- cross-posted to:
- technology@lemmy.world
- privacy@programming.dev
- cross-posted to:
- technology@lemmy.world
- privacy@programming.dev
AB-1043 “Age verification signals: software applications and online services.”
Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.
Edit: altered title from “ID check” to “Age Verification check”
You must log in or # to comment.
Take it from a Brit… It’s not about the children. It’s never about the children.
One of the architects of Project 2025 confessed on secret camera that the purpose of age verification laws is a de facto porn ban.
I’m sorry but you’re using that term wrong. You mean a de jure porn ban.
A de facto porn ban would mean that you actually couldn’t get any. And that’s just ridiculous.
Like drugs are illegal de jure, but de facto getting weed pretty much anywhere in the world is not a challenge. Usually even easier than getting alcohol as an underage person. Not that I have experience of that in the past few decades (being underage that is).
I mean I guess it’s “de facto” in sofar that it’s not exactly presciptively de jure illegal when it’s done like that. So in that sense you are right to use it like that, but eh. I disagree with who I was when I started writing this. No matter we’re on lemmy.
Maybe for them. But for governments in general the point is that age verification is ID verification and it means everything you do online or on any electronic device can be surveilled and tied to your real identity. And that makes political dissent a lot harder to organize without being shut down.
Why do I need to show my ID to install Gentoo?
Because how can Persona (and the government) know who is using Gentoo without an ID requirement? What is someone doesn’t use javascript when browsing the internet?
Easy, their next target will be business and browser.
I’d like to see them try. Is it during installation or download?
Oops, forgot to compile that module. Oh well.
i hope people talking about him as a potential president remember this; he’s a conservative robot who doesn’t give a shit about you.
Which is orders of magnitude better than a conservative pile of goo that actively wants to inflict as much suffering on you that is humanly possible. Which is very loved by a median voter for no good reason whatsoever
goo is more human than robot. there’s a reason why neolibs lose elections but Trumps, Mamdanis and Bernies win, and it’s not populism, it’s ideology.
Bernie lost popular vote two times in a row.
Bernie won plenty of mayoral and senate elections, as well as many states during his primary campaigns.
America has pockets of progressiveness so to speak, that’s why once in a generation you can get occasional mayoral wins and such. But they never grow into anything bigger, for many many reasons, from the fact that America is a stupid country full of stupid people, to the fact that lefties will always chose infighting and purity checks over pragmatism, to the fact that significant portion left-leaning people are extremely anti-democracy and use “voting” as a slur word.
Doesn’t mean nothing can be done, but you also can’t just ignore all of thatyeah there are definitely challenges
Almost like the nominations were rigged and the media hated someone who would ruin the rich who own the media’s income.
If there is something that Americans love to do more than bitching about their elections being rigged, that’s not actually participating in said elections and waiting that someone will do voting for them, while they sit around and call everyone who actually votes “libs”. That and daydreaming about murdering people during their inevitable revolution/civil war.
That doesn’t mean elections aren’t actually rigged, they very much are.
Between the preferences of the machinery of both parties, media ownership - including web companies, increasingly militarised police, ai + agents having the potential to effect the kind of 1980’s de-industrialisation on the middle class, and the rise of a surveillance state that would make the stasi blush, voting for the lesser of two evils isn’t going to do it any more. The lesser of two evils, both complicit in the construction of the explicit oligarchy America how has, is responsible for this.
You might extend the fuse a bit, but that will result in a bigger bomb. If it isn’t too late already, you need to look to the likes of Sanders. Or you need a No Kings protest every day, or as often as possible. Or a permanent Occupy Washington, which I think would come at serious risk of harm for the participants. It is critical now for America’s future.
“Age verifications” AKA “A complete ID and access record of all that you do on your personal electronics.” This is some seriously dystopian surveillance and control shit and it has nothing at all to do with children.
This bill, beginning January 1, 2027, would require, among other things related to age verification with respect to software applications, an operating system provider, as defined, to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would require a developer to request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
I’m not sure how this is going to be enforceable. So, in essence:
-
The OS should have an accessible API that returns the age bracket of the user, presumably for the purposes of eliminating a lack of compliance on apps using children’s data for advertising. That’s not necessarily a massive problem, though I don’t like the idea of age brackets, I’d prefer it if it’s just a “Adult” vs “Child” bracket.
-
It doesn’t seem to be asking that the age be verified through some external provider, so simply stating the age of the user is enough.
-
App developers are expected to always request that information on launch/installation, which is simply not going to work because how would you enforce it for software made before this law came into effect?
-
The definition of “covered application store” is way too broad and covers basically anywhere you can download software, including things like public docker hubs or Github, so no that’s never going to work out. Apple and Google can maybe include the request for age brackets and provide that information by default as part of the SDK, but legacy software? Good luck getting WinRAR to request that information. You’ve essentially banned all software made before 2025.
