Discussion
Search code, repositories, users, issues, pull requests...
twiclo: Can anyone tell me exactly what these laws do? Is it just going to ask for a birthday when I run `adduser`? What's the point? Is it meant for one admin account to restrict other user accounts?
CamJN: Honestly the laws don’t consider open source operating systems at all. They’re meant for the overwhelming majority who are using commercial operating systems. They imagine something like android or iOS or windows where yeah they ask the question during user creation and then handle the age gating in their app stores, anything outside that model isn’t something they’re going to spend any time thinking about, because why would they?
iamnothere: [delayed]
drfloyd51: In the original article there are some blue underlined words. “California” is one of them. If you click it, you will get a nifty video answer to your question.
pgn674: According to an opinion piece at The Register, California's is vague and nobody knows, including the law's proponents: https://news.ycombinator.com/item?id=47398798
object-a: I believe the California law (which has passed) requires operating systems to collect the DoB or Age of the user when setting up a user account, and then expose an API that shares the users age range (not their actual age or birthdate) when requested by an application.It does not require the OS to actually verify the age, collect government IDs, or any other data.The intention, I think, is to put the responsibility for communicating the users age on the OS, instead of having each application or service do their own age verification (by scanning IDs, requesting user data, etc). Since it’s set on the machine, a parent can set it once for their kid when setting up the device.
thbb123: Or I guess the kid can set it if they're smart enough to reinstall the OS or spawn a VM. I'm sure there will be online resources to help them that kids know how to share
object-a: Yeah if you have admin access to your device and know what you’re doing it’s basically a non-issue. I’m guessing a savvy high schooler can change their age bracket easily.If you want to give a young child a laptop or computer though, it maybe helps keep them away from objectionable content.
somat: The California law says nothing about verification or immutability, what if someone made a mistake when putting in their age? Why do we need to hide it? Better to just let the user change this at will.
amarant: I... Kinda think this will work out ok? Hear me out: Linux is open source. Someone's gonna make an application/kernelmodule that lets you configure your reported age on a application/website basis.In some jurisdictions it's illegal to target kids with advertisement, and I believe also to track them? Reporting your age as 8-12 is gonna be the new, but actually functional "no tracking" header.
object-a: Setting your age 8-12 probably bans you from using Gmail and other online services
object-a: Yeah the most likely thing (for the California law, at least) is that compliant OS's expose a form at account creation where you input a birthdate or age, and have either a CLI/file/setting where you can change the birthdate or age with admin permissions. No verification is needed
bethekidyouwant: The browser needs to actually read this for it to be meaningful. Where is that list?
ThunderSizzle: Can minors really not have email accounts?
ericls: lol, why not just createa law and state that "people must be happy, environment must be good, everyone must get along with everyone, also no wars".Law doesn't work like this.This is not law, this is impersonating God, or a bad prompt to LLM I guess.
starkeeper: So once an OS has your age then what it is just handed out to sites so they can target children for better kidnapping?
eru: That's why you give different ages to different sites.
righthand: 8-12 will be used to argue that age verification isn't enough. They are pushing this stuff to track everyone, especially children.
Projectiboga: "configure your reported age on a application/website basis."
somat: Here is the exact text of the california law, make your own opinion.https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml...What I got out of it was that an os has to provide an interface to applications so that if they make an age request(note that the law says nothing about when or what applications will make a age request) the os can provide something. and it has to provide an interface for the user to enter the information.So when we map this requirement onto the mechanism of how the os provides information to applications. and how users set up the system. I have come to the conclusion that compliance on a unix-like platforms is as simple asecho ${AGE_CATEGORY} > ~/.config/ca_ab_1043Then the program can get the age category anytime it wants to. the user is able to put this information in at account setup just like the law asks using an accessible interface, the same interface everything else on a unix-like platform uses, the shell.
