There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place." There are just too many examples. For instance:

- Microstamping requirements for guns—printing a unique barcode on every bullet casing (Glock gen3 cannot be retired, thus, the auto-mode switch bug cannot be patched...)

- 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems

- Now, you need to verify your age... on your microwave?

At this rate, California should just go back to the Stone Age. Modern technology is simply not compatible with clueless politicians who are more eager to virtue-signal than to solve any actual problems or even borther to study the subject about the law they are going to pass. There will be more and more technology restrictions (or outright bans on use) in California because it's becoming impossible to operate anything here without getting sued or running afoul of some overreaching regulation.

• SllX

  today at 9:28 PM

  The incentives are all wrong. You can serve up to 6 two-year terms in the Assembly or up to 3 four-year terms in the Senate, but regardless of which combination you do, nobody in the California legislature can serve more than 12 years combined across both Houses of the legislature.

  So we don’t have professional legislatures with long-term electability incentives or leadership goals, we have a resumé-building exercise that we call the legislature. They’re all interchangeable and within 12 years, 100% of it will be changed out.

  • roenxi

    today at 9:58 PM

    > So we don’t have professional legislatures with long-term electability incentives or leadership goals

    Raises an interesting question of who is less popular, the Californian government or the US Senate. The experiments with long-term professional legislatures have generally not been very promising - rather than statesmen it tends to be people with a certain limpet-like staying power and a limpet-like ability to learn from their mistakes. In almost all cases people's political solution is just "well we didn't try my idea hard enough" and increasing their tenure in office doesn't really help the overall situation.

    • SllX

      today at 10:26 PM

      Bold of you to assume any aspect of the California State legislature is visible enough to be more or less popular. People at least pay attention to what the US Senate does, and you know that no matter how the next election goes, the US Senate as one body is unlikely to go very far off the deep end in one direction or the other.

  • zdragnar

    today at 9:48 PM

    And yet, term limits are something many people want in the hopes that it will solve some of the problems in Washington DC.

    There, the professional legislators can't get anything right either.

    Do you think there's a middle ground of increasing the term limits to, say, 18 or 20 years?

    • pwthornton

      today at 10:09 PM

      Term limits are anti-democratic, and it's just a way for voters to not take responsibility for their voting.

      A much more real issue is actually age limits. If someone starts in the Senate at 40 and serves for 24 years, term limits hardly seem to be the big issue. They are retiring at a normal time, and they should still be functioning at a high level.

      Conversely, someone who gets elected at 70 and then gets term-limited at 82 is still over a normal, reasonable retirement age. The typical 82 is not in the physical or mental condition to be taking on such an important, high-stakes role.

      Both of my parents are in their mid-70s and are in very good mental health for their age. They are very lucid, and my Dad still works part-time as a lawyer. They are also clearly not at the same intellectual powers they were a decade or two ago. Some of it can even just come down to energy levels. I have to imagine being a good legislator requires high energy levels.

      Many public companies have age limits for board members, and they even have traditional retirement ages for CEOs. In the corporate world where results matter, there is a recognition that a high-stress, high-workload, high-cognitiative ability job is not something that someone should be doing well past their prime.

      Al Gore had to leave the Apple board because he turned 75. In the U.S. Senate, there are 16 people 75 and older.

    • rocqua

      today at 9:57 PM

      Age limits might be an alternative. Say at 65 or 70.

      That's at an age where wizened legislators can move into advisory roles, instead of needing to find a next career.

    • SllX

      today at 10:28 PM

      > And yet, term limits are something many people want in the hopes that it will solve some of the problems in Washington DC.

      Plenty of shitty ideas are popular based on a hope and a prayer. That’s why you don’t give in to populism. If we’re to impose any kind of limits on Congress, it has to be more intelligent than term limits.

• SunshineTheCat

  today at 10:16 PM

  > they pass laws to regulate things they have zero clue about

  While you are correct with this statement in this context, I would say it applies to most things in government in general.

  The vast majority of lawmakers have zero experience solving any real world problems and are content spending everyone else's money to play pretend at doing so.

  The reality is, most government "solutions" cause more problems than they solve, after which, they blame their predecessors for all the problems they caused and the cycle continues.

  • Hammershaft

    today at 10:22 PM

    It's true, and yet there are real market failures that even a very ineffective government can improve on dramatically, like innovation & research output via basic science.

• AceJohnny2

  today at 8:53 PM

  > There's an obvious theme with lawmakers in California

  You can remove the in California

  • shitlord

    today at 10:17 PM

    Policies enacted elsewhere usually don't have the Brussels Effect.

  • dontblokmebro70

    today at 9:32 PM

    [dead]

  • needastiffone70

    today at 9:38 PM

    [dead]

  • almosthere

    today at 9:28 PM

    Young people generalize everything and end up not solving problems.

    Older people have already seen all the patterns, and realize you have to focus on specifics, and that helps clean up the general issue.

    • roenxi

      today at 10:03 PM

      The old people's tolerance for general problems is why the general problems persist.

      A realistic dynamic is the old people are comfortable with the general problems and have positioned themselves to benefit from them. Indeed, they solved the general problems that troubled them in their youth with political activism in their middle age. The young people have different political needs that require general problems to be solved.

      Also young people have a terrible track record of actually identifying problems, they are pretty clueless in the main.

  • _blackhawk_

    today at 9:15 PM

    this

  • SllX

    today at 9:23 PM

    Yeah but let’s not and say we didn’t.

    • avtar

      today at 10:01 PM

      I guess let’s say we also add Colorado to the growing list

      https://leg.colorado.gov/bills/SB26-051

    • needastiffone70

      today at 9:42 PM

      [dead]

• 9x39

  today at 8:39 PM

  I’m more curious in the genesis of these laws, whether their sponsors received written suggestions or ghostwritten bills, etc. as a form of parallel construction.

  It seems all at once, everywhere that many groups that have a vested interest in forcing precedent and compliance of non-anonymous access across the computer world. It smacks of something less-than-organic.

  • tzs

    today at 9:25 PM

    This law doesn't do anything that prevents non-anonymous access. Here's how you would access things anonymously if you bought a new computer that implemented this.

    1. When you set up your account and it asks for your birthdate, make up any date you want that is at least far enough in the past to indicate an age older that what any site you might use that checks age requires.

