- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
AB-1043 “Age verification signals: software applications and online services.”
Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.
Interesting, it’s vague, and obviously going to go through legal hurdles. Windows, Google, and Apple will just do it. Ubuntu might, but what about Debian, or any number of server OS’s? Will users need to verify their age logging into a server? What about forks? Forks of forks? OSes developed outside of the US?
Where this could be an opportunity, and hear me out, is that this could pave the way for privacy-friendly age checks to shut them up about “what about the children”. The bill says that all it needs to check is age - nothing else. If the OSS community can come up with a way to privacy-friendly validate age, then this whole thing could be solved. Websites wouldn’t need to store IDs, they could ask the browser who would check the OS. In fact, that might be the purpose of this bill, to curb all the “Just collect their IDs” with the websites. If the OS had a check stored securely that you’re over 18 and nothing else, then all other age checks could be cut.
Also interestingly, it reads like they might be angling against Microsoft and Google for collecting private information on minors because “We didn’t know they were minors, how could we?”.
I don’t like it one bit and it’s going to be completely unenforceable - and OSes like Arch will say “You can’t use this in California”, but if that’s the angle they’re trying to do, it might work.
Yeah it’s so good damn vague, you can say a simple checkbox of “I am above the age of majority” would suffice, or a full actual ID check whenever you make an account at Microsoft.
I think Linux distros will have to either make a check/declaration on their website or just block IP addresses from California.
I don’t know how far this will go, or if it means anything different by the start of 2026, when make laws here go into effect.
Yeah reading through the bill I’m feeling better about it.
Where an “Account Holder” is:
The way I read this, this bill actually assumes the person installing it is over 18 and an adult. (Let’s not argue with them on that). It’s simply saying that "You need to provide a way to create child accounts, and your app stores will need to respect that).
What I do not see is that OS’s must validate IDs or anything.
“Mom or dad need to set the age bracket for junior so that apps rated NSFW can’t be downloaded”
Honestly, rereading it, this is how I would do age protection if I were to do it. Rereading this multiple times now, this might be the most privacy safe way to validate age, shut up lawmakers who cry “what about teh children!!!” and let us adults move on in peace.
You buy jr a laptop, it’ll ask on account creation how old they are. That’ll be a flag they can’t modify that will be passed into browsers and app stores. That will prevent children from accessing content they can’t. Adults then continue on. Jr grows up and either buys his own device, or mom and dad swap their account to adult.
I’ve always felt like the whole age verification thing was simply a failure of the OS. Yes, kids could potentially setup their own device, but most likely it is being setup by a parent. The parent should be able to create a the admin account, then an account for the child flag as a child account. The browser and any apps could then read that flag and act appropriately.
It seems like a simple solution that would be rather easy to implement for any multi-user OS. For single user OSs like Android and iOS, they have user accounts to fall back on that can work exactly the same.
This puts the control in the parents hands, and responsibility too.
Pretty sure this is what the PS3 did at least in affect. You could flag a profile for child use and it’d block games with certain ratings based off the settings, then you could just password the adult accounts. Good way to stop little Timmy from playing GTA at least, hell I think you could also put in exclusions so if you wanted to allow an specific game it wouldn’t be blocked.
I like it for that reason too. If you’re so worried about the children, then you can check a box that says this is a minor’s account. If a parent can’t be bothered with that then it’s on them, and should be on them.
This seems way less insane than the ‘let’s model online age verification on pubs’ laws we’ve seen in places like the UK and France.
That actually doesn’t sound bad.
If I understand this correctly, its not about adding ID requirements. Its just about adding the functionality to every part of the software stack to go “oh, this is a kid, let’s not show them ads for adult apps or new stories about mass murder” etc etc.
Less of a “papers, please” check, more of a robust “you must be this tall to ride” check.
Exactly, which is how I and many privacy respecting groups have been begging for it. We know the ultimate issue, they want nsfw off the internet. This shuts down the whole “it’s for the children” bs without us needing to give away who we are at all. This is the most sane way to age gate. , and they won’t be able to hide behind that excuse anymore.
Except because it’s in bad faith this won’t work they’ll demand it could be made stricter and use its existence as precident that we should obey them
Hopefully you’re right, and the law doesn’t allow for an expansion of this to include “just give google your id bro”.
You can read it, it’s in your link. From what I read it explicitly says they cannot gather more info than they need.
Oh I know, but I’m hoping that Google can’t find another law that enables it. They have money for good lawyers for these things.
Google could do it right now if they wanted to. It’s not against the law to require your customers to provide PII to use services. It just opens them to bad press, liability for mishandling the data, and potentially liability for knowing a user is a minor and showing them mature content anyway.
deleted by creator