come to think of it, maybe there is something good about this law. :D

So we don’t have professional legislatures with long-term electability incentives or leadership goals, we have a resumé-building exercise that we call the legislature. They’re all interchangeable and within 12 years, 100% of it will be changed out.

You can remove the in California

While you are correct with this statement in this context, I would say it applies to most things in government in general.

The vast majority of lawmakers have zero experience solving any real world problems and are content spending everyone else's money to play pretend at doing so.

The reality is, most government "solutions" cause more problems than they solve, after which, they blame their predecessors for all the problems they caused and the cycle continues.

It seems all at once, everywhere that many groups that have a vested interest in forcing precedent and compliance of non-anonymous access across the computer world. It smacks of something less-than-organic.

no accounts to compromise. no passwords to remember. end point devices control their connectivity. no vpn needed to connect, no intermediary to see all traffic and peer traffic is specifically what is needed/allowed/requested, not a wide open network connection/accounts to be compromised

The saving grace is that obviously they have no idea what a Linux distribution is, and only the Attorney General can bring action, so there isn't much risk of the AG suing Debian.

That should not be a profession.

Decisions should be made by people who are the most informed about the subject matter. By definition you cannot have someone who is the most informed about everything.

The "reality" is that propaganda heavily encourages you to ignore the government successes and only focus on the failures. I'll leave it as an exercise for the reader to determine who benefits from that.

Zero basis in fact. We’re in the wealthiest nation on the planet. Most of us live better than any previous generation. To claim all that success is completely in spite of government is ridiculous.

Reading the first analysis PDF:

> This bill, sponsored by the International Centre for Missing and Exploited Children and Children Now, seeks to require device and operating systems manufacturers to develop an age assurance signal that will be sent to application developers informing them of the age-bracket of the user who is downloading their application or entering their website. Depending on the age range of the user, a parent or guardian will have to consent prior to the user being allowed access to the platform. The bill presents a potentially elegant solution to a vexing problem underpinning many efforts to protect children online. However, there are several details to be worked out on the bill to ensure technical feasibility and that it strikes the appropriate balance between parental control and the autonomy of children, particularly older teens. The bill is supported by several parents’ organizations, including Parents for School Options, Protect our Kids, and Parents Support for Online Learning. In addition, the TransLatin Coalition and The Source LGBT+ Center are in support. The bill is opposed by Oakland Privacy, TechNet, and Chamber of Progress.

They absolutely want to make it illegal.

The "why" is also clear: deflecting/shifting responsibility.

The sentence you quoted says that folks who are required to comply with the law are not also required to ensure that the person currently using the device or application is the same one who entered their age or birth date into the OS's "how old are you?" database. [0]

It is true that this law is as bad as the recent Oklahoma one for small, non-corporate Linux distros... but that sentence you quoted has nothing to do with that problem.

[0] If we were speaking in person, I'd love to have you walk me through that sentence and explain to me, piece by piece, how you came to the conclusion that you did. Doing it remotely like this would be too tedious.

The narratives are changing. All these locks and controls used to be about curbing copyright infringement. Now that AI has more or less rendered copyright irrelevant it's turned into a straight up attempt to control the population. They're barely even making excuses anymore.

Vendors will need support stuff like "account holder is 12msec old, and can access adult content". They can even create a special certification for it.

These companies have fewer ethics than a minimum-wage liquor store clerk when it comes to caring about the age of their users.

There, the professional legislators can't get anything right either.

Do you think there's a middle ground of increasing the term limits to, say, 18 or 20 years?

Raises an interesting question of who is less popular, the Californian government or the US Senate. The experiments with long-term professional legislatures have generally not been very promising - rather than statesmen it tends to be people with a certain limpet-like staying power and a limpet-like ability to learn from their mistakes. In almost all cases people's political solution is just "well we didn't try my idea hard enough" and increasing their tenure in office doesn't really help the overall situation.

Older people have already seen all the patterns, and realize you have to focus on specifics, and that helps clean up the general issue.

