I kind of hijacked this from being about tech support. I should apologize for that. I am pretty passionate about this blatant overreach.
post by dominodoggy on Mar 23
post by majorian on Mar 23
No apology necessary. Anyone with two brain cells to rub together sees it for what it is.
post by aethrathe on Mar 23
Right now the big issue is they are putting the squeeze on manufacturers and anyone pushing the code. For open source that’s individual contributors being on the hook for these fines which will kill open source when the fines start coming compliance will happen. Devs need to be creative to comply and not leave themselves open. If os devs don’t get creative they will comply in a way that screws us leaving those of us that can write code to make alternatives available on the dark net. The question is will they comply fully or get creative to comply but work around it like I suggested? Next up will be forcing app devs to query the age verify api or face fines. I have some ideas for that for my own software I’m developing if and when that happens but isee one computer for work and compliance and another that’s not. The Chinese do this already.
post by Espionage724 on Mar 23
In an era of ease and convenience, I feel this would also prioritize Flatpak and non-traditional OSs (seems easy to have Flatpak/Flathub put age on a package manifest and then respective store frontends do the query)
post by aethrathe on Mar 24
Age is the start they want Id. The OS is the source of truth. Depending on language app devs may be able to simply attest it was verified yes or no. The PII is in the OS. So long as the app isn’t collecting other PII which most do you could theoretically comply and still maintain privacy.
post by jspaleta 5 days ago
Its not clear that anyone has to be that creative. Based on my reading, Linux based OSes could collectively choose to standardize on an API that Apple has chosen to impliment, and expose sufficient parental control UI as part of OS account creation and meet the intent of the laws. On linux, the API could be implemented as a unix socket or as a dbus call and be scoped to local host only.
Under my reading of the intent of the California and Colorado laws, what GNOME parental controls are so very close in terms of the exposed account creation-time controls. The API exposed in the existing parental controls are abstracted in a way that the laws don’t anticipate… being content based filtering instead of age based filtering.
I choose to believe the laws are written that way primarily because they people drafting the laws didnt know about the content based filtering based OARS labels that GNOME implements, and the drafters didn’t factor that system into the technical requirements laguage. The age buckets as signal are the naive, easier thing to describe to a layperson and so that’s what the law encodes as a requirement.
But the GNOME parental controls have the pieces to address the intent.
Account time creation parental controls that designate an account as age bucket constrained…exists
An API signal applications could query exists that encodes parental control intent..exists
its just that those pieces don’t satisfy the specific requirements about what the signal is in the legislation.
So now its a matter of hopefully, just adopting a standard API, probably the Apple API, so that all Linux OSes can expose a standard parental controls that meets legislated expectations. Its not about being clever, this is a standardization process with legislation as a forcing function.
post by aethrathe 5 days ago
You have to comply with how the laws are written not interpreted intent. I hear what you’re saying and it’s logical. The problem isee is this is the precursor to ID verification and its intent is not parental controls at all. It’s intent is to attach identity to everything a person does and all their content.
post by jspaleta 5 days ago
Let’s agree to disagree with regard to intent.
However.. ive read the associated analysis of the California bill that reads directly on legislative intent:
quoting he Cali Senate Judiciary Committee analysis : file:///home/jspaleta/Downloads/202520260AB1043_Senate%20Judiciary.pdf
“This bill imposes obligations on covered manufacturers to communicate certain
information to developers, including age bracket information, and to obtain parental
consent before allowing the download of apps for certain users.”
There is similar analysis from the Assembly Judiciary Committee. Both the documents make it a point to state parental consent in the form of parental controls as part of account creation as part of the stated intention.
The terms of use in the California law are not as precise as one would hope. But in the scope of the Senate Judiciary analysis.. uses a lot a words to talk about the intent to have the law ensure adult/parental consent as manifested at account creation time in the form of standardized parental controls.
post by aethrathe 5 days ago
CA currently reads more like parental control with self attestation. CA is not the only sandbox. Self attestation is banned in Brazil. Same for new York its left to the AG. Colorado is tbd moving through the legislature.
post by Espionage724 4 days ago
Apparently systemd implemented something? Someone Forked Systemd to Strip Out Its Age Verification Support
Why is an init voluntarily doing age verification when they aren’t an OS 
or an app store?
post by lendenu 4 days ago
I don’t want to annoy anybody here but please tell me why a nonsense “law” in some american State forces me, living on a different continent, to have “age verification” mandatory on my “linux” system. There are more than 8 billion people living on Earth, 750 million in Europe and only 350 million in the USA.
