(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.
> Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.
Regardless of the technical details of the law(s), the devs are sensibly refusing to prompt for age on a fricking calculator.
Hopefully Linux distros get on board with this and announce non-CA/CO compliance as policy.
Ultimately, it does not matter. This legal notice is just theater, as anyone from CA or CO can still download, build and use the program. Linux distributions will just do the same.
For Linux it will be way more problematic because:
- A lot of of corporate contributions comes from SV.
- Linux Foundation is incorporated in CA.
- Linus himself is CA's resident AFAIR.
So there is zero chance of claiming no jurisdiction. The only hope is whoever is enforcing this batshit wouldn't go after what is essentially not an OS for the purpose of the bill, but rather an internal component (it would be like going after a vendor of bolts and nuts for noncompliance of a toaster).
“can download” could refer either to transfers initiated by the user, or to transfers initiated from the device. The language “from [device] developers to users of [that device]” clarifies that this applies if users can access a third-party directory and/or repository of applications.
I strongly encourage the EFF to sue the FSF over not shipping age verification in Emacs, since in every respect Emacs fits these criteria; it is a computer environment that avid users can reside fully within to operate their system, and its publisher operates a directory+repository system at https://elpa.gnu.org. I think that both organizations would be excited to pursue that lawsuit pro bono, since it would evidence such significant flaws in the law that it might be struck by the court.
Incidentally, this likely also implicates Tesla and BMW as not requiring age verification before allowing users to download updates containing new pay-to-unlock applications from their vehicles’ in-app purchase marketplaces. I’m sure they would both be happy to help overturn this law once implicated in violating it.
It's also still bound only to companies in CA. I'm in GA, I don't have to comply, for example, if I were making operating systems. People REALLY need to push back when governments try to extend their reach beyond their borders, like EU regulations. The more we let them the more enshrined in law it will become. We have the right and duty to say no, that only applies in your jurisdiction.
Developers are not lawyers, so they cannot be expected to know every subtle detail of the law, and not how these laws are then interpreted (in a often non-logical way) by courts.
If you are providing legal advice as a legal professional, happy to follow your advice. Are you willing to provide legal indemnity to me? I assume it will be cheap, say $12/year.
I think the winning move is just to ignore the legislation, and drag the government into an EFF or ACLU-funded First Amendment lawsuit if they try to enforce anything.
if (user is null) is leaving me way up in my feelings. Ambiguous value error: 'too true' is not an approved response. Please consult your legislator and try again.
Does it run applications? The point of the law is to collect (and device setup) the age of the (I guess primary?) user, and communicate that (as a range?) to any applications it runs.
So, if you don't run applications, does this matter? Also, enforcement is by the CA attorney general, so random people can't go after you.
(c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
The California bill basically says any OS with an app store needs to collect an age signal and provide age bucketing to an app store (presumably even third-party ones, but notably NOT extension stores) so it can forward that information onto developers in that store.
There's no further elaboration on what age signals are preferred, so my assumption is that a DoB field in the user profile and a system service to request the age bucket is good enough. It's absolutely silly, but DB48X could implement that.
There's a related question of who is actually liable under this law - it seems written to target just Apple, Google, and Microsoft; and it only makes sense in the context of consumer electronics. Like, how does this work with enterprise systems? Servers? Is IBM going to have to rush out a patch for z/VM to ask the system administrator what their date of birth is?
What's with the recent push for age verification? This has been around forever but it seems like just recently a bunch of governments are pushing for this.
A large number of entities are facing the same problem at the same time and coming to similar conclusions.
There's also a cabal that wants surveillance, but since the California law doesn't require surveillance, this isn't that. The California law just mandates a parental control feature.
IANAL, but the whole thing feels quite problematic. Should we interpret the prohibition as a licensing condition "a resident using our IP is violating the contract" or as an informative note "we are not compliant and we are not ever going to be compliant so a resident using the IP is violating local laws"? I'd expect the intent to be the latter, but would it hold in front of a judge? If the notice is a licensing condition, the whole thing is problematic as hell:
- Does such prohibition has any legal force at all? Does it do anything to prevent responsibility according to the bill? Wouldn't just saying "CA/CO have zero jurisdiction over us, get screwed" be a saner choice (of course it would be better if the project wouldn't host on M$'s servers).
