US state laws push age checks into the operating system Many web sites, social media services, and other platforms require age verification on the theory that it will protect kids from seeing inappropriate content. But now some US states want to require the operating system itself to check your age and that could cause big headaches for FOSS vendors. The top line of California's …
Right. I gave a friend my old iPhone 11 when his phone died, since he didn't have money for a new phone and I was coming up on my replacement cycle anyway. He doesn't even have a bank account and was able to set up an account with little issue.[1].
[1] Once we realised that the reason he *couldn't* at first was because it didn't like his email provider. Took two minutes in support chat to get it manually allowed.
This post has been deleted by its author
It's worth taking a brief look at how California defines 'operating system provider:
>> “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
A home router? I would describe that as a specialised computing device, but it does have an OS.
A 'smart'watch?
A wifi dongle (still seen around occasionally).
Suppose I have a computer not connected to the internet, or perhaps a VM in VirtualBox. What then?
*Applications* is even worse:
>> “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer
I can see Github disappearing from California.
I can see a lot disappearing from cali (and the wider internet)
What a superb piece of anti-competive law. If you're big enough, then running a register of approved users(more on this later) , while being a cost, is a huge cost a small start up will be unable to fund.
So wheres the next google et al coming from?
As for approved users? will this be every user has to have an on-line account? or will it be the admin only? what about our 3 shop floor laptops.... each one can be used by any of the 20 or so employees, is each one going to have to have an account on each laptop? or do we shift users from laptop to laptop, bearing in mind that the software installed on each one varies from 2 different CAD/CAM programs along with various data comm programs to cope with every interface from a USB, various network ports , to a dog slow RS232.
oh and banning the apprentice from using them because he's under 18
What a dogs dinner.
Still I'm sure all the FOSS/linux peeps will be welcome over here........ right upto the point where some politician goes 'think of the children' and does the same..
PS and then microslop/fapple get hacked...
Each of the Wi-Fi chipsets (2.4 and 5 jiggahertz) in a old ISP provided router I have laying around, has its own OS that gets fed to it upon power-up by the "main" SoC.
Learned that while foolishly trying to unlock the bootloader so OpenWRT could be put on it, instead of it being essentially glorified E-waste.
So much for the middle step of "reduce, re-use, recycle"...
The "general purpose" thing seems to target it at desktop and smartphone OSes only. It is pretty clear their intent is that this only counts for Apple, Google, and Microsoft. I don't think Linux or BSD really has to care about this, they may be technically under the remit but it is too small and too diffuse to be a target.
And that is part of the problem, because a good law is never ambiguous. If one can not be sure by the clear text of the law, then the law is bad, and so are the lawmakers who created it.
If I ran a service that California legislators used, then I would be modifying my system to make them (and only them) jump through age verification steps every time they logged in, and keep changing the verification requirements so that all previous verifications were invalid. Eventually, they might get the hint.
What about servers, VM's VPS? Docker? What a shambles.
Also the "totally not anti competitive or for state surveillance reasons" seems suspicious.
All in the name of "won't someone think of the children"... Erm well that the point of parents/guardians, maybe police that and make it clear that parents/guardians are liable for their kids getting or seeking access to dodgy online material.
I don't know, just seems like educating the kids and not having them hooked onto tables for birth would be a more proportioned way to go.
Like what happens when they turn 18? Oh great it's legal now go knock your self out with addictive social media and whatever else is out there. It's the same alcohol prohibition mentality that leads to young adults going "Spring Break" chug chug chug.
Let's hope the laws will be enforced as strictly and broadly as possible, pointing out ambiguous cases and loopholes will be treated as terrorism and everyone will tell on their neighbours. Leading to utter economic and administrative collapse. Not particularly wishing anything bad to California or Colorado, but a demonstration what such legislation means is in order – and they clearly volunteered.
It is also interesting to see their definition of “Account holder”, but the definition of “operating system” is curiously absent, as a definition of “person” (context seems to indicate it doesn’t mean “Account Holder”) and any requirements on the “Account Holder” with respect to accuracy of information entered.
Thus it does seem the OS will satisfy the basic requirement by just providing a user details screen, via which an “account holder” can select one of: Under 13, Under 16, Under 18, 18 plus and providing an API for applications.
Exactly that. I can just add a field in the adduser dialogue and make it set up an environmental variable on an interactive shell, let's call it YEAROFBIRTH or something like that.
Surely my kids are not tech savvy enough (yet, cut them some slack, they just entered school) to overwrite that.
It totally fulfils the requirements and it is totally stupid and easy to overcome. In fact, I'd be sad if they wouldn't figure that one out, surely by the time I'm OK with them playing Doom or something like that...
Even if I tell iOS for example my EXACT birthdate, that doesn't mean it has to pass that on to apps. An app that's age limited would just use an API to make a call like "is_over_18_years_old()" or whatever and that would be true whether I turned 18 yesterday or celebrate my 105th birthday tomorrow. So I don't think anyone should worry that all the apps will find out your name/DOB.
So I was curious whether I did tell Apple my actual birthday. Turns out I told them it was Jan. 1 1910 - I got my first iPhone in 2009 so I guess I decided to tell them I was 99 years old. I suppose in fall 2027 Apple will have to assume I'm 18 due to the age of my account lol
The problem in all this is that you have the government who knows your exact birthdate, and Apple et al who know your Apple ID that's associated with your phone, used to buy apps, and so forth. You want to avoid them sharing that info they alone know about you with the other, while still being able to prove you are old enough. This is doable, but doing it with minimal information leakage makes it more difficult and the government seems to be taking the easy way out by leaving it solely in Apple/Google/Microsoft's court.
Not sure how this can work reliably. If I sent a photocopy of my driver's license or passport to Apple that only proves there is someone with the name on the ID/passport that is a given age. It doesn't prove that person matches the Apple ID in question. You could easily see a kid grabbing his dad's ID and using it to prove his age, how could he be caught? Even if his dad already used that ID to prove his age, it isn't like Apple bars one person from having two Apple IDs so other than maybe sending an email to both after that happens saying "the same ID was used to prove age for both these accounts" and that only works if the dad cares about his kid lying about his age to an app store.
I'll note it is the same problem if you leave it on the government side. Then the government has no choice but to trust me when I tell them "please verify I'm over 18 with Apple for the Apple ID ds999@foo.com" but they have no way of knowing that account is actually mine rather than me verifying someone else's Apple ID.
IANAL but I read the law, it's quite short, and it seems like we had nothing better to do this week so we got all frothy at the mouth and in a tizzy over this! From my reading it really seems like the law says parents (account holders) must use parental controls when setting up their kid's devices (users) and app stores & software must tailor their content accordingly. I'm sure most linux distros can point a DE's parental controls and be done. The real burden is going to be on their app stores and on the apps.
I'm more worried about the app developers and store maintainers, they have quite a bit of work ahead of them!
The focus seems to be on apps and websites accessing the age information.