    2. Access things the way you've always done. All that has changed is that things that care about age checks find out you claim to be old enough.

    The only people it actually materially affects on your new computer are people who cannot set up their own accounts, such as children if you have set up permissions so they have to get you to make their accounts.

    Then if you want you can enter a birthdate that gives an age that says non-adult, so sites that check age will block them.

    From a privacy and anonymity perspective this is essentially equivalent to sites that ask "Are you 18+?" and let you in if you click "yes" and block you if you click "no". It is just doing the asking locally and caching the result.

    • ohhnoodont

      today at 10:21 PM

      I agree. I feel the flow of having browsers send some flag to sites is the most privacy-preserving approach to this whole topic. The system owner creates a “child” account that has the flag set by the OS and prevents the execution of unsanctioned software.

      This puts the responsibility back on parents to do the bare minimum required in moderating their child’s activities.

  • carefulfungi

    today at 9:54 PM

    I was curious about your question and googled. Here's the legislative history of the law: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm....

    Reading the first analysis PDF:

    > This bill, sponsored by the International Centre for Missing and Exploited Children and Children Now, seeks to require device and operating systems manufacturers to develop an age assurance signal that will be sent to application developers informing them of the age-bracket of the user who is downloading their application or entering their website. Depending on the age range of the user, a parent or guardian will have to consent prior to the user being allowed access to the platform. The bill presents a potentially elegant solution to a vexing problem underpinning many efforts to protect children online. However, there are several details to be worked out on the bill to ensure technical feasibility and that it strikes the appropriate balance between parental control and the autonomy of children, particularly older teens. The bill is supported by several parents’ organizations, including Parents for School Options, Protect our Kids, and Parents Support for Online Learning. In addition, the TransLatin Coalition and The Source LGBT+ Center are in support. The bill is opposed by Oakland Privacy, TechNet, and Chamber of Progress.

  • almosthere

    today at 8:50 PM

    Death threats mainly. Personally I think it would be easier if they just made it so that platforms ran a tiny LLM against the content that will be posted - determined if it is a death threat, then require them to be identified before it's posted, then it would solve a lot of these problems.

    TLDR: Evil people be doxxed internally not everyone.

    • numpad0

      today at 9:50 PM

      That turns jokes into contracts that nobody wants. Bad idea.

    • bigfishrunning

      today at 9:15 PM

      a "tiny large language model"? lol

      • almosthere

        today at 9:23 PM

        Yeah, a small one that is cheaper because they'll be processing billions of messages per year.

        • lazide

          today at 9:50 PM

          Good thing all the kind people doing death threats won’t just bypass it?

• idle_zealot

  today at 10:21 PM

  What I'm reading of this law is that it requires OS developers to require users select their age (really their age bracket) when making a user account, and an interface for applications/websites to read that user-provided field. I.e. not age verification, but just a standard way to identify if a user is on a child account. If that understanding is correct, how is this bad at all? It's a way to put to rest people's concerns and pearl-clutching over children accessing adult content without every individual app and service provider contracting with Palantir to scan you and guess your age. Instead they can just read the IsAdult header and call it a day. What's the cost to user-freedom? You have to be presented a Date of Birth field or I Am an Adult / Teen / Child selector when setting up a device... a thing that every operating system impacted by this law already does.

  • bawolff

    today at 10:24 PM

    All the better to do targeted advertisments and underdeveloped minds!

• wtallis

  today at 8:51 PM

  > Now, you need to verify your age... on your microwave?

  Anyone buying or selling a microwave with an app store deserves this mess.

  • mikestew

    today at 9:15 PM

    Downvoter (and GP) didn't RTFA. This is addressed in the parts of the law TFA quotes.

• randomNumber7

  today at 9:12 PM

  Technology is currently worring for a lot of people so the moronic response is to simply reject it.

• burnt-resistor

  today at 8:35 PM

  Not just 3D printers but all subtractive CNC machines too.

  • lazide

    today at 9:52 PM

    Frankly, look at how hard it was to make a sten. Even just a lathe and a welder is likely sufficient.

• johnea

  today at 8:46 PM

  I'm, again, glad to run linux. The distro I run has no affiliated online "account" at all, and I would expect this exempts it from the requirement.

  I'm no democrat, although I'm sure as hell no republican, and as a resident of the state, I'm also a routine critic of the California state government.

  I agree that a lot of their activities are indeed, performance art in nature.

  However I do agree with the identification requirements on guns and ammo.

  You can't shoot someone with a computer, no matter what OS you run.

  The idea that lethal weaponry is the same as any other consumer product is just not accurate.

  • ChrisMarshallNY

    today at 10:32 PM

    > You can't shoot someone with a computer, no matter what OS you run.

    No, you can just target-lock them. The computer database (and now, LLM) is probably the biggest threat to freedom in existence. You can keep your popgun. They'll know where it is, and come with bigger ones.

    China be doing some pretty heavy-duty damage with computers, but age-gates won't stop them.

  • SoftTalker

    today at 9:04 PM

    Political office in general attracts the sort of people who like the "performance art" parts of it. It doesn't attract the sorts of people who like "getting things done" because the political process by design moves at a snail's pace, and if you actually solved problems you would remove issues run on in the next campaign.

  • jeffbee

    today at 9:58 PM

    This doesn't have anything to do with democrats and republicans, considering that this bill passed unanimously through every committee and both chambers.

  • anonym29

    today at 9:07 PM

    It's about as easy to restrict the proliferation of firearms and ammunition as it is to restrict the proliferation of open source software. Anyone can make functional firearms out of supplies from any hardware store, this is true regardless of how many laws you pass. Look at the weapon that was used to assassinate Shinzo Abe. That was manufactured and used in a country with gun control laws that basically make California's gun control look indistinguishable from Texas. No number of laws have ever or will ever stop criminals with a rudimentary grasp of basic physics and basic chemistry.

    You can't put the genie of firearms back in the bottle any more than Hollywood can put the genie of p2p file sharing back in the bottle. Trying to do so is like trying to unscramble eggs. It doesn't matter how valid your desires or justifications for attempting to so are, it's an act of banging your own head against the cold, hard wall of reality.

    • collingreen

      today at 9:32 PM

      It's a logical mistake to say that because an extremely motivated person can still cause harm somehow that implies no regulation or policy can have any positive impact anywhere.

