An upcoming California law requires operating system providers to enforce basic mandatory age verification
Apparently this will include Linux...
https://www.pcgamer.com/software/operating-systems/a-new-california-law-says-all-operating-systems-including-linux-need-to-have-some-form-of-age-verification-at-account-setup/Open linkView original on lemmy.ca442
Comments204
Gavin Newsom is such a fucking tool.
Tbf every single politician is.
Every politician should be... At least here in America. They are supposed to be our representatives, regardless of how they feel.
They are not. Not the grand majority of them, anyway.
If you run for office to be different from all the rest and win, do you immediately become corrupted upon election?
People wonder why the Dems are unpopular. 2 of my Dems here in Colorado are pulling the same OS age gate shit right now. What I want to know is: "who fucking asked for this?". Everyone seems to be doing it at the same time, but many people don't want it. Smells fishy. Let's not elect these assclowns to anything ever again. Why are you doing authoritarian shit when we elected you to advocate on our behalf.
In my book, a take that extremely authoritarian and unconstitutional should end your political career instantly. You can watch it all on your TV at home like every other clueless boomer (shout out to the boomers who are with it, actually understand, and care). How can we send people to represent us who will openly sell out our and our children's futures for a few thousand dollars in campaign contributions?
So define Operating System. Are embedded systems Operating Systems? Coz that's going to cast a rather wide net.
Selective enforcement. Basically if they want to do shit to you they will prosecute you, otherwise they won't bother.
I can't wait for my microwave to ask me to take off my glasses, face the camera, and turn my head slowly from left to right.
You are right that operating system is not defined. But the definition of operating system provider is this: "(g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device." (emphasis mine)
Which should clearly exclude embedded devices.
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
good lord, not even the solar powered four-function calculators are safe!
But embedded computing devices these days are regularly general computing devices, and have been for a long time. If my insert appliance x with an ARM processor isn't a general computing device, then why is my raspberry pi?
That is not something I had considered, I fully agree.
So many devices are built around SBCs running linux. I guess my first thought was that it is more about how the device is used and not what that actual OS is. But then how would the OS even be able to tell the difference.
This is a distinction that they should have spelled out explicitly in the law.
They basically defined curl as an app store: "facilitates the download of applications"
I mean sure, if you ignore the 2 words just before what you quoted.
I don't know that I would consider curl as "distributing" software. But as always it depends on how the court interprets it.
Full section for context:
Need a face scan to use my fridge
Doesn't even make sense. Virtually all Linux distros can function completely offline. How do you do age verification completely offline? Classic politician who doesn't understand tech trying to look like they're doing something to save the kids.
They will make it a crime to not have any OS that is not compliant, that simple.
The only platforms for now where this might work are Windows, macOS, iOS, and stock Android, however as Muta hypothesized, if this extends to hardware-level, a law could just mandate SecureBoot and lock out the ability to implement custom keys, and then only allow a short list of state-approved OSes to boot on the hardware, which no doubt Windows would be on that short list.
Similarly, all non-Apple mobile devices as an extension to that could be locked exclusively to stock Android, eliminating custom ROMs like LineageOS or GrapheneOS as an option entirely, let alone mobile Linux distros.
Me, buying cellphone parts from another state to assemble myself like an 80% lower to avoid having to drink a Verification Can every time somebody calls me:
I think I just invented the concept of a "ghost phone"
Me, using 8 bit adders to make my own CPU because everything else is now locked down to all hell
That seems as reasonable as suggesting they could pass a law requiring everyone to hire a govt licensed computer user in order to interact with their devices, and otherwise touching a keyboard or touchscreen would be illegal.
It doesn't feel like a realistic estimation of what they would actually try to do. There's too much that is currently dependent on Linux, you'd do better to just dismantle and ban the internet.
Another thing that could hypothetically be done given NK does this already so there's precedent as far as this goes, is any given government could make their own Red Star OS equivalent, and then have that as the only state-approved distro
Sounds like it’s a text box that enter input into. Making it completely pointless.
According to Gabe Newell, something like 90% of steam users were both on 1/1/99 (might be fudging the numbers somewhat but presumably you get the idea).
Easy enough to send threatening cease and desist letters to distro maintainers that may not have a penny in savings. This is a huge gift to Apple and Microsoft that probably had enough of Linux hoarding in on their market share.
