Last year California’s Digital Age Assurance Act (AB 1043) was signed into law, requiring among other things that operating system providers implement an API for age verification purposes. With the implementation date of January 1, 2027 slowly encroaching this now has people understandably agitated. So what are the requirements, and what will its impact be, as it affects not only OS developers but also application stores and developers?
The required features for OS developers include an interface at account setup during which the person indicates which of the four age brackets they fit into. This age category then has to be used by application developers and application stores to filter access to the software. Penalties for non-compliance go up to $2,500 per affected child if the cause is neglect and up to $7,500 if the violation was intentional.
As noted in the Tom’s Hardware article, CA governor Newsom issued a statement when signing the unanimously passed bill, saying that he hopes the bill gets amended due to how problematic it would be to implement and unintended effects. Of course, the bigger question is whether this change requires more than adding a few input fields and checkboxes to an OS’ account setup and an API call or two.
When we look at the full text of this very short bill, the major questions are whether this bill has any teeth at all. From reading the bill’s text, we can see that the person creating the account is merely asked to provide their birth date, age or both. This makes it at first glance as effective as those ‘pick your age’ selection boxes before entering an age-gated part of a website. What would make this new ‘age-verification feature’ any more reliable than that?
Although the OS developer is required to provide this input option and an API feature of undefined nature that provides the age bracket in some format via some method, the onus is seemingly never put on the user who creates or uses the OS account. Enforcement as defined in section 1798.503 is defined as a vague ‘[a] person that violates this title’, who shall have a civil action lawsuit filed against them. What happens if a 9-year old child indicates that they’re actually 35, for example? Or when a user account is shared on a family computer?
All taken together, this bill looks from all angles to add a lot of nuisance and potential for catching civil lawsuit flak for in particular FOSS developers, all in order to circuitously reimplement the much beloved age dropdown selection widget that’s been around since at least the 1990s.
They could give this bill real teeth by requiring that photo ID is required for registering an (online-only) OS account, much like with the recent social media restrictions and Discord age-verification kerfuffle, but that’d run right over the ‘privacy-preserving’ elements in this same bill.
Mac and windows are already miserably intrusive and I’m sure they’ll lick whatever boots are placed before them.
Is the solve for open source distros just a “click here to swear you don’t live in California” as a part of the download or install process?
The answer is simpler than that. A clause in the license that says “Not for use in California.”
“is known to cause cancer in the state of California”
LOL
sure apple and ms didn’t write the law? big companies love that kind of laws
Yeah, Regulatory Capture. Its why Amaazon was a proponent of online sales tax laws. Its easy foe them to do, but harder foe small e-buisnesses.
Windows is a valid argument, I think. But did you actually use a Mac before?
I’m asking, because many people who never used one are biased torwards Macs and Mac users.
If noticed this myself many times.
Users that knew only Windows all their life couldn’t even
switch on a Macintosh without problems did make ridiculous statements about Macs or Mac OS.
Such as that software must be paid all time or that only little software is available.
As for Apple’s policies.. They’re diffferent in US/EU/China to my knowledge.
I’m not saying it’s not intrusive, though. But applying the US situation to whole world is a bit of a stretch, maybe.
i used macos for a few years, roughly 2005-2010. Because the ibook g3 was the cheapest ‘ultrabook-class’ laptop at that time. For the most part, i found it pretty tolerable. A lot of things ‘just worked’. When i had to deal with the macos alternative to systemd, for example, it was not as bad as the (much later) systemd itself.
But i also found it miserably intrusive. Not only did it ship with a systemd, which changed and broke everything as often as the linux systemd did (I was saved from this fate by apple abandoning update support for g3 not long after i bought the laptop, but i still stumbled onto signs of it when researching the hacks i needed), but it also gave me my first exposure to malware on my own hardware! After a reboot, quicktime popped up an ad! That’s the sort of thing that’s apparently nothing to people coming from a windows or mac background, but it’s literally malware! An unblockable pop up advertisement built into the OS!!! That’s the kind of BS that forty-2 is correctly accusing apple of. If it is a result of bias, it is a bias earned by actual experience.
