275
Colorado proposing Bill to move age verification to Operating System rather than web site (www.biometricupdate.com)
submitted 1 day ago* (last edited 1 day ago) by Beep@lemmus.org to c/technology@lemmy.world
105 comments fedilink hide all child comments

Senate Bill 26-051 reflects that pattern. The bill does not directly regulate individual websites that publish adult or otherwise restricted content. Instead, it shifts responsibility to operating system providers and app distribution infrastructure.

Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established. The provider would then generate an age bracket signal and make that signal available to developers through an application programming interface when an app is downloaded or accessed through a covered application store.

App developers, in turn, would be required to request and use that age bracket signal.

Rather than mandating that every website perform its own age verification check, the bill attempts to embed age attestation within the operating system account layer and have that classification flow through app store ecosystems.

The measure represents the latest iteration in a series of Colorado efforts that have struggled to balance child safety, privacy, feasibility and constitutional limits.

you are viewing a single comment's thread
view the rest of the comments
[-] fubarx@lemmy.world 1 points 4 hours ago

I'll caveat this by saying IANAL. But the way I read Bill 26-051 is that it's looking to implement "user age attestation" not "device or application" (WEI). Two separate things.

Age Attestation requires the OS (or really, the cloud service that implements account-level authorization) and come up with an "age signal." It prohibits using third-party non-public data, and puts the burden on the OS for managing the Go/No Go process. No PII leaves the device.

The alternative is dystopian, poorly managed KYC/AML over-reaches. Under the guise of anti-fraud/anti-gambling, these will reach deep into our communal shorts. They could well soon require individual biometric verification (iris scans, face contour maps, fingerprints, etc). No, thanks.

WEI is a separate story. It's trying to cut down on malicious apps and maybe stop individual sites doing browser fingerprinting. It can only work on systems with single-points of app installation (without side-loading) and devices already locked down with hardware TPMs. So far, that only covers iOS. All the other systems (Linux, Mac, Windows, and Android) let you install your own system-level code without having to go through the One Official appstore. And with WASM, the browser makes it all moot.

Personally, I think WEI is a total waste of time. Trying to squeeze the toothpaste back into the tube. But it's solving a different problem than age verification.

Not to say the Colorado bill is perfect. There is a truck-sized app vs. website loophole in it, so kids can still access social media sites from the browser vs their phones. But the OS can offer an API that browsers can vend to websites without every site rolling their own crappy system. It also doesn't account for a clever kid figuring out how to create a separate adult-appearing user account. Because of course, they will.

Saying it's parental responsibility is unrealistic. I've helped folks set up Screentime, router-level filters, and even Circle (in-home ARP spoofing box, and mobile VPN + fine-grain URL filtering). There are ways around all of it. Besides, the kids can still get exposed to utter bilge via school-approved sites like Zoom, YouTube, or Google Drive. Let's not even bother with messaging apps or in-game chat. This is all assuming parents have the time or knowledge to set things up and manage the filters.

We're not trying to be over-controlling, stop the kids from dancing too close at the prom, or yuck their yum. But as parents, we do want to have some sort of say in what they're exposed to online before their brains have the capacity to process them. The risk to their mental health is real, and just YOLOing it hasn't worked out too well.

I'm sure there's a lot of subtle behind-the-scenes stuff in the Colorado bill. I'll wait to hear what EFF or Mike Masnick have to say about it. But as a techie, app developer, and parent, it reads like the least-worst way to keep a minor away from nasty crap without requiring every one of us to scan our faces and provide IDs to every rando website.

this post was submitted on 21 Feb 2026
275 points (100.0% liked)

Technology

81653 readers
4120 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws