← Back to context

Comment by floxy

4 days ago

(5)(a) "COVERED APPLICATION" MEANS A CONSUMER SOFTWARE APPLICATION THAT IS ACCESSED THROUGH A COVERED APPLICATION STORE AND THAT MAY BE RUN OR DIRECTED BY A USER ON A DEVICE.

(b) "COVERED APPLICATION" DOES NOT INCLUDE:

(I) A SOFTWARE APPLICATION THAT DOES NOT PROCESS USERS' PERSONAL DATA; OR

(II) AN APPLICATION FROM A FREE, PUBLICLY AVAILABLE CODE REPOSITORY.

34 comments

floxy

Reply
dlcarrier  4 days ago

So if your service is proprietary, but your client is open source, it looks like your're free to go.

As someone that relies on third-party clients to get usable interfaces, if this gets widely adopted it would be great news. It would end the cat-and-mouse game from companies trying to force users onto first-party clients.

  • gmueckl  4 days ago

    But only if the user is not getting the app through an app store but from a "code repository"? I'm not sure if I interpret that correctly, but at first glance it seems confusing and ambiguous.

    Does that mean I need to download the Android apk from a git repository? Would a clever lawyer be able to argue that the release section on GitHub is outside the repository and therefore not fulfilling this clause?

    Would F-Droid still not be exempt because it is structured like a store and offers pre-built binaries?

  • Yokohiii  4 days ago

    Most proprietary services would process user data.

    It's also naive to believe that a fraction of open source in a companies pipeline would give them a free pass for everything.

    • KAMSPioneer  4 days ago

      But the text says "or," not "and." So by my interpretation if you process user data but are available via "free, public" repo, you're not covered. I presume "free" is defined elsewhere in the text, and that it approximates "open-source."

      3 replies →

fc417fc802  4 days ago

On the one hand, I'm absolutely against blanket age verification laws like this one, think there are better ways to solve the stated problem, and believe that the current crop of legislation is being pushed by bad actors for nefarious purposes by means of pandering to public mania.

On the other hand, I do appreciate that a possible unintended consequence of the out provided by (5)(b)(I) could be that PII (along with user generated content in general) becomes similarly radioactive to if the US had passed a GDPR equivalent. Either that or it's used as a justification for every single online service to require government ID in order to interact with it "because liability". Unfortunately I assume the latter is somewhat more likely at this point.

Also is it defined precisely what it means to "process users' personal data"?

  • rickydroll  3 days ago

    Wondering if providing a reference implementation of a safer age verification/gate would be one way to defeat these laws.

  • JumpCrisscross  4 days ago

    > there are better ways to solve the stated problem

    Call your representatives. There is overwhelming demand for age gating social media (based on, honestly, good evidence). This will be implemented based on who calls in. If the status quo of technical people being hopelessly nihilistic continues, it will be written in the stupidest ways possible.

    • fc417fc802  4 days ago

      > based on, honestly, good evidence

      Can't say I agree. Notice that the proposed legislation isn't specific to social media. Rather it's explicitly advanced in support of Colorado's data privacy laws as they apply to minors.

      There's evidence of lots of different issues, a few age related but most not. Adults certainly aren't immune to adversarial algorithms and dark patterns and the practical need for privacy isn't limited to children. It's more that we only seem to be able to achieve broad consensus to add additional regulations where it concerns children.

      1 reply →

    • Muromec  4 days ago

      It's always written in the most midwit way possible, then, once predicted failure happens it's patched up to be slightly better. That's the default assumption for most of the things.

      1 reply →

    • MBCook  4 days ago

      Of course we could make predatory algorithms illegal. Or just algorithmic timelines/discovery algorithms.

      Nah. Can’t stop the money. Let make brain destroying scams and ad spam legal as long as you’re over 18.

      16 replies →

    • ethin  4 days ago

      No, the mania is based on extremely bad/cherry picked evidence. There are at least 6 studies alone (some including meta-analysis) which has found absolutely no link to prove social media is addictive or harmful to children. If anything, they've found the opposite, and one even suggests that calling it addictive might be causing the very problem we're pretending to solve

vegadw  4 days ago

That wording could be interesting, because it's ambiguous if free is applicable to the repository or the project. Presumably, the latter. This means you could absolutely do source-open but not open-source and still get around it.

  • fc417fc802  4 days ago

    Well it says code repository not artifact repository. But it doesn't prohibit obfuscation or transpilation and more generally doesn't appear to specify anything beyond "free and publicly available". I really get the feeling that the people who wrote the law don't have a clear idea of what they're trying to say here and that any court decision is going to be a roll of the dice.