Apparently this will include Linux…
You must log in or register to comment.
Cannot legally use BSD in Berkeley?
Wait. What?
I don’t get how this can work practically. Say if I install Arch, right. At which point during the process of entering a bunch of commands when following the installation guide would I be entering my age? And what software would be mandatory to install to enforce blocking content based on my age? pacstrap would need to like, read some file with my age, then install whatever needed based on that?
This makes no sense to me, but maybe I’m missing something.
Anything but holding parents responsible.
OpenBSD, (unlike Linux) not being copyrighted by a foundation under U.S. law, begs to differ. Fuck the upcoming California law, I say.
How does BSD work, does it run all the programs Linux can run? Can I run Steam on it?
They need to do what Midnight BSD did, exclude California residents from the license.
Apparently this will include Linux…
lol no it won’t. what are they gonna do, go around the world knocking on doors asking open source devs to include age verification in their Linux distros? the law is completely unenforceable.
It isn’t enforceable on the personal level, but every commercial distro will need an implementation (and let’s be honest, they will each create their own) to sell pre-installed or to offer service for public and private device fleets.
Let’s just add it to systemd
And non-commercial distros?
Depends if their non-profit is Californian or how deeply the mechanism is embedded into their base distro (if applicable).
If 0x0@infosec.pub is right and it’s done through a simple addition to adduser (and the GUIs) every distro that doesn’t actively patch against it, would get it upstream.
Meh, adding an age question to adduser wouldn’t be that bad, we could even replace the current room number question
Can’t wait to create all my accounts using the Unix epoch.
If you are a registered entity (even non-profit), you can be fined millions of dollars.
It is a very dumb law.
that’s great. hey, why don’t you ask the UK how fining foreign entities millions of dollars for not doing age verification is working out for them.
you see, laws only apply if the state has the ability to enforce them using violence. california does not have that ability outside of california. california can chew the bark off my big fat log for all I give a shit about the laws there.
No operating system needs to know the age of a user, it’s just not within the scope of how it operates normally. Software will always be bypassed no matter what the law is. Brb, “moving” my computers using a VPN.
So this is basically just misinformation. There is no age or identity verification as part of this bill, the age is self-reported by the user and you could select any age you want. The bill requires the operating system to have users select an age when creating an account. The intention is that parents will select their child’s age when setting up their child’s accounts on phones and computers, to age-gate them from accessing certain software or websites.
Regardless, I don’t support this feature being mandatory, because it limits parents’ choices. Parents should be able to choose to disable this feature entirely or allow their children to use an OS that does not include this feature, if that is what they feel is appropriate for their child.
I am asking once again, what is an OS account? I’ve never made an account for any OS I’ve ever used.
Still fucking stupid and just a slow creep towards some bullshit like “kernel level age verification” where most Linux distros can’t possibly comply because the chip manufacturers won’t work with developers to certify unless they pay a $10,000 fee.
It’s like Secure Boot but actually, 100% useless.
Thanks for the additional info!
This is fucking stupid
In essence, while the bill doesn’t seem to require the most egregious forms of age verification (face scans or similar), it does require OS providers to collect age verification of some form at the account/user creation stage—and to be able to pass a segmented version of that information to outside developers upon request.
As much as I hate this, just filling in a drop down on OS install is fine with me. This is the ideal solution. Tell your kid’s device it’s for a kid, then use the default age restrictions correctly. That’s perfectly fine to me.
Anything to avoid evil age verification services that force deanonymization through every app and service.
I do still hold a strong reservation against these age locks — how long until the US deems LGBTQ and teaching about slavery as “mature” topics?
I disagree. This is a first step towards something far worse.
It sets up the infrastructure for getting user ages and allowing services and websites to get an attestation from the operating system. Once that system is widely used and becomes ingrained, they can create a follow-up bill that demands the attestation be cryptographically verifiable by a trusted party.
In that scenario, the only way the operating system’s promise that you’re not a minor would be trusted is if it was signed by whoever holds the private keys—and that’s definitely not going to be you, the device owner.
It would either be the government, or more likely, the operating system vendor. In the former case, now services can cryptographically prove that you’re a resident of $state in $country, which is amazing for fingerprinting and terrible for anonymity. In the latter case, you can guarantee that only the corporations will be holding the key (like with Microsoft and secure boot), and you can kiss goodbye to your ability to access services on FOSS operating systems like Linux or custom Android ROMs.
This proposal is just a way to get their foot in the door with something palatable. If you’ve ever come across banking apps on Android using Google Play Services’ SafetyNet feature to restrict access to only “secure” devices, you’ll know exactly how this turns out: either you use the phone you own the “approved” way with a stock ROM where Google has more permissions than you do, or you’re not doing your banking on your phone.
Agree with everything you say, I don’t like that it has to happen but having the device report whether you’re a child or adult makes more sense than having every service do it poorly themselves.
The headline has “verification” in it presumably as to dog whistle to recent verification schemes gone awry to apparently drive clicks, but the quotes of the law in question don’t seem to actually warrant verification. Just to associate an age to a user account, which seems fine? So long as sudoers are assumed to be 18+ this could have near zero practical impact for day to day setup for many use cases. And let’s face it what’s the point if you are a sudoer, you could just change it?
