I think the answer is quite simply: Follow the money. General-purpose computing is scary to big, soulless corporations. They want you to rely on them, not to be able to do stuff yourself. (They want to keep that power for themselves.)

Age verification is the quickest road to ending general-purpose computing, because it plays on people's knee-jerk emotions. It won't do it by itself, but it'll goes a long way towards it.

> why does the operating system need to be involved in this?

The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.

Let say the the age questions happen when you install the app store. That means if you can install the app store while logged in as the child account the child can answer whatever they want and get access to apps out side of their age range. The law could require the app to be installable and configurable from a different account then given access or installed on the child account, however at a glance that seem a larger hurdle than an os/account level parental control features.

The headline calls this age verification, but the quote in the article "(2) Provide a developer who...years of age." Make it sound way different and much more reasonable than what discord is doing.

I would much rather have OSs be mandated with parental control features than what discord is currently doing. I am going to read the bill later but here is how discord age verification could work under this law.

During account creation discord access a browser level api and verifies it server side. discord no knows if the OS account is label as for someone under 13 years, over 13 and under 16, over 16 and under 18, or over 18. Then sets their discord account with the appropriate access.

No face scan, no third party, and no government ID required.

Because it's the lowest common denominator between the user and every online interaction. The bill basically says provide a date-of-birth as metadata to accounts and provide an API to query the age bracket, not even the age, of the user to applications. It's a privacy-aware, mostly reasonable approach that shifts responsibility to the owner/administrator of a device to enforce it. It's basically just mandating parental controls.

Companies like OpenAI are advocating for this because it shifts the burden of responsibility off them. They don’t have to age verifying Microsoft is handling that for them.

Arguably the operating system (or potentially the user-agent) is the exact place to do this.

What I don't get is why it can't just all be client side. An app will just signal "I am going to show 16+ information" and the OS will either show it or not show it. No need to communicate anything.

Giving people the choice to limit a device for their children is okay by me.

I don't know, but arguably the OS version is better for privacy, as each app can just trust the signal sent by the OS instead of collecting a bunch of personal/biometric data.

> why does the operating system need to be involved in this?

Well, the politicians probably meant to say “Apple, Google, Microsoft, plus maybe Sony and Nintendo”

i.e. the companies that already have biometrics, nigh-mandatory user accounts, app stores linked to real identities, parental controls, locked down attested kernels, and so on.

If phones had workable parental controls that let parents opt their kid into censorship, that’s better than the give-your-passport-to-the-porn-site approach the UK have taken.

Of course if they have applied it to every OS, not just the big corporate-controlled options, that’s a dumb choice.

Because that's the first layer that deals with user accounts, and subsequent layers commonly base off of identity information stored in there. Just like how and why every other shared interface exists.

It's not just local apps that are potential consumers of this information. Websites would also be interested.

The "why" is also clear: deflecting/shifting responsibility.

The goal is to lock down anonymous computing and increase control of government and reach of the surveillance state. It isn’t to save little Billy from seeing a titty.

The operating system needs to be involved because its the easiest set of actors to penalize for non-compliance.

There are essentially two desktop operating systems, Windows and macOS. Linux is a decimal point and too fractured to worry about.

There are essentially two mobile operating systems, Android and iOS. And while Android is fractured, Google still has reasonable control they can exert.

This is (weirdly) the smart way to do this type of law.

Make the consumer OS providers add an age signal. That property can be bound to an account with the inability to change it.

Behold, "universal enough" parental controls which will require only a handful of lawsuits to litigate.