So… The OS-level stuff isn’t a huge deal, but the requirements on app developers are way too strict and would be unworkable. If I were to re-write the bill, I’d make it so the age bracket must be available at the OS level, but not required by the app developer to actually use it. I would then add more strict requirements on sites to not use children’s data for advertising, with the reasoning being that they could have asked for the age bracket from the OS at any time, and the fact that they didn’t even bother means they actually wanted to use children’s data.
The bigger problem IMO is the implication that a device/OS must have a defined “account holder” that is associated with an actual person with an age. Nevermind that there isn’t any verification happening that could de-anonymize a user or be breached - as an administrator, am I responsible for ensuring users only use a specific account with the correct age identified? What about google or apple? Are devices meant for children to be locked down so that new users or accounts can’t be created to circumvent restrictions?
This law is too vague to have any meaningful impact on child safety, and the implications behind it make future erosion of privacy far more likely.
That’s not even accounting for server racks. Servers run operating systems too, and a server doesn’t really have a ‘user’ as such. Sure there’s the admin account, but there isn’t a definitive person you can tie that to.
So the “age verification” boils down to the same level of security as that pop-up on PornHub asking if I’m over 18? And Newsom wants to create a legal precedent that can open the way to mandated State-controlled malware on every electronic device in the State just for that?
I mean, he’s a politician. He’s very aware that people can and do lie all the time. Which means that the stated goal of this legislation is very obviously not its actual goal.
-
He can go fuck himself. “Dems are the good guys!!!” Fuck off. This isnt about protecting kids. Its about tracking, profiling and data collection. No doubt to sell to 3rd parties. Fuck all these cunts who push this shit.
There’s no fighting 21st century fascism without breaking this law.
This is so much more effectively evil than ehat the trump admin has been doing holy shit.
This might genuinely be world leading evil.
Evil has won and has pulled up the ladder behind it to make sure no one can challenge it.
*to make sure nobody can challenge it without illegally building or stealing a ladder.
Mandatory os-level
Cute attempt, but libre software - as always - remains superior and impossible to control. That’s by design. Write any law you want, I can modify whatever line of code implements this stupid check, remove it, and move on.
On a PC that isn’t so hard to do. The problem though is that online services will start requiring the os level check which itself will likely require phoning home to some service.
Plus open software on phones and tablets is still in very early stages.
Plus open software on phones and tablets is still in very early stages.
This simply isn’t true. However your first comment about OS level checks is where the issue lies - if you don’t phone home to Google your banking app won’t work.
Well good thing banks have websites.
And if you block your browser’s connection to Google you won’t be able to log in to your bank.
Time to switch banks then.
On a PC that isn’t so hard to do. The problem though is that online services will start requiring the os level check
Easy peasy, the browser checks the OS them reports it to the website
You mean the libre software that is all primarily stored on AWS, Azure, or Google infrastructure, especially github?
Linux is the giant it is using email as the primary infrastructure for development. We will be fine.
Can’t we just fork it over to something like Codeberg eventually? I know it’s a lot to move over, but with time and patience, it seems achievable.
Coincidentally, my birthday is 1900, January 1st.
1970, Jan 1st is better for this situation
The whole point of the GNU/Linux operating system is for free speech. Whatever you’re trying to do California, it’s not going to happen. I refuse to run any proprietary software on my machines. It’s astounding that any porch for freedom is just gets blindly attacked by a bunch of uneducated fools. What a boring dystopia we live in…
What is the point of bucketizing the actual age when anything querying it can simply note the date at which the user shifts to the next bucket to determine the exact birth date even if it never sees the exact birth date?
Furthermore, what about a common login like on a media PC?
What about a Steam Deck that gets shared around a household?
This is all very dumb. Could be a lot worse but it’s still very dumb.
Computer code is a form of speech. It is mind-boggling to me that California wants to assert its rules over all FOSS software.
If California is able to do this, what stops them from next requiring Arch to be bundled with ID-checking Persona as part of a mandatory GUI installation?
Maybe Arkansas wants a mandatory “governemnt module” in Fedora to allow easy remote access?
Perhaps Dubai would like ProxMox to ping Dubai’s government so they can create an IP registry of ProxMox users?
And since so many developers use github, will github just ban developers who don’t comply?
I understand that such a rule could undermine Project 2025’s objectives, but it is still a slippery slope.
Good luck enforcing that on Linux.
That’s probably the point.
I wouldn’t be surprised if Microsoft and Google lobbied for this to prevent open source from encroaching on their terf
Likely yes, though it won’t matter to me. I’ll recompile from suitably modified source code if it comes to that.
They might try to stop Linux from booting at all with locked bootloaders.
