If I’m not mistaken, Meta has been lobbying heavily for all of these age-verification bills lately.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
It should be externalized to a degree. Facebook shouldn't be the ones verifying age, but there should be a trusted 3rd party service that does that, which just tells facebook "yes this user is old enough to use your service" or "no they're not old enough".
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
I'm reminded of a video essay I watched about AI once, which took a side tangent into surveillance capitalism:
"Google's data harvesting operation became a load bearing piece of the Internet before the public understood digital privacy. And now we can't get rid of it."
The public has been conditioned to expect web services free at point of use. Legitimately it's hard to monetize things like YouTube without ads, and I get that. But turning our entire ecosystem of tech into a massive surveillance mini-state seems like an astonishingly shitty idea compared to just... finding a way to do advertising that DOESN'T involve 30 shadowy ad companies knowing your resting blood pressure. My otherwise creative and amazing industry seems utterly unwilling to confront this.
Edit: Like, I don't know, am I crazy for thinking that simply because we can target ads this granularity, that it simply must be that? I get that the ad-tech companies do not want to go back to blind-firing ads into the digital ether on the hope that they'll be seen, but that's also plus or minus the entirety of the history of advertising as an industry, with the last 20 or so years being a weird blip where you could show your add to INCREDIBLY specific demographics. And I wouldn't give a shit except the tech permitting those functions seems to be socially corrosive and is requiring even further erosion of already pretty porous user privacy to keep being legally tenable.
We don't externalize age verification when buying alcohol or visiting the strip club. It's on the responsibility of those establishments to verify age.
I think that main goal would be to keep the ability to have accounts be anonymous or pseudo anonymous.
If social mean company has to verify an accounts age themselves they then have to use some for of official government identification and with that any chance of anonymous or pseudo anonymous access.
Facebook has less than zero interest in allowing people to use their platform anonymously. They very much want to know everything about their users including their age and they would never back a law that would stop them from collecting that data. Now that you know that facebook isn't pushing this law to protect anyone's anonymity why do you think they're doing it?
In those in-person contexts, the identification document is still externalized - they're checking a government-issued photo ID in the vast majority of situations.
It works for the in-person context because it's a physical object, making it easier to control access to it. A high resolution picture of the same ID is a privacy problem as it can be copied, shared, transferred, etc without the knowledge of the ID holder.
Do we make contractors do age verification on their supplies when building a liquor store or strip club? The OS is a tool used by Meta, just like the utilities and the compute itself.
Meta Apps can have age verification but it should be at the point of service, not the supply chain.
And even if we were to agree to this, uploading your IDs to an untrusted third party is asking too much.
It's not enough for the government to know. Platforms, websites, and advertisers want to know. That's why the law facebook has been pushing for doesn't have a simple "is 18+" flag but instead has a long list of age buckets so that advertisers and platforms can target specific demographics even when they are minors.
I'm surprised that people think this is some new 'save-the-children' thing ? Didn't Zuck say like 10 years ago, you should not be allowed to be anonymous on the internet ? This just seems on-brand at this point.
So we have to pay some 3rd party service to hoard information about Children? Why we want to set that up? Why would we want to take that power from the parents and give it to some company?
Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
So you're advocating for stronger and more invasive controls?...
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.
There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.
From a parent's perspective, that's the great part about bubbling it up to the OS user account level.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.
I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.
I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.
I want to be able to hire a licensed Identity Service Provider that gets all of my verified identity data in an encrypted token and let me register it with the OS, and control what amount of the data I expose to apps, with age verification being one of the lower levels of access.
I pay the company to verify me, I am their customer. They take on the liability of the OS makers and app makers of age verification.
If you have a valid token signed by a licensed IDS that verified your age in your OS, that's all anyone needs to know.
So, they want to profit off children, but do nothing to protect them?
> but there should be a trusted 3rd party service that does that
Gee, if only Facebook would use their incredible might to create this, rather than trying to rob our representative government from underneath us.
> It abso-fucking-lutely should not be at the OS level though
It's not my problem. It shouldn't involve me at all. I don't use social media and I think if you let your kids on there unsupervised you have a screw loose.
A different implementation that would keep incentives properly aligned is for Facebook (et al) to publish labels in website headers asserting the age (and other) suitability of content on the site. It would then be up to client software (eg a browser) to refuse to display sites that are unsuitable for kids on devices that have been configured for kid use.
As there has been a market failure for decades at this point, it would be reasonable to give this a legislative nudge - spelling out the specific labels, requiring large websites to publish the appropriate labels, and requiring large device manufacturers to include parental controls functionality. The labels would be defined such that a website not declaring labels (small, foreign, configuration mistake, etc) would simply not be shown by software configured with parental controls, preserving the basic permissionless nature of the Internet we take for granted.
But as it stands, this mandate is horribly broken - both for subjecting all users to the age verification regime, and also for being highly inflexible for parents who have opinions about what their kids should be seeing that differ from corporate attorneys!
Sometimes even things that are good for Meta are good for the rest of us. This law, and the one in California, mean that liability is disclaimed as long as the parent selects an age above 18 for the child. It's like a section 230 for age protection. Meta supports this because they won't be liable for wrong age inputs, and we should also support this because it doesn't verify age in any other way.
If a company relies on self reported ages, they don't "know" it well enough to satisfy COPPA. Probably. I'm not a lawyer but I do keep up with the latest in privacy enforcement and I think this is the way things are headed.
For the record, I'm against age verification laws. But I think companies are pushing for them because of liabilities they face under other laws, not because they would actually like to have the data.
He doesn't want to have to stand up, turn around and apologize to parents on behalf of an asleep at the wheel Congress again.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
How should they do it? Surely they don't have a responsibility to do something that nobody knows how to do?
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
>They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
I see no such claim that comment said that the parent verifies the child. That that means that the parent must be verified. I don't see that approach having any chance of succeeding. It would be a much more invasive process to both verify the parent and the relationship with the child.
> They could require government ID to sign up and an adult sponsor to certify accounts for kids.
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it as an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
It's up to parents to parent. It's not up to the government, and Facebook pushing this shit is evil.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
bad take man. these companies don't care about kids; they just want to take the responsivity off of themselves. they don't actually put any money towards child safety.
But the parent comment didn't say anything about companies caring. So you're not disagreeing with them, unless you think any selfish corporate action should be automatically opposed. And that would be a bad take; it's way too generic and applies to both sides of most issues.
What does this bill have to do with age verification?
It legally mandates the existence of a required "age" field in user account records, a user interface to populate it during account setup, a mechanism for service providers to read this field, and that providers act as if it has been populated accurately.
As someone who has been the de facto "system administrator" for my family's computer systems since kindergarten, this has to be one of the stupidest policies I've ever seen gain traction.
Android doesn't ask your age, Google does for an account. You can use an android phone without a google account. Most people don't but the distinction is important because degoogled android phones will also have to comply.
That's the correct strategy, if anyone sues meta, meta can bring their age verifier into the lawsuit and blame them. It makes sense from a business perspective, insurance perspective. etc...
Really, I’m surprised that for all of the discussions on HN around these individual statewide acts that I see so little discussion of Meta as a primary force pushing them.
They don't but frankly no one who matters actually gives a s#it about HN anyhow.
HN is also much less representative of the demographics within the American tech industry now as well - almost all the references I see on here are stuff only men in their late 30s to 50s would recognize, and an increasing amount of users appear to be based in Western and Central Europe.
Heck, I'm on the younger end by HN standards (early/mid 30s) and when I introduced HN to my peers over a decade ago (this is my throwaway) even back then they complained that it was "toxic", "snooty", and "unhelpful". And it's reputation amongst the younger generation has only gotten worse.
HN has "SlashDot"ified, because most people are either in private groupchats on signal/imessage/discord or meeting each other with Luma invites.
Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
Don't get me wrong, it's good to know but it's not earth shattering information.
>Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
How does getting the OS to do age verification "get rid of anonymity online" or help "sell ads"? Assuming the verification is implemented in a competent way (ie. it's not just providing an id scan for any app to read), it's probably one of the more privacy friendly ways to implement age verification, that's also more secure than an "are you over 18" prompt on every website.
You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate our privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
> implemented in a competent way (ie. it's not just providing an id scan for any app to read)
What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
>You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate your privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case. The popular sentiment that smartphones and social networks are harming kids (thereby necessitating bans/verification) has been boiling over for a while now (eg. "The Anxious Generation, 2024", and the recent social media bans in Australia), and meta is just trying to get ahead of this with laws that favor them.
>What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
Probably less likely to cause vulnerabilities than web usb or web bluetooth , both of which gets some pushback here but nowhere as much an API that returns a number.
> If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case
No, I'm saying the exact opposite: Meta is just one player in a campaign from intelligence agencies and other tech companies who want to normalize mandated prompts in your OS that collect information. Right now it's "just a DOB field bro" turns into "well... people can lie with the DOB field, let's just add a ID check step in that dialog" and build on it from there. Of course the pot has been boiling for a while and it's not just Meta looking for regulatory capture.
> Probably less likely to cause vulnerabilities
I don't care about likelihoods, this "feature" inherently introduces more risk and for something I don't even want on my computer. Even a small chance that this can be abused is unacceptable.
I find it odd when people write off policies as using “save the children” or “protect women” as if this isn’t something people are really capable of thinking. You fail to understand why the Overton window has shifted because you fail to understand people really are worried about their children
> Why does it matter specifically that Meta is doing it?
Their entire top leadership has shown a multi-year tendency towards psychopathy and lying. Knowing Meta is pushing this bill makes me want to understand why my views and theirs randomly agree as well as carefully read the bill text for any signs Adam Mosseri was within 500 feet of it.
I've seen skepticism about the veracity of the claims, in part as various sources cited in the git repo pointed to todo files not actual data[1] (in that example was only just hours ago a source file was added, when the project still claims part of the conclusions are based on data said to be contained there).
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
Meta is definitely helping to push this, but they aren't having to push very hard because its already in the zeitgeist. It's a classic moral panic. Millennials are raising kids and turning into their boomer parents.
Millennials had their hippie era in their 20s (same stuff their parents did rebranded as "hipster" instead of "hippie," where instead of building a lifestyle of free love and bong hits in the Haight-Ashbury, they built a lifestyle of free love and bong hits in Williamsburg Brooklyn).
Now in their 30s-40s they've moved to the suburbs, they're voting Reagan, and are falling for hysterical media-driven moral panics about "what kids these days are up to" just like their Boomer parents did in the 80s-90s.
What's even more funny about all these "social media is evil" legislative proposals, they're motivated by the idea of what social media used to be when millennials were in college...which doesn't even exist anymore.
The classic narrative that teens are depressed because they're seeing what parties they didn't get invited to is wildly outdated now. Social media isn't social anymore (see Tiktok), it's just algorithmic short form TV. Nobody is seeing content from their peers anymore.
In reality, most modern research on social media finds little to no affect on teen mental health. But of course, if you have ulterior motives to undermine privacy or shirk corporate responsibility under the cover of "saving the kids," this moral panic is an already burning flame waiting to be stoked.
