 3D printer capabilities," the way a slaveowner would frame putting chains on a slave's wrists as an "employee retention innovation."
Is everyone involved with promoting this software and these laws lying? Of course.
https://blog.adafruit.com/2026/02/08/any-user-who-has-a-3d-p...
Headline is wrong, and you didn't read the article. There is no verification requirement. You are a bad HN poster and should feel bad.
All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.
> There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place."
There's an obvious theme with HN posters about politics—they make cheap drive-by comments about regulations they have zero clue about, based on articles they haven't actually read, cheer for themselves, and declare, "There! I've shown why I'm smarter than all these politics people."
> All this does is require the user to select a non-verified age bracket on first boot.
This is the age verification requirement which you rudely and incorrectly said doesn't exist. Nothing is done with the data (for now) but age is in fact verified on the assumption that the user doesn't lie.
Instead of lengthy condescending missives about the behavior of other users, you should instead write "I'm sorry for being negative and bringing down the quality of discussion."
8 replies →
There is a name for it, feel good policies and cali is not unique.
People who dont understand the problem must pass a solution that makes people feel good. Clean needles, homeless hotels, etc. If they dont make things worse, that is a win.
> Microstamping requirements for guns
Eh, sounds kinda reasonable. Ammo already has unique serial numbers embedded in the butt of every cartridge (in some countries, not sure about the US), and guns do leave somewhat unique marks on the bullets upon firing so... sure, why not. Surprised it took that long TBF, the necessary technology has been commercially available since the early 90s, I think?
> 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems
Yeah, this one's seems unnecessary. Is weapon manufacturing without a license a crime? If yes, then whoever 3D-prints a gun can be prosecuted normally.
> Now, you need to verify your age... on your microwave?
Or on your gas stove. A travesty, really: I was taught how to operate a stove when I was in the second grade and never burned any houses down, thank you very much.
The micro stamping law is in no way reasonable because removing the micro stamping from the end of a firing pin is laughably trivial. The only people who won’t do this are people who weren’t going to break the law in the first place.
Even people who didn’t want to break the law might find themselves on the receiving end of law-enforcement if the firing pin wears such that the micro stamping is no longer identifiable.
The micro stamping law does nothing to prevent the flow of guns to people who should not have them, and does everything to prevent the use or purchase of guns by people who can lawfully own them - which is the whole point of a law like this. The people who make these laws are well aware of this.
The age verification law, coupled with the proposed hardware attestation that our good friend Lennart poettering is working on will ensure that anonymity on the Internet is gone. This is precisely what lawmakers are aiming for. And just like the micro stamping law, the intent of the law is not the literal word of the law.
3 replies →
[dead]
I'm, again, glad to run linux. The distro I run has no affiliated online "account" at all, and I would expect this exempts it from the requirement.
I'm no democrat, although I'm sure as hell no republican, and as a resident of the state, I'm also a routine critic of the California state government.
I agree that a lot of their activities are indeed, performance art in nature.
However I do agree with the identification requirements on guns and ammo.
You can't shoot someone with a computer, no matter what OS you run.
The idea that lethal weaponry is the same as any other consumer product is just not accurate.
Political office in general attracts the sort of people who like the "performance art" parts of it. It doesn't attract the sorts of people who like "getting things done" because the political process by design moves at a snail's pace, and if you actually solved problems you would remove issues run on in the next campaign.
This doesn't have anything to do with democrats and republicans, considering that this bill passed unanimously through every committee and both chambers.
It's about as easy to restrict the proliferation of firearms and ammunition as it is to restrict the proliferation of open source software. Anyone can make functional firearms out of supplies from any hardware store, this is true regardless of how many laws you pass. Look at the weapon that was used to assassinate Shinzo Abe. That was manufactured and used in a country with gun control laws that basically make California's gun control look indistinguishable from Texas. No number of laws have ever or will ever stop criminals with a rudimentary grasp of basic physics and basic chemistry.
You can't put the genie of firearms back in the bottle any more than Hollywood can put the genie of p2p file sharing back in the bottle. Trying to do so is like trying to unscramble eggs. It doesn't matter how valid your desires or justifications for attempting to so are, it's an act of banging your own head against the cold, hard wall of reality.
3 replies →
> You can't shoot someone with a computer, no matter what OS you run.
No, you can just target-lock them. The computer database (and now, LLM) is probably the biggest threat to freedom in existence. You can keep your popgun. They'll know where it is, and come with bigger ones.
China be doing some pretty heavy-duty damage with computers, but age-gates won't stop them.
I think they demonstrate a welcome and sophisticated understanding of technology. Their solution to age verification maximizes privacy by not sending any data off the computer besides a simple signal of age category (if I understand the design). They show more sophistication than the parent commment:
> 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems
Color scanners and printers have long had algorithms to recognize currency and prevent its reproduction, implemented with the technology of decades ago. It seems relatively simple to implement gun part recognition today, especially with the recent leap in image recognition capability.
(Rants and takedowns, IME, may entertain fellow believers, but signal a comment that's going to go well beyond any facts.)
3d shape classification is different from matching a set of well-known, mostly fixed patterns (like eurion constellation) necessary to detect currency.
With 3d shapes of non-governmental origin this is at best difficult and at worst intractable. Consider the fact that many parts of a gun can be split into multiple printable pieces to be later assembled, making it very nontrivial to decipher the role of the shape.
With currency, the government has the controls for the supply of the target shape (it can encode hidden signals onto banknotes) and effectively controls the relroduction side (through the pressure on printer manufacturers). But it cannot control the supply of gun-part-shapes (it is not the only source for it), and since the problem is likely intractable - neither can it enforce the control on the 3d printing side.
Paper money being almost non-fungible is a great achievement, but is it as easy to make any mesh nonfungible as well?
2 replies →
> It seems relatively simple to implement gun part recognition today, especially with the recent leap in image recognition capability
And it's sits fine with you because you are the one who wouldn't pay the price for this "simple image recognition capability". Except you would pay of course, indirectly but at least you wouldn't know for sure so your conscience would feel at ease.
Reaction 1: how would this even work with embedded systems that have no UI to input this data?
Reaction 2: it's open source, make the lawmakers do submit the changes.
Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions, or even older versions of distributions? When there's no exchange of money, a law like this is seems like it would be suppression of free speech.
Reaction 4: Someone needs to maliciously comply, in advance, on all California government systems. Shutdown the phones, the Wi-Fi, the building access systems, their Web servers, data centers, alarm systems, payroll, stop lights, everything running any operating system. Get everyone to do it on the same day as an OS boycott. And don't turn things back on until the law is repealed.
While there are some enforcement questions here, especially around non commercial OSes, most of your reactions are clearly based on the headline alone.
It defines operating system in the law. This wouldn’t apply to embedded systems and WiFi routers and traffic lights and all those things. It applies to operating systems that work with associated app stores on general purpose computers or mobile phones or game consoles. That’s it.
Enforcement applies as civil fines per-child usage. So no suppression of speech by banning distribution.
(Also it’s not age verification really, it’s just a prompt that asks for your age to share as a system API for apps from above app store, no verification required)
> It defines operating system in the law.
No, it doesn't.
It defines the following terms: "account holder", "age bracket data", "application", "child", "covered application store", "developer", "operating system provider", "signal", and "user".
> This wouldn’t apply to embedded systems and WiFi routers and traffic lights and all those things. It applies to operating systems that work with associated app stores on general purpose computers or mobile phones or game consoles.
Presumably, this based on reading the language that in the definition of "operating system developer", and then for some reason adding in "game consoles" (the actual language in both of those includes "a computer, mobile device, or any other general purpose computing [device".
(I've also rarely seen such a poorly-crafted set of definitions; the definitions in the law are in several places logically inconsistent with the provisions in which they are applied, and in other places circular on their own or by way of mutual reference to other terms defined in the law, such that you cannot actually identify what the definitions include without first starting with knowledge of what they include.)
13 replies →
" It applies to operating systems that work with associated app stores on general purpose computers or mobile phones or game consoles. That’s it"
Everything is a general purpose computer. Just look at how many things have been made to run doom. I haven't read the law specifically but if it actually does say this then that language is useless and means practically everything.
11 replies →
> (Also it’s not age verification really, it’s just a prompt that asks for your age to share as a system API for apps from above app store, no verification required)
It's not enough to adhere to the age signal:
> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
Developers are still burdened with additional liability if they have reason to believe users are underage, even if their age flag says otherwise.
The only way to mitigate this liability is to confirm your users are of age with facial and ID scans, that is why age verification systems are implemented that way: doing so minimizes liability for developers/providers and it's cheap.
2 replies →
Is a repository on a linux machine an app store? Are custom repositories app stores? Does this mean that now most automated deployments are now not automated? If they can be automated, does that mean that having the automation by default makes sense?
7 replies →
The language in the bill says operating system “or” application store. Isn't that then implying any operating system that would download applications, even if it doesn’t come from a store. But IANAL.
Seems to me this would include TVs, cars, smart devices, etc. The Colorado version of this bill excludes devices used for physical purchase, so your gas pumps and POS systems would be excluded in CO. But I didn’t see that in the CA bill.
They’re both overly broad, ill-considered, frankly terrible bills that make as much sense as putting your birthday into a brewery site or Steam. Enter your birthday and we trust you. Now do that for every single one of those 100 VMs you just deployed…
1 reply →
By that logic, my NAS (TOS6) falls under that category.
> per-child usage
If the First Amendement is to prevent a government from letting you speak, shouldn’t that also concert a government from letting you hear that speech?
If so, then this seems to go against the Forst Amendment.
Sorry, Australian here so just speculating
2 replies →
Servers still kinda fit.
So, all of us-west-1?
1 reply →
> Also it’s not age verification really
Not yet, but it will be one day if it passes
Continually surprised by politicians wanting an OS to do what a parent should be doing. Why not just mandate that all devices with access control capabilities implement parental controls, and then mandate that all adults enable controls before handing a device to a minor? For devices that are incapable of user access control, the same rules as a knife, chainsaw or gun apply.
