this post was submitted on 02 Mar 2026
487 points (97.8% liked)

Technology

82087 readers
4672 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
487
California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup (www.tomshardware.com)
submitted 22 hours ago by Amoxtli@thelemmy.club to c/technology@lemmy.world
203 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pulsewidth@lemmy.world 20 points 18 hours ago* (last edited 18 hours ago) (4 children)

Many people here are going off on wild tangents over this. You should just read the law, it's only a couple thousand words of quite plain English.

Many here have taken completely incorrect assumptions from the title. This law is for developers, not users.

Summary:

  1. Requires OS devs ask for DOB, age, or both at account creation time.
  2. Requires an API that allows app store devs to request this age data for the account. At minimum this API must signal that the account is a member of one of these categories: 'user under 13, user over 13 and under 16, user is over 16 and under 18, user is over 18'.
  3. Explicitly bars OS devs from sending more data than explicitly necessary to meet 1 (hint: photo ID, facial recognition).
  4. Explicitly bars app devs recieving the data from requesting more data from the OS nor the App store.
  5. Bars app stores from using the data for any other reason and specifically calls out anticompetitive practices.
  6. Bars app store and OS devs from sharing this data with any third party for any other reason than to comply with this law.
  7. Has injunctions and civil penalties of $2500 (max per user) affected by negligent violations (eg a child account is served adult content), and $7500 (max per user) affected by intentional violations.

The only problem I have with this is that it should only apply to commercial software (app stores and OS). Libre/FOS software should not have to police ages on their app stores, due to their far reduced budgets (often zero), developer time, and the nature of the software being generally anti-centralized and anti-surveillance-capitalism. Though I'd be fine with it for FOSS software distributed via commercial app stores, as long as they gave a longer lead time to implement (EG a couple of years).

[–] rumba@lemmy.zip 4 points 9 hours ago (1 children)

It says that OS developers must track users or be fined, so they will track users.

Explicitly bars OS devs from sending more data than explicitly necessary to meet 1

The statute does not define:

What counts as "minimum"

How necessity is measured

Whether "minimum" refers to data fields, granularity, frequency, or retention

Whether metadata (e.g., device ID, timestamp, API call logs) is included or excluded

This legislature calls App Providers and developers to track people and barely even gives lipservice to what is allowed.

We don't want our OS's tied to our identities. This does not explicitly forbid that

[–] pulsewidth@lemmy.world 2 points 9 hours ago (1 children)

Read the law (its barely 1000 words) because your claims are not substantiated by it.

[–] rumba@lemmy.zip 2 points 8 hours ago (1 children)

I already read it. That's how i came up with what I wrote man.

You go re-read it and tell me

What counts as “minimum”

How necessity is measured

Whether “minimum” refers to data fields, granularity, frequency, or retention

They don't cover shit about ANY of that.

[–] pulsewidth@lemmy.world 1 points 1 hour ago* (last edited 1 hour ago)

It literally explains the minimum as asking the user for their age, DOB, or both. It then says delopers may not ask for more than the minimum data.

Further, the law states that if a developer intentionally breaches any part of the law (which would include the requirements) there is a $7500 fine per impacted user, and injunctions. Accidental breaches are $2500 per user, and injuctions. These are very high penalties in context - someone like Microsoft would be on the hook for trillions, and as such, corpos will not be rushing to play fools and test the law by asking more than the bare minimum.

If this is confusing then please seek out one of the many legal blogs/videos covering it by lawyers because I can't break it down further than I already have.

[–] recked_wralph@lemmy.world 12 points 13 hours ago (1 children)

Im not sure I understand your point about this law being for developers not users.

The fines may only be applied to operating system developers for failing to implement these systems… but having those systems at all still drastically impacts end users in a negative way.

[–] pulsewidth@lemmy.world 1 points 9 hours ago* (last edited 9 hours ago) (1 children)

Many users below are going off on rants about the police state fining them as end-users for user breeches (which is not any part of this law).

In addition, putting my age as 'over 18' in a box when i set up a login affects me in any way other than 'drastically'.

Eg: greenahimada with 51 upvotes 2 down.