It's amazing how many things We The People want our government to do that go ignored year after year, but the moment corporations want something laws get pushed through at lightning speeds. Does anyone actually think that masses of regular people in Illinois were begging their government to force operating systems to tell every website and advertiser how old their children are? They weren't. A small number of corporations with lots of money wanted that though. Bribing matters a lot more than voting.
This coordinated state level attack on the legislative process is crazy. These people can't seem to be bothered to do the basics of governing, but they always find time to do this cross-state nightmare fuel.
It's kinda convenient because every service needs to ask you for the age now because they can't serve under 13s in a lot of cases. Having it be a simple API would be a decent convenience, no?
If you connect it with a permission system where you can choose whether to provide this information (e.g. >13 as a bool or age as an integer or the birthday as a date) that can't be too bad I guess?
It WOULD be nice if it only got used appropriately. But in 2026 its just one more metric to narrow down your profile for advertisers. Wouldn't it be convenient if you could just opt-out of tracking with a convenient API like the literal "do not track" header in browsers? It exists, but none of the people who SHOULD use it pay it any attention except as, ironically, another metric used to track people.
Not to mention that computing is a global thing, and in order for this to be useful it would definitely have to be providing more specific information than just a bool. Maybe chats require 13+, but pornography requires 18+. Maybe those ages are different based on location. All advertisers would need to do is ping the various different checks to get your actual or at least very approximate age.
This kind of thing is a slippery slope, and its ripe for abuse by doxxers, advertisers and big brother himself. Burn this with fire. I'm totally in agreement with the others that suggest stuff like this should b just get banned from getting introduced and reintroduced constantly trying to sneak it in as a rider or hidden provision. The people DON'T want it.
It's forcing all OSs to do something that only a few should be doing. The correct way to do this is for the interested parties to form an association that does four things.
1. Creates a protocol with desired signals (country and a variable list of whatever others i.e. age,state) that clients (including browsers) CAN choose to use and forward.
2. Create an api OSs CAN implement to inform clients of those signals and if they can be overidden in the client. (Possibly even create an OS or service to run on OSs that implements it, parents can choose to install specific OS or service)
3. A open source server for governments to specify common classes of content and what to do when a specific SIGNAL (from the protocol in 1) is recieved (Serve content to SIGNAL group/serve content to everyone/never serve content). And what to do if content isn't in a class it recognizes(Serve content/not serve content). Association could also be extend it's duties to coordinate a list of types of content.
4. Maintain an authoritative list of servers by country so that those hosting services can reach the servers hosted in 3. So that webservers can visit those servers to find what they can serve if they wish to apply the law for that jurisdiction.
Horrible because it does codify less freedom and censorship. The advantages are that for a jurisdiction liability can fall on the right actor.
If you run a website/app you worry only if your in a jurisdiction that mandates you use the protocol and can easily geoblock crazy countries by using that signal and choose if a jurisdiction you want to deal with is worth the effort of coding for or whether you want to ignore that countries laws.
If you are a user you can choose to install the API or use an OS that implements it or an OS that spoofs it with only the liability of your jurisdiction. If you are a parent you can use an OS(or install a service) to implement it on your kids accounts.
If your an OS developer you can add functionality if desired/appropriate.
If you are a country you can specify what signals you use/require and can specify required signals (i.e. US may request the State signal so it can decide if it needs other signals to evaluate whether to serve "Social Media" content (i.e. age in the case of state=california)).
Not perfect but actually keeps punishment/enforcement to appropriate jurisdiction and means you can actually gracefully avoid liability for sites in broken jurisdictions rather than either kowtowing or being in breach. Also means it can be implemented in client if you don't want it on your OS or want the convenience of not being asked age without the ridiculous other stuff.
The law as is written mainly targets social media platforms. For an OS to comply, all it needs to do is provide a field during account creation that records the user's date of birth as supplied by the user. There is no onus on the operator to confirm the veracity of this information, or even record it anywhere other than the local OS install itself. I think we're safe.
Slippery slopes are a logical fallacy. Every single decision moving you down the slope is intentional. No sliding occurs if nothing actively pushes things down the slide.
Accordingly, it is never too late to lobby against these things.
It's not an accident that this appeared within a month or two of the California one. I would bet good money that there's someone shopping this bill around.
If you do a frequency analysis of when these bills are being introduced, you'll notice an odd cluster internationally. Less charitably, they're coordinating / talking / being pushed by someone. More charitably, the "idea" is spreading.
It's a very odd idea to spread though. Age "verification" isn't something people are truly passionate about.
I suspect that, long-term, this is about surveillance. The powers that be would rather kill the golden genie that's general purpose compute than have teens and radical youth with compute.
What you have overlooked is that this type of bill is being introduced in states that have the strongest data protection and privacy laws, such as California and Colorado, and now Illinois.
This is happening after several other states have introduced age verification laws that actually require age verification which typically involves uploading your identity documents to each website that is required to verify your age.
Apply Occam's razor. Which do you think is more likely?
1. These states that have a record of concern for privacy are now introducing an age verification law that relies entirely on the age that the administrator enters when configuring a user account in order to give a push down a slippery slope toward their nefarious secret goal...even though it would be a complete waste of time since as the examples from numerous other states shows it is not hard to pass a law that starts with making people upload their ID documents to any social media they want to use.
2. These states that have a record of concern for privacy are doing age verification in the way that many privacy advocates said it should be done when they were objecting to those bills in those other states that required uploading ID documents, because those states do not want to go down the slippery slop that those other state approaches risk going down. Namely, through parental controls on the devices that children use that put the parents in control and leave the government out of it (other than requiring that such controls be included with the OS).
How is this a counter-argument? I often read this, as if there's some international trusted organization of logical thinkers that has approved inclusion of slippery slope to a list of logical fallacies that must never be invoked in a conversation.
Every single time five years later it turns out that the slope actually was slippery.
Everyone who rants about slippery slopes being a fallacy also loves the boiling frog analogy (which technically might be a bit closer to what they're going for).
The problem with slippery slope is that every step can be defended as reasonable, but the overall result can't. Pointing out that something is means saying, I can't refute that single step and you know that, but I still am against it, because it is crucial to an harmful outcome that I really don't want. It argues against a policy by putting it into context.
Like gravity, there is some inexorably force drawing the state towards mass surveillance tools as it makes the job easier. Removing friction that fights against that force is real
> it is never too late to lobby against these things.
Putting aside the real possibility that the ability to lobby against certain things is already actively under attack, it isn't speech alone that is being addressed, it's political and cultural momentum.
Would you call it a fallacy that making incremental rather than sudden movement in a specific direction makes it politically easier to accomplish?
Calling everything a logical fallacy, is also a logical fallacy.
We have already seen the federal government use facial recognition data to create an app that tells ICE goons who's legal. We should not tolerate the government forcing more data tracking and privacy violations just because you are not "sliding" today.
> Slippery slopes are a logical fallacy. Every single decision moving you down the slope is intentional.
First they came for the Communists
And I did not speak out
Because I was not a Communist
Then they came for the Socialists
And I did not speak out
Because I was not a Socialist
Then they came for the trade unionists
And I did not speak out
Because I was not a trade unionist
Then they came for the Jews
And I did not speak out
Because I was not a Jew
Then they came for me
And there was no one left
To speak out for me
But you're effectively asking a third party application, running in a browser no less (i already understand that a browser exposes WAY too much os level information), to query the OS for age information.
One way is that you log in under a guest account and the guest account requires you to indicate your age. After your session is over, guest account logs out.
Another way is that the library has two sets of computers, ones set for adults, ones set for minors. You need access card to use computer and the librarian will give you the age-appropriate access card.
Another way is computers are set for restrictive (child) account by default. If you need adult access you have to ask librarian to unlock it.
People here seem very against this, but I don't really see it. This only require to have a form asking about your age and provide an API to read it, right?
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
There are basically 2 possibilities with the outcome of this law: It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois (which wouldn't be effective either, but might be the kind of compliance theatre we'll see from maintainers worried about liability).
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
what is the solution then to age gating apps that the public feels should be age gated? (TikTok, Instagram, etc). it seems like every app implementing its own guessing system would have even more holes, right?
this is one where I am sympathetic. the moment when someone, with their parent, is setting up a device seems like the best point to check age. right?
the solution is to remove the bits of those apps that are harmful to children (and adults): the algorithmic data feed, the infinite scroll, the engagement tactics, the advertising
They're saying we should remove the features in general because they're anti-features harmful to everyone, and focusing on children distracts from that fact.
This conclusion is up for debate, but that's what they mean.
> It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
People lie, so there would need to be some kind of proof provided, right? How much data will one need to give up to use a computer? Where/how is that data stored? What else will it be used for? What happens when it’s hacked? How will test systems or servers work? If I want a computer that isn’t linked to the rest of my ecosystem, can I still do that or will age verification require I login with a cloud account?
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
I guess I'm more surprised by the intensity of the backlash this generates here. I agree with you that mandating (weak) OS APIs like this the right approach, but that alone wouldn't warrant the severe reaction this is getting right?
A big chunk of the problem with this kind of legislation for me is that it inherently indicates a failure to govern to me. I disagree with the premise of the solution, but even more so this is trying to legislate a specific engineering solution for our current systems rather than any form of financial, objective guidance, or have reasonably actionable and enforceable consequences.
While laws that target engineering decisions are sometimes reasonable, they are always accompanied with specific guidance from a credible academic based institution (e.g. mechanical and civil engineering use private licensing bodies and develop specific curriculum and best practices).
The only time this law will ever be enforced is punitively for other crimes against major actors who are extremely limited in number. It is unenforceable for Linux, trivial for Apple, Microsoft, and Google to add to their OS. Presumably easy to spoof, the law describes it as minimal but once again, there isn't a specification so who knows. Websites won't be liable, they're getting a sweetheart deal here.
In practice what this law does is absolve abusive platforms an from any responsibility. It adds extra meaningless work and overhead for legitimate adult platforms while opening themselves up to new potential legal challenges, and ultimately doesn't replace the responsibility its removing.
This doesn't make children safer. This doesn't make the internet safer. This kind of legislation makes it easier to abuse children online by removing responsibility from platforms that are known to be dangerous to them yet profit from their presence the most.
It's considered offensive to the strongly freedom-loving FOSS community, and it's basically legally-required tech debt, which is annoying to all maintainers
Code is speech. Open source projects are an exercise in speaking publicly. This law mandates particular speech in your otherwise Free as in freedom code.
How are you not outraged? People are missing the above forest for the "oh but it's a tiny little easy API and I don't see any downsides" trees.
Seems pretty reasonable to get annoyed at a law that at best will be useless and at worse dangerous, while it will directly dictate features into the tools we all use everyday. All for no gain for anyone but maybe Meta and some other big companies.
Laws exist that dictate what apps are allowed to do depending on the user's age. This means that in order to follow the law they must collect the user's age. If collecting the user's age is a common requirement of apps it makes sense for the operating system to expose an easy way to do that to make app development easier on that platform.
