- cross-posted to:
- technology@lemmy.world
- privacy@programming.dev
- cross-posted to:
- technology@lemmy.world
- privacy@programming.dev
AB-1043 “Age verification signals: software applications and online services.”
Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.
Edit: altered title from “ID check” to “Age Verification check”
You must log in or # to comment.
Good luck enforcing that on Linux.
That’s probably the point.
I wouldn’t be surprised if Microsoft and Google lobbied for this to prevent open source from encroaching on their terf
Likely yes, though it won’t matter to me. I’ll recompile from suitably modified source code if it comes to that.
They might try to stop Linux from booting at all with locked bootloaders.
That would be the point at which things - expensive, crucial things - would start catching on fire for reasons that has nothing to do with anything I might be doing.
that would basically destroy the internet considering how many servers - including microsofts own sites - run on linux
There’s precedent that source code is protected speech, so maybe Gentoo is about to become a lot more popular.
And who doesn’t enjoy using 90% of their system resources to compile the 10% remainder all the time?
You can use binary versions if you want.
reinstalling OS is fairly easy. I expect utlities to “correct age error”.
The bigger distros will probably do it, especially any that have an organization to fund their development.
That have funding from American organizations, or are an American organization themselves. Possibly even Californian only.
You just know that when a bill is titled “Protect the little children from eternal suffering bill”, it’s gonna contain some real fucked up anti-privacy nonsense in it.
Et tu, California with Democratic majority in both chambers? Fucking disgraceful.
Well, we as a state voted to ban flavored tobacco products when like 10 kids were getting popcorn lung from black market THC oil carts.
And selling tobacco to minors here is highly illegal, as it should be. So I never understood why we banned flavored tobacco, when the kids were getting issues from black market THC carts, which they also shouldn’t have been sold/using.
Not even getting into how the law didn’t stop flavored alcohol, we can still buy bubblegum flavored vodka here.
So even in the 2nd most Democrat leaning state, we still push for the dumbest laws. This was a state wide vote, not something the Senate/Assembly voted on.
I can report here that my fellow cigarette smokers in Illinois are still happy to be puffing their cancer sticks because flavored nicotine vapes are worse, and cause popcorn lung, so I should just keep smoking cigs.
Dumbest laws are pushed because we have the dumbest peoples.
the popcorn lung shit is such old news that people who bring it up have no idea what they are talking about. it was related to a chemical called Diacetyl. The popcorn lung name was from a industrial incident where workers were making popcorn with diacetyl as the flavoring, and there was an accident and they inhaled diacetyl vapors. There was no study done to say the levels in e-liquid cause this “popcorn lung” but e-liquid companies were so scared it would ruin their business that most removed the flavoring from their recipes, and the ones that contained it, had a warning that it had diacetyl, all without the goverment stepping in. vaping gets so much flak from the shit big-tobacco has done in the past decade and its sad where it is now, where people buy disposables and its just a dead market then what it used to be. just to put things into context here in canada. a 60ml bottle of eliquid used to cost 20-30 CAD before the “sin tax”. now, it costs 55-60 CAD for the same bottle. want to bypass the tax and DIY? sorry, nicotine bases to mix only go up to 20mg/ml FOR THE WHOLE BOTTLE meaning that if you want to make your juice, the whole bottle of nicotine base you bought is used for ONE BOTTLE MIX and is subjet to the sin tax. before you could buy a 100mg/ml bottle of nicotine for 40 bucks and it would last your months while you had your flavorings, and PG/VG bases.
Flavored tobacco used to only target minorities so it was OK. There are documentaries about this showing how much more flavored tobacco was advertised in lower socio-economic areas.
Once children started vaping the CA govt stepped in.
If you oppose the ban I have to assume because you don’t know where to get menthol cigs anymore. I live in Oakland and can still find Newports. I quite smoking them over 25 years ago but know more than one place that sells them.
edit - this thread is about age verification. not sure why you think tobacco bans are remotely close.
you oppose the ban I have to assume because you don’t know where to get menthol cigs anymore. I live in Oakland and can still find Newports. I quite smoking them over 25 years ago but know more than one place that sells them.
I don’t smoke period so I don’t mind it. I found the reasoning banning it was stupid, because the boomer voting base didn’t understand the reason for the Prop being drawn up.
this thread is about age verification. not sure why you think tobacco bans are remotely close.
