A new California law says all operating systems need to have age verification

That would make retro computing illegal :(

They’re trying to destroy all the best nerdy hobbies. First drones, then 3D printing, now even my precious Amiga!

All is asks is that 'adduser' asks for thier birthday; and and age restricted software checks this on installation. Given we already have software it is illegal to sell to children this seems like an easy win? (Obviously it is still down to the parents to ensure the account is setup correctly)

It's funny that more and more Chinese style laws are being passed in the West.

What's next? Chinese style social credit? You’ll need 800 points to run a sudo command?

Free society? Mass surveillance. The West is becoming more of a nanny state like China every year.

It’s to stop 14 year olds compiling the Linux kernel.

This law perfectly demonstrates the constraint problem: regulators assumed age verification is a simple checkbox at account setup.

Right now I'm on an ESP32 with free RTOS, will I need to add a keyboard and display just for age verification?

It doesn't require age verification, only age attestation.

More significantly, it does require all applications (from "covered application stores", but which has a definition for that which seems to include not only what you would normally call an app store, but any website or other source from which an app can be downloaded) to check the age signal provided by the OS when the application is "downloaded and launched".

While it is poorly drafted, circular, and self-contradictory on some definitions and other points, it arguably seems to prohibit age verification within the scope of apps it covers, in that:

(1) It requires all OS's to have an age attestation feature, (2) It requires all applications to use the age attestation feature, (3) It requires developers of applications to rely on the info from the age attestation feature as the "primary indicator of a users age range for determining the user's age", with the only exception being if the developer has internal (not external) information which is "clear and convincing information" that the user's age is different from what is signalled by the OS.

Will this only apply to an OS with human user accounts? I wonder how autonomous agents that are operating systems running on bare hardware are defined under this strange law. Not all OS are for humans. Consider many uni-kernel applications.

Our lawmakers have zero idea how software works.

"useradd bob" is an "account setup". does that need age verification too? haha

If age attestation in the OS becomes law, there's much less friction afterwards to pass another law to have age verification as well. It should not be humored under the mistaken belief that "it's just age attestation in the OS - nothing invasive about that".

Is Github an application store? Is npm? apt? yum?

If not, why not? You need age verification before you even create an account.

People who cannot tell what is an operating system and what is not are writing laws

Just when you thought windows couldn’t possibly get any shittier.

The actual bill: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

Bill text (it’s longer, but the rest is mostly definitions of the terms used here):

1798.501. (a) An operating system provider shall do all of the following:

(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.

(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:

(A) Under 13 years of age.

(B) At least 13 years of age and under 16 years of age.

(C) At least 16 years of age and under 18 years of age.

(D) At least 18 years of age.

(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.

(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

(2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.

(B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

(3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.

(B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:

(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.

(B) Share the signal with a third party for a purpose not required by this title.

Headline is wrong. There is no verification requirement.

All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.

There’s a concerted global effort to push this legislation. It’s also been proposed in Colorado and, some version of it’s been passed in the UK and Australia.

So if you write your own operating system without age verification you're not allowed to use it?

Fun to watch my generation who was raised by helicopter parents turn into tank parents using scorched earth techniques.

Californian seems like a state with a golden goose they keep trying to kill in ever more idiocitally inventive ways.

Feel free to call me paranoid for seeing patterns where there are none but this to me looks like just one phase of a preparation for a very large event entirely unrelated to every age verification reason given thus far. I won't guess any further. "I'm a good boy."

Dutch disease. Govt. just needs to keep the cash cows happy. Everybody else is irrelevant; just critters roaming the land.

I really hate this new world where one jurisdiction - California, Europe, wherever - makes a law and suddenly every other jurisdiction has to comply because the law-making jurisdiction is big enough that tech companies can't abandon it.

And since it doesn't make sense to have dozens of different versions of their apps, they write to the strictest jurisdiction's laws.

If everyone has the power to make laws that apply to everyone...it's chaos.

so my smart microwave will require some age verification?

I figured California would have been against the age verification on the adult sites like Texas and some other states are doing but then they go and 1UP them and decide to require age verification on the whole OS

Crazy idea, bear with me on this, but perhaps it's time to stop giving children smartphones.

A few thoughts:

Won't kids just lie about their age, like they do to sign up with social media?

What if more than one person uses the pc?

What if it is sold?

If the OS is open source, then the user could remove the software code to collect the data.

This is protect-young-people theater.

If

I’d lay odds this is a free speech issue. Someone will sue.

Using any software made in California should be treated as a privacy and security threat.

To what extend is this real? What is the probability this will enter law fully? Is it just a proposal?