The issue is that software can be installed from outside of the app store on pretty much every OS. Also if you have multiple app stores it would be convenient if they could all get it from the same place.
I'm skeptical we should ban all operating systems which permit this without an interactive age check. Shouldn't the free market acolytes be arguing that parents can choose between competitors which offer ever-improving parental controls?
to me, it's both the slippery slope argument and the lack of real reason other than "protecting minors". operating systems were designed to run the program/programs. You can make applications use this API to determine the user age, or you can just...ask the user in the application itself. I also don't see why this is a requirement rather than an option the same way I don't see why having a Microsoft account is required to install windows or access to internet (without the current workarounds) or even those password reset questions and to some extent asking for first and last name. If I want to add those information, let me do that myself or when i use said software, don't make it a hard requirement.
The bill itself sort of goes against its "purpose". If the purpose is to make a convenient API for stores to know their user, and avoid showing them certain content then why did the bill state:
"If an operator has internal clear and convincing
information that a user's age is different than the age
indicated by a signal received in accordance with this
Section, the operator shall use that information as the
primary indicator of the user's age."
because many people lie in those forms. Many people on steam will select they were born in 1900, including myself. So how will this API help? the only way for it to be useful is if they later require full verification.
The way I see it (to strongman the bill's position) is that by mandating it at account creation, an adult/parent can ensure that the age is properly set for a minor/child.
That being said, I don't think this bill was that well thought out as the implication are far reaching (will I need to enter an age when provisioning a VM?).
I mostly see it as a clumsy attempt to provide a mechanism for age-category attestation in a way that is more privacy-friendly than Texas's "upload-your-id" law.
What if I don't want my computer asking for my age and providing an API to give up that information? Why is the government mandating software devs to add bloat and privacy violating features to operating systems?
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
I am very pro social media regulation (with regards to age gating) due to the evidenced harm it causes, and which court cases have shown these companies are well aware of internally; with that said, this is an attempt by social media companies to shift liability to keep business as usual/status quo. This is no different than what oil companies have done, cigarette companies, chemical companies who have polluted at scale while knowing the harm, etc.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
and the verification that the OS has to provide is minimal. the OS doesn't need to verify and ID or anything. Probably just a checkbox when you create the account that you're an adult, or child, etc. and then that's provided to the browser. So it effectively becomes meaningless if the goal is to get children off social media.
Purdue sold less than 4% of the prescription opioid pain pills in the U.S. from 2006 to 2012. They were a scapegoat for pill farm doctors and an incredible lack of personal responsibility from prescribers, pharmacists and patients.
Personal responsibility isn't a thing from a consumption perspective, it's primarily brain chemistry. See: GLP-1s [1] [2] (tldr they patch the brain's reward center against suboptimal reward chasing and demand)
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human. My pattern matching in the comment you replied to stands imho, and while it is admittedly imperfect (as you point out), I believe it remains directionally accurate.
This is the framework for requiring government ID to use online services, which increasingly power even local computing (thanks to DRM and cloud services).
They want to abolish anonymous use of internet services, because anonymous publishing at scale is powerful and dangerous to incumbents when they can’t retaliate with malicious prosecution, police harassment, or assassination.
People are making way too big a deal of this IMO. This is basically the OS equivalent of that checkbox you click to enter a porn website that gets exposed to Meta, so they can claim that they did what they all the they could to protect children if they get sued by parents. Any determined kid would figure out a way around this, but I can see it stopping younger and less determined kids, and it's a useful tool for parents.
Unlike the California law, I seemed to be in the minority in this opinion, this one does seem to require programs like grep to ask for a users age bracket.
> (b) An operator shall request a signal with respect to a
particular user from an operating system provider or a covered
application store when the application is downloaded and
launched.
Unlike the California law I do not see anything that restricts this to child accounts only.
So let say I have a program:
print("Hello, World!")
and I want to publish it to say npm or nixos, or some linux distribution. Not with out violating this law. This application needs to request the users age brackets at least at 'downloaded and launched' optimistically that means once on first launch, but potentially needs to be requested on each launch of the application. So lets fix the program
It does not stop at the check box. Someone is going to sue Google/Apple when a 13 year old gets on a porn site. Then Google/Apple will introduce "verification" that requires linking your identity to your device, and attesting this to the "operator" (porn site). Then every person using any OS is tracked, on every website and app, all the time, by law. And Linux becomes illegal without it.
This is not a theory. Laws requiring this are going through the state and federal level right now.
it's entirely possible such nonsense is all show, and wouldn't be passed, however.
i'm from illinois, worked in california, and no longer live in either. from afar, it seems that whatever california bureaucrats propose, after a short delay, gets proposed by their little sibling bureaucrats in illinois.
constitutional amendment to criminalise corporate lobbying with severe penalties - including capital punishment and confiscation of entire corporation.
>"Operating system provider" means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
I.e Linux will most likely to be immune, since its not tied to a particular computer.
Which just means Linux stay winning. It already made big headway in the video game space, so its prime to take over personal computing too.
Since GNU(or other)/Linux OSes allow the sysadmin to compose the OS out of parts and change them, the final OS is created by the sysadmin. That's what makes distributing binary software so annoying for maintainers, every installation can be it's own snowflake OS.
> the Children's Social Media Safety Act
>
> provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both
Thank goodness kids can't lie about their age!
> provide an operator who has requested a signal with respect to a particular user a signal that identifies the user's age by category
Wait - if this is just to pass a signal to an operator ("social media site"), why can't the "operator" just ask for the age themselves?
This is why Meta is forcing this legislation through nation-wide. They are forcing Google/Apple to take the liability, despite it not actually being Google or Apple that's providing the "harmful" social media. Meta are doing this state-by-state so nobody can track that it's them. Easier than pushing at a federal level, and raises fewer red flags from news media.
Since Google and Apple won't want to accept this liability either, the next step is requiring digital IDs and third-party verification to prove the user is of age. This will enable tracking of all users, whatever app or website they go to. Bills requiring this are already being passed at state and federal level.
I don't like this whole thing, but compared to what I was fearing would happen, this idea is nowhere near as bad.
What I expected was that we'd end up with the OS vendors actually being mandated to really do age verification, and then submitting that using Web Credentials and Secure Attestation so that the far end could trust the whole thing, locking open-source OS's out of the mix and creating more of a walled garden online than we already have. I was guessing it would become a simple checkbox on e.g. Cloudflare - "[ ] allow adult users only" or whatever - and that it would end up with vast swathes of the internet going off limits for anyone not on closed-source systems.
Now, it looks like this is just a way for parents to tell the OS "this is a kid account" and have it flow through to websites so they can easily proactively block kids from connecting without having to implement any of that crap. Yes, it's much potentially easier for a child to circumvent; but any kid who can get around that sort of thing from within an OS could probably just wipe/reinstall anyway, so who cares?
As a parent whose kids are continually trying to see what trouble they can get into, I appreciate that I will get one more potential weapon in the fight.
Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
> Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
You're being a fool by actually being a bit relieved it's going this way.
These bills are meant to nudge the overton window[0] of digital politics in the direction of mandating realtime identity verification for all forms of computing. Advertisers want it, governments want it, _bad people and bad governments want it_. By pushing a very small and "weak" legally-required form of user identification on everything under the guise of "saving the kids", all involved parties can point at those who disagree and say "Look, if you disagree you must want to hurt children!" And so the bills pass, and a weak form of identity verification passes and is enforced. Then it'll be shown it doesn't work, and the proposed solution will be to make these identity verification laws more intrusive and more restrictive. Repeat ad-nauseum.
LOL. Well said...Seems as if we're on some dystopian track that's eventually going to transform a RealID card into something like a Common Access Card (or worse).
What do you think comes after this? This is just a first step towards exactly requiring age verification at the OS/Store level... Then comes ever more restrictive and intrusive tracking and eliminating all anonymity as a final goal.
Time to start throwing up hobby BBS sites... and I think in this case text mode interfaces over web might be an advantage.
Websites can send down a single header indicating adult content. The device, the parent setup to indicate the users age, can respect that. Legitimate adult websites will not show the content. There is no need for any verification beyond that or it's just government mandated surveillance.
> There is no need for any verification beyond that or it's just government mandated surveillance.
There is no verification beyond that in these sorts of bills (CA, CO, IL). It's the parent's responsibility to watch their kids when they set up an account.
> Legitimate adult websites will not show the content.
This is a big problem (that won't necessarily be solved by this particular legislation, granted). There are already voluntary rating HTML tags websites can add to indicate parental control software should block them, but they're voluntary and non-standardized. Websites can choose not to comply with no real-world consequences. And I don't think platforms like Reddit or X, which are ostensibly all-ages social media but also have an abundance of adult content, are properly set up to serve tags like that on NSFW posts but not other ones.
It's a tricky problem to solve, and, imo, it's one the tech industry has demonstrated it doesn't have any desire to solve itself, hence legislation starting to get involved.
> Websites can send down a single header indicating adult content.
It sounds at first glance like a no-brainer that websites shouldn't have access to any information and the enforcement should be done at a local level (like the current voluntary HTML tags that locally installed parental control software can sometimes read). But some websites might want to display alternate content to minors-- e.g. a Wikipedia article with some images withheld, or Reddit sending a user back to an all-ages subreddit instead of just fully breaking or failing to load when the user stumbles upon something 18+. For anything like that, the website will need to know in some form that the user isn't able to see 18+ content.
Yeah, the laws in CA, CO, and now IL are essentially just mandating generally available OS's implement a standardized, local parental control system.
Detractors will say parents should just install existing parental control software, even though it's existed in its current form for decades and is obviously not effective. And they'll say it should be the parents' responsibility to enforce what their kids are doing with computers, while ignoring the fact that these laws provide tools allowing parents to do just that (the parents are the ones responsible for supervising their kids when they create accounts to ensure they're not lying about their age-- if the kids lie during setup, it's on the parents).
Anyone with kids will probably acknowledge that it's much easier supervising your kid once when they first set up an account on a new device than it would be to supervise them 24/7 when they're using the internet. But for some reason, lots of people without kids are in a panic about having to type in any date older than 18 years ago. The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
Because that's exactly what will happen. This is battlespace preparation for the destruction of anonymity on the internet, because politicians find this inconvenient.
The parents can already do that. Its called "parenting". The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
> if the kids lie during setup, it's on the parents
Pretty much a "Yes, and?" scenario. See above.
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
I get where you're going, but precisely this. These things always start slow... then fast. The old adage "first they came for x, then y" is not a joke or an exaggeration. It is pretty much historic observation. I've lived long enough to know that whenever someone invokes the "think of the children" defense, there's always a catch.
I already responded to what you're saying in my initial comment. I'll expand for you.
> The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
My parents set me up with an AOL account when we first got a computer and dial-up internet. At first, I was kind of required to go through the AOL desktop application to browse the web since that's how we connected to the dial-up. Sometimes a website would be blocked through AOL, and I'd have to have one of my parents come and sign in to allow me into it.