[dead]
Only wealthy parents (upper middle class or better) have the time or energy to do anything other than work, put food on the table, and do basic child care.
Most parents lack the technical expertise to police digital devices.
1 reply →
This isn’t so heavy handed. The purpose of age signaling is so that a parent can set in one place an age, and then federal privacy protections under COPPA and state protections under the AADC kick in.
It would just be unenforced for all platforms except windows, apple and android.
I doubt the california legislature knows what a Linux even is.
The big three will love this. They'll implement the feature, then they get to dob in Linux and friends and get them buried in regulatory lawsuits.
All three already have identity linked accounts. Windows practically shoves it down your throat on install, for example. They'll love the excuse to finally disallow web-free accounts.
Windows servers are so back baby!
1 reply →
> I doubt the california legislature knows what a Linux even is.
All Congress critters have staff to help write the bills and fill out the policy. You can bet your sweet bippy that there are people on staff in the California legislature who know what a Linux even is.
Exactly. This is obviously targeted at these three, and in those cases will be a massive improvement over forcing every site operator to start collecting photo ID.
>I doubt the california legislature knows what a Linux even is.
they would never need to know it once they learn what SecureBoot is. Any device with 1+ Gflop must have SecureBoot, and goodbye general computing.
4 replies →
To small to be of any concern.
> Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions, or even older versions of distributions? When there's no exchange of money, a law like this is seems like it would be suppression of free speech.
That's not what will happen. We've already seen examples of what will happen. So let me just list them instead:
1. The Secure Boot chain for UEFI initially mandated that only OS that were signed by Microsoft would be allowed to boot on PCs where SB is enabled. This was partially rolled back after public backlash.
2. iOS devices and majority of Android devices already don't allow you to install an alternate OS or distro.
3. Platform attestation proposals like Web Environment Integrity and its Android version.
4. Mandate that every developer must register with and pay an MNC to be able to release any app on their platforms.
Basically, they'll just take away your ability to control your device in any way. Don't be surprised if it turns out that these MNCs were behind such legislations. But this legislation is especially dangerous in that it will effectively kill user-controlled general-purpose computing, even from vendors like Pine64, Framework, System76, Fairphone and Purism who are willing to offer those.
Considering the amount of damage caused by these sort of legislative BS, those who propose and vote for such bills should be investigated publicly for corruption, conflict of interests and potential treason. They should be forced to divulge any relationship, directly or indirectly, with the benefactors of these bills. On the other side, rich corporations should be banned from 'lobbying' or bribery more appropriately, in matters that they have a stake in. And they should have stiff penalties for any violations. Not those couple of million dollar slaps on their wrist. At least 5% of their annual global profits, incarceration of top executives and breaking up the company. There has to be a consequence that's uncomfortable enough, for any fairness to be reestablished. This should apply even more for those professional lobbying firms and 'industry advocacy groups'.
People also need to start strongly opposing, rejecting and condemning justifications like this that rely on the cliche tropes of CSAM, terrorism, public safety, national security, etc. None of those measures are necessary or even useful in preventing any of those. Insistence on the contrary should be treated as an admission of inability and incompetence of the respective authorities in tackling the problem. In fact, why do they assume that kids, especially teens, are unimaginative and incapable of working around the problem? They should at least be starting with awareness campaigns to get the kids and the parents on their side and empower parents to enforce parental controls, instead of reaching for such despotic measure right away. This is like banning drugs before the problem of drug addiction is addressed. Black markets exist, even for cyberspace. It will just make the problem a whole lot worse.
And finally, don't let people without clearly proven vested interests anywhere near such regulations. And choose professionals or at least competent people for taking such decisions. You can't rein in this attack on ordinary people without stemming the uncontrolled corruption in the public offices that deal with it.
March 1st is now officially malicious compliance day.
> how would this even work with embedded systems that have no UI to input this data?
Doesn't the bill explain all this pretty clearly? https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
>> An operating system provider shall [...] provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user [...]
>> “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
Your hypothetical "embedded system" almost certainly neither has an account setup process in the first place, nor is it a general-purpose computing device, a mobile phone, or a computer.
> Reaction 3: how would this ever be enforced?
Pretty easily? They enforce it against the OS vendor for not providing such a process. They aren't enforcing the correctness of the age, nor are they claiming to.
> Someone needs to maliciously comply, in advance, on all California government systems.
...what? This is a law demanding compliance from OS vendors. Whose compliance is it even demanding in government systems for them to be malicious about it?
> general-purpose computing device
This term doesn't seem defined in the law at all. How general is general?
Graphing calculators that support apps and Python? Of course, they don't usually have "accounts" either. But to a technologist it's a "general purpose computer" insofar as it can run new code that the user loads into it, it can definitely run games that it didn't come from the factory with, etc. It's a tiny multipurpose computing device.
4 replies →
i see you're a problem solver
> Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions
They can outlaw you from using those distributions and/or scare the maintainers so there won't be distributions anymore. And if you want to use a desktop computer rent one from an hyperscaler, tied to a credit card and access it from a tablet with age verification. I don't know if I should add /s
you're pointing out that it doesn't make sense
the point of laws like these isn't to make sense, it's to be annoying
Ignoring all the tedious 'no, you're a bad person for having different priorities and beliefs to me' comments that this will inevitably inspire, I have to ask: why does the operating system need to be involved in this? The intended target of the regulation seems to be app stores.
Someone has fallen victim to Politician's Logic: https://www.youtube.com/watch?v=vidzkYnaf6Y
I think the answer is quite simply: Follow the money. General-purpose computing is scary to big, soulless corporations. They want you to rely on them, not to be able to do stuff yourself. (They want to keep that power for themselves.)
Age verification is the quickest road to ending general-purpose computing, because it plays on people's knee-jerk emotions. It won't do it by itself, but it'll goes a long way towards it.
Year after year, we continue to prove Cory Doctorow right: https://boingboing.net/2011/12/27/the-coming-war-on-general-...
> why does the operating system need to be involved in this?
The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.
Let say the the age questions happen when you install the app store. That means if you can install the app store while logged in as the child account the child can answer whatever they want and get access to apps out side of their age range. The law could require the app to be installable and configurable from a different account then given access or installed on the child account, however at a glance that seem a larger hurdle than an os/account level parental control features.
The headline calls this age verification, but the quote in the article "(2) Provide a developer who...years of age." Make it sound way different and much more reasonable than what discord is doing.
I would much rather have OSs be mandated with parental control features than what discord is currently doing. I am going to read the bill later but here is how discord age verification could work under this law.
During account creation discord access a browser level api and verifies it server side. discord no knows if the OS account is label as for someone under 13 years, over 13 and under 16, over 16 and under 18, or over 18. Then sets their discord account with the appropriate access.
No face scan, no third party, and no government ID required.
> The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.
That sounds like an OS feature that parents would like to have. Probably has some market value. Maybe just let the market figure that one out.
Or, we could have an overbroad law passed that torpedoes every open-source OS in existence. If I were MS, Google, or Apple, that'd be a great side benefit of this law. Heck, they probably already have this functionality in place.
The problem here is legally-mandated age verification, not where it is placed (although forcing it into all OSes is absolutely ...). The gains are minimal for children and the losses are gigantic for children and adults. I'm not keen to have children avoid blisters by cutting off their feet.
Put control back with the parents. Let them buy tech that restricts their children's access. This law doesn't protect children from the mountains of damaging content online.
And let all the adults run Linux if they want to without requiring Torvalds to put some kind of age question in the kernel and needing `ls` to check it every single run.
1 reply →
I agree. The headline says "all operating systems, including Linux, need to have some form of age verification at account setup", which is pretty inaccurate.
It's just asking for some OS feature to report age. There's no verification during account setup. The app store or whatever will be doing verification by asking the OS. Still dumb to write this into law, but maybe not a bad way to handle the whole age verification panic we're going through.
Because it's the lowest common denominator between the user and every online interaction. The bill basically says provide a date-of-birth as metadata to accounts and provide an API to query the age bracket, not even the age, of the user to applications. It's a privacy-aware, mostly reasonable approach that shifts responsibility to the owner/administrator of a device to enforce it. It's basically just mandating parental controls.
I'm trying to understand how this is even a bad thing. Where is the privacy invading verification? Surely a given OS can implement the API response however it wants? If you're root, tell me your age. If you're not, (a child account), the admin (their parent) sets the age. Seems fine?
8 replies →
Companies like OpenAI are advocating for this because it shifts the burden of responsibility off them. They don’t have to age verifying Microsoft is handling that for them.
As a startup owner, if there has to be age verification, then I'm all for doing that at the OS level. As a human with privacy concerns, I'll continue using Linux.
9 replies →
Arguably the operating system (or potentially the user-agent) is the exact place to do this.
What I don't get is why it can't just all be client side. An app will just signal "I am going to show 16+ information" and the OS will either show it or not show it. No need to communicate anything.
Giving people the choice to limit a device for their children is okay by me.
I don't know, but arguably the OS version is better for privacy, as each app can just trust the signal sent by the OS instead of collecting a bunch of personal/biometric data.
until they decide that the OS now needs to collect a bunch of personal/biometric data to avoid people lying about their age or tricking the OS into sending a different signal than the OS should.
2 replies →
> why does the operating system need to be involved in this?
Well, the politicians probably meant to say “Apple, Google, Microsoft, plus maybe Sony and Nintendo”
i.e. the companies that already have biometrics, nigh-mandatory user accounts, app stores linked to real identities, parental controls, locked down attested kernels, and so on.
If phones had workable parental controls that let parents opt their kid into censorship, that’s better than the give-your-passport-to-the-porn-site approach the UK have taken.
Of course if they have applied it to every OS, not just the big corporate-controlled options, that’s a dumb choice.
> Of course if they have applied it to every OS, not just the big corporate-controlled options, that’s a dumb choice.
