this post was submitted on 02 Mar 2026
166 points (98.3% liked)

Technology

82069 readers
2992 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
166
California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup (www.tomshardware.com)
submitted 5 hours ago by Amoxtli@thelemmy.club to c/technology@lemmy.world
50 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] pulsewidth@lemmy.world 12 points 1 hour ago* (last edited 1 hour ago) (1 children)

Many people here are going off on wild tangents over this. You should just read the law, it's only a couple thousand words of quite plain English.

Many here have taken completely incorrect assumptions from the title. This law is for developers, not users.

Summary:

  1. Requires OS devs ask for DOB, age, or both at account creation time.
  2. Requires an API that allows app store devs to request this age data for the account. At minimum this API must signal that the account is a member of one of these categories: 'user under 13, user over 13 and under 16, user is over 16 and under 18, user is over 18'.
  3. Explicitly bars OS devs from sending more data than explicitly necessary to meet 1 (hint: photo ID, facial recognition).
  4. Explicitly bars app devs recieving the data from requesting more data from the OS nor the App store.
  5. Bars app stores from using the data for any other reason and specifically calls out anticompetitive practices.
  6. Bars app store and OS devs from sharing this data with any third party for any other reason than to comply with this law.
  7. Has injunctions and civil penalties of $2500 (max per user) affected by negligent violations (eg a child account is served adult content), and $7500 (max per user) affected by intentional violations.

The only problem I have with this is that it should only apply to commercial software (app stores and OS). Libre/FOS software should not have to police ages on their app stores, due to their far reduced budgets (often zero), developer time, and the nature of the software being generally anti-centralized and anti-surveillance-capitalism. Though I'd be fine with it for FOSS software distributed via commercial app stores, as long as they gave a longer lead time to implement (EG a couple of years).

[–] Railcar8095@lemmy.world 6 points 43 minutes ago

The only problem have with this is that it should only apply to commercial software (app stores and 0S). Libre/FOS software should not have to police ages on their app stores,

It's a bit like saying the only problem with the Titanic is the water inside.

The law is bad, whether it can be worse or not is just tangential. But still, this law as is applies to computers, phones... And nas, some routers, watches, advance calculators... As they all have OS and can install apps. As per app stores, guess what, thats the GNOME app store, but also flatpak, jellyfin (can install apps as plugins), pip, docker, git... And what about plain executables? Githut should ask for your age too to download artifacts?

Porn started with only age verification by the user as a prompt, and we see where that is going now.

[–] aReallyCrunchyLeaf@lemmy.ml 42 points 2 hours ago (1 children)

So now when I spin up a VM at my sysadmin job I have to tell the server I'm an adult? Does anyone actually know what the fuck we are doing here? What an absolute clown show.

[–] zewm@lemmy.world 22 points 2 hours ago (1 children)

This is what happens when boomers never die and stay in office for a lifetime. They don’t understand technology but are allowed to make the laws that govern their use.

[–] MyNameIsIgglePiggle@sh.itjust.works 1 points 1 hour ago

When can just change the laws when they leave

[–] GreenShimada@lemmy.world 33 points 3 hours ago

For everyone trying to figure out how this would be enforced, it's not about being proactively enforced. (and data collection is 99% of it)

It's about adding a double-tap "Well, these people also violated our age verification law, so they have to pay a fine," added to any incident where it's convenient to add this in. If a minor sends another minor a snap that would trigger CP laws, and one of the phones isn't age verified correctly, fine to the parents and hands up in the air "We tried!" A minor is involved in torrenting movies? "Look, kids using illegal OS! Fine to the parents!"

This is how laws work across a lot of corrupt developing countries. There's laws for everything, but they only get applied selectively as authorities find they fit the situation. It's hard to actually be 100% above board and do everything legally because of a few little things meant to be impossible to actually do bureaucratically. So in every situation, any set of authorities start in with the endemic leverage of "Well, we have suspicion of you selling ketamine out of your apartment. Did you do age verification on your laptop? No? Then we can seize that as a crime and see what's on there. OR you can give up your supplier."

[–] RobotToaster@mander.xyz 44 points 3 hours ago (1 children)

How will this affect embedded os like freertos or vxworks? There are lightbulbs that have operating systems these days, am I going to have to show ID to turn on my light?