But once we moved onto broadband DSL, I eventually figured out I could just open Internet Explorer instead of AOL to bypass the parental controls without having to get my parents to come allow a website. Of course, a few years after that, I was secretly browsing porn... at 10 years old.
As a parent today, what non-required tools would you suggest I use to effectively filter NSFW content from the internet for my kids? Network-level methods don't work in the age of laptops and smartphones. Any on-device software you might suggest would probably be for iOS/Android or Windows, not both. And which software supports Ubuntu, or do you think I shouldn't let my kids use it? Yes, it's probably possible to lock things down eventually (for me, as an IT professional). The parents next door probably have no clue about half the stuff I'd use, and my kid's gonna end up having access to whatever their kid does. Even if everyone does everything perfectly, all it takes is a slight paradigm shift or new piece of technology to sidestep all of it-- like when my parents did their jobs setting up AOL parental controls but then switched our connection type and inadvertently broke them.
The value of this legislation isn't necessarily making parental controls technically possible. The value is standardizing and normalizing it. As someone in another comment chain brought up, you're not expected to individually coordinate with every movie theater or every liquor store, or to helicopter your kids IRL with it being your fault if someone sells them beer when you let them go out with their friends. There's a basic societal understanding that certain things aren't available to kids. The internet being "wild west" for a few decades doesn't invalidate that, imo. This isn't parents not parenting, it's adjusting the level of burden we're expecting to come with parenting to a more reasonable level.
> while ignoring the fact that these laws provide tools allowing parents to do just that
These tools are called "parental controls" and already exist - we don't need laws to compel their production.
...unless, of course, the true aim is to use this as a beachhead for further expansion of privacy-violating requirements.
You write this off as a "slippery-slope" argument, but given that there are already quite a few tools that do what this law aims for, what's the point?
Because the tools don't work, and are too fragmentary and burdensome.
Would you prefer to inform each movie theater in town which movies your child is permitted to watch? Or just rely on the rating system that applies to most movies and is honored by most theatres?
Parents want one setting that says "this is a child" and then expect online platforms to respond appropriately. As we expect and mostly have in the real world.
The argument about the California bill is not that it is a slippery slope, but that it was drafted by people with zero domain knowledge. It applies equally to toaster ovens as well as iPhones.
The "one weird trick" that all government hates? Stop forcing OSes to function with accounts. "User account" is an artifact of UNIX. You don't need an account to start a car, send and email, nor boot an operating system. I know it's hard to grasp, but it's true.
The "User account" of the OS are the security contexts. You can say everything should be a single security context, and this is how a lot of people have been operating their MS Windows machines, logging in as admin constantly, but this is a stupid idea and comes with risks. Even when you say the OS can have a second root account, that the user never gets to use, you have two user accounts.
Growing up, I vividly remember user accounts being important for our families personas on Windows XP. There's definitely a place for them, but there should be an option to not use one.
Unless your specifically calling out accounts that require online registration for the OS. I'm vehemently against that requirement.
I wonder how this will mix wit federal laws saying you aren't allowed to track users under the age of 13yo? Will this then be forced as a browser API/header passed to every server/request?
From articles I've seen, it's mostly Facebook lobbying to "pass the buck" upstream to the OS level to actually inquire... this of course will blead into the OS provided "store" interfaces most likely. And while, likely mostly targeting Apple and Google, MS/Windows and Linux are definitely going to be catching stray bullets. In particular vendors with Linux pre-installed... hence System 76 adding the feature to PopOS. Who knows if/how this will come about in practice or how consistently.
If allowing children access to social media is dangerous, then why aren't they enforcing existing child abuse and child endangerment laws? Throw the parents in prison for failing to control their children.
> What recourse would Illinois (!) have against open-source operating systems?
None but them corporations sure do. And with a little cash in the right place I'm sure they can push recourse onto people of power. We really need to end political lobbying one of these days
For what I understand, OpenBSD could just patch useradd so that the age category is mentionned in the comment field of /etc/passwd or a random text file in /etc.
Haiku could just run an automatic dialog asking you if you are minor, in Illinois or California and write a text file with the corresponding age category of said person.
These bills do not mandate that the user cannot modify that information AFAIK.
By adding a simple birthdate field to your account info and a system API of some sort for retrieving the account owner's age range, same as everyone else.
Even if open source operating systems comply and add such a feature, what's to stop individual people from removing this and blocking the API requests before they install the OS? Or providing dummy responses? They're open source, after all.
Is the government going to require some sort of automated checks that verify every person who connects to the internet has this API on their OS and go after individuals that aren't in compliance?
Every single sponsor of this bill is a Democrat. Why is that? I would think they’re against the type of puritanical moralizing that is behind most age verification bills.
Oh I remember. I just assumed things have changed enough, and that the threat of theocratic ideology - what’s behind project 2025 - would have made such stances unacceptable. My guess is this has more to do with lobbying and donor interest.
What are they going to do to enforce this? Take down open source projects that "operate" in Illinois because a user downloaded the software there? Absolute joke and everyone should treat it that way; advanced compliance here means implicit support for the surveillance state.
I don't even know if that was much of a "reversal".
Blue states were paternalistic over both your property (business and social gathering shutdowns) and your body (masking, social distancing enforcement), while red states (particularly Texas, Florida) were very laissez-faire for both.
What's perplexing about this is that research has generally correlated higher amygdala activity (fear/worry) with political conservatism, and lower amygdala activity with political progressivism, but in this case, the effect seemed almost inverted.
In that case, I imagine that the response of mask mandates wasn't out of fear but was done do to the obvious benefit in controlling a disaster. The anti-masking movement is also I suspect a fear response. People are afraid of change, especially extremely visible change
When I need to use my computer, I'm not thinking about someone else's crusade. I have crusades of my own to fail miserably at and I need all the help I can get from whatever products function best.
If I’m not mistaken, Meta has been lobbying heavily for all of these age-verification bills lately.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
It should be externalized to a degree. Facebook shouldn't be the ones verifying age, but there should be a trusted 3rd party service that does that, which just tells facebook "yes this user is old enough to use your service" or "no they're not old enough".
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
Or, and hear me out, _maybe our computers shouldn't spy on us in the first place_?
So which situation do you want instead of anonymous age verification:
A) 18+ content is behind a pinky swear
B) 18+ content is behind a parental control (what this bill would do)
C) The internet can't have 18+ content anymore
D) Some other system? Please describe it.
I'm reminded of a video essay I watched about AI once, which took a side tangent into surveillance capitalism:
"Google's data harvesting operation became a load bearing piece of the Internet before the public understood digital privacy. And now we can't get rid of it."
The public has been conditioned to expect web services free at point of use. Legitimately it's hard to monetize things like YouTube without ads, and I get that. But turning our entire ecosystem of tech into a massive surveillance mini-state seems like an astonishingly shitty idea compared to just... finding a way to do advertising that DOESN'T involve 30 shadowy ad companies knowing your resting blood pressure. My otherwise creative and amazing industry seems utterly unwilling to confront this.
Edit: Like, I don't know, am I crazy for thinking that simply because we can target ads this granularity, that it simply must be that? I get that the ad-tech companies do not want to go back to blind-firing ads into the digital ether on the hope that they'll be seen, but that's also plus or minus the entirety of the history of advertising as an industry, with the last 20 or so years being a weird blip where you could show your add to INCREDIBLY specific demographics. And I wouldn't give a shit except the tech permitting those functions seems to be socially corrosive and is requiring even further erosion of already pretty porous user privacy to keep being legally tenable.
You are not crazy for thinking that.
However it appears that it takes pretty disasterous consequences for us to be able to walk anything back.
“Impossible to get a man to understand a thing, when his paycheck depends on his not understanding it.”
> It should be externalized to a degree.
Why?
We don't externalize age verification when buying alcohol or visiting the strip club. It's on the responsibility of those establishments to verify age.
> Why?
I think that main goal would be to keep the ability to have accounts be anonymous or pseudo anonymous.
If social mean company has to verify an accounts age themselves they then have to use some for of official government identification and with that any chance of anonymous or pseudo anonymous access.
Facebook has less than zero interest in allowing people to use their platform anonymously. They very much want to know everything about their users including their age and they would never back a law that would stop them from collecting that data. Now that you know that facebook isn't pushing this law to protect anyone's anonymity why do you think they're doing it?
In those in-person contexts, the identification document is still externalized - they're checking a government-issued photo ID in the vast majority of situations.
It works for the in-person context because it's a physical object, making it easier to control access to it. A high resolution picture of the same ID is a privacy problem as it can be copied, shared, transferred, etc without the knowledge of the ID holder.
Do we make contractors do age verification on their supplies when building a liquor store or strip club? The OS is a tool used by Meta, just like the utilities and the compute itself.
Meta Apps can have age verification but it should be at the point of service, not the supply chain.
And even if we were to agree to this, uploading your IDs to an untrusted third party is asking too much.
uploading your IDs to an untrusted third party is asking too much.
So have the government do it? They already know who we are and when we were born.
It's not enough for the government to know. Platforms, websites, and advertisers want to know. That's why the law facebook has been pushing for doesn't have a simple "is 18+" flag but instead has a long list of age buckets so that advertisers and platforms can target specific demographics even when they are minors.
isn't that necessary because they have different protection levels?
That requires trusting a government with a power that is likely to be abused.
But they already know my age (and my address, and my SS#, and my income, and a whole bunch of other stuff).
The power to tell people how old someone is?
I'm surprised that people think this is some new 'save-the-children' thing ? Didn't Zuck say like 10 years ago, you should not be allowed to be anonymous on the internet ? This just seems on-brand at this point.
> trusted 3rd party service
So we have to pay some 3rd party service to hoard information about Children? Why we want to set that up? Why would we want to take that power from the parents and give it to some company?
Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple.
It gives the parents the tools to age restrict things, but does not require parents to use them or use them well.
I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
So you're advocating for stronger and more invasive controls?...
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.
There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.
Barriers like that for accessing 18+ sites would be so much better than nothing.
And cheat devices can be taken away as soon as the parent notices them.
From a parent's perspective, that's the great part about bubbling it up to the OS user account level.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.
I don’t care if it’s part of the user setup, but make it an App Store dotfile. Don’t issue fines to Debian for offering a Docker image without a user setup script.
Yeah, let's just boil the frog here. Makes sense.
I agree. There is a real drive to catastrophize here but so far, none of the bills actually take any steps to prevent users from lying about their age.
> it's seems to solve the user journey
There is software that does this already. Concerned parents do not actually lack for options in any sense.
> It's effectively just standardizing parental controls.
You could _literally_ just standardize parental controls instead.
I guess the point is: delegate to kernel, then “oh, people with root can bypass with modules? Secure Boot!”
And just which third party do you trust with your identity?
> but there should be a trusted 3rd party service that does that
No, there shouldn't be any such thing; everyone pushing for any shape of this should just bugger off.
I want to be able to hire a licensed Identity Service Provider that gets all of my verified identity data in an encrypted token and let me register it with the OS, and control what amount of the data I expose to apps, with age verification being one of the lower levels of access.