I guess we'll just have to trust that our legislators are technologically savvy...
The law defines an operating system provider as "a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general computing device." If the intent were to target mobile vendors or app store vendors, I would be fine with it, but that's not the text. Of course it's the case that US lawmakers often write incoherent or extremely onerous legislation and then turn around and say, like, "Oh that's obviously not what we actually meant. We don't know what any of this stuff is, it just sounded good."
1 reply →
Because that's the first layer that deals with user accounts, and subsequent layers commonly base off of identity information stored in there. Just like how and why every other shared interface exists.
It's not just local apps that are potential consumers of this information. Websites would also be interested.
The "why" is also clear: deflecting/shifting responsibility.
The goal is to lock down anonymous computing and increase control of government and reach of the surveillance state. It isn’t to save little Billy from seeing a titty.
The operating system needs to be involved because its the easiest set of actors to penalize for non-compliance.
There are essentially two desktop operating systems, Windows and macOS. Linux is a decimal point and too fractured to worry about.
There are essentially two mobile operating systems, Android and iOS. And while Android is fractured, Google still has reasonable control they can exert.
This is (weirdly) the smart way to do this type of law.
Make the consumer OS providers add an age signal. That property can be bound to an account with the inability to change it.
Behold, "universal enough" parental controls which will require only a handful of lawsuits to litigate.
Skimming the actual text of the law[1], I don't see anything particularly objectionable. Basically it requires a toggle when creating/editing a local user account that signals "this user is/is not a child". Applications could then tailor their content for child/not child audiences.
Which isn't to suggest that it's a good law, just not really "age verification".
[1]: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
The liability exemption is a moving target
> good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages
could easily be read as meaning "facial recognition technology exists and is available, not using it is a business decision, failure to use it removes the good faith protection".
If the lawmakers didn't intend this, then they didn't need to add all the wiggle words that'll let the courts expand the scope of this law.
My first reaction is that this is an insanely bad law:
* The signal has to be made available to both apps and websites
* So if you dutifully input valid ages for your computer users, now any groomer with a website or an app can find out who's a kid and who isn't. You just put a target on your kid's back.
* A fair share of parents will realize this, and in order to protect their children, will willfully noncomply. So now we'll have a bunch of kids surfing the net with a flag saying they're an adult and it's okay to show them adult content.
* Some apps/websites will end up relying on this signal instead of some real age verification, which means that in places like porn sites where there's a decent argument for blocking access from kids, it'll get harder. Or your kid will get random porn ads on websites or something.
So basically unless this thing is thrown out by the courts, California lawmakers have just increased the number of kids who get groomed and the number of kids who get shown porn.
Mind boggling that something this bad passed.
I'm not sure what the solution is, but to steel man a bit, the alternative is kids have access to all the adult spaces, where they will be groomed. A website/app serving grooming content to a kid is just so incredibly unlikely compared to a kid being groomed as the result of having unrestricted access.
Since I do not see a solution, and you see identifying children as a risk, what do you see as a solution for kids being in the same spaces as adults? Do you see a reasonable implementation to separate them, that doesn't have the "we know which accounts are children" problem? Maybe there's something in between?
Also, I think it's important to understand the life of a modern child, who's in front of a screen 7.5 hours a day on average [1], with that increasingly being social media, half having unrestricted access to the internet [2].
I hate government control/nanny state, but I think 5 year olds watching gore websites, watching other children die for fun, is probably not ok (I saw this at the dentist). People are really stupid, and many parents are really shitty. What do you do? Maybe nothing is the answer?
[1] https://www.aacap.org/AACAP/Families_and_Youth/Facts_for_Fam...
[2] https://fosi.org/parental-controls-for-online-safety-are-und...
5 replies →
Instead, websites should voluntarily put content ratings on their own stuff--most would because either they don't intend to harm children, or from societal pressure.
Then, software on the user's computer can filter without revealing any information about the user.
> So if you dutifully input valid ages for your computer users, now any groomer with a website or an app can find out who's a kid and who isn't. You just put a target on your kid's back.
I'm not going to say that's impossible but the number of sites that do the right thing and reduce risk are going to vastly outnumber that. And 90% of those kids already have targets on their backs by virtue of the sites they visit.
OS’s which dont have user accounts (eg always root) like Haiku and Amiga are going to thrive soon …
> [..] requires an account holder to _indicate_ [..]
i.e. this doesn't require age verification at all
just a user profile age property
> [..] interface that identifies, at a minimum, which of the following _categories_ pertains to the user [..]
so you have to give apps and similar a 13+,16+,18+,21+ hint (for US)
if combined with parent controls and reasonably implemented this can archive pretty much anything you need "causal" age verification for
- without any identification of the person, its just an age setting and parent controls do allow parents to make sure it's correct
- without face scans or similar AI
- without device attestation/non open operating systems/hardware
like any such things, it should have some added constraints (e.g. "for products sold with preinstalled operating system", "personal OS only" etc.)
but this gets surprisingly close to allowing "good enough privacy respecting" age verification
the main risk I see is that
- I might have missed some bad parts parts
- companies like MS, Google, Apple have interest in pushing malicious "industry" standards which are over-enginered, involve stuff like device attestation and IRL-persona identification to create an artificial moat/lock out of any "open/cost free" OS competition (i.e. Linux Desktop, people installing their own OS etc.).
---
"causal" age verification == for games, porn etc. not for opening a bank account, taking a loan etc. But all of that need full IRL person identification anyway so we can ignore it's use case for any child protection age verification law
----
it's still not perfect, by asking every day daily used software can find the birthdate. But vendors could take additional steps to reduce this risk in various ways, through never perfect. But nothing is perfekt.
---
Enforcement is also easy:
Any company _selling_ in California has to comply, any other case is a niche product and for now doesn't matter anyway in the large picture.
> i.e. this doesn't require age verification at all, just a user profile age property
This is usually how they do it though. First make a dumb law with poor enforcement. People don't push back about it because it obviously won't be enforced. Wait a bit, then say "people are flagrantly violating this law, we need better enforcement". At that point it's a lot harder to say "it shouldn't be a law at all!" because nobody complained when it was brought into law.
Isn’t it more of a reflection of the current law? Age gates have long been self service (e.g., “enter your birthday”), and we have laws on the books for quite some time barring minors.
There is certainly a risk of what you’re describing with KYC tech that coming online, but I don’t know if that means it will happen.
To play devils advocate; It’s a reasonable demand from parents to control what their children are exposed to. This seems to support that.
Uh, your slippery slope argument ignores the part where websites, discord, british things, etc are literally already trying to require facial pictures, license scans, even videos of your body.
This is considerably better than all of those.
It's not privacy-respecting at all to create some side channel between your browser and OS to transmit some information about a "user profile." If this were about browser vendors it might make sense but they're targeting operating systems (presumably for the malicious vendor lock-in type of reasons you cite? idk, it's strange). I would like someone to explain how this would even be implemented securely. It's certainly non-trivial.
I just set up an iPhone and it asked me if I was (roughly) a child, a teenager, or an adult. So some of this stuff is already here.
Sounds to me that this is how kids learn to spin their own operating systems (a la LFS, Gentoo)and apps.
This is how people bought personal computers when the mainframe priesthood banned them.
It appears that very soon, young people will "de facto" need to have this level of competence in order to survive and thrive in a world of "in loco parentis" operating systems and apps.
The latin reveals my age, but one thing about my age:
People my age did exactly that. We built our own hardware when there was none. We compiled (or copied) operating systems and apps. A couple of my friends wrote an operating system and a C compiler.
"My generation" created this entire internet thingy, installed and web-based apps.
Indeed, dumb-asses are going to level up young people.
Maybe kids won't be doing this because they won't know of a world where this isn't the case.
>Sounds to me that this is how kids learn to spin their own operating systems (a la LFS, Gentoo)and apps.
Nah. It follows that computers will be required to only boot age restriction compliant operating systems, as verified by digital signatures.
This is of course just MacOS and Windows.
Meanwhile, all available hardware will only allow attested operating systems that conform to regulations. All hardware that does not conform will be illegal.
Before they do this, it will be easy to lock the internet to only allow attested operating systems online.
It wasn't illegal when we did it. They're working on that too.
I'm sure Xers and millennials are totally going to be okay with a visit from the school cop when their little one is caught with an illegal operating system and looking at charges that could ruin their college and job prospects.
The cheap money will run out long before then, the cop will leave, the school abandoned. There will be forever protests and skirmishes on the long march through collapse.
As noted at the end of the article, I suspect the impact for many OS's is going to be that they add a line in the fine print somewhere saying not for use in California.
They could just comply by prompting the age of the account user in a text file. File that the user is free to edit.
Already the case for MidnightBSD.
Confirmed: https://lunduke.substack.com/p/midnightbsd-responds-to-calif...
You're assuming they don't want this just as much as the government. Still feel fine about self-installed Linux, but every OS and device we don't have control over, even ones powered by Linux, will be very happy to include it, assuming it's not too difficult to add.
Bill text appears to be a copy/paste from a similar Colorado bill that just made the rounds. Methinks there's a special interest group trying to ram this garbage through a bunch of state legislatures.
ALEC
Richard Stallman's "Right to Read" is disturbingly prescient, as usual.
Stallman has always been right. It's mind boggling just how right he was about everything.
The narratives are changing. All these locks and controls used to be about curbing copyright infringement. Now that AI has more or less rendered copyright irrelevant it's turned into a straight up attempt to control the population. They're barely even making excuses anymore.
> Stallman has always been right. It's mind boggling just how right he was about everything.
Mind boggling right about not allowing GCC to be used as a library, his comments on Jeffrey Esptein, a refusal to in any way compromise (e.g. the GNU/Linux meme), etc...
Oh and a recognition that free software, while nice, does not in any way solve the underlying issues he claims it does. Similarly to how letting everyone walk around their local water treatment facility and perform chemical tests doesn't really work and instead the state regulates and hires experts to monitor the water supply...
