Apparently this will include Linux…
Cannot legally use BSD in Berkeley?
Wait. What?
Thanks. I know.
Just amusing irony worth pointing out.
Pedantically, I should have used “wont be able” to future-tense it.
Anyway, I’m ready already, with a script to add to any of my distro-respins:
#!/usr/bin/env fish read -P "Are you old enough? (yes/no) " input if test "$input" = "yes" -o "$input" = "Yes" ; echo "Proceeding..." else ; echo "You are not old enough. Exiting." ; exit 1 ; end;)
Apparently this will include Linux…
lol no it won’t. what are they gonna do, go around the world knocking on doors asking open source devs to include age verification in their Linux distros? the law is completely unenforceable.
It isn’t enforceable on the personal level, but every commercial distro will need an implementation (and let’s be honest, they will each create their own) to sell pre-installed or to offer service for public and private device fleets.
Let’s just add it to systemd
Meh, adding an age question to adduser wouldn’t be that bad, we could even replace the current room number question
Can’t wait to create all my accounts using the Unix epoch.
And non-commercial distros?
Depends if their non-profit is Californian or how deeply the mechanism is embedded into their base distro (if applicable).
If [email protected] is right and it’s done through a simple addition to adduser (and the GUIs) every distro that doesn’t actively patch against it, would get it upstream.
If you are a registered entity (even non-profit), you can be fined millions of dollars.
It is a very dumb law.
that’s great. hey, why don’t you ask the UK how fining foreign entities millions of dollars for not doing age verification is working out for them.
you see, laws only apply if the state has the ability to enforce them using violence. california does not have that ability outside of california. california can chew the bark off my big fat log for all I give a shit about the laws there.
Or if they can firewall them, China style. California probably can’t do that, but the UK can.
So this is basically just misinformation. There is no age or identity verification as part of this bill, the age is self-reported by the user and you could select any age you want. The bill requires the operating system to have users select an age when creating an account. The intention is that parents will select their child’s age when setting up their child’s accounts on phones and computers, to age-gate them from accessing certain software or websites.
Regardless, I don’t support this feature being mandatory, because it limits parents’ choices. Parents should be able to choose to disable this feature entirely or allow their children to use an OS that does not include this feature, if that is what they feel is appropriate for their child.
So the OS would also have to have built in content filters or what?
Software would ask the OS for the age range of the user (under 13, 13-15, 16-17, 18+). The software would implement content filters based on these age ranges.
The OS is only responsible for requiring the user to set an age and providing the age range to software.
Still fucking stupid and just a slow creep towards some bullshit like “kernel level age verification” where most Linux distros can’t possibly comply because the chip manufacturers won’t work with developers to certify unless they pay a $10,000 fee.
It’s like Secure Boot but actually, 100% useless.
Thanks for the additional info!
I am asking once again, what is an OS account? I’ve never made an account for any OS I’ve ever used.
If you haven’t done it explicitly you still have one implicitly.
Yes you have.
Anything but holding parents responsible.
Anything but giving parents/users responsibility.
Sudo su root!
Sudo su root now!
I’m giving root to my kids if and when I feel like they can handle it.
This literally IS putting the responsibility on parents.
The law requires that part of “account setup” includes asking the user’s age bracket, and then allowing apps installed via “stores” to retrieve that value from the OS. The entire burden of trust in this implementation is placed on the owner of the hardware, exactly where it should be.
For real. Let’s repeal all the laws around age, and make parents responsible. Drinking, smoking, driving, body art, firearms, etc. Let parents decide!
No, let’s hold parents responsible if their child breaks any laws.
What laws? As far as I know it’s not illegal for children to view pornography. Are you suggesting it should be? And you would have their parents charged with a crime if they were to do it?
I don’t get how this can work practically. Say if I install Arch, right. At which point during the process of entering a bunch of commands when following the installation guide would I be entering my age? And what software would be mandatory to install to enforce blocking content based on my age? pacstrap would need to like, read some file with my age, then install whatever needed based on that?
This makes no sense to me, but maybe I’m missing something.
The law is not for the individual person, but for organisations that develop the OS. So they would go to Arch linux org and start threatening them with huge fines, unless they do something here. And all the headache of how exactly to implement this would fall on arch developers. At which point I suspect they would go the same route as Midnight BSD and just forbid the use in California, because as you rightly said it is impossible to implement age verification in DIY distro.
Blocking use in California is definitely the only way forward. This is not practical to implement.
No operating system needs to know the age of a user, it’s just not within the scope of how it operates normally. Software will always be bypassed no matter what the law is. Brb, “moving” my computers using a VPN.
I can actually imagine this being pretty useful on phones so you can give a kid a phone but prevent it from installing certain software (from normal sources)
You can already require a pin to download anything off the store.
This is fucking stupid
In essence, while the bill doesn’t seem to require the most egregious forms of age verification (face scans or similar), it does require OS providers to collect age verification of some form at the account/user creation stage—and to be able to pass a segmented version of that information to outside developers upon request.
As much as I hate this, just filling in a drop down on OS install is fine with me. This is the ideal solution. Tell your kid’s device it’s for a kid, then use the default age restrictions correctly. That’s perfectly fine to me.
Anything to avoid evil age verification services that force deanonymization through every app and service.
I do still hold a strong reservation against these age locks — how long until the US deems LGBTQ and teaching about slavery as “mature” topics?
I disagree. This is a first step towards something far worse.
It sets up the infrastructure for getting user ages and allowing services and websites to get an attestation from the operating system. Once that system is widely used and becomes ingrained, they can create a follow-up bill that demands the attestation be cryptographically verifiable by a trusted party.
In that scenario, the only way the operating system’s promise that you’re not a minor would be trusted is if it was signed by whoever holds the private keys—and that’s definitely not going to be you, the device owner.
It would either be the government, or more likely, the operating system vendor. In the former case, now services can cryptographically prove that you’re a resident of $state in $country, which is amazing for fingerprinting and terrible for anonymity. In the latter case, you can guarantee that only the corporations will be holding the key (like with Microsoft and secure boot), and you can kiss goodbye to your ability to access services on FOSS operating systems like Linux or custom Android ROMs.
This proposal is just a way to get their foot in the door with something palatable. If you’ve ever come across banking apps on Android using Google Play Services’ SafetyNet feature to restrict access to only “secure” devices, you’ll know exactly how this turns out: either you use the phone you own the “approved” way with a stock ROM where Google has more permissions than you do, or you’re not doing your banking on your phone.
Agree with everything you say, I don’t like that it has to happen but having the device report whether you’re a child or adult makes more sense than having every service do it poorly themselves.
OpenBSD, (unlike Linux) not being copyrighted by a foundation under U.S. law, begs to differ. Fuck the upcoming California law, I say.
They need to do what Midnight BSD did, exclude California residents from the license.
How does BSD work, does it run all the programs Linux can run? Can I run Steam on it?
The headline has “verification” in it presumably as to dog whistle to recent verification schemes gone awry to apparently drive clicks, but the quotes of the law in question don’t seem to actually warrant verification. Just to associate an age to a user account, which seems fine? So long as sudoers are assumed to be 18+ this could have near zero practical impact for day to day setup for many use cases. And let’s face it what’s the point if you are a sudoer, you could just change it?