- The main project license is GPLv3. GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility. But they still keep GPLv3 LICENSE.txt, which is problematic in itself - if LICENSE.txt says one thing and LEGAL-NOTICE.txt another, the conclusion might be that no license applies so no one may use the software at all!
- If they are reusing any GPL software that they don't hold copyright on, they might be or might not be in violation (would need a real lawyer to say if that's the case or not).
And on the actual matter of things, it's really sad to see California to be on the front line of this crap (this screams ageism). And, dear "adults", screw your parental authority so much. Whatever skills I've gained before the university I've done against an explicit parental prohibition. This is what I live off now. Screw you all.
> GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility.
It's not even just that. The license expressly forbids adding other conditions and restrictions, and says that people who receive software, licensed under the GPL, with added conditions ore restrictions, can just remove those restrictions.
If the author really wants to add a restriction like this, they have to switch to a different license.
Maybe they don't really want to add this restriction. Maybe they want a fig leaf, so when California asks them why they don't comply with the law, they can point to this and state it's not legal to use in California.
> And on the actual matter of things, it's really sad to see California to be on the front line of this crap (this screams ageism). And, dear "adults", screw your parental authority so much. Whatever skills I've gained before the university I've done against an explicit parental prohibition. This is what I live off now. Screw you all.
It's yet another surface that totalitarian parental control has crept into, and it's a serious problem. Young people kept strictly within the iron grip of their guardians generally aren't the ones who become happy actualized all-star adults.
Obviously there should be some limits on what teenagers and children can access, it shouldn't be entirely free reign, but robbing them of space to bend the rules severely limits their potential for growth and incurs a strong risk of extinguishing their spark.
> Obviously there should be some limits on what teenagers and children can access
Is it? The only people who should be deciding those limits are parents. If they fail to set and enforce those limits then any negative outcomes for the child are due to their own negligence, and can be adjudicated as child abuse per those laws.
If this were the late 80s I would wholeheartedly agree with you. But it isn't. Every device under the sun seems to have a web browser and wifi built into it at this point. Even most TVs are "smart" these days. If you told me that your refrigerator had a web browser and an app store I would assume you were entirely serious.
The internet is full of amazing things but it is simultaneously a largely unfiltered cesspool.
Imagine you live in the suburbs, but at some point the house to your left got demolished and replaced with a casino that doesn't ID anyone. The house to your right got demolished and replaced with a liquor store that doesn't ID anyone. And the house across the street got demolished and replaced with the headquarters of a local group of political extremists.
Sure, there also happens to be an award winning library a couple houses down. But that's largely irrelevant when it comes to the question of how you're supposed to raise children in this environment.
If I'm reading the (L)GPL correctly (but I'm not a lawyer), this notice should be completely ignored:
Section 7 says: All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
Section 10 says: You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License.
> This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below.
Which points you over to this in GPL, Sections 7, Additional Terms:
> Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
> ...
> f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.
This is a condition being imposed by a new law (if/when it passes). Its an attempt at indemnification that is compatible with the law. It seems to pass the reasonableness check.
Of course, the copyright holder can license as they wish. But the quoted terms of the GPL are in the license that the author is distributing with the software, so we can also follow the terms of the GPL and remove the extra restriction they just added. The author is trying to do contradictory things: add extra restrictions, but release under the terms of a license that allow us to remove those extra restrictions.
If they want to add that restriction, they cannot release it under the GPL; they need to pick another license, or modify the GPL to their liking and then call it something else (assuming the copyright terms of the GPL allow you to make a derived work of the license itself).
Wouldn't they still need to switch to a license outside the GPL family in order to add those restrictions, even if they're the sole copyright holder? Otherwise it seems that upon receiving a copy of the software, the user can just remove the additional restrictions, as specified by Section 7.
Ignoring the calculator side of things (fair enough if they don't wanna implement it) is this just requiring an age value for the user of the operating system?
Because if so, that seems a lot more sensible than the online crap where you need to give ID or something. I remember someone suggesting requiring an `X-User-Age` header, and having adults responsible for having their children's account setup with their age, which this proposal seems to be more in line with.
From some of the other responses people seem against this proposal, am I missing something? (I only briefly skimmed the links) Is there some kind of attestation/ID required when the age is input?