I would expect an option in the installer asking “where do you live?” and skip the “age verification” thingy anywhere but the USA.
post by computersavvy 4 days ago
Even better. Disable all linux updates and installations to those areas that have those laws current or pending. Public outcry would influence the legislation.
Many locations have governmental systems running linux and it would drive influence from those systems as well.
post by dominodoggy 4 days ago
It doesn’t force you to do anything. It “compels” your “operating system provider” to put this nonsense in.
I have absolutely zero intention or plans to comply with this nonsense. I have absolutely every intention to circumvent, mitigate, or otherwise nullify this obvious control scheme at every corner.
I will disable updates. I will mask userdb. I will pin systemd to a known non-compliant version as well as xdg-desktop-portal. If it gets too bad I’ll say goodbye to Fedora and learn my way around a noncompliant-by-choice distro. I love Fedora and I love RHEL, but I’m not complying with age verification.
That may get me a ban for saying I will disobey laws. That’s fine too. Y’all know where I stand here.
EDIT: Let’s make this clear - if ALL this was, was a “birthday field in userdb” no big deal right? If that’s all it was and all it ever will be, I’d have installed it already and gotten on with my life.
post by Espionage724 3 days ago
Has Microsoft or Apple did anything public yet?
Not sure how Windows could do it for win32 apps, but apparently it’s done MS Account-side.
LTSC and Enterprise editions don’t have Store nor enforce MS account sign-ins, so it almost sounds like Windows could be the least invasive about the approach (if age is only associated with MS accounts, win32 apps can’t require it; or I guess responsible apps not from MS Store shouldn’t try to 
)
If systemd already implemented something, is there a need for anything else?
I’d clobber together a Windows 7 UEFI Class 3 set-up sooner than not trusting OS updates, let alone having to maintain a list of settings to tame perceived-hostile settings.
I can OS-hop on a whim so it’s interesting to see what solutions OSs are coming up with for age verification. Since systemd has something and mainstream Linux uses that, I’d rather distros stop there.
Not sure what API/hookups would look like, but I’d prefer Workstation using systemd’s age system at a lower-level vs Workstation having a higher-level OS-specific age system (alongside systemd’s) that’s likely tailored for Atomics/other DEs/Flatpaks.
post by aethrathe 3 days ago
My speculative guess is Microsoft will lock down the ecosystem to the Windows Store like iOS did and android following suite in September. They’re already pushing the store hard, requiring a Microsoft account at install. Probably a matter of time before the override on that disappears. If they go that route once everything else is in place Enterprise can follow suit. Their AI integration is already invasive in windows 11 and rumored integration in 12 inescapable. Linux is picking up more windows converts from this and manufacturers offering it on new sales to protect their bottom line. The data exfiltration is real and creates headaches on workstations and android alike as we’ve seen partnerships crumble like with Samsung. Linux is always going to be the top choice for privacy and security.
post by Espionage724 3 days ago
I doubt Enterprise or LTSC would have Store enforcement anytime soon (W10’s LTSC is good till 2032, vNext has 29531 next LTSC now), and with different regions having different installer images, it’d probably be easy to download another region’s and language switch (MS account can’t be enforced everywhere)
post by jspaleta 3 days ago
The best place to start when reading up on Apple’s approach:
Apple has API specifications out that has elements that are implemented on the OS side and application SDK that reads to me as meeting the requirements in the Cali law and possibly other regional laws. And having reviewed the Apple specification documentation, I expect that it can be adapted in the linux space with minimal impact on privacy.
The Apple implementation actually has a place for flatpak portal-like permissions. Part of the Apple implmentation is a permission field that lets applications ask the OS for age bucket information. This to me reads like a hook point for flatpak permission portal that could be implemented to make sure the system administrator keeps control over which applications are allowed to ask for age information and not just an API that every single application gets to use.. the system administrator gets a say via that permission boolean as to which applications get to ask for age bucket information.
post by karga 3 days ago
post by aethrathe 3 days ago
I hear you and your response makes sense. I see this as a global issue when I look at everything together. I guess I’m more pessimistic on where I see this is all going.
post by dominodoggy 3 days ago
Karga said an uh-oh word. They asked why devs rush to comply at the first opportunity?
From what I understand, they do that because they are eager to impress Google, Meta, government, someone somewhere who is watching. To pad that resume. Look what I did to Linux. This is the sellout generation. Hey I just call it like I see it.