Good luck enforcing that on Linux.

You just know that when a bill is titled "Protect the little children from eternal suffering bill", it's gonna contain some real fucked up anti-privacy nonsense in it.

Read the link yall

The bill requires:

• OSes to take user birthday during account creation
• this info is binned into categories (<13, 13-16, 16-18, >18)
• the category info must be made available to basically all software
• software is supposed to use this data to age gate content but is not allowed to send this data to 3rd parties

What this bill does not do:

• Your full birthday is specifically not to be sent to every application
• OSes are not being asked to check your id it doesn’t say the OS should do anything to verify the birthday, just that it should record it
• There isn’t anything to prevent you from entering 1/1/2000 instead of your real birthday

Honestly this doesn’t seem that bad to me. If anything it’s a little pointless. This style of age verification is basically universally already used. I guess you could read this as forcing OSes to have parental controls.

I do think there is a bit of a privacy issue in this information being shared with every program, but they attempt to minimize this using the binning (so ironically it really only hurts the privacy of teenagers since for adults it will just say >18), and this information is supposed to not be shared with 3rd parties (but we all know Facebook and Google are going to do whatever they can this info, pushing the limits of that part of the law, or just waiting to be sued and paying the fine when it happens).

I honestly think most Linux distros will just implement it.

I apologize for this being posted about 2 weeks after the bill was signed, was going through my usual methods of checking news and new laws and found this.

Now terminals will read: “GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law, and contains code known by the State of California to cause cancer or other reproductive harm.” /j

This is probably the most dystopian child safety bill so far.

Fuck that stupid bullshit.

Take it from a Brit... It's not about the children. It's never about the children.

Please update your title to remove the misinformation about the bill, specifically calling it "OS-level ID verification" is not even close. It's not got anything to do with personally identifying information or any actual verification of age information.

It's actually an incredibly privacy conscious method of doing what it is trying to do, which is to allow parents to set up a child's account with their age information on a device and have that age bracket information passed to websites and applications. That way, it makes it harder for a child to bypass age-restrictions, but without requiring dangerous age verification methods such as ID or face scans.

(b) If an application last updated with updates on or after January 1, 2026, was downloaded to a device before January 1, 2027, and the developer has not requested a signal with respect to the user of the device on which the application was downloaded, the developer shall request a signal from a covered application store with respect to that user before July 1, 2027.

(f) “Developer” means a person that owns, maintains, or controls an application.

1798.503. (a) A person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation

So a developer of a FOSS application that gets installed on a device on California via a 3rd party app store (maybe F-droid) must have implemented a query to the OS for this data. Even if the app does not actually provide any inappropriate content or actually any content.

Nor does it matter if he is involved in the distribution of the app to California, a FOSS app redistributed via a 3rd party (F-droid maybe) would make the developer subject to this.

Mandatory os-level

Cute attempt, but libre software - as always - remains superior and impossible to control. That's by design. Write any law you want, I can modify whatever line of code implements this stupid check, remove it, and move on.

Gavin is as slimey as his hair.

Coincidentally, my birthday is 1900, January 1st.

i hope people talking about him as a potential president remember this; he's a conservative robot who doesn't give a shit about you.

We’ve seen some truly horrific and tragic examples of young people harmed by unregulated tech, and we won’t stand by while companies continue without necessary limits and accountability.

So it's individuals that will get the limits and accountability while privacy companies will get off with slaps on the wrist when they inevitably have data breaches. Really tired of this double speak bullshit.

While I oppose this with every inch of my being I do look forward to seeing some super tongue in cheek implementations in Linux distros.

export $AGE

Linux dev sitting there like: well, my work is done.

Why do I need to show my ID to install Gentoo?

this is one of the most idiotic laws I have ever seen, and Newsom is an idiot.

Interesting, it's vague, and obviously going to go through legal hurdles. Windows, Google, and Apple will just do it. Ubuntu might, but what about Debian, or any number of server OS's? Will users need to verify their age logging into a server? What about forks? Forks of forks? OSes developed outside of the US?

