California passes law requiring ID checks for all operating systems | Governor Newsom signs bills to further strengthen California’s leadership in protecting children online
AB-1043 "Age verification signals: software applications and online services."
Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.
https://www.gov.ca.gov/2025/10/13/governor-newsom-signs-bills-to-further-strengthen-californias-leadership-in-protecting-children-online/Open linkView original on lemmy.dbzer0.com328
Comments200
Good luck enforcing that on Linux.
That's probably the point.
I wouldn't be surprised if Microsoft and Google lobbied for this to prevent open source from encroaching on their terf
Likely yes, though it won't matter to me. I'll recompile from suitably modified source code if it comes to that.
They might try to stop Linux from booting at all with locked bootloaders.
That would be the point at which things - expensive, crucial things - would start catching on fire for reasons that has nothing to do with anything I might be doing.
Like what? I believe you but I'm interested in the implications of this bill
that would basically destroy the internet considering how many servers - including microsofts own sites - run on linux
Libreboot.org
reinstalling OS is fairly easy. I expect utlities to "correct age error".
The bigger distros will probably do it, especially any that have an organization to fund their development.
That have funding from American organizations, or are an American organization themselves. Possibly even Californian only.
There's precedent that source code is protected speech, so maybe Gentoo is about to become a lot more popular.
And who doesn't enjoy using 90% of their system resources to compile the 10% remainder all the time?
You can compile while doing other things.
Any recent (AMD) cpu will handle it just fine.
Even most games struggle to utilize many threads.
Gentoo is also amazingly easy to use.
You can use binary versions if you want.
You just know that when a bill is titled "Protect the little children from eternal suffering bill", it's gonna contain some real fucked up anti-privacy nonsense in it.
That or terrorism
All laws are terrorism. That's not special.
Et tu, California with Democratic majority in both chambers? Fucking disgraceful.
Well, we as a state voted to ban flavored tobacco products when like 10 kids were getting popcorn lung from black market THC oil carts.
And selling tobacco to minors here is highly illegal, as it should be. So I never understood why we banned flavored tobacco, when the kids were getting issues from black market THC carts, which they also shouldn't have been sold/using.
Not even getting into how the law didn't stop flavored alcohol, we can still buy bubblegum flavored vodka here.
So even in the 2nd most Democrat leaning state, we still push for the dumbest laws. This was a state wide vote, not something the Senate/Assembly voted on.
I can report here that my fellow cigarette smokers in Illinois are still happy to be puffing their cancer sticks because flavored nicotine vapes are worse, and cause popcorn lung, so I should just keep smoking cigs.
Dumbest laws are pushed because we have the dumbest peoples.
the popcorn lung shit is such old news that people who bring it up have no idea what they are talking about. it was related to a chemical called Diacetyl. The popcorn lung name was from a industrial incident where workers were making popcorn with diacetyl as the flavoring, and there was an accident and they inhaled diacetyl vapors. There was no study done to say the levels in e-liquid cause this "popcorn lung" but e-liquid companies were so scared it would ruin their business that most removed the flavoring from their recipes, and the ones that contained it, had a warning that it had diacetyl, all without the goverment stepping in. vaping gets so much flak from the shit big-tobacco has done in the past decade and its sad where it is now, where people buy disposables and its just a dead market then what it used to be. just to put things into context here in canada. a 60ml bottle of eliquid used to cost 20-30 CAD before the "sin tax". now, it costs 55-60 CAD for the same bottle. want to bypass the tax and DIY? sorry, nicotine bases to mix only go up to 20mg/ml FOR THE WHOLE BOTTLE meaning that if you want to make your juice, the whole bottle of nicotine base you bought is used for ONE BOTTLE MIX and is subjet to the sin tax. before you could buy a 100mg/ml bottle of nicotine for 40 bucks and it would last your months while you had your flavorings, and PG/VG bases.
It was a pretty big problem, not just a few kids. That outrage killed the diluent and thickener market for squaline and mineral oils. I learned way more than I ever wanted about how people cut oil based products for looks and consumption. It ended up that basically the entire industry was using products that weren't new but we're now being used at the rate of millions of gallons. Honeycut was the big name that was being sold by the 55 gallon drum.
If you vaped during that time, you likely put mineral oil into yours lungs. Black and gray market it's still a problem, and those cutting agents were making it to the retail market by the time it got better.
Flavored tobacco used to only target minorities so it was OK. There are documentaries about this showing how much more flavored tobacco was advertised in lower socio-economic areas.
Once children started vaping the CA govt stepped in.
If you oppose the ban I have to assume because you don't know where to get menthol cigs anymore. I live in Oakland and can still find Newports. I quite smoking them over 25 years ago but know more than one place that sells them.
edit - this thread is about age verification. not sure why you think tobacco bans are remotely close.
I don't smoke period so I don't mind it. I found the reasoning banning it was stupid, because the boomer voting base didn't understand the reason for the Prop being drawn up.
Talking about a dumb law being passed, so I talked about a dumb law being passed. I said that a state of Democrat voters and Democrat Assembly members doesn't mean they always pass the best/logical bills. Better than if the state was ran by Republicans, but so is every state.