As an aside, as a developer i also found macos a little intrusive. I ported a softsynth to it, so i had no choice but to use CoreAudio. To its credit, CoreAudio mostly ‘just worked’, and a lot of its design choices were great and forward-thinking! But it had an awkward asynchronous callback model that was completely opaque. These days on Linux, i know most libraries that work that way use pthreads, but on macos there was no way to understand the threading model it was actually using. I know it’s just my own opinion, but the unix everything-is-a-file model is correct. Device access should be read/write/ioctl/mmap. If you want to make it non-blocking then it is up to you to decide if you want to use select/poll/pthreads (or O_NONBLOCK for real weirdos). Unconditionally spawning opaque threads for basic device access is bad practice. And i did occasionally crash (or DoS?) the whole laptop from CoreAudio failing to clean up its apparently-privileged threads. It was not just a hypothetical concern, but frankly the hypothetical concern was enough to be ‘miserably intrusive’ in my mind.
This is, BTW, one of the things i hate about raspberry pi. Their awful vchiq hack pushes you to use a library that makes abominable use of pthreads. Mistakes made when designing their in-kernel device driver make it so even if you reimplement the userspace vchiq library, you still don’t really have any choice but to use threads to work around its weaknesses.
So when are all those california server farms going to implement this?
These kinds of bill work by gating access to the market to OS vendors. But since open source is by it’s nature not commercial, they don’t need access to the market, so this bill doesn’t apply to open source projects. This bill doesn’t stop anyone from downloading, installing and using linux. This bill doesn’t force anyone to add age verification to their hobby OS or something.
encroaching
From what I can understand as I don’t have a degree in Legalesse, but it seems to apply to all OSes. So what are they going to do if a kid tries to set up and use GEOS on a 45 year old computer? Company’s long gone, some of the programmers are either dead of old age or very old and probably can’t remember what STA means. So what then?
Well, if you are Kaliforia, you just make another intrusive law. Maybe require a birth certificate to scan, next? rolleyes. It all rolls down hill and all about control of the population. The government knows best what is good for ‘you’. Leave it up to parents? Like it should be? Government doesn’t think so… cradle to grave control is what they’d like.
They’re just as likely to outlaw “outdated” operating systems, using their security holes as justification.
You see the real tru tru!
The application-related requirements specifically target apps last updated on or after January 1, 2026.
“What would make this new ‘age-verification feature’ any more reliable than that?”
The point is not to be reliable or effective, it is to get the next generation gradually used to providing more and more information until you need to scan your id before using your own damn computer.
California is already suing people outside the state for violating their laws on “illegal computer files” so I wouldn’t be surprised if they try to sue software devs outside California for refusing to go along with this.
sighs… But it is all for the gov, I mean the cheilds…
Man, I can’t wait for the day when I have to age verify on my smart washer before I can clean my clothes.
Luckily, if you don’t live or work in California, there’s nothing they can do to force you to do any of this. I think California is starting to believe they can dictate what the rest of the world can do, which is an extension of the US idea that they can dictate what the rest of the world can do. Time to cut California out of the loop. No OSes for you, and good luck with that.
What if OS makers started stating that people in California are not allowed to use their OS, and breach of the license will be litigated? They’ll quickly find all their computers are illegal to use. They might use them anyway, but once downloads and updates are cut to California, things would quickly begin to fall apart. Universities, businesses, law enforcement, residential life will all come grinding to a halt.
The EU effect exists, for good or ill.
If you look what happened with GDPR, with sites geoblocking EU states, it could make some sites geoblocking California for OS download.
Or maybe comply maliciously, defining the API as the finger protocol and have inetd responding to port 79 only for localhost.
“I think California is starting to believe they can dictate what the rest of the world can do, which is an extension of the US idea that they can dictate what the rest of the world can do.”
You’ll miss us if and when the police state on capitalist steroids called China becomes the world hegemon. Also, your mistake is putting “US” in the same sentence with “California.”
“The EU effect exists, for good or ill.”
Ill. A bunch of unelected, overpaid, bureaucratic leeches (but I repeat myself) micromanaging your life.
