I... Kinda think this will work out ok? Hear me out: Linux is open source. Someone's gonna make an application/kernelmodule that lets you configure your reported age on a application/website basis.
In some jurisdictions it's illegal to target kids with advertisement, and I believe also to track them? Reporting your age as 8-12 is gonna be the new, but actually functional "no tracking" header.
This seems to be a shorter list than the one collected by Ageless Linux (https://agelesslinux.org/distros.html), although the GH issues seem to have the status of some additional distros.
Can anyone tell me exactly what these laws do? Is it just going to ask for a birthday when I run `adduser`?
What's the point? Is it meant for one admin account to restrict other user accounts?
I believe the California law (which has passed) requires operating systems to collect the DoB or Age of the user when setting up a user account, and then expose an API that shares the users age range (not their actual age or birthdate) when requested by an application.
It does not require the OS to actually verify the age, collect government IDs, or any other data.
The intention, I think, is to put the responsibility for communicating the users age on the OS, instead of having each application or service do their own age verification (by scanning IDs, requesting user data, etc). Since it’s set on the machine, a parent can set it once for their kid when setting up the device.
Or I guess the kid can set it if they're smart enough to reinstall the OS or spawn a VM. I'm sure there will be online resources to help them that kids know how to share
The California law says nothing about verification or immutability, what if someone made a mistake when putting in their age? Why do we need to hide it? Better to just let the user change this at will.
Yeah the most likely thing (for the California law, at least) is that compliant OS's expose a form at account creation where you input a birthdate or age, and have either a CLI/file/setting where you can change the birthdate or age with admin permissions. No verification is needed
Yeah if you have admin access to your device and know what you’re doing it’s basically a non-issue. I’m guessing a savvy high schooler can change their age bracket easily.
If you want to give a young child a laptop or computer though, it maybe helps keep them away from objectionable content.
What I got out of it was that an os has to provide an interface to applications so that if they make an age request(note that the law says nothing about when or what applications will make a age request) the os can provide something. and it has to provide an interface for the user to enter the information.
So when we map this requirement onto the mechanism of how the os provides information to applications. and how users set up the system. I have come to the conclusion that compliance on a unix-like platforms is as simple as
echo ${AGE_CATEGORY} > ~/.config/ca_ab_1043
Then the program can get the age category anytime it wants to. the user is able to put this information in at account setup just like the law asks using an accessible interface, the same interface everything else on a unix-like platform uses, the shell.
You’d need some script that updates the age category based on the user’s provided birthday (which is not shared with the applications) but otherwise yeah
The brackets are a few years wide, so it could take a bit of waiting. But yeah I’d consider setting a slightly different day/month for a child if I was paranoid.
I guess you could also make the bracket selectable instead of requiring the age
Depends on the law. Some of them say that the age range must be provided to all applications through an API, and all apps and “app stores” must filter content based on this value. Others say that this isn’t enough and you actually have to verify the age based on some commercial scheme like CC or ID verification. Some say you have to send the age to websites. Many of these laws seem to be in direct conflict about what is allowed and not allowed.
In all cases, at least in the US, these laws violate the first amendment (as code is a form of speech), and freedom respecting users and devs need to resist them until they can be defeated in court.
In the original article there are some blue underlined words. “California” is one of them. If you click it, you will get a nifty video answer to your question.
Honestly the laws don’t consider open source operating systems at all. They’re meant for the overwhelming majority who are using commercial operating systems. They imagine something like android or iOS or windows where yeah they ask the question during user creation and then handle the age gating in their app stores, anything outside that model isn’t something they’re going to spend any time thinking about, because why would they?
The short answer is that a lot of states now require KYC by service providers under the guise of adult content prohibition, "protecting the children", or mass surveillance. So the service providers like Facebook are trying to foist off the responsibility to the operating system. The pesky details of storing and managing PII becomes Somebody Else's Problem, and if the operating system implements an easily bypassed KYC e.g. a simple check box and then the kid get radicalized or get exposed to problematic content, the service provider can just shrug and point the finger at the OS. In other words it shifts the responsibility to the lowest level instead of the platform companies.
So once an OS has your age then what it is just handed out to sites so they can target children for better kidnapping?
I... Kinda think this will work out ok? Hear me out: Linux is open source. Someone's gonna make an application/kernelmodule that lets you configure your reported age on a application/website basis.
In some jurisdictions it's illegal to target kids with advertisement, and I believe also to track them? Reporting your age as 8-12 is gonna be the new, but actually functional "no tracking" header.
Setting your age 8-12 probably bans you from using Gmail and other online services
That's why you give different ages to different sites.
8-12 will be used to argue that age verification isn't enough. They are pushing this stuff to track everyone, especially children.
I guess this can potentially make it easy for the overzealous lawmakers & individuals harass those os/distributions to introduce age verification.
