Many people here are going off on wild tangents over this. You should just read the law, it’s only a couple thousand words of quite plain English.
Many here have taken completely incorrect assumptions from the title. This law is for developers, not users.
Summary:
- Requires OS devs ask for DOB, age, or both at account creation time.
- Requires an API that allows app store devs to request this age data for the account. At minimum this API must signal that the account is a member of one of these categories: ‘user under 13, user over 13 and under 16, user is over 16 and under 18, user is over 18’.
- Explicitly bars OS devs from sending more data than explicitly necessary to meet 1 (hint: photo ID, facial recognition).
- Explicitly bars app devs recieving the data from requesting more data from the OS nor the App store.
- Bars app stores from using the data for any other reason and specifically calls out anticompetitive practices.
- Bars app store and OS devs from sharing this data with any third party for any other reason than to comply with this law.
- Has injunctions and civil penalties of $2500 (max per user) affected by negligent violations (eg a child account is served adult content), and $7500 (max per user) affected by intentional violations.
The only problem I have with this is that it should only apply to commercial software (app stores and OS). Libre/FOS software should not have to police ages on their app stores, due to their far reduced budgets (often zero), developer time, and the nature of the software being generally anti-centralized and anti-surveillance-capitalism. Though I’d be fine with it for FOSS software distributed via commercial app stores, as long as they gave a longer lead time to implement (EG a couple of years).
The only problem have with this is that it should only apply to commercial software (app stores and 0S). Libre/FOS software should not have to police ages on their app stores,
It’s a bit like saying the only problem with the Titanic is the water inside.
The law is bad, whether it can be worse or not is just tangential. But still, this law as is applies to computers, phones… And nas, some routers, watches, advance calculators… As they all have OS and can install apps. As per app stores, guess what, thats the GNOME app store, but also flatpak, jellyfin (can install apps as plugins), pip, docker, git… And what about plain executables? Githut should ask for your age too to download artifacts?
Porn started with only age verification by the user as a prompt, and we see where that is going now.
So now when I spin up a VM at my sysadmin job I have to tell the server I’m an adult? Does anyone actually know what the fuck we are doing here? What an absolute clown show.
This is what happens when boomers never die and stay in office for a lifetime. They don’t understand technology but are allowed to make the laws that govern their use.
When can just change the laws when they leave
How will this affect embedded os like freertos or vxworks? There are lightbulbs that have operating systems these days, am I going to have to show ID to turn on my light?
As those are not general purpose computing devices, and additionally have no app store - no, and no.
From the law text:
© “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
For everyone trying to figure out how this would be enforced, it’s not about being proactively enforced. (and data collection is 99% of it)
It’s about adding a double-tap “Well, these people also violated our age verification law, so they have to pay a fine,” added to any incident where it’s convenient to add this in. If a minor sends another minor a snap that would trigger CP laws, and one of the phones isn’t age verified correctly, fine to the parents and hands up in the air “We tried!” A minor is involved in torrenting movies? “Look, kids using illegal OS! Fine to the parents!”
This is how laws work across a lot of corrupt developing countries. There’s laws for everything, but they only get applied selectively as authorities find they fit the situation. It’s hard to actually be 100% above board and do everything legally because of a few little things meant to be impossible to actually do bureaucratically. So in every situation, any set of authorities start in with the endemic leverage of “Well, we have suspicion of you selling ketamine out of your apartment. Did you do age verification on your laptop? No? Then we can seize that as a crime and see what’s on there. OR you can give up your supplier.”
This will not matter to most of linux, it’s non enforceable and easily circumvented.
But the issue is what they used for thumbnail. Steam deck.
Steam is bringing linux to the the masses but they won’t be able to sell any without complying to the part that all apps that can be installed must be able to ask the os to give this data.
Steam already requires your age when you look at m rated games. The only difference is that the age verification is before you get to that page.
Also, the age verification is literally just check a box. Its the less of several evils, but really if I HAVE to verify my age, Id prefer to do it this way
Simple solution. From now on Linux distros should ship with a big message “NOT FOR USE IN CALIFORNIA”.
You want to force age verification? No server in all of California will run. Period.
Ah, the Glock solution.
I’ve always input my age as 1900-01-01 and I can’t change that now because that’ll show an inconsistency and we can’t have that now can we.
Wow California leading the way to fascism, who woulda thunk?
This kinda seems like a roundabout way of avoiding government /corporate age verification laws? Like it doesn’t require ID verification or biometrics and runs a local api to verify age.
Can someone smarter than me please explain if this is a good thing or not?
Colorado Dems pushing a similar law rn.
Fucking idiots.
It’s been that way for a very long time.
What if no internet? How set up?
Technically, Linux is not an operating system, just a kernel, so I’m not sure how this would be implemented.
See, here’s the big open secret. All these politicians, who make all these rules? They don’t have a clue what they’re talking about. They think a kernel is something that gets stuck in your teeth whrn you eat corn.
That’s my guess. These people have no clue what they’re doing.
That was a 5’19 kernel operating in my mouth, I swear.
Most of them are old enough to remember when politics was invented.
You just said it, it’s a rule for operating systems, which means that whoever ships Linux as part of an operating system has the onus of implementing this.
If you do Linux from scratch, that would be you I guess.
Linux being a kernel is hardly relevant though. The law lies the responsibility at the “operating system providers”, looking at the definition in the article that would be the developers/organisation behind the individual distributions. Politicians don’t care if each distro comes up with their own solution or gets built-in to the kernel.
But personally I think they all just give this law the finger, put a ‘not for use in California’ in their licenses and forget about this brainfart.
How old is my tomcat user? How about my various docker containers, are those separate OSes?
Linux from Scratch is a refuge. It would be greatly improved with a package manager.
When I did it I added rpm and apt (and alien). It was a clusterfuck. Good times.