And as far as dictating what the rest of the world can do, their anti-free speech rules with huge fines can indirectly influence free speech in the US and the world VIA those fines if a US company providing an internet service wants to continue operating in the EU.
The EU wants to bring back the most effective form of censorship (1:42)
Mike Benz
Oct 3, 2025
https://www.youtube.com/watch?v=jPk-MzdZ5W4
Germans are being arrested for insulting politicians — we need to protect free speech so it never happens here
Feb. 21, 2025
Germany Fights Online Hate Speech: Insults Can Lead to Jail!
February 18, 2025
Americans Shocked by ’60 Minutes’ Report on German Speech Policing
Feb 17, 2025
Not in the EU, but might as well be on this topic:
People Are Being Thrown In U.K. Prisons Over What They’ve Said Online. Can Free Speech Be Saved?
Steve Forbes calls out the ugly crackdown on speech in Great Britain, pointing to the shocking arrests and convictions of people based on what they’ve said online. He urges the U.K. to reverse course.
Sep 09, 2025
Please let’s do distinguish from free speech and right of free opinion.
In Germany, the right of free opinion is one of the highest goods.
Same time, human dignitity is in inviolable. It’s in article 1 of the Grundgesetz (basic law).
By law, people can express what they think freelly, thus.
Same time, though, you just can’t insult others without consequences.
Because that violates human dignity.
Thus, the other person has the right to sue you if you do.
People like politicans do work for the state and insulting them thus is as if you’d attack the state.
Same goes for policemen and some teachers being an civil servant.
You can critize them, though, of course – if you remain civil and don’t use insults (swear words etc).
“Article 1
[Human dignity – Human rights – Legally binding force of basic rights]
(1) Human dignity shall be inviolable. To respect and protect it shall be the duty of all state authority.
(2) The German people therefore acknowledge inviolable and inalienable human rights as the basis of every community, of peace and of justice in the world.
(3) The following basic rights shall bind the legislature, the executive and the judiciary as directly applicable law.”
..
“Article 5
[Freedom of expression, arts and sciences]
(1) Every person shall have the right freely to express and disseminate his opinions in speech, writing and pictures and to inform himself without hindrance from generally accessible sources. Freedom of the press and freedom of reporting by means of broadcasts and films shall be guaranteed. There shall be no censorship.
(2) These rights shall find their limits in the provisions of general laws, in provisions for the protection of young persons and in the right to personal honour.
(3) Arts and sciences, research and teaching shall be free. The freedom of teaching shall not release any person from allegiance to the constitution.”
https://www.gesetze-im-internet.de/englisch_gg/englisch_gg.html#p0020
https://en.wikipedia.org/wiki/Basic_Law_for_the_Federal_Republic_of_Germany
So all the government has to do is define your opinion as “hate speech” and you can no longer express your opinion.
Women going to jail for longer than their rapists because she insulted them! This is the type of BS that goes on in the EU that the US is fighting against.
We’re adults over here and can handle being insulted, it’s better than being imprisoned for speaking out, regardless of which side of the political spectrum you are on.
Scheißkopf!
Posted from Germany!
Put the BPOL on it.
Spare no expense.
Don’t stop w legal subpoenas on HackaDay, using a VPN.
BPOL should have a hacker that can bring me to justice.
Give him/her all the time they need.
@bubba The German basic law was written shortly after the cruelties of WW2.
After so many Jews and other groups had been horrible mistreated, tortured and murdered.
Including the own citizens that stood up to protect them, widthstand the regime
and lost their lives or lost famlily members and friends.
That’s why the basic law takes human dignity and the well being of people so serious.
It’s not about surpression of any kind, but about protecting human life, about free expression and equal rights.
And to make sure history won’t repeat itself.
It also bases itself (in parts) on the constitution of the shortlived Republic of Weimar.
Before the take over by Hitler and its henchmen,
the young German republic was one of the most progressive nations in the world of its time.
Women had rights, could vote. Berlin was a center of international films, fashion and arts.
There were comedians that made political jokes on stage etc.
Some of these things are still preserved on film and vinyl.
