Doesn't even make sense. Virtually all Linux distros can function completely offline. How do you do age verification completely offline? Classic politician who doesn't understand tech trying to look like they're doing something to save the kids.
The only platforms for now where this might work are Windows, macOS, iOS, and stock Android, however as Muta hypothesized, if this extends to hardware-level, a law could just mandate SecureBoot and lock out the ability to implement custom keys, and then only allow a short list of state-approved OSes to boot on the hardware, which no doubt Windows would be on that short list.
Similarly, all non-Apple mobile devices as an extension to that could be locked exclusively to stock Android, eliminating custom ROMs like LineageOS or GrapheneOS as an option entirely, let alone mobile Linux distros.
Me, buying cellphone parts from another state to assemble myself like an 80% lower to avoid having to drink a Verification Can every time somebody calls me:
I think I just invented the concept of a "ghost phone"
They will make it a crime to not have any OS that is not compliant, that simple.
"(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Sounds like it’s a text box that enter input into. Making it completely pointless.
I don't care if there is a package called gnome-age-verification distributed in my linux distro and would prefer it if it means fewer sites with facial biometric tests. If I have concerns about the age verification, then I should be able to type:
sudo dnf remove gnome-age-verification
California probably wants it in linux distros so that linux can't be a justification for big tech still demanding Orwellian stuff in every website (ie "but what about the children who use linux? we need to protect them with Persona too!")
But where would it stop? The hell version of this would be kernel-level-approved-AI-agent-checks, with an OS required to have an approved AI agent with a validated third party key that reports to the government with required telemetry and the kernel makes sure the OS won't run without the approved AI and then makes illegal any scripts for unapproved kernel code modification. And post-Tornado cash, we know code is unfortunately not protected US speech.
Define "Operating System"...
I guess my washing machine & car are also going to be "not for use in California."
Those Cisco switches & Broadcom DSLAMs would be tricky too ... I guess the internet's "not for use in California."
And the air-gapped power station control system? "not for use in California."
It is annoying that these laws come in (I'm also including magical thinking about encryprion backdoors for "the good guys") without any form of real-world, practical assessment. Complete waste of tax payers money and undue stress for everyone.
FFS.
Imagine you’re not allowed to use your washing machine if you’re under 18.
Can this be circumvated saying it's distribution rather than OS ? 🤠
Or just refusing to run servers in California. Much like the US DRM encryption restrictions of the 90s. Where the whole Linux community just had distributions required parts of the download to happen in non US servers.
A single, (although big and very active in Linux) state, will always have more limitations then a nation. The issue comes if it becomes US national. And then the US starts pushing other nations to sign agreements.
Given at some point trumps harm to all international treaties will likely be repaired. Their may come a huge opportunity for US politicians to renegotiate international treaties.
Assuming trust is ever returned.
env USE=-fascism emerge -ave world
Sorry but I don't think the article text backs up the title?
The claim is that they have to enforce age verification, but the quoted law says:
Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Doesn't this just mean it needs to ask for an age at setup, so e.g. parents can set it up with an age and they can automatically be restricted?
I don't see anywhere actual verification is required, if you're setting it up yourself then just lie?
Honestly, this sounds like my preferred path if we are gonna do anything.
And I don't understand, because windows already does this and has for years. I don't live in California though, so I don't know the particular nuances they are asking for.
The problem is, and has always been, getting parents to use the tools. So unless you're sending parents to jail for not doing this, then it's totally optional and most won't use it.
If you want screentime limits, content filters, browsing history, restricted programs, age verification, wallet control, friends list filters, etc. It exists and is available on Windows and Xbox for free.
I think the next bit from the article I didn't quote explains that:
"(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user." The categories are broken into four sections: users under 13 years of age, over 13 years of age under 16, at least 16 years of age and under 18, and "at least 18 years of age."
I think the idea is that you would say that under 16s can't use social media. Then you'd enforce this not with the horrendous Australian strategy of having everyone IDed, but instead you would enforce it by having an API that websites and apps could use that would tell them the age of the user.
So basically:
Windows might already have parental controls within Windows, but it's the ability for apps and websites to know the age (or in this case age range) that is the important part.
I much prefer this than handing over ID.
But why do they assume that I am goung to create an acconut to simply use an OS?
"Lets fight ICE" also "you need an id to use your laptop and be verifed by big tech to use it" Worse then clowns. Fucking traitors
"At þe account creation screen" þe WHAT NOW? ah yes cause linux definitely has an account creation screen. Could be a loophole
My linux has no screen.
That's the problem. They don't care if you have a screen, they need the screen.
Spotted the thorn þ enjoyer!