Only the New York Senate Bill requires “ 1. "AGE ASSURANCE" SHALL MEAN ANY METHOD TO REASONABLY DETERMINE THE AGE CATEGORY OF A USER”
I suggest “reasonably” means if the “Account Holder” declares they are the parent/guardian of the user, it is reasonable to assume they will enter the correct age.
What I expect to happen, isn’t fines for entering wrong user age, but “interest” groups deciding websites should not self regulate, hence websites launch as the various Harry Port fan sites should be rated 18+ because of the use of magic etc. yet Truth Central and websites devoted to creationism should be open to under 13’s…
Industry self regulation does not work! Look at the 737-max. Why would it be better for other places?
On the other hand, there's this life hack of "being a responsible parent" and "educating kids about stuff". And setting up filter lists on the piHole. So... nah, I personally don't think that regulation is necessary. At all.
Given the amount of sex and violence in the Bible, the rating most certainly would be 18+, and there are enough anti-religion groups out there that would make sure that they would be included right along with Harry Potter. Eventually, everything on the Internet will be 18+ again, just like it was 35 years ago when you had to be an adult or be shepherded by an adult to even access the Internet.
The problem being is your DOB can be different depending on the the timezone and daylight saving. if you were born close to the international dateline depending on which side you were born and the time of the day could put you out by a day either way. I was born very early morning in New Zealand so in the US I was born in the future.
Why the down vote. When I worked in New Zealand and here in Australia the septics could not work out that arranging a meeting or calling on friday didn't work for us as it was saturday and there was no way we were going into work!
One US manager even tried to suggest that we worked tuesday to saturday. Major FW!
>> so in the US I was born in the future.
> Why the down vote
Haven't you been paying attention? The US is regressing, back to an imagined Republican Golden Age of Apple Pie and Jesus in the 1950s (but no further back than that, as the Republicans used to be the Democrats and vice versa, side-of-the-fence-wise).
So the "future" does not exist and you were therefore never born!
OS should return IS_ADULT value. That's it.
Date of birth should indeed be set on OS level, but a false one should be acceptable for privacy reasons. That is an adult account can have any date of birth.
It is the parent who is responsible to set up a device for their child, and provide correct date of birth.
It is OK, if some kids cheat. But their parents should be held accountable if bad things happen.
The problem has to be tackled anyway, so the OS-based verification totally makes sense. Great first step. The responsibility to protect children must be shared between parents and the companies.
This post has been deleted by its author
But this also means the adversarial system already can fingerprint the device. Else how can date of birth be useful by itself?
Anyway, there is hardly a more effective solution working for all platforms without burdening web service providers. Or leaking much more by setting age verification services.
> without burdening web service providers
Of course, we mustn't burden web service providers whose only fault is they are providing services that are deemed damaging to children. You know, the ones that need to have age verification.
It would be utterly unfair to make these companies, from Facebook to Xhamster, carry the financial and technical burden of operating legally, when we can instead make every single computer user and supplier bear that burden instead. Especially all those feckless "open source" people who aren't even clever enough to try to get rich.
Burden the web service providers? Won't somebody think of the shareholders?!
"The problem has to be tackled anyway, so the OS-based verification totally makes sense. Great first step."
Sorry, what?!
What "problem" has to be tackled anyway? Do tell. This is "the problem", where government intrudes into innocent people's lives. You have it exactly 180 degrees backwards. We don't need "permission" to use an OS or applications on the hardware we own. Treating everyone as children is a very slippery slope that eventually will dumb everything down to the lowest common denominator. This is like asking for permission to do anything at all on our own computers, the equivalent of getting a license to use one.
It's just another attack on computing from clueless politicians.
Where had been the parents of the Epstein's teens?
So, yes, children, especially small, need protection. Even from such basic dangers as spyware or bad acquaintances. My own experience as a child - I definitely needed protection and care, because mostly not aware of possible dangers. This even applies to adults, unfortunately. Especially elderly. I observe too many adults getting scammed.
And both UK and Australia has approved age checks already - all by the officially elected politicians. Therefore the question is not IF, but HOW right now.
> We don't need "permission" to use an OS. - Correct. The idea of IS_ADULT value is only for devices used by children. But setting IS_ADULT is up to the adults (parents).
Your arguments are either weak or fallacious. Children should be protected from trafficking and sexual exploitation, and both those things are already illegal. How does age verification enhance either? Of course, it doesn't. Therefore it is not helpful in proving the need for, benefit of, or harm of not doing age verification. Your choice to put it first suggests you have nothing better.
Then you argue that we can't question this because some countries have legislated this. That argument is bad in several ways. The discussion at hand is whether there is a problem and what it is, and that is entirely relevant to if, not how. People in those countries are free to question the purpose of the laws that have been passed and to encourage their repeal. Also, we're talking about laws in the United States which do something related but not identical, and people in any of the other states do not have such a law yet. If comes first, since if the decision is not to pass such a law, how you would implement it is not relevant. You cannot declare a question everyone else is debating and you claim to be debating irrelevant just to win.
This post has been deleted by its author
It is unclear which share of his sex services was with children. If it was small, the rest was usual prostitution, or maximum sex trafficking.
I suspect the topic is mostly anti-American propaganda at this point. It is nothing new that super-rich are above the law.
I hope they paid much higher taxes - this would be the best way to protect children and adults. Especially the poor from exploitation.
I don't understand why the calculator app wouldn't be available. My understanding (from the article) is the the OS has to get age verification. After that I would assume that anything running on the OS would be Ok because it can get verification (or not ) the age of the user from the OS. What am I missing?
Anytime some system makes me use some sort of payment method to register, I create a virtual credit card with a token 1 EUR limit - and it typically expires 2 months later. It may later nag me because of the expiry date, but this way prevents me from unwittingly buying anything I'd rather not :)
The one states "operating system", the other states "manufacturers of internet-enabled devices to conduct age assurance".
The former is impossible, the latter can be fulfilled to "some extend".
But what about server OS-es? Do all admins need age verification now? There is no "user" in the common sense on a file server, no enforceable age verification in centralized authentification services.
Those laws are bollocks, made by people who never got beyond "Hot or not? Swipe left or right.". A side target is total overwatch, which is very much against the true american freedom definition.
Irrespective of the details of the various laws suggested in the article, I suppose a minimal solution could be that an installed OS (and its user accounts) might at least be enabled with the ability to record an age in some manner (whether in years, or as a simple child/adult binary, or as some fiendishly complicated cryptographic token), and then provide it by some standard mechanism if requested. Then it would be up to the device owner/admin how rigorously to verify the ages of their users (if at all), and up to some remote service provider how they respond - or how much they trust - any age provided by a user (or whatever mechanism might have been implemented). Then, in the case of some unfortunate outcome, at least you could get some finger-pointing/ blame-mongering out of the way more efficiently. :-/
The anti-porn crowd *FINALLY* found a way to prevent porn (look at how Pornhub is pulling out of states!), and now that they've found it's "age checks", look at how quickly it's spreading.
Really indicates what the original goal is and how intent they are on the matter.
Impacted next, "Explicit Lyrics" - RIAA beware.
Pornhub... pulling out... hmmm....