Apple and Microsoft are both rather large Linux customers. On desktop, they sell their operating systems, but both of them use a lot of Linux in the enterprise. Apple more so, but Microsoft is no slouch.
MacOS is FreeBSD under the hood, which would also suffer from this.
I think that's a bit different. If all desktop OSs are affected by this law, Apple is in no better or worse position than their competitors. The mach kernel that macos is built around would still be available. TBH, I'm not even sure how reliant Apple still is on the mach source. If such a law were to effectively outlaw Linux, it would have massive implications for pretty much every company with a moderate or bigger enterprise footprint.
There's a shirt that you could buy where a kid is asking his dad what clouds are made of. Dad replies, "Linux servers, mostly." It's no less true today than it was then.
It's not the kernel, which is their own work for a long time now. It's the userland utils, which are almost entirely taken from FreeBSD and track that project.
Although BSD utils are updated at a glacial pace, so it probably wouldn't be much work for Apple to do that themselves.
You think they'll pass up the chance to enforce an increase in mass surveillance?
Define "Operating System"...
I guess my washing machine & car are also going to be "not for use in California."
Those Cisco switches & Broadcom DSLAMs would be tricky too ... I guess the internet's "not for use in California."
And the air-gapped power station control system? "not for use in California."
It is annoying that these laws come in (I'm also including magical thinking about encryprion backdoors for "the good guys") without any form of real-world, practical assessment. Complete waste of tax payers money and undue stress for everyone.
FFS.
Imagine you’re not allowed to use your washing machine if you’re under 18.
It will get repealed when all the always-working parents can't stand "teenager smell."
The law only specifies "computer, mobile device, or any other general purpose computing device."
Which is extremely vague. It appears that the intention was to just affect end user devices. Not specific purpose systems.
I'm going to report the shit out of any of these companies if they have locations in California and Colorado (if it passes in CO). If the law is scoped that wide, there's no way they'll actually be compliant. Even corporate desk phones have an OS. :-D
I mean you can. They only get fined for children affected by violations of the law. Soooo...
Linux distributions should react by asking users to confirm they're not in California. They'll backpedal fast.
Eveny single website running should do this, and refuse to display for Californians
Linux is like 3% if steam users. Linux doesn’t control enough market share for it to have any effect
Linux is the most widely used OS in the world, if you include servers.
If servers' OSes can't be legally used in California anymore, that would be funny.
All this age verification crap. Where is the fucking parents? I get that big tech has some responsability in all this. But how about we just make the responsible choice, of not letting a 8 year old near tiktok forinstance? Oh, it is just another excuse for private survailance you say? I see, I see...
I'm a parent and legit think that majority of parents should not have been parents and have no minimum required skill to raise a human being. It's sad because it's really not that hard but most people don't think a day ahead when raising their kids and just follow a "vibe", so spending a weekend on parental controls is an insurmountable task.
I'm not a parent and wish there was some kind of minimum requirement.
I AM a parent. And I will take the fight. Even though all other parrents will call me the "tin foil hat" rather that, than letting my child become a predators next meal online.. These parrents has no idea what social media is all about. It's a fucking addiction. The children can't see this, this is why it's our job to protect them.
"Won't anyone think of the cHiLdReN?!"
As usual, the solution is education. Parental education needs to be prioritized imo. That said, I have no idea how we would implement such a thing. Most likely better general education would help at least.
Just want to clarify that nowhere in the actual law does it require verifying the age of the user. It does not require IDs or face scans.
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Please read it. It is a very short law <15 minute read tbh.
The law does exactly what you ask for. Parents setup the device and put their child's age. If they lie or circumvent the system then the parents get fined if their child is affected by content on the internet.
for now
Everyone needs to realize that all the age verification stuff is just a step towards the purpose, which is having any and all computer operation tied to the person — i.e. as Cory Doctorow has put it, the war on general computation.
As a Californian parent, I'm teaching my kids to use Linux to be safer against surveillance and control. It is 100% my responsibility because I chose to have children and let them use computers. It's a dangerous world out there.
IDs in databases get leaked.
How about don't implement it and when California realises they need computers then they might change their mind?