Things work here and nobody seems to be passing the "oops my unintended side effects and clueless regulations messed things up horribly." Or, if they do, it is at something like 1/10th the level.

We didn't start warning label spam everywhere. We don't have weird propositions that causing run-away housing prices. There aren't bar codes on our 3d printers, or cookie banner requirements on every website. Well, ok we do, but that nonsense all came in from other places.

We did pass laws to lower PFAS/PFOAS. That seems reasonable. Government can work.

1. When you set up your account and it asks for your birthdate, make up any date you want that is at least far enough in the past to indicate an age older that what any site you might use that checks age requires.

2. Access things the way you've always done. All that has changed is that things that care about age checks find out you claim to be old enough.

The only people it actually materially affects on your new computer are people who cannot set up their own accounts, such as children if you have set up permissions so they have to get you to make their accounts.

Then if you want you can enter a birthdate that gives an age that says non-adult, so sites that check age will block them.

From a privacy and anonymity perspective this is essentially equivalent to sites that ask "Are you 18+?" and let you in if you click "yes" and block you if you click "no". It is just doing the asking locally and caching the result.

TLDR: Evil people be doxxed internally not everyone.

Anyone buying or selling a microwave with an app store deserves this mess.

Age verification is the quickest road to ending general-purpose computing, because it plays on people's knee-jerk emotions. It won't do it by itself, but it'll goes a long way towards it.

The goal in my mind is to have an account a parent can setup for their child. This account is set up by an account with more permissions access. Then the app store depends on that OS level feature to tell what apps are can be offered to the account.

Let say the the age questions happen when you install the app store. That means if you can install the app store while logged in as the child account the child can answer whatever they want and get access to apps out side of their age range. The law could require the app to be installable and configurable from a different account then given access or installed on the child account, however at a glance that seem a larger hurdle than an os/account level parental control features.

The headline calls this age verification, but the quote in the article "(2) Provide a developer who...years of age." Make it sound way different and much more reasonable than what discord is doing.

I would much rather have OSs be mandated with parental control features than what discord is currently doing. I am going to read the bill later but here is how discord age verification could work under this law.

During account creation discord access a browser level api and verifies it server side. discord no knows if the OS account is label as for someone under 13 years, over 13 and under 16, over 16 and under 18, or over 18. Then sets their discord account with the appropriate access.

No face scan, no third party, and no government ID required.

Well, the politicians probably meant to say “Apple, Google, Microsoft, plus maybe Sony and Nintendo”

i.e. the companies that already have biometrics, nigh-mandatory user accounts, app stores linked to real identities, parental controls, locked down attested kernels, and so on.

If phones had workable parental controls that let parents opt their kid into censorship, that’s better than the give-your-passport-to-the-porn-site approach the UK have taken.

Of course if they have applied it to every OS, not just the big corporate-controlled options, that’s a dumb choice.

> 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems

Color scanners and printers have long had algorithms to recognize currency and prevent its reproduction, implemented with the technology of decades ago. It seems relatively simple to implement gun part recognition today, especially with the recent leap in image recognition capability.

(Rants and takedowns, IME, may entertain fellow believers, but signal a comment that's going to go well beyond any facts.)

What it takes to become a “successful” politician is typically not what it takes to define good policy.

So we're already pretty deep in the law deciding what shape of computing you're allowed to do. What makes you think it will stop here?

This is usually how they do it though. First make a dumb law with poor enforcement. People don't push back about it because it obviously won't be enforced. Wait a bit, then say "people are flagrantly violating this law, we need better enforcement". At that point it's a lot harder to say "it shouldn't be a law at all!" because nobody complained when it was brought into law.

This thing is so broadly-written, the only thing saving you from needing to give you age to your toaster is that it's not a "general-purpose" computing device. Never mind that it can run DOOM...

All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.

> There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place."

There's an obvious theme with HN posters about politics—they make cheap drive-by comments about regulations they have zero clue about, based on articles they haven't actually read, cheer for themselves, and declare, "There! I've shown why I'm smarter than all these politics people."