      I don't have a stance here on what "the right" policies around gun control are but it is clearly a much wider field than just a preplanned assassination with diy parts.

      A non-exhaustive list of a few very different scenarios that are all involved with anything touching or rejecting gun control:

      - highly motivated, DIY-in-the-basement assassination plots like you mentioned - hunting for food - hunting for fun - wilderness safety - organized crime and gang related violence - mass shootings at things like concerts, sporting events, colleges. Sub point of mass shootings at schools where the law requires children to be. - gun violence involved with suddenly escalating impromptu violence like road rage and street/bar fights - systematic intimidation / domestic terrorism of particular groups or areas - gun related suicides

      All of these are very very different. None of them have perfect answers but that doesn't make thinking about it "an act of banging your own head against the cold, hard wall of reality" nor does it make anyone interested in working on some of these problems naive or stupid like you imply.

      If you're being earnest or maybe jaded, I'd say dont give up hope and don't let perfect be the enemy of good.

      If you're just being a dick then so be it, maybe someone else gets something out of this comment.

      • tzs

        today at 10:20 PM

        > It's a logical mistake to say that because an extremely motivated person can still cause harm somehow that implies no regulation or policy can have any positive impact anywhere

        That kind of mistake is common here, but I don't think it is due to a failure of logic. I think it is something deeper.

        I've noticed that people who have worked deeply and/or a long time as developers tend to lose the ability to see things as a continuum. They see them as quantized, often as binary.

        That's also why there are so many slippery slope arguments made around here that go from even the most mild initial step almost immediately to a dystopian hellscape.

        This is prevalent enough that it arguably should be considered an occupational hazard for developers and the resultant damage to non-binary thinking ability considered to be a work related mental disability with treatment for it covered by workers compensation.

        A way to protect against developing this condition is to early in your career seriously study something where you have to do a lot of non-binary thinking and there are often aren't any fully right answers.

        A good start would be make part of the degree requirement for a bachelor's degree in computer science (and maybe any hard science or engineering) in common law countries a semester of contract law and a semester of torts. Teach these exactly like those same courses are taught in first year law school. Both contracts and torts are full of things that require flexible, non-binary, thinking.

    • today at 9:46 PM

• johnbarron

  today at 9:13 PM

  [dead]

Richard Stallman's "Right to Read" is disturbingly prescient, as usual.

• boxedemp

  today at 10:08 PM

  As time goes on RMS is only proven more and more correct

  • cess11

    today at 10:24 PM

    About some things.

> [..] requires an account holder to _indicate_ [..]

i.e. this doesn't require age verification at all

just a user profile age property

> [..] interface that identifies, at a minimum, which of the following _categories_ pertains to the user [..]

so you have to give apps and similar a 13+,16+,18+,21+ hint (for US)

if combined with parent controls and reasonably implemented this can archive pretty much anything you need "causal" age verification for

- without any identification of the person, its just an age setting and parent controls do allow parents to make sure it's correct

- without face scans or similar AI

- without device attestation/non open operating systems/hardware

like any such things, it should have some added constraints (e.g. "for products sold with preinstalled operating system", "personal OS only" etc.)

but this gets surprisingly close to allowing "good enough privacy respecting" age verification

the main risk I see is that

- I might have missed some bad parts parts

- companies like MS, Google, Apple have interest in pushing malicious "industry" standards which are over-enginered, involve stuff like device attestation and IRL-persona identification to create an artificial moat/lock out of any "open/cost free" OS competition (i.e. Linux Desktop, people installing their own OS etc.).

---

"causal" age verification == for games, porn etc. not for opening a bank account, taking a loan etc. But all of that need full IRL person identification anyway so we can ignore it's use case for any child protection age verification law

----

it's still not perfect, by asking every day daily used software can find the birthdate. But vendors could take additional steps to reduce this risk in various ways, through never perfect. But nothing is perfekt.

---

Enforcement is also easy:

Any company _selling_ in California has to comply, any other case is a niche product and for now doesn't matter anyway in the large picture.

• timhh

  today at 10:13 PM

  > i.e. this doesn't require age verification at all, just a user profile age property

  This is usually how they do it though. First make a dumb law with poor enforcement. People don't push back about it because it obviously won't be enforced. Wait a bit, then say "people are flagrantly violating this law, we need better enforcement". At that point it's a lot harder to say "it shouldn't be a law at all!" because nobody complained when it was brought into law.

Ignoring all the tedious 'no, you're a bad person for having different priorities and beliefs to me' comments that this will inevitably inspire, I have to ask: why does the operating system need to be involved in this? The intended target of the regulation seems to be app stores.

Someone has fallen victim to Politician's Logic: https://www.youtube.com/watch?v=vidzkYnaf6Y

• Sophira

  today at 10:15 PM

  I think the answer is quite simply: Follow the money. General-purpose computing is scary to big, soulless corporations. They want you to rely on them, not to be able to do stuff yourself. (They want to keep that power for themselves.)

  Age verification is the quickest road to ending general-purpose computing, because it plays on people's knee-jerk emotions. It won't do it by itself, but it'll goes a long way towards it.

• packetlost

  today at 9:36 PM

  Because it's the lowest common denominator between the user and every online interaction. The bill basically says provide a date-of-birth as metadata to accounts and provide an API to query the age bracket, not even the age, of the user to applications. It's a privacy-aware, mostly reasonable approach that shifts responsibility to the owner/administrator of a device to enforce it. It's basically just mandating parental controls.

  • zeta0134

    today at 9:47 PM

    I'm trying to understand how this is even a bad thing. Where is the privacy invading verification? Surely a given OS can implement the API response however it wants? If you're root, tell me your age. If you're not, (a child account), the admin (their parent) sets the age. Seems fine?

    • Veserv

      today at 10:00 PM

      Even ignoring everything else, at a minimum it is backwards.

      There is no reason to tell the application, and by extension their developers, how old the user is. The application should tell the user what bracket it is appropriate for and then the operating system could filter appropriately without any of the user’s identifying information leaving their system.

      This is also technically superior because it moves the logic for filtering out of being custom implemented by each and every single application to a central common user-controlled location; you do not have to rely on every application developer doing it right simultaneously.

