California moves to exempt Linux from its age-verification law after backlash

The only device mandates that should be taking place is for the default installations of web clients should be checking to see if parental controls are enabled. This only impacts the major browsers. An intern at each browser company could add this check in minutes. If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1]. If present, prompt for a override password and also give the option for the admin to approve-list the domain at that time. That's it. Not perfect, nothing is or will be.

The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside. This knocks out two issues with one fix. Small children don't see much if any adult content and they are kept off social media until the admin (parent or legal guardian) approves it.

If a site is not adding the RTA header then progressively fine them into oblivion. If they accept the fines as the cost of doing business then seize everything and put everyone in GenPop. An intern could enable the header in 5 minutes.

All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. The focus should be on small children as teen share porn, warez, movies and such within Rated-G games.

[1] - https://news.ycombinator.com/item?id=47950091

As usual 95+% of people commenting have no idea what is actually in the California law, and so are commenting about things that have nothing to do with it.

Different states, countries, and multi-country organizations that have legislated in this area or are working on legislating in this area have went with many different approaches. These differ in their scope, how age is verified (or even if age is actually verified), what documentation is required (or even if documentation is required), whether they apply to the web or to apps or to both, whether they make anonymous use harder or not, how much if any sensitive information they disclose to the apps/sites that need to check age, whether they could allow government to track your usage, and in other ways.

Most ridiculous are the comments that after saying how bad it is (clearly talking about things not in the California law) then say how it should work and describe something close to the California law.

Who is actually writing this very concerning California Internet legislation, which will ultimately affect the entire nation and world?

Did someone write California Internet legislation without consulting any California Internet companies?

Did some California Internet companies write California Internet legislation?

Did some other party write California Internet legislation?

A cynical person might suspect that the reason they are doing this is so that Linux developers don't have standing to challenge the law on 1st amendment grounds...

All this because public institutions have lost the will or capacity to regulate the companies. So they switch to burdening the consumers.

Linux will be exempt for now. I wouldn't be at all surprised to see them try to slip it through later. Legislators in California have learned over the years, and have carved out exemptions in bills such as gun control bills to get it passed, and later classified their exemption as a "loophole" to be closed.

Not just Linux. More specifically: “Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.

On a side note ... does anybody know where I can get one of those Tux plushies? The tag appears to say "Penguin Power ... https://www.PenguinPower.com/", but that doesn't resolve to anything useful.

Okay, let's flip it: why would Apple, Microsoft, etc.. agree with such a law? What would the trickle down be for browser makers and website creators?

If it gets horny teenagers into free software, that's a good thing, I guess :)

As a dad of two younger kids (7 and 10), I have been incredibly frustrated with the way age restrictions are handled across various services.

Really, my main complaint comes down to: I completely disagree with what these services choose to restrict for kids and what they allow.

They block my kids from doing things I have no problem with them doing and they allow things I would never want my kids to do in 1000 years. It is incredibly frustrating.

Often times, there is literally no way for me to bypass some stupid restriction they put on my kids, so the only way I can get it to work is to help my kids lie about their age… and at that point, I lose the ability to actually block things I care about.

These laws are just going to make it worse. I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself, and you can choose some presets for parents to use, but don’t force me to use your definition of age appropriate.

I was hoping we'd see some "-CA Compliant" ISOs of Linux distros released (crackes me up thinking about it), it feels a little insane to me that we would force so many open source projects to check for a person's age.

>> SteamOS could still be affected

Steam itself does age verification, which when you first boot a steamdesk, afaik it forces you to log into steam before you can do much of anything without some initial hackery. That said, once in there's nothing stopping them from launching into desktop mode, launching firefox, and watching pr0n that way.

Sadly the solution is still for parents to do real parenting, but that's like saying stupid people shouldn't breed.

It is good to see lawmakers course correct when technical realities are pointed out. Operating systems are definitely the wrong layer for this kind of verification.

This will only help if the law states that internet companies that check this have to default to assuming the user is an adult. Otherwise the end result will be that Linux clients will get caught in a dragnet of automatic denial.

This law should never have been proposed to begin with. The fact that the backlash was needed is indicative of a huge problem in our lawmaking.

What about the BSD kernels? Other libre/open source operating systems? These laws should be canceled altogether. They make no sense at all.

Wow, stupid idea is hard to legislate. Nobody could predict that.

It reminds me of clients wanting some stupid feature from app developers which does not fit into anything, and makes no business sense, and therefore creates only problems.

Wow this is smart politically because the largest group against this age verification bulls*t just so happens to overlap a lot with people who love open source software (technical people who value user freedom)

Of course this also means that the nerds who use linux or lineageos get to win cool points because they can access more adult stuff

Is an android technically Linux and open source?

