I mean yea. If you don’t make a good faith effort to implement this age attestation page and api to allow apps to pull from it. Then yes. You would be liable.

You could of course decide to not provide to residents of California and Colorado. No one is forcing you to provide for either of these states.

There is not requirement in the bill to prevent users in specific age brackets from accessing certain content or applications.

It simply defines that a method for age attestation (not verification) must exist and that the age bracket data be made available to apps and appstores.

The people who decide what age brackets can access would be the appstores and the developers.

I will concede that using the word “controls” for the OS provider could be misunderstood. What I would assume is that they are meaning control as in the person/entity that provides updates for the system. Ie, MS, Apple, Linux Foundation, Canonical, etc.

… That is literally what this law does.

When a parent creates the account for their child they specify the age. If the parent decides to lie or circumvent the system and it affects their child then they would be fined.

Just to be clear the law itself says absolutely nothing about actually verifying the age.

I haven’t seen any devs in the linux space actually write about a real solution but my guess is likely not. Since the law specifies that users are “children”.

Are they? The law effectively only applies penalties to the parents. If you have not ready the law I highly recommend it. It is very short and says nothing about actually verifying the age of the user. It is equivalent of entering your age on steam or the “are you 18+” questions.

I think people are down voting you since they actually have not read the law themselves and don’t realize that the law itself says nothing about actually verifying that the age is correct. It is no more than what you said, like steam asking your birthdate before you look at certain games in the store.

The point of it is actually the exact opposite. With this law the parent would set the age of their child. And if they decide to lie and their child is affected then they could be fined.

The other thing it does is if a platform decides to ignore the age range of a user and it affects a child then they could be fined. But as long as they do best effort then it really only affects the parents.

It also prevent platforms from requesting additional ID verification unless they have confidence that the age bracket of that user is incorrect.

I mean you can. They only get fined for children affected by violations of the law. Soooo…

The point isn’t to verify your age the point is to have the account holder (the parent) attest to the age of the user (their child). If the parent lies and it negatively impacts the child then the parent can be fined.

It also penalizes apps that see the user’s age is in a lower bracket and still shows them sensitive content.

There is a huge fascist issue everywhere in the US. SV is not special in that respect.

Thanks for putting this here. Kinda getting sick of people that only read the headlines or have only seen the Lunduke journal video that has so many clear inaccuracies.

The laws aren’t perfect but they do have some nice protections for the users as you mention.

The only thing that I think is missing is that developers are restricted from collecting additional information but the OS providers are not, at least as far as I understand from reading the California law. At the very least, they still have the restriction on using the information in other places or sending it to third parties.

I posted this in another thread but I’ll repeat it here. I think it is shortsighted that some linux distros are taking the kneejerk reaction of leaving/banning California residents. We need to band together and figure out a solution.

I mean sure, if you ignore the 2 words just before what you quoted.

“distributes and facilitates the download of applications from third-party developers”.

I don’t know that I would consider curl as “distributing” software. But as always it depends on how the court interprets it.

Full section for context:

(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

(2) “Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.

I can sympathize with parents that don’t have time or don’t know that the tools exist. But this law (in theory) isn’t affected by that.

The screen is displayed to the parent on account setup so they don’t need to know it is there because it will be right in front of them.

Screen limits are not required by this law at all and are not even mentioned. This is just to keep children from accessing aps that says they are not for children. Ie. Facebook asks the users age range (<16 in this example). Then blocks the user since they are not 16+. Not sure why a child would need FB for school work so they should not be affected.

There is no clause requiring or providing an approval from parents. So if there is then that is the OS’s fault.

I theory the parents don’t need to setup controls per app because it is FB deciding what age brackets are allowed. And if they include the kids one and the child gets hurt online then FB would be liable. Not the parent.

I’m sorry that you have to deal with that. IDs should be as easy as reasonable to get. (fucking SAVE act).

You are right, this could be used as a stepping stone towards gathering IDs and the deanonymization of the internet. We (Cali residents) need to make sure that we contact our reps and are heard. Voice our concerns with this law in its current form and that we will be up in arms if they go any closer towards ID verification being required.

It depends on how the system is implemented. It is entirely possible that MS will implement it with ID verification or face scans, since the law does not forbid them from doing that. But that is why the open source community/linux foundation need to make sure that we put forward a reasonable solution rather than just “forcing” users in Cali to go back to using windows.

Just to reiterate I do not think this law is good and I would get rid of it in an instant but…

I don’t really see this as a law to protect children. I see this as a law that focuses on the parents. The parents become liable under this law if they circumvent the system and their child is hurt. If developers decide to flaunt this law and ignore the signals then they would be liable.

So if you don’t have children this law should effectively not affect you other than you might need to choose which age bracket you are in. Which sounds like such a small price to pay for making parents take responsibility over their children on the internet.

I’d love for you to go into more detail on how this is surveillance since that seems to be your main concern.

The law does not require providing IDs or face scans or any other identifiable information. There are clauses in the law limiting where the data gets sent to and that if data does need to be sent then it is the minimum that is necessary.

The law only requires that an account holder “indicate[s] the birth date, age, or both, of the user of that device”. Outside of the abstract the law not once mentions any type of verification that must happen.

Also it’s a California law. It doesn’t affect anyone outside of Cali so if you are affected take it up with your os provider or fork your distro.

I have seen this comment a lot and find it really funny.

I really hope you are just being pedantic and are not running all your systems as root only.

Users in linux are meant to limit what you are allowed to do for a reason.

The law only specifies “computer, mobile device, or any other general purpose computing device.”

Which is extremely vague. It appears that the intention was to just affect end user devices. Not specific purpose systems.

Can you add a link to the actual text of the bill to the post?

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Might help people to actually be able to read it, and it is a very short read (<15 minutes).

Just want to clarify that nowhere in the actual law does it require verifying the age of the user. It does not require IDs or face scans.

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Please read it. It is a very short law <15 minute read tbh.

The law does exactly what you ask for. Parents setup the device and put their child’s age. If they lie or circumvent the system then the parents get fined if their child is affected by content on the internet.

I’m not sure exactly why people keep bringing up privacy concerns here. The law does not require collecting IDs or face scans. It requires os providers to add a screen where the account holder specifies the age or DOB of the user. The OS is not allowed to send that information to 3rd parties unless it is required by the law. And when they do need to send it, they are required to send the minimum information (just the age range, not even the DOB).

This law actually does more to penalize the parents that give their children free access to the internet. If the parent circumvents or enters the wrong age then they are penalized.

In addition it also forbids developers from asking for more verification data unless they are confident that your age range is incorrect. Which stops developers, for instance Discord, from requesting IDs without reason.

I do not think this law is written well at all. But I also would not mind more structure to how age attestations are done.

I’m sure many parents are capable of monitoring their children online. They either just don’t care or don’t think they should have to.