      • packetlost

        today at 10:30 PM

        It's a lot easier to add an API that's opt-in for an application that needs it. What's the appropriate way an OS should handle an application that doesn't declare this new property? Fail open? Fail closed? It would quickly turn into a mess. IMO it's better to do it this way because the applications that need it (browsers, chat clients, etc.) will use it to provide legal shielding. This isn't a technical problem they're trying to solve, it's a legal liability one. I generally like this approach, but I think there's no reason to mandate that an application use the API, just mandate that if they do they are considered to have real knowledge of the age range of the user in question. If you provide the API, the incentive to use it is already there for the applications it's needed for the most.

    • Muromec

      today at 9:55 PM

      Well, it's not a bad thing. And if you can root your own computer, that's adult enough

• davorak

  today at 6:14 PM

  > why does the operating system need to be involved in this?

  The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.

  Let say the the age questions happen when you install the app store. That means if you can install the app store while logged in as the child account the child can answer whatever they want and get access to apps out side of their age range. The law could require the app to be installable and configurable from a different account then given access or installed on the child account, however at a glance that seem a larger hurdle than an os/account level parental control features.

  The headline calls this age verification, but the quote in the article "(2) Provide a developer who...years of age." Make it sound way different and much more reasonable than what discord is doing.

  I would much rather have OSs be mandated with parental control features than what discord is currently doing. I am going to read the bill later but here is how discord age verification could work under this law.

  During account creation discord access a browser level api and verifies it server side. discord no knows if the OS account is label as for someone under 13 years, over 13 and under 16, over 16 and under 18, or over 18. Then sets their discord account with the appropriate access.

  No face scan, no third party, and no government ID required.

  • beej71

    today at 6:45 PM

    > The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.

    That sounds like an OS feature that parents would like to have. Probably has some market value. Maybe just let the market figure that one out.

    Or, we could have an overbroad law passed that torpedoes every open-source OS in existence. If I were MS, Google, or Apple, that'd be a great side benefit of this law. Heck, they probably already have this functionality in place.

    The problem here is legally-mandated age verification, not where it is placed (although forcing it into all OSes is absolutely ...). The gains are minimal for children and the losses are gigantic for children and adults. I'm not keen to have children avoid blisters by cutting off their feet.

    Put control back with the parents. Let them buy tech that restricts their children's access. This law doesn't protect children from the mountains of damaging content online.

    And let all the adults run Linux if they want to without requiring Torvalds to put some kind of age question in the kernel and needing `ls` to check it every single run.

    • davorak

      today at 7:17 PM

      > That sounds like an OS feature that parents would like to have. Probably has some market value. Maybe just let the market figure that one out.

      If there was a competitive market for OSs this probably would work, but we do not really have that. Getting the market to be competitive likely either takes considerable time, or other forms of government intervention. If there really was a competitive market then this would have been a solved problem ~15-20 years ago since parents have been complaining about this for ~25-30 years at this point.

      > Or, we could have an overbroad law passed that torpedoes every open-source OS in existence. If I were MS, Google, or Apple, that'd be a great side benefit of this law. Heck, they probably already have this functionality in place.

      I do not think the law does that. Either a additional feature making age/birth date entry and age bracket query available, or indicated the os is not intended for use in California, both seem to let developers continue along like normal. edit Or, I think, indicate that it is not for use by children.

      > The problem here is legally-mandated age verification, not where it is placed (although forcing it into all OSes is absolutely ...). The gains are minimal for children and the losses are gigantic for children and adults. I'm not keen to have children avoid blisters by cutting off their feet.

      In this case the mandate is entering an age/birth date at account creation where you can lie about said age/birth date. The benefit is the ability of an adult to set up parental controls for a child account.

      > Put control back with the parents. Let them buy tech that restricts their children's access. This law doesn't protect children from the mountains of damaging content online.

      This puts control in the parents hands. When they set up their child's account they can put in their child's age, or not, they can make it an adult account.

      > And let all the adults run Linux if they want to without requiring Torvalds to put some kind of age question in the kernel and needing `ls` to check it every single run.

      So from the literal reading of the law the age checks are only required when "a child that is the primary user of the device". It does not need to effect accounts where the primary user is not a child. Nor does it seem like any application needs to run the check every time the application is launched.

      The law unfortunately does require:

      > (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

      So in the case where a child is the primary account/device user. The app needs to request the signal at least once when first launched, though it is not required to do anything with it. Delegating that to the package manager would make sense, but this part of the law should be modified, apps that can not use the signal for anything should not be required to request it, 'ls' for example.

  • why_at

    today at 9:35 PM

    I agree. The headline says "all operating systems, including Linux, need to have some form of age verification at account setup", which is pretty inaccurate.

    It's just asking for some OS feature to report age. There's no verification during account setup. The app store or whatever will be doing verification by asking the OS. Still dumb to write this into law, but maybe not a bad way to handle the whole age verification panic we're going through.

• adastra22

  today at 8:57 PM

  Companies like OpenAI are advocating for this because it shifts the burden of responsibility off them. They don’t have to age verifying Microsoft is handling that for them.

  • leptons

    today at 9:03 PM

    As a startup owner, if there has to be age verification, then I'm all for doing that at the OS level. As a human with privacy concerns, I'll continue using Linux.

    • asyx

      today at 9:26 PM

      I think doing this on an OS level might be the most privacy focused way to do this but the issue is that this is not going to be the way this is implemented.

      Like, I’m not American and in Germany we have ID cards that actually have your age encoded on an NFC chip in the card and an ID number that encodes the age. Like, age is part of the ID number and checksum.

      You could totally do all of this age verification offline on device and just expose an API that offers the age of the user to applications. You’d never need to talk to the internet for this, the API just says if you are a minor or adult, the browser can pass that to websites who don’t need to collect personal data and everything is fine.

      But that’s not going to happen. It’s gonna be some AI facial recognition kinda garbage that is gonna send your face in every angle to Apple or Microsoft or another third party.

      As is common these days they are going to try really hard to absolve you as the user of any responsibility for the sake of protecting kids so they can’t let this be a simple offline thing where your personal information never ever have to leave the device because what if kids find a way around it? Well the obvious answer is don’t let your kids just use a computer without supervision but if people would do that we’d not be in need of this garbage anyway.

