Privacy

Take it from a Brit... It's not about the children. It's never about the children.

Why do I need to show my ID to install Gentoo?

i hope people talking about him as a potential president remember this; he's a conservative robot who doesn't give a shit about you.

"Age verifications" AKA "A complete ID and access record of all that you do on your personal electronics." This is some seriously dystopian surveillance and control shit and it has nothing at all to do with children.

This bill, beginning January 1, 2027, would require, among other things related to age verification with respect to software applications, an operating system provider, as defined, to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would require a developer to request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

I'm not sure how this is going to be enforceable. So, in essence:

• The OS should have an accessible API that returns the age bracket of the user, presumably for the purposes of eliminating a lack of compliance on apps using children's data for advertising. That's not necessarily a massive problem, though I don't like the idea of age brackets, I'd prefer it if it's just a "Adult" vs "Child" bracket.

• It doesn't seem to be asking that the age be verified through some external provider, so simply stating the age of the user is enough.

• App developers are expected to always request that information on launch/installation, which is simply not going to work because how would you enforce it for software made before this law came into effect?

• The definition of "covered application store" is way too broad and covers basically anywhere you can download software, including things like public docker hubs or Github, so no that's never going to work out. Apple and Google can maybe include the request for age brackets and provide that information by default as part of the SDK, but legacy software? Good luck getting WinRAR to request that information. You've essentially banned all software made before 2025.

So... The OS-level stuff isn't a huge deal, but the requirements on app developers are way too strict and would be unworkable. If I were to re-write the bill, I'd make it so the age bracket must be available at the OS level, but not required by the app developer to actually use it. I would then add more strict requirements on sites to not use children's data for advertising, with the reasoning being that they could have asked for the age bracket from the OS at any time, and the fact that they didn't even bother means they actually wanted to use children's data.

He can go fuck himself. "Dems are the good guys!!!" Fuck off. This isnt about protecting kids. Its about tracking, profiling and data collection. No doubt to sell to 3rd parties. Fuck all these cunts who push this shit.

Mandatory os-level

Cute attempt, but libre software - as always - remains superior and impossible to control. That's by design. Write any law you want, I can modify whatever line of code implements this stupid check, remove it, and move on.

Coincidentally, my birthday is 1900, January 1st.

The whole point of the GNU/Linux operating system is for free speech. Whatever you're trying to do California, it's not going to happen. I refuse to run any proprietary software on my machines. It's astounding that any porch for freedom is just gets blindly attacked by a bunch of uneducated fools. What a boring dystopia we live in...

What is the point of bucketizing the actual age when anything querying it can simply note the date at which the user shifts to the next bucket to determine the exact birth date even if it never sees the exact birth date?

Furthermore, what about a common login like on a media PC?

What about a Steam Deck that gets shared around a household?

This is all very dumb. Could be a lot worse but it's still very dumb.

Good luck enforcing that on Linux.

You just know that when a bill is titled "Protect the little children from eternal suffering bill", it's gonna contain some real fucked up anti-privacy nonsense in it.

Computer code is a form of speech. It is mind-boggling to me that California wants to assert its rules over all FOSS software.

If California is able to do this, what stops them from next requiring Arch to be bundled with ID-checking Persona as part of a mandatory GUI installation?

Maybe Arkansas wants a mandatory "governemnt module" in Fedora to allow easy remote access?

Perhaps Dubai would like ProxMox to ping Dubai's government so they can create an IP registry of ProxMox users?

And since so many developers use github, will github just ban developers who don't comply?

I understand that such a rule could undermine Project 2025's objectives, but it is still a slippery slope.

This is probably the most dystopian child safety bill so far.

Gavin is as slimey as his hair.

Read the link yall

The bill requires:

• OSes to take user birthday during account creation
• this info is binned into categories (<13, 13-16, 16-18, >18)
• the category info must be made available to basically all software
• software is supposed to use this data to age gate content but is not allowed to send this data to 3rd parties

What this bill does not do:

• Your full birthday is specifically not to be sent to every application
• OSes are not being asked to check your id it doesn’t say the OS should do anything to verify the birthday, just that it should record it
• There isn’t anything to prevent you from entering 1/1/2000 instead of your real birthday

Honestly this doesn’t seem that bad to me. If anything it’s a little pointless. This style of age verification is basically universally already used. I guess you could read this as forcing OSes to have parental controls.

I do think there is a bit of a privacy issue in this information being shared with every program, but they attempt to minimize this using the binning (so ironically it really only hurts the privacy of teenagers since for adults it will just say >18), and this information is supposed to not be shared with 3rd parties (but we all know Facebook and Google are going to do whatever they can this info, pushing the limits of that part of the law, or just waiting to be sued and paying the fine when it happens).

I honestly think most Linux distros will just implement it.

(b) If an application last updated with updates on or after January 1, 2026, was downloaded to a device before January 1, 2027, and the developer has not requested a signal with respect to the user of the device on which the application was downloaded, the developer shall request a signal from a covered application store with respect to that user before July 1, 2027.

(f) “Developer” means a person that owns, maintains, or controls an application.

1798.503. (a) A person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation

So a developer of a FOSS application that gets installed on a device on California via a 3rd party app store (maybe F-droid) must have implemented a query to the OS for this data. Even if the app does not actually provide any inappropriate content or actually any content.

Nor does it matter if he is involved in the distribution of the app to California, a FOSS app redistributed via a 3rd party (F-droid maybe) would make the developer subject to this.

Lovely aint it?

Can't wait for the big wigs to start sponsoring bills going after whistleblower protection.

I apologize for this being posted about 2 weeks after the bill was signed, was going through my usual methods of checking news and new laws and found this.

Now terminals will read: “GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law, and contains code known by the State of California to cause cancer or other reproductive harm.” /j

While I oppose this with every inch of my being I do look forward to seeing some super tongue in cheek implementations in Linux distros.

export $AGE

Linux dev sitting there like: well, my work is done.

Please update your title to remove the misinformation about the bill, specifically calling it "OS-level ID verification" is not even close. It's not got anything to do with personally identifying information or any actual verification of age information.

It's actually an incredibly privacy conscious method of doing what it is trying to do, which is to allow parents to set up a child's account with their age information on a device and have that age bracket information passed to websites and applications. That way, it makes it harder for a child to bypass age-restrictions, but without requiring dangerous age verification methods such as ID or face scans.

seems like MS lobbying group.

Fuck that stupid bullshit.