They will make exceptions for themselves. Like how none of the laws passed in the UK apply to the military, politicians, and police. Even for their own personal use.
Yeah I agree with the article, people will just say "Do not use in California" then....F off. OSes are VERY different all over the place.
I dont see this as enforceable. Linux in itself is multi-user. Everyone is just going to put some bogus year for age and continue on. I also dont see websites caving and adding it all in because that would cost a metric ton and be inconvenient for everyone involved. What about server OSes? OSes that have a machine as the only user. Or embedded devices?
It also does NOT protect Children in any way.
This operating system contains code known to the State of California to cause cancer or reproductive harm.
Too bad that reproductive harm doesn't work eliminating the birth of politicians
How is it unenforceable?
Real question
I’d say it’s probably easy to investigate avenues they’d have to enforce it. Like how would they make Canonical, a British company, enforce age verification on Ubuntu, a product they give to users for free?
There’s no contract, no transaction, no legal entity need be involved in the process.
of all the shit out there, that's what needed attention?!
Curious for what it's a distraction, eh?
"Lets fight ICE" also "you need an id to use your laptop and be verifed by big tech to use it" Worse then clowns. Fucking traitors
Gonna make provisioning servers a lot more interesting....
I'll just copy my comment from a similar bill in colorado, I will leave the link to the colorado bill in, but here is the california bill as well if you want to read it yourself.
Sure. But this is step 1. Things never stop at step 1.
Of course, and I will fight the next steps with pleasure, but I welcome a qol feature anytime, even one enforced by law.
Thanks for putting this here. Kinda getting sick of people that only read the headlines or have only seen the Lunduke journal video that has so many clear inaccuracies.
The laws aren't perfect but they do have some nice protections for the users as you mention.
The only thing that I think is missing is that developers are restricted from collecting additional information but the OS providers are not, at least as far as I understand from reading the California law. At the very least, they still have the restriction on using the information in other places or sending it to third parties.
I posted this in another thread but I'll repeat it here. I think it is shortsighted that some linux distros are taking the kneejerk reaction of leaving/banning California residents. We need to band together and figure out a solution.
Oh, I have one solution in mind. Two, actually:
This bill makes the operating system provider the responsible party. They have to implement this, and ensure compliance. Failure is a $2000 fine every time a child launches an application.
Under this law, Microsoft and Google are charged with implementing this feature and ensuring compliance. They are, obviously, "OS Providers". They control their respective operating systems.
With FOSS OSes, Ubuntu isn't the OS provider. Arch isn't the OS provider. Debian, Redhat, Gentoo aren't the OS Providers. The product each of these entities provide is an OS, but it is an OS that is under your full and total control. Not theirs. They cannot control what you do with the OS. They cannot ensure your implementation is compliant with state, local, national, or international law. Under this law they are not the responsible party.
Under this law. You are the "OS Provider".
What about distros that don't use automated account creation (or have optional automation), like Arch for example or Gentoo? The law isn't made to accommodate those people:
"Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store."
The odd thing is the wording that it "requires" an account holder to indicate age or DOB. As with anything *nix, there is always a workaround. There is no way to require anything of the user. There's also no definition for "accessible interface."
And what about all the operating systems that already exist and are no longer maintained? Who is responsible for that. Microslop gotta update Win95 to add age verification?
I use DosBox to play MS-DOS games that I played as a kid, those didn't ask you to enter any credentials whatsoever. I guess they're illegal now.
hey, Leisure Suit Larry had a really tough 3-part questionaire to seperate adults from minors.
Omg... You would have to verify every single VM. Would docker images count or not? Might be enough to push me to properly work out how to use that instead of VMs...
Sounds like California needs to try out the ligma OS because they can suck my nuts.
Nailed it.
So you just fake a date and call it a day… thank you Cali…
For real though I can’t imagine the sysadmin and docker nightmares that arise from having to completely overhaul your account orchestration scripts to input a garbage birthday.
I don’t think anyone thought of the fact that an account on an OS doesn’t always correspond to a human.
The law only specifies "computer, mobile device, or any other general purpose computing device."
Which is extremely vague. It appears that the intention was to just affect end user devices. Not specific purpose systems.