Talking about a dumb law being passed, so I talked about a dumb law being passed. I said that a state of Democrat voters and Democrat Assembly members doesn’t mean they always pass the best/logical bills. Better than if the state was ran by Republicans, but so is every state.
It was a pretty big problem, not just a few kids. That outrage killed the diluent and thickener market for squaline and mineral oils. I learned way more than I ever wanted about how people cut oil based products for looks and consumption. It ended up that basically the entire industry was using products that weren’t new but we’re now being used at the rate of millions of gallons. Honeycut was the big name that was being sold by the 55 gallon drum.
If you vaped during that time, you likely put mineral oil into yours lungs. Black and gray market it’s still a problem, and those cutting agents were making it to the retail market by the time it got better.
The Moral Majority, which championed efforts to get “Explicit Lyrics” labels on records, among oþer censorious legislation, was headed by þe wife of þe Democratic US VP.
Democrats have þeir own issues; þey’re just not as egregious as Republican troubles. We’re still a nation of Puritans and parents who refuse to be accountable for raising þeir own children.
Read the link yall
The bill requires:
- OSes to take user birthday during account creation
- this info is binned into categories (<13, 13-16, 16-18, >18)
- the category info must be made available to basically all software
- software is supposed to use this data to age gate content but is not allowed to send this data to 3rd parties
What this bill does not do:
- Your full birthday is specifically not to be sent to every application
- OSes are not being asked to check your id it doesn’t say the OS should do anything to verify the birthday, just that it should record it
- There isn’t anything to prevent you from entering 1/1/2000 instead of your real birthday
Honestly this doesn’t seem that bad to me. If anything it’s a little pointless. This style of age verification is basically universally already used. I guess you could read this as forcing OSes to have parental controls.
I do think there is a bit of a privacy issue in this information being shared with every program, but they attempt to minimize this using the binning (so ironically it really only hurts the privacy of teenagers since for adults it will just say >18), and this information is supposed to not be shared with 3rd parties (but we all know Facebook and Google are going to do whatever they can this info, pushing the limits of that part of the law, or just waiting to be sued and paying the fine when it happens).
I honestly think most Linux distros will just implement it.
We use 1/1/1970, the Unix epoch.
Wild! I am exactly the same age as the Unix Epoch.
How cool! :)
How surprising that’s my birthday too!
As a parent, I reckon a voluntary system like this (if I understand correctly) could be very handy. I could create a child account and automatically get age gated content for it.
And when said child is smart enough to circumvent the system, then they deserve whatever content they manage to get their hands on. I’d be so proud.
But I’m sure capitalism would find a way to abuse and misuse the system for gains.
It’s still pretty bad and senseless. We all know how antis, nazis and conservationists are: you given them an inch, they’ll try to bite your entire arm off, not to mention leaving an infection behind.
Honestly this doesn’t seem that bad to me
A state governor doesn’t get to decide what kind of data libre software must or must not collect.
A state governor doesn’t get to decide
Correct, it takes a whole process and a bunch of politicians to write a law like this.
No and if you dont see the problem, get a fucking mirror.
deleted by creator
I apologize for this being posted about 2 weeks after the bill was signed, was going through my usual methods of checking news and new laws and found this.
Now terminals will read: “GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law, and contains code known by the State of California to cause cancer or other reproductive harm.” /j
i once compiled C code and now have finger cancer
He can go fuck himself. “Dems are the good guys!!!” Fuck off. This isnt about protecting kids. Its about tracking, profiling and data collection. No doubt to sell to 3rd parties. Fuck all these cunts who push this shit.
There’s no fighting 21st century fascism without breaking this law.
This is so much more effectively evil than ehat the trump admin has been doing holy shit.
This might genuinely be world leading evil.
Evil has won and has pulled up the ladder behind it to make sure no one can challenge it.
*to make sure nobody can challenge it without illegally building or stealing a ladder.
Fuck that stupid bullshit.
Please update your title to remove the misinformation about the bill, specifically calling it “OS-level ID verification” is not even close. It’s not got anything to do with personally identifying information or any actual verification of age information.
It’s actually an incredibly privacy conscious method of doing what it is trying to do, which is to allow parents to set up a child’s account with their age information on a device and have that age bracket information passed to websites and applications. That way, it makes it harder for a child to bypass age-restrictions, but without requiring dangerous age verification methods such as ID or face scans.
If you want parental controls, you can have them.
If you want parental controls with root, you can have those too.
They exist currently.
