Privacy

Good luck enforcing that on Linux.

You just know that when a bill is titled "Protect the little children from eternal suffering bill", it's gonna contain some real fucked up anti-privacy nonsense in it.

Et tu, California with Democratic majority in both chambers? Fucking disgraceful.

I apologize for this being posted about 2 weeks after the bill was signed, was going through my usual methods of checking news and new laws and found this.

Now terminals will read: “GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law, and contains code known by the State of California to cause cancer or other reproductive harm.” /j

He can go fuck himself. "Dems are the good guys!!!" Fuck off. This isnt about protecting kids. Its about tracking, profiling and data collection. No doubt to sell to 3rd parties. Fuck all these cunts who push this shit.

Read the link yall

The bill requires:

• OSes to take user birthday during account creation
• this info is binned into categories (<13, 13-16, 16-18, >18)
• the category info must be made available to basically all software
• software is supposed to use this data to age gate content but is not allowed to send this data to 3rd parties

What this bill does not do:

• Your full birthday is specifically not to be sent to every application
• OSes are not being asked to check your id it doesn’t say the OS should do anything to verify the birthday, just that it should record it
• There isn’t anything to prevent you from entering 1/1/2000 instead of your real birthday

Honestly this doesn’t seem that bad to me. If anything it’s a little pointless. This style of age verification is basically universally already used. I guess you could read this as forcing OSes to have parental controls.

I do think there is a bit of a privacy issue in this information being shared with every program, but they attempt to minimize this using the binning (so ironically it really only hurts the privacy of teenagers since for adults it will just say >18), and this information is supposed to not be shared with 3rd parties (but we all know Facebook and Google are going to do whatever they can this info, pushing the limits of that part of the law, or just waiting to be sued and paying the fine when it happens).

I honestly think most Linux distros will just implement it.

This is probably the most dystopian child safety bill so far.

Take it from a Brit... It's not about the children. It's never about the children.

Fuck that stupid bullshit.

(b) If an application last updated with updates on or after January 1, 2026, was downloaded to a device before January 1, 2027, and the developer has not requested a signal with respect to the user of the device on which the application was downloaded, the developer shall request a signal from a covered application store with respect to that user before July 1, 2027.

(f) “Developer” means a person that owns, maintains, or controls an application.

1798.503. (a) A person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation

So a developer of a FOSS application that gets installed on a device on California via a 3rd party app store (maybe F-droid) must have implemented a query to the OS for this data. Even if the app does not actually provide any inappropriate content or actually any content.

Nor does it matter if he is involved in the distribution of the app to California, a FOSS app redistributed via a 3rd party (F-droid maybe) would make the developer subject to this.

Please update your title to remove the misinformation about the bill, specifically calling it "OS-level ID verification" is not even close. It's not got anything to do with personally identifying information or any actual verification of age information.

It's actually an incredibly privacy conscious method of doing what it is trying to do, which is to allow parents to set up a child's account with their age information on a device and have that age bracket information passed to websites and applications. That way, it makes it harder for a child to bypass age-restrictions, but without requiring dangerous age verification methods such as ID or face scans.

Mandatory os-level

Cute attempt, but libre software - as always - remains superior and impossible to control. That's by design. Write any law you want, I can modify whatever line of code implements this stupid check, remove it, and move on.

Gavin is as slimey as his hair.

i hope people talking about him as a potential president remember this; he's a conservative robot who doesn't give a shit about you.

Coincidentally, my birthday is 1900, January 1st.

We’ve seen some truly horrific and tragic examples of young people harmed by unregulated tech, and we won’t stand by while companies continue without necessary limits and accountability.

So it's individuals that will get the limits and accountability while privacy companies will get off with slaps on the wrist when they inevitably have data breaches. Really tired of this double speak bullshit.

Why do I need to show my ID to install Gentoo?

While I oppose this with every inch of my being I do look forward to seeing some super tongue in cheek implementations in Linux distros.

export $AGE

Linux dev sitting there like: well, my work is done.

Interesting, it's vague, and obviously going to go through legal hurdles. Windows, Google, and Apple will just do it. Ubuntu might, but what about Debian, or any number of server OS's? Will users need to verify their age logging into a server? What about forks? Forks of forks? OSes developed outside of the US?

Where this could be an opportunity, and hear me out, is that this could pave the way for privacy-friendly age checks to shut them up about "what about the children". The bill says that all it needs to check is age - nothing else. If the OSS community can come up with a way to privacy-friendly validate age, then this whole thing could be solved. Websites wouldn't need to store IDs, they could ask the browser who would check the OS. In fact, that might be the purpose of this bill, to curb all the "Just collect their IDs" with the websites. If the OS had a check stored securely that you're over 18 and nothing else, then all other age checks could be cut.

Also interestingly, it reads like they might be angling against Microsoft and Google for collecting private information on minors because "We didn't know they were minors, how could we?".

I don't like it one bit and it's going to be completely unenforceable - and OSes like Arch will say "You can't use this in California", but if that's the angle they're trying to do, it might work.

Won't somebody think of the children!

Fuck that. If Debian includes that, I'll just rip it out myself.

Lovely aint it?

Can't wait for the big wigs to start sponsoring bills going after whistleblower protection.

They tried the same 'to protect the children' BS excuse to introduce more authoritarian police state surveillance in Europe, it didn't work.

And I thought he was the good guy. Fuck everything about this. Dick "we must protect our children". From what?

This bill, beginning January 1, 2027, would require, among other things related to age verification with respect to software applications, an operating system provider, as defined, to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would require a developer to request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

I'm not sure how this is going to be enforceable. So, in essence:

• The OS should have an accessible API that returns the age bracket of the user, presumably for the purposes of eliminating a lack of compliance on apps using children's data for advertising. That's not necessarily a massive problem, though I don't like the idea of age brackets, I'd prefer it if it's just a "Adult" vs "Child" bracket.

• It doesn't seem to be asking that the age be verified through some external provider, so simply stating the age of the user is enough.

• App developers are expected to always request that information on launch/installation, which is simply not going to work because how would you enforce it for software made before this law came into effect?

• The definition of "covered application store" is way too broad and covers basically anywhere you can download software, including things like public docker hubs or Github, so no that's never going to work out. Apple and Google can maybe include the request for age brackets and provide that information by default as part of the SDK, but legacy software? Good luck getting WinRAR to request that information. You've essentially banned all software made before 2025.

So... The OS-level stuff isn't a huge deal, but the requirements on app developers are way too strict and would be unworkable. If I were to re-write the bill, I'd make it so the age bracket must be available at the OS level, but not required by the app developer to actually use it. I would then add more strict requirements on sites to not use children's data for advertising, with the reasoning being that they could have asked for the age bracket from the OS at any time, and the fact that they didn't even bother means they actually wanted to use children's data.