And are they going to require ID to verify birth dates, or is this just going to be a drop down menu? If the latter, I'm pretty sure everyone's birth date is 1/1/1901. I'm so tired of this surveillance shit masquerading as "save the children" nonsense. I hate to say it, but this is a parenting problem and if your kids are more tech-savvy than you are, they WILL find a way around these safegaurds.
FTFY
This is being pushed by social media companies that don't want to be responsible for age verification
I think it's from proprietary OS makers that want to squash open source competition.
It can be both!
Gavin Gruesome at it again
Ye, now I've got a reason for hating him as well.
Sorry but I don't think the article text backs up the title?
The claim is that they have to enforce age verification, but the quoted law says:
Doesn't this just mean it needs to ask for an age at setup, so e.g. parents can set it up with an age and they can automatically be restricted?
I don't see anywhere actual verification is required, if you're setting it up yourself then just lie?
Honestly, this sounds like my preferred path if we are gonna do anything.
And I don't understand, because windows already does this and has for years. I don't live in California though, so I don't know the particular nuances they are asking for.
The problem is, and has always been, getting parents to use the tools. So unless you're sending parents to jail for not doing this, then it's totally optional and most won't use it.
If you want screentime limits, content filters, browsing history, restricted programs, age verification, wallet control, friends list filters, etc. It exists and is available on Windows and Xbox for free.
I think the next bit from the article I didn't quote explains that:
I think the idea is that you would say that under 16s can't use social media. Then you'd enforce this not with the horrendous Australian strategy of having everyone IDed, but instead you would enforce it by having an API that websites and apps could use that would tell them the age of the user.
So basically:
Windows might already have parental controls within Windows, but it's the ability for apps and websites to know the age (or in this case age range) that is the important part.
I much prefer this than handing over ID.
Windows can do that too, for the applications and websites that support it. There is no point in forcing it onto other ecosystems if parents are not willing to use the tools in the ones they already exist in.
Windows doesn't ask at install, and also this law requires them to ask for already set up accounts too.
This will make it a lot more visible.
So this is where devils advocate comes into play. Pretty sure we all are agreed that this law, or anything like it, is 'not good'. And I'll leave it at that. Just keep that context in mind as I elaborate further.
Windows actually does do this on install. However, the Microsoft Family feature uses Microsoft Accounts. So technically, sure it's not the OS (though it IS part of the OS, as you don't need to download anything extra to enable it's functions).
But you have to go out of your way now to do an offline windows install without a Microsoft Account. If you're that savvy, you're capable of monitoring your child without the help of big government. If you're a child, then nothing but honesty is keeping you from jumping walls.
But that is windows, and this is Linux. Now I'm not making accusations, but do we really want to push the idea that this form of control needs to be pushed out across everything, simply because the current solution that would work for most families isn't done at the "OS" level?
And to top it off, I don't even see it working. Most family devices are set up on an account with a single login. Managing access is not a 'one and done' process, at some point you will have to provide permissions, install software, change active hours, approve screen time requests, troubleshoot related problems, and more (and soooo much more if your kid is technically adept). Is it no wonder that most parents just give kids free reign to their computers and consoles?
So before we go around and ruin the experience and privacy of everyone, can we at least ask what the people who want this have done instead? Cause it really does feel like it's coming from a group who wants everything done for them.
I'm not sure exactly why people keep bringing up privacy concerns here. The law does not require collecting IDs or face scans. It requires os providers to add a screen where the account holder specifies the age or DOB of the user. The OS is not allowed to send that information to 3rd parties unless it is required by the law. And when they do need to send it, they are required to send the minimum information (just the age range, not even the DOB).
This law actually does more to penalize the parents that give their children free access to the internet. If the parent circumvents or enters the wrong age then they are penalized.
In addition it also forbids developers from asking for more verification data unless they are confident that your age range is incorrect. Which stops developers, for instance Discord, from requesting IDs without reason.
I do not think this law is written well at all. But I also would not mind more structure to how age attestations are done.
I'm sure many parents are capable of monitoring their children online. They either just don't care or don't think they should have to.
Fair on the privacy aspect, but again, I'll point out that Microsoft Family already does the age bracket thing. I think how it's done is slightly different, as software/websites have to disclose age groups rather than requesting it. Different sides of the same coin to be sure.
