Apparently this will include Linux…
I’ll just copy my comment from a similar bill in colorado, I will leave the link to the colorado bill in, but here is the california bill as well if you want to read it yourself.
The title is very misleading. This is the actual bill that they are trying to pass. The link already includes a summary, so I will just give you an even simpler explanation and some practical examples why this is actually really neat.
First of all, this is not age verification. No IDs have to be submitted, no selfies or videos will be submitted to any age estimation AIs, so put your pitchforks away (for now, until they decide to expand the bill to include these measures as well, then it’s time to burn it down). The name of the bill already tells you what it is: Age Attestation. Aka what every piece of software already does before it shows you explicit content.
With the bill in place, every “operating system provider” has to ask you for your age or date of birth during OS setup, which will then be made available to other software via an API. So instead of having to fill in your date of birth or checking “Are you 18+/21+?” boxes, software will use the new API to check instead, saving you the trouble of doing it manually every time for every application that is not made for all ages.
What makes it even better is that the OS does not have to provide your actual age or birth date, the bill has a minimum requirement of just disclosing age-bracket data. So it could work just like age ratings, which also rely on age groups rather than specific years. Also, the bill explicitly forbids asking for more than your age, sharing more than that via the new API and using the entered age data for anything else than the described purpose, like sending it to a server for tracking purposes.
And finally, as mentioned in the beginning, no IDs or anything else as it is with age verification necessary. You can still lie, just enter 1.1.2000 or whatever you want. Nothing changes, except that you will only have to do it once every time you reinstall/reset your OS or buy a new device.
Sure. But this is step 1. Things never stop at step 1.
Of course, and I will fight the next steps with pleasure, but I welcome a qol feature anytime, even one enforced by law.
This bill makes the operating system provider the responsible party. They have to implement this, and ensure compliance. Failure is a $2000 fine every time a child launches an application.
Under this law, Microsoft and Google are charged with implementing this feature and ensuring compliance. They are, obviously, “OS Providers”. They control their respective operating systems.
With FOSS OSes, Ubuntu isn’t the OS provider. Arch isn’t the OS provider. Debian, Redhat, Gentoo aren’t the OS Providers. The product each of these entities provide is an OS, but it is an OS that is under your full and total control. Not theirs. They cannot control what you do with the OS. They cannot ensure your implementation is compliant with state, local, national, or international law. Under this law they are not the responsible party.
Under this law. You are the “OS Provider”.
What about distros that don’t use automated account creation (or have optional automation), like Arch for example or Gentoo? The law isn’t made to accommodate those people:
“Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.”
The odd thing is the wording that it “requires” an account holder to indicate age or DOB. As with anything *nix, there is always a workaround. There is no way to require anything of the user. There’s also no definition for “accessible interface.”
Thanks for putting this here. Kinda getting sick of people that only read the headlines or have only seen the Lunduke journal video that has so many clear inaccuracies.
The laws aren’t perfect but they do have some nice protections for the users as you mention.
The only thing that I think is missing is that developers are restricted from collecting additional information but the OS providers are not, at least as far as I understand from reading the California law. At the very least, they still have the restriction on using the information in other places or sending it to third parties.
I posted this in another thread but I’ll repeat it here. I think it is shortsighted that some linux distros are taking the kneejerk reaction of leaving/banning California residents. We need to band together and figure out a solution.
Oh, I have one solution in mind. Two, actually:
- leave California
- ask some questions ™ to authors of the bill. Like who is going to benefit from this, who was paid how much for what etc.
I, and many others, will be born on 1/1/2000 at 0:00 'clock.
Imo, it’d be funnier if you picked Unix time. (1/1/1970 at 00:00).
Good fucking thing Linux is kernel
Every day this gets worse
And literally no one is doing shit to stop this. It is almost like personal property rights, privacy, and everything else are now dirty words that will make you look like a criminal.
Good luck with that
I guess Linux distros are about to be banned in Cali.
what are they they gonna do against it?
So, umm, what city is always the same time zone as California, but not in California?
Vancouver? Portland?
