Comment by strongpigeon
5 days ago
People here seem very against this, but I don't really see it. This only require to have a form asking about your age and provide an API to read it, right?
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
There are basically 2 possibilities with the outcome of this law: It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois (which wouldn't be effective either, but might be the kind of compliance theatre we'll see from maintainers worried about liability).
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
"so full of holes as to be meaningless"
what is the solution then to age gating apps that the public feels should be age gated? (TikTok, Instagram, etc). it seems like every app implementing its own guessing system would have even more holes, right?
this is one where I am sympathetic. the moment when someone, with their parent, is setting up a device seems like the best point to check age. right?
am I missing something?
The companies you mentioned are the ones profiting handsomely off their intentionally addictive platforms. They're the ones with massive legal departments. Obviously they should be the ones liable to make sure the kids aren't getting abused on their platforms, not a bunch of volunteer Linux developers who couldn't care less about social media or monetization.
They could've written these laws to go after Apple and Microsoft specifically, and assume that most kids wouldn't have the wherewithal to install Linux themselves. That may or may not be effective. But no, the way the law is written, any hobbyist OS dev is now legally liable for the abuse kids might suffer on massive social networks that are completely unrelated to the OS.
The funny thing is that Estonia actually already figured this all out. Their national ID system allows any platform to reliably verify anybody's age without gaining access to any other information about them. It's the perfect system for reliable checking age while maintaining perfect privacy about all other personal data. But I don't think we'll see that in the US in my lifetime, so we'll just have to keep fighting over all these ineffective privacy nightmares instead.
the solution is to remove the bits of those apps that are harmful to children (and adults): the algorithmic data feed, the infinite scroll, the engagement tactics, the advertising
6 replies →
> It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
What if I don't want my computer asking for my age and providing an API to give up that information? Why is the government mandating software devs to add bloat and privacy violating features to operating systems?
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
Meanwhile Epstein and the pedo elite are untouchable and with no surveillance of course.
[flagged]
5 replies →
I don't really see any good arguments in favor of it, so why do it? There's no reason my OS needs to know anything about me.
I guess I'm more surprised by the intensity of the backlash this generates here. I agree with you that mandating (weak) OS APIs like this the right approach, but that alone wouldn't warrant the severe reaction this is getting right?
A big chunk of the problem with this kind of legislation for me is that it inherently indicates a failure to govern to me. I disagree with the premise of the solution, but even more so this is trying to legislate a specific engineering solution for our current systems rather than any form of financial, objective guidance, or have reasonably actionable and enforceable consequences.
While laws that target engineering decisions are sometimes reasonable, they are always accompanied with specific guidance from a credible academic based institution (e.g. mechanical and civil engineering use private licensing bodies and develop specific curriculum and best practices).
The only time this law will ever be enforced is punitively for other crimes against major actors who are extremely limited in number. It is unenforceable for Linux, trivial for Apple, Microsoft, and Google to add to their OS. Presumably easy to spoof, the law describes it as minimal but once again, there isn't a specification so who knows. Websites won't be liable, they're getting a sweetheart deal here.
In practice what this law does is absolve abusive platforms an from any responsibility. It adds extra meaningless work and overhead for legitimate adult platforms while opening themselves up to new potential legal challenges, and ultimately doesn't replace the responsibility its removing.
This doesn't make children safer. This doesn't make the internet safer. This kind of legislation makes it easier to abuse children online by removing responsibility from platforms that are known to be dangerous to them yet profit from their presence the most.
It's considered offensive to the strongly freedom-loving FOSS community, and it's basically legally-required tech debt, which is annoying to all maintainers
Code is speech. Open source projects are an exercise in speaking publicly. This law mandates particular speech in your otherwise Free as in freedom code.
How are you not outraged? People are missing the above forest for the "oh but it's a tiny little easy API and I don't see any downsides" trees.
Seems pretty reasonable to get annoyed at a law that at best will be useless and at worse dangerous, while it will directly dictate features into the tools we all use everyday. All for no gain for anyone but maybe Meta and some other big companies.
1 reply →
People lie, so there would need to be some kind of proof provided, right? How much data will one need to give up to use a computer? Where/how is that data stored? What else will it be used for? What happens when it’s hacked? How will test systems or servers work? If I want a computer that isn’t linked to the rest of my ecosystem, can I still do that or will age verification require I login with a cloud account?
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
[flagged]
I was using myself as an example. Nearly 60% of homes don't have any kids under 18.
Why should an OS demand personal information from its users? It creates an unnecessary risk that the information will be leaked.
Laws exist that dictate what apps are allowed to do depending on the user's age. This means that in order to follow the law they must collect the user's age. If collecting the user's age is a common requirement of apps it makes sense for the operating system to expose an easy way to do that to make app development easier on that platform.
No, it makes sense for an App Store to do that. Or, that HTTP headers are set at the device or network proxy.
User account creation wizards could just create the dot files for the App Store. These weird laws ban OS.
3 replies →
I am very pro social media regulation (with regards to age gating) due to the evidenced harm it causes, and which court cases have shown these companies are well aware of internally; with that said, this is an attempt by social media companies to shift liability to keep business as usual/status quo. This is no different than what oil companies have done, cigarette companies, chemical companies who have polluted at scale while knowing the harm, etc.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
https://en.wikipedia.org/wiki/Sackler_family
https://en.wikipedia.org/wiki/Opioid_epidemic_in_the_United_...
https://www.profgalloway.com/addiction-economy/
Purdue sold less than 4% of the prescription opioid pain pills in the U.S. from 2006 to 2012. They were a scapegoat for pill farm doctors and an incredible lack of personal responsibility from prescribers, pharmacists and patients.