As for parents, I think it's a mixed bag. I know a lot who are a mess at computers. Most don't even know these tools even exist. Those that do, don't have the time to do it properly (it only takes one night when your kid gets locked out of their account doing schoolwork due to screen time limits and your trying to troubleshoot why your approval to your kids request isn't going thru via your phone, etc). But there certainly are also those that don't care at all or feel they shouldn't have to do it. It's getting better though, I see a lot less young people with tech blindness every year.
I agree. This doesn't seem any more egregious than clicking a button on a website that says "I am over 18".
Which website is that?
The one with naked people on it.
Do you have the slightest idea how little that narrows it down?
Wait, there is more than one?
Mr. Powers, everybody says that nudity and cursing aren't Internet-safe. How much poem could there possibly be?
But also, every FreeDos install ,server, managed network switch, IoT device, gas pump, etc. now needs to verify user age.
Also, it has to make "reasonable" effort to verify the age. Maybe just asking your age isn't considered reasonable by the state. Since the law doesn't lay out what to do, anything you do might become unreasonable depending on the winds of the day.
Nah it seems it doesn't apply to physical devices (except general computing devices as mentioned elsewhere)
(3) seems to imply the OS that runs your switch or gas pump isn't included. But I see nothing in the law that clarifies servers or any CLI only interface, or even any OS that doesn't have accounts.
Where do you quote "reasonable" from? The only part of the law with that word is referring to a different, already existing law (or the bit about reasonable technical limitations causing the wrong signals sent in the API).
You're right that mostly the reasonable thing was related to previous law.
Is a mobile phone not a "physical device"? An operating system is always has to run on physical hardware, so does this just invalidate the entire thing?
Nah I don't think it does. You don't really get that because the intent of a law is important in court cases.
Mobile phones are specifically covered:
I'm just not sure. It seems contradictory to me, since the manufacturer of a physical device is also "a person or entity that controls the operating system". Unless they sell the hardware with no OS installed? This exemption doesn't seem to mean anything.
With how they've defined "App Store", basically any product that can download applications is affected by this, including devices that don't even have the concept of a user account. I'm a little unclear still on what's required of an entirely offline OS.
I am not sure what's required of a bare bones Linux install (general computing device) that has access to a package manager (application store)!
But why do they assume that I am going to create an account to simply use an OS?
Ok I did it, I read the full text of the law, and you're right.
The existence of Linux or anything not big tech and the broad range of options within seems to be ignored. Does a CLI only OS need to provide a GUI for its "accessible interface"?
On a different note, I did see the last point here:
(3) seems to imply the OS that runs your microwave isn't included.
I am also using my phone with no account linked to it, as it is not required. It still seems to be an ignored usecase, even with the added context you provided.
Yeah perhaps. Or that "account" doesn't really need to bw what we think of as an account.
Could it be covered, but they would still have to ask? It says if it wasn't done at setup it has to ask, so perhaps an account-less OS would still be expected to ask for an age and provide it when asked?
That’s how it is now. Soon they will require ID to be provided.
TBH this sounds to me like something specifically intended to not be an Australian-like solution, which they could have copied.
But... but it's for the safety of children. /s
Fucking morons.
Not morons, just lying to achieve a different agenda.
I think your keyboard autocorrected minors to morons. (If we learned anything from the epstein files)
Gotta love it when people who have no understanding of how Linux works writes laws about how Linux should work...
It goes way beyond Linux. Think any device that could download something at some point. Gas station pump, calculator, FreeDos, VxWorks, etc.
There is a lot of language like "or can download an application", so if you can download something, then that thing could be an application, and thus that device and it's OS is covered.
And every point of sale system everywhere
I have never internally facepalmed harder in my life
The law only specifies "computer, mobile device, or any other general purpose computing device."
Which is extremely vague. It appears that the intention was to just affect end user devices. Not specific purpose systems.
Please explain to a complete doofus how can someone enforce this?
Cant they just download any linux distro from millions of different places and install them on any machine, even offline?
Bios are becoming more and more locked down, that'll be the next thing, at the tech lobbyists behest.
The law only penalizes instances that affect children. So by circumventing this law does not mean you would be charged with any fines. But if you circumvent it and your child uses the device then you would be liable no more than 7500$ (since in this case it would be an intentional violation).
I am not a lawyer. This is just what I understand the law to penalize.
