this post was submitted on 02 Nov 2025
112 points (94.4% liked)

Privacy

2948 readers
130 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
112
Governor Newsom signs bills to further strengthen California’s leadership in protecting children online (www.gov.ca.gov)
submitted 3 weeks ago* (last edited 3 weeks ago) by Blaze@piefed.zip to c/privacy@programming.dev
42 comments fedilink hide all child comments
 

AB-1043 "Age verification signals: software applications and online services."

Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043

California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.

you are viewing a single comment's thread
view the rest of the comments
[–] renegadespork@lemmy.jelliefrontier.net 9 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

First off, this page references quite a few bills passed, some of which I like and some of which make me concerned, but let’s focus on AB-1043. You can find the text of the actual bill here.

Here’s the more relevant excerpt:

1798.501.
 (a) An operating system provider shall do all of the following:
(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:
(A) Under 13 years of age.
(B) At least 13 years of age and under 16 years of age.
(C) At least 16 years of age and under 18 years of age.
(D) At least 18 years of age.
(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.

Basically OSes will have to have a prompt during setup that asks for age/birthdate to determine the legal age category they user fits in.

Then the OS has to provide some sort of API that provides that category to apps/websites that request it so they can gate content/features appropriately.

IMO this doesn’t seem that bad. It’s basically taking the “I solemnly swear I’m over 18” checkbox away from websites and just requiring it once OS wide (or at least per user account).

I particularly like the specification of #3 requiring only the minimum info required to comply be sent and nothing more.

This actually seems like an attempt to curb all the ID collecting privacy nightmares that are happening lately with poorer implementations.

[–] Botzo@lemmy.world 13 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

The law does not exempt server OS and non-interactive software or software that doesn't need age verification for any reason (like a calculator or offline text editor). It's a nightmare for those reasons alone.

2027 is way too soon for developers to need to implement this because operating systems will first have to decide on the shape of the "signal", and there will necessarily be knee-jerk "fuck you" reactions. Then verification needs to be implemented in hundreds of different programming languages and paradigms. Then developers can start to implement. I guess all my little toy applications that are publicly available on GitHub are now out of compliance, fuck me though.

See my other comment on this post for a longer breakdown of why I believe this is utterly stupid.

[–] shalafi@lemmy.world 4 points 3 weeks ago

Worked at a software dev that was so niche we basically had a monopoly by default. No one is touching that software outside the workplace. Laughing thinking about tomorrow's meetings.

"Seriously? We have to add age verification?!"

[–] iii@mander.xyz 3 points 3 weeks ago

like a calculator

Can still be used to write 80085. Gotta protect the children.

[–] entwine@programming.dev 6 points 3 weeks ago

This is not going to work for its intended purpose for obvious reasons, but you make a good point about moving the burden from websites to OS vendors. That could hopefully make life easier for everyone. It's what I think should have happened with the GDPR cookie banner nonsense: require website operators to respect a browser-level "functional cookies only" option, but with the same harsh penalties for those that ignore it.

But the concerning part to me is that eventually, some desperate attention whoring politician is going to take the "protect the children" angle in the future by introducing a bill that updates this to require more invasive spying at the OS level to verify ages more accurately. And of course, the tech giants will eagerly oblige.

[–] ReversalHatchery@beehaw.org 2 points 3 weeks ago (1 children)

that's interesting. @Blaze@piefed.zip which one is misleading, this parent comment or the post title?

[–] Blaze@piefed.zip 3 points 3 weeks ago

Not sure to be honest, I just updated the title to be strictly the same as the one of the page linked