this post was submitted on 13 Mar 2026
533 points (99.4% liked)
Linux
12778 readers
480 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm guessing one of the motives is to be able to get more data from non meta users. If the API exists at the operating system level, they can then use the code behind that stupid little Facebook button that every website has to get user age as well as the normal browser fingerprinting data.
God, I hate them so f-n much. Ad-supported social media must die.
My understanding is the API only applies to app stores.
Nope. Most of these legislations are pushing for OS level.
Yes, and the OS communicates this to the app stores.
App stores and anything else that makes a call to that API.
Your browser would have to allow that.
You mean the browsers all based on code from Google and Apple, who also want that info, and will be pressured to use that API to "protect the children" from adult websites?
No, I do not.
That question was rhetorical. Apple and Google account for 95% of the browser market.
I know what you meant, but I guess you've never heard of this little thing called a fork. Or Firefox.
You honestly believe that the general public is going to suddenly rush to chromium or Firefox forks?
Didn't say they would.
Then why would they be relevant to a discussion about legislation that affects the general public?
No one said anything about "general public".
We are talking about legislation. Unless it's very specifically targeted legislation, the conversation always is about the general public.
It isn't.
lol You quite literally do not know what you're talking about and it's hilarious. Hilariously pathetic.
Hi, I am here to tell you that it is not particularly trivial to make the kind of changes required to make the websites keep working while also preventing stuff similar to JS fingerprinting.
Some extensions do a decent job in certain cases, but the only ones that completely fix the problem are the ones that simply turn off JS. I checked out what Librewolf's changes do, using amiunique.org and in some tests it even ends up increasing the uniqueness.
You will essentially require identifying different parts of the JS engine that expose said vulnerabilities and then creating mitigations for each of them, with either the "blend in" or "randomise" strategy and will also require to make sure they are not detected over any domain (due to partial overlap of either change).
This kind of change for a single person will require properly understanding the JS engine codebase and then making and maintaining all required patches over the course of the fork as the main project goes forward. This is pretty much a full time job.
Even if multiple people are working on it, one would still require a good understanding of the codebase.
I suggest recruiting one of the retired/laid-off Firefox engineers, if you have the funds.
...why are we talking about JS and fingerprinting?
The application of age indication is just going to be another metric that these companies use for fingerprinting and person identification, one that some analyst on their inside possibly considered a useful data point.
And while this particular API might be an easy one to target, for removal as a patch, it might end up being part of a JS framework that many websites use and will break in case the return value is not available.
So if people require sites to work, this will become just another feature, requiring similar mitigations to other JS features I mentioned, that will need to be handled in a way that it increases the anonymity of the user, lest the user be subjected to harassment.
By "harassment", I mean the actual inescapable kind, not just random internet trolls.
As I said, there's nothing to suggest they would receive such an indicator, as far as I'm aware. The indicator is only required between the app store and the OS.
Facebook has "apps", no?
Last I checked, it had stuff like FarmVille, FrontierVille, etc.
We weren't talking about apps, we were talking about Facebook like buttons on websites.
Causation:
That's not an app store.
Does the Court ask you?
Does the legislature?
Does Meta come to ask what you call an "App Store"?
The legislation clearly states what is and is not an app store. I'd recommend you mull it over.
100% sure they all come in the category of an "App Store" when convenient for the lobbyist.
That is incorrect, the OS communicates the data to any "app" running on the system that asks for it. The text of the bill (the CA bill specifically is the one I have read) states that any developer of any app must ask for the age bracket from either the OS or the App Store, so the OS will have to have the API open to any "app" running on the device, not just the "app store". Also, they define "app store" as any website or software that people can download and install software from, which is VERY broad.
And everything else, including via the little Facebook button on various pages.
No.
You've convinced me with such a compelling ~~argument~~ statement of fact.
It's not an argument, it's a statement of fact.