2 replies →
As time goes on RMS is only proven more and more correct
About some things.
1 reply →
It's almost as if he is giving them ideas.
> (g) This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains.
So, this makes desktop Linux illegal, but all the software-as-a-service like Microsoft Azure and OpenAI get off scott-free?
Fantastic.
Free computers are too subversive. If left unchecked, they can wipe out entire sectors of the economy, and with cryptography they can defeat police, judges, spies, militaries.
They absolutely want to make it illegal.
Literally no, thats not what that sentence says.
No?
The sentence you quoted says that folks who are required to comply with the law are not also required to ensure that the person currently using the device or application is the same one who entered their age or birth date into the OS's "how old are you?" database. [0]
It is true that this law is as bad as the recent Oklahoma one for small, non-corporate Linux distros... but that sentence you quoted has nothing to do with that problem.
[0] If we were speaking in person, I'd love to have you walk me through that sentence and explain to me, piece by piece, how you came to the conclusion that you did. Doing it remotely like this would be too tedious.
What about:
- servers living in datacenters
- realtime operating systems in embedded devices
- the Intel Management Engine
- the OS on every smart chip in credit cards and debit cards
- wireless cameras, roombas, smart TVs, smart fridges
- cars. Those automotive systems have OSes too right?
- all those IoT devices, including California’s traffic cameras
What age signals should those devices send out? Is there an exclusionary clause?
The law is targetting consumer operating systems, not linux servers/iot devices.
Does the law state that? What if children find out about the exception and start installing Alpine Linux to circumvent the law?
9 replies →
They will be "exempt" probably.
You assume far too much competence.
Alcohol is harmful, and you want to prevent minors from obtaining it without parental supervision. Do you pass a law requiring every car to log the age of every occupant in case the driver drives to an establishment that sells alcohol? No, that's stupid. You require the person providing the alcohol to check age only when they are about to hand over the alcohol. Until someone actually attempt to access alcohol, they should not be asked their age.
Now exchange "car" for "OS" and "alcohol" for "age-sensitive content"
Letting someone look at a date on an ID to 2 seconds is a lot lower stakes than handing over a scan of your license, face, and who knows what else, to hundreds of companies that will do god knows what with it.
To your point, a user shouldn’t be forced to put in age details just to use an OS. That said, if an OS can send a simple Boolean to an app/site if the user is over 18 or not, I’m guessing more people would rather opt into that system vs handing over extensive details to each and every vendor who asks.
As a person in my 40s, with no kids in my house, I find all of this absurd. Let parents install some nanny software if they want, don’t force it on everyone and use “protecting children” as the scapegoat.
How wouldn't this also apply to things like useradd(8) or simply automated user account setup, e.g. like cups, sshd, etc? Do we need to add this to vi for use in vipw on UNIX?
Worse. Google has to add this to all the machines in their data centers? Imagine the expansion of DevOps BS this will enable:
Vendors will need support stuff like "account holder is 12msec old, and can access adult content". They can even create a special certification for it.
So... That was the new market that all the ai-layoffs have freed the much needed labor for
Imagine unattended installations... Which stop to ask you for the age
All good questions the legislators had no idea even existed.
useradd has the Other category at setup. Could you argue that anything which allows arbitrary text information to be input into a user account that could be passed on to other applications technically fulfills the requirement, as the user could indicate age on the account?
Maybe the OS could ship with preconfigured age-range based usergroups. When you add a new user you could simply add them to the appropriate usergroup.
>> useradd -G under13usergroup username
"User" in the bill actually means child, so cups etc. don't apply.
..or "browse as guest" on a chromebook?
Are lawmakers bored? Who is asking for this? Not the tax paying citizens.
Parents who are fed up with social media and tech companies taking no social responsibility.
These companies have fewer ethics than a minimum-wage liquor store clerk when it comes to caring about the age of their users.
Parents are lazy and don't want to do what parents should do and cry to the state that they should do it.
12 replies →
Will those parents get fed up of themselves not taking parenting responsibility?
Maybe they should try _parenting_
[dead]
The way people ask for things like this is "Young people shouldn't be allowed to do X" and "Websites shouldn't be allowed to collect user data to determine if the people are underage" and so on. The intersection of all the things that "tax paying citizens" want is usually something patently absurd.
Lobbyists for intelligence agencies. It’s part of de-anonymization so you can be punished for speech online. See UK , Germany and Australia
> Lobbyists for intelligence agencies.
I think it's one peg below intel agencies. It's the local gov agencies that want that power. The 3 letter peeps can already tell who writes what, both at scale and targeted.
2 replies →
Interesting theory considering that this California approach does not de-anonymize you, and the approach Germany is working on, as part of an EU wide effort, also does not de-anonymize you.
1 reply →
They hate freedom and its joined concept of responsibility.
Certain politicians that are concerned about "the young people are being radicalized online" about certain topics, uncomfortable to said politicians (left / right dialectic doesn't matter, especially not in America). They know that their monopoly over brainwashing children in public schools matters a lot. So, their solution is to shut off any access to any site where you can discuss topics anonymously by forcing more and more regulation to shut down said sites.
Yes, yes, free speech and everything, you just have to first give the OS your phone number, credit card number, drink a verification can and please also... you do want to still keep your job, right?
It's not clear that this applies where the "operating system provider" does not have "accounts". Linux should be OK, but "Ubuntu One" might have problems.
It's a good reason not to put cloud dependencies into things.
this is why I am building a communications software that has no concept of accounts, devices can connect and keys are generated on device and blind to relaying/directing server/network. people can only connect directly with other people/devices. there is no concept of lists of people/devices to connect to, you need to know someone/have access to the device to connect.
no accounts to compromise. no passwords to remember. end point devices control their connectivity. no vpn needed to connect, no intermediary to see all traffic and peer traffic is specifically what is needed/allowed/requested, not a wide open network connection/accounts to be compromised
The bill doesn't define "accounts", so it's entirely possible local users that a human signs into would count.
The saving grace is that obviously they have no idea what a Linux distribution is, and only the Attorney General can bring action, so there isn't much risk of the AG suing Debian.
I've taken trips to California in the past for both personal and professional reasons. I'm seriously reconsidering whether I'll do that again in the future.
What happens if I bring a laptop with an "illegal" OS without this unwanted "feature" into the state? Will I be denied access to public wifi in hotels and restaurants? Or will it grant me access, but snitch on me -- make a call to the state police to come deal with someone with an illegal laptop? Will I be forced to install a different OS while a police officer watches? Will my laptop be confiscated and destroyed as contraband? Will I be thrown in a California prison?
I don't want to take a risk and find out.
All of those worries you list are extreme and unreasonable and ruled out by spending two minutes reading the bill: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
The only remedies listed are:
> 1798.503. (a) A person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation or not more than seven thousand five hundred dollars ($7,500) per affected child for each intentional violation, which shall be assessed and recovered only in a civil action brought in the name of the people of the State of California by the Attorney General.
And there are several other provisions that further narrow the circumstances under which this law could be enforced.
If your personal computer is not being used by a child, and you're not distributing software to children or devices used by children, then there are no circumstances under which your actions could violate this law.
Those worries are ruled out... for now. Laws can be amended.
1 reply →
This law only applies to people distributing an operating system. It has nothing to do with what you personally use.
Does not require verification, no biggie, this is essentially a parental control system.
As others have pointed out, this is just a foot in the door. There's also a part of the law this article doesn't cover that requires EVERY application to query this information on every launch, regardless of whether or not the application has any age related limitations.
The language I found was:
> when the application is downloaded and launched
So it looks like the law only requires it on first launch. Which makes sense if the application can only be run from that one account. Apps that can be launched from multiple accounts are not singled out in the law, but the spirt of the law would have you checking what account is launching the app and are they in the correct age range.
1 reply →
Keep in mind this forced parental control system in the OS is supposedly because of app stores.
So we're already pretty deep in the law deciding what shape of computing you're allowed to do. What makes you think it will stop here?
No but then the next step is "well we need a way to enforce it because people are just lying about their age".
I guess let me show a slope I found over here, just past the boiling frogs, watch your footing though, it's recently been greased and is quite steep.
I was just at some .gov site from another HN post. It asked are you Over 18, I clicked No out of curiosity. Showed Access Denied, but the buttons stayed. I clicked Yes, and got in. I don't attribute to stupidity that which is clear malice. They'd don't actually give a flying fuck about what "kids" can get to, they only care about controlling everyone, of every age, as much as they possibly can.
1 reply →
I agree, I don’t like it as much as you do. I’m just saying nothing short of a mandated TPM will actually enforce this. I think they know that.
I think this is mostly for show to stay relevant wrt. What is happening in the courts. This is the Same play as it always been for registration “are you over the age of 13?”
3 replies →
Overton window.
Wedge.
Then ratchet.
Can I wash my laundry without an ID? Because my washing machine can connect to wifi, supports different user's profiles, etc, thus it has an OS.
Yikes, these government folks just sign without even thinking or having a single clue about how the rule will work. They are completely irresponsible.
California is a confusing state, age verification for operating systems while almost releasing this monster on the public: https://www.latimes.com/california/story/2026-02-26/serial-c...
It's like it's a big place with more than one thing happening at the same time.
They also created an open air market for child prostitutes with their latest anti-arrest law, as observed by the NYT last November https://www.nytimes.com/2025/11/19/insider/sex-trafficking-m...
I actually prefer an OS-level API for Age verification rather than treating everyone as a child-by-default unless they upload their personal information to some random vendor.
BUT this is obviously not the right way to implement this.
I don’t see anything in that bill (https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...) that requires age verification.
It says users, on account creation, must indicate their age or birth year (or both) and that programs must have access to that info, but I don’t see any requirement about checking whether what the user enters is correct.
What does make it weird is that it requires account holders to enter that data at account creation, and it defines an account holder as ”an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state”
So, kids are allowed to create an account, but then, an account holder has to enter their age or birth year.