object-a: You’d need some script that updates the age category based on the user’s provided birthday (which is not shared with the applications) but otherwise yeah
Retr0id: I wish the legislators thought about the privacy implications of this, because anyone can learn your birthday by watching when the category changes.
object-a: The brackets are a few years wide, so it could take a bit of waiting. But yeah I’d consider setting a slightly different day/month for a child if I was paranoid.I guess you could also make the bracket selectable instead of requiring the age
akersten: > The brackets are a few years wide, so it could take a bit of waiting.There are millions of people moving between the proposed age brackets every day. This is a DoB-gifting firehose to ad tech.
wpollock: Age verification is simple! A Kevar strap must be attached to the user before the device will power up. A probe in the strap takes a drop of blood from the user and analyzes the protein markers to determine the user's age. (See the Stanford U. study for details.)Surprised G. Orwell or A. Huxley didn't think of it first.
iamnothere: Not enough, the user may get someone else to wear the strap for them. The only solution is Neuralink(tm) with a built in secure element and DRM to ensure that content is delivered directly from the source to the age verified user’s brain, without any so called “analog hole” through which minors or non-paying users could view the content.
iamnothere: Depends on the jurisdiction I guess, now that we’re Balkanizing the internet.
crooked-v: For what it's worth, the California law, though definitely a result of Meta-funded lobbying, is fairly explicitly anti-tracking: it requires that the OS accept whatever the user enters for their age, and that it tells apps the user's age bracket (under 13, 13-16, 16-18, 18+) and nothing else, and that apps use that and only that for any kind of age-related functionality.That last part activwly pre-empts apps from any of the ID collection/biometrics stuff like Discord's been trying to pull, though don't ask me how that's supposed to work when it conflicts with other state laws that want to mandate collecting ID info.
gorgoiler: [delayed]
gorgoiler: LD_PRELOAD can intercept getpwnam(). Why not getpwage() as well?
object-a: https://support.google.com/families/answer/7103338?hl=en Google's policy is that under 13 you can have a supervised Gmail account. I think that's fairly standard for major providers
kennywinker: The omarchy statement is just DHH dropping the r-word in a DM.I love omarchy, but manchild/edgelord behaviour from the lead doesn’t exactly instill confidence.
Retr0id: Wait, are there reasons to use omarchy beyond being a DHH fan?
kennywinker: Are there any other comparable options? Seems like every distro i’ve tried before this wanted to be windows or macos, and didn’t succeed at being either. I like it for not trying to be them.That said, every time I peek under the hood (or into the omarchy git repo) i get pretty worried the whole thing seems glued together with a bunch of vibe-coded scripts
Retr0id: I always assumed it was basically just arch with some guy's dotfiles.
object-a: Ad tech doesn't need this feature to know roughly how old you are.
1vuio0pswjnm7: If it's open source then the user can remove "age verification" before compilingOr the user can compile a version that predates "age verification"
crooked-v: Also, various sites were already legally required to gather this information anyway to know if someone is over or under 13.
Onavo: The short answer is that a lot of states now require KYC by service providers under the guise of adult content prohibition, "protecting the children", or mass surveillance. So the service providers like Facebook are trying to foist off the responsibility to the operating system. The pesky details of storing and managing PII becomes Somebody Else's Problem, and if the operating system implements an easily bypassed KYC e.g. a simple check box and then the kid get radicalized or get exposed to problematic content, the service provider can just shrug and point the finger at the OS. In other words it shifts the responsibility to the lowest level instead of the platform companies.
crooked-v: You can frame it nefariously, but honestly, it just makes way more sense to me. I want as little of my personal info as possible in the hands of random services, and that includes the stuff needed for KYC checks.
tuananh: what if a distro uses systemd and systemd implements age verification?
zie: Systemd seems to have only implemented a place to store a birthdate. I doubt they will do anything else.
tuananh: it's an enablement layer. as long as the information is there, its only matter of time before some other apps decide to use it.