I pay the company to verify me, I am their customer. They take on the liability of the OS makers and app makers of age verification.
If you have a valid token signed by a licensed IDS that verified your age in your OS, that's all anyone needs to know.
> Facebook shouldn't be the ones verifying age
So, they want to profit off children, but do nothing to protect them?
> but there should be a trusted 3rd party service that does that
Gee, if only Facebook would use their incredible might to create this, rather than trying to rob our representative government from underneath us.
> It abso-fucking-lutely should not be at the OS level though
It's not my problem. It shouldn't involve me at all. I don't use social media and I think if you let your kids on there unsupervised you have a screw loose.
A different implementation that would keep incentives properly aligned is for Facebook (et al) to publish labels in website headers asserting the age (and other) suitability of content on the site. It would then be up to client software (eg a browser) to refuse to display sites that are unsuitable for kids on devices that have been configured for kid use.
As there has been a market failure for decades at this point, it would be reasonable to give this a legislative nudge - spelling out the specific labels, requiring large websites to publish the appropriate labels, and requiring large device manufacturers to include parental controls functionality. The labels would be defined such that a website not declaring labels (small, foreign, configuration mistake, etc) would simply not be shown by software configured with parental controls, preserving the basic permissionless nature of the Internet we take for granted.
But as it stands, this mandate is horribly broken - both for subjecting all users to the age verification regime, and also for being highly inflexible for parents who have opinions about what their kids should be seeing that differ from corporate attorneys!
Sometimes even things that are good for Meta are good for the rest of us. This law, and the one in California, mean that liability is disclaimed as long as the parent selects an age above 18 for the child. It's like a section 230 for age protection. Meta supports this because they won't be liable for wrong age inputs, and we should also support this because it doesn't verify age in any other way.
Don't kid yourself, Meta already knows the age of all its users, at least within the broad categories that this bill defines.
If a company relies on self reported ages, they don't "know" it well enough to satisfy COPPA. Probably. I'm not a lawyer but I do keep up with the latest in privacy enforcement and I think this is the way things are headed.
For the record, I'm against age verification laws. But I think companies are pushing for them because of liabilities they face under other laws, not because they would actually like to have the data.
Legally, there's a difference between "knowing" and "accurate enough for loose cannon advertisers".
Yes, but they want to show children content that is not appropriate, then claim ignorance.
He doesn't want to have to stand up, turn around and apologize to parents on behalf of an asleep at the wheel Congress again.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
https://youtu.be/yUAfRod2xgI
How should they do it? Surely they don't have a responsibility to do something that nobody knows how to do?
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
>They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
OS-based age verification would also have to use a government ID. There is no alternatives to a government ID for such verification.
>OS-based age verification would also have to use a government ID.
Source? Another commenter claims the opposite: https://news.ycombinator.com/item?id=47416653
I see no such claim that comment said that the parent verifies the child. That that means that the parent must be verified. I don't see that approach having any chance of succeeding. It would be a much more invasive process to both verify the parent and the relationship with the child.
> They could require government ID to sign up and an adult sponsor to certify accounts for kids.
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it as an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
I think the public in general woul be happier with the office on the moon idea than compulsory Government ID requirements to use services.
It's only required for services that require it. The states are also regulating which services those are.
All you have to to to become a member of tautology club is to join tautology club.
It's up to parents to parent. It's not up to the government, and Facebook pushing this shit is evil.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
bad take man. these companies don't care about kids; they just want to take the responsivity off of themselves. they don't actually put any money towards child safety.
But the parent comment didn't say anything about companies caring. So you're not disagreeing with them, unless you think any selfish corporate action should be automatically opposed. And that would be a bad take; it's way too generic and applies to both sides of most issues.
What does this bill have to do with age verification?
It legally mandates the existence of a required "age" field in user account records, a user interface to populate it during account setup, a mechanism for service providers to read this field, and that providers act as if it has been populated accurately.
As someone who has been the de facto "system administrator" for my family's computer systems since kindergarten, this has to be one of the stupidest policies I've ever seen gain traction.
Is there a problem with this? Most users are using an iPhone and most iPhones already know the accurate age of their user
I’ve heard Android is a more common OS. In any case, if your OS fails to ask a user their age, it’s banned.
Okay, sorry yes that was an oversimplification. Android does ask your age as well, so that's all of them for mobile phones.
Android doesn't ask your age, Google does for an account. You can use an android phone without a google account. Most people don't but the distinction is important because degoogled android phones will also have to comply.
What about OSes that power shared devices you use in public, like airline ticket kiosks and bank ATMs?
That's the correct strategy, if anyone sues meta, meta can bring their age verifier into the lawsuit and blame them. It makes sense from a business perspective, insurance perspective. etc...
Yes
https://www.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a...
Really, I’m surprised that for all of the discussions on HN around these individual statewide acts that I see so little discussion of Meta as a primary force pushing them.
There are probably many more people that would profit off of it on HN.
I wonder if Meta monitors their employees comments on HN?
They don't but frankly no one who matters actually gives a s#it about HN anyhow.
HN is also much less representative of the demographics within the American tech industry now as well - almost all the references I see on here are stuff only men in their late 30s to 50s would recognize, and an increasing amount of users appear to be based in Western and Central Europe.
Heck, I'm on the younger end by HN standards (early/mid 30s) and when I introduced HN to my peers over a decade ago (this is my throwaway) even back then they complained that it was "toxic", "snooty", and "unhelpful". And it's reputation amongst the younger generation has only gotten worse.
HN has "SlashDot"ified, because most people are either in private groupchats on signal/imessage/discord or meeting each other with Luma invites.
Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
Don't get me wrong, it's good to know but it's not earth shattering information.
>Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
How does getting the OS to do age verification "get rid of anonymity online" or help "sell ads"? Assuming the verification is implemented in a competent way (ie. it's not just providing an id scan for any app to read), it's probably one of the more privacy friendly ways to implement age verification, that's also more secure than an "are you over 18" prompt on every website.
You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate our privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
> implemented in a competent way (ie. it's not just providing an id scan for any app to read)
What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
>You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate your privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case. The popular sentiment that smartphones and social networks are harming kids (thereby necessitating bans/verification) has been boiling over for a while now (eg. "The Anxious Generation, 2024", and the recent social media bans in Australia), and meta is just trying to get ahead of this with laws that favor them.
>What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
Probably less likely to cause vulnerabilities than web usb or web bluetooth , both of which gets some pushback here but nowhere as much an API that returns a number.
> If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case
No, I'm saying the exact opposite: Meta is just one player in a campaign from intelligence agencies and other tech companies who want to normalize mandated prompts in your OS that collect information. Right now it's "just a DOB field bro" turns into "well... people can lie with the DOB field, let's just add a ID check step in that dialog" and build on it from there. Of course the pot has been boiling for a while and it's not just Meta looking for regulatory capture.
> Probably less likely to cause vulnerabilities
I don't care about likelihoods, this "feature" inherently introduces more risk and for something I don't even want on my computer. Even a small chance that this can be abused is unacceptable.
I find it odd when people write off policies as using “save the children” or “protect women” as if this isn’t something people are really capable of thinking. You fail to understand why the Overton window has shifted because you fail to understand people really are worried about their children
> Why does it matter specifically that Meta is doing it?
Their entire top leadership has shown a multi-year tendency towards psychopathy and lying. Knowing Meta is pushing this bill makes me want to understand why my views and theirs randomly agree as well as carefully read the bill text for any signs Adam Mosseri was within 500 feet of it.
> my views and theirs randomly agree
That's probably a sign that you should reevaluate your views.
I think? the most recent version of that post is https://web.archive.org/web/20260314074025/https://www.reddi..., which is "awaiting moderator approval"
I've seen skepticism about the veracity of the claims, in part as various sources cited in the git repo pointed to todo files not actual data[1] (in that example was only just hours ago a source file was added, when the project still claims part of the conclusions are based on data said to be contained there).
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
[1] https://web.archive.org/web/20260317184359/https://lobste.rs...
Meta is definitely helping to push this, but they aren't having to push very hard because its already in the zeitgeist. It's a classic moral panic. Millennials are raising kids and turning into their boomer parents.
Millennials had their hippie era in their 20s (same stuff their parents did rebranded as "hipster" instead of "hippie," where instead of building a lifestyle of free love and bong hits in the Haight-Ashbury, they built a lifestyle of free love and bong hits in Williamsburg Brooklyn).
Now in their 30s-40s they've moved to the suburbs, they're voting Reagan, and are falling for hysterical media-driven moral panics about "what kids these days are up to" just like their Boomer parents did in the 80s-90s.
What's even more funny about all these "social media is evil" legislative proposals, they're motivated by the idea of what social media used to be when millennials were in college...which doesn't even exist anymore.
The classic narrative that teens are depressed because they're seeing what parties they didn't get invited to is wildly outdated now. Social media isn't social anymore (see Tiktok), it's just algorithmic short form TV. Nobody is seeing content from their peers anymore.
In reality, most modern research on social media finds little to no affect on teen mental health. But of course, if you have ulterior motives to undermine privacy or shirk corporate responsibility under the cover of "saving the kids," this moral panic is an already burning flame waiting to be stoked.
It's amazing how many things We The People want our government to do that go ignored year after year, but the moment corporations want something laws get pushed through at lightning speeds. Does anyone actually think that masses of regular people in Illinois were begging their government to force operating systems to tell every website and advertiser how old their children are? They weren't. A small number of corporations with lots of money wanted that though. Bribing matters a lot more than voting.
This coordinated state level attack on the legislative process is crazy. These people can't seem to be bothered to do the basics of governing, but they always find time to do this cross-state nightmare fuel.
It's kinda convenient because every service needs to ask you for the age now because they can't serve under 13s in a lot of cases. Having it be a simple API would be a decent convenience, no?
If you connect it with a permission system where you can choose whether to provide this information (e.g. >13 as a bool or age as an integer or the birthday as a date) that can't be too bad I guess?
I haven't read the whole thing of course.
It WOULD be nice if it only got used appropriately. But in 2026 its just one more metric to narrow down your profile for advertisers. Wouldn't it be convenient if you could just opt-out of tracking with a convenient API like the literal "do not track" header in browsers? It exists, but none of the people who SHOULD use it pay it any attention except as, ironically, another metric used to track people.
Not to mention that computing is a global thing, and in order for this to be useful it would definitely have to be providing more specific information than just a bool. Maybe chats require 13+, but pornography requires 18+. Maybe those ages are different based on location. All advertisers would need to do is ping the various different checks to get your actual or at least very approximate age.
This kind of thing is a slippery slope, and its ripe for abuse by doxxers, advertisers and big brother himself. Burn this with fire. I'm totally in agreement with the others that suggest stuff like this should b just get banned from getting introduced and reintroduced constantly trying to sneak it in as a rider or hidden provision. The people DON'T want it.
It's forcing all OSs to do something that only a few should be doing. The correct way to do this is for the interested parties to form an association that does four things.