Personal responsibility isn't a thing from a consumption perspective, it's primarily brain chemistry. See: GLP-1s [1] [2] (tldr they patch the brain's reward center against suboptimal reward chasing and demand)
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human. My pattern matching in the comment you replied to stands imho, and while it is admittedly imperfect (as you point out), I believe it remains directionally accurate.
[1] Why Ozempic Beats Free Will - https://news.ycombinator.com/item?id=45907422 (additional citations)
(think in systems)
> This is an attempt by social media companies to shift liability to keep business as usual/status quo.
Do you mind expanding on why that is? Is it because it allows them to say "well the API told us they're adults so we're all good"?
and the verification that the OS has to provide is minimal. the OS doesn't need to verify and ID or anything. Probably just a checkbox when you create the account that you're an adult, or child, etc. and then that's provided to the browser. So it effectively becomes meaningless if the goal is to get children off social media.
>keep business as usual/status quo.
Umm isn’t that what we want? Or are you suggesting there should be some other legislation in place?
Age gating first [1] (no social for under X age), keep tightening the policy ratchet as data and evidence indicates. OODA loop applied to policy [2].
[1] Tracking Efforts To Restrict Or Ban Teens from Social Media Across the Globe - https://www.techpolicy.press/tracking-efforts-to-restrict-or... - February 23rd, 2026
[2] https://en.wikipedia.org/wiki/OODA_loop
1 reply →
That's exactly how I see it. Verification should be on the social media platforms not your OS.
to me, it's both the slippery slope argument and the lack of real reason other than "protecting minors". operating systems were designed to run the program/programs. You can make applications use this API to determine the user age, or you can just...ask the user in the application itself. I also don't see why this is a requirement rather than an option the same way I don't see why having a Microsoft account is required to install windows or access to internet (without the current workarounds) or even those password reset questions and to some extent asking for first and last name. If I want to add those information, let me do that myself or when i use said software, don't make it a hard requirement.
The bill itself sort of goes against its "purpose". If the purpose is to make a convenient API for stores to know their user, and avoid showing them certain content then why did the bill state: "If an operator has internal clear and convincing information that a user's age is different than the age indicated by a signal received in accordance with this Section, the operator shall use that information as the primary indicator of the user's age."
because many people lie in those forms. Many people on steam will select they were born in 1900, including myself. So how will this API help? the only way for it to be useful is if they later require full verification.
The way I see it (to strongman the bill's position) is that by mandating it at account creation, an adult/parent can ensure that the age is properly set for a minor/child.
That being said, I don't think this bill was that well thought out as the implication are far reaching (will I need to enter an age when provisioning a VM?).
I mostly see it as a clumsy attempt to provide a mechanism for age-category attestation in a way that is more privacy-friendly than Texas's "upload-your-id" law.
I can see the argument of parents or guardians ensuring the device is properly set for their child, but I feel like age is not the right information to use. But I agree, it's definitely not well thought out.
I feel like if we assume this is in good faith, and they want to make sure adults can ensure minors don't have access to certain content, why would they use age as the information? This can be solved, or even have been solved by having Parental Control feature like in IOS which provides finer options than what you would get with age.
This could OK if this was requiring that any device or operating system have access to parental control in any capacity (either by default or via third party application) and limited for things that would be used by minors so that VMs or other stuff don't have to worry about this. Or, they could mandate products to indicate that the feature exist. That way, a parent can decide what to give their child.
I think the implication is that this law is incredibly bad. I don't mean for privacy, I mean for fulfilling it's purpose. This will prevent approximately zero kids from accessing whatever.
What that means is that we will have to amp it up, if we want to achieve it's purpose. So, that's not a slippery slope, that's a prophecy.
When we get cryptographically backed identity verification on all computing, that will legitimately be the end of computing as we know it.
If it is so simple - that ensures nothing, faked easily - then what's the point wasting efforts on it? Why to complicate things? Why spend time and efforts to do it? And annoy with one more tiny thing on top of the hundrends? Why not just not doing it?
Or, in contrary, when it is very reliable, so it can map a very specific real person to a reliable and true birth date, then f off binding myself to a randome computer account that gives it out to whomever is asking it!
There is no good in this story.
The backlash is from Meta trying of assign liabilities of their business practices on people who may not even be users.
Yes, this is just the beginning of a huge swath of innocent APIs to identify people on the internet. Meta isn’t going to stop, and neither will governments.
The government is not allowed to specify what your software you run on your local personal computer or how that software should work. This is a first amendment issue, it’s been defeated before, it will be defeated again. If this were ever upheld, you will immediately have legislation attempting to force OS makers to spy on users, add backdoors, and so on.
Edit: also, before the same jackass from the last few discussions on this mentions “muh ADA” again, the ADA has never been shown to apply to an OS in court nor does it mention anything about operating systems.
This is the framework for requiring government ID to use online services, which increasingly power even local computing (thanks to DRM and cloud services).
They want to abolish anonymous use of internet services, because anonymous publishing at scale is powerful and dangerous to incumbents when they can’t retaliate with malicious prosecution, police harassment, or assassination.
Please explain how this law (or the CA one for that matter) require government IDs. It is worded specifically to _not_ require ID.
"Framework" means "strategy". This bill is more likely than not a tactic in a much longer insidious campaign to erase anonymity to gain power and profit to normalize taking other rights away a little at a time. We've seen this before with the Clipper chip initiative. I feel sad and bad for anyone on the side of token Karen parents / useful idiots, limousine politicians, lobbyists, billionaires, and people okay with surrendering their and other people's rights. I don't want to live in a society with Flock everywhere, dragnet cell phone tracking, social credit, own nothing, an internet license, de-E2EE, transparent walls dwelling, zero privacy, and absolute proof of birth parents and citizenship every time, long lines, in-person only voting.