LOL lib thinks the fascist-lite party cares for the plebs
A lib (liberal or libertarian leftist) as opposed to what? A non-liberal, ie, authoritarian leftist?
I don't think authoritarians have credible claims on this matter or anything worthwhile.
obviously US liberals.
The fascist-lite party voters who imagine themselves to be left/progressive
you’re so obviously american… fucking compulsive liar liberal poseur.
"obviously" right.
50% of my comments are shitting on that cancer country.
And deservedly, what a collection of morons.
Proven once again by you
US liberals are mostly social liberals & progressives. They include liberal/libertarian leftists from the political map.
Are you claiming liberal leftism? Then welcome to the club.
I do not care for your explanation.
The politically illiterate US population uses every term and definition wrong.
Also they are relative and progressive there means nothing since the overton window is so narrow it only goes from fascist to center-right.
You can say or claim what you want, all I've heard from so-called US 'liberals' was nearly as horrible and right-wing as the rest.
Only different in their pet peeves like LGTB, etc..
What are you trying to argue? Non-liberals will demand liberty from intrusive imposition of age verification? What do we call these advocates for social liberty? With which major US political ideology do they belong if they had to choose?
You must be speaking of yourself: now you're disagreeing with political scientists & historians. The linked article cites definitions & references from both.
The political spectrum article
reaffirms political scientists consider progressives & social liberals on the left.
Not entirely: words still mean things.
Progressivism: ideology
Social liberalism:
So back to modern liberalism in the US: what has it endorsed & pursued?
What are these if not social reforms to advance the human condition (ie, progressive policies)?
What is the support for mixed economy & these issues if not the definition of social liberalism?
Are you claiming any of that has much to do with "notions such as authority, hierarchy, order, duty, tradition, reaction and nationalism" that characterize the right? They seem to have an awful lot more to do with "ideas such as freedom, equality, fraternity, rights, progress, reform and internationalism" that characterize the left.
It's time to face reality & admit the facts don't support you.
Then maybe you don't know many liberals.
Regardless of what you think, people in the libertarian left of the political map exist in the US, and there are only 2 major ideologies there to choose from.
They're not throwing their lot in with conservatism. That really narrows down the possibilities.
not reading that
I think "liberal" is the opposite of "authoritarian" and "left" is the opposite of "right". America has never really done left wing and the liberals are more lib centre than lib left, whilst the conservatives are auth right. American "centrists" are loony right wing by European standards. Tankies are auth left, so find liberals annoyingly non-left and annoyingly non-auth, which is why they have so much to say against dems, whilst the gop is to a tankie at least auth even if they're annoyingly right wing.
I will never understand why tankies act like the last 50 years of Russian history including the complete overthrow of communism never happened. It's like they kept the worst bits of the soviet approach, threw out all the good bits and added the worst excesses of uncontrolled capitalism instead.
As a lib left, I find much to disagree with in all those places, but most strongly with the auth right like trump, putin and their chums.
I'm very very disappointed with UK Labour trying to fix the housing crisis by deregulating to "free up" the housing industry to remove the housing shortage. It's like trying to fix an active alcoholic by giving them the keys to the liquor cabinet. You'll only fix the housing crisis with a massive program of council house building. Anything else is papering over the cracks. You'll only fix the NHS by bringing social care under the same funding roof and investing massively.
China gets some things right like massive public investment and very long term planning, but other things wrong like authoritarianism. I'm amused that Trump thought he could outsmart a civilization that's been doing diplomacy for thousands of years and has largely (but definitely not exclusively) been a meriticracy for a very long time.
Some of the Scandinavian democracies have been the best run countries for a long long time.
Anyway, I'm sure you'll find plenty to hate on there.
That's all you needed to say.
Misinformed propaganda fed american
The Moral Majority, which championed efforts to get "Explicit Lyrics" labels on records, among oþer censorious legislation, was headed by þe wife of þe Democratic US VP.
Democrats have þeir own issues; þey're just not as egregious as Republican troubles. We're still a nation of Puritans and parents who refuse to be accountable for raising þeir own children.
I apologize for this being posted about 2 weeks after the bill was signed, was going through my usual methods of checking news and new laws and found this.
Now terminals will read: “GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law, and contains code known by the State of California to cause cancer or other reproductive harm.” /j
i once compiled C code and now have finger cancer
He can go fuck himself. "Dems are the good guys!!!" Fuck off. This isnt about protecting kids. Its about tracking, profiling and data collection. No doubt to sell to 3rd parties. Fuck all these cunts who push this shit.
There's no fighting 21st century fascism without breaking this law.
This is so much more effectively evil than ehat the trump admin has been doing holy shit.
This might genuinely be world leading evil.
Evil has won and has pulled up the ladder behind it to make sure no one can challenge it.
*to make sure nobody can challenge it without illegally building or stealing a ladder.
Read the link yall
The bill requires:
What this bill does not do:
Honestly this doesn’t seem that bad to me. If anything it’s a little pointless. This style of age verification is basically universally already used. I guess you could read this as forcing OSes to have parental controls.