To top it of “a parent or legal guardian who is not associated with a user’s device” is not an account holder, so let’s say a 15-year old buys a laptop or smartphone and wants to set it up. There’s nobody associated with the device, so there are no account holders. Who should enter that age info?
On many smartphones, having a grown-up create an account first won’t work, as there’s no way to set up a second account.
I miss the days when politicians just generally ignored computers and left us alone.
How is this an OS concern? Shouldn't age verification be a government concern to implement a system which does a privacy preserving verification? And until such a system exists, there should be no laws about online verification at all?
Why would a government be interested in "privacy preserving"? Their goal is the exact opposite.
This is a really strong example of how both the left and the right have been moving away from liberalism (ie, "classical liberalism," the general belief that people should be free to make their own choices and pursue their own interests) for the past 16 years or so. A bill like this could have just as easily come from Texas.
Practically, I think this is tough. How does a business verify their 20k Linux servers in AWS? What prevents Linux users from simply modifying their code such that they no longer do age verification? I think it's easy to imagine circumventing this one law, but this is another brick in the wall. Maybe your bank stops working on Linux. Maybe major websites stop working unless they get your citizen ID and age verification data from your OS. Maybe no one makes a browser that doesn't try to grab that information.
Not joking; stock up on books and keep a collection of media that you own personally. Perhaps your linux computer will start looking a lot like your PC from the early 90s: not connected to the internet, just used for word processing, some installed games, and media.
Ah, so this is what Lennart Poettering has been cooking? [1]
[1] https://news.ycombinator.com/item?id=46784572
Is this the end of "smart" washing machines and refrigerators?
I can imagine Samsung asking for the user's age every time you want to grab a snack and refusing to unlock the door otherwise.
Or perhaps... they could add a camera to the fridge and send a stream 24/7 to their servers so they can identify the age of whoever opens the door. For complying with the laws of California, honestly!
Hmm i think at te moment its only Linux that has by default local only accounts except if being used in some sort of SSO environment .
Microsoft has been pushing aggressively to deprecate the local and funnel everyone to Microsoft online accounts , while Android and macOS/iOS are already in such a state by default.
Coupled with the same accounts being used for online login, looks like a feature creep panopticon in the making. With Linux lucking out be default.
why the downvotes on this?
Although it appear stupid, maybe an OS level endorsement of user age is actually a more reasonable middle ground than delegating mandatory age verification to data brokers...
It still parents that usually buy the computers and set up the différents user accounts. So the responsibilities would be put back in their hands as machine owners to correctly tag kid's accounts. OS vendors would then only be responsible to accurately transmit this declarative information to requesting App/services.
Of course some smart kids are gonna find a way to bypass that (as any other mesure you can imagine, because kids are smart). But nonetheless we could have a good enough OS level declarative age for 95% uses cases and send to the trashbin all the age verification creep that is the current trend.
Theres already parental controls on Mac, iPhone, android, and I’m assuming windows. Those were voluntary
It's also completely pointless because users routinely use shared accounts. It was thus on the WinXP machine at home, and still is today on iPads and android tablets. Yes, Apple has made it dysfunctional so that rich people will get one iPad per person, but many children use games and social media apps via their parents accounts. Who is going to set up an AppleID for their 8 year old? (Well I did, but normal people?)
The people who wrote this law work for Microsoft and think people have individual laptops and phones with a cellular plan. They care nothing for user privacy, in fact they want persistent digital identifies for advertising.
I seem to be doing more and more illegal things as time passes, whilst not changing my behavior at all.
Curious.
I couldn't have said it better myself. My loved ones don't share my opinion, which makes me wonder if I'm sane or if they're not exercising their freedom.
> …requires an account holder to indicate the birth date, age, or both, of the user of that device…
The way I read that, you just have to ask for an indication of age. Like when I'm not logged in to Steam and I want to look at a game with blood, it asks for a birth year and I pretend to be 109. That's not exactly "age verification." Am I missing something?
Who is actively lobbying against the “war on root access”? Which are the NGOs/PACs/non-profits with the best track record of getting results here? FSF and EFF come to mind, but I can’t think of others and don’t know of track records for any of them.
10/13/25 Chaptered by Secretary of State - Chapter 675, Statutes of 2025. 10/13/25 Approved by the Governor. 09/24/25 Enrolled and presented to the Governor at 3 p.m.
Why is this "news" today? Am I missing something?
I'm under the impression anyone doing nefarious things online are probably more-than tech savvy enough to not install an OS that rats them out...right?
Isnt that literally one of the first rules of the DNM Bible?
Will kids raised on it not know anything different? Seems a path to reduce computer literacy. Then again, being blocked from doing something I wanted is what lead me to find ways around said block. But I already had unrestricted access to the system to bend it to my will. Seems like these kinds of systems won’t allow for the user to learn how to works at all. It’s a mystery box.
One thing that's happening is that attestation is being plumbed into the web itself. CloudFlare and Apple have a collab where Safari will inject tokens that let CF know that the request is coming from a blessed device. In a world where all websites are being crushed by bot traffic, expect that Goog pushes on their own integrity initiative in Chrome in the next year or two.
I guess, if you can install the OS yourself, that's adult enough to see whatever adults are doing online.
> apply the privacy and data protections afforded to children to all consumers and prohibits an online service, product, or feature from, among other things, using dark patterns to lead or encourage children to provide personal information beyond what is reasonably expected to provide that online service, product, or feature or to forego privacy protections
My question, is if "the children" are worth protecting, why not adults? I would like to opt into not having to deal with dark patterns. Why not a age independent system, which a user can opt into and which "children" are automatically optd into.
Governments that require age verification for operating systems to protect children also drop bombs on civilian neighborhoods, fight wars that orphan millions and tolerate child labor, exploitation, poverty.
History teaches us governments are the best at protecting children.
So silly question, in theory this is like brewing beer... what if a kid wants to make an operating system?
"For the purpose of....covered application stores."
I'd like to see that definition. My OS doesn't have an "application store", so I doubt it's impacted by this law.
Isn't it possible to jam and deny with any remote auth dependency?
Recently after we spent hours getting a Chromebook set up after a "Power Wash" due to remote auth failure, it wanted the old password and there was no option but to wipe the device.
They held our homedir hostage with required remote auth.
We were not able to log into our computer and lost all of our data because of remote auth.
Secure critical systems must not have a centralized remote auth dependency that can be denied.
clearly there's something I don't understand (or is the law just really this stupid?) - but what would this even look like for linux? every user account requires an associated age?
but users don't have a 1:1 mapping to the people that log into them. linux users that aren't used by any particular person, but by a particular _service_ are common. so are linux users that could be logged into by any number of people, and which have no specific single owner.
"That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure."
Not exactly true as you can do local account installs.
I wonder if you can get around the law by just having people build their own image from the source.
Little bit picking at straws but I sure would love to find some way to punt this law. Medtronic has an insulin delivery solution which involves the distribution of a custom Android phone with a closed source app. Other fields in medicine do this as well as a matter of course, so that they can guarantee clinical operation on that particular device (rather than risk app operation on Android device fragmentation) and get OK’d by the FDA. The FDA testing process can take upwards of 4 years, and is usually cleared for -specific- operating system versions (which, by the end of testing, can be very old).
I wonder: since that operating system needs to attest and (vaguely) eventually report an age and other identifiers to a government API and app developers, will that report violate HIPAA?
OK, so way at the bottom it says this:
"This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains."
This is obviously a law so poorly written that it'll never pass a court challenge. Assuming anyone brings one.
Looking forward to resisting the regime.
I'm thinking that I should grab a current Linux distro image while I can...
A new California law says all operating systems, including Linux, need to have some form of age verification at account setup
Curious how they plan to do this. Maybe digital rights management tied to TPM. If so it will take 3 ... 2 ... 1 .... cracked ... spoofed. DVD's were cracked with Perl. Curious what language this will be cracked in.
I know this sounds absurd. But let me try not to be cynical and explain how we got here, according to what I understand:
First, let's admit the push for age verification laws isn't a partisan or ideological thing. It's a global trend. This California law has bipartisan sponsorship and only major org opponent is the evil G [1]. While age verification is unpopular in tech community, I imagine a lot of average adult voters agree that limiting children's access to wilder parts of the Internet is a good thing.
On this premise, the discussion is then who should be responsible for age verification. The traditional model is to require app developers / website owners to gatekeep -- like the Texas and Ohio laws that require PornHub to verify users' IDs. But such model put too much burden on small developers, and it's a privacy nightmare to have to share your PII with random apps.
This is why we see this new model. States start to believe it seems more viable to dump the responsibility on big tech / platforms. A newer Texas law is adopt this model (on top the traditional model) to require app stores to verify user age (but was recently blocked by court) [2]. And this California law pretty much also takes this model -- the OS (thinking as iOS / Android / Windows with app store) shall obtain the user age and provide "a signal regarding the users age bracket to applications available in a covered application store".
While many people here are concerning open-source OSes, and the language do cover all OSes -- my intuition is no lawmaker had ever think about them and they were not the target.
[1] https://calmatters.digitaldemocracy.org/bills/ca_202520260ab... [2] https://www.politico.com/news/2026/01/05/big-tech-won-in-tex...
It's not stated here, but is it implied that app platforms that, themselves, have an "app store", would be required to read this datum and pass it to their app store?
For example, I've got a map application on my phone that lets me download maps, widgets, POI lists, etc. from their app store. It seems like enabling that age signal through this exchange is exactly what the politicians are looking for.
This is all very discussed in concrete terms of what exactly the terms of the law are, how this will be possibly implemented..etc.
But what about your outrage you all at the moral and ethical implications of this?
> "That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure."
I've been working around the Microsoft user-creation requirement for years. Looks like they were ahead of the game. CA is marching towards private-business surveillance. What could go wrong?
