- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
AB-1043 “Age verification signals: software applications and online services.”
Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.
Yeah it’s so good damn vague, you can say a simple checkbox of “I am above the age of majority” would suffice, or a full actual ID check whenever you make an account at Microsoft.
I think Linux distros will have to either make a check/declaration on their website or just block IP addresses from California.
I don’t know how far this will go, or if it means anything different by the start of 2026, when make laws here go into effect.
Yeah reading through the bill I’m feeling better about it.
Where an “Account Holder” is:
The way I read this, this bill actually assumes the person installing it is over 18 and an adult. (Let’s not argue with them on that). It’s simply saying that "You need to provide a way to create child accounts, and your app stores will need to respect that).
What I do not see is that OS’s must validate IDs or anything.
“Mom or dad need to set the age bracket for junior so that apps rated NSFW can’t be downloaded”
Honestly, rereading it, this is how I would do age protection if I were to do it. Rereading this multiple times now, this might be the most privacy safe way to validate age, shut up lawmakers who cry “what about teh children!!!” and let us adults move on in peace.
You buy jr a laptop, it’ll ask on account creation how old they are. That’ll be a flag they can’t modify that will be passed into browsers and app stores. That will prevent children from accessing content they can’t. Adults then continue on. Jr grows up and either buys his own device, or mom and dad swap their account to adult.
I’ve always felt like the whole age verification thing was simply a failure of the OS. Yes, kids could potentially setup their own device, but most likely it is being setup by a parent. The parent should be able to create a the admin account, then an account for the child flag as a child account. The browser and any apps could then read that flag and act appropriately.
It seems like a simple solution that would be rather easy to implement for any multi-user OS. For single user OSs like Android and iOS, they have user accounts to fall back on that can work exactly the same.
This puts the control in the parents hands, and responsibility too.
Pretty sure this is what the PS3 did at least in affect. You could flag a profile for child use and it’d block games with certain ratings based off the settings, then you could just password the adult accounts. Good way to stop little Timmy from playing GTA at least, hell I think you could also put in exclusions so if you wanted to allow an specific game it wouldn’t be blocked.
I like it for that reason too. If you’re so worried about the children, then you can check a box that says this is a minor’s account. If a parent can’t be bothered with that then it’s on them, and should be on them.
This seems way less insane than the ‘let’s model online age verification on pubs’ laws we’ve seen in places like the UK and France.
That actually doesn’t sound bad.
If I understand this correctly, its not about adding ID requirements. Its just about adding the functionality to every part of the software stack to go “oh, this is a kid, let’s not show them ads for adult apps or new stories about mass murder” etc etc.
Less of a “papers, please” check, more of a robust “you must be this tall to ride” check.
Exactly, which is how I and many privacy respecting groups have been begging for it. We know the ultimate issue, they want nsfw off the internet. This shuts down the whole “it’s for the children” bs without us needing to give away who we are at all. This is the most sane way to age gate. , and they won’t be able to hide behind that excuse anymore.
Except because it’s in bad faith this won’t work they’ll demand it could be made stricter and use its existence as precident that we should obey them
Hopefully you’re right, and the law doesn’t allow for an expansion of this to include “just give google your id bro”.
You can read it, it’s in your link. From what I read it explicitly says they cannot gather more info than they need.
Oh I know, but I’m hoping that Google can’t find another law that enables it. They have money for good lawyers for these things.
Google could do it right now if they wanted to. It’s not against the law to require your customers to provide PII to use services. It just opens them to bad press, liability for mishandling the data, and potentially liability for knowing a user is a minor and showing them mature content anyway.