Real connoiſſeurs uſe the long s.
In essence, while the bill doesn't seem to require the most egregious forms of age verification (face scans or similar), it does require OS providers to collect age verification of some form at the account/user creation stage—and to be able to pass a segmented version of that information to outside developers upon request.
So you just fake a date and call it a day… thank you Cali…
For real though I can’t imagine the sysadmin and docker nightmares that arise from having to completely overhaul your account orchestration scripts to input a garbage birthday.
I don’t think anyone thought of the fact that an account on an OS doesn’t always correspond to a human.
But... but it's for the safety of children. /s
Fucking morons.
I think your keyboard autocorrected minors to morons. (If we learned anything from the epstein files)
All this age verification crap. Where is the fucking parents? I get that big tech has some responsability in all this. But how about we just make the responsible choice, of not letting a 8 year old near tiktok forinstance? Oh, it is just another excuse for private survailance you say? I see, I see...
I have genuinely no idea how that could work.
I believe I get the genuine intent (protecting children) but I have so far never encountered any device or software or both that didn't relatively easily bypass user authentication.
The closest I've tried are (expensive) XR headsets like the Apple Vision Pro or the Microsoft HoloLens both thanks to eye tracking. Basically for these you have to validate you are who you claim to be when you put the headset on. If you remove it, put it back (or on someone else head) you have to do it again. Nobody else (unless you explicitly share) can then see what you are looking it.
Every other devices I've seen, including mobile phones with banking apps, typically ask you to authenticate then assume than you are the one who keeps using the device. Meanwhile anybody else can grab the device from your hand and be "you". Typically specific action (e.g. password change) do require to authenticate again but "normal" usage does not.
So define Operating System. Are embedded systems Operating Systems? Coz that's going to cast a rather wide net.
Selective enforcement. Basically if they want to do shit to you they will prosecute you, otherwise they won't bother.
I can't wait for my microwave to ask me to take off my glasses, face the camera, and turn my head slowly from left to right.
Linux distributions should react by asking users to confirm they're not in California. They'll backpedal fast.
Eveny single website running should do this, and refuse to display for Californians
No one is going to enforce this. It's political theater, and will in no way protect children.
Fucking stupid. What now, everyone adds a script to enter 04/01/1984 for every continuous integration pipeline? Every kubernetes cluster has to include an age automation? Idiot politicians should not draft policies about shit they have no clue about.
The way this is written, it would just be a case of entering your age or DOB at account creation, which wouldn't be so bad. Indeed, this would be the kind of parent-empowering solution I'd like to see, since it kind of assumes the admin of a device (who sets up user accounts) is an adult who will enter the correct info for their kids.
Of course, there's always the concern they might try to push for adding 3rd party age attestation after the fact, with this being the thin end of the wedge. And it'd be a bit of a pain for the various linux distros to organise a compliant solution even IF it's just adding a new parameter to useradd and the associated "age signal" API for applications to query.
That's what it sounds to me. You just have to enter a date of birth, which I think puts parents in control of this, rather than shady websites.
Something that I, as a parent, really miss, is the ability to have some parental control without having to subject myself to horrifically broken systems like those from Microsoft and Google, which are just painful to use and don't offer any meaningful control. Minecraft has become almost impossible to use lately, and apparently it's going to get even worse.
More applications should have a simple child mode that connects it to a parent mode that allows the parent to keep an eye on what their kid is doing and enable or disable some features for them, but instead, they make it impossible to create an account, and if you do, you've got an account that can't do anything. It's broken and stupid and shouldn't be so difficult.
Maybe Linux could set a better example in this.
yeah good luck with that, lmao. this is 100% unenforceable. and even if a distro does opt to comply (ubuntu, most likely) all one has to do is jump ship to another one that's given this law the finger.
This operating system contains code known to the State of California to cause cancer or reproductive harm.
Gotta love it when people who have no understanding of how Linux works writes laws about how Linux should work...
It goes way beyond Linux. Think any device that could download something at some point. Gas station pump, calculator, FreeDos, VxWorks, etc.
There is a lot of language like "or can download an application", so if you can download something, then that thing could be an application, and thus that device and it's OS is covered.
I see a dipshit lib, I downvote. Fuck this guy.
And are they going to require ID to verify birth dates, or is this just going to be a drop down menu? If the latter, I'm pretty sure everyone's birth date is 1/1/1901. I'm so tired of this surveillance shit masquerading as "save the children" nonsense. I hate to say it, but this is a parenting problem and if your kids are more tech-savvy than you are, they WILL find a way around these safegaurds.
I'm pretty sure everyone's birth date is 1/1/1970
FTFY
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0