OS providers and developers are also not liable if you set an incorrect age for your child intentionally or by mistake, only you would be.
But if they flaunt this law (do not try to comply with best effort) then they would be liable for each affected child.
Edit: sorry this didn't exactly answer your question. How they enforce it would be that it is tacked onto other charges from what I understand.
Edit 2: oh and children can't be charged, only adults (18+).
I saw the developers of MidnightBSD state that they are going to block users in California when this law gets put into place. I hope that more OSs do the same. Especially Windows, it could be devastating to California's economy and make them, along with other states and countries, reconsider their decisions on age verification.
I don't live in California but I'm interested in seeing if there are any other OSs that will be blocking California users. I'm probably fine to just continue using Linux Mint but I'm open to trying other distros/OSs in order to participate in this protest if Linux Mint doesn't.
In my opinion, it is foolish and shortsighted of these developers to just block the state and move on. (I do live in Cali but hear me out)
Whether people like it or not we are stuck with this law now. A law that leaves all of the implementation details up in the air. The big corporations, Microsoft and Apple, are not going to be pulling out of California. Do we really want to leave all the power to determine how this system works to them? Leave the 4th largest economy in the world entirely in their hands?
If we ignore what is going on here then we will give up our chance to even propose a minimal acceptable solution to this law. One that does not require ID or face scans.
I desperately hope that the linux foundation is taking this seriously and is already looking at implementing a solution.
This law aims to place at least some of the responsibility back onto the parents that allow their children to run wild on the internet. Is the law perfect? Absolutely not. Would I repeal it if I could? Yes, of course. But this is the hand we are dealt.
(also it is midnightbsd)
I know that we do need better regulations for protecting children online but I don't think we're ever going to get that. It seems like the government that we have now just wants to have full control over everyone. In fact, the FTC made a statement saying that they're basically giving companies a loophole that allows them to partially ignore COPPA, which is one of the best protections children had online. It's obvious that they have no interest in protecting children online, if they're making statements like that.
Just to reiterate I do not think this law is good and I would get rid of it in an instant but...
I don't really see this as a law to protect children. I see this as a law that focuses on the parents. The parents become liable under this law if they circumvent the system and their child is hurt. If developers decide to flaunt this law and ignore the signals then they would be liable.
So if you don't have children this law should effectively not affect you other than you might need to choose which age bracket you are in. Which sounds like such a small price to pay for making parents take responsibility over their children on the internet.
I mean, as long as they don't require an ID that's fine I guess, even though what they're proposing can be easily circumvented. But my biggest, and everyone else's, concern is that, as with what's been going on with age verification, it's possible that it'll just snowball into something worse. It doesn't help that there are people, like me, that currently can't get IDs. There are already several websites that I have to use through a VPN, so if these age verification laws keep getting worse, people like me might completely lose the ability to use the internet entirely, unless they make getting IDs easier.
I'm sorry that you have to deal with that. IDs should be as easy as reasonable to get. (fucking SAVE act).
You are right, this could be used as a stepping stone towards gathering IDs and the deanonymization of the internet. We (Cali residents) need to make sure that we contact our reps and are heard. Voice our concerns with this law in its current form and that we will be up in arms if they go any closer towards ID verification being required.
It depends on how the system is implemented. It is entirely possible that MS will implement it with ID verification or face scans, since the law does not forbid them from doing that. But that is why the open source community/linux foundation need to make sure that we put forward a reasonable solution rather than just "forcing" users in Cali to go back to using windows.
I mean, it'd suck for all of us outside of California to have more surveillance just because y'all have that law, and it's absolutely not really about protecting children, it's about surveillance
I'd love for you to go into more detail on how this is surveillance since that seems to be your main concern.
The law does not require providing IDs or face scans or any other identifiable information. There are clauses in the law limiting where the data gets sent to and that if data does need to be sent then it is the minimum that is necessary.
The law only requires that an account holder "indicate[s] the birth date, age, or both, of the user of that device". Outside of the abstract the law not once mentions any type of verification that must happen.
Also it's a California law. It doesn't affect anyone outside of Cali so if you are affected take it up with your os provider or fork your distro.
So the input is not verifiable? This will not work and sounds more that it's not intended to do anything other than shift the Overton Window. California has a huge fascist issue in Silicon Valley.
