Apparently this will include Linux…
The the absolute fuck are these people doing!? An OS does not require age verification for anything but totalitarian intents. Fuck this timeline.
“…operating system providers…”, what the fuck does that mean.?
That might mean it needs to be implemented at the distro level. Not the kernel. This means that any distro that won’t comply will be illegal in California. I’m pretty confident this won’t cause any issues for anyone outside the “Land of the Free”.
so… gotta credit card - age verified? Business used to want money. This personal get to know me shit is stale and smells.
They uh do realize busybox and BSD underpins nearly everyfuckingthing right? Including network stacks. So fucking stupid.
This shit law was written by people who probably don’t even know the difference between software and hardware.
Removed by mod
I saw the developers of MidnightBSD state that they are going to block users in California when this law gets put into place. I hope that more OSs do the same. Especially Windows, it could be devastating to California’s economy and make them, along with other states and countries, reconsider their decisions on age verification.
I don’t live in California but I’m interested in seeing if there are any other OSs that will be blocking California users. I’m probably fine to just continue using Linux Mint but I’m open to trying other distros/OSs in order to participate in this protest if Linux Mint doesn’t.
In my opinion, it is foolish and shortsighted of these developers to just block the state and move on. (I do live in Cali but hear me out)
Whether people like it or not we are stuck with this law now. A law that leaves all of the implementation details up in the air. The big corporations, Microsoft and Apple, are not going to be pulling out of California. Do we really want to leave all the power to determine how this system works to them? Leave the 4th largest economy in the world entirely in their hands?
If we ignore what is going on here then we will give up our chance to even propose a minimal acceptable solution to this law. One that does not require ID or face scans.
I desperately hope that the linux foundation is taking this seriously and is already looking at implementing a solution.
This law aims to place at least some of the responsibility back onto the parents that allow their children to run wild on the internet. Is the law perfect? Absolutely not. Would I repeal it if I could? Yes, of course. But this is the hand we are dealt.
(also it is midnightbsd)
I know that we do need better regulations for protecting children online but I don’t think we’re ever going to get that. It seems like the government that we have now just wants to have full control over everyone. In fact, the FTC made a statement saying that they’re basically giving companies a loophole that allows them to partially ignore COPPA, which is one of the best protections children had online. It’s obvious that they have no interest in protecting children online, if they’re making statements like that.
Just to reiterate I do not think this law is good and I would get rid of it in an instance but…
I don’t really see this as a law to protect children. I see this as a law that focuses on the parents. The parents become liable under this law if they circumvent the system and their child is hurt. If developers decide to flaunt this law and ignore the signals then they would be liable.
So if you don’t have children this law should effectively not affect you other than you might need to choose which age bracket you are in. Which sounds like such a small price to pay for making parents take responsibility over their children on the internet.
I mean, as long as they don’t require an ID that’s fine I guess, even though what they’re proposing can be easily circumvented. But my biggest, and everyone else’s, concern is that, as with what’s been going on with age verification, it’s possible that it’ll just snowball into something worse. It doesn’t help that there are people, like me, that currently can’t get IDs. There are already several websites that I have to use through a VPN, so if these age verification laws keep getting worse, people like me might completely lose the ability to use the internet entirely, unless they make getting IDs easier.
I’m sorry that you have to deal with that. IDs should be as easy as reasonable to get. (fucking SAVE act).
You are right, this could be used as a stepping stone towards gathering IDs and the deanonymization of the internet. We (Cali residents) need to make sure that we contact our reps and are heard. Voice our concerns with this law in its current form and that we will be up in arms if they go any closer towards ID verification being required.
It depends on how the system is implemented. It is entirely possible that MS will implement it with ID verification or face scans, since the law does not forbid them from doing that. But that is why the open source community/linux foundation need to make sure that we put forward a reasonable solution rather than just “forcing” users in Cali to go back to using windows.
I mean, it’d suck for all of us outside of California to have more surveillance just because y’all have that law, and it’s absolutely not really about protecting children, it’s about surveillance
I’d love for you to go into more detail on how this is surveillance since that seems to be your main concern.
The law does not require providing IDs or face scans or any other identifiable information. There are clauses in the law limiting where the data gets sent to and that if data does need to be sent then it is the minimum that is necessary.
The law only requires that an account holder “indicate[s] the birth date, age, or both, of the user of that device”. Outside of the abstract the law not once mentions any type of verification that must happen.
Also it’s a California law. It doesn’t affect anyone outside of Cali so if you are affected take it up with your os provider or fork your distro.
Can you add a link to the actual text of the bill to the post?
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Might help people to actually be able to read it, and it is a very short read (<15 minutes).
How will this affect enterprise systems with remote installs or ramdisks?
Please explain to a complete doofus how can someone enforce this?
Cant they just download any linux distro from millions of different places and install them on any machine, even offline?
The law only penalizes instances that affect children. So by circumventing this law does not mean you would be charged with any fines. But if you circumvent it and your child uses the device then you would be liable no more than 7500$ (since in this case it would be an intentional violation).
I am not a lawyer. This is just what I understand the law to penalize.
OS providers and developers are also not liable if you set an incorrect age for your child intentionally or by mistake, only you would be.