That would make retro computing illegal :(
They’re trying to destroy all the best nerdy hobbies. First drones, then 3D printing, now even my precious Amiga!
All the best nerdy hobbies can be weaponized
All the law asks is that 'adduser' asks for their birthday; and and age restricted software checks this on installation. Given we already have software it is illegal to sell to children this seems like an easy win? (Obviously it is still down to the parents to ensure the account is setup correctly)
It's funny that more and more Chinese style laws are being passed in the West.
What's next? Chinese style social credit? You’ll need 800 points to run a sudo command?
Free society? Mass surveillance. The West is becoming more of a nanny state like China every year.
California is becoming more like a nanny state. I don’t think a law like this would pass in North Dakota or Texas in a thousand years.
No. Age verification law is not a partisan or ideological thing. It's a global trend. This law is sponsored by both parties: https://calmatters.digitaldemocracy.org/bills/ca_202520260ab... , and Texas has a newer law (App Store Accountability Act) that requires app stores to verify user ages and obtain parental consent for minors.
There are already "App Store Accountability Act"s present in Texas and Utah. I believe South Dakota is the other state that has one in their House right now. So no, this isn't California being a nanny state. Actually, California's is a lot better than the ones found in other states since literally you're allowed self-attestation of your age bracket (i.e. you don't have to supply an ID or some other such mechanism for independent verification). It's literally the equivalent of what they used to do with porn sites back in the day when they would ask you if you were over 18 -- and if you said yes, well, we tried! (Gold stars for everybody!)
In all seriousness, though, this is the only way where politicians get to pretend they did something and the rest of us get to avoid getting royally screwed. If parents were given dumbed-down versions of the tools that already exist to manage corporate-owned cell phones and laptops then there'd be a lot less for people to complain about (not that it would stop perpetually incompetent parents from pointing the finger at everyone but themselves for their own failings, of course, but at least the vast majority who AREN'T those people would be satisfied).
This law perfectly demonstrates the constraint problem: regulators assumed age verification is a simple checkbox at account setup.
Right now I'm on an ESP32 with free RTOS, will I need to add a keyboard and display just for age verification?
I think it mostly demonstrates that people don't read laws before criticizing them.
Will this only apply to an OS with human user accounts? I wonder how autonomous agents that are operating systems running on bare hardware are defined under this strange law. Not all OS are for humans. Consider many uni-kernel applications.
It doesn't require age verification, only age attestation.
More significantly, it does require all applications (from "covered application stores", but which has a definition for that which seems to include not only what you would normally call an app store, but any website or other source from which an app can be downloaded) to check the age signal provided by the OS when the application is "downloaded and launched".
While it is poorly drafted, circular, and self-contradictory on some definitions and other points, it arguably seems to prohibit age verification within the scope of apps it covers, in that:
(1) It requires all OS's to have an age attestation feature, (2) It requires all applications to use the age attestation feature, (3) It requires developers of applications to rely on the info from the age attestation feature as the "primary indicator of a users age range for determining the user's age", with the only exception being if the developer has internal (not external) information which is "clear and convincing information" that the user's age is different from what is signalled by the OS.
Is Github an application store? Is npm? apt? yum?
If not, why not? You need age verification before you even create an account.
Is `ls` an application? Is `cat`?
This thing is so broadly-written, the only thing saving you from needing to give you age to your toaster is that it's not a "general-purpose" computing device. Never mind that it can run DOOM...
Do you download `ls` from anything resembling an "app store"?
1 reply →
Our lawmakers have zero idea how software works.
"useradd bob" is an "account setup". does that need age verification too? haha
If age attestation in the OS becomes law, there's much less friction afterwards to pass another law to have age verification as well. It should not be humored under the mistaken belief that "it's just age attestation in the OS - nothing invasive about that".
It’s to stop 14 year olds compiling the Linux kernel.
People who cannot tell what is an operating system and what is not are writing laws
The actual bill: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
Bill text (it’s longer, but the rest is mostly definitions of the terms used here):
1798.501. (a) An operating system provider shall do all of the following:
(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:
(A) Under 13 years of age.
(B) At least 13 years of age and under 16 years of age.
(C) At least 16 years of age and under 18 years of age.
(D) At least 18 years of age.
(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.
(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
(2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.
(B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.
(3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
(B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:
(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.
(B) Share the signal with a third party for a purpose not required by this title.
The definitions of the terms are completely bananas
The language is so broad it seems to cover all software that exists and is accessible via the internet, and every install of an operating system on any kind of machine
> (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
> “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
> “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
So any piece of software you can download from the internet will be required to check this "signal" made available by the os?
> “Covered application store” means a publicly available internet website,
Client side JavaScript can be considered an application, and then ad business would need to first verify that I am over 18 in order to allow me to see their ads.
Ultimate ad blocker.
3 replies →
good to know that `grep` will have to check how old i tell my os i am before it will do anything
6 replies →
So my Garmin watch, my Home Assistant OS, maybe even my Shelly devices?
I want to know who is behind these laws like this one and the 3D printer gun verification, that seem to pop up across state legislatures all at the same time.
1 reply →
Yes, that’s clearly the intent of the bill (note I’m not commenting on the wisdom of this idea!)
How does that apply to windows server with active directory for a school ?
Does that mean that the admin will have to manage dob of every student when creating accounts ?
> A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.
>If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
So, I have a button "I'm older than 18" on my app but the signal is "under 13", I can decide that the user is older than 18 ?
So because there is no requirement for the age to be accurate, it would be pretty easy to say "all student accounts are the age of the youngest allowed school entrant for that school year", right? That resolves the age issue and also prevents both PII leakage as well as possible school bullying opportunities.
> Does that mean that the admin will have to manage dob of every student when creating accounts ?
That already happens to some extent although the mechanism by which this happens might depend on the school district, etc. The `dateOfBirth` LDAP attribute is probably the most obvious method (which admittedly should probably not be used due to the ease in accessing this info in the default configuration) but there are others.
In secondary school when my account was set up we were told that our initial password (that we had to change on first logon) was our DOB
Two important definitions that might surprise people:
(a) (1) “Account holder” means an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state.
(a) (2) “Account holder” does not include a parent of an emancipated minor or a parent or legal guardian who is not associated with a user’s device.
(i) “User” means a child that is the primary user of the device.
User is the most surprising here. It really should just be minors, or non-emancipated minors. Further, I think there are interesting ways the definition of account holder and user combined play out in interpreting the rest of the law.
How long until they add a 21+ category to this bill, though? Insofar the use of it would be for gambling and CA doesn't even have mobile sports betting.
Headline is wrong. There is no verification requirement.
All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.
> You can lie, just like porn sites today.
In the US maybe, but where I am you can't fap in peace without using a VPN or have some kind of age verification. Some of them being baroque. Example:
"We analyze your email’s digital footprint (history and reputation) against trusted databases. This is often enough to confirm that you're of legal age."
This is an article about California.
1 reply →
It seems to come down to whether you expect the next law to be taking the enforcement mechanism away from the parent. If the law was, "major operating systems must ship parental controls that actually work" I doubt you would see much pushback. Parental controls is an oft cited reason to give your kids Apple devices. Expanding that everywhere would be great. But I don't want to have to present my government ID to use my own computer.
There’s a concerted global effort to push this legislation. It’s also been proposed in Colorado and, some version of it’s been passed in the UK and Australia.
> some version of it’s been passed in the UK and Australia.
Really? Can you expand on the version of Australian legislation that requires an OS to have age verification?
The AU legislation I'm aware of requires various social media sites to verify that users of those sites are not under some age, 16 or so.
That is not a constraint on the OS or on potential users, that's a legal requirement for Social Service providers.
I'm just catching up on the subject myself but, here's a news article:
https://www.abc.net.au/news/2025-07-11/age-verification-sear...
It appears that the Australian and UK versions don't go as far as what seems to have been proposed in the US.
1 reply →
Just when you thought windows couldn’t possibly get any shittier.
So if you write your own operating system without age verification you're not allowed to use it?
Fun to watch my generation who was raised by helicopter parents turn into tank parents using scorched earth techniques.
It follows that the next generation will be infantry parents. (Likely literally.)
Californian seems like a state with a golden goose they keep trying to kill in ever more idiocitally inventive ways.
Feel free to call me paranoid for seeing patterns where there are none but this to me looks like just one phase of a preparation for a very large event entirely unrelated to every age verification reason given thus far. I won't guess any further. "I'm a good boy."
Shut up and keep your head on straight, bender, you didn't see or hear anything.
Good point. Back to playin' the distractin' vidya games.
I really hate this new world where one jurisdiction - California, Europe, wherever - makes a law and suddenly every other jurisdiction has to comply because the law-making jurisdiction is big enough that tech companies can't abandon it.
And since it doesn't make sense to have dozens of different versions of their apps, they write to the strictest jurisdiction's laws.
If everyone has the power to make laws that apply to everyone...it's chaos.
Beige PCs. Made to comply with German workplace-equipment laws. Yes, the Bundestag legislated the color of office equipment. That has always been the way of fhe world.
Wow, TIL. Thanks for mentioning this. I ran across this as I was researching the background:
> The "beige box" era was largely the result of strict German workplace ergonomics standards (specifically the TUV and DIN standards) that became the de facto rules for the entire global industry. The law didn't explicitly say "thou shalt use beige," but the regulations were so specific about light reflectivity and eye strain that beige (or "computer gray") was essentially the only compliant option.
1 reply →
Dutch disease. Govt. just needs to keep the cash cows happy. Everybody else is irrelevant; just critters roaming the land.
so my smart microwave will require some age verification?
Of course! Think of the dangers of an unsupervised child... (SHOCK WARNING) cooking... A gasp MEAL!
I figured California would have been against the age verification on the adult sites like Texas and some other states are doing but then they go and 1UP them and decide to require age verification on the whole OS
This is a weak read of the situation. I’d sure as fuck rather enter a date of birth or age profile on my computer than send my photo id to random websites to verify my age. One is clearly better from a privacy standpoint.