The point isn't to verify your age the point is to have the account holder (the parent) attest to the age of the user (their child). If the parent lies and it negatively impacts the child then the parent can be fined.
It also penalizes apps that see the user's age is in a lower bracket and still shows them sensitive content.
There is a huge fascist issue everywhere in the US. SV is not special in that respect.
It's just shifting the Overton Window. Don't fall for it. How many pedophiles do you see in jail? Protect the kids my ass.
Just moving the Overton window is not a good argument for or against anything. If you are concerned about what data the government may gather then say that and we can have a real discussion.
I am going to assume that you are referencing the epstein files. This is not a law about that, if you want them to be prosecuted then that is something you should direct at your congressperson. Not at a state level law about age attestation.
I don't care if there is a package called gnome-age-verification distributed in my linux distro and would prefer it if it means fewer sites with facial biometric tests. If I have concerns about the age verification, then I should be able to type:
sudo dnf remove gnome-age-verification
California probably wants it in linux distros so that linux can't be a justification for big tech still demanding Orwellian stuff in every website (ie "but what about the children who use linux? we need to protect them with Persona too!")
But where would it stop? The hell version of this would be kernel-level-approved-AI-agent-checks, with an OS required to have an approved AI agent with a validated third party key that reports to the government with required telemetry and the kernel makes sure the OS won't run without the approved AI and then makes illegal any scripts for unapproved kernel code modification. And post-Tornado cash, we know code is unfortunately not protected US speech.
What the absolute fuck are these people doing!? An OS does not require age verification for anything but totalitarian intents. Fuck this timeline.
Sounds like bullshit I will not tolerate.
Good fucking thing Linux is kernel
I, and many others, will be born on 1/1/2000 at 0:00 'clock.
Imo, it'd be funnier if you picked Unix time. (1/1/1970 at 00:00).
Can this be circumvated saying it's distribution rather than OS ? 🤠
Or just refusing to run servers in California. Much like the US DRM encryption restrictions of the 90s. Where the whole Linux community just had distributions required parts of the download to happen in non US servers.
A single, (although big and very active in Linux) state, will always have more limitations then a nation. The issue comes if it becomes US national. And then the US starts pushing other nations to sign agreements.
Given at some point trumps harm to all international treaties will likely be repaired. Their may come a huge opportunity for US politicians to renegotiate international treaties.
Assuming trust is ever returned.
distinction without a difference - lawmakers won't care
No more than gun laws can be circumvated by referring to firearms as 'high energy shooting implements'
I see a dipshit lib, I downvote. Fuck this guy.
USE=-fascism emerge -ave worldHoly shit west is fallen 🥀
That's a wash basin
Seriously, please let that sink in! I desperately need my plumber to fix that sink once and for all
What ?
"At þe account creation screen" þe WHAT NOW? ah yes cause linux definitely has an account creation screen. Could be a loophole
My linux has no screen.
That's the problem. They don't care if you have a screen, they need the screen.
Spotted the thorn þ enjoyer!
Real connoiſſeurs uſe the long s.
The regulation also mentions an APP STORE
I have seen this comment a lot and find it really funny.
I really hope you are just being pedantic and are not running all your systems as root only.
Users in linux are meant to limit what you are allowed to do for a reason.
The way this is written, it would just be a case of entering your age or DOB at account creation, which wouldn't be so bad. Indeed, this would be the kind of parent-empowering solution I'd like to see, since it kind of assumes the admin of a device (who sets up user accounts) is an adult who will enter the correct info for their kids.
Of course, there's always the concern they might try to push for adding 3rd party age attestation after the fact, with this being the thin end of the wedge. And it'd be a bit of a pain for the various linux distros to organise a compliant solution even IF it's just adding a new parameter to useradd and the associated "age signal" API for applications to query.
That's what it sounds to me. You just have to enter a date of birth, which I think puts parents in control of this, rather than shady websites.
Something that I, as a parent, really miss, is the ability to have some parental control without having to subject myself to horrifically broken systems like those from Microsoft and Google, which are just painful to use and don't offer any meaningful control. Minecraft has become almost impossible to use lately, and apparently it's going to get even worse.