I guess let me show a slope I found over here, just past the boiling frogs, watch your footing though, it's recently been greased and is quite steep.

Wedge.

That's at an age where wizened legislators can move into advisory roles, instead of needing to find a next career.

Plenty of shitty ideas are popular based on a hope and a prayer. That’s why you don’t give in to populism. If we’re to impose any kind of limits on Congress, it has to be more intelligent than term limits.

A realistic dynamic is the old people are comfortable with the general problems and have positioned themselves to benefit from them. Indeed, they solved the general problems that troubled them in their youth with political activism in their middle age. The young people have different political needs that require general problems to be solved.

Also young people have a terrible track record of actually identifying problems, they are pretty clueless in the main.

The result is that you can stay as long as people keep voting you back in, but you lose the incumbency advantage and end up with a higher turnover rate without ending up with a 100% turnover rate. And you make them learn how other parts of the government work. It wouldn't hurt a bit to see long-term members of Congress do a two-year stint in an administrative agency once in a while.

Most of those are a reaction rather than the cause. People want to move to california, it creates a different set of problems for california vs Massachusetts

https://leg.colorado.gov/bills/SB26-051

It's just asking for some OS feature to report age. There's no verification during account setup. The app store or whatever will be doing verification by asking the OS. Still dumb to write this into law, but maybe not a bad way to handle the whole age verification panic we're going through.

> (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

This is basically any program.

> (e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

This would include any package manager like dnf/apt/pacman/etc. They facilitate download of applications from third parties.

> (g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.

This sounds to me like it would include distro maintainers. They develop and/or control the OS. Also, would this include the kernel devs? How would they be responsible for the myriad of package managers.

The overall law reeks of politicians not knowing what they're legislating.

"Self, are you 18 years old?" "Why, yes I am." "OK, self, please fill out a 27B stroke 6 form in your head." "I've completed it." "OK, self, I've validated it."

useradd...

(a) (1) “Account holder” means an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state.

(a) (2) “Account holder” does not include a parent of an emancipated minor or a parent or legal guardian who is not associated with a user’s device.

(i) “User” means a child that is the primary user of the device.

User is the most surprising here. It really should just be minors, or non-emancipated minors. Further, I think there are interesting ways the definition of account holder and user combined play out in interpreting the rest of the law.

If California starts knocking on the door of random distros and hobby OSes designed for power users or servers with 2000 average monthly downloads then I'll go to bat defending them.

Though to re-iterate, I'm pretty sure the requirements here are for asking a user to set an age, not to do age verification, so if you did want to comply it would mean adding a Date field to your setup flow and then wiring that up to applications that ask for it.

I guess we'll just have to trust that our legislators are technologically savvy...

I think it's one peg below intel agencies. It's the local gov agencies that want that power. The 3 letter peeps can already tell who writes what, both at scale and targeted.

A much more real issue is actually age limits. If someone starts in the Senate at 40 and serves for 24 years, term limits hardly seem to be the big issue. They are retiring at a normal time, and they should still be functioning at a high level.

Conversely, someone who gets elected at 70 and then gets term-limited at 82 is still over a normal, reasonable retirement age. The typical 82 is not in the physical or mental condition to be taking on such an important, high-stakes role.

Both of my parents are in their mid-70s and are in very good mental health for their age. They are very lucid, and my Dad still works part-time as a lawyer. They are also clearly not at the same intellectual powers they were a decade or two ago. Some of it can even just come down to energy levels. I have to imagine being a good legislator requires high energy levels.

Many public companies have age limits for board members, and they even have traditional retirement ages for CEOs. In the corporate world where results matter, there is a recognition that a high-stress, high-workload, high-cognitiative ability job is not something that someone should be doing well past their prime.

Al Gore had to leave the Apple board because he turned 75. In the U.S. Senate, there are 16 people 75 and older.

This puts the responsibility back on parents to do the bare minimum required in moderating their child’s activities.

Does that mean that the admin will have to manage dob of every student when creating accounts ?