I do think there is a bit of a privacy issue in this information being shared with every program, but they attempt to minimize this using the binning (so ironically it really only hurts the privacy of teenagers since for adults it will just say >18), and this information is supposed to not be shared with 3rd parties (but we all know Facebook and Google are going to do whatever they can this info, pushing the limits of that part of the law, or just waiting to be sued and paying the fine when it happens).
I honestly think most Linux distros will just implement it.
We use 1/1/1970, the Unix epoch.
Wild! I am exactly the same age as the Unix Epoch.
Are you serious?! Mad jealous as I missed it by a year.
How cool! :)
How surprising that's my birthday too!
Yeah, no
First off, this is just another step, and if you believe it's the last one then I have a nice bridge to sell you
Secondly, this won't work in practice. Software is being developed all ove the world by single nerds to scientists to little kids, to small software companies to huge software multinationals with hundreds of thousands of developers.
99.9% of the world doesn't have these rules and won't give a shit about what California wants. Do you believe that the app developed by some random kid in a random country will start checking age just because newsom wants it? Ok Boomer.
And IF this system allows you to put in whatever date, then what's the point, beyond some security theater?
This bill is absolute horse shit and won't go anywhere because this is not how the world works. This will likely end with citizens in California having a really really tiny amount of software available to them legally
Slippery slope fallacy. This law is basically just asking for a more unified and organized version of how we already check for age verification (which is every individual app or website asking for your birthday). If there was anything more than that I’d agree with you. I do agree that it’s annoying this is coming in the form of a law instead of an addition from Apple that they use in marketing that gets others to follow suit. I think that would have been a healthier way for this sort of organization to happen.
That being said, I do agree with you that the potential “next step” of asking the OS to verify your age would be an issue.
They already have to select what age range the app is for when they submit it to Apple or Google, and it’s Apple or Google that will have to make changes to comply with this law. If they aren’t distributing through an “app store” there is nothing the 3rd party developer needs to do or worry about according tot his law. However, I am curious how this will end up being applied to command line tools and package managers.
I agree, except it could be a form of parental controls. One thing I really don’t like about this law is I think the parents should decide what content is appropriate for their child, rather than the App Store. But not having any validation both puts the control back in the parents hands to some extent, while also making sure the law stops short of becoming a serious privacy and security issue.
Considering most of the biggest software companies in the world have offices in or are based out California, that’s simply not true. Apple, Google, and Microsoft will all comply, regardless of how reasonable the rules are. At best they would fight it in court.
I doubt anyone is planning to sue open source OS developers over this, but honestly the changes it asks for are pretty small, so I expect most linux distros will follow suit anyway.
Ofc I don’t think there is anything California could do to enforce this on FOSS software in any practical way, if it came to that.
That's not the slippery slope fallacy. Are you operating under the assumption that any sequence of events and projection of a future step is an example of the slippery slope fallacy?
Why not? Microsoft would love for open source OS developers to all be shut down. This is just another way to attack them.
As a parent, I reckon a voluntary system like this (if I understand correctly) could be very handy. I could create a child account and automatically get age gated content for it.
And when said child is smart enough to circumvent the system, then they deserve whatever content they manage to get their hands on. I'd be so proud.
But I'm sure capitalism would find a way to abuse and misuse the system for gains.
Even with binning, it doesn't prevent the date from being learned. All an application would have to do is ask for the bin every day. On the day it changes you learned their birthday. It only works for <18s, but isn't that specifically who they're saying they're trying to protect?
Yeah this is a real issue.
The smallest window for binning is 2 years and you would need another identifier to compare it against for any meaningful data gathering. If the law also provides penalties for gathering that type of telemetry on minors then it should be solid.
If it does that, sure. It would create penalties at least.
You wouldn't need another identifier though. On your 16th birthday, for example, your age range changes from <16 to >16. If the application checked every day and recorded it, then they would then know your birthday. The bins are larger, but switching bins is by the day. It doesn't matter how large the bins are at that point.
It's still pretty bad and senseless. We all know how antis, nazis and conservationists are: you given them an inch, they'll try to bite your entire arm off, not to mention leaving an infection behind.
A state governor doesn't get to decide what kind of data libre software must or must not collect.
Correct, it takes a whole process and a bunch of politicians to write a law like this.
No and if you dont see the problem, get a fucking mirror.
Would Linux be required to though since it's free open source software? Windows I can see because it's a product, but Linux isn't.
I think any used in an official capacity (think enterprise facing software like Redhat), might, but for anything not used at a company level would be both impossible to enforce and unlikely to be audited.
This is probably the most dystopian child safety bill so far.
Most dystopian "child safety" bill. Let's not legitimize the claim that these laws are made to protect children while having privacy-invading side effects - they are privacy-invading laws disguised as child protection, while failing to have any real impact on children's online safety and wellbeing
I'm not sure anything this repressive is implemented anywhere in the world.
Edit: wait this is the other half of the thing everywhere else is doing that would make this nightmare shit.