1. Creates a protocol with desired signals (country and a variable list of whatever others i.e. age,state) that clients (including browsers) CAN choose to use and forward.
2. Create an api OSs CAN implement to inform clients of those signals and if they can be overidden in the client. (Possibly even create an OS or service to run on OSs that implements it, parents can choose to install specific OS or service)
3. A open source server for governments to specify common classes of content and what to do when a specific SIGNAL (from the protocol in 1) is recieved (Serve content to SIGNAL group/serve content to everyone/never serve content). And what to do if content isn't in a class it recognizes(Serve content/not serve content). Association could also be extend it's duties to coordinate a list of types of content.
4. Maintain an authoritative list of servers by country so that those hosting services can reach the servers hosted in 3. So that webservers can visit those servers to find what they can serve if they wish to apply the law for that jurisdiction.
Horrible because it does codify less freedom and censorship. The advantages are that for a jurisdiction liability can fall on the right actor.
If you run a website/app you worry only if your in a jurisdiction that mandates you use the protocol and can easily geoblock crazy countries by using that signal and choose if a jurisdiction you want to deal with is worth the effort of coding for or whether you want to ignore that countries laws.
If you are a user you can choose to install the API or use an OS that implements it or an OS that spoofs it with only the liability of your jurisdiction. If you are a parent you can use an OS(or install a service) to implement it on your kids accounts.
If your an OS developer you can add functionality if desired/appropriate.
If you are a country you can specify what signals you use/require and can specify required signals (i.e. US may request the State signal so it can decide if it needs other signals to evaluate whether to serve "Social Media" content (i.e. age in the case of state=california)).
Not perfect but actually keeps punishment/enforcement to appropriate jurisdiction and means you can actually gracefully avoid liability for sites in broken jurisdictions rather than either kowtowing or being in breach. Also means it can be implemented in client if you don't want it on your OS or want the convenience of not being asked age without the ridiculous other stuff.
What if someone else is using the computer/phone/etc?
We got rid of the IDENT protocol a long time ago because it was stupid.
The law as is written mainly targets social media platforms. For an OS to comply, all it needs to do is provide a field during account creation that records the user's date of birth as supplied by the user. There is no onus on the operator to confirm the veracity of this information, or even record it anywhere other than the local OS install itself. I think we're safe.
It's the start of a very slippery slope.
https://theintercept.com/2026/03/17/government-surveillance-...
Slippery slopes are a logical fallacy. Every single decision moving you down the slope is intentional. No sliding occurs if nothing actively pushes things down the slide.
Accordingly, it is never too late to lobby against these things.
Not if you're being pushed down the slope.
It's not an accident that this appeared within a month or two of the California one. I would bet good money that there's someone shopping this bill around.
If you do a frequency analysis of when these bills are being introduced, you'll notice an odd cluster internationally. Less charitably, they're coordinating / talking / being pushed by someone. More charitably, the "idea" is spreading.
It's a very odd idea to spread though. Age "verification" isn't something people are truly passionate about.
I suspect that, long-term, this is about surveillance. The powers that be would rather kill the golden genie that's general purpose compute than have teens and radical youth with compute.
This is going to get bad.
What you have overlooked is that this type of bill is being introduced in states that have the strongest data protection and privacy laws, such as California and Colorado, and now Illinois.
This is happening after several other states have introduced age verification laws that actually require age verification which typically involves uploading your identity documents to each website that is required to verify your age.
Apply Occam's razor. Which do you think is more likely?
1. These states that have a record of concern for privacy are now introducing an age verification law that relies entirely on the age that the administrator enters when configuring a user account in order to give a push down a slippery slope toward their nefarious secret goal...even though it would be a complete waste of time since as the examples from numerous other states shows it is not hard to pass a law that starts with making people upload their ID documents to any social media they want to use.
2. These states that have a record of concern for privacy are doing age verification in the way that many privacy advocates said it should be done when they were objecting to those bills in those other states that required uploading ID documents, because those states do not want to go down the slippery slop that those other state approaches risk going down. Namely, through parental controls on the devices that children use that put the parents in control and leave the government out of it (other than requiring that such controls be included with the OS).
> Slippery slopes are a logical fallacy
How is this a counter-argument? I often read this, as if there's some international trusted organization of logical thinkers that has approved inclusion of slippery slope to a list of logical fallacies that must never be invoked in a conversation.
Every single time five years later it turns out that the slope actually was slippery.
Everyone who rants about slippery slopes being a fallacy also loves the boiling frog analogy (which technically might be a bit closer to what they're going for).
I don't think their comment was meant as a counter-argument.
I read it as a call to action: things only go down the slope if they're pushed that way, so now is the time to try and prevent said push.
The problem with slippery slope is that every step can be defended as reasonable, but the overall result can't. Pointing out that something is means saying, I can't refute that single step and you know that, but I still am against it, because it is crucial to an harmful outcome that I really don't want. It argues against a policy by putting it into context.
Like gravity, there is some inexorably force drawing the state towards mass surveillance tools as it makes the job easier. Removing friction that fights against that force is real
> it is never too late to lobby against these things.
Putting aside the real possibility that the ability to lobby against certain things is already actively under attack, it isn't speech alone that is being addressed, it's political and cultural momentum.
Would you call it a fallacy that making incremental rather than sudden movement in a specific direction makes it politically easier to accomplish?
Calling everything a logical fallacy, is also a logical fallacy.
We have already seen the federal government use facial recognition data to create an app that tells ICE goons who's legal. We should not tolerate the government forcing more data tracking and privacy violations just because you are not "sliding" today.
> Slippery slopes are a logical fallacy. Every single decision moving you down the slope is intentional.
This poem should be updated for modern sensibilities:
First they came for the Communists
And I was like fuck those Commies
Because I was not a Communist
ditto
ditto
ditto
Then they came for me
And what the fuck bro this is totally not what I voted for
But you're effectively asking a third party application, running in a browser no less (i already understand that a browser exposes WAY too much os level information), to query the OS for age information.
Couldn't the OS just opt out of social media? I wouldn't mind promising that I won't engage in social media online.
And how will you use a library computer?
There's a couple of ways that could go down.
One way is that you log in under a guest account and the guest account requires you to indicate your age. After your session is over, guest account logs out.
Another way is that the library has two sets of computers, ones set for adults, ones set for minors. You need access card to use computer and the librarian will give you the age-appropriate access card.
Another way is computers are set for restrictive (child) account by default. If you need adult access you have to ask librarian to unlock it.
It's been a while but as a 12 year old I completely broke the library system, installed cracked Starcraft, and refroze DeepFreeze afterwards.
Not to counteract your point, just as an anecdote I like remembering.
Seems like a slippery slope. Now the infrastructure is there to ask apple, Google and microsoft to confirm identity with selfies over the internet.
That infrastructure is literally already there. It's done and live in some areas.
People here seem very against this, but I don't really see it. This only require to have a form asking about your age and provide an API to read it, right?
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
There are basically 2 possibilities with the outcome of this law: It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois (which wouldn't be effective either, but might be the kind of compliance theatre we'll see from maintainers worried about liability).
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
"so full of holes as to be meaningless"
what is the solution then to age gating apps that the public feels should be age gated? (TikTok, Instagram, etc). it seems like every app implementing its own guessing system would have even more holes, right?
this is one where I am sympathetic. the moment when someone, with their parent, is setting up a device seems like the best point to check age. right?
am I missing something?
the solution is to remove the bits of those apps that are harmful to children (and adults): the algorithmic data feed, the infinite scroll, the engagement tactics, the advertising
but how can you remove adult-only features for children only without knowing the age?
They're saying we should remove the features in general because they're anti-features harmful to everyone, and focusing on children distracts from that fact.
This conclusion is up for debate, but that's what they mean.
don't do harmful things is pretty easy and can apply to adults too!
> It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
People lie, so there would need to be some kind of proof provided, right? How much data will one need to give up to use a computer? Where/how is that data stored? What else will it be used for? What happens when it’s hacked? How will test systems or servers work? If I want a computer that isn’t linked to the rest of my ecosystem, can I still do that or will age verification require I login with a cloud account?
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
It's not all about you.
I was using myself as an example. Nearly 60% of homes don't have any kids under 18.
I don't really see any good arguments in favor of it, so why do it? There's no reason my OS needs to know anything about me.
I guess I'm more surprised by the intensity of the backlash this generates here. I agree with you that mandating (weak) OS APIs like this the right approach, but that alone wouldn't warrant the severe reaction this is getting right?
A big chunk of the problem with this kind of legislation for me is that it inherently indicates a failure to govern to me. I disagree with the premise of the solution, but even more so this is trying to legislate a specific engineering solution for our current systems rather than any form of financial, objective guidance, or have reasonably actionable and enforceable consequences.
While laws that target engineering decisions are sometimes reasonable, they are always accompanied with specific guidance from a credible academic based institution (e.g. mechanical and civil engineering use private licensing bodies and develop specific curriculum and best practices).
The only time this law will ever be enforced is punitively for other crimes against major actors who are extremely limited in number. It is unenforceable for Linux, trivial for Apple, Microsoft, and Google to add to their OS. Presumably easy to spoof, the law describes it as minimal but once again, there isn't a specification so who knows. Websites won't be liable, they're getting a sweetheart deal here.
In practice what this law does is absolve abusive platforms an from any responsibility. It adds extra meaningless work and overhead for legitimate adult platforms while opening themselves up to new potential legal challenges, and ultimately doesn't replace the responsibility its removing.
This doesn't make children safer. This doesn't make the internet safer. This kind of legislation makes it easier to abuse children online by removing responsibility from platforms that are known to be dangerous to them yet profit from their presence the most.
It's considered offensive to the strongly freedom-loving FOSS community, and it's basically legally-required tech debt, which is annoying to all maintainers
Code is speech. Open source projects are an exercise in speaking publicly. This law mandates particular speech in your otherwise Free as in freedom code.
How are you not outraged? People are missing the above forest for the "oh but it's a tiny little easy API and I don't see any downsides" trees.
Seems pretty reasonable to get annoyed at a law that at best will be useless and at worse dangerous, while it will directly dictate features into the tools we all use everyday. All for no gain for anyone but maybe Meta and some other big companies.
Why should an OS demand personal information from its users? It creates an unnecessary risk that the information will be leaked.
Laws exist that dictate what apps are allowed to do depending on the user's age. This means that in order to follow the law they must collect the user's age. If collecting the user's age is a common requirement of apps it makes sense for the operating system to expose an easy way to do that to make app development easier on that platform.
No, it makes sense for an App Store to do that. Or, that HTTP headers are set at the device or network proxy.
User account creation wizards could just create the dot files for the App Store. These weird laws ban OS.
The issue is that software can be installed from outside of the app store on pretty much every OS. Also if you have multiple app stores it would be convenient if they could all get it from the same place.