The VPN business is booming. In my 60s I'm not too tolerant of age checks. (Goodbye Discord) And there is no way in hell I'm sending a copy of my gov't ID to some 3rd party that will likely get hacked next week.
I can see some benefit of your OS knowing your age. But it will be abused by corporations to gather more 'demographics', or track the sites that you access. Let the person who set up the user account verify the age, whether it's a local or cloud account. Make parents act like parents.
in the same bracket. fully agree. what a life we had when we were young. i would not want to be born in this world. so much freedom we had then. Now the West is a bigger brother than China. parents should control their kid's devices. no one else. now. how am i going to do this for a headless linux MPU embedded product with an RJ45 and WIFI .....
If you actually look at the NY law, it includes operating systems too.
"Section one of this bill creates a new Article 45-A in the General Business Law (GBL) to require all manufacturers of Internet-enabled devices, operating systems, or application stores to conduct commercially reasonable and technically feasible age assurance for users at the point of device activation."
I did not look that deep into detail 'cause I am 95% of the non-US world, so it won't apply anyway. It just shows how superficial sensationalism and being as loud as possible has more priority instead of levelheaded actual thinking through. The latter is showing here too in our current government: Backwards ever, forward never. The previous went more forward, even though one of the three coalition members were obviously paid by oil industry - which is why that specific party lost their place in government.
Just looking the paradigms of US culture like the Kardashians, I would say that just another thing murcans got completely wrong.
(I am embarrassed to admit that I have no idea which way one swipes for "hot." I only know about the K's from an extended stay in a dentist's waiting room and being forced to read a "women's magazine" having exhausted the thirty year old Nat. Geogs.)
> dentist's waiting room and being forced to read a "women's magazine"
Or Geo or something similar...
Change that! Since I read (german) c't only digital but still get the paper copy I bring them along. You could do the same with your doctors.
Well, our library's computers already require a per-user (per card-holder) login, and the only time I used an Internet Cafe they gave me a slip with what certainly looked like a newly generated login in id. Too old for school (except at Uni we had distinct logins)
But then, They might just be watching me and letting the rest of you revel in anonymity.
I think kids and another specific group of internet dwelling perverts could solve that one they hang around on Minecraft and Roblox anyway.
It needs to be the other way around, you "Leisure Suit Larry" the age checks.
Multilayered questions only an adult could answer.
"Does David Lammy know what a cervix is?"
That is a country dependent question. You won't get "Mein Kampf" here so easily, or at least not in public places like the A. As far as "no longer" is concerned: No books I am interested in are banned.
How is it in your country, and why are you still hiding as numberless AC? Must be a very dangerous, backward developing country you live in.
My Dad caught me reading Marx (Karl, not Groucho) when I was about 12. Instead of getting grumpy about it (this was the peak of the cold war era, people were touchy about such things), he recommended that I get a translation of Mein Kampf, Lenin's works and a newly published English translation of Quotations of Chairman Mao (if they had a copy) next time I was at the Stanford Library. So I did. And discovered these "dangerous" writings were boring, incredibly daft, quite silly in places, and certainly not worth banning. That phase of my life went away in a week or two. Funny how education often has that effect ...
Quite a bit later, I found a scanned copy of The Anarchist's Cookbook squirreled away on a Berkeley FTP site. I printed it out, and Dad and I had great fun finding all the flaws in it ... Yes, I still have all my extremities, and they are still properly attached. Dad has his, too.
My Grand daughter has also discovered these writings, and read them, and came to the same conclusion that I did all those years ago. Hopefully her kid's generation will have the same opportunity.
"where they burn books, they will in the end also burn people" —Heinrich Heine
Mein Kampf? OMG what a boooring book that was! I was supposed to do a book report during high school one year, during which I was fascinated by Hogan's Heroes. I decided to do Mein Kampf after seeing it brought up on the show. I think I managed about 3 chapters before giving up on it. Perhaps it was better in German but in English it was horribly boring and dense - and I'm the sort that must read everything. I will even read prescription drug inserts because they have words on them.
For translations, it's reasonable to consider whether the translator is competent, intends to reproduce the original work faithfully, and in some cases, whether they have any relation to the claimed original title at all. And this isn't only for "political" books. I think I heard that there are some strange "translations" and bootlegs of "Dracula" and "The War of the Worlds", such as transferring the action to the U.S.
I have found quite a few. But they have been out of print - in many cases longer than they were in copyright - and no digitised version yet exists.
I haven't noticed any censorship but I neither reside in the US nor likely to be seeking the subject matter of a censored title.
Even if Amazon itself doesn't stock the title there are a large number of used·book vendors from all over the planet that sell through Amazon and with reasonable certainty from at least one such vendor the title could be purchased.
Yes, Trump is a cruel-hearted, dementia-riddled fascist.
Yes, politicians in both red and blue states have also given the usual "think of the children" excuses in trying to micromanage everything from app stores to social media to adult websites.
Noticing a trend?
One bad leader doesn't excuse another.
California's law cleared the state assembly 58-0, which means Republican's when a long. Colorado's bill passed the state senate 8-1, that 1 was Sen. Lisa Cutter, D-Littleton.
Make no mistake this has bipartisan support, so you know something sinister is happening. Republicans in Congress have propose the App Store Accountability Act, which does something similar at the federal level and maybe actually be worse. It doesn't require submitting IDs but punishes apps for accuracy failures, basically pushing them to collect IDs to avoid liability....seems to be a favorite tactic for Congress in questionable laws.
Note that the secondary requirement then has to be that the person using the device or operating system is robustly identified and that identity is communicated to the service they are using.
This may not be in the legislation as written, but to enforce it, we inevitably get to the point where users are personally identified, and that identity is shared with any online system that requests it.
Suddenly we have state mandated tracking of all computer activity.
That'll go well....
Come on, since when has a huge computer company having a comprehensive list of the population ever enabled bad things?
To paraphrase the old saying, "Nobody attempted multiple concurrent genocides with the full assistance of IBM"
Sorry, someone just threw a history book at me.
The issue to any state that brings in this sort of ill thought out law is that with FOSS it will always be possible to bypass any age checks since you can literally see how the code works and disable it or present the age check API with false info.
Even on close source OS it will just encourage kids to lie about their age - which is still possible as the law currently is written as it doesn't do any actual external verification of the users age (but expect that loophole to get closed down sooner rather than later)
And on Android, Windows and MacOS just don't install apps from the the stores and sideload them from external sites, but of course then they will start to mandate closure of that method for the sake of the children.
And since they are free, and downloadable from foreign nations, how can a state prevent a user from downloading linux for personal use short of tossing them in jail. How would they even find out the person is using linux. And as others have said, those wifi boxes are almost all running linux. Those datacenters are giant linux installations. How someone in the legislature didn't look at the text of the law and go WTF are you people thinking? You are effin morons.
> How would they even find out the person is using linux.
You are assumed to be using a computer to "participate" in modern life; if you aren't using a computer then There Is Something Wrong About You and you will be investigated.