It’s the camels nose into the tent of regulating how an OS should behave. This is anathema for FOSS operating systems. It will cause complete madness if different jurisdictions start regulating operating systems in their own way and could honestly kill FOSS OSes.
IMO it's more likely to lead to a renaissance in FOSS OS use. Not requiring a legal entity and being geographically diffuse makes them immune to this kind of pressure in a way that Apple and Microsoft are not.
is it though? If you setup a PC for a 12 year old and prompts you something like [12~16] and thats reported to whatever, what exactly is the fear? You can scream slippery slope but these laws are just going to boil down to technical capability because enforcement isn't realistic.
There's real harms by large businesses such as Meta. Should we pretend those arms don't exist?
There is no carve out in the law for open source. I don’t think it matters for this calculator’s firmware, because there’s no covered App Store, but it certainly would for most Linux distributions.
The law is irrelevant when it comes to open source. There is no one to turn to and bully for compliance. A government could presumably request that GitHub delete the repo, but the software will then simply move somewhere else, in a jurisdiction where these laws don't apply, or be distributed peer-to-peer. These attempts at curbing the freedom to write and distribute software are pathetic and will fail.
So DB48X provides a covered application store?
(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.
> Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.
Regardless of the technical details of the law(s), the devs are sensibly refusing to prompt for age on a fricking calculator.
Hopefully Linux distros get on board with this and announce non-CA/CO compliance as policy.
Ultimately, it does not matter. This legal notice is just theater, as anyone from CA or CO can still download, build and use the program. Linux distributions will just do the same.
8 replies →
For Linux it will be way more problematic because:
- A lot of of corporate contributions comes from SV.
- Linux Foundation is incorporated in CA.
- Linus himself is CA's resident AFAIR.
So there is zero chance of claiming no jurisdiction. The only hope is whoever is enforcing this batshit wouldn't go after what is essentially not an OS for the purpose of the bill, but rather an internal component (it would be like going after a vendor of bolts and nuts for noncompliance of a toaster).
21 replies →
“can download” could refer either to transfers initiated by the user, or to transfers initiated from the device. The language “from [device] developers to users of [that device]” clarifies that this applies if users can access a third-party directory and/or repository of applications.
I strongly encourage the EFF to sue the FSF over not shipping age verification in Emacs, since in every respect Emacs fits these criteria; it is a computer environment that avid users can reside fully within to operate their system, and its publisher operates a directory+repository system at https://elpa.gnu.org. I think that both organizations would be excited to pursue that lawsuit pro bono, since it would evidence such significant flaws in the law that it might be struck by the court.
Incidentally, this likely also implicates Tesla and BMW as not requiring age verification before allowing users to download updates containing new pay-to-unlock applications from their vehicles’ in-app purchase marketplaces. I’m sure they would both be happy to help overturn this law once implicated in violating it.
The law pertains to providers of covered application stores or operating system providers. Or, not and.
They are not a covered application store, but they are an operating system provider, so the law does apply to them.
It's also still bound only to companies in CA. I'm in GA, I don't have to comply, for example, if I were making operating systems. People REALLY need to push back when governments try to extend their reach beyond their borders, like EU regulations. The more we let them the more enshrined in law it will become. We have the right and duty to say no, that only applies in your jurisdiction.
> So DB48X provides a covered application store?
Developers are not lawyers, so they cannot be expected to know every subtle detail of the law, and not how these laws are then interpreted (in a often non-logical way) by courts.
If you are providing legal advice as a legal professional, happy to follow your advice. Are you willing to provide legal indemnity to me? I assume it will be cheap, say $12/year.
I think the winning move is just to ignore the legislation, and drag the government into an EFF or ACLU-funded First Amendment lawsuit if they try to enforce anything.
[flagged]
I don't see a definition for "operating system" in this legislation (California).
"Operating system provider" is defined, but that's kinda useless unless "operating system" is defined first.
It seems there's also a definition error:
> 1798.500. For the purposes of this title:
> (i) “User” means a child that is the primary user of the device.
Child is defined:
> (d) “Child” means a natural person who is under 18 years of age.
But that means this is impossible:
> (b) (4) Whether the user is at least 18 years of age.
if (user is null) is leaving me way up in my feelings. Ambiguous value error: 'too true' is not an approved response. Please consult your legislator and try again.