> A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

>If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

So, I have a button "I'm older than 18" on my app but the signal is "under 13", I can decide that the user is older than 18 ?

The language is so broad it seems to cover all software that exists and is accessible via the internet, and every install of an operating system on any kind of machine

> (c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

> “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

> “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.

So any piece of software you can download from the internet will be required to check this "signal" made available by the os?

when you force someone to signal status as a minor, you are forcing them to wear a target, hostiles will not have so much work to find minors, now they only have to contact, groom, and offend.

this proposed law actually endangers minors.

That sounds like an OS feature that parents would like to have. Probably has some market value. Maybe just let the market figure that one out.

Or, we could have an overbroad law passed that torpedoes every open-source OS in existence. If I were MS, Google, or Apple, that'd be a great side benefit of this law. Heck, they probably already have this functionality in place.

The problem here is legally-mandated age verification, not where it is placed (although forcing it into all OSes is absolutely ...). The gains are minimal for children and the losses are gigantic for children and adults. I'm not keen to have children avoid blisters by cutting off their feet.

Put control back with the parents. Let them buy tech that restricts their children's access. This law doesn't protect children from the mountains of damaging content online.

And let all the adults run Linux if they want to without requiring Torvalds to put some kind of age question in the kernel and needing `ls` to check it every single run.

There is certainly a risk of what you’re describing with KYC tech that coming online, but I don’t know if that means it will happen.

To play devils advocate; It’s a reasonable demand from parents to control what their children are exposed to. This seems to support that.

This is the age verification requirement which you rudely and incorrectly said doesn't exist. Nothing is done with the data (for now) but age is in fact verified on the assumption that the user doesn't lie.

Instead of lengthy condescending missives about the behavior of other users, you should instead write "I'm sorry for being negative and bringing down the quality of discussion."

> when the application is downloaded and launched

So it looks like the law only requires it on first launch. Which makes sense if the application can only be run from that one account. Apps that can be launched from multiple accounts are not singled out in the law, but the spirt of the law would have you checking what account is launching the app and are they in the correct age range.

> The "beige box" era was largely the result of strict German workplace ergonomics standards (specifically the TUV and DIN standards) that became the de facto rules for the entire global industry. The law didn't explicitly say "thou shalt use beige," but the regulations were so specific about light reflectivity and eye strain that beige (or "computer gray") was essentially the only compliant option.

I think this is mostly for show to stay relevant wrt. What is happening in the courts. This is the Same play as it always been for registration “are you over the age of 13?”

That is one aspect, but not the important one. The most important element is anti-corruption. Legal bodies can always entrench themselves and their own interests. Term limits significantly weakens entrenchment...excepting when the same legal bodies inevitably gut it.

Like, I’m not American and in Germany we have ID cards that actually have your age encoded on an NFC chip in the card and an ID number that encodes the age. Like, age is part of the ID number and checksum.

You could totally do all of this age verification offline on device and just expose an API that offers the age of the user to applications. You’d never need to talk to the internet for this, the API just says if you are a minor or adult, the browser can pass that to websites who don’t need to collect personal data and everything is fine.

But that’s not going to happen. It’s gonna be some AI facial recognition kinda garbage that is gonna send your face in every angle to Apple or Microsoft or another third party.

As is common these days they are going to try really hard to absolve you as the user of any responsibility for the sake of protecting kids so they can’t let this be a simple offline thing where your personal information never ever have to leave the device because what if kids find a way around it? Well the obvious answer is don’t let your kids just use a computer without supervision but if people would do that we’d not be in need of this garbage anyway.

If there was a competitive market for OSs this probably would work, but we do not really have that. Getting the market to be competitive likely either takes considerable time, or other forms of government intervention. If there really was a competitive market then this would have been a solved problem ~15-20 years ago since parents have been complaining about this for ~25-30 years at this point.

> Or, we could have an overbroad law passed that torpedoes every open-source OS in existence. If I were MS, Google, or Apple, that'd be a great side benefit of this law. Heck, they probably already have this functionality in place.