The only thing that I can think of is how China regulates it's online gaming.
https://appinchina.co/blog/the-complete-guide-to-chinas-age-verification-system/
The move to do this was largely in part thanks to complaints of parents in regards to their kids' habits with gacha games. For anyone interested, what I posted was a small excerpt from the link, there's a lot more info on it there.
Is it in the OS?seems like just games.
It is similar, not the same. Some other key differences to consider are that while the US one is at the OS level, it's just asking you to provide an age that isn't linked to your ID or anything. It's just like when a website asks your age, you can absolutely lie about it. But now it's being done on the OS account, not the website.
Whereas, yeah, it is just for games in China, but it is absolutely being run against the person's ID in a national database. Some games even require facial recognition. So it's on a whole other level of verification and tracking.
The us is also openly capitalist with no other pretentions or pressures, and currently in the grip of a fascist regime.
I mean, sure? But that's rather broad and does not really pertain to the topic at hand which is potentially (or outright) privacy-breaking legislature enacted and enforced on technology in the name of protecting childeren.
Its the difference between fucking around with a gun in the hospital parking lot with your two EMT lovers who are trying to get you to stop, and fucking around with a gun in the deep arctic with two hardened killers who want you dead.
It's Age Verification, which will almost certainly mean either ID scanning or facial scanning via the device camera. Or alternatively card transaction verification - the OG method baked into all these laws is the one that pays MasterCard and VISA. ID and facial recognition are cheaper services because the business providing the scan service can make more money off the ID or face they scan.
"Almost certainly," is just you assuring it is so. Nothing in the legislation itself demands that.
One of the architects of Project 2025 confessed on secret camera that the purpose of age verification laws is a de facto porn ban.
I'm sorry but you're using that term wrong. You mean a de jure porn ban.
A de facto porn ban would mean that you actually couldn't get any. And that's just ridiculous.
Like drugs are illegal de jure, but de facto getting weed pretty much anywhere in the world is not a challenge. Usually even easier than getting alcohol as an underage person. Not that I have experience of that in the past few decades (being underage that is).
I mean I guess it's "de facto" in sofar that it's not exactly presciptively de jure illegal when it's done like that. So in that sense you are right to use it like that, but eh. I disagree with who I was when I started writing this. No matter we're on lemmy.
Maybe for them. But for governments in general the point is that age verification is ID verification and it means everything you do online or on any electronic device can be surveilled and tied to your real identity. And that makes political dissent a lot harder to organize without being shut down.
Fuck that stupid bullshit.
So a developer of a FOSS application that gets installed on a device on California via a 3rd party app store (maybe F-droid) must have implemented a query to the OS for this data. Even if the app does not actually provide any inappropriate content or actually any content.
Nor does it matter if he is involved in the distribution of the app to California, a FOSS app redistributed via a 3rd party (F-droid maybe) would make the developer subject to this.
As a developer who can't control who distributes their software, I would simply change my license to exclude residents of California until this blows over, just to avoid the fine.
According to (f), the user is officially the developer of a FOSS application:
In some cases (such as the Arch User Repository or the Gentoo distribution), the developer does not even give the user an application but merely source code. The user creates the application.
AUR works with binaries too, it creates an arch compatible package but that can be from source or massaging an existing package designed for a different distro (like .deb).
Thanks. I didn't know that.
There is no mention of binaries in either f or c. Possession of binaries does not constitute ownership of an application, ownership of software means holding the copyrights.
But even if we abuse this definition we simply make whoever installs the application liable. In a lot of cases that would be a parent. It could also be the user since the law doesn't state they can't be the same person.
So then also copyleft is exempt?
Copyleft is not a legal term. It's a term for (foss) licenses that require users to keep the same terms when redistributing software. Such licenses do not actually transfer copyright. I fail to see how this would exempt foss developers.
The word 'application' means the binary. The source code is not the application.
That's your opinion. It's wrong. There even are applications that do not have binaries at all. There is no reason to believe the legislators would not want them covered by this law, it certainly does not say so.
It also does not make a difference, owner of the copyright of a binary is the owner of the copyright of the source code. Compiling does not remove the copyright of the source code author as the binary is clearly derived from the source code. The person who compiles the source code does not even get any copyright since it's not a creative process.
You are not helping FOSS by trying to portray the law as FOSS friendly when it isn't. Unfortunately the law rarely is FOSS friendly if not due to hostility due to indifference/ignorance on the part of the legislators.
That’s your opinion. It’s wrong.
Only facts can be right or wrong.
Anyway, I know there are applications that don't have binaries, but most do. I am not a lawyer, but if I'm not mistaken, source code is under U.S. law protected by the first amendment while binaries are not.
Also, it doesn't matter who owns the copyright. The laws specifies "a person that owns, maintains, or controls an application".
I am not saying that the law is FOSS friendly. I am saying that the law does not cover all FOSS software despite it being the clear intend of the lawmakers to cover all software. In such cases it will have to be decided by courts (I believe courts still have this function for state laws), whether it also applies to FOSS software.
What I am saying is that the lawmakers clearly do not understand the topic they are trying to regulate.
Opinions (such as that the Earth is flat) can obviously be wrong. Facts cannot. Look up the definition of fact.