I'm skeptical we should ban all operating systems which permit this without an interactive age check. Shouldn't the free market acolytes be arguing that parents can choose between competitors which offer ever-improving parental controls?
to me, it's both the slippery slope argument and the lack of real reason other than "protecting minors". operating systems were designed to run the program/programs. You can make applications use this API to determine the user age, or you can just...ask the user in the application itself. I also don't see why this is a requirement rather than an option the same way I don't see why having a Microsoft account is required to install windows or access to internet (without the current workarounds) or even those password reset questions and to some extent asking for first and last name. If I want to add those information, let me do that myself or when i use said software, don't make it a hard requirement.
The bill itself sort of goes against its "purpose". If the purpose is to make a convenient API for stores to know their user, and avoid showing them certain content then why did the bill state: "If an operator has internal clear and convincing information that a user's age is different than the age indicated by a signal received in accordance with this Section, the operator shall use that information as the primary indicator of the user's age."
because many people lie in those forms. Many people on steam will select they were born in 1900, including myself. So how will this API help? the only way for it to be useful is if they later require full verification.
The way I see it (to strongman the bill's position) is that by mandating it at account creation, an adult/parent can ensure that the age is properly set for a minor/child.
That being said, I don't think this bill was that well thought out as the implication are far reaching (will I need to enter an age when provisioning a VM?).
I mostly see it as a clumsy attempt to provide a mechanism for age-category attestation in a way that is more privacy-friendly than Texas's "upload-your-id" law.
What if I don't want my computer asking for my age and providing an API to give up that information? Why is the government mandating software devs to add bloat and privacy violating features to operating systems?
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
Meanwhile Epstein and the pedo elite are untouchable and with no surveillance of course.
Why are we bringing up our pet issues in threads that have nothing to do with them
Signal your virtue in the threads that are dedicated to those issues please, we don’t need to bring this up in a thread dedicated to some dumb law
I am very pro social media regulation (with regards to age gating) due to the evidenced harm it causes, and which court cases have shown these companies are well aware of internally; with that said, this is an attempt by social media companies to shift liability to keep business as usual/status quo. This is no different than what oil companies have done, cigarette companies, chemical companies who have polluted at scale while knowing the harm, etc.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
https://en.wikipedia.org/wiki/Sackler_family
https://en.wikipedia.org/wiki/Opioid_epidemic_in_the_United_...
https://www.profgalloway.com/addiction-economy/
> This is an attempt by social media companies to shift liability to keep business as usual/status quo.
Do you mind expanding on why that is? Is it because it allows them to say "well the API told us they're adults so we're all good"?
and the verification that the OS has to provide is minimal. the OS doesn't need to verify and ID or anything. Probably just a checkbox when you create the account that you're an adult, or child, etc. and then that's provided to the browser. So it effectively becomes meaningless if the goal is to get children off social media.
Purdue sold less than 4% of the prescription opioid pain pills in the U.S. from 2006 to 2012. They were a scapegoat for pill farm doctors and an incredible lack of personal responsibility from prescribers, pharmacists and patients.
Personal responsibility isn't a thing from a consumption perspective, it's primarily brain chemistry. See: GLP-1s [1] [2] (tldr they patch the brain's reward center against suboptimal reward chasing and demand)
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human. My pattern matching in the comment you replied to stands imho, and while it is admittedly imperfect (as you point out), I believe it remains directionally accurate.
[1] Why Ozempic Beats Free Will - https://www.psychologytoday.com/us/blog/hot-thought/202410/w... - October 4th, 2024
[2] https://news.ycombinator.com/item?id=45907422 (additional citations)
(think in systems)
>keep business as usual/status quo.
Umm isn’t that what we want? Or are you suggesting there should be some other legislation in place?
Age gating first [1] (no social for under X age), keep tightening the policy ratchet as data and evidence indicates. OODA loop applied to policy [2].
[1] Tracking Efforts To Restrict Or Ban Teens from Social Media Across the Globe - https://www.techpolicy.press/tracking-efforts-to-restrict-or... - February 23rd, 2026
[2] https://en.wikipedia.org/wiki/OODA_loop
That's exactly how I see it. Verification should be on the social media platforms not your OS.
This is the framework for requiring government ID to use online services, which increasingly power even local computing (thanks to DRM and cloud services).
They want to abolish anonymous use of internet services, because anonymous publishing at scale is powerful and dangerous to incumbents when they can’t retaliate with malicious prosecution, police harassment, or assassination.
Please explain how this law (or the CA one for that matter) require government IDs. It is worded specifically to _not_ require ID.
this is completely insane. we need some kind of constitutional amendment to get rid of all this kind legislation forever.
People are making way too big a deal of this IMO. This is basically the OS equivalent of that checkbox you click to enter a porn website that gets exposed to Meta, so they can claim that they did what they all the they could to protect children if they get sued by parents. Any determined kid would figure out a way around this, but I can see it stopping younger and less determined kids, and it's a useful tool for parents.
Unlike the California law, I seemed to be in the minority in this opinion, this one does seem to require programs like grep to ask for a users age bracket.
> (b) An operator shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
Unlike the California law I do not see anything that restricts this to child accounts only.
So let say I have a program:
and I want to publish it to say npm or nixos, or some linux distribution. Not with out violating this law. This application needs to request the users age brackets at least at 'downloaded and launched' optimistically that means once on first launch, but potentially needs to be requested on each launch of the application. So lets fix the program There we go, now the code is compliant with my imagined ageBracket module.It does not stop at the check box. Someone is going to sue Google/Apple when a 13 year old gets on a porn site. Then Google/Apple will introduce "verification" that requires linking your identity to your device, and attesting this to the "operator" (porn site). Then every person using any OS is tracked, on every website and app, all the time, by law. And Linux becomes illegal without it.
This is not a theory. Laws requiring this are going through the state and federal level right now.
Wouldn't a some kind of technical standard proposal be a more sensible way to do this than trying to pass OS laws state by state?
iOS (for example) already has that technical standard in place and usable.
How would this work for e.g. RTOS or even TempleOS?!
Does the hidden Minix installation on every Intel CPU with the Intel Management Engine count?
it's entirely possible such nonsense is all show, and wouldn't be passed, however.
i'm from illinois, worked in california, and no longer live in either. from afar, it seems that whatever california bureaucrats propose, after a short delay, gets proposed by their little sibling bureaucrats in illinois.
This is 100% true
It has already passed the Colorado senate.
This. IL and MA follow whatever CA does with a few year lag. Considerations of sanity never enter into the discussion.
constitutional amendment to criminalise corporate lobbying with severe penalties - including capital punishment and confiscation of entire corporation.
I actually see the golden lining here
>"Operating system provider" means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
I.e Linux will most likely to be immune, since its not tied to a particular computer.
Which just means Linux stay winning. It already made big headway in the video game space, so its prime to take over personal computing too.
All the distros are the providers here. The Linux kernel is not an operating system.
Since GNU(or other)/Linux OSes allow the sysadmin to compose the OS out of parts and change them, the final OS is created by the sysadmin. That's what makes distributing binary software so annoying for maintainers, every installation can be it's own snowflake OS.
Wouldn't that include using it on any cloud service that let's you pick it?
> since its not tied to a particular computer.
That's a really weird and nonsensical reading of "operating system software on a computer".
Answer: they don't want to be liable and get fined $400 Million, like Meta got fined, for letting kids on social media. (https://www.nytimes.com/2022/09/05/business/meta-children-da...)
This is why Meta is forcing this legislation through nation-wide. They are forcing Google/Apple to take the liability, despite it not actually being Google or Apple that's providing the "harmful" social media. Meta are doing this state-by-state so nobody can track that it's them. Easier than pushing at a federal level, and raises fewer red flags from news media.
Since Google and Apple won't want to accept this liability either, the next step is requiring digital IDs and third-party verification to prove the user is of age. This will enable tracking of all users, whatever app or website they go to. Bills requiring this are already being passed at state and federal level.
I don't like this whole thing, but compared to what I was fearing would happen, this idea is nowhere near as bad.
What I expected was that we'd end up with the OS vendors actually being mandated to really do age verification, and then submitting that using Web Credentials and Secure Attestation so that the far end could trust the whole thing, locking open-source OS's out of the mix and creating more of a walled garden online than we already have. I was guessing it would become a simple checkbox on e.g. Cloudflare - "[ ] allow adult users only" or whatever - and that it would end up with vast swathes of the internet going off limits for anyone not on closed-source systems.
Now, it looks like this is just a way for parents to tell the OS "this is a kid account" and have it flow through to websites so they can easily proactively block kids from connecting without having to implement any of that crap. Yes, it's much potentially easier for a child to circumvent; but any kid who can get around that sort of thing from within an OS could probably just wipe/reinstall anyway, so who cares?
As a parent whose kids are continually trying to see what trouble they can get into, I appreciate that I will get one more potential weapon in the fight.
Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
> Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
You're being a fool by actually being a bit relieved it's going this way.
These bills are meant to nudge the overton window[0] of digital politics in the direction of mandating realtime identity verification for all forms of computing. Advertisers want it, governments want it, _bad people and bad governments want it_. By pushing a very small and "weak" legally-required form of user identification on everything under the guise of "saving the kids", all involved parties can point at those who disagree and say "Look, if you disagree you must want to hurt children!" And so the bills pass, and a weak form of identity verification passes and is enforced. Then it'll be shown it doesn't work, and the proposed solution will be to make these identity verification laws more intrusive and more restrictive. Repeat ad-nauseum.
0: https://en.wikipedia.org/wiki/Overton_window
LOL. Well said...Seems as if we're on some dystopian track that's eventually going to transform a RealID card into something like a Common Access Card (or worse).
You shouldn't be downvoted for this, the problem is exactly as you described.
What do you think comes after this? This is just a first step towards exactly requiring age verification at the OS/Store level... Then comes ever more restrictive and intrusive tracking and eliminating all anonymity as a final goal.
Time to start throwing up hobby BBS sites... and I think in this case text mode interfaces over web might be an advantage.
Websites can send down a single header indicating adult content. The device, the parent setup to indicate the users age, can respect that. Legitimate adult websites will not show the content. There is no need for any verification beyond that or it's just government mandated surveillance.
> There is no need for any verification beyond that or it's just government mandated surveillance.
There is no verification beyond that in these sorts of bills (CA, CO, IL). It's the parent's responsibility to watch their kids when they set up an account.
> Legitimate adult websites will not show the content.
This is a big problem (that won't necessarily be solved by this particular legislation, granted). There are already voluntary rating HTML tags websites can add to indicate parental control software should block them, but they're voluntary and non-standardized. Websites can choose not to comply with no real-world consequences. And I don't think platforms like Reddit or X, which are ostensibly all-ages social media but also have an abundance of adult content, are properly set up to serve tags like that on NSFW posts but not other ones.
It's a tricky problem to solve, and, imo, it's one the tech industry has demonstrated it doesn't have any desire to solve itself, hence legislation starting to get involved.
> Websites can send down a single header indicating adult content.