This is a bad move. California has no age verification law, only an age asking law and all of the reasons it's good to ask if the user is over 18 are still good reasons if the OS is Linux. And the penalty for providing an OS that doesn't ask if you're over 18 is that it's considered a defective product and you can return it for a refund, but open source software is already provided for free with no warranty so who cares. Unless you bought it from Red Hat so this is basically just giving Red Hat impunity to violate this law, for no reason.

Who else has that Tux plushie tho? I've had one since I was like 11 years old.

we're preparing ourselves to deanonymise the internet. We do not know yet what this will have as a collateral, but certainly the governments will use it against us.

We did it despite the naysayers who faught us saying it "wasn't a big deal" and that this is the "best version of the law we could get". Never listen to the naysayers and compromise your principles to appease them, stay true to what you believe.

The law is so broad that theoretically, age verification can be on your watches, your Ti-84, anything.

Open software should not implement this feature because slippery slope is not a fallacy based on my experience. Force them to actually create a government approved operating systems to make it clear how absurd this is and so that we know who will bend the knee.

How does this age verification crap apply to server environments? If you can't use windows desktop without age verification can you just install windows server or IoT as a loophole?

This is ridiculous. Either this is a vital child safety requirement that needs to apply to operating systems regardless of origin or it isn't and shouldn't apply to any operating system.

No, not exemptions! Drop the stupid-ass law all together.

Not how I imagined year of Linux on the desktop to happen, but I'll take it!

For now while everone gets used to it.

having a linux only exception feels pretty weird, they should just drop this all together

Patching inherently bad legislation doesn’t solve the problems it’ll cause.

This will either fail or the entire law will go. Microsoft will spend a lot of money to make sure it's not at a disadvantage.

So are kids not going to have access to llms? Seems trivial to get around this from a technical standpoint for frontier llms no matter how this is implemented.

Ah, but what about my internet connected TI 84 calculator?

Parental controls should be a client side option set by the user.

Sure, make it easy for users to do so, but it's a users choice.

Kids don't buy phones or computers, their parents do, and during initial setup, parents could choose "this pc is used by a child" option, input some override password to disable this in the future, and the phone could block whatever needs to be blocked.

This is the whole 'opt-in vs opt-out' at a high level. A better law would be crafted like 'some services have been determined to be harmful to minors and require age verification. Those -specific- services shall have these specific mitigations.....' Facebook and others should have a clear legal distinction of 'harmful to children' and then the law kicks in.

The entire age verification and identity verification surveillance system shows state democrats aren’t on our side.

Sounds like any GPL and perhaps other licences. Not just Linux.

So android is exempt?

I don't trust this one bit.

The reason is simple: the pattern I see hints that there is:

a) money spent, to push through age-sniffing, and b) it is happening almost globally.

I am not necessarily saying that all this can be singularized down to one bribe-using company, be it Meta, Google or what not, or state actors becoming beyond Evil. But just as the butterfly effect is used as analogy how a strong wind can be created further downstream, I see the situation here VERY similar. To me it is not confined to age-sniffing. Remember the sudden declaration of war by the UK against VPN. This is in my opinion connected here. The goal is not "protect the children" but instead spy more on people than before. A gradual extension of this. And some companies and private interests will benefit. See also the recent Palantir claim made against London aka "the major is responsible for more robberies when he refused to obey to our rule". These companies are greedy - and insolent.

Hopefully the add the BSDs too.

And yet, still unlawful compelled speech

Most politicians are easily swayed when their political bacon is on the line. Perhaps there is yet some hope for California!

If you look up either "half measures" or "unintended consequences" they should both say "See also: California"

The state should handle personal records, authentication, and age verification. Compliance should be as simple as implementing dead simple state provided interfaces.

What's depressing to me is just how self-serving all this is. The original bill was AB 1043. Who supported that, breaking with other tech companies? Why Meta of course [1][2]! Meta likes this because it pushes liability onto the OS providers. Guess who doesn't have an OS? Google's support is a little stranger given Android. It seems like AB 1043 also shifted liability to third-party app developers instead of the app store so, conflicting goals?

Likewise, you'll have Microsoft and maybe Apple pushing for Linux to be included for, again, entirely self-serving reasons. Microsoft is never one to miss an opportunity to benefit Windows.

All that's going on here is competing corporate interests. Likely nobody in power actually cares the actual end users.

As much as libertarians chafe against it, I think we've demonstrated that something has to be done in relation to children online. Advertising to children, harmful impacts of social media, cyberbullying, addictive behavior and selling the data of minors needs to stop. How we get there is unclear. Meanwhile, everyone responsible is just trying to limit and shift their legal liability and that's it.

[1]: https://www.politico.com/news/2025/09/13/california-advances...

[2]: https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b...