For everyone trying to figure out how this would be enforced, it's not about being proactively enforced. (and data collection is 99% of it)

(Untrue)

It's about adding a double-tap "Well, these people also violated our age verification law, so they have to pay a fine," added to any incident where it's convenient to add this in. If a minor sends another minor a snap that would trigger CP laws, and one of the phones isn't age verified correctly, fine to the parents and hands up in the air "We tried!" A minor is involved in torrenting movies? "Look, kids using illegal OS! Fine to the parents!"

(Untrue)

This is how laws work across a lot of corrupt developing countries.

(.. Rant continues).

[–] recked_wralph@lemmy.world 1 points 41 minutes ago

It isn’t mandating you affirm you’re older than 18. It’s asking explicitly for your age or your birthday.

While the API then would take that data to transmit your age bracket to other systems.

This might not be drastically burdensome on an individual workstation, I’ll stand corrected on that. And it’s not disclosing your actual birthdate to anyone either (though I still feel like it should be my choice whether or not to store that information on my personal device).

In either case, we started with this “affirm your age” kind of law on various kinds of restricted websites (pornography and alcohol) and it’s easy to just lie. So now that is now morphing into more invasive age verification strategies.

I view this law as easily circumvented theater that has the aside effect of being a slippery slope toward more aggressive anti-privacy systems in the future.

[–] Railcar8095@lemmy.world 46 points 17 hours ago (1 children)

The only problem have with this is that it should only apply to commercial software (app stores and 0S). Libre/FOS software should not have to police ages on their app stores,

It's a bit like saying the only problem with the Titanic is the water inside.

The law is bad, whether it can be worse or not is just tangential. But still, this law as is applies to computers, phones... And nas, some routers, watches, advance calculators... As they all have OS and can install apps. As per app stores, guess what, thats the GNOME app store, but also flatpak, jellyfin (can install apps as plugins), pip, docker, git... And what about plain executables? Githut should ask for your age too to download artifacts?

Porn started with only age verification by the user as a prompt, and we see where that is going now.

[–] pulsewidth@lemmy.world 1 points 9 hours ago (1 children)

Just read the law. It is barely 1000 words.

But still, this law as is applies to computers, phones... And nas, some routers, watches, advance calculators... As they all have OS and can install apps.

No. It specifically only applies to general purpose computing devices which means all of the items you listed after computers and phones are not affected. Can you hook up a monitor to your NAS without involving a soldering board and some additional hardware? Your router? Then it's not general purpose computing. They both require additional computers to interface with them to be used. 'General purpose computing device' has been referred in prior legal documents to mean:

"means any general purpose computing device (e.g. server product, personal computer, desktop, laptop, netbook, slate or tablet), including any device that is designed as, marketed as, or capable (through docking or otherwise) of performing the functions of, such general purpose computing devices, and any replacement for any of the foregoing."

(c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

You then go on to complain about it affecting FOSS stores? That's exactly my complaint. Who are you convincing here?

Jellyfin, Docker, git??

(2) “Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.

No.

[–] Railcar8095@lemmy.world 1 points 9 hours ago

'General purpose computing device' has been referred in prior legal documents to mean: "means any general purpose computing device

Great, general computing device means general computing device. Brilliant.

Then you come with the requirement of a monitor.... Why? That's not on the definition. And isn't a router a server product? Servers generally don't need a monitor

Docker or git are not distributing extensions, and on Linux docker doesn't run on a separate host application, unless you bend the meaning of containers to the point of nonsense. I'm curious about the reasoning for git.

From what you said, only jellifin is excluded in my example.

I'm not trying to convince anybody, just explain the current and potential future issues.

[–] Renat@szmer.info 7 points 16 hours ago* (last edited 16 hours ago) (1 children)

Does that mean if minor need to use computer to write essay as homework in Libre Office they couldn't, cause age verification?

[–] kkj@lemmy.dbzer0.com 3 points 12 hours ago (1 children)

No, because LibreOffice would accept the under-13 age category.

[–] Aceticon@lemmy.dbzer0.com 0 points 11 hours ago (1 children)

LibreOffice can be used to produce and consume Pornographic Content in the form of of erotic stories, so it makes sense (within the "logic" of this law) that it's age-gated.

[–] kkj@lemmy.dbzer0.com 1 points 10 hours ago (1 children)

It cannot serve such content (or any content, for that matter). You have to either get the content (from an app that would have an age gate, such as a Web browser) or make it yourself. The law is about serving content, not about making or viewing it.

[–] Aceticon@lemmy.dbzer0.com 1 points 9 hours ago

Ok, that does make sense.