> Colorado residents may no longer use DB48x after Jan 1st, 2028.
This law hasn't even passed
Does it run applications? The point of the law is to collect (and device setup) the age of the (I guess primary?) user, and communicate that (as a range?) to any applications it runs.
So, if you don't run applications, does this matter? Also, enforcement is by the CA attorney general, so random people can't go after you.
Well, it’s a programmable calculator, so…how does the law define “applications”?
(c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
4 replies →
The California bill basically says any OS with an app store needs to collect an age signal and provide age bucketing to an app store (presumably even third-party ones, but notably NOT extension stores) so it can forward that information onto developers in that store.
There's no further elaboration on what age signals are preferred, so my assumption is that a DoB field in the user profile and a system service to request the age bucket is good enough. It's absolutely silly, but DB48X could implement that.
There's a related question of who is actually liable under this law - it seems written to target just Apple, Google, and Microsoft; and it only makes sense in the context of consumer electronics. Like, how does this work with enterprise systems? Servers? Is IBM going to have to rush out a patch for z/VM to ask the system administrator what their date of birth is?
> Like, how does this work with enterprise systems?
You put the age of the owning company. If the company is under 18 then too bad for you.
What's with the recent push for age verification? This has been around forever but it seems like just recently a bunch of governments are pushing for this.
It's a cloak for digital ID disguised as child safety.
There are many way to make the internet safe for kids without removing anonymity. But the they wouldn't get what they want, would they?
A large number of entities are facing the same problem at the same time and coming to similar conclusions.
There's also a cabal that wants surveillance, but since the California law doesn't require surveillance, this isn't that. The California law just mandates a parental control feature.
*Formerly open source
Seems to violate the open source definition paragraph 5, no?
IANAL, but the whole thing feels quite problematic. Should we interpret the prohibition as a licensing condition "a resident using our IP is violating the contract" or as an informative note "we are not compliant and we are not ever going to be compliant so a resident using the IP is violating local laws"? I'd expect the intent to be the latter, but would it hold in front of a judge? If the notice is a licensing condition, the whole thing is problematic as hell:
- Does such prohibition has any legal force at all? Does it do anything to prevent responsibility according to the bill? Wouldn't just saying "CA/CO have zero jurisdiction over us, get screwed" be a saner choice (of course it would be better if the project wouldn't host on M$'s servers).
- The main project license is GPLv3. GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility. But they still keep GPLv3 LICENSE.txt, which is problematic in itself - if LICENSE.txt says one thing and LEGAL-NOTICE.txt another, the conclusion might be that no license applies so no one may use the software at all!
- If they are reusing any GPL software that they don't hold copyright on, they might be or might not be in violation (would need a real lawyer to say if that's the case or not).
And on the actual matter of things, it's really sad to see California to be on the front line of this crap (this screams ageism). And, dear "adults", screw your parental authority so much. Whatever skills I've gained before the university I've done against an explicit parental prohibition. This is what I live off now. Screw you all.
> GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility.
It's not even just that. The license expressly forbids adding other conditions and restrictions, and says that people who receive software, licensed under the GPL, with added conditions ore restrictions, can just remove those restrictions.
If the author really wants to add a restriction like this, they have to switch to a different license.
Maybe they don't really want to add this restriction. Maybe they want a fig leaf, so when California asks them why they don't comply with the law, they can point to this and state it's not legal to use in California.
> And on the actual matter of things, it's really sad to see California to be on the front line of this crap (this screams ageism). And, dear "adults", screw your parental authority so much. Whatever skills I've gained before the university I've done against an explicit parental prohibition. This is what I live off now. Screw you all.
It's yet another surface that totalitarian parental control has crept into, and it's a serious problem. Young people kept strictly within the iron grip of their guardians generally aren't the ones who become happy actualized all-star adults.
Obviously there should be some limits on what teenagers and children can access, it shouldn't be entirely free reign, but robbing them of space to bend the rules severely limits their potential for growth and incurs a strong risk of extinguishing their spark.
> Obviously there should be some limits on what teenagers and children can access
Is it? The only people who should be deciding those limits are parents. If they fail to set and enforce those limits then any negative outcomes for the child are due to their own negligence, and can be adjudicated as child abuse per those laws.