I prefer a satirical 'ShouldItAgeVerify' page that points the ridiculousness of shoving verification at unexpected places.
This seems to be a shorter list than the one collected by Ageless Linux (https://agelesslinux.org/distros.html), although the GH issues seem to have the status of some additional distros.
See also https://github.com/AntiSurv/oss-anti-surveillance for a project to patch out any future age verification code.
The browser needs to actually read this for it to be meaningful. Where is that list?
what if a distro uses systemd and systemd implements age verification?
That is already in the works, atleast the base for it.
https://news.ycombinator.com/item?id=47436240
Systemd seems to have only implemented a place to store a birthdate. I doubt they will do anything else.
Can anyone tell me exactly what these laws do? Is it just going to ask for a birthday when I run `adduser`? What's the point? Is it meant for one admin account to restrict other user accounts?
I believe the California law (which has passed) requires operating systems to collect the DoB or Age of the user when setting up a user account, and then expose an API that shares the users age range (not their actual age or birthdate) when requested by an application.
It does not require the OS to actually verify the age, collect government IDs, or any other data.
The intention, I think, is to put the responsibility for communicating the users age on the OS, instead of having each application or service do their own age verification (by scanning IDs, requesting user data, etc). Since it’s set on the machine, a parent can set it once for their kid when setting up the device.
Or I guess the kid can set it if they're smart enough to reinstall the OS or spawn a VM. I'm sure there will be online resources to help them that kids know how to share
The California law says nothing about verification or immutability, what if someone made a mistake when putting in their age? Why do we need to hide it? Better to just let the user change this at will.
Yeah the most likely thing (for the California law, at least) is that compliant OS's expose a form at account creation where you input a birthdate or age, and have either a CLI/file/setting where you can change the birthdate or age with admin permissions. No verification is needed
Yeah if you have admin access to your device and know what you’re doing it’s basically a non-issue. I’m guessing a savvy high schooler can change their age bracket easily.
If you want to give a young child a laptop or computer though, it maybe helps keep them away from objectionable content.
Here is the exact text of the california law, make your own opinion.
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml...
What I got out of it was that an os has to provide an interface to applications so that if they make an age request(note that the law says nothing about when or what applications will make a age request) the os can provide something. and it has to provide an interface for the user to enter the information.
So when we map this requirement onto the mechanism of how the os provides information to applications. and how users set up the system. I have come to the conclusion that compliance on a unix-like platforms is as simple as
echo ${AGE_CATEGORY} > ~/.config/ca_ab_1043
Then the program can get the age category anytime it wants to. the user is able to put this information in at account setup just like the law asks using an accessible interface, the same interface everything else on a unix-like platform uses, the shell.
You’d need some script that updates the age category based on the user’s provided birthday (which is not shared with the applications) but otherwise yeah
No you don't, the compliant user will up date this information as necessary.
The law says the user provides the birthdate or age and the bracket is derived from it
I wish the legislators thought about the privacy implications of this, because anyone can learn your birthday by watching when the category changes.
The brackets are a few years wide, so it could take a bit of waiting. But yeah I’d consider setting a slightly different day/month for a child if I was paranoid.
I guess you could also make the bracket selectable instead of requiring the age
According to an opinion piece at The Register, California's is vague and nobody knows, including the law's proponents: https://news.ycombinator.com/item?id=47398798
Depends on the law. Some of them say that the age range must be provided to all applications through an API, and all apps and “app stores” must filter content based on this value. Others say that this isn’t enough and you actually have to verify the age based on some commercial scheme like CC or ID verification. Some say you have to send the age to websites. Many of these laws seem to be in direct conflict about what is allowed and not allowed.
In all cases, at least in the US, these laws violate the first amendment (as code is a form of speech), and freedom respecting users and devs need to resist them until they can be defeated in court.
In the original article there are some blue underlined words. “California” is one of them. If you click it, you will get a nifty video answer to your question.
Honestly the laws don’t consider open source operating systems at all. They’re meant for the overwhelming majority who are using commercial operating systems. They imagine something like android or iOS or windows where yeah they ask the question during user creation and then handle the age gating in their app stores, anything outside that model isn’t something they’re going to spend any time thinking about, because why would they?
The short answer is that a lot of states now require KYC by service providers under the guise of adult content prohibition, "protecting the children", or mass surveillance. So the service providers like Facebook are trying to foist off the responsibility to the operating system. The pesky details of storing and managing PII becomes Somebody Else's Problem, and if the operating system implements an easily bypassed KYC e.g. a simple check box and then the kid get radicalized or get exposed to problematic content, the service provider can just shrug and point the finger at the OS. In other words it shifts the responsibility to the lowest level instead of the platform companies.
The omarchy statement is just DHH dropping the r-word in a DM.
I love omarchy, but manchild/edgelord behaviour from the lead doesn’t exactly instill confidence.
Wait, are there reasons to use omarchy beyond being a DHH fan?