    • NewsaHackO

      today at 9:12 PM

      So basically, you have no morals? Weird thing to admit online, but whatever.

      • leptons

        today at 10:07 PM

        That's a really random take on my comment. I'm not sure where you got "you have no morals" from my comment, but maybe you are trolling me?

        I'm not the one making laws about age verification, so I'm not sure how you get off blaming me for anything.

      • lovich

        today at 9:26 PM

        You’re on hacker news, a double digit percentage of posters think that doing whatever you can get away with is moral.

        Look at the thread on Block’s layoffs while they are profitable.

        • NewsaHackO

          today at 9:32 PM

          I know, but it's just weird that there are people who have such strong conviction that they would risk their reputation, livelihood, or lives for it. Then there are people like above who, even though they know it is a huge privacy violation, they are willing to back it because it would make their business a little more profitable. Just boggles the mind.

          • leptons

            today at 10:08 PM

            Where the hell did I ever say I backed any of it? You are making up shit in your head that simply is not there. Maybe you need a reality check, or go back to reddit.

            What I did say was:

            >if there has to be age verification

            That is far, far different than saying I want that shit. I do not make the laws, and I wouldn't vote for it either, so please, get your head out of your ass.

• bo1024

  today at 9:32 PM

  I don't know, but arguably the OS version is better for privacy, as each app can just trust the signal sent by the OS instead of collecting a bunch of personal/biometric data.

  • autoexec

    today at 9:37 PM

    until they decide that the OS now needs to collect a bunch of personal/biometric data to avoid people lying about their age or tricking the OS into sending a different signal than the OS should.

• michaelt

  today at 6:34 PM

  > why does the operating system need to be involved in this?

  Well, the politicians probably meant to say “Apple, Google, Microsoft, plus maybe Sony and Nintendo”

  i.e. the companies that already have biometrics, nigh-mandatory user accounts, app stores linked to real identities, parental controls, locked down attested kernels, and so on.

  If phones had workable parental controls that let parents opt their kid into censorship, that’s better than the give-your-passport-to-the-porn-site approach the UK have taken.

  Of course if they have applied it to every OS, not just the big corporate-controlled options, that’s a dumb choice.

  • beej71

    today at 6:47 PM

    > Of course if they have applied it to every OS, not just the big corporate-controlled options, that’s a dumb choice.

    I guess we'll just have to trust that our legislators are technologically savvy...

• perching_aix

  today at 6:03 PM

  Because that's the first layer that deals with user accounts, and subsequent layers commonly base off of identity information stored in there. Just like how and why every other shared interface exists.

• fuzzy2

  today at 5:57 PM

  It's not just local apps that are potential consumers of this information. Websites would also be interested.

  The "why" is also clear: deflecting/shifting responsibility.

Yikes, these government folks just sign without even thinking or having a single clue about how the rule will work. They are completely irresponsible.

As noted at the end of the article, I suspect the impact for many OS's is going to be that they add a line in the fine print somewhere saying not for use in California.

• BirAdam

  today at 10:02 PM

  Already the case for MidnightBSD.

• kgwxd

  today at 9:12 PM

  You're assuming they don't want this just as much as the government. Still feel fine about self-installed Linux, but every OS and device we don't have control over, even ones powered by Linux, will be very happy to include it, assuming it's not too difficult to add.

> (g) This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains.

So, this makes desktop Linux illegal, but all the software-as-a-service like Microsoft Azure and OpenAI get off scott-free?

Fantastic.

California is a confusing state, age verification for operating systems while almost releasing this monster on the public: https://www.latimes.com/california/story/2026-02-26/serial-c...

• monero-xmr

  today at 10:15 PM

  They also created an open air market for child prostitutes with their latest anti-arrest law, as observed by the NYT last November https://www.nytimes.com/2025/11/19/insider/sex-trafficking-m...

How wouldn't this also apply to things like useradd(8) or simply automated user account setup, e.g. like cups, sshd, etc? Do we need to add this to vi for use in vipw on UNIX?

• hedora

  today at 9:50 PM

  Worse. Google has to add this to all the machines in their data centers? Imagine the expansion of DevOps BS this will enable:

  Vendors will need support stuff like "account holder is 12msec old, and can access adult content". They can even create a special certification for it.

  • Muromec

    today at 9:58 PM

    So... That was the new market that all the ai-layoffs have freed the much needed labor for

• beej71

  today at 6:24 PM

  All good questions the legislators had no idea even existed.

  • ewzimm

    today at 6:32 PM

    useradd has the Other category at setup. Could you argue that anything which allows arbitrary text information to be input into a user account that could be passed on to other applications technically fulfills the requirement, as the user could indicate age on the account?

• singron

  today at 10:02 PM

  "User" in the bill actually means child, so cups etc. don't apply.

• boznz

  today at 6:23 PM

  ..or "browse as guest" on a chromebook?

Sounds to me that this is how kids learn to spin their own operating systems (a la LFS, Gentoo)and apps.

This is how people bought personal computers when the mainframe priesthood banned them.

It appears that very soon, young people will "de facto" need to have this level of competence in order to survive and thrive in a world of "in loco parentis" operating systems and apps.

The latin reveals my age, but one thing about my age:

People my age did exactly that. We built our own hardware when there was none. We compiled (or copied) operating systems and apps. A couple of my friends wrote an operating system and a C compiler.

"My generation" created this entire internet thingy, installed and web-based apps.

Indeed, dumb-asses are going to level up young people.

• nancyminusone

  today at 8:54 PM

  Maybe kids won't be doing this because they won't know of a world where this isn't the case.

• kgwxd

  today at 9:14 PM

  It wasn't illegal when we did it. They're working on that too.

• bitwize

  today at 8:51 PM

  I'm sure Xers and millennials are totally going to be okay with a visit from the school cop when their little one is caught with an illegal operating system and looking at charges that could ruin their college and job prospects.

Are lawmakers bored? Who is asking for this? Not the tax paying citizens.

• tonymet

  today at 9:03 PM

  Lobbyists for intelligence agencies. It’s part of de-anonymization so you can be punished for speech online. See UK , Germany and Australia

  • tzs

    today at 9:30 PM

    Interesting theory considering that this California approach does not de-anonymize you, and the approach Germany is working on, as part of an EU wide effort, also does not de-anonymize you.