2 replies →
If this were the late 80s I would wholeheartedly agree with you. But it isn't. Every device under the sun seems to have a web browser and wifi built into it at this point. Even most TVs are "smart" these days. If you told me that your refrigerator had a web browser and an app store I would assume you were entirely serious.
The internet is full of amazing things but it is simultaneously a largely unfiltered cesspool.
Imagine you live in the suburbs, but at some point the house to your left got demolished and replaced with a casino that doesn't ID anyone. The house to your right got demolished and replaced with a liquor store that doesn't ID anyone. And the house across the street got demolished and replaced with the headquarters of a local group of political extremists.
Sure, there also happens to be an award winning library a couple houses down. But that's largely irrelevant when it comes to the question of how you're supposed to raise children in this environment.
8 replies →
If I'm reading the (L)GPL correctly (but I'm not a lawyer), this notice should be completely ignored:
Section 7 says: All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
Section 10 says: You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License.
The LGPL has:
> This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below.
Which points you over to this in GPL, Sections 7, Additional Terms:
> Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
> ...
> f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.
This is a condition being imposed by a new law (if/when it passes). Its an attempt at indemnification that is compatible with the law. It seems to pass the reasonableness check.
The copyright holder isn't bound by their own license though.
Although, if there are many contributors to the project, there may not be a clear copyright holder.
Of course, the copyright holder can license as they wish. But the quoted terms of the GPL are in the license that the author is distributing with the software, so we can also follow the terms of the GPL and remove the extra restriction they just added. The author is trying to do contradictory things: add extra restrictions, but release under the terms of a license that allow us to remove those extra restrictions.
If they want to add that restriction, they cannot release it under the GPL; they need to pick another license, or modify the GPL to their liking and then call it something else (assuming the copyright terms of the GPL allow you to make a derived work of the license itself).
2 replies →
Wouldn't they still need to switch to a license outside the GPL family in order to add those restrictions, even if they're the sole copyright holder? Otherwise it seems that upon receiving a copy of the software, the user can just remove the additional restrictions, as specified by Section 7.
Ignoring the calculator side of things (fair enough if they don't wanna implement it) is this just requiring an age value for the user of the operating system?
Because if so, that seems a lot more sensible than the online crap where you need to give ID or something. I remember someone suggesting requiring an `X-User-Age` header, and having adults responsible for having their children's account setup with their age, which this proposal seems to be more in line with.
From some of the other responses people seem against this proposal, am I missing something? (I only briefly skimmed the links) Is there some kind of attestation/ID required when the age is input?
It’s the camels nose into the tent of regulating how an OS should behave. This is anathema for FOSS operating systems. It will cause complete madness if different jurisdictions start regulating operating systems in their own way and could honestly kill FOSS OSes.
IMO it's more likely to lead to a renaissance in FOSS OS use. Not requiring a legal entity and being geographically diffuse makes them immune to this kind of pressure in a way that Apple and Microsoft are not.
is it though? If you setup a PC for a 12 year old and prompts you something like [12~16] and thats reported to whatever, what exactly is the fear? You can scream slippery slope but these laws are just going to boil down to technical capability because enforcement isn't realistic.
There's real harms by large businesses such as Meta. Should we pretend those arms don't exist?
2 replies →
Performative indeed!
what a stupid law
From the other post about this law.
> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure
This seems like an over reaction because of a simple date field
Why would I need a Microsoft account to use Windows.
Microsoft may in future permanently disable the local-account workarounds. Being able to hind behind "legal reasons" just makes it worse.
The point is, it’s not about verification but a simple date field.
Like those sites where you have to enter a birthdate before you can see the content
so they outlawed a calculator?
All these stupid unenforceable laws, like GDPR which is being watered down, only create strong incentives to lie on compliance officers.
[dead]
Clickbait title, the legal notice explicitly states that an open source project cannot and will not implement age verification.
There is no carve out in the law for open source. I don’t think it matters for this calculator’s firmware, because there’s no covered App Store, but it certainly would for most Linux distributions.
The law is irrelevant when it comes to open source. There is no one to turn to and bully for compliance. A government could presumably request that GitHub delete the repo, but the software will then simply move somewhere else, in a jurisdiction where these laws don't apply, or be distributed peer-to-peer. These attempts at curbing the freedom to write and distribute software are pathetic and will fail.
4 replies →