It took ages until Germany had recovered, until women got their rights back.
And the basic law was one of the key elements to let it happen.
It’s one of the few things we Germans are “proud of”, if I may say so.
With the Federal Constitutional Court being another one, maybe.
In most cases it seemed to act reasonable and fair so far,
it even stood up against the decissions of the European Court of Justice more than once.
PS: The founding of the FRG was in parts also the achievement of the allies.
Someone could say that the basic law and other things were their legacy, too.
So it would only be natural if the USA and other countries would adopt the positive parts of our democracy and our social market economy.
It woud only be fair, since they helped to give birth to them.
The idea that people have a right to not be insulted is the most backwards notion one can put forward. It’s irrational and arbitrary.
See, that’s one of these culture shocks.
Here in Germany (and I assume other parts of western world),
we don’t define our freedom as being allowed to be an jerk all day who can verbally insult anyone he/she wants to.
We don’t need that, we don’t want that.
In our eyes, adult people don’t behave like loud kids without impulse control.
We prefer to stay polite, we don’t use fck, sht and similar sophisticated words in every second sentence.
It’s not our thing, at least not yet.
You can have it as much as you want, though, so be happy.
Each to his own.
PS: Maybe this explains it better: We define freedom not as (endless) personal freedom to live without any kind of obligations,
but more fundamental as living in a free, democratic society, with human rights.
“Freedom” at its heart means not to be enslaved, it means being able to travel, being able to discuss things privately and in public, being protected by law.
It’s not a free ticket to vandalize your neighborhood or play with firearms, though. Gratefully.
Have a look at former East Germany, if you think that modern Germany is restrictive or unfair.
It was on a different level, it even had the dath penality, still and used trture, people vanished etc.
My experience in Germany is different. These sources might be biased.
Nobody gets “arrested” for minor matters like speech. You might be sued, but even that will in many cases not lead to court case. And even if it’s a criminal offense, an injured party needs to sue for anything to happen.
Anyhow you might define “free speech” in the very hardline “every goes” way. We are not talking about the same thing then.
In Germany and generally the EU if you, without roots in facts, speak ill in e.g. a sexual or discriminatory manner in public, be it in person or online, the injured party has grounds to sue. And there is wide grey area. If there is any, however weak, connection to facts then speech is protected. If you are not making statements but asking questions or expressing feelings, then speech is protected.
Only the most direct, hateful and untrue slander falls under the law.
Still most of these cases are dismissed, very few stick. Things uttered in those instances would make anyone outraged and wanting a boundary for free speech, i hope.
I think the “free speech in Germany” debate totally misses the point of Adtech algorithms promoting the most outrageous nonsense through “social” media. Before the rise of the attention economy, you were rarely confronted with fringe utterances of individuals, and its propagation was extremely limited.
Nowadays, the most appalling bullshit is caught by algorithms built to promote it to as many as possible people, for the sake of their “engagement”, in order sell stuff to them. So the sensible and thoughtful contributions to any debate will never see the surface.
Apart from the aforementioned, the observation is correct that German authorities tend to over-enforce, because, well, they are German.
Thank you! That sums it up pretty well, I think.
Btw, it also makes a difference if some says something as an opinion or not.
Saying “I think you’ve lost your mind!” is perfectly fine, it’s an opinion, not a fact.
I know someone who told me he said that to a police officer.
In the end, after being taken to the police station, the officer had to apologize to that guy.
The police chief ordered him, because the officer violated his citizen right of free expression of opinion.
If he hadn’t said “I think”, the outcome would have been different.
Under normal circumstances, the German police is calm and de-escalating.
If someone snaps, shouts and is generally being aggressive, he/she is being overpowered and taken to police station by car.
But not harmed or physically being discplined etc. At least not intentionally.
The officers are trained for de-escalating, must go to police school for about 3 years
and must have secondary school diploma first.
A character test is required, too, to make sure the officer is mentally stable, not politically biased and not violent whatsoever.
When weapons are involved it can be different, though, because then the police finds itself in an extreme situation (from its point if view).
Probably because innocent citizens usually don’t carry them in Germany.