You admit applications are not necessarily binary, the law does not mention binary or source code or anything like that where it defines applications. You are just grasping at straws to justify an indefensible position, that whoever possesses a binary is it's owner.
Which is obviously untrue. Ownership of software means ownership of it's copyright. It's been made very clear in the last decades that you (legally) don't even own software that you pay for. You own a license to use the software.
You cannot argue, in good faith at least, that this is what is intended by the law. First it would be spelled out and secondly it would mean that for all applications, not just FOSS ones, the people paying the fines would be the users, $2500 for each app they install that's in violation. Which is obviously not what's intended.
Unfortunately it does since it does not discriminate. If anybody that can be effectively prosecuted (i.e. US/California resident) takes your advice and takes it to court, he is getting fucked.
No shit. That does not mean FOSS software is not affected. You also do not understand the topic or choose to not understand it because it's spells trouble for FOSS. But pretending everything is ok does not make it so. FOSS projects either need to implement it or make sure they isolate themselves from US/California jurisdiction.
And they're going to do what exactly to a developer that doesn't live in California? I won't add any kind of age verification to my bioinformatics projects and I'll keep issuing releases. Are they going to nuke Brazil? Block GitHub in California?
Since it's a civil case I doubt they could enforce payment on people outside the US. I am not sure if they can collect from people in the rest of the US but they probably can.
I suppose not complying with a court order could result in criminal charges. Brazil will not extradite you but you will not be able to visit the US.
That's fantastic news, so I win and keep winning in that case. Great, no age verification on my software.
Cute attempt, but libre software - as always - remains superior and impossible to control. That's by design. Write any law you want, I can modify whatever line of code implements this stupid check, remove it, and move on.
On a PC that isn't so hard to do. The problem though is that online services will start requiring the os level check which itself will likely require phoning home to some service.
Plus open software on phones and tablets is still in very early stages.
This simply isn't true. However your first comment about OS level checks is where the issue lies - if you don't phone home to Google your banking app won't work.
Well good thing banks have websites.
And if you block your browser's connection to Google you won't be able to log in to your bank.
Time to switch banks then.
Easy peasy, the browser checks the OS them reports it to the website
You mean the libre software that is all primarily stored on AWS, Azure, or Google infrastructure, especially github?
Linux is the giant it is using email as the primary infrastructure for development. We will be fine.
Can't we just fork it over to something like Codeberg eventually? I know it's a lot to move over, but with time and patience, it seems achievable.
Coincidentally, my birthday is 1900, January 1st.
1970, Jan 1st is better for this situation
Gavin is as slimey as his hair.
i hope people talking about him as a potential president remember this; he's a conservative robot who doesn't give a shit about you.
Which is orders of magnitude better than a conservative pile of goo that actively wants to inflict as much suffering on you that is humanly possible. Which is very loved by a median voter for no good reason whatsoever
goo is more human than robot. there's a reason why neolibs lose elections but Trumps, Mamdanis and Bernies win, and it's not populism, it's ideology.
Bernie lost popular vote two times in a row.
Bernie won plenty of mayoral and senate elections, as well as many states during his primary campaigns.
America has pockets of progressiveness so to speak, that's why once in a generation you can get occasional mayoral wins and such. But they never grow into anything bigger, for many many reasons, from the fact that America is a stupid country full of stupid people, to the fact that lefties will always chose infighting and purity checks over pragmatism, to the fact that significant portion left-leaning people are extremely anti-democracy and use "voting" as a slur word.
Doesn't mean nothing can be done, but you also can't just ignore all of that
yeah there are definitely challenges
Almost like the nominations were rigged and the media hated someone who would ruin the rich who own the media's income.
If there is something that Americans love to do more than bitching about their elections being rigged, that's not actually participating in said elections and waiting that someone will do voting for them, while they sit around and call everyone who actually votes "libs". That and daydreaming about murdering people during their inevitable revolution/civil war.
That doesn't mean elections aren't actually rigged, they very much are.
Between the preferences of the machinery of both parties, media ownership - including web companies, increasingly militarised police, ai + agents having the potential to effect the kind of 1980's de-industrialisation on the middle class, and the rise of a surveillance state that would make the stasi blush, voting for the lesser of two evils isn't going to do it any more. The lesser of two evils, both complicit in the construction of the explicit oligarchy America how has, is responsible for this.
You might extend the fuse a bit, but that will result in a bigger bomb. If it isn't too late already, you need to look to the likes of Sanders. Or you need a No Kings protest every day, or as often as possible. Or a permanent Occupy Washington, which I think would come at serious risk of harm for the participants. It is critical now for America's future.
Why do I need to show my ID to install Gentoo?
Because how can Persona (and the government) know who is using Gentoo without an ID requirement? What is someone doesn't use javascript when browsing the internet?
Easy, their next target will be business and browser.
I'd like to see them try. Is it during installation or download?
Oops, forgot to compile that module. Oh well.
So it's individuals that will get the limits and accountability while privacy companies will get off with slaps on the wrist when they inevitably have data breaches. Really tired of this double speak bullshit.