Apparently not Vancouver
https://www.cbc.ca/news/canada/british-columbia/b-c-adopting-year-round-daylight-time-9.7111657
I just heard that, too.
deleted by creator
deleted by creator
This is why I torrent my ISOs
So, to deploy a new server they’ll want the tech to do a face ID check first? Maybe it needs the CEO’s face as they are technically the owner.
Gavin Newsom is such a fucking tool.
People wonder why the Dems are unpopular. 2 of my Dems here in Colorado are pulling the same OS age gate shit right now. What I want to know is: “who fucking asked for this?”. Everyone seems to be doing it at the same time, but many people don’t want it. Smells fishy. Let’s not elect these assclowns to anything ever again. Why are you doing authoritarian shit when we elected you to advocate on our behalf.
In my book, a take that extremely authoritarian and unconstitutional should end your political career instantly. You can watch it all on your TV at home like every other clueless boomer (shout out to the boomers who are with it, actually understand, and care). How can we send people to represent us who will openly sell out our and our children’s futures for a few thousand dollars in campaign contributions?
Tbf every single politician is.
Every politician should be… At least here in America. They are supposed to be our representatives, regardless of how they feel.
They are not. Not the grand majority of them, anyway.
If you run for office to be different from all the rest and win, do you immediately become corrupted upon election?
Removed by mod
Please drink a verification can
So define Operating System. Are embedded systems Operating Systems? Coz that’s going to cast a rather wide net.
Selective enforcement. Basically if they want to do shit to you they will prosecute you, otherwise they won’t bother.
I can’t wait for my microwave to ask me to take off my glasses, face the camera, and turn my head slowly from left to right.
You are right that operating system is not defined. But the definition of operating system provider is this: “(g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.” (emphasis mine)
Which should clearly exclude embedded devices.
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
good lord, not even the solar powered four-function calculators are safe!
But embedded computing devices these days are regularly general computing devices, and have been for a long time. If my insert appliance x with an ARM processor isn’t a general computing device, then why is my raspberry pi?
Need a face scan to use my fridge
That is not something I had considered, I fully agree.
So many devices are built around SBCs running linux. I guess my first thought was that it is more about how the device is used and not what that actual OS is. But then how would the OS even be able to tell the difference.
This is a distinction that they should have spelled out explicitly in the law.
They basically defined curl as an app store: “facilitates the download of applications”
I mean sure, if you ignore the 2 words just before what you quoted.
“distributes and facilitates the download of applications from third-party developers”.
I don’t know that I would consider curl as “distributing” software. But as always it depends on how the court interprets it.
Full section for context:
(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
(2) “Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.
Doesn’t even make sense. Virtually all Linux distros can function completely offline. How do you do age verification completely offline? Classic politician who doesn’t understand tech trying to look like they’re doing something to save the kids.
They will make it a crime to not have any OS that is not compliant, that simple.
The only platforms for now where this might work are Windows, macOS, iOS, and stock Android, however as Muta hypothesized, if this extends to hardware-level, a law could just mandate SecureBoot and lock out the ability to implement custom keys, and then only allow a short list of state-approved OSes to boot on the hardware, which no doubt Windows would be on that short list.
Similarly, all non-Apple mobile devices as an extension to that could be locked exclusively to stock Android, eliminating custom ROMs like LineageOS or GrapheneOS as an option entirely, let alone mobile Linux distros.
Me, buying cellphone parts from another state to assemble myself like an 80% lower to avoid having to drink a Verification Can every time somebody calls me:
I think I just invented the concept of a “ghost phone”
Me, using 8 bit adders to make my own CPU because everything else is now locked down to all hell
That seems as reasonable as suggesting they could pass a law requiring everyone to hire a govt licensed computer user in order to interact with their devices, and otherwise touching a keyboard or touchscreen would be illegal.
It doesn’t feel like a realistic estimation of what they would actually try to do. There’s too much that is currently dependent on Linux, you’d do better to just dismantle and ban the internet.
Another thing that could hypothetically be done given NK does this already so there’s precedent as far as this goes, is any given government could make their own Red Star OS equivalent, and then have that as the only state-approved distro
"(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Sounds like it’s a text box that enter input into. Making it completely pointless.
According to Gabe Newell, something like 90% of steam users were both on 1/1/99 (might be fudging the numbers somewhat but presumably you get the idea).