We know you are not using Mac or Windows or other Sanctioned OS because we can see what you are doing (rather, we don't see what you ought to be doing); you are being investigated.
Please answer that knock on your door.
How would they even find out the person is using linux.
"They" will know via the effects of a companion law, which will require network-edge routers, switches, hubs, etc. to fingerprint the OS used by each device requesting an Internet Protocol address, and to forward that fingerprint and a client device fingerprint to the Central Government Database for logging and possible response to said network edge device, legally-demanding that the client device be refused IP service.
Maybe a related law will mandate removal of IPv4 service, too.
Happy now?
The legislation, if not now then soon, may require that only devices which restrict the choice of operating system to manufacturer-approved software, can be made and sold. So you could download Linux but you couldn't install it. Now, a virtual machine is a thing, but probably legislation can be applied to those as well. So Windows wouldn't host a Linux that didn't have government approval, too.
Even on close source OS it will just encourage kids to lie about their age
Which has a long and storied history. From buying fags (the sort you burn and inhale) and grumble magazines in the 1970's to kids making bad copies of official IDs to get into the pub [1], kids have been lying about their ages since age restrictions started to be a Thing.
Sometimes with less success [2], some with more. And sometimes with the usual workarounds of asking the older looking one (or bloke you knew in the 6th form) to buy it for you at a premium [3].
And doing it 'on a computer' just makes it easier because your friendly barman/bouncer/newsagent can't take one look at you and laugh before booting you out the door.
[1] At school there was a flourishing trade in those. Didn't need one when I attended a friends 18th birthday do in a nightclub in London back in the early 80's - he got asked to prove his age, I (then 16) just got waved through.
[2] Never try to order a beer in a pub as a 17-year old when the bloke behind the bar knows your parents well. Purely random advice, honest.
[3] Who eventually got banned from all the shops selling that kind of stuff in the village because, if he smoked and drank all the stuff he bought, he'd be dead in a month. He charged an entirely reasonable 15% levy on his purchases.
Doubtless these ideas will be adopted by the nonentities inhabiting British parliaments and assembly governments. At Westminster there will be acrimonious argument at PM's question times, when Bad Enoch berates Mr Starmer for not going far enough in stifling civil liberties (as if banning the words 'Palestine Action' were not a strong enough commitment to Nazism).
Of course, even should the purveyors of rectitude partially succeed, it will come to nothing. As a last resort sellers of software, and distributors of open source materials can locate their distribution nexuses in sensible legal jurisdictions; they don't need a physical presence in those locations. Attempts to download into the UK can be blocked, and stern warnings issued. Now that VPN use is almost ubiquitous the contentious software shall be universally available. This could be strongly to the detriment of Microsoft and Apple because each whilst paying lip service to civil liberties is an entrenched part of surveillance culture. However, Microsoft may come off particularly badly because its relationship to customers already is fraught with regard to poor software maintenance and licensing greed.
I got an Apple address which wasn't an address (it wasn't an email address at all) in the late 1990s, and an @mac.com address thanks to Mobile Me. Apple has been trying to erase both for a very long time. My ancient not-an-address still exists, it's just difficult to use; my @mac.com address is now, officially, an alias to an @icloud.com address. (Other aliases include @me.com) I never use anything except the @mac.com address, as I've been using it for over two and half decades, and frankly, fuck you, Apple, I'll use it until it dies. A very long time ago I put a 'payment method' on it: a debit card with under $10 US on it, except when I want to buy something and I put enough to pay for the item, make the purchase, and drive on.
I wonder what will happen when the OS can't tell how old I am because I won't say, but the AppleID account is well past voting age...
How can this possibly be applicable to internet connected devices like TVs and Fridges? They have a full OS built into them but they are also available to people of any age so does there have to be a coded lock to ensure they know who is getting the milk out for their breakfast?
I don't know about fridges, but a television capable of "general" computing - I'd say basically if it has a web browser then anything can be run in the browser - they'd make every TV run in "parental control" mode until you input a PIN.
Parental controls already exist anyway, and I can see parents approving that a TV can't be used at all without an authorised login, either for the parent or for a child. I expect you can limit TV time in hours and minutes, as well. Actually, we have that at work.
> Since when was it a perfect stranger's job to be the parent of MY teenager
Always.
Since you decided to have that child whilst you were within a wider society that makes any attempts to protect its members. As it must, otherwise it would fall apart. You would - I really, really hope - be praising that "perfect stranger" if the laws they made meant that police could intervene to stop another member of your society from doing something harmful to their children.
The range of possible harms is wide, including rape, hobbling so they can't leave the farm (and that can be psychological as well as physical), punishment with a cat of nine tails for talking out of turn, punishment by shunning for taking an extra biscuit. Grooming or conditioning them to consider such harms as normal and encouraging their participation in them, on either side. Or exposing them, not taking sufficient steps to prevent exposing them, to situations where the above may occur. All of those can be - are - "parenting" to the perpetrators, even "good parenting, pappy would be proud".
You decided to remain part of that society and therefore accepted not only what it gives you but also the limitations it places on you. And, depending upon how your society is organised and functioning, the means by which you can in return modify the rules to suit your own practices.
All that is happening here is that you have found a part of those limitations that you don't care for, "they" have stepped over the threshold.
And your response today?
You come out with a perfectly phrased politician's/rabble rouser's response. One that you know perfectly well matches that used by the very worst of the worst. Remove all limitations.
PS this law is stupid.
Leaving parenting to strangers will not stop groomers, it's how they operate. They prey on children who feel undervalued and neglected.
If you need help parenting, ask people you know for help. If you need tools to monitor your child's internet activity, ask. Don't take away others right by forcing regulations on us that are probably going to be ineffective anyway.
The Internet isn't the only way for children to get adult content, just the latest. BTW, have you seen how small high resolution camera are now? Should we put an age check on purchasing a camera to stop children from surreptitiously filming 'adult' content. Because they can and do, and then pass it around between classmates.
My response covered rather a lot more than the internet, as did what I was responding to: a blanket statement that was rejecting ALL societal requirements regarding parenting, simply because of one thing that jake - and you - disagree with.
Note that I DID categorically say that this law is stupid.
What I was objecting to - and still do, despite his rather sad response, something about parties, is his use of rabble-rousing words, intended to create a knee-jerk reaction "They has no right to ever interfere with my (or anybody's) parenting. That is crude politicking and blatantly untrue: there are parts of parenting that some people need to have enforced on them.
But, TO REPEAT, I DID NOT SAY that this law was one of those.
I categorically deny your premise.
Newsom and the rest of the California legislature has absolutely no place telling me how to raise my kid(s). The ONLY adults who should have a hand in that are those carefully selected by myself. Anybody else can butt the fuck out ... it's none of their business.
Are you one of those people busy-bodies who approach total strangers down the shops, and tell them what they are doing wrong with their family? Ever wonder why you never get invited to parties?
There is a HUGE difference between "parenting" and "It''s the LAW!".
Now, jake, I understand that, having rejected it, you had a hard time attempting to refute my premise.