While I oppose this with every inch of my being I do look forward to seeing some super tongue in cheek implementations in Linux distros.
export $AGE
Linux dev sitting there like: well, my work is done.
Interesting, it's vague, and obviously going to go through legal hurdles. Windows, Google, and Apple will just do it. Ubuntu might, but what about Debian, or any number of server OS's? Will users need to verify their age logging into a server? What about forks? Forks of forks? OSes developed outside of the US?
Where this could be an opportunity, and hear me out, is that this could pave the way for privacy-friendly age checks to shut them up about "what about the children". The bill says that all it needs to check is age - nothing else. If the OSS community can come up with a way to privacy-friendly validate age, then this whole thing could be solved. Websites wouldn't need to store IDs, they could ask the browser who would check the OS. In fact, that might be the purpose of this bill, to curb all the "Just collect their IDs" with the websites. If the OS had a check stored securely that you're over 18 and nothing else, then all other age checks could be cut.
Also interestingly, it reads like they might be angling against Microsoft and Google for collecting private information on minors because "We didn't know they were minors, how could we?".
I don't like it one bit and it's going to be completely unenforceable - and OSes like Arch will say "You can't use this in California", but if that's the angle they're trying to do, it might work.
Yeah it's so good damn vague, you can say a simple checkbox of "I am above the age of majority" would suffice, or a full actual ID check whenever you make an account at Microsoft.
I think Linux distros will have to either make a check/declaration on their website or just block IP addresses from California.
I don't know how far this will go, or if it means anything different by the start of 2026, when make laws here go into effect.
Yeah reading through the bill I'm feeling better about it.
Where an "Account Holder" is:
The way I read this, this bill actually assumes the person installing it is over 18 and an adult. (Let's not argue with them on that). It's simply saying that "You need to provide a way to create child accounts, and your app stores will need to respect that).
What I do not see is that OS's must validate IDs or anything.
"Mom or dad need to set the age bracket for junior so that apps rated NSFW can't be downloaded"
Honestly, rereading it, this is how I would do age protection if I were to do it. Rereading this multiple times now, this might be the most privacy safe way to validate age, shut up lawmakers who cry "what about teh children!!!" and let us adults move on in peace.
You buy jr a laptop, it'll ask on account creation how old they are. That'll be a flag they can't modify that will be passed into browsers and app stores. That will prevent children from accessing content they can't. Adults then continue on. Jr grows up and either buys his own device, or mom and dad swap their account to adult.
Hopefully you're right, and the law doesn't allow for an expansion of this to include "just give google your id bro".
You can read it, it's in your link. From what I read it explicitly says they cannot gather more info than they need.
Oh I know, but I'm hoping that Google can't find another law that enables it. They have money for good lawyers for these things.
Google could do it right now if they wanted to. It's not against the law to require your customers to provide PII to use services. It just opens them to bad press, liability for mishandling the data, and potentially liability for knowing a user is a minor and showing them mature content anyway.
This seems way less insane than the 'let's model online age verification on pubs' laws we've seen in places like the UK and France.
That actually doesn't sound bad.
If I understand this correctly, its not about adding ID requirements. Its just about adding the functionality to every part of the software stack to go "oh, this is a kid, let's not show them ads for adult apps or new stories about mass murder" etc etc.
Less of a "papers, please" check, more of a robust "you must be this tall to ride" check.
Exactly, which is how I and many privacy respecting groups have been begging for it. We know the ultimate issue, they want nsfw off the internet. This shuts down the whole "it's for the children" bs without us needing to give away who we are at all. This is the most sane way to age gate. , and they won't be able to hide behind that excuse anymore.
Except because it's in bad faith this won't work they'll demand it could be made stricter and use its existence as precident that we should obey them
Oh boy you are so cute and innocent, believing they'd even want to hide.
If parents want nanny software they can install it on windows, no need to forcefeed this bullshit on everyone else.
It's going to be a drop-down that a parent can select on account creation. No one is being forced into it, unless mom bought your device.
I've always felt like the whole age verification thing was simply a failure of the OS. Yes, kids could potentially setup their own device, but most likely it is being setup by a parent. The parent should be able to create a the admin account, then an account for the child flag as a child account. The browser and any apps could then read that flag and act appropriately.
It seems like a simple solution that would be rather easy to implement for any multi-user OS. For single user OSs like Android and iOS, they have user accounts to fall back on that can work exactly the same.
This puts the control in the parents hands, and responsibility too.
Pretty sure this is what the PS3 did at least in affect. You could flag a profile for child use and it'd block games with certain ratings based off the settings, then you could just password the adult accounts. Good way to stop little Timmy from playing GTA at least, hell I think you could also put in exclusions so if you wanted to allow an specific game it wouldn't be blocked.
I like it for that reason too. If you're so worried about the children, then you can check a box that says this is a minor's account. If a parent can't be bothered with that then it's on them, and should be on them.
this is one of the most idiotic laws I have ever seen, and Newsom is an idiot.
Have you read the law? I have and I disagree.