It sounds at first glance like a no-brainer that websites shouldn't have access to any information and the enforcement should be done at a local level (like the current voluntary HTML tags that locally installed parental control software can sometimes read). But some websites might want to display alternate content to minors-- e.g. a Wikipedia article with some images withheld, or Reddit sending a user back to an all-ages subreddit instead of just fully breaking or failing to load when the user stumbles upon something 18+. For anything like that, the website will need to know in some form that the user isn't able to see 18+ content.
Next thing you know they'll stamp your ID at the hardware level at point of purchase.
Yeah, the laws in CA, CO, and now IL are essentially just mandating generally available OS's implement a standardized, local parental control system.
Detractors will say parents should just install existing parental control software, even though it's existed in its current form for decades and is obviously not effective. And they'll say it should be the parents' responsibility to enforce what their kids are doing with computers, while ignoring the fact that these laws provide tools allowing parents to do just that (the parents are the ones responsible for supervising their kids when they create accounts to ensure they're not lying about their age-- if the kids lie during setup, it's on the parents).
Anyone with kids will probably acknowledge that it's much easier supervising your kid once when they first set up an account on a new device than it would be to supervise them 24/7 when they're using the internet. But for some reason, lots of people without kids are in a panic about having to type in any date older than 18 years ago. The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
Because that's exactly what will happen. This is battlespace preparation for the destruction of anonymity on the internet, because politicians find this inconvenient.
The parents can already do that. Its called "parenting". The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
> if the kids lie during setup, it's on the parents
Pretty much a "Yes, and?" scenario. See above.
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
I get where you're going, but precisely this. These things always start slow... then fast. The old adage "first they came for x, then y" is not a joke or an exaggeration. It is pretty much historic observation. I've lived long enough to know that whenever someone invokes the "think of the children" defense, there's always a catch.
I already responded to what you're saying in my initial comment. I'll expand for you.
> The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
My parents set me up with an AOL account when we first got a computer and dial-up internet. At first, I was kind of required to go through the AOL desktop application to browse the web since that's how we connected to the dial-up. Sometimes a website would be blocked through AOL, and I'd have to have one of my parents come and sign in to allow me into it.
But once we moved onto broadband DSL, I eventually figured out I could just open Internet Explorer instead of AOL to bypass the parental controls without having to get my parents to come allow a website. Of course, a few years after that, I was secretly browsing porn... at 10 years old.
As a parent today, what non-required tools would you suggest I use to effectively filter NSFW content from the internet for my kids? Network-level methods don't work in the age of laptops and smartphones. Any on-device software you might suggest would probably be for iOS/Android or Windows, not both. And which software supports Ubuntu, or do you think I shouldn't let my kids use it? Yes, it's probably possible to lock things down eventually (for me, as an IT professional). The parents next door probably have no clue about half the stuff I'd use, and my kid's gonna end up having access to whatever their kid does. Even if everyone does everything perfectly, all it takes is a slight paradigm shift or new piece of technology to sidestep all of it-- like when my parents did their jobs setting up AOL parental controls but then switched our connection type and inadvertently broke them.
The value of this legislation isn't necessarily making parental controls technically possible. The value is standardizing and normalizing it. As someone in another comment chain brought up, you're not expected to individually coordinate with every movie theater or every liquor store, or to helicopter your kids IRL with it being your fault if someone sells them beer when you let them go out with their friends. There's a basic societal understanding that certain things aren't available to kids. The internet being "wild west" for a few decades doesn't invalidate that, imo. This isn't parents not parenting, it's adjusting the level of burden we're expecting to come with parenting to a more reasonable level.
> while ignoring the fact that these laws provide tools allowing parents to do just that
These tools are called "parental controls" and already exist - we don't need laws to compel their production.
...unless, of course, the true aim is to use this as a beachhead for further expansion of privacy-violating requirements.
You write this off as a "slippery-slope" argument, but given that there are already quite a few tools that do what this law aims for, what's the point?
Because the tools don't work, and are too fragmentary and burdensome.
Would you prefer to inform each movie theater in town which movies your child is permitted to watch? Or just rely on the rating system that applies to most movies and is honored by most theatres?
Parents want one setting that says "this is a child" and then expect online platforms to respond appropriately. As we expect and mostly have in the real world.
The argument about the California bill is not that it is a slippery slope, but that it was drafted by people with zero domain knowledge. It applies equally to toaster ovens as well as iPhones.
The "one weird trick" that all government hates? Stop forcing OSes to function with accounts. "User account" is an artifact of UNIX. You don't need an account to start a car, send and email, nor boot an operating system. I know it's hard to grasp, but it's true.
> You don't need an account to start a car, …
Don’t say this too loud please, I don’t honestly think we’re too far from this reality, at least from an “Overton Window” point of view.
What's the "user account" for an iPhone? Sure you might have to sign into icloud, but that's not mandatory. It's effectively a single user system.
The "User account" of the OS are the security contexts. You can say everything should be a single security context, and this is how a lot of people have been operating their MS Windows machines, logging in as admin constantly, but this is a stupid idea and comes with risks. Even when you say the OS can have a second root account, that the user never gets to use, you have two user accounts.
You're conflating profiles with user accounts. "Admin user" didn't exist until Windows NT. You don't need permission to change your clothes!
Growing up, I vividly remember user accounts being important for our families personas on Windows XP. There's definitely a place for them, but there should be an option to not use one.
Unless your specifically calling out accounts that require online registration for the OS. I'm vehemently against that requirement.
I wonder how this will mix wit federal laws saying you aren't allowed to track users under the age of 13yo? Will this then be forced as a browser API/header passed to every server/request?
Yeah but if so, what does it have to do with the OS itself, i.e. outside the browser?
From articles I've seen, it's mostly Facebook lobbying to "pass the buck" upstream to the OS level to actually inquire... this of course will blead into the OS provided "store" interfaces most likely. And while, likely mostly targeting Apple and Google, MS/Windows and Linux are definitely going to be catching stray bullets. In particular vendors with Linux pre-installed... hence System 76 adding the feature to PopOS. Who knows if/how this will come about in practice or how consistently.
If allowing children access to social media is dangerous, then why aren't they enforcing existing child abuse and child endangerment laws? Throw the parents in prison for failing to control their children.
>If allowing children access to social media is dangerous, then why aren't they enforcing existing child abuse and child endangerment laws?
Because there's no remotely compelling evidence for this and it'd be thrown out by a judge as a huge parental rights violation.
How will public libraries comply?
Presumably they'll burn down the libraries.
What recourse would Illinois have against open-source operating systems? Anyone can roll their own Linux distro and share it with whomever they want.
> What recourse would Illinois (!) have against open-source operating systems?
None but them corporations sure do. And with a little cash in the right place I'm sure they can push recourse onto people of power. We really need to end political lobbying one of these days
Curious how OpenBSD or Haiku will comply.
For what I understand, OpenBSD could just patch useradd so that the age category is mentionned in the comment field of /etc/passwd or a random text file in /etc.
Haiku could just run an automatic dialog asking you if you are minor, in Illinois or California and write a text file with the corresponding age category of said person.
These bills do not mandate that the user cannot modify that information AFAIK.
I can't imagine OpenBSD would be bothered by laws specific to a very small selection of US states.
By adding a simple birthdate field to your account info and a system API of some sort for retrieving the account owner's age range, same as everyone else.
Even if open source operating systems comply and add such a feature, what's to stop individual people from removing this and blocking the API requests before they install the OS? Or providing dummy responses? They're open source, after all.
Is the government going to require some sort of automated checks that verify every person who connects to the internet has this API on their OS and go after individuals that aren't in compliance?
The most progressive states doing exactly what their constituents elected them to do. I don't understand why everyone is so surprised.
"Progressive states" like Utah, Texas, and Louisiana?
https://le.utah.gov/~2025/bills/static/SB0142.html
https://capitol.texas.gov/tlodocs/89R/billtext/html/SB02420S...
https://www.legis.la.gov/Legis/ViewDocument.aspx?d=1427667
How old is root?
$today - 1970-01-01T00:00:00
These people are just so clueless. All they will find is that everybody on the internet is an adult.
My future OS: https://agelesslinux.org
What is the reasoning behind this exactly? Yeah, I know Meta is behind it, but surely they will throw it out if it is absord, right... right?
“Use of this computer is illegal in the state of Illinois - your friendly neighborhood SWAT team has been notified.”
Too much for Dem's state.
Karens making stupid bills. What is and what is not an OS?
Every single sponsor of this bill is a Democrat. Why is that? I would think they’re against the type of puritanical moralizing that is behind most age verification bills.
they love money and facebook has the cash to bribe them
You must be too young to remember Tipper Gore...
https://en.wikipedia.org/wiki/Tipper_Gore
Oh I remember. I just assumed things have changed enough, and that the threat of theocratic ideology - what’s behind project 2025 - would have made such stances unacceptable. My guess is this has more to do with lobbying and donor interest.
i look forward to the police showing up and explaining to me how computing is a privilege, not a right
What are they going to do to enforce this? Take down open source projects that "operate" in Illinois because a user downloaded the software there? Absolute joke and everyone should treat it that way; advanced compliance here means implicit support for the surveillance state.
Agelesslinux
Why would California be dumb alone, let's show them we can be too... I don't know how else to read this.
here is the date I will put out....
1 10 0000
or even better
1 10 -2000
This will turn into most useless set of laws ever
Why suddenly are all of the blue states doing this BS? What is going on and what control is this affording the government?
Lobbying from Meta. They do not want to do age-verification themselves (and pay for it).
See the actors behind this here (Meta is a big one): https://tboteproject.com/
Meta is behind a huge amount of it, they have funded the majority of these
Meta is lobbying with millions for it.
Blue states: paternalism over your property, liberty for your body
Red states: paternalism over your body, liberty for your property
except for during covid, where there was a weird reversal.
I don't even know if that was much of a "reversal".
Blue states were paternalistic over both your property (business and social gathering shutdowns) and your body (masking, social distancing enforcement), while red states (particularly Texas, Florida) were very laissez-faire for both.
What's perplexing about this is that research has generally correlated higher amygdala activity (fear/worry) with political conservatism, and lower amygdala activity with political progressivism, but in this case, the effect seemed almost inverted.
In that case, I imagine that the response of mask mandates wasn't out of fear but was done do to the obvious benefit in controlling a disaster. The anti-masking movement is also I suspect a fear response. People are afraid of change, especially extremely visible change
Fear of infectious diseases is inversely correlated with testosterone levels, and so is liberalism.
Read and share "Free Software, Free Society" now.
Richard Stallman advised us about it long ago.
Thank god Plan9 got relicensed into GPL. 9front might not totally free, but it's a step in case GNU+Linux gets utterly broken.
And, yes, please, go try Trisquel (novice users), GUIX (experts) and Hyperbola (experts and protocol purists).
Avoid every Google, Amazon, Facebook, Apple, Netflix service with nonfree JS.
When I need to use my computer, I'm not thinking about someone else's crusade. I have crusades of my own to fail miserably at and I need all the help I can get from whatever products function best.
Somehow I'm not surprised. They voted for Biden in 2020 then for Kamala. Just like california with it's OS age verification.