The intent behind these laws is noble, but the implementation shows the deep-rooted corrupted nature of law making in these jurisdictions.

That said, the failure is shared evenly with the tech industry's refusal to work with governments to implement viable solutions.

Legislators favor their corporate benefactors, the tech industry favors its ideologies and freedom of developers and engineers. But who looks out for the regular individual? Who is making sure their interest is enforced first and foremost?

Consider these facts (and correct me if they're wrong):

1) it is possible to issue hardware to the public that verifies to computers and internet services alike the age of the bearer without disclosing anything else about the bearer.

2) Age verification laws for other things like drinking, smoking, and gambling all primarily require the seller to authenticate that the person has authentic identification, and their age is lawful for the activity.

3) The secure method of authenticating users requires MFA, a FIDO2 compliant device like a Yubikey is the most secure means of the 2nd factor of authentication. It requires knowing a secret, and physically touching the device.

Knowing all this, it is possible to issue the public devices that receive a challenge from a government operated server, require the user to tap on the device, and then enter a pin to respond with a signed version of the challenge, to verify they possess the device. The device could be sold or given to the public without any registration, the only thing required would be showing and verifying your valid ID at the point of sale (from a government office ideally).

This is just one solution, but the burden could be passed onto the government, and the tech industry to implement solutions that work with that.

If we had that, I wouldn't agree with it, but I would also not have a problem with requiring insertion of an age verification device to start installing Linux -- of course the installer wouldn't know it's in California, it would rely on the people installing it to tell them it is. And when selling devices in california, by default they could require inserting this device to proceed, but I see nothing preventing users from installing their own custom OS lawfully if they too the device elsewhere, and how can the device tell it is at "elsewhere", even if it has a GPS there is no law requiring GPS to be turned on for that purpose.

---

The key thing you should all consider is that this is the will of the people to the most part. Most people agree that access to tech should be age restricted, although to what degree is a different story. This isn't the 90s, using an OS is not a novel or special thing you do, it is similar to driving a car except we depend on these devices more than cars!! Things the public depends on, things a country depends on, will always require regulation of some sort.

Forget about what it was like for you in your nostalgic days of experimenting with Linux or whatever. These are not those days. this is happening. if you can stop age verification laws, please go ahead, you have my full support. But I don't see that happening. We will get shitty situations where third party companies bribing politicians collect our physical ID scans, and we'll be forced to not only disclose our identity to everyone and their mother on the internet, we'll be forced to let these 3rd parties and the government track every site we visit at this rate.

Corrupt lawmakers are one half of the problem, technologists refusing to adapt and make best of the situation and propose privacy preserving solutions is the other half. I'm glad so many are willing to go all-or-nothing and die on their hills, but there is no reason they have to drag everyone else with them.