That’s when they get a bit nervous, maybe. That’s all I can say so far.
There are probably quite some negative examples, too, but I can’t know everything either, of course. 🤷♂️
I believe you’re close, in that free-as-in-beer OS’s will add a Not-for-California disclaimer and be done with it, but commercial OS’s like Red Hat will comply. Microsoft, Apple, Google will certainly comply. But what about Linux? Or even BSD? What if OpenBSD, FreeBSD, and NetBSD each complied, but with unique APIs that made it difficult for software to obtain the user’s age? And what of software common across platforms? Will Firefox need to use different APIs for Mac, Windows, Android, and Linux? Or will software vendors simply not check user’s age, making the whole exercise moot?
The real danger is what comes next. A requirement that web sites ask the browser the user’s age, and thus a requirement that the browser ask the OS? Why have a mechanism for reporting age if you don’t mandate that software/web sites ask? Oh, sure, it’s obvious that Porn Hub should ask the user’s age (they already do), but where do you draw the line? Do you require political sites, LGBTQ advocacy sites, etc. to label themselves “Adults only”? What about Instructables or Hackaday, where you can learn all sorts of dangerous stuff? Who decides which sites are G, PG, R, or X? States? Feds? Courts? How do you maintain a list of “Adult sites” when new sites pop up hourly?
The only thing this law is sure to do is enrich trial lawyers, which may be the point of most legislation when you think about it.
Lawyers tend to be over represented in the political class. It’s not a mistake that law is inconsistent and as complex and ridiculous as it is. It’s all self serving.
They’ve been doing that for literal decades. We’ve had CARB-certified vehicles become the standard in the US, because California is such a large market that it’s simpler for manufacturers to build to that more restrictive standard.
And nearly everything you buy nowadays has a Proposition 65 warning label.
Manufactured goods have production complexities and margins that software does not though.
Regarding the API, adding a system user group for “age_bracket_below_13” etc. would be simple enough.
The silliest requirement is that every program is required to request the age information, even if they have no need to limit anything by age. So yeah, /bin/true should check your age..
No, the bill says “(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:
(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.
(B) …”
So if you don’t need any information to comply with applicable law because your application is suitable for all ages, you don’t need to request any information.
Whole thing is as stupid as most tech legislation. All the OS would have to do to comply is ask at setup for the age range and provide a system call to give the data back. The data is useless and the requirements are so vague it’ll just be abused but lawyers seeking a quick settlement and waste a ton of money. Wish people impacted could sue the state for damages from ill conceived legislation, but hey the make the laws that prevent that too….
Yeah, that’s all it asks. So, let’s spin this yarn and see what it holds and pulls…
I (old) set up a local account on my machine for my kid (young). The account has a flag that says “young”, this is implemented maybe as a group or as an environment variable (the latter would be stupid, but I guess it’s enough to satisfy the rwequirement). Any software that has age restrictions (dunno, stuff like Hexen or Heretic?) can now query the environment variable to see if it is an account for “a young” person and then refuse to start. I fully expect my kid to be able to defeat this and play e.g ego shooters – if they are old enough to work this out they can shoot up some monsters. It would also be really easy to, say, create a bootable USB stick with a linux distro on it that has an account that is in the sudoers group and run everything from there.
Now, getting the implementation coordinated and have a standardised API that everybody can use? Yeah, nah. Though I guess systemd has an implementation for this already… (sorry for trolling)
And what are you doing with OS installer media or one run from a USB stick? How do you enforce this there?
So while I can see some application it is nothing that can really work and nothing that I cannot solve with the “life hack” of “being a parent and checking and educating about media usage”.
Easy, your fingerprint will be needed to get past the UEFI, and in the EUFI you register fingerprints with users and give their age there thus it’s available for all software to query.
Cue kids chopping parents’ fingers off to access the grown up stuff :)
I foresee the same situation as we see today with kids raised via iPad/smartphone. “Mom, it needs you” (Mom taps fingerprint without ever looking at the screen).
This is not the end goal. No one actually cares about the children. This is an incremental step towards state surveillance and real identity tracking at the OS level. Because any one will be able to lie during the setup screen the next step is actual identity verification. If you remove or block the feature you will probably run afoul of DMCA and the digital locks provisions.