  • NitpickLawyer

    today at 9:12 PM

    > Lobbyists for intelligence agencies.

    I think it's one peg below intel agencies. It's the local gov agencies that want that power. The 3 letter peeps can already tell who writes what, both at scale and targeted.

    • tonymet

      today at 9:30 PM

      I mean the entire public and private industry . And you’re right this will empower local law enforcement

      • goalieblocksv1

        today at 9:57 PM

        [dead]

• SoftTalker

  today at 9:33 PM

  Parents who are fed up with social media and tech companies taking no social responsibility.

  These companies have fewer ethics than a minimum-wage liquor store clerk when it comes to caring about the age of their users.

  • sunaookami

    today at 9:45 PM

    Parents are lazy and don't want to do what parents should do and cry to the state that they should do it.

  • outime

    today at 9:49 PM

    Will those parents get fed up of themselves not taking parenting responsibility?

  • gtsop

    today at 10:13 PM

    [dead]

[delayed]

Ah, so this is what Lennart Poettering has been cooking? [1]

[1] https://news.ycombinator.com/item?id=46784572

It's not stated here, but is it implied that app platforms that, themselves, have an "app store", would be required to read this datum and pass it to their app store?

For example, I've got a map application on my phone that lets me download maps, widgets, POI lists, etc. from their app store. It seems like enabling that age signal through this exchange is exactly what the politicians are looking for.

Does not require verification, no biggie, this is essentially a parental control system.

• jmholla

  today at 5:02 PM

  As others have pointed out, this is just a foot in the door. There's also a part of the law this article doesn't cover that requires EVERY application to query this information on every launch, regardless of whether or not the application has any age related limitations.

  • davorak

    today at 6:33 PM

    The language I found was:

    > when the application is downloaded and launched

    So it looks like the law only requires it on first launch. Which makes sense if the application can only be run from that one account. Apps that can be launched from multiple accounts are not singled out in the law, but the spirt of the law would have you checking what account is launching the app and are they in the correct age range.

    • jmholla

      today at 7:34 PM

      That's not a guarantee. It's up to how the courts interpret that and. Given that this law is meant to handle a moving target like age, I fully expect them to interpret it as its disjunctive form.

• avaer

  today at 4:11 PM

  Keep in mind this forced parental control system in the OS is supposedly because of app stores.

  So we're already pretty deep in the law deciding what shape of computing you're allowed to do. What makes you think it will stop here?

• gustavus

  today at 3:56 PM

  No but then the next step is "well we need a way to enforce it because people are just lying about their age".

  I guess let me show a slope I found over here, just past the boiling frogs, watch your footing though, it's recently been greased and is quite steep.

  • kgwxd

    today at 9:23 PM

    I was just at some .gov site from another HN post. It asked are you Over 18, I clicked No out of curiosity. Showed Access Denied, but the buttons stayed. I clicked Yes, and got in. I don't attribute to stupidity that which is clear malice. They'd don't actually give a flying fuck about what "kids" can get to, they only care about controlling everyone, of every age, as much as they possibly can.

  • wasmainiac

    today at 4:06 PM

    I agree, I don’t like it as much as you do. I’m just saying nothing short of a mandated TPM will actually enforce this. I think they know that.

    I think this is mostly for show to stay relevant wrt. What is happening in the courts. This is the Same play as it always been for registration “are you over the age of 13?”

    • Mountain_Skies

      today at 6:03 PM

      Which begs the question if Microsoft's stubborn insistence on TPM 2.0 for Windows 11 to operate was something planned out in advance of this law being proposed.

    • gizmo686

      today at 6:17 PM

      How does a TPM stop people from lying about their age?

• varispeed

  today at 4:15 PM

  Overton window.

  Wedge.

  • lioeters

    today at 6:45 PM

    Then ratchet.

It's not clear that this applies where the "operating system provider" does not have "accounts". Linux should be OK, but "Ubuntu One" might have problems.

It's a good reason not to put cloud dependencies into things.

• singron

  today at 10:07 PM

  The bill doesn't define "accounts", so it's entirely possible local users that a human signs into would count.

  The saving grace is that obviously they have no idea what a Linux distribution is, and only the Attorney General can bring action, so there isn't much risk of the AG suing Debian.

• aspbee555

  today at 9:37 PM

  this is why I am building a communications software that has no concept of accounts, devices can connect and keys are generated on device and blind to relaying/directing server/network. people can only connect directly with other people/devices. there is no concept of lists of people/devices to connect to, you need to know someone/have access to the device to connect.

  no accounts to compromise. no passwords to remember. end point devices control their connectivity. no vpn needed to connect, no intermediary to see all traffic and peer traffic is specifically what is needed/allowed/requested, not a wide open network connection/accounts to be compromised

Maybe this is just an unsuspectedly astute way to get Microsoft to reenable local accounts?

so my smart microwave will require some age verification?

I'm under the impression anyone doing nefarious things online are probably more-than tech savvy enough to not install an OS that rats them out...right?

Isnt that literally one of the first rules of the DNM Bible?

• taraindara

  today at 4:18 PM

  Will kids raised on it not know anything different? Seems a path to reduce computer literacy. Then again, being blocked from doing something I wanted is what lead me to find ways around said block. But I already had unrestricted access to the system to bend it to my will. Seems like these kinds of systems won’t allow for the user to learn how to works at all. It’s a mystery box.

• hnav

  today at 6:06 PM

  One thing that's happening is that attestation is being plumbed into the web itself. CloudFlare and Apple have a collab where Safari will inject tokens that let CF know that the request is coming from a blessed device. In a world where all websites are being crushed by bot traffic, expect that Goog pushes on their own integrity initiative in Chrome in the next year or two.

• Muromec

  today at 10:01 PM

  I guess, if you can install the OS yourself, that's adult enough to see whatever adults are doing online.

Is Github an application store? Is npm? apt? yum?

If not, why not? You need age verification before you even create an account.

• beej71

  today at 6:31 PM

  Is `ls` an application? Is `cat`?

  This thing is so broadly-written, the only thing saving you from needing to give you age to your toaster is that it's not a "general-purpose" computing device. Never mind that it can run DOOM...

  • hn_acc1

    today at 9:24 PM

    Do you download `ls` from anything resembling an "app store"?