However, deciding to descend to personal insults when you found yourself unable to produce anything resembling a counterargument: well, it's that is unfortunate. All that can really be said about such a lapse is that, on reflection, it is best that you understand: nobody is angry that felt you had to do that, we are simply very disappointed. After all your tales of trials, tribulations and successes, that you are left with no better way to express yourself, you have let us down. Worse, you have let yourself down.
> some US states want to require the operating system itself to check your age and that could cause big headaches for FOSS vendors.
Thus requiring just one point of checking. Rather than every app, browser, website or content provider having to implement their own system.
The only real issue this raises is that OSS operating systems can be built from source and (presumably) any checks built in can be rewritten by those few with the skills, tools and time to build your own.
We have a situation in the UK and, AIUI, in the US where committees of legislators can call lay witnesses and question them. Once upon a time this was reasonable. The legislators could be assumed to be sufficiently well educated to do their jobs. Nowadays legislators have to deal with - or decide they want to deal with - matters sufficiently advanced that a general education isn't sufficient to let them see possible consequences of what they're attempting. Perhaps the committee system needs to be reversed - the lay witnesses question the committees.
While the California law is getting the most attention, Brazil's Digital Statute of Children and Adolescents law is largely the same. And unlike the California law which doesn't start until 2027, the Brazilian law takes effect March 17th of 2026, less than two weeks from now as of the date I'm posting this.
Of course, economically, and politically, Brazil is less significant than California.
Some operating systems, like Midnight BSD, are officially co-operating with the California law by simply declaring in their licence that Californians are not permitted to run Midnight BSD as of Jan 1st 2027. Unfortunately, systems under the GPL, which is most Linux distributions, do not have that option.
The California law is insane, of course. The way it's written, it would literally be illegal for some calculators and DVD players to function in the state without age verification. But that doesn't mean that it can be ignored.
OS developers can absorb the loss of Brazilian licence revenue created by their dumb law, but California is too big to write off.
Fortunately, in the open source world, at least, I have no doubt that this will offend enough libertarian minded developers to create, or fork "California-free" or "Age verification free" distributions before 2027.
They have no clue how this whole computing thing works, do they? Nor 40 years of hackers, script kiddies, malcontents, experimenters and everyday power users who will do as they please just like they've always done: completely disable what they don't like.
Bwhahahahahaha!!!
When I first hear about it my reaction was obvious -- "Dumb law, dumber lawmakers" because, privacy concerns apart, it makes some sweeping assumptions about the nature of an operating system which might sound plausible to someone who's only ever used a desktop with Windows or Apple software on it but is an absolute nonsense for anything else.
But then this law just requires some kind of API that returns the user's age in order to shift responsibility for serving up age related content to the system user from the content provider. Something that's really easy to do because I couldn't see any way of ensuring that the age number returned by that API has any basis in reality. For 'ix' systems a full implementation would be a just an entry under the username list and some kind of 'proc' file to return this number. Anything more intrusive than this I'd certainly dig my heels in -- hard. I'm definitely not into those SaaS outfits that promote remote age verification, they're an open invitation to a complete loss of privacy (and they will get hacked -- not 'may' but 'will'). Any mandate that pushes me in that direction means that any website that demands it loses my interest -- and business.
People who come up with this sort of thing haven't a clue what a shell is -- if they're dimly aware of it then to them its probably something used by a hacker doing something illegal.
(BTW -- I've never thought of the DOS box as a 'shell'. Windows Powershell just seems to be an 'Embrace, Extend, Extinguish' answer to bash. Apple AFAIK offers csh 'just to be different'.)(I just use a scripting language, being old (school) typically TCL or Perl.)
The age verification should extend to corporations, in that case to the highest levels in charge - CEO, CFO, CIOI.
Verify their ages at every installation. At. EVERY. Installation. VM, container, on-prem, in-cloud, doesn't matter. I mean, you never know, right?
Do this for one week, no excuses.
Everybody else just lean back and enjoy the show!
"must collect and store the age or date of birth for each user account"
It always amazed me how a learned and thoughtful Supreme Court was once able to somehow tease a "right to privacy" out of the CotUS in narrow defense of abortion rights, but that somehow there was absolutely no right to privacy when it comes to something as vital as one's finances and, it now seems, even when it comes to something as basic as using one's own computer.
Hopefully the FOSS community can find a way to effectively fight back against this increasingly popular and accelerating degradation of rights.
Researching the sponsors and supporters of this bill makes for a fascinating and frightening insight into US backroom politics.
The bill was put forward by Democrat Buffy Wicks - what's strange about this is that she seems to be a rather unremarkable legislator with no horse in this race. Dig deeper and you find she is married to Peter Ambler, a man with very powerful connections in the Democrat party and interests in an AI company Pano AI.
Google, Meta and OpenAI have demonstrated hard support for this bill and my tinfoil hat says there are two angles to this. First is that it potentially kills off competition from Linux and other open source systems, second is that this will ease into forced ID verification for users of pretty much any networked computer system.
Buffy Jo Christina Wicks (born August 10, 1977) is an American politician who serves in the California State Assembly. A Democrat, she represents the 14th Assembly District, which includes the cities of Berkeley, Piedmont, Richmond, San Pablo, and El Cerrito in the East Bay. ... Wicks is a member of the California Legislative Progressive Caucus.
“California’s children are growing up in an online world with no guardrails, leaving them vulnerable to cyberbullying, sextortion, and mental health harms. This is simply unacceptable,” said Assemblymember Wicks. “AB 1043 offers a scalable, privacy-first approach that helps keep kids safe while holding tech companies accountable.”
The bill that does nothing like that but murders open software. I voted for her! Regret.
Google, Meta and the like argue Wicks’ AB 1043 is a more balanced and privacy-protective approach because it allows kids to download apps without parental consent, unlike the laws passed in Utah and Texas.
It also doesn’t mandate photo ID uploads — a controversial feature that sparked outrage from privacy advocates when the United Kingdom implemented age-gating rules earlier this summer. Instead, Wicks’ bill asks parents to input their kids’ ages when setting up a smartphone, tablet or laptop; groups users into one of four age brackets; and sends their age info to apps like Facebook and Instagram.
Before this change, control is out of hands of parents. After this change, control would be in the hands of parents were it not for the fact that the parent has no say in what their child downloads within that age bracket (you can tell they want to protect the children).
But this is absolutely something that Linux distros could do for users that log into the desktop. It would be pointless considering the kind of apps that you can find in Linux "app stores" (understanding "app store" to mean something like a shiny Ubuntu/Mint-style software package downloader with icons and a description instead of rpm or yum), but it can be done.
I mean, it's just setting an age/DOB in the first run desktop settings or software package download manager with a prompt to enter the root passport first before changing the age.
Four downvotes, I take they're all against on-device parental controls but unable to explain why.
If Linux is to be used as a desktop OS it has to deal with real life somehow. I'd rather it wasn't because of a law but this law is age indication, not age verification. It's like setting up the PEGI/ESRB age range on a console. I take it this is something else people are also against?