This is coming out of the same state that wants to install firmware on your 3D printer so that they can log and block individuals from printing firearm components. The trouble with that is now you have cracked the door open for any company to block 3D printing a replacement part because they own the IP. You also have the privacy eroding behavior similar to the EU push for scanning messages for illegal content.
In Euro they have been trying to implement “chat control” under the guise of “protecting the children”. They want to use AI to do client side scanning of messages and images in such a way that it blocks and reports if a user is attempting to send illegal images. The problem is that once you have a system like that established the temptation will be to use the technology to censor political speech, mean memes or any thing else the state deems inappropriate or subversive. To put it plainly this would end privacy and make every device some thing that is mandated by the state to nark on the user.
All of these laws appear to be written in such a way as to make it impossible for small time developers to participate in OS development or manufacturing of 3D printers by imposing astronomical compliance costs. It is clear that there is a coordinated attack happening to freedom on the internet.
I think we have a real problem on our hands. It use to be that nosy people who got caught sticking there nose where it did not belong would get punched in the face. Unfortunately that response is less frequent today.
The “brains” of a 3D printer aren’t smart enough to do that. The only way I can see implementing this is to require the 3D printer upload its model to the state for a state AI to analyze against a set of known gun parts – but how does the state keep up with new gun designs? And how long must you wait for the state to give the OK? And how long before someone hacks the protocol and fakes the OK signal? Finally, how do you stop people from making their own 3D printers? Another example of legislation that doesn’t understand what it’s trying to regulate.
It’s not like legality has stopped the government from using our devices to spy on us. All the time. Right now even. I would be more alarmed if this actually changed anything regarding surveillance. It doesn’t.
Anyone using Linux will have the same capacity to not install these packages, or use a fork that doesn’t have them. Did we forget how everything works suddenly?
They want to control the firmware for 3d printers as well
So last fall, I wrote my first OS, releasing the free GPL 3 source on Thanksgiving Day in the US. It is an obscure one that I wrote from scratch (with zero AI) in MicroLua for the Raspberry Pi Pico 2 W and Pico W boards for my own use only, publishing a write up on Hackaday.io to inspire/inform others about the underappreciated tech I used. It’s hobbyist, very domain-specific (meant to serve cleartext Spartan pages using the RP2350/RP2040 MCUs), but it is an actual, multitasking OS, and I went to great pains to demonstrate such. Having grown up with 8-bits and encouraged by teachers, parents, and grandparents to program my own computers, the idea of reaching the holy grail of “OS” was a joyful and memorable day for me.
Now, just three months later, am I to understand that myself and those like me will be fined thousands of dollars (per person, even) under AB 1043 if we refuse to code in an age-verification system by 2027? It has no place in an OS like mine. What happened to the 1st amendment (and the 4th)?
This is supremely sad.
Like others point out, it only applies after a certain date so you are in the clear. And as I point out above, this is just another example of make-work for lawyers. Expect lots of lawsuits.
Another virtue signalling useless law, just like their 3d printer legislation
Their 2D ain’t better… https://en.wikipedia.org/wiki/Printer_tracking_dots
Please take time to research before reporting on things that aren’t on fire. I shouldn’t know more about it than you do.
The Californian law as stated doesn’t really deserve the name of “age verification”. It’s enforcing a particular cranky design for parental controls, which you clearly get based on the article text. It isn’t said anywhere that OS provider must spend any effort to check the setup user for lying, only that the app provider that already does for some reason should not follow the OS guidance.
Similar laws are already in progress and/or in effect in several other US states. Some of them are similar in reach, some of them limit themselves to mobile devices. Based on preliminary analysis by System76 crew, the real problem is a New York state bill proposal, which is actually an “age verification” bill requiring “encrypted APIs” and banning self-reporting. Somehow, California is in every headline though, because… I don’t know, is it some US politics stuff? Is hating on CA more acceptable than hating on NY?