What is the reason fir this law, what problem does it try to solve. It's not clear to me what age gas to do with using an operating system.

They should also require background checks for gun safes.

How about you go after the guys that actually do harm to children and let the rest of us live in peace?

How will this work with the numerous "Hobby" Operating Systems out there ?

I don’t think the title is correct? All OS must have age profiles that external sources can query. There’s nothing explicit that checks the age itself in the law?

Sounds like a box checker. "Enter a four digit number lower than 2011 to use this computer properly". Ok then...

What about embedded RTOS, like WindRiver or Zephyr? What if I write a memory manager and flash storage file manager for a really barebones MCU like a PIC? It didn't even define what an operating system is. What constitutes an update? If a security patch to DOS 6 came out, would it suddenly be required to have this tech? Is z/OS going to have this tech?

Overall, I think don't think it's a bad idea for devices to be able to host an age verification system that offers requestable boolean proof of age, like if porn site demands over 18 to view, the user, regardless of age, is prompted and if they accept, it returns either a positive cryptographic claim or a cancel signal if not of age. If they don't accept the prompt, the same cancel signal goes back. The idea that this feature would need a mandate of law is dumb.

Cant't wait to see how Intel adds this feature to the minix built into the cpu.

Why can't we have normal politicians anymore, anywhere on the spectrum ? They're all racing for stupidity, it's simply terrifying.

Sure, I'll ask where the user is located, and if they choose California, I'll ask them for their age. And if they choose over 21 I'll scold them for voting for Gavin.

America is losing the plot.

> Assembly Bill No. 1043 was approved by California governor Gavin Newsom in October of last year, and becomes active on January 1, 2027

It was already approved? This seems wildly invasive, and CA can't even pretend they're doing it to stop porn. CA is just monitoring citizens for the love of the game

Our leaders are lost people.

If you're a Mac or Windows user, I mean, fine.

This is just not going to be a thing on Linux.

Are there app stores on Linux? Yes, that's what FlatHub and Snap supposed to be.

So what, should Canonical just block Ubuntu downloads to anyone in the state of California? No security researcher is going to download an operating system that asks them their age for example. I feel like it draws a red line for me also.

This law is so completely insane. It sounds like it was written by some Apple fanboy to whom there is no other operating system other than Apple. The very state that spawned GNU and BSD is the same state that is not only demanding your data but enshrining its use in spyware in law.

They want to spy on everyone. This is against freedom.

I would not know why the operating system I use would need to sniff on me - or yield that information to anyone else.

This is clearly fascism.

Feels like they're trying to implement a new wide-reaching protocol/spec by requiring it by law first, then expecting someone to magically develop something, and god forbid it's a different standard than anyone else's.

By next January there will be 30 different methods of age input signalling between OS and application. And then by 2030 we might have the top 3 adopted as established defacto standards.

somewhat related-ish https://xkcd.com/927/ :)

> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure

That isn’t age verification at all

What a ridiculous law, smells of some sort of frog boiling scheme to me.

step1: "lets see if we can get away with imposing a small easy requirement, you know 'think of the children'"

step2: "now that we have a foot in the door, lets see if we can get some real tracking in place, for the children of course"

Anyhow: as far as I can tell compliance on linux would be as simple as

    echo $YEAR_BORN > ~/.config/ca_ab_1043

Remember in that South Park episode where Cartman had a V-Chip[0] installed in his head and he would get shocked if he said big floppy donkey dick?

In all honesty the V-Chip was meant to protect children.

Age verification and identity assurance[1] is meant to reduce online banking fraud and combat terrorism/espionage.

Whats next outlawing encryption with Clipper Chip[2] 2.0 and saying its to save the whales? I guess we have QUIC and other DRM tech to ruin our day so it doesn't even matter.

I would prefer we drop the think of the children[3] charade and act like adults and get serious about online crime/fraud/terrorism and maximizing online banking.

The biggest problem with this thought domain is that the internet is global and we are thinking at regional, national, and state levels. For so many years everyone has heard complaints about the great firewall of China only to build our own? I guess we have no other choice since bad apples spoil the bunch[4].

[0]https://en.wikipedia.org/wiki/V-chip [1]https://pages.nist.gov/800-63-3/sp800-63-3.html [2]https://en.wikipedia.org/wiki/Clipper_chip [3]https://en.wikipedia.org/wiki/Think_of_the_children [4]https://en.wikipedia.org/wiki/Bad_apples

this looks like law created for age or identity verification providers (persona etc). No one would build it from scratch. It will be passed to these providers.

This sounds like one of those laws that get used not so much to force compliance, but to punish noncompliance as part of a larger case.