Bullshit. This is not a voluntary thing that parents can choose to do or not: it is an enforced, mandatory requirement that is foisted upon literally all programs, regardless of user choice or whether it makes any sense at all to do so. Oh, and there’s a penalty of TWO HOUSAND FIVE HUNDRED DOLLARS for EACH VIOLATION for EACH CHILD.
Download a foreign video app on your smart TV that doesn’t comply? Congrats, the pigs will fine a three-child family $7500 for the crime of watching manga.
You live in the US. You know that this will be unequally applied to the poor and minorities. You know that this will be used as an excuse to search people’s devices at massive scale. You know that companies will simply shrug and use face ID anyway, because they already have to do it for other locales, so why not just reuse the same process? You know that this is a foot in the door for the facists and capitalists. You know all this, so stop running interference for them.
The law has no way to go after parents, unless there’s already some law on the books that does so and the penalties defined in this one somehow apply to that.
The penalties defined in this law are for OS providers not having a way to set age data within an account on a device or for not sending the age signal when requested and for developers ignoring the age signal or not requesting it.
I have edited the title to include “age verification checks” from “ID check”.
It’s better but the only place the word verification, or anything like it, actually appears in the text is in the title and in the introduction. It doesn’t have any verification in it, just passing whatever you tell your device to other systems it interacts with.
I wish the politicians were honest about what it does. Accepting this makes it seem like we’re ok with verification because that’s what’s in the title, but it’s possible to be both supportive of requiring some type of standard parental control system and be against any sort of age verification.
Think about how much it must take for parents to set up age controls on every single individual app and service their kids use. Having the ability to set up an account for your child on their phone or laptop and know that appropriate controls for that age range will be automatically applied will make it so many more parents will do so than they do now.
This is a good thing because we don’t want what they’ve got in the UK, which is requiring this patchwork of age verification from websites and apps to avoid liability. We want it to be the responsibility of parents, so that we as adults can once again browse freely and no longer be asked to input our birthday to “verify” we are old enough to see a list of beers the local brewery has on tap.
Take it from a Brit… It’s not about the children. It’s never about the children.
One of the architects of Project 2025 confessed on secret camera that the purpose of age verification laws is a de facto porn ban.
I’m sorry but you’re using that term wrong. You mean a de jure porn ban.
A de facto porn ban would mean that you actually couldn’t get any. And that’s just ridiculous.
Like drugs are illegal de jure, but de facto getting weed pretty much anywhere in the world is not a challenge. Usually even easier than getting alcohol as an underage person. Not that I have experience of that in the past few decades (being underage that is).
I mean I guess it’s “de facto” in sofar that it’s not exactly presciptively de jure illegal when it’s done like that. So in that sense you are right to use it like that, but eh. I disagree with who I was when I started writing this. No matter we’re on lemmy.
Maybe for them. But for governments in general the point is that age verification is ID verification and it means everything you do online or on any electronic device can be surveilled and tied to your real identity. And that makes political dissent a lot harder to organize without being shut down.
This is probably the most dystopian child safety bill so far.
Most dystopian “child safety” bill. Let’s not legitimize the claim that these laws are made to protect children while having privacy-invading side effects - they are privacy-invading laws disguised as child protection, while failing to have any real impact on children’s online safety and wellbeing
I’m not sure anything this repressive is implemented anywhere in the world.
Edit: wait this is the other half of the thing everywhere else is doing that would make this nightmare shit.
The only thing that I can think of is how China regulates it’s online gaming.
What is China’s Age Verification System?
China’s Age Verification System or 游戏适龄提示 in Chinese, is a government-mandated infrastructure that restricts minors’ access to online games and digital platforms. In China, all users must undergo “Real Name Verification” (实名认证) before accessing gaming services, enabling platforms to enforce age-appropriate restrictions automatically.
The system is overseen by the National Press and Publication Administration (NPPA) and integrates with national databases to verify user identities in real-time.
https://appinchina.co/blog/the-complete-guide-to-chinas-age-verification-system/
The move to do this was largely in part thanks to complaints of parents in regards to their kids’ habits with gacha games. For anyone interested, what I posted was a small excerpt from the link, there’s a lot more info on it there.
Is it in the OS?seems like just games.
It is similar, not the same. Some other key differences to consider are that while the US one is at the OS level, it’s just asking you to provide an age that isn’t linked to your ID or anything. It’s just like when a website asks your age, you can absolutely lie about it. But now it’s being done on the OS account, not the website.