But if they flaunt this law (do not try to comply with best effort) then they would be liable for each affected child.
Edit: sorry this didn’t exactly answer your question. How they enforce it would be that it is tacked onto other charges from what I understand.
Edit 2: oh and children can’t be charged, only adults (18+).
Bios are becoming more and more locked down, that’ll be the next thing, at the tech lobbyists behest.
soon we will need bootloader unlock exploits (or the blessing of our overlords) to install anything other than (unrooted) stock os, not unlike android and chromebooks.
we desperately need to break free from US tech.
In essence, while the bill doesn’t seem to require the most egregious forms of age verification (face scans or similar), it does require OS providers to collect age verification of some form at the account/user creation stage—and to be able to pass a segmented version of that information to outside developers upon request.
So you just fake a date and call it a day… thank you Cali…
For real though I can’t imagine the sysadmin and docker nightmares that arise from having to completely overhaul your account orchestration scripts to input a garbage birthday.
I don’t think anyone thought of the fact that an account on an OS doesn’t always correspond to a human.
The law only specifies “computer, mobile device, or any other general purpose computing device.”
Which is extremely vague. It appears that the intention was to just affect end user devices. Not specific purpose systems.
Gotta love it when people who have no understanding of how Linux works writes laws about how Linux should work…
The law only specifies “computer, mobile device, or any other general purpose computing device.”
Which is extremely vague. It appears that the intention was to just affect end user devices. Not specific purpose systems.
It goes way beyond Linux. Think any device that could download something at some point. Gas station pump, calculator, FreeDos, VxWorks, etc.
There is a lot of language like “or can download an application”, so if you can download something, then that thing could be an application, and thus that device and it’s OS is covered.
And every point of sale system everywhere
I have never internally facepalmed harder in my life
I have genuinely no idea how that could work.
I believe I get the genuine intent (protecting children) but I have so far never encountered any device or software or both that didn’t relatively easily bypass user authentication.
The closest I’ve tried are (expensive) XR headsets like the Apple Vision Pro or the Microsoft HoloLens both thanks to eye tracking. Basically for these you have to validate you are who you claim to be when you put the headset on. If you remove it, put it back (or on someone else head) you have to do it again. Nobody else (unless you explicitly share) can then see what you are looking it.
Every other devices I’ve seen, including mobile phones with banking apps, typically ask you to authenticate then assume than you are the one who keeps using the device. Meanwhile anybody else can grab the device from your hand and be “you”. Typically specific action (e.g. password change) do require to authenticate again but “normal” usage does not.
I have genuinely no idea how that could work
It couldn’t. It’s political showboating.
I don’t care if there is a package called gnome-age-verification distributed in my linux distro and would prefer it if it means fewer sites with facial biometric tests. If I have concerns about the age verification, then I should be able to type:
sudo dnf remove gnome-age-verification
California probably wants it in linux distros so that linux can’t be a justification for big tech still demanding Orwellian stuff in every website (ie “but what about the children who use linux? we need to protect them with Persona too!”)
But where would it stop? The hell version of this would be kernel-level-approved-AI-agent-checks, with an OS required to have an approved AI agent with a validated third party key that reports to the government with required telemetry and the kernel makes sure the OS won’t run without the approved AI and then makes illegal any scripts for unapproved kernel code modification. And post-Tornado cash, we know code is unfortunately not protected US speech.
env USE=-fascism emerge -ave worldDoesn’t even make sense. Virtually all Linux distros can function completely offline. How do you do age verification completely offline? Classic politician who doesn’t understand tech trying to look like they’re doing something to save the kids.
"(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Sounds like it’s a text box that enter input into. Making it completely pointless.
According to Gabe Newell, something like 90% of steam users were both on 1/1/99 (might be fudging the numbers somewhat but presumably you get the idea).
They will make it a crime to not have any OS that is not compliant, that simple.
The only platforms for now where this might work are Windows, macOS, iOS, and stock Android, however as Muta hypothesized, if this extends to hardware-level, a law could just mandate SecureBoot and lock out the ability to implement custom keys, and then only allow a short list of state-approved OSes to boot on the hardware, which no doubt Windows would be on that short list.
Similarly, all non-Apple mobile devices as an extension to that could be locked exclusively to stock Android, eliminating custom ROMs like LineageOS or GrapheneOS as an option entirely, let alone mobile Linux distros.
That seems as reasonable as suggesting they could pass a law requiring everyone to hire a govt licensed computer user in order to interact with their devices, and otherwise touching a keyboard or touchscreen would be illegal.
It doesn’t feel like a realistic estimation of what they would actually try to do. There’s too much that is currently dependent on Linux, you’d do better to just dismantle and ban the internet.
Another thing that could hypothetically be done given NK does this already so there’s precedent as far as this goes, is any given government could make their own Red Star OS equivalent, and then have that as the only state-approved distro
Me, buying cellphone parts from another state to assemble myself like an 80% lower to avoid having to drink a Verification Can every time somebody calls me:
I think I just invented the concept of a “ghost phone”
must be between the ages of 13 and 65 let’s go ahead and set it to retirement age