    • numpad0

      today at 9:55 PM

      like apt? or ftp.example.com?

      also: what's download? in embedded sphere, flashing a firmware is often reffered to as download. That's an industry standard term.

I guess California will release California OS with age verification.

Looking forward to resisting the regime.

• AnimalMuppet

  today at 7:45 PM

  I'm thinking that I should grab a current Linux distro image while I can...

I really hate this new world where one jurisdiction - California, Europe, wherever - makes a law and suddenly every other jurisdiction has to comply because the law-making jurisdiction is big enough that tech companies can't abandon it.

And since it doesn't make sense to have dozens of different versions of their apps, they write to the strictest jurisdiction's laws.

If everyone has the power to make laws that apply to everyone...it's chaos.

• bitwize

  today at 8:45 PM

  Beige PCs. Made to comply with German workplace-equipment laws. Yes, the Bundestag legislated the color of office equipment. That has always been the way of fhe world.

  • rpdillon

    today at 10:24 PM

    Wow, TIL. Thanks for mentioning this. I ran across this as I was researching the background:

    > The "beige box" era was largely the result of strict German workplace ergonomics standards (specifically the TUV and DIN standards) that became the de facto rules for the entire global industry. The law didn't explicitly say "thou shalt use beige," but the regulations were so specific about light reflectivity and eye strain that beige (or "computer gray") was essentially the only compliant option.

Was there HN discussion at the time the bill was introduced / passed?

Many of you commenting haven't read the legislation and it shows.

The actual bill: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

Bill text (it’s longer, but the rest is mostly definitions of the terms used here):

1798.501. (a) An operating system provider shall do all of the following:

(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.

(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:

(A) Under 13 years of age.

(B) At least 13 years of age and under 16 years of age.

(C) At least 16 years of age and under 18 years of age.

(D) At least 18 years of age.

(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.

(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

(2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.

(B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

(3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.

(B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:

(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.

(B) Share the signal with a third party for a purpose not required by this title.

• whynotmaybe

  today at 9:37 PM

  How does that apply to windows server with active directory for a school ?

  Does that mean that the admin will have to manage dob of every student when creating accounts ?

  > A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

  >If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

  So, I have a button "I'm older than 18" on my app but the signal is "under 13", I can decide that the user is older than 18 ?

  • cptroot

    today at 9:51 PM

    So because there is no requirement for the age to be accurate, it would be pretty easy to say "all student accounts are the age of the youngest allowed school entrant for that school year", right? That resolves the age issue and also prevents both PII leakage as well as possible school bullying opportunities.

• frshgts

  today at 5:05 PM

  The definitions of the terms are completely bananas

  The language is so broad it seems to cover all software that exists and is accessible via the internet, and every install of an operating system on any kind of machine

  > (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

  > “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

  > “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.

  So any piece of software you can download from the internet will be required to check this "signal" made available by the os?

  • general1465

    today at 6:01 PM

    > “Covered application store” means a publicly available internet website,

    Client side JavaScript can be considered an application, and then ad business would need to first verify that I am over 18 in order to allow me to see their ads.

    Ultimate ad blocker.

    • autoexec

      today at 9:21 PM

      This law means that your operating system has to collect your age and make it avilable to every website/application so ad businesses can just get that data from our OS automatically and go right on serving ads without having to verify anything themselves.

      • general1465

        today at 10:28 PM

        Yes, the presence of such mandatory kill switch is what makes it ultimate adblocker.

    • wtallis

      today at 8:58 PM

      A majority of the news articles that won't load when using NoScript give an error message to the effect of "this application requires JavaScript". It would be nice to see all the unjustified overuse of heavy JS application frameworks for what could have been simple web pages lead to some significant negative consequences.

  • hnburnsy

    today at 5:33 PM

    So my Garmin watch, my Home Assistant OS, maybe even my Shelly devices?

    I want to know who is behind these laws like this one and the 3D printer gun verification, that seem to pop up across state legislatures all at the same time.

    • sidewndr46

      today at 6:06 PM

      It sure sounds like my Arduino is subject to this since it can download a sketch and run it when hooked to my PC

  • frshgts

    today at 5:20 PM

    good to know that `grep` will have to check how old i tell my os i am before it will do anything

    • today at 5:44 PM

    • davorak

      today at 6:57 PM

      Which seems like a silly accidental overreach of the law. If that is the way it applies.

      The literal reading of the law says this only required when a child is the primary user of the device.

      > (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

      but 'user' here is:

      > (i) “User” means a child that is the primary user of the device.

      So these rules should only apply to accounts/devices where a child is the primary user.

      Grep on an adult's machine would not need to check how old you are, at least with a literal reading of the law.

      • frshgts

        today at 7:27 PM

        How else but the signal could it determine whether the user is an adult or not?

        • singron

          today at 10:23 PM

          The whole point of the bill is to create a cause of action for the Attorney General to sue companies. In the bill, they say the damages are up to $2,500 per negligently affected child ($7,500 if intentional), so it doesn't matter how many non-children it affects. E.g. if the OS/appstore/accounts/application is in the context of a workplace that only employs adults, none of this matters.

        • davorak

          today at 7:49 PM

          I do not think the law provides guidance here. The signal is only required when children are the primary device/account users. So one model would be any initial account set up is automatically considered the 'account holder' and not a child account. Then it would be prerogative of the 'account holder' to set up child accounts or not. That seems to fit into the spirt and literal parts of the law.

          So grep/ls/etc are all installed as part of that 'account holder' and do not need to do any age verification.

          The signal only needs to be checked when the device/account user is a child and when downloading apps. I think an unfortunate consequence here is that the literal definition of the law says package managers probably can not run on children accounts without jumping through a bunch of hoops. Which is bad for children learning code/computers/etc.

          The first thing I would change about this law would be:

          > (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

          Any application that does not need to know a users age should not be required request the 'signal'

  • jrmg

    today at 5:07 PM

    Yes, that’s clearly the intent of the bill (note I’m not commenting on the wisdom of this idea!)

• jmholla

  today at 5:06 PM

  Two important definitions that might surprise people:

  (a) (1) “Account holder” means an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state.

  (a) (2) “Account holder” does not include a parent of an emancipated minor or a parent or legal guardian who is not associated with a user’s device.

  (i) “User” means a child that is the primary user of the device.