More applications should have a simple child mode that connects it to a parent mode that allows the parent to keep an eye on what their kid is doing and enable or disable some features for them, but instead, they make it impossible to create an account, and if you do, you've got an account that can't do anything. It's broken and stupid and shouldn't be so difficult.
Maybe Linux could set a better example in this.
I'd just add an environment variable.
Nothing more required.
I suspect something the nonprivileged user can effortlessly change would be deemed insufficient. :P
The user needs to tell the system what their age is, so if I get up and a 15yo sits on the computer, they need to change the environment variable before starting any program.
No need for higher privs.
In every OS I know of including linux, you need admin/su rights to create a user account. If the age is tied to the account that at least prevents tampering without admin/su access.
But does the law require that?
From the interpretations I have seen, it doesn't even require real verification, just a way to tell the app, the age of the user.
Honestly I'm not sure. I feel like I'd want that as a parent tho, personally.
So as a parent, you want every person on planet Earth, making a software, to bear the burden of making sure your child cannot use their software without your consent?
You already have the option to buy something with parental controls.
You can also pay someone to add a parental control feature into an Open Source OS and install it for you.
But you'd rather use the politician?
This will immediately get struck down in court even if it passes, though everyone should make their voices heard in saying this is complete nonsense.
Yet another case of antiquated politicians not understanding technology whatsoever.
Sounds like it already passed
I have genuinely no idea how that could work.
I believe I get the genuine intent (protecting children) but I have so far never encountered any device or software or both that didn't relatively easily bypass user authentication.
The closest I've tried are (expensive) XR headsets like the Apple Vision Pro or the Microsoft HoloLens both thanks to eye tracking. Basically for these you have to validate you are who you claim to be when you put the headset on. If you remove it, put it back (or on someone else head) you have to do it again. Nobody else (unless you explicitly share) can then see what you are looking it.
Every other devices I've seen, including mobile phones with banking apps, typically ask you to authenticate then assume than you are the one who keeps using the device. Meanwhile anybody else can grab the device from your hand and be "you". Typically specific action (e.g. password change) do require to authenticate again but "normal" usage does not.
It couldn’t. It’s political showboating.
I wish one could implement "mental-age verification". That way almost all politicians on Earth would be blocked from important technologies.
Put the square peg in the square hole.
Brought to you by carls jr
"...operating system providers...", what the fuck does that mean.?
That might mean it needs to be implemented at the distro level. Not the kernel. This means that any distro that won't comply will be illegal in California. I'm pretty confident this won't cause any issues for anyone outside the "Land of the Free".
so... gotta credit card - age verified? Business used to want money. This personal get to know me shit is stale and smells.
I mean, as the law is written there's zero requirement for the entered age to be verified, only to associate an age bracket with the OS user account and to provide that info to programs as they require it. Now, I do wonder if a California-compliant OS would require service accounts to have an entered date of birth and what kind of fun that could potentially lead to of you enter the date of account creation as the birthdate but the full ramifications remain to be seen
I guess Linux distros are about to be banned in Cali.
They uh do realize busybox and BSD underpins nearly everyfuckingthing right? Including network stacks. So fucking stupid.
This shit law was written by people who probably don't even know the difference between software and hardware.
Every day this gets worse
And literally no one is doing shit to stop this. It is almost like personal property rights, privacy, and everything else are now dirty words that will make you look like a criminal.
what are they they gonna do against it?
Good luck with that
Can you add a link to the actual text of the bill to the post?
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Might help people to actually be able to read it, and it is a very short read (<15 minutes).
So, umm, what city is always the same time zone as California, but not in California?
Vancouver? Portland?
Apparently not Vancouver
https://www.cbc.ca/news/canada/british-columbia/b-c-adopting-year-round-daylight-time-9.7111657
I just heard that, too.
Holy fuck. The stupidity. It burns. It buuuuuurns
turns on VPN
Oh no, anyways.
If they're ever ignorant enough to ban VPNs we'll be fucked.
must be between the ages of 13 and 65 let's go ahead and set it to retirement age
This is why I torrent my ISOs
So, to deploy a new server they'll want the tech to do a face ID check first? Maybe it needs the CEO's face as they are technically the owner.
If this passes, I will start an age verification project called this_bullshit.
sudo modprobe -r this_bullshit
Problem solved