[–] pulsewidth@lemmy.world 6 points 1 hour ago

As those are not general purpose computing devices, and additionally have no app store - no, and no.

From the law text:

(c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

[–] ZoDoneRightNow@kbin.earth 50 points 4 hours ago (3 children)

uhhh. So would I need to get everyone who uses the household pc to verify age? Whats stopping a child from using the family pc that was age verified by an adult?

[–] supamanc@lemmy.world 2 points 6 minutes ago

Please drink your age verification can....

[–] loie@lemmy.world 36 points 4 hours ago (1 children)

Believe it or not, straight to jail

[–] jjfolken@lemmy.dbzer0.com 2 points 2 hours ago (1 children)

Underage 👇🏼, Overage 👆🏼... Jail.

[–] wreckedcarzz@lemmy.world 4 points 2 hours ago

Birthday? Believe it or not, jail.

[–] orange_narange@lemmy.org 18 points 3 hours ago

Clearly the point is not tl verify the age. They want your data.

[–] webghost0101@sopuli.xyz 6 points 2 hours ago (1 children)

This will not matter to most of linux, it’s non enforceable and easily circumvented.

But the issue is what they used for thumbnail. Steam deck.

Steam is bringing linux to the the masses but they won’t be able to sell any without complying to the part that all apps that can be installed must be able to ask the os to give this data.

[–] scbasteve@lemmy.world 8 points 2 hours ago

Steam already requires your age when you look at m rated games. The only difference is that the age verification is before you get to that page.

Also, the age verification is literally just check a box. Its the less of several evils, but really if I HAVE to verify my age, Id prefer to do it this way

[–] Lost_My_Mind@lemmy.world 116 points 5 hours ago (2 children)

Simple solution. From now on Linux distros should ship with a big message "NOT FOR USE IN CALIFORNIA".

You want to force age verification? No server in all of California will run. Period.

[–] SanctimoniousApe@lemmings.world 6 points 2 hours ago

"My name is Microsoft, and I approved this message."

[–] FartMaster69@lemmy.dbzer0.com 34 points 5 hours ago

Ah, the Glock solution.

[–] Gork@sopuli.xyz 16 points 3 hours ago

I've always input my age as 1900-01-01 and I can't change that now because that'll show an inconsistency and we can't have that now can we.

[–] baller_w@lemmy.zip 23 points 4 hours ago* (last edited 4 hours ago) (2 children)

The law does not require photo ID uploadsor facial recognition, with users instead simply self-reporting their age, setting AB 1043 apart from similar laws passed in Texas and Utah that require "commercially reasonable" verification methods, such as government-issued ID checks.

Seems toothless. Good.

[–] Lucidlethargy@sh.itjust.works 1 points 8 minutes ago

I had to scroll way, way too far for this sensible comment.

I like Lemmy, but people panic and jump to conclusions often.

[–] db2@lemmy.world 7 points 4 hours ago (1 children)

Sounds like they're lampooning the other laws tbh

[–] scbasteve@lemmy.world 3 points 2 hours ago

Feels more like they see the direction tides are turning and they want to get ahead of it. They implement the laziest and easiest to work around age verification, and then if down the line age verification is required on a federal level, California can say they already did it.

[–] StrawberryPigtails@lemmy.sdf.org 38 points 4 hours ago (2 children)

Enforcement against Linux distributions, however, is likely to be problematic. Distros like Arch, Ubuntu, Debian, and Gentoo have no centralized account infrastructure, with users downloading ISOs from mirrors worldwide, and can modify source code freely. These small distros lack legal teams or resources to implement the required API, so a more realistic outcome for non-compliant distros is a disclaimer that the software is not intended for use in California.

[–] cmnybo@discuss.tchncs.de 19 points 3 hours ago

That's what MidnightBSD did.

California residents are not authorized to use MidnightBSD for desktop use in the state of California effective January 1, 2027. California law CA AB1043 requires a complex age verification system implemented for operating systems with no exceptions for small open source projects. At this time, we don't have development time or a plan in place for this.

[–] vacuumflower@lemmy.sdf.org 5 points 3 hours ago

They, eh, want for every local user account to be tied to some central database?

In general this is going out of hand, age verification is parents' responsibility.