  User is the most surprising here. It really should just be minors, or non-emancipated minors. Further, I think there are interesting ways the definition of account holder and user combined play out in interpreting the rest of the law.

Next it will be all devices able to run Doom.

These lawmakers are not even wrong.

To be wrong, one must understand what one is talking about.

Sigh.

Hmm i think at te moment its only Linux that has by default local only accounts except if being used in some sort of SSO environment .

Microsoft has been pushing aggressively to deprecate the local and funnel everyone to Microsoft online accounts , while Android and macOS/iOS are already in such a state by default.

Coupled with the same accounts being used for online login, looks like a feature creep panopticon in the making. With Linux lucking out be default.

• rzerowan

  today at 9:16 PM

  why the downvotes on this?

This sounds like one of those laws that get used not so much to force compliance, but to punish noncompliance as part of a larger case.

> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure

That isn’t age verification at all

• Muromec

  today at 10:04 PM

  The actual age verification is being able to install windows yourself and being allowed to do so by parents. So the next thing is TPM to make sure you can't get the silly idea to reisntall it and set a different date

Buffy Wicks obviously should not be legislating APIs. But I think it's funny how badly this misinterprets the situation. The local user account on a computer has never been less relevant than it is today.

How will this work with the numerous "Hobby" Operating Systems out there ?

• bananamogul

  today at 6:34 PM

  You have to ask yourself, I guess.

  "Self, are you 18 years old?" "Why, yes I am." "OK, self, please fill out a 27B stroke 6 form in your head." "I've completed it." "OK, self, I've validated it."

  useradd...

I hope the headline is just ragebait cause I feel infuriated

Sure, I'll ask where the user is located, and if they choose California, I'll ask them for their age. And if they choose over 21 I'll scold them for voting for Gavin.

• autoexec

  today at 9:26 PM

  Ask where the user is located and if they choose California tell them that your website/service/OS isn't available for users in CA because you will not be complying with this law and they'll have to go elsewhere.

• jmholla

  today at 5:02 PM

  Colorado is trying to copy this law right now, too.

Aha... Interesting, I'm the sysadmin of myself so I verify myself that I'm entitled to be root on my iron. Sometimes politicians reveal themselves in their future program dreaming things like mandatory online accounts on corporatocracty-controlled servers for all...

Apparently the redacted politicians that were caught raping and murdering little boys and girls in the Epstein files are entitled to a higher level of privacy than either you or me.

Is this a weird attempt at device verification?

Trump - making heroic efforts to give Newsom the presidency in 2028. Newsom valiantly resisting those efforts.

Extremely stupid that this will fall on the OS.

Accomplishes three things: Demonizes age verification, big tech gets to dodge it, cedes more control of your PC.

One could cope that this regulation can not apply to Linux or other OSS operating systems. But this is only true unless the bootloaders on consumer devices are mandated to be closed next.

We already have Secure Boot, the infrastructure is in place. It is currently optional, but a law like this can change that.

• maemre

  today at 9:17 PM

  The law is written so broadly, I think it applies to them already: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

  > (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

  This is basically any program.

  > (e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

  This would include any package manager like dnf/apt/pacman/etc. They facilitate download of applications from third parties.

  > (g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.

  This sounds to me like it would include distro maintainers. They develop and/or control the OS. Also, would this include the kernel devs? How would they be responsible for the myriad of package managers.

  The overall law reeks of politicians not knowing what they're legislating.

"The road to hell is paved with good intentions." - unknown

• autoexec

  today at 9:27 PM

  I doubt good intentions had anything to do with this.

So now I have to prove who I am just to use something I purchased? Am I gonna have to prove my age/identity to my new laundry machine (it runs on OS)?

How will this work with ephemeral VMs? If you spin up a few hundred a day, will each one prompt you for birthday ? And whose birthday ? The CEO?

You know the non-governmental organization "Save the Children"? Maybe it's time to create a new one called "Fuck the Children" to defend people from these laws designed to mine privacy under the pretense of protecting minors.

• nomdep

  today at 9:29 PM

  Ironically, the “Save the Children” people tend to be the most pro “Fuck the Children” in secret. Literally

• rolph

  today at 5:43 PM

  literally.

  when you force someone to signal status as a minor, you are forcing them to wear a target, hostiles will not have so much work to find minors, now they only have to contact, groom, and offend.

  this proposed law actually endangers minors.

  • autoexec

    today at 9:29 PM

    The fact that bill breaks kids down by specific age groups makes it seem even creepier. Want to target 13-16 year olds? Prefer kids under the age of 13? California is helping predators by making sure they can tell which group every child's username falls under!

• theandrewbailey

  today at 5:23 PM

  I was thinking "Save the freedom", but your idea works too.

• netsharc

  today at 6:18 PM

  Ghislaine Maxwell asks where to send her CV in, she's going to be available for work soon...

• boznz

  today at 6:26 PM

  Not the best choice of words, but I get what you're saying.

• calgoo

  today at 5:36 PM

  Well, you might actually get support from the Epsteinian class ruling the US.

  • Mountain_Skies

    today at 6:04 PM

    And their MAP allies.

It's getting to be time for tech firms to leave California.

Next step will be reporting potentially unlawful activities.

Ok. No more linux in california. Forget silicon valley. Forget all the supercomputers at research establishments. Forget all the smart TVs. Forget all the cars with in-dash computers. Let's see how long california can keep its lights on without embedded linux.

In all seriousness, rather than comply, linux distros should enforce this law. Any linux install that detects itself being in california should automatically shutdown with a loud error message. I give it a week before a madmax situation develops.

• charcircuit

  today at 6:33 PM

  How expensive do you expect such an API to cost to make? It's pretty simple.

  • sandworm101

    today at 8:20 PM

    Compliance is always easier than resistance. Want to keep software free? Freedom has costs.

    • charcircuit

      today at 8:25 PM

      Free software doesn't mean that it can or should break the law. That is entirely tangential.

  • dismalaf

    today at 7:44 PM

    Considering the law requires every app to do it, pretty expensive.

    • today at 8:22 PM

• wakawaka28

  today at 7:08 PM

  It would have to be done at the license level and with litigation. Anything relying on code to be added, would be removed. And probably, trying to do the license thing would force some people to fork the software.