I do not think the law does that. Either a additional feature making age/birth date entry and age bracket query available, or indicated the os is not intended for use in California, both seem to let developers continue along like normal. edit Or, I think, indicate that it is not for use by children.

> The problem here is legally-mandated age verification, not where it is placed (although forcing it into all OSes is absolutely ...). The gains are minimal for children and the losses are gigantic for children and adults. I'm not keen to have children avoid blisters by cutting off their feet.

In this case the mandate is entering an age/birth date at account creation where you can lie about said age/birth date. The benefit is the ability of an adult to set up parental controls for a child account.

> Put control back with the parents. Let them buy tech that restricts their children's access. This law doesn't protect children from the mountains of damaging content online.

This puts control in the parents hands. When they set up their child's account they can put in their child's age, or not, they can make it an adult account.

> And let all the adults run Linux if they want to without requiring Torvalds to put some kind of age question in the kernel and needing `ls` to check it every single run.

So from the literal reading of the law the age checks are only required when "a child that is the primary user of the device". It does not need to effect accounts where the primary user is not a child. Nor does it seem like any application needs to run the check every time the application is launched.

The law unfortunately does require:

> (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

So in the case where a child is the primary account/device user. The app needs to request the signal at least once when first launched, though it is not required to do anything with it. Delegating that to the package manager would make sense, but this part of the law should be modified, apps that can not use the signal for anything should not be required to request it, 'ls' for example.

Possibly it could be further mandated that the OS collect relevant rating information for each account and provide APIs with which browsers and other software could implement filtering.

And possibly it could be further mandated that web browser adopt support for this filtering standard.

And if you want a really crazy idea you could pass a law mandating that parents configure parental controls on devices of children under (say) 12 and attach civil penalties for repeated failure to do so.

There's never any need for information about the user to be sent off to third parties, nor should we adopt schemes that will inevitably provide ammo for those advocating attested digital platforms.

I want to know who is behind these laws like this one and the 3D printer gun verification, that seem to pop up across state legislatures all at the same time.

Client side JavaScript can be considered an application, and then ad business would need to first verify that I am over 18 in order to allow me to see their ads.

Ultimate ad blocker.

There is no reason to tell the application, and by extension their developers, how old the user is. The application should tell the user what bracket it is appropriate for and then the operating system could filter appropriately without any of the user’s identifying information leaving their system.

This is also technically superior because it moves the logic for filtering out of being custom implemented by each and every single application to a central common user-controlled location; you do not have to rely on every application developer doing it right simultaneously.

The original post was low effort flame baiting. There's an argument to be made that it should be ignored, but it's hard to say.

also: what's download? in embedded sphere, flashing a firmware is often reffered to as download. That's an industry standard term.

I'm not the one making laws about age verification, so I'm not sure how you get off blaming me for anything.

The literal reading of the law says this only required when a child is the primary user of the device.

> (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

but 'user' here is:

> (i) “User” means a child that is the primary user of the device.

So these rules should only apply to accounts/devices where a child is the primary user.

Grep on an adult's machine would not need to check how old you are, at least with a literal reading of the law.

Look at the thread on Block’s layoffs while they are profitable.

And your point about fail open versus closed also makes no sense since if there are zero repercussions to not writing filtering logic then nobody would even bother. If there is liability, then obviously everybody will fail closed and every application developer needs to evaluate and change their application to only allow acceptable usage. This is much harder if they have to write custom filtering logic instead of just publishing their data categorization.

What I did say was:

>if there has to be age verification

That is far, far different than saying I want that shit. I do not make the laws, and I wouldn't vote for it either, so please, get your head out of your ass.

So grep/ls/etc are all installed as part of that 'account holder' and do not need to do any age verification.

The signal only needs to be checked when the device/account user is a child and when downloading apps. I think an unfortunate consequence here is that the literal definition of the law says package managers probably can not run on children accounts without jumping through a bunch of hoops. Which is bad for children learning code/computers/etc.

The first thing I would change about this law would be:

> (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

Any application that does not need to know a users age should not be required request the 'signal'