That would be the point at which things - expensive, crucial things - would start catching on fire for reasons that has nothing to do with anything I might be doing.
Like what? I believe you but I’m interested in the implications of this bill
that would basically destroy the internet considering how many servers - including microsofts own sites - run on linux
There’s precedent that source code is protected speech, so maybe Gentoo is about to become a lot more popular.
And who doesn’t enjoy using 90% of their system resources to compile the 10% remainder all the time?
You can compile while doing other things.
Any recent (AMD) cpu will handle it just fine.
Even most games struggle to utilize many threads.
Gentoo is also amazingly easy to use.
You can use binary versions if you want.
reinstalling OS is fairly easy. I expect utlities to “correct age error”.
The bigger distros will probably do it, especially any that have an organization to fund their development.
That have funding from American organizations, or are an American organization themselves. Possibly even Californian only.
Read the link yall
The bill requires:
- OSes to take user birthday during account creation
- this info is binned into categories (<13, 13-16, 16-18, >18)
- the category info must be made available to basically all software
- software is supposed to use this data to age gate content but is not allowed to send this data to 3rd parties
What this bill does not do:
- Your full birthday is specifically not to be sent to every application
- OSes are not being asked to check your id it doesn’t say the OS should do anything to verify the birthday, just that it should record it
- There isn’t anything to prevent you from entering 1/1/2000 instead of your real birthday
Honestly this doesn’t seem that bad to me. If anything it’s a little pointless. This style of age verification is basically universally already used. I guess you could read this as forcing OSes to have parental controls.
I do think there is a bit of a privacy issue in this information being shared with every program, but they attempt to minimize this using the binning (so ironically it really only hurts the privacy of teenagers since for adults it will just say >18), and this information is supposed to not be shared with 3rd parties (but we all know Facebook and Google are going to do whatever they can this info, pushing the limits of that part of the law, or just waiting to be sued and paying the fine when it happens).
I honestly think most Linux distros will just implement it.
Honestly this doesn’t seem that bad to me
A state governor doesn’t get to decide what kind of data libre software must or must not collect.
A state governor doesn’t get to decide
Correct, it takes a whole process and a bunch of politicians to write a law like this.
Yeah, no
First off, this is just another step, and if you believe it’s the last one then I have a nice bridge to sell you
Secondly, this won’t work in practice. Software is being developed all ove the world by single nerds to scientists to little kids, to small software companies to huge software multinationals with hundreds of thousands of developers.
99.9% of the world doesn’t have these rules and won’t give a shit about what California wants. Do you believe that the app developed by some random kid in a random country will start checking age just because newsom wants it? Ok Boomer.
And IF this system allows you to put in whatever date, then what’s the point, beyond some security theater?
This bill is absolute horse shit and won’t go anywhere because this is not how the world works. This will likely end with citizens in California having a really really tiny amount of software available to them legally
First off, this is just another step, and if you believe it’s the last one then I have a nice bridge to sell you
Slippery slope fallacy. This law is basically just asking for a more unified and organized version of how we already check for age verification (which is every individual app or website asking for your birthday). If there was anything more than that I’d agree with you. I do agree that it’s annoying this is coming in the form of a law instead of an addition from Apple that they use in marketing that gets others to follow suit. I think that would have been a healthier way for this sort of organization to happen.
That being said, I do agree with you that the potential “next step” of asking the OS to verify your age would be an issue.
Do you believe that the app developed by some random kid in a random country will start checking age just because newsom wants it?
They already have to select what age range the app is for when they submit it to Apple or Google, and it’s Apple or Google that will have to make changes to comply with this law. If they aren’t distributing through an “app store” there is nothing the 3rd party developer needs to do or worry about according tot his law. However, I am curious how this will end up being applied to command line tools and package managers.
And IF this system allows you to put in whatever date, then what’s the point, beyond some security theater?
I agree, except it could be a form of parental controls. One thing I really don’t like about this law is I think the parents should decide what content is appropriate for their child, rather than the App Store. But not having any validation both puts the control back in the parents hands to some extent, while also making sure the law stops short of becoming a serious privacy and security issue.
This bill is absolute horse shit and won’t go anywhere because this is not how the world works. This will likely end with citizens in California having a really really tiny amount of software available to them legally
Considering most of the biggest software companies in the world have offices in or are based out California, that’s simply not true. Apple, Google, and Microsoft will all comply, regardless of how reasonable the rules are. At best they would fight it in court.
I doubt anyone is planning to sue open source OS developers over this, but honestly the changes it asks for are pretty small, so I expect most linux distros will follow suit anyway.
Ofc I don’t think there is anything California could do to enforce this on FOSS software in any practical way, if it came to that.
Slippery slope fallacy
That’s not the slippery slope fallacy. Are you operating under the assumption that any sequence of events and projection of a future step is an example of the slippery slope fallacy?