Whereas, yeah, it is just for games in China, but it is absolutely being run against the person’s ID in a national database. Some games even require facial recognition. So it’s on a whole other level of verification and tracking.
The us is also openly capitalist with no other pretentions or pressures, and currently in the grip of a fascist regime.
I mean, sure? But that’s rather broad and does not really pertain to the topic at hand which is potentially (or outright) privacy-breaking legislature enacted and enforced on technology in the name of protecting childeren.
Its the difference between fucking around with a gun in the hospital parking lot with your two EMT lovers who are trying to get you to stop, and fucking around with a gun in the deep arctic with two hardened killers who want you dead.
while the US one is at the OS level, it’s just asking you to provide an age that isn’t linked to your ID or anything.
It’s Age Verification, which will almost certainly mean either ID scanning or facial scanning via the device camera. Or alternatively card transaction verification - the OG method baked into all these laws is the one that pays MasterCard and VISA. ID and facial recognition are cheaper services because the business providing the scan service can make more money off the ID or face they scan.
“Almost certainly,” is just you assuring it is so. Nothing in the legislation itself demands that.
(b) If an application last updated with updates on or after January 1, 2026, was downloaded to a device before January 1, 2027, and the developer has not requested a signal with respect to the user of the device on which the application was downloaded, the developer shall request a signal from a covered application store with respect to that user before July 1, 2027.
(f) “Developer” means a person that owns, maintains, or controls an application.
1798.503. (a) A person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation
So a developer of a FOSS application that gets installed on a device on California via a 3rd party app store (maybe F-droid) must have implemented a query to the OS for this data. Even if the app does not actually provide any inappropriate content or actually any content.
Nor does it matter if he is involved in the distribution of the app to California, a FOSS app redistributed via a 3rd party (F-droid maybe) would make the developer subject to this.
As a developer who can’t control who distributes their software, I would simply change my license to exclude residents of California until this blows over, just to avoid the fine.
According to (f), the user is officially the developer of a FOSS application:
- The user is the owner of the binary. (Although with copyright restrictions)
- The user often maintains the application by installing updates. (In FOSS applications updates are rarely forced)
- The user controls the application, as FOSS gives users control.
In some cases (such as the Arch User Repository or the Gentoo distribution), the developer does not even give the user an application but merely source code. The user creates the application.
AUR works with binaries too, it creates an arch compatible package but that can be from source or massaging an existing package designed for a different distro (like .deb).
Thanks. I didn’t know that.
There is no mention of binaries in either f or c. Possession of binaries does not constitute ownership of an application, ownership of software means holding the copyrights.
But even if we abuse this definition we simply make whoever installs the application liable. In a lot of cases that would be a parent. It could also be the user since the law doesn’t state they can’t be the same person.
So then also copyleft is exempt?
Copyleft is not a legal term. It’s a term for (foss) licenses that require users to keep the same terms when redistributing software. Such licenses do not actually transfer copyright. I fail to see how this would exempt foss developers.
The word ‘application’ means the binary. The source code is not the application.
That’s your opinion. It’s wrong. There even are applications that do not have binaries at all. There is no reason to believe the legislators would not want them covered by this law, it certainly does not say so.
It also does not make a difference, owner of the copyright of a binary is the owner of the copyright of the source code. Compiling does not remove the copyright of the source code author as the binary is clearly derived from the source code. The person who compiles the source code does not even get any copyright since it’s not a creative process.
You are not helping FOSS by trying to portray the law as FOSS friendly when it isn’t. Unfortunately the law rarely is FOSS friendly if not due to hostility due to indifference/ignorance on the part of the legislators.
That’s your opinion. It’s wrong.
Only facts can be right or wrong.
Anyway, I know there are applications that don’t have binaries, but most do. I am not a lawyer, but if I’m not mistaken, source code is under U.S. law protected by the first amendment while binaries are not.
Also, it doesn’t matter who owns the copyright. The laws specifies “a person that owns, maintains, or controls an application”.
I am not saying that the law is FOSS friendly. I am saying that the law does not cover all FOSS software despite it being the clear intend of the lawmakers to cover all software. In such cases it will have to be decided by courts (I believe courts still have this function for state laws), whether it also applies to FOSS software.
What I am saying is that the lawmakers clearly do not understand the topic they are trying to regulate.
Only facts can be right or wrong.
Opinions (such as that the Earth is flat) can obviously be wrong. Facts cannot. Look up the definition of fact.
