this post was submitted on 02 Nov 2025
112 points (94.4% liked)

Privacy

2957 readers
88 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
112
Governor Newsom signs bills to further strengthen California’s leadership in protecting children online (www.gov.ca.gov)
submitted 3 weeks ago* (last edited 3 weeks ago) by Blaze@piefed.zip to c/privacy@programming.dev
42 comments fedilink hide all child comments
 

AB-1043 "Age verification signals: software applications and online services."

Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043

California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.

you are viewing a single comment's thread
view the rest of the comments
[–] renegadespork@lemmy.jelliefrontier.net 9 points 3 weeks ago* (last edited 3 weeks ago) (6 children)

First off, this page references quite a few bills passed, some of which I like and some of which make me concerned, but let’s focus on AB-1043. You can find the text of the actual bill here.

Here’s the more relevant excerpt:

1798.501.
 (a) An operating system provider shall do all of the following:
(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:
(A) Under 13 years of age.
(B) At least 13 years of age and under 16 years of age.
(C) At least 16 years of age and under 18 years of age.
(D) At least 18 years of age.
(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.

Basically OSes will have to have a prompt during setup that asks for age/birthdate to determine the legal age category they user fits in.

Then the OS has to provide some sort of API that provides that category to apps/websites that request it so they can gate content/features appropriately.

IMO this doesn’t seem that bad. It’s basically taking the “I solemnly swear I’m over 18” checkbox away from websites and just requiring it once OS wide (or at least per user account).

I particularly like the specification of #3 requiring only the minimum info required to comply be sent and nothing more.

This actually seems like an attempt to curb all the ID collecting privacy nightmares that are happening lately with poorer implementations.

[–] entwine@programming.dev 6 points 3 weeks ago

This is not going to work for its intended purpose for obvious reasons, but you make a good point about moving the burden from websites to OS vendors. That could hopefully make life easier for everyone. It's what I think should have happened with the GDPR cookie banner nonsense: require website operators to respect a browser-level "functional cookies only" option, but with the same harsh penalties for those that ignore it.

But the concerning part to me is that eventually, some desperate attention whoring politician is going to take the "protect the children" angle in the future by introducing a bill that updates this to require more invasive spying at the OS level to verify ages more accurately. And of course, the tech giants will eagerly oblige.

load more comments (5 replies)