I doubt anyone is planning to sue open source OS developers over this,
Why not? Microsoft would love for open source OS developers to all be shut down. This is just another way to attack them.
We use 1/1/1970, the Unix epoch.
Wild! I am exactly the same age as the Unix Epoch.
Are you serious?! Mad jealous as I missed it by a year.
How cool! :)
How surprising that’s my birthday too!
Even with binning, it doesn’t prevent the date from being learned. All an application would have to do is ask for the bin every day. On the day it changes you learned their birthday. It only works for <18s, but isn’t that specifically who they’re saying they’re trying to protect?
Yeah this is a real issue.
The smallest window for binning is 2 years and you would need another identifier to compare it against for any meaningful data gathering. If the law also provides penalties for gathering that type of telemetry on minors then it should be solid.
If it does that, sure. It would create penalties at least.
You wouldn’t need another identifier though. On your 16th birthday, for example, your age range changes from <16 to >16. If the application checked every day and recorded it, then they would then know your birthday. The bins are larger, but switching bins is by the day. It doesn’t matter how large the bins are at that point.
It’s still pretty bad and senseless. We all know how antis, nazis and conservationists are: you given them an inch, they’ll try to bite your entire arm off, not to mention leaving an infection behind.
As a parent, I reckon a voluntary system like this (if I understand correctly) could be very handy. I could create a child account and automatically get age gated content for it.
And when said child is smart enough to circumvent the system, then they deserve whatever content they manage to get their hands on. I’d be so proud.
But I’m sure capitalism would find a way to abuse and misuse the system for gains.
No and if you dont see the problem, get a fucking mirror.
sounds sane to me, and like something that should be done.
Would Linux be required to though since it’s free open source software? Windows I can see because it’s a product, but Linux isn’t.
I think any used in an official capacity (think enterprise facing software like Redhat), might, but for anything not used at a company level would be both impossible to enforce and unlikely to be audited.
You just know that when a bill is titled “Protect the little children from eternal suffering bill”, it’s gonna contain some real fucked up anti-privacy nonsense in it.
That or terrorism
All laws are terrorism. That’s not special.
This is probably the most dystopian child safety bill so far.
Most dystopian “child safety” bill. Let’s not legitimize the claim that these laws are made to protect children while having privacy-invading side effects - they are privacy-invading laws disguised as child protection, while failing to have any real impact on children’s online safety and wellbeing
I’m not sure anything this repressive is implemented anywhere in the world.
Edit: wait this is the other half of the thing everywhere else is doing that would make this nightmare shit.
The only thing that I can think of is how China regulates it’s online gaming.
What is China’s Age Verification System?
China’s Age Verification System or 游戏适龄提示 in Chinese, is a government-mandated infrastructure that restricts minors’ access to online games and digital platforms. In China, all users must undergo “Real Name Verification” (实名认证) before accessing gaming services, enabling platforms to enforce age-appropriate restrictions automatically.
The system is overseen by the National Press and Publication Administration (NPPA) and integrates with national databases to verify user identities in real-time.
https://appinchina.co/blog/the-complete-guide-to-chinas-age-verification-system/
The move to do this was largely in part thanks to complaints of parents in regards to their kids’ habits with gacha games. For anyone interested, what I posted was a small excerpt from the link, there’s a lot more info on it there.
Is it in the OS?seems like just games.
It is similar, not the same. Some other key differences to consider are that while the US one is at the OS level, it’s just asking you to provide an age that isn’t linked to your ID or anything. It’s just like when a website asks your age, you can absolutely lie about it. But now it’s being done on the OS account, not the website.
Whereas, yeah, it is just for games in China, but it is absolutely being run against the person’s ID in a national database. Some games even require facial recognition. So it’s on a whole other level of verification and tracking.
while the US one is at the OS level, it’s just asking you to provide an age that isn’t linked to your ID or anything.
It’s Age Verification, which will almost certainly mean either ID scanning or facial scanning via the device camera. Or alternatively card transaction verification - the OG method baked into all these laws is the one that pays MasterCard and VISA. ID and facial recognition are cheaper services because the business providing the scan service can make more money off the ID or face they scan.
“Almost certainly,” is just you assuring it is so. Nothing in the legislation itself demands that.
The us is also openly capitalist with no other pretentions or pressures, and currently in the grip of a fascist regime.
I mean, sure? But that’s rather broad and does not really pertain to the topic at hand which is potentially (or outright) privacy-breaking legislature enacted and enforced on technology in the name of protecting childeren.
Its the difference between fucking around with a gun in the hospital parking lot with your two EMT lovers who are trying to get you to stop, and fucking around with a gun in the deep arctic with two hardened killers who want you dead.