Crazy idea, bear with me on this, but perhaps it's time to stop giving children smartphones.
A few thoughts:
Won't kids just lie about their age, like they do to sign up with social media?
What if more than one person uses the pc?
What if it is sold?
If the OS is open source, then the user could remove the software code to collect the data.
This is protect-young-people theater.
If
Using any software made in California should be treated as a privacy and security threat.
I’d lay odds this is a free speech issue. Someone will sue.
To what extend is this real? What is the probability this will enter law fully? Is it just a proposal?
What is the reason fir this law, what problem does it try to solve. It's not clear to me what age gas to do with using an operating system.
They should also require background checks for gun safes.
How about you go after the guys that actually do harm to children and let the rest of us live in peace?
How will this work with the numerous "Hobby" Operating Systems out there ?
You have to ask yourself, I guess.
"Self, are you 18 years old?" "Why, yes I am." "OK, self, please fill out a 27B stroke 6 form in your head." "I've completed it." "OK, self, I've validated it."
useradd...
I don’t think the title is correct? All OS must have age profiles that external sources can query. There’s nothing explicit that checks the age itself in the law?
Sounds like a box checker. "Enter a four digit number lower than 2011 to use this computer properly". Ok then...
What about embedded RTOS, like WindRiver or Zephyr? What if I write a memory manager and flash storage file manager for a really barebones MCU like a PIC? It didn't even define what an operating system is. What constitutes an update? If a security patch to DOS 6 came out, would it suddenly be required to have this tech? Is z/OS going to have this tech?
Overall, I think don't think it's a bad idea for devices to be able to host an age verification system that offers requestable boolean proof of age, like if porn site demands over 18 to view, the user, regardless of age, is prompted and if they accept, it returns either a positive cryptographic claim or a cancel signal if not of age. If they don't accept the prompt, the same cancel signal goes back. The idea that this feature would need a mandate of law is dumb.
Why can't we have normal politicians anymore, anywhere on the spectrum ? They're all racing for stupidity, it's simply terrifying.
Sure, I'll ask where the user is located, and if they choose California, I'll ask them for their age. And if they choose over 21 I'll scold them for voting for Gavin.
Ask where the user is located and if they choose California tell them that your website/service/OS isn't available for users in CA because you will not be complying with this law and they'll have to go elsewhere.
Colorado is trying to copy this law right now, too.
Cant't wait to see how Intel adds this feature to the minix built into the cpu.
If you're a Mac or Windows user, I mean, fine.
This is just not going to be a thing on Linux.
Are there app stores on Linux? Yes, that's what FlatHub and Snap supposed to be.
So what, should Canonical just block Ubuntu downloads to anyone in the state of California? No security researcher is going to download an operating system that asks them their age for example. I feel like it draws a red line for me also.
This law is so completely insane. It sounds like it was written by some Apple fanboy to whom there is no other operating system other than Apple. The very state that spawned GNU and BSD is the same state that is not only demanding your data but enshrining its use in spyware in law.
> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure
That isn’t age verification at all
The actual age verification is being able to install windows yourself and being allowed to do so by parents. So the next thing is TPM to make sure you can't get the silly idea to reisntall it and set a different date
Feels like they're trying to implement a new wide-reaching protocol/spec by requiring it by law first, then expecting someone to magically develop something, and god forbid it's a different standard than anyone else's.
By next January there will be 30 different methods of age input signalling between OS and application. And then by 2030 we might have the top 3 adopted as established defacto standards.
somewhat related-ish https://xkcd.com/927/ :)
America is losing the plot.
Our leaders are lost people.
This sounds like one of those laws that get used not so much to force compliance, but to punish noncompliance as part of a larger case.
Remember in that South Park episode where Cartman had a V-Chip[0] installed in his head and he would get shocked if he said big floppy donkey dick?
In all honesty the V-Chip was meant to protect children.
Age verification and identity assurance[1] is meant to reduce online banking fraud and combat terrorism/espionage.
Whats next outlawing encryption with Clipper Chip[2] 2.0 and saying its to save the whales? I guess we have QUIC and other DRM tech to ruin our day so it doesn't even matter.
I would prefer we drop the think of the children[3] charade and act like adults and get serious about online crime/fraud/terrorism and maximizing online banking.
The biggest problem with this thought domain is that the internet is global and we are thinking at regional, national, and state levels. For so many years everyone has heard complaints about the great firewall of China only to build our own? I guess we have no other choice since bad apples spoil the bunch[4].
[0]https://en.wikipedia.org/wiki/V-chip [1]https://pages.nist.gov/800-63-3/sp800-63-3.html [2]https://en.wikipedia.org/wiki/Clipper_chip [3]https://en.wikipedia.org/wiki/Think_of_the_children [4]https://en.wikipedia.org/wiki/Bad_apples
this looks like law created for age or identity verification providers (persona etc). No one would build it from scratch. It will be passed to these providers.
What a ridiculous law, smells of some sort of frog boiling scheme to me.
step1: "lets see if we can get away with imposing a small easy requirement, you know 'think of the children'"
step2: "now that we have a foot in the door, lets see if we can get some real tracking in place, for the children of course"
Anyhow: as far as I can tell compliance on linux would be as simple as
It's an accessible interface(it is the same user interface many linux programs use), applications can use a well known api to access the data.(using the common unix filesystem interface) and it only presents the minimum needed information to the application.
Are things like calculators excluded because they don't have proper app stores?
Since Linux is a kernel, not an operating system, it's unaffected by this law.
> Assembly Bill No. 1043 was approved by California governor Gavin Newsom in October of last year, and becomes active on January 1, 2027
It was already approved? This seems wildly invasive, and CA can't even pretend they're doing it to stop porn. CA is just monitoring citizens for the love of the game
They want to spy on everyone. This is against freedom.
I would not know why the operating system I use would need to sniff on me - or yield that information to anyone else.
This is clearly fascism.
There is sudden concern with teenager's safety
Maybe this is just an unsuspectedly astute way to get Microsoft to reenable local accounts?
They should just outsource these types of things to our ethics API
I can't keep up with all these attacks on personal computing/libre software/the web.
- AI causing RAM/disk price shocks and shortages
- Google attempting to lock down Android
- The EeYou codifying the Google-Apple duopoly into age-verification legislation
- Age verification requirements spreading rapidly
- AI scraping meaning many sites have WAF rules set to 'max'. It's getting extremely hard to browse the internet with a VPN + privacy features such as WebGL blocking etc. Geoblocking seems to be on the rise too (eg Trenitalia, Aegean Air).
- Governments wanting backdoors on devices
- Broadband price increases (10-25% rises are being baked into annual contracts here in the UK)
It seems in 2026 they've really gone full speed ahead.
What is the future going to look like? A Government-approved Apple OR Google spying device for the things you need to exist as a citizen... and a bunch of paper books/library cards/porn mags?
It’s a shit law, but it’s publisher- and distributor-targeted, so the overly-dramatic armchair-rebels in the forum can calm themselves; nobody’s coming after the person with a Linux machine bc it’s not compliant. Because it’s a state law, Cali will have geo-fenced app stores and this’ll just accelerate the breakout from manufacturer-maintained app stores. Websites that host downloads will just have a user attestation that they’re not Californians and be hosted abroad. There’s also no verification method; it’s literally just a requirement that account creation asks for an age - something websites do all the time and is not remotely burdensome, just ask all the ones convinced my DoB is a year and 4 months after my actual.
Apparently the redacted politicians that were caught raping and murdering little boys and girls in the Epstein files are entitled to a higher level of privacy than either you or me.
Next they'll try to ban sexps without age verification.
This is Big Tech manipulating us to be against regulations on their platforms including preventing pedophilia on Instagram, Twitter, Snapchat, etc. I'm still very much so in favor of regulating them. This smokescreen of a policy isn't going to confuse me.
Was there HN discussion at the time the bill was introduced / passed?
I guess California will release California OS with age verification.
make Califonia computerless. stupid politcians passing stupid laws. imagine this guy becoming president.
I thought the lefties were supposed to be the smart ones.
Waiting for BSD community maintainers reactions
These lawmakers are not even wrong.
To be wrong, one must understand what one is talking about.
Sigh.
Not sure if California is EU-lite or it has surpassed them, it sucks sometimes here, they are on a path to regulate and ruin everything.
This seems bizarre.
Define operating system.
wow that is messed up. Goodbye freedom
Next it will be all devices able to run Doom.
we will own nothing, eat le bugs and be happy
This is basically the end of the Internet as it was. It's actually quite terrifying.
Is this a weird attempt at device verification?
what about the laws that say crossing the border is illegal?
Ahh, new stupidity inbound.
Aha... Interesting, I'm the sysadmin of myself so I verify myself that I'm entitled to be root on my iron. Sometimes politicians reveal themselves in their future program dreaming things like mandatory online accounts on corporatocracty-controlled servers for all...
China did this 15 year ago..Fuck yeah, America
I'm a law and order kind of guy, but this nonsense should probably be ignored.
It's getting to be time for tech firms to leave California.
To which freedom loving state should they go?
New Hampshire
Extremely stupid that this will fall on the OS.
Accomplishes three things: Demonizes age verification, big tech gets to dodge it, cedes more control of your PC.
I wonder if that applies to the minix-derived operating system that’s running inside the intel management engine on intel cpus.
(I’m being sarcastic of course)
Trump - making heroic efforts to give Newsom the presidency in 2028. Newsom valiantly resisting those efforts.
Newsom really is a royal embarrassment. I'm glad people are finally realizing it.
Make California the first society that goes back into a pre-technology era.
Can't wait to have to prove to AWS I'm 18 before launching a server.
And I'll have to give a fake ID to our automated CI pipelines, I guess.
Many of you commenting haven't read the legislation and it shows.