It's actually an incredibly privacy conscious method of doing what it is trying to do, which is to allow parents to set up a child's account with their age information on a device and have that age bracket information passed to websites and applications. That way, it makes it harder for a child to bypass age-restrictions, but without requiring dangerous age verification methods such as ID or face scans.
It doesn't require any PII to be sent to any servers and in fact requires that no identity information is sent except age bracket data.
It might not require anything more as currently written, but it's a foot-in-the-door. Its acceptance and implementation will be taken as precedent that more compufascism can and should be implemented.
Ok I see you just want to be mad.
Won't somebody think of the children!
It'll be
systemd-agecheck, good luck.Just use the normal procedure for switching to sysvinit (or openrc) + elogind. Easy to perform if you still have your install media.
On Debian?? That's news to me.
It's actually well-documented in their wiki (yeah, I know, it's 2025 people don't read that because it's not Discord and that shit). Tho i recommend adding Antix's
nosystemdrepo if you do that on systems that are not Sid, because the packaging of some important high-level tools is stupidly tied to systemd for some weird reason (NetworkManager being a good example) and the upstreams refuse to unfuck it (which is as simple as restoring the init script those upstreams already used to have).Intentional hard-linking.
I went gentoo once debian forced systemd on its users, i wasn't aware they sorta backtracked, nice to know.
Slackware and Devuan fill my other needs so i have no plans to go back to Debian.
Debian never actually forced the use of systemd, they just didn't make it obvious you could switch at install time fairly easily, or later with a bit more work. I'm running multiple sysvinit debian systems, ans they're ticking along quite happily.
I'm not sure "tying the use of user-facing structures most useful for the community" (such as cgroupsv2 or NetworkManager) doesn't count as "forcing", since IIRC wicd (alternative to NetworkManager which doesn't require systemd) has not been available in packages since Bookworm.
Lovely aint it?
Can't wait for the big wigs to start sponsoring bills going after whistleblower protection.
And I thought he was the good guy. Fuck everything about this. Dick "we must protect our children". From what?
From the government not being able to mine their parents data of course... Its the number one thing that turns kids to drugs, dont you know?
Not sure why everyone always focuses on the executive as a scapegoat, it's the legislature that you're and passes these.
What in the world would give you the idea he was a good guy?
I'm not sure how this is going to be enforceable. So, in essence:
The OS should have an accessible API that returns the age bracket of the user, presumably for the purposes of eliminating a lack of compliance on apps using children's data for advertising. That's not necessarily a massive problem, though I don't like the idea of age brackets, I'd prefer it if it's just a "Adult" vs "Child" bracket.
It doesn't seem to be asking that the age be verified through some external provider, so simply stating the age of the user is enough.
App developers are expected to always request that information on launch/installation, which is simply not going to work because how would you enforce it for software made before this law came into effect?
The definition of "covered application store" is way too broad and covers basically anywhere you can download software, including things like public docker hubs or Github, so no that's never going to work out. Apple and Google can maybe include the request for age brackets and provide that information by default as part of the SDK, but legacy software? Good luck getting WinRAR to request that information. You've essentially banned all software made before 2025.
So... The OS-level stuff isn't a huge deal, but the requirements on app developers are way too strict and would be unworkable. If I were to re-write the bill, I'd make it so the age bracket must be available at the OS level, but not required by the app developer to actually use it. I would then add more strict requirements on sites to not use children's data for advertising, with the reasoning being that they could have asked for the age bracket from the OS at any time, and the fact that they didn't even bother means they actually wanted to use children's data.
The bigger problem IMO is the implication that a device/OS must have a defined "account holder" that is associated with an actual person with an age. Nevermind that there isn't any verification happening that could de-anonymize a user or be breached - as an administrator, am I responsible for ensuring users only use a specific account with the correct age identified? What about google or apple? Are devices meant for children to be locked down so that new users or accounts can't be created to circumvent restrictions?
This law is too vague to have any meaningful impact on child safety, and the implications behind it make future erosion of privacy far more likely.
That's not even accounting for server racks. Servers run operating systems too, and a server doesn't really have a 'user' as such. Sure there's the admin account, but there isn't a definitive person you can tie that to.
So the "age verification" boils down to the same level of security as that pop-up on PornHub asking if I'm over 18? And Newsom wants to create a legal precedent that can open the way to mandated State-controlled malware on every electronic device in the State just for that?
I mean, he's a politician. He's very aware that people can and do lie all the time. Which means that the stated goal of this legislation is very obviously not its actual goal.
They tried the same 'to protect the children' BS excuse to introduce more authoritarian police state surveillance in Europe, it didn't work.
I have edited the title from ID check to Age Verification check . It was not misleading on purpose, it was a mistake on my end from my day posting it was a bit wild.
Just ranting
I get that at least some amount of lawmakers may just really and truly want to protect children and jump to creating laws that involve lots of things that they have no real understanding. And blowback that can and will be created by hyper focusing on a micro level (even if they think they are thinking macro) points. But there are far more of them that just want to keep one-upping other lawmakers in being "the most proactive" or "tough on crime" compared to other folks in power because of all the money they get ever election cycle (which never end).