>users that log into the desktop
You're getting down voted because you are interpreting the law narrowly rather than taking it literaly. I don't remember it mentioning desktop, the law is bad because it is too broad and encompassing. It doesn't deal with the many many edge cases where it should not apply.
Such as the many thousands applications in the Linux respositorires that are command line tools.
It's vague and written by people who's idea of a computer is a smart phone, PC or Mac ... With a desktop. They don't understand what open source is. They don't understand you can build your own OS very easily without age verification.
If they mean windows and MAC or a system with a desktop they should explicitly say so with no contractions in the law.
It's a stupid law with good intentions but written by people that don't have a clue about how widely the OS is used in ways they can't possibly imagine that has nothing to do with children.
"OS vendors must collect and store the age or date of birth for each user account, and the OS must inform app stores. In a way that is not anti-competitive, of course. Yay, capitalism".
So we can lie to it and it's irrelevant for most people...but app stores have to obey it...whilst obviously this is the beginning of a slippery slope, that doesn't sound terrible.
I'm sure it's the legal wording that is the problem because it likely leaves the door open for invasive bullshit to "verify".
As a parent, if I could configure my kids ages in one place on their user profile and platforms were legally compelled to obey it, that would cut out a lot of crap related to parental controls and simplify things a great deal.
Forcing an OS to implement this is clearly wrong, but compelling social media platforms and the like to obey a flag set by me if I choose to set it sounds pretty good to me...before that though, lets focus on the "do no track" flag that absolutely no website seems to respect. Legally mandate websites to respect that and you solve a lot of age related targeting with the need for invasive overreach.
Fortunately I'm not in the Fascist States of America today, and I've never been an American of any stripe, so I can safely and comfortably tell their surveillance state bullshit to take their "laws" and stuff them up their "we're only one nation on a planet of hundreds" exceptionalist bullshit.
I'll be sticking with Debian 13, a non-US-hosted distro for the foreseeable future; I have absolutely no intent of installing or using anything that helps the American attempt to build a global fascist surveillance network of "Recall" type intrusions on the operating systems produced on American soil.
To bloody hell with these lunatics! I almost hope for World War III now, just so Russia and China will step in and nuke those sons of bitches back to the stone age...
Agreed as anyone who has the slightest awareness of the extent of China’s mandated software apps and surveillance on its citizens devices would know.
Ditto Russia.
Canadian myself so some level of annoyance towards the USA is warranted.
Not well-wishing to totalitarian neo-Stalinist states.
Russia I can agree on, China not so much. They've built the surveillance and monitoring network that the Americans are trying to emulate, but China only did it for their own citizens instead of trying to infect and monitor the whole damned planet.
To HELL with the Fascist States of America under Der Pumpkin Fuhrer, and the rubber-stamping complicit Senate and Congress that are going along with the illegal invasions, illegal tarrifs, and illegal mass murder of civilian populations. You are NOT a "bastion of freedom" any more; not even CLOSE. You've become the greatest threat the entire planet faces today, and show no signs of changing course.
Canada, the EU, the UK, Australia, and New Zealand must unite and defend the planet from this latest rise of the ugly scum of Fascism, the same as we did in WWII.
If you insist on making this a nationalist thing, would it really hurt you to learn what other countries are doing? The UK has significantly more invasive ID verification. Australia has stronger restrictions based on age with much more than "please enter your age" to back them up. Both of those were on your list of people who are supposed to fight against such things with you. Did you miss this, or is your generalized problem with one country causing you to ignore the clear differences in the specific complaint you're making?
You've got more problems. So far, the laws concerned apply to California and Colorado, not the rest of the country, let alone Canada or any other country. That's not the whole thing, as several more states also have laws trying the same thing in different ways. It would be entirely legal for an operating system provider to ask for ages in California and not do so in Canada. The US federal government couldn't even make Canadians do that any more than China could, but also, they haven't tried. You have plenty of things you could complain about that would be real. Why make up a fake one that collapses so much more quickly?
Discord happily now slurps up "age verification", pushes it to third party companiess who perform a full background check, attempt to analyze your political leanings from social media/reddit/digg/discord posts etc and report this directly to ICE as well as to local governments and large corporations that may hire you. Discord also sends ALL your data..your photo, ID, background info to the chinese and russians governments so they can "decide if you are a threat".
Seriously. Those governments pay millions for the data. and Discord keeps EVERYTHING. even when you try to delete a chat.
Result: "so 4yrs ago you were linked to a "workers deserve more pay" movement....well that just illegally barred you from working for Microsoft, Discord, Apple, Walmart, Samsung etc....
This topic has appeared in my social media repeatedly. It seems everyone is assuming Linux distros will implement something for all users. For the whole world. Instead of just adding a download for California, Colorado, et al. I don't understand their logic. Why would teams want to push their users away towards those distros that do not comply?
It could even be as simple as asking country location. If United States, then enable age verification.
That's not the job of an operating system. The job of an operating system is to stay as much out of the way as possible and simply allow applications to do what they do. An operating system that interfers with what you're trying to do is not an operating system.
Also, my OS ROMs are a few bytes away from being full, there's no space for any more code.
Assume an OS/distro that has limited commercial offerings.
(i.e. not Red Hat)
Why should they care? Why isn’t it enough to slap on a disclaimer that says not to use it in all these jurisdictions?
Primary loser being voters in said jurisdictions.
I do get that there’ll be a push by the vendors of commercial Linuxes to “fix” this.
One nuclear way to counteract would be to withdraw support from entities in not-allowed-to-run jurisdictions. Surely there’s a clause in one in those tiny EULAs.
I don’t necessarily think it’s as simple as the above, but all the same a FOSS entity should have less exposure and less to lose.
The UK will love this!
The UK is already pushing age verification as "think of the children" with predictable results.
So predictable that they are now touting age verification on VPNs. Every single time you login. Just imagine that in your workplace.
The UK government will love this, Stasi on Steriods!
Yup.....see:
Link: https://www.techradar.com/vpn/vpn-privacy-security/creating-apps-like-signal-or-whatsapp-could-be-hostile-activity-claims-uk-watchdog
Also a serious threat to FOSS developers......just publishing an app could be criminal!!
There's this big assumption that the law makers don't know what they are doing and what the implications are. Instead assume that they do, at least in general terms, and those general implications are being explained to them by people who do know. Who are those people? Why the monopolies that will run the internet when all this is done of course. Your good buddies at Microsoft, Apple and Palantir to name a few..
But that would kill the internet as we know it you cry! That's what they are doing. They aren't thinking of the children, they are thinking of themselves and how people are making their own mind up about things from the internet and voting accordingly. Now some of those things are bat shit crazy, but some are dangerously true. Politicians want people to think on simple, untrue data. This is why all economies are described in terms of household budgets. Because then you will agree that you can't afford all the things you want, when you actually can. Loans that countries make are the cheapest loans on the planet because they are backed by the biggest collatoral and the longest loan period. In fact countries can make a fortune borrowing at those rates to effectively lend to their citizens paid back in taxes.