Anyway, I know there are applications that don’t have binaries, but most do. I am not a lawyer, but if I’m not mistaken, source code is under U.S. law protected by the first amendment while binaries are not.
You admit applications are not necessarily binary, the law does not mention binary or source code or anything like that where it defines applications. You are just grasping at straws to justify an indefensible position, that whoever possesses a binary is it’s owner.
Which is obviously untrue. Ownership of software means ownership of it’s copyright. It’s been made very clear in the last decades that you (legally) don’t even own software that you pay for. You own a license to use the software.
You cannot argue, in good faith at least, that this is what is intended by the law. First it would be spelled out and secondly it would mean that for all applications, not just FOSS ones, the people paying the fines would be the users, $2500 for each app they install that’s in violation. Which is obviously not what’s intended.
I am not saying that the law is FOSS friendly. I am saying that the law does not cover all FOSS software despite it being the clear intend of the lawmakers to cover all software. In such cases it will have to be decided by courts (I believe courts still have this function for state laws), whether it also applies to FOSS software.
Unfortunately it does since it does not discriminate. If anybody that can be effectively prosecuted (i.e. US/California resident) takes your advice and takes it to court, he is getting fucked.
What I am saying is that the lawmakers clearly do not understand the topic they are trying to regulate.
No shit. That does not mean FOSS software is not affected. You also do not understand the topic or choose to not understand it because it’s spells trouble for FOSS. But pretending everything is ok does not make it so. FOSS projects either need to implement it or make sure they isolate themselves from US/California jurisdiction.
Opinions (such as that the Earth is flat) can obviously be wrong. I thought I knew English, but apparently not. (I’m not a native speaker.) I always assumed that “opinion” meant the same as judgement (which is what I learned at school), but I just looked opinion up in the dictionary, and it can also mean belief or or view.
It’s been made very clear in the last decades that you (legally) don’t even own software that you pay for. You own a license to use the software. This is untrue. Legally speaking you “own” the software, but what you can do with the software is limited by both the copyright and the license. Often this license will say that the creator still owns the software, so by accepting the license, you no longer own the software. Today you often have to accept the license before you even download the software. So you are correct that the user doesn’t own the software, but that’s not the default. For example, FOSS licenses do not specify that the creator continues to own the software, therefore ownership is given to the user.
for all applications, not just FOSS ones, the people paying the fines would be the users, $2500 Nope. Since most licenses say that the developer is the owner, the fine would go to the developer. Also, the law says that the fine can go to the “maintainer” which, again, is the developer.
takes your advice I wasn’t giving advice. I’m saying that the decision is up to the court. But if you want legal advice (disclaimer: I am not a lawyer): Do not do anything of which the legality still has to be decided by a court.
That does not mean FOSS software is not affected I never said that. I said that FOSS software is affected differently if you take the law by the letter (which the courts don’t have to do).
So a developer of a FOSS application that gets installed on a device on California
would make the developer subject to this.
And they’re going to do what exactly to a developer that doesn’t live in California? I won’t add any kind of age verification to my bioinformatics projects and I’ll keep issuing releases. Are they going to nuke Brazil? Block GitHub in California?
Since it’s a civil case I doubt they could enforce payment on people outside the US. I am not sure if they can collect from people in the rest of the US but they probably can.
I suppose not complying with a court order could result in criminal charges. Brazil will not extradite you but you will not be able to visit the US.
you will not be able to visit the US.
That’s fantastic news, so I win and keep winning in that case. Great, no age verification on my software.
Mandatory os-level
Cute attempt, but libre software - as always - remains superior and impossible to control. That’s by design. Write any law you want, I can modify whatever line of code implements this stupid check, remove it, and move on.
You mean the libre software that is all primarily stored on AWS, Azure, or Google infrastructure, especially github?
Linux is the giant it is using email as the primary infrastructure for development. We will be fine.
Can’t we just fork it over to something like Codeberg eventually? I know it’s a lot to move over, but with time and patience, it seems achievable.
Gavin is as slimey as his hair.
Coincidentally, my birthday is 1900, January 1st.
1970, Jan 1st is better for this situation
Why do I need to show my ID to install Gentoo?
Because how can Persona (and the government) know who is using Gentoo without an ID requirement? What is someone doesn’t use javascript when browsing the internet?
Easy, their next target will be business and browser.
I’d like to see them try. Is it during installation or download?
Oops, forgot to compile that module. Oh well.