That. Yeah, would be easy to implement (in a stupid way) and be of (a little) benefit on a parent administrated machine (no, my kids will not have the root password, not yet). If the environment variable UNDERAGE is set use this network config which configures the PIhole instance with the adult filter list as DNS, otherwise use the other network config. Or something like that.
Yeah, and hating on CA is (as seen from the outside) basically a national pasttime…
No, no, we hate them equally. It’s just until recently CA has had a bit of a monopoly on stupid stuff.
CA’s goes into effect first, so yeah. If NY’s goes into effect then they will get hate.
Pretty simple stuff really.
Indeed, there’s plenty of vitriol left to throw at NY and whichever other state or nation decides to do something idiotic. CA’s bill is coming up on make-or-break time now, so it gets a first pass at said vitriol.
I guess VPN usage will surge in CA, USA.
Think of the children.™
so in open source software you simply put comment:
/* the following lines implement the age verification protocol and return 1 for success of 0 for failure */
Hardware manufacturers should be required to include a blood sampler/genetic tester/face recognizer that will prevent anyone but the registered/licensed user from using any device that is not “age appropriate,” and maintain a database of all users, accessible by all Law Enforcement Agencies. Parents of underage users that manage to allow their children to get around the restrictions should be subject to incarceration, and their children sent to state-run institutions where they can be properly supervised.
California Assembly Bill AB2043 This law is targeting 3d printing! The fascist politicians in Sacramento think every person that owns a 3d printer wants to make a ghost gun. What these fools do not understand, if anyone with intelligence that wants to make a gun, you can do it using a CNC, or a manual milling machine and a lathe. No way the State will be able to track anyone in a garage wanting to make their own gun. This is ridiculous! They also want software to alert an agency if the geometry of the part you are printing resembles a gun part! This is the bill main objectives
Require manufacturers to register each printer model with the California DOJ for approval.
Make it a misdemeanor to knowingly circumvent the protections (i.e. installing open-source software).
Ban the sale or transfer of nonapproved printer which do not have “firearm blocking technology”.
Allow civil penalties of up to $25,000 per violation for selling or transferring non-compliant printers.
This Bill is also being voted on by the State of Colorado, New York, Washington State
It’d be easier to just regulate computers/phones/tablets/etc. at point of sale like cigarettes or alcohol. Show ID to buy them, illegal to give/sell to minors unless your a parent or guardian, problem solved.
If it applies to any OS, what about RTOS’s? Your toothbrush requires age verification before use.
It applies to that too. The DB48X calculator software is going to have a message stating it’s not allowed to be used in California and Colorado.
It would seem that it would only apply if your OS allows you to create an account. So if you have to create and account on your toothbrush then I think the answer is yes.
This is a real threat to Open Source, but devs are already responding. Midnight BSD has already said that anyone using their desktop distro in Kalifornia on or after Jan 1 2027 is doing so without a license. Umarchy has already said that they aren’t going to do anything to comply with “a stupid California law”. I think we should make a license clause that says that anyone in an ID/Age restricted area doesn’t have a license, and they MUST remove all instances of the OS from their servers. Let Brazil, California, Colorado, and New York all go dark. The world runs on Linux. But not them.
Don’t forget to have your laptop, tablet, cell phone, etc. all do the same thing as soon as it detects you have crossed into California. People will stop traveling there when they cannot use their equipment when they arrive. Hit CA in the wallet!
I hope that distro’s will block everyone from California and Colorado (law applies to both), as it’s better for everyone to just ignore them. I’m afraid it will end up like the EU that forces things and the rest of the world has to suffer as a result. All those cookie walls you see online, where you have to approve cookies, are a result of EU law. It doesn’t do anything besides annoy people. It’s not like denying the cookies actually works, it’s just an annoying message you have to click away.
“All those cookie walls you see online, where you have to approve cookies, are a result of EU law”
No they are not.
They are a result of the intention of web sites (and the advertising networks behind them) to track any and all of their visitors across the web. Without the aim at cross site tracking of individuals, these cookies would be redundant and thus no cookie banner would ever need to appear.
Your criticism of the EU bureaucrats is valid in that the cookie banner hell as a consequence of the GDPR was a totally predictable “solution” by the powerful tracking industry.