I know why it would be a massive shitshow (the "antichrist" crowd turns every little thing into a "sign"), but kind of wondering when they will just push for laws to put pet style GPS chips in all children at this point. I mean it isn't really much of a jump that they could require phones used by children to be forced to have GPS (and data) be registered to state level tracking (just like all the stuff collected by NSA already). But that wouldn't be enough for the one-upping shit, and GPS chips would be usable if the devices aren't with the children (or ones that don't have devices yet). All extreme levels of shit, but eventually seems like they would be the only levels that could "go further to protect children" at some point.
I really look forward to seeing all the "fuck privacy even if you don't have children" crowd catch literally all possible bad things that their own laws create happen to them personally. We already know that basically all the previous efforts to have kids only versions of things end up just creating massive targets for the very predators to get to the kids. And that automated flags can turn into so much false reporting without any real ways for the flagged accounts to speak with actual people to correct those false reports (YT being a great example even without anything involving children).
The government already slashes funds for things that aren't police/military (things like the already existing social services that are for kids/education/families never have money for even general staffing). And the private contracted (for profit) companies already find ways to make more than the government contracts by making paid tiers and constant ads. So those private entities shouldn't be trusted with data on children in the first place.
Read the bill. It's not the horror show you are imagining.
"Age verifications" AKA "A complete ID and access record of all that you do on your personal electronics." This is some seriously dystopian surveillance and control shit and it has nothing at all to do with children.
seems like MS lobbying group.
WTF! Okay fuck that guy too. Now it AOC only and Bernie.
I didn't see this one coming.
I am very very angry.
If the trump admin kills this piece of shit in public, I will report to the death camps as my civic duty.
._. what does that even mean
They were so upset, they lost any sense of cohesiveness.
'Kill the lib bastard and get one anarchist free'
Libs literally can't understand how offensive your dog shit behavior is, can you?
Are you having a stroke?
Your comment was poorly written.
As if liberals are fully literate.
Who here is a liberal? Your ego damages your cause 🤣
The whole point of the GNU/Linux operating system is for free speech. Whatever you're trying to do California, it's not going to happen. I refuse to run any proprietary software on my machines. It's astounding that any porch for freedom is just gets blindly attacked by a bunch of uneducated fools. What a boring dystopia we live in...
What is the point of bucketizing the actual age when anything querying it can simply note the date at which the user shifts to the next bucket to determine the exact birth date even if it never sees the exact birth date?
Furthermore, what about a common login like on a media PC?
What about a Steam Deck that gets shared around a household?
This is all very dumb. Could be a lot worse but it's still very dumb.
Computer code is a form of speech. It is mind-boggling to me that California wants to assert its rules over all FOSS software.
If California is able to do this, what stops them from next requiring Arch to be bundled with ID-checking Persona as part of a mandatory GUI installation?
Maybe Arkansas wants a mandatory "governemnt module" in Fedora to allow easy remote access?
Perhaps Dubai would like ProxMox to ping Dubai's government so they can create an IP registry of ProxMox users?
And since so many developers use github, will github just ban developers who don't comply?
I understand that such a rule could undermine Project 2025's objectives, but it is still a slippery slope.
Substitute age for reasoning skills and it will look much better (still doubtful for me, but definitely better than age). Well, who am I kidding, probably won't happen in my lifetime
sudo apt install apache2do you have a valid drivers licence?yplease type in your drivers licence numberPlease update your title to remove the misinformation about the bill, specifically calling it "OS-level ID verification" is not even close. It's not got anything to do with personally identifying information or any actual verification of age information.
It's actually an incredibly privacy conscious method of doing what it is trying to do, which is to allow parents to set up a child's account with their age information on a device and have that age bracket information passed to websites and applications. That way, it makes it harder for a child to bypass age-restrictions, but without requiring dangerous age verification methods such as ID or face scans.
Bullshit. This is not a voluntary thing that parents can choose to do or not: it is an enforced, mandatory requirement that is foisted upon literally all programs, regardless of user choice or whether it makes any sense at all to do so. Oh, and there's a penalty of TWO HOUSAND FIVE HUNDRED DOLLARS for EACH VIOLATION for EACH CHILD.
Download a foreign video app on your smart TV that doesn't comply? Congrats, the pigs will fine a three-child family $7500 for the crime of watching manga.
You live in the US. You know that this will be unequally applied to the poor and minorities. You know that this will be used as an excuse to search people's devices at massive scale. You know that companies will simply shrug and use face ID anyway, because they already have to do it for other locales, so why not just reuse the same process? You know that this is a foot in the door for the facists and capitalists. You know all this, so stop running interference for them.
The law has no way to go after parents, unless there's already some law on the books that does so and the penalties defined in this one somehow apply to that.
The penalties defined in this law are for OS providers not having a way to set age data within an account on a device or for not sending the age signal when requested and for developers ignoring the age signal or not requesting it.
~~I have edited the title to include "age verification checks" from "ID check". ~~
Written with the checkmarks emoji characteristic of AI...
I think the blog post is just a summary of the official document - AI summary nevertheless.
Yes, I was talking about the blog post. I have no idea about the legal document itself, but I wouldn't be surprised if it used AI too.