But the internet is too crazy and unregulated. So simplify it, regulate it and turn it into on demand mainstream media. You can watch any channel you like, because they will all say the same thing but you will think you are making a choice, there will be some safe rebel channels as well for the uppity teenagers.
And people will vote for it because they are too stupid to stop giving their kids mobile phones and paying for their data.
I bid on a contract for a un*x shop once. I won the contract without a face-to-face interview. When I walked in on the first morning, the guy in charge of the data center looked startled & exclaimed "Where's your beard?!" ... Despite well over half a century of un*x experience, I do not now, and never have had, a beard. Still makes me chuckle :-)
Despite well over half a century of un*x experience, I do not now, and never have had, a beard
Call yourself a techie?
(I have a beard, not because I want a beard but because I hate shaving. Any form of shaving (wet, dry, blade, electric) inevitably ends up with my face looking like something in the butchers shop. So I gave up).
How would you like this wrapped? "national security" or "protect the children"?
If it isn't apparent yet, it soon will be: this is an authoritarian control mechanism masquerading as "protection".
You may scoff, deride, laugh, ridicule. Many will, and it won't make any difference. It never does. Upvote, downvote, doesn't matter.
No doubt the "If you have nothing to hide..." mob will be out in force as per usual as rights and freedoms are gradually eroded in a continuing Hegeilian Dialectic that will either remain unseen or willingly ignored.
Privacy is not equivalent to concealment.
It is difficult for me to witness apologists attempting to excuse this kind of sly assault, and using the usual tropes to defend the indefensible. There was a majority once who beleived a wooden horse was.... just a horse.
Using equivalent argumentation to "When did you stop beating your wife?" is a very old technique too. Still working very well it seems.
When some bright little NPD decides that we require a facial scan and biometrics to access the internet at ISP level overseen by a nice "tame" military grade A.I. many will be shocked.
I won't.
Hey, it's ok, TLDR right? "They'll NEVER try that!"
All the pieces of the "puzzle" are already there.
By then this post, and its sentiment will either have been scrubbed or long forgotten.
In the words of Mr Eric Blair -
"Don’t let it happen. It depends on you,"
Are you guys real computer people. How you bypass the law is you host everything outside of the country that law resides then use a vpn. Why are so worried about it.
Linux does not have to do anything, since os the is maintained by a series of people. How are they going to enforce a law that many write code for, they will have either have turn the Internet to a China based system or have a serious amount of police ready. I live in California, they can barely keep the roads paved and most companies are leaving.
It's time for us to fight back or we will become North Korea or China.
JUST HOST ISO OUTSIDE THE COUNTRY OR ENCRYPT THE ISO TO HELL AND IT CANNOT BE TRACK.
So, in order to "protect the children", let's take the burden of parenting from...parents! And it makes good propagancoffcoff...sorry, image of politicians trying to keep their seats.
I never let others taking responsibility of teaching my kids to be alert for the dangers of this world. Always telling them to look for certain patterns and behaviors. PrOn and violence? The only option is having open conversations and not forbade things, otherwise they become tempting.
If politicians really want to reign over tech corporations, they should go after the algorithms, not age checking.
The implementation is way off, but since so many jurisdictions now have a "must be this old to watch porn on the internet" law, they move the age check away from the wild-west of 3rd-party porn-age verification 'show your ID' checks, and into something that's (in theory) less likely to get your driver's license used to steal your ID.
Moving it into the OS/browser should (if implemented properly) be a better solution... even though the real need for this solution is entirely politically generated in the first place.
And of course this won't be a replacement for those jurisdictional 'must actually check ID' laws that exist, so it's another point of failure.
Parents want all this control over their children, but none of the responsibility of actually talking about this stuff with their kids.
Like all questions in software it depends. If this law simply means that a date of birth must be associated with every account when that account is created it doesn't invade privacy. It might provide diligent parents with the ability to limit what their children do and see on the Internet. (I refuse to argue how likely this will be, most parents are busy and/or lazy.) Giving up your date of birth in this manner is not an invasion of privacy. That's why DOB is used in the US to identify a person, for example, when accessing private medical records like prescriptions. A DOB does not uniquely identify an individual while a Social Security number does.
If there is a requirement to first prove the user's identity before creating the account that would be a different thing but I see no evidence that it is. This entire conversation seems to be based on slippery slope fears.
Even if it just asked for a date of birth on an account page it would still be problematic because the law doesn't restrict "operating system" to just those used by personal computers. So you'd have to create an account for literally every electronic device. Some devices would need it multiple times. Every desktop computer, for example, has at least two operating systems: There is the BIOS (the operating system installed into the motherboard) and the Disk OS installed to the hard drive. Your car, your security system, your TV, your smart appliance, your printer, your router, your modem, etc. All will need to have an account system added with it's own DOB record. And if any product fails to do so it cannot be sold at all.
If nothing else, the additional costs for implementing this on every single device will get passed to the user driving up costs for everything.
If, however, the lawmakers later revised the laws to limit it to the specific type of operating systems used to run a home computer and smart phone it would still be problematic. For companies like Apple and Microsoft, sure, but for Unix? Since they are not paid to write code this would be an example of the government ordering people to work for the government without compensation. Even if the code is simple to write that would be a dangerous precedent. Last I checked, forcing a person to work without pay is slavery. Where do we draw the line?
What I don't understand is how they will enforce this in particular states.
If I fly into CA, will my phone require me to authenticate my age before I can use it?
The computer OS would not only need to check your age, but the US State from which you are using it (if you are even in the US).
What about these new fancy cars that have an OS in them? Can you drive across state lines, or does it shut down at the border until you scan your ID?
In the Illinois version of the law it prohibits the sale of an OS without a verification system so they enforce at the level of the store front. If your phone doesn't have age verification, and you bring it in, then they can't do anything about it.
However, forced updates are a thing. I used to think that this was only pushed by a carrier which is why I bought phones outright so it didn't have carrier branding, but in recent years Google has been pushing updates without permission regardless. So chances are extremely high that your phone will get updated to require age verification unless you are using a special deGoogled OS. In which case no one can stop you and you, as the user, are not violating any law.
Similarly, if every version of Linux refused to comply with the law and adjusted their license to say you cannot use it in California, and you decide to use it anyway, you have technically violated the user agreement, but you have not broken California law.
Same thing with cars. They cannot be sold without age verification in that state, but the law does not prohibit you from otherwise using a car. Side note: It's not just new cars that have an OS. Even old cars have an OS. The OBD-II port became standard in 1996 so every car made over the past 30 years at least has a standard operating system. Though it would be rather silly to make you create an account and verify your age through this port, the law technically will make it illegal to sell these cars in California which is going to cause allot of headaches once people realize that nearly every car is illegal to sell in the state since that would directly interfere with your ability to resell a used vehicle.
We all know this California law is crap (and so is its Colorado clone). But age-appropriate content is a real problem.
A friend, during discussion of this law, proposed a zero-knowledge age verification system that would actually WORK. It seems like a pretty sound proposal to me.
It works like this:
1. You have a local trusted agent who can validate your age in person. This could be a bank, lawyer, town clerk, notary public, whatever. This agent assigns you a UUID and password, but does not record any of your personal information (this is why it has to happen in person) other than your age (perhaps birth year and month, but probably not exact day?).