[–] tidderuuf@lemmy.world 44 points 5 hours ago (4 children)

Wow California leading the way to fascism, who woulda thunk?

[–] gedaliyah@lemmy.world 3 points 1 hour ago

This kinda seems like a roundabout way of avoiding government /corporate age verification laws? Like it doesn't require ID verification or biometrics and runs a local api to verify age.

Can someone smarter than me please explain if this is a good thing or not?

[–] TropicalDingdong@lemmy.world 43 points 5 hours ago

Colorado Dems pushing a similar law rn.

Fucking idiots.

[–] Kolanaki@pawb.social 5 points 5 hours ago* (last edited 5 hours ago) (2 children)

Because it's not that crazy or authoritarian and is basically what most websites already do to "verify" you age (which is to say nothing but asking you your age). But the onus is now being put on OS makers, with an additional clause to build an API for other developers to access so they also can "know" a user's age.

The law does not require photo ID uploads or facial recognition, with users instead simply self-reporting their age

[–] matlag@sh.itjust.works 18 points 4 hours ago

It always ALWAYS comes step by step!

First they will introduce age "non-real-check", then they will enforce the check: you have accepted the principle, so what's the big deal if we actually check it?

[–] cmnybo@discuss.tchncs.de 30 points 5 hours ago (1 children)

The photo ID requirements are what will come next.

[–] Kolanaki@pawb.social 8 points 5 hours ago (2 children)

Maybe. But it will be funny for a little bit when the data starts showing the average age of a Californian is over 200 years.

[–] brsrklf@jlai.lu 2 points 1 hour ago

I am ready to believe those that allowed this law to pass were.

[–] swab148@lemmy.dbzer0.com 5 points 2 hours ago

They'll tag all the Linux users with "1 January 1970"

[–] FartMaster69@lemmy.dbzer0.com 2 points 5 hours ago

It’s been that way for a very long time.

[–] Exeous@lemmy.world 36 points 5 hours ago

What if no internet? How set up?

[–] aurelar@lemmy.ml 25 points 5 hours ago (3 children)

Technically, Linux is not an operating system, just a kernel, so I'm not sure how this would be implemented.

[–] Lost_My_Mind@lemmy.world 37 points 4 hours ago* (last edited 4 hours ago) (4 children)

See, here's the big open secret. All these politicians, who make all these rules? They don't have a clue what they're talking about. They think a kernel is something that gets stuck in your teeth whrn you eat corn.

[–] aurelar@lemmy.ml 1 points 2 hours ago

That's my guess. These people have no clue what they're doing.

[–] vacuumflower@lemmy.sdf.org 2 points 3 hours ago

But they do have a clue how laws work, and the element of fuzziness in who's guilty is a beneficial effect.

[–] Samsy@lemmy.ml 4 points 4 hours ago

That was a 5'19 kernel operating in my mouth, I swear.

[–] db2@lemmy.world 0 points 4 hours ago

Most of them are old enough to remember when politics was invented.

[–] Damage@feddit.it 4 points 2 hours ago

You just said it, it's a rule for operating systems, which means that whoever ships Linux as part of an operating system has the onus of implementing this.

If you do Linux from scratch, that would be you I guess.

[–] Aganim@lemmy.world 1 points 2 hours ago

Linux being a kernel is hardly relevant though. The law lies the responsibility at the "operating system providers", looking at the definition in the article that would be the developers/organisation behind the individual distributions. Politicians don't care if each distro comes up with their own solution or gets built-in to the kernel.

But personally I think they all just give this law the finger, put a 'not for use in California' in their licenses and forget about this brainfart.

[–] hamFoilHat@lemmy.world 10 points 4 hours ago

How old is my tomcat user? How about my various docker containers, are those separate OSes?

[–] osanna@lemmy.vg 1 points 2 hours ago

Sometimes newsom does some epic shit, but then we get shit like this, and I wonder whether I want to live on this planet any longer :/

[–] weaponG@lemmy.world 4 points 4 hours ago (1 children)

Linux from Scratch is a refuge. It would be greatly improved with a package manager.

[–] db2@lemmy.world 3 points 4 hours ago

When I did it I added rpm and apt (and alien). It was a clusterfuck. Good times.