Where this could be an opportunity, and hear me out, is that this could pave the way for privacy-friendly age checks to shut them up about "what about the children". The bill says that all it needs to check is age - nothing else. If the OSS community can come up with a way to privacy-friendly validate age, then this whole thing could be solved. Websites wouldn't need to store IDs, they could ask the browser who would check the OS. In fact, that might be the purpose of this bill, to curb all the "Just collect their IDs" with the websites. If the OS had a check stored securely that you're over 18 and nothing else, then all other age checks could be cut.

Also interestingly, it reads like they might be angling against Microsoft and Google for collecting private information on minors because "We didn't know they were minors, how could we?".

I don't like it one bit and it's going to be completely unenforceable - and OSes like Arch will say "You can't use this in California", but if that's the angle they're trying to do, it might work.

Won't somebody think of the children!

Fuck that. If Debian includes that, I'll just rip it out myself.

I think the mods should change the titel and post, this is misleading on purpose.

Lovely aint it?

Can't wait for the big wigs to start sponsoring bills going after whistleblower protection.

They tried the same 'to protect the children' BS excuse to introduce more authoritarian police state surveillance in Europe, it didn't work.

Just ranting

I get that at least some amount of lawmakers may just really and truly want to protect children and jump to creating laws that involve lots of things that they have no real understanding. And blowback that can and will be created by hyper focusing on a micro level (even if they think they are thinking macro) points. But there are far more of them that just want to keep one-upping other lawmakers in being "the most proactive" or "tough on crime" compared to other folks in power because of all the money they get ever election cycle (which never end).

I know why it would be a massive shitshow (the "antichrist" crowd turns every little thing into a "sign"), but kind of wondering when they will just push for laws to put pet style GPS chips in all children at this point. I mean it isn't really much of a jump that they could require phones used by children to be forced to have GPS (and data) be registered to state level tracking (just like all the stuff collected by NSA already). But that wouldn't be enough for the one-upping shit, and GPS chips would be usable if the devices aren't with the children (or ones that don't have devices yet). All extreme levels of shit, but eventually seems like they would be the only levels that could "go further to protect children" at some point.

I really look forward to seeing all the "fuck privacy even if you don't have children" crowd catch literally all possible bad things that their own laws create happen to them personally. We already know that basically all the previous efforts to have kids only versions of things end up just creating massive targets for the very predators to get to the kids. And that automated flags can turn into so much false reporting without any real ways for the flagged accounts to speak with actual people to correct those false reports (YT being a great example even without anything involving children).

The government already slashes funds for things that aren't police/military (things like the already existing social services that are for kids/education/families never have money for even general staffing). And the private contracted (for profit) companies already find ways to make more than the government contracts by making paid tiers and constant ads. So those private entities shouldn't be trusted with data on children in the first place.

This bill, beginning January 1, 2027, would require, among other things related to age verification with respect to software applications, an operating system provider, as defined, to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would require a developer to request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

I'm not sure how this is going to be enforceable. So, in essence:

• The OS should have an accessible API that returns the age bracket of the user, presumably for the purposes of eliminating a lack of compliance on apps using children's data for advertising. That's not necessarily a massive problem, though I don't like the idea of age brackets, I'd prefer it if it's just a "Adult" vs "Child" bracket.

• It doesn't seem to be asking that the age be verified through some external provider, so simply stating the age of the user is enough.

• App developers are expected to always request that information on launch/installation, which is simply not going to work because how would you enforce it for software made before this law came into effect?

• The definition of "covered application store" is way too broad and covers basically anywhere you can download software, including things like public docker hubs or Github, so no that's never going to work out. Apple and Google can maybe include the request for age brackets and provide that information by default as part of the SDK, but legacy software? Good luck getting WinRAR to request that information. You've essentially banned all software made before 2025.

So... The OS-level stuff isn't a huge deal, but the requirements on app developers are way too strict and would be unworkable. If I were to re-write the bill, I'd make it so the age bracket must be available at the OS level, but not required by the app developer to actually use it. I would then add more strict requirements on sites to not use children's data for advertising, with the reasoning being that they could have asked for the age bracket from the OS at any time, and the fact that they didn't even bother means they actually wanted to use children's data.

I didn't see this one coming.

I am very very angry.

If the trump admin kills this piece of shit in public, I will report to the death camps as my civic duty.