They ARE the result of EU law. Cookies existed long before the nag screens required by EU law became the norm. Our data was being mined, our movements were being tracked, our systems had fat full cookie jars. No one ever asked if we wanted a cookie, we just got them force fed to use….then the EU demanded sites ask permission. Now we all are stuck clicking through the consent prompt.
The HUGE problem with this age verification is every kid on the internet will network with their bros, and figure out how to hack the age verification, and get themselves an adult status. There’s no way to make this rock solid. There’s a hack for every way they have tried to enforce this. Then there are VPNs. Oh, then forget about enforcing anything. How many kids out there have VPNs? You would be surprised. There are free VPNs out there available. Again with VPNs you can forget about enforcing anything.
The CA age verification requires no hacking cracking or tomfoolery. Its no different than when a website asks you to enter your Bday and kids lie, except now its at an OS level with the OS sending an age category ping out instead of them having to lie over and over again. The current CA proposed law has no form of verification requirements.
How about a PAM module for assessing beard length?
I kind of wonder if this might be considered a constitutional issue given that a programming language might be considered a language, therefore forcing age verification might be considered compelled speech?
Unless this only applies to operating systems where the code is not precompiled such as gentoo
Unless we can get a bill that puts age verification on all non-software products as well everyone that writes OS’s should refuse to comply with this law.
Given the inherent security issues of storing personal data for verification, most OS projects cannot comply and those that can wont be able to keep your very sensitive data from bad actors. Do retro OS need verification too? Oh no I cant run MSDOS to play retrogames anymore. Newsom is high on some weird BS
personal data for verification?
The law does not require photo ID uploads or facial recognition, with users instead simply self-reporting their age and to categorize users into four age brackets (under 13, 13-15, 16-17, 18+) and share this signal with apps and app stores to filter content.
Then it is inconsequential, any one underage capable of an OS installation can circumvent by lying. So still unnecessary. In terms of ID uploads, I would use it on a dating app as its a layer of security to connect with only actual people. But for a site like discord, I stand to lose and gain nothing by uploading my ID to inevitably be stolen.
So now not only we have to convince The Robot that I am not a robot, but I am also of robot-approved age to use the robot services, whatever they turned out to be.
Servants of the robots, unite, while it is not too late. Caaarl Maaarx is calling and he is unsure why this is completely different from his original agenda.
Some OSs don’t have users. Then what happens?
If my kid wants to use the washing machine, I say let them!
In this rare case I assume that this bill will be deemed impossible to enforce, due to all of its practical application issues. It will probably get revised or retracted eventually. The operating systems I use are all perfectly workable without creating any account anywhere. Californication of the US or the broader world only happens when the outcome is at least moderately sensible.
You’d be surprised just HOW MANY unenforceable laws are still around to catch average Sams’ unawares by the war-lawyering entities of all kinds.
IANAL, but it’s my understanding that it’s impossible to live your life without violating some law or another. There are even laws where if you obey one you break the other and visa-versa.
I wouldn’t bet on it… this line was in the summary: “As noted in the Tom’s Hardware article, CA governor Newsom issued a statement when signing the unanimously passed bill, saying that he hopes the bill gets amended due to how problematic it would be to implement and unintended effects.” The proper method in a functioning government would have the governor veto legislation that is problematic. Even if they might be overruled.
I don’t get why the state is putting the responsibility of supervising the children on businesses rather than where it belongs, with the parents. Parents had the children, they are their responsibility, not the people making software. What about hardware manufacturers? Why are the software people the ones having to make sure they verify the age? The whole thing just boggles the mind with how stupid it is.
why is it up to retail to age verify alcohol and tobacco sales?
Why arent the parents of people under 18/21 responsible for making sure their offspring do not attempt to purchase those things?
Whats easier, monitor every parents parenting, or focus on the distribution side of things?
The idea is half baked no doubt. Its current expectation is no better than the “age?” that kids have lied their way into access permissions since the dawn of the internet.
Does anyone else remember that goofy “age verification” quiz at the beginning of Leisure Suit Larry?
Alt-x