Comment by packetlost
1 day ago
Because it's the lowest common denominator between the user and every online interaction. The bill basically says provide a date-of-birth as metadata to accounts and provide an API to query the age bracket, not even the age, of the user to applications. It's a privacy-aware, mostly reasonable approach that shifts responsibility to the owner/administrator of a device to enforce it. It's basically just mandating parental controls.
I'm trying to understand how this is even a bad thing. Where is the privacy invading verification? Surely a given OS can implement the API response however it wants? If you're root, tell me your age. If you're not, (a child account), the admin (their parent) sets the age. Seems fine?
Well the problem is, there is no consensus standard. The onus is on every individual vendor to figure out how to comply. And it's so poorly written that there is no clear path to compliance. Even attempting to comply is burdensome and subjects you to a lot of legal risk. Only the largest vendors can afford to take on this risk. For others, the only winning move is not to play. Classic regulatory capture.
Even ignoring everything else, at a minimum it is backwards.
There is no reason to tell the application, and by extension their developers, how old the user is. The application should tell the user what bracket it is appropriate for and then the operating system could filter appropriately without any of the user’s identifying information leaving their system.
This is also technically superior because it moves the logic for filtering out of being custom implemented by each and every single application to a central common user-controlled location; you do not have to rely on every application developer doing it right simultaneously.
It's a lot easier to add an API that's opt-in for an application that needs it. What's the appropriate way an OS should handle an application that doesn't declare this new property? Fail open? Fail closed? It would quickly turn into a mess. IMO it's better to do it this way because the applications that need it (browsers, chat clients, etc.) will use it to provide legal shielding. This isn't a technical problem they're trying to solve, it's a legal liability one. I generally like this approach, but I think there's no reason to mandate that an application use the API, just mandate that if they do they are considered to have real knowledge of the age range of the user in question. If you provide the API, the incentive to use it is already there for the applications it's needed for the most.
2 replies →
Well, it's not a bad thing. And if you can root your own computer, that's adult enough
Y'all are like Dilbert with the shock collar on, "It's not so bad." It's requiring all operating systems, apps, and online services to add age checks. It adds friction to the process of developing stuff. If there's something you do not want to do especially in California of all Goddamn places (swear to God, Wozniak would be spinning in his grave if he had one) it's add friction to the software development process with government-mandated code paths. But what do I know. This is a site actually called Hackernews, where the answer to all large-scale social problems is "that's why we need more government regulation".
Like, literally none of those sentences are accurate. It's kinda impressive.
I do wonder who benefits from all the propaganda causing this kind of kneejerk reaction though.