Mr. AI analyzed the wording in the link and said:
California Assembly Bill 1043 requires OS providers (including Linux) to add age verification at account setup, prompting users for birth date/age to signal age brackets to apps in covered stores. It may violate privacy by enabling data collection/misuse beyond age checks, similar to UK/Discord issues; no explicit civil rights violations noted, but could restrict access for adults/minors if misapplied. Benefits: Enables age-appropriate app content, protecting minors. Drawbacks: Privacy risks, enforcement hurdles (e.g., Linux disclaimers like "not for California use"), aligns with global trends amplifying concerns.
An updated deep dive by Mr. AI returned the following analysis:
Official link: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm... Revised pros: Enhances child safety via non-PII age brackets for app compliance; data minimization limits info shared; anticompetitive prohibitions prevent misuse; good faith shields from liability. Revised cons: Setup requires age input, risking misuse despite safeguards; enforcement challenges for open-source OS like Linux; increased developer liability for signals; potential access restrictions from errors or misreports. No clear privacy/civil rights violations for adults/minors, but implementation costs and global trend concerns persist.
My thoughts: California lawmakers keep turning the screw more and more to the left with AB 1043 being introduced by Democrat Buffy Wicks. Though it has bipartisan co-authors (8 Democrats, 3 Republicans) and passed the Assembly unanimously (58-0), it still feels a bit authoritarian to me. The California Assembly political divide is very left leaning with Democrats controlling 60 seats and Republicans 20 for a total of 80 with Democrats controlling a supermajority.
What's to stop someone from building their own Distro using LinuxFromScratch to bypass this new restriction? Nothing, in my view!
Which I had money cause, Florida looking good about now.
I thought Europe would do this type of stuff
No need. EU cookie banners seem to have won the day by pushing the US actually on to the slippery slope of whataboutism.
we're not far behind.
One could cope that this regulation can not apply to Linux or other OSS operating systems. But this is only true unless the bootloaders on consumer devices are mandated to be closed next.
We already have Secure Boot, the infrastructure is in place. It is currently optional, but a law like this can change that.
The law is written so broadly, I think it applies to them already: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
> (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
This is basically any program.
> (e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
This would include any package manager like dnf/apt/pacman/etc. They facilitate download of applications from third parties.
> (g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
This sounds to me like it would include distro maintainers. They develop and/or control the OS. Also, would this include the kernel devs? How would they be responsible for the myriad of package managers.
The overall law reeks of politicians not knowing what they're legislating.
Stuff like this just makes the anti-woke gang look more reasonable.
Not enjoying this verification can future
Linux doesn't care. We've already been down this road with media codecs and patents. Let every other OS continue their path to enshittifcation.
You know the non-governmental organization "Save the Children"? Maybe it's time to create a new one called "Fuck the Children" to defend people from these laws designed to mine privacy under the pretense of protecting minors.
Ironically, the “Save the Children” people tend to be the most pro “Fuck the Children” in secret. Literally
literally.
when you force someone to signal status as a minor, you are forcing them to wear a target, hostiles will not have so much work to find minors, now they only have to contact, groom, and offend.
this proposed law actually endangers minors.
The fact that bill breaks kids down by specific age groups makes it seem even creepier. Want to target 13-16 year olds? Prefer kids under the age of 13? California is helping predators by making sure they can tell which group every child's username falls under!
I was thinking "Save the freedom", but your idea works too.
Ghislaine Maxwell asks where to send her CV in, she's going to be available for work soon...
Not the best choice of words, but I get what you're saying.
Well, you might actually get support from the Epsteinian class ruling the US.
And their MAP allies.
Boo.
RIP freedos
What a great plot for a Black Mirror episode. Oh wait, it’s real life.
You hear that, NetBSD!
Buffy Wicks obviously should not be legislating APIs. But I think it's funny how badly this misinterprets the situation. The local user account on a computer has never been less relevant than it is today.
"The road to hell is paved with good intentions." - unknown
I doubt good intentions had anything to do with this.
Next step will be reporting potentially unlawful activities.
lol. The best kind of legislation (rated by entertainment value) is always written by people with no real understanding of the subject being governed.
I hope the headline is just ragebait cause I feel infuriated
How did we get so dystopian all of a sudden
This is happening in Colorado too, meaning it could be part of a national push:
Colorado Senate Bill "26-051"
The actual bill and links to its two sponsors Matt Ball and Amy Paschal.
It puts the infrastructure in place to do all of those things if a future(?), authoritarian regime wants to.
* It also reveals that visitors to any site are children, compromising their privacy and opening them up to targeted advertising
* The data will undoubtedly be added to the accumulated, traded databases so many services use
* The bill makes onerous demands of developers to consider other items that may suggest the user is actually in a different age bracket, like doing websearches for "toys" (child) or "toys" (adult) - which works what percentage of the time, exactly?
* And it's totally ineffective, since kids can look at porn anywhere they want, or internationally, regards of useless bill like this
The most egregious part of this bill is that:
* It legislates that if kids connect to a website, that website can query their age brackets (an "age signal"). This means their approximate age is revealed for kids-specific advertising, manipulation, or even sold to a pedophile group.
A DEVELOPER SHALL REQUEST AN AGE SIGNAL WITH RESPECT TO A PARTICULAR USER FROM AN OPERATING SYSTEM PROVIDER OR A COVERED APPLICATION STORE WHEN THE DEVELOPER'S APPLICATION IS DOWNLOADED AND LAUNCHED.
Basically SB 26-051 creates a mechanism that can be used to harvest the data that certain users are kids and then sell that data to anyone who will pay for it.
Data like this is traded internationally, which makes it tragic that elected lawmakers would waste time pushing a bill whose only mid-term effect would be making Colorado less attractive to developers and software companies.
The irony is that normally your kids would have been protected, by standard practices, from having their age exposed. This bill reverses that, putting your children at more risk.
The bill also would force many devices to provide age bracket data that are surprising to most people, because this part:
"DEVICE" MEANS ANY GENERAL-PURPOSE COMPUTING DEVICE THAT CAN ACCESS A COVERED APPLICATION STORE OR DOWNLOAD AN APPLICATION.
... means anything with Internet access and storage. This includes smart televisions, thermostats, tablets, smartphones, smart watches, some fitness tracking devices, some smart toilets, and so on, all potentially reporting your activity on demand, even if that back-end service has nothing to do with porn.
The bill is also poorly structured. Clearly it's intended to focus on services like app stores (Android, Apple), but by attempting to integrate support for this into operating systems, makes it available to hostile actors for any purpose worldwide. Further, it requires developers to guess whether other available information on a user might mean they're really in a different age bracket, exposing them to fines of $2500 to $7500 per minor "affected" (note: "affected" is not defined in the bill). The exemptions give blanket protection to developers working on for-internal-use software, but give no exemptions to recreational programmers. non-profit personal software, university projects, and so on, casting a chilling effect across software engineering generally.
Lastly, the bill is ineffective. Most of the web runs on Linux, a coöperative international effort, nominally controlled by one man in Finland. There is no chance of this bill's mechanism being implemented in this context. Nor will other developers be especially interested in rewriting software for this Colorado-specific bill. Further, the kids supposedly being protected from all the Colorado native porn sites would just web-browse to nearly any porn site and be outside of Colorado anyway, if not outside the US entirely.
These sponsors aren't alone. Most elected lawmakers are equally bad at technology and protecting democracy from the threats that come from chipping away at privacy protection. Bills like this appear in other states all the time, despite being toothless, easily circumvented by kids (who trivially circumvent even face photo hurdles), or radically compromising the privacy of adults (like this one).
There's also the long game, where these sometimes Democrat-led bills in various states could eventually see a much deeper-reaching federal one, where, instead of a "age signal", the user's computer must send an "ID signal", allowing all personal interactions with the Internet to be tracked, analyzed for political and other biases, and used by backbone firewalls to control exactly what people are allowed to read. Very handy for a dictator who might want to block off "fake news".
This is only a hypothesis, but one has to wonder whether sponsors to such bills even care if the bills work or pass, since either way they still get to claim they Protected the Children! even though the bills themselves violate privacy for everyone, often cause websites about breast cancer to be censored, or pave the way for authoritarian control - something this one stands out for. The only thing really surprising is that this bill wasn't sponsored by MAGA Republicans deliberately to add another paving stone to the road to national censorship.
I urge everyone to get in touch with other Colorado representatives to call for a fight against this travesty of a bill. Further, I would excoriate the two sponsors by email and phone, and tell them now that you will not reward this sort of juvenile lawmaking with your vote. Lastly, tell other people about how Matt and Amy plan to strip away their privacy in a way that puts children more at risk than doing nothing.
How will this work with ephemeral VMs? If you spin up a few hundred a day, will each one prompt you for birthday ? And whose birthday ? The CEO?
Good luck enforcing that in linux, simply because open source community agreed to never agree on anything. The strength of anything is also its weakness, always.
What is the point of this?
So now I have to prove who I am just to use something I purchased? Am I gonna have to prove my age/identity to my new laundry machine (it runs on OS)?
My car has some sort of operating system, right?
My TV, my fridge, my 30 year-old TI-82, my sprinkler system… my mom’s pacemaker.
And will I have to verify again when I switch to command line? =P
What a joke.
Lol no.
Ok. No more linux in california. Forget silicon valley. Forget all the supercomputers at research establishments. Forget all the smart TVs. Forget all the cars with in-dash computers. Let's see how long california can keep its lights on without embedded linux.
In all seriousness, rather than comply, linux distros should enforce this law. Any linux install that detects itself being in california should automatically shutdown with a loud error message. I give it a week before a madmax situation develops.
How expensive do you expect such an API to cost to make? It's pretty simple.
Compliance is always easier than resistance. Want to keep software free? Freedom has costs.
1 reply →
Considering the law requires every app to do it, pretty expensive.
1 reply →
It would have to be done at the license level and with litigation. Anything relying on code to be added, would be removed. And probably, trying to do the license thing would force some people to fork the software.
[dead]
[dead]
[flagged]