2. This UUID/password/age is submitted to a second agent who is responsible for collecting these and validating age to others. This could be, for example, Experian, a state government office, an embassy, whatever. They can infer proof of age without actually possessing proof of age or identity. That has been verified by the UUID issuing agent. This second agent does not need to know those things; only that the stated birth month and year associated with that UUID is legally asserted to be correct.
3. When you need to prove your age, you use the UUID/password to request a token from the second agent. You give this token to the web site that needs to validate you. They give the token and age requirement—and nothing else—to the second agent (if they trust that agent), who returns a yes/no if the age requirement is met.
Age bracket has now been verified, without disclosing any of the user's personal information or even identity to the site requesting verification. It's a zero-knowledge actual verification that cannot be trivially falsified.
Which is less bad than what they are going to do but breaks in several places, as, admittedly, do most of the worse options. For example, you still don't have much which ties that UUID/password to a person, so there's nothing stopping:
1. A child copying an ID of their parent.
2. A child copying an ID of someone else.
3. A child trading one they copied to other children.
4. A person obtaining multiple UUIDs from different suppliers, if any notary can do this, they should be quite cheap. If they're not quite cheap, we have another problem. Then they sell some of these to children.
Number 4 would likely be quite illegal. The problem we're facing is that people passing these laws aren't willing to stop at responding to illegal situations. They are trying to prevent anything bad from happening, which is mostly impossible, and whenever it is proven that something bad can still happen, they look for yet another technical measure to make it impossible with privacy being the only thing they're willing to give away to make that happen. Your solution will be too much for those who oppose verification altogether and too little for people trying to obtain it.
Another perspective: I'm a New York based manufacturer of sim racing gear, and the proposed NY law as-written would prevent us from shipping usable systems. They all have onboard PCs, and of course these run operating systems capable of connecting to the internet. If the OSes require verification - as the NY bill says - that means ID, since they don't have camera systems. If we bypass with our own IDs, we're breaking the law and risking personal IDs being leaked every time we ship a piece of hardware; if we use a VPN to activate in a different state we are likewise circumventing the law and presumably open to prosecution. So our only option then becomes to ship un-activated hardware, which will range from an annoyance (for private clients who will need to take longer to get up and running) to a showstopper (for commercial clients who require turnkey systems that fire up and run immediately on site with a custom software stack).
Am I expected to effectively shut down the commercial side of my business and piss off all my non-commercial customers? If the bill passes as written, I guess so. Thank goodness we're preventing impressionable children from... driving GT3 cars at Spa.
This is *in addition* to all the obvious other reasons this is an incredibly bad and pointless endeavor.
That is exactly what my company did for EU & AU: Block their access to our website and flat out refuse to sell to sell to them. Yes, it sucks for us to blatantly refuse orders from those who want to be our customer. Yes, it sucks for those aspiring customers to be blocked and left without an alternative vendor that offers our services. Many try to use VPN or third party to order, but if we detect anything that indicates the order is originating from the banned regions (invoice, bank, currency, ...) the order does not proceed. We will absolutely NOT advertise or sell to those in the banned regions to avoid nexus headaches.
While I would oppose these laws regardless, a much larger concern here is the fact that "Operating System" is not defined in any of these laws. Without the law itself restricting what type of operating system it is talking about it therefore, as written, applies to all operating systems. While I suspect that the lawmakers think OS refers only to home computers, if so, it shows that they don't understand the technology that hope to regulate.
So, for example:
1.) Every motherboard has a BIOS. Which is an operating system that is used by computers to initialize hardware. These systems are not designed to have user accounts and really should not be connected to the internet, but this law would seem to require that every new motherboard to implement user accounts, an age verification system, and a connection to the internet, and an ability to integrate with app stores. Seems a bit much for a motherboard.
2.) Every Television technically has it's own operating system. Dumb TVs and most monitors have extremely simple Operating Systems that just let it change channels, adjust basic settings, and relay data from external devices for streaming. Smart TVs, however, allow for user accounts and age verification. Based on the wordings of the laws, all Dumb TVs and most monitors will be illegal to sell because they lack age verification.
3.) Every router and every modem has it's own operating system. These do tend to be internet connected, but routers are not always used to connect to the internet. They are often kept offline on purpose for local intranets. Requiring that they connect to the internet for age verification would cripple the security of most government offices.Even if this was not a concern, the introduction of user accounts into a router and modem adds needless complexity to a device set that most Americans use for all members of their home. In fact, adding user accounts and age verification here would actually make it more difficult for parents to implement home parental control systems.
4.) Every smart device from toasters to refrigerators have operating systems. While I personally don't think these devices need an OS, requiring that they all get age verification added is stupid.
5.) Every home security system has an OS. Most are not designed for separate user accounts. Requiring age verification to use a security system is a strange idea to say the least.
6.) Every car has an OS of varying complexity. Some might be able to handle an age verification system, but I for one don't like cars going online. How exactly would it benefit children to implement an age verification system into a vehicle OS?
7.) Wastewater and Drinking Water systems are often controlled using an OS called SCADA. This is a very simple OS because it needs to be. Only licensed operators are put in control of them so age verification is useless here. On the contrary, if a law says that an OS cannot be sold without age verification it technically means that the SCADA systems will be required by law to connect to the internet and add user accounts in order to be operated which would expose these systems to hacking. As someone who has experience using these systems, let me just say that if a hacker gained control over such a system it would represent a threat to public safety as a whole. This is one OS where the addition of age verification would directly endanger the lives of children.
...
And of course another concern is when the laws specifically claim to be retroactive. Should Microsoft be required to push an update for Windows 95 and DOS to implement age verification? What about old game consoles that never had an account system to begin with?
In short, these laws are overly broad - not simply because it forces adults to give up their information, but because it covers literally every piece of technology you can think of without any reason.
On the bright side, if they decide not to enforce the law against all these examples above and only target phones and personal computers then the law itself will be unenforceable because, per the equal protection clause of the constitution, a law must apply equally to be valid. If they pick and choose who they enforce the law against the law itself won't be constitutionally valid.
And if they refined the laws to be limited to only newer computers and phones? It would still present a serious risk to government computer systems that use an intranet and should not be exposed to the internet and it wouldn't work anyway. What's to stop someone from just writing a browser addon to simulate the age verification signal? If it is ever made for an open source OS, even once, that would be an easy thing to do.
Worse though is the idea of normalizing the practice of sharing personal information on the internet. When I was a child I was taught never to share things like my address with strangers on the internet, but now an entire generation of children will get used to the idea of doing just that. In the UK there are already examples of scam sites pretending to be ID verification to steal identities. And more than a billion names have already been leaked from official databases. What happens when predators obtain the name, birth date, picture, and address of children? Doesn't that put real children in danger of kidnapping?
I don't know about any of you, but I would not allow any child of mine to share that level of information on the internet. I don't care what any lawmaker says. I will protect my children with my life as any parent should do.
