I read some of the Ubuntu thread about potential implementations and it sure made me pine for some rose tinted good old days when AccountsServices, xdg-portals, dbus, systemd-login, et al. weren’t things one had to know or care about. Everything seems so complicated these days.
Age verification is simple! A Kelvar strap must be attached to the user before the device will power up. A probe in the strap takes a drop of blood from the user and analyzes the protein markers to determine the user's age. (See the Stanford U. study for details.)
Surprised G. Orwell or A. Huxley didn't think of it first.
Not enough, the user may get someone else to wear the strap for them. The only solution is Neuralink(tm) with a built in secure element and DRM to ensure that content is delivered directly from the source to the age verified user’s brain, without any so called “analog hole” through which minors or non-paying users could view the content.
I... Kinda think this will work out ok? Hear me out: Linux is open source. Someone's gonna make an application/kernelmodule that lets you configure your reported age on a application/website basis.
In some jurisdictions it's illegal to target kids with advertisement, and I believe also to track them? Reporting your age as 8-12 is gonna be the new, but actually functional "no tracking" header.
For what it's worth, the California law, though definitely a result of Meta-funded lobbying, is fairly explicitly anti-tracking: it requires that the OS accept whatever the user enters for their age, and that it tells apps the user's age bracket (under 13, 13-16, 16-18, 18+) and nothing else, and that apps use that and only that for any kind of age-related functionality.
That last part actively pre-empts apps from any of the ID collection/biometrics stuff like Discord's been trying to pull, though don't ask me how that's supposed to work when it conflicts with other state laws that want to mandate collecting ID info.
This seems to be a shorter list than the one collected by Ageless Linux (https://agelesslinux.org/distros.html), although the GH issues seem to have the status of some additional distros.
Yeah, that's the basic idea. Any app can ask the OS what the age (or perhaps age bracket) of the user. Then the app can decide what "age-appropriate" thing to show.
Who decides what's age-appropriate? Is it the parents? Nope. Is it the business? Yup!
I have no doubt that systemd will implement a place to store political party membership, religion, LGBT status, veteran or draft status, or ethnic group membership if a handful of governments start to require that information.
Can anyone tell me exactly what these laws do? Is it just going to ask for a birthday when I run `adduser`?
What's the point? Is it meant for one admin account to restrict other user accounts?
What I got out of it was that an os has to provide an interface to applications so that if they make an age request(note that the law says nothing about when or what applications will make a age request) the os can provide something. and it has to provide an interface for the user to enter the information.
So when we map this requirement onto the mechanism of how the os provides information to applications. and how users set up the system. I have come to the conclusion that compliance on a unix-like platforms is as simple as
echo ${AGE_CATEGORY} > ~/.config/ca_ab_1043
Then the program can get the age category anytime it wants to. the user is able to put this information in at account setup just like the law asks using an accessible interface, the same interface everything else on a unix-like platform uses, the shell.
You’d need some script that updates the age category based on the user’s provided birthday (which is not shared with the applications) but otherwise yeah
The brackets are a few years wide, so it could take a bit of waiting. But yeah I’d consider setting a slightly different day/month for a child if I was paranoid.
I guess you could also make the bracket selectable instead of requiring the age
I believe the California law (which has passed) requires operating systems to collect the DoB or Age of the user when setting up a user account, and then expose an API that shares the users age range (not their actual age or birthdate) when requested by an application.
It does not require the OS to actually verify the age, collect government IDs, or any other data.
The intention, I think, is to put the responsibility for communicating the users age on the OS, instead of having each application or service do their own age verification (by scanning IDs, requesting user data, etc). Since it’s set on the machine, a parent can set it once for their kid when setting up the device.
Or I guess the kid can set it if they're smart enough to reinstall the OS or spawn a VM. I'm sure there will be online resources to help them that kids know how to share
Yeah if you have admin access to your device and know what you’re doing it’s basically a non-issue. I’m guessing a savvy high schooler can change their age bracket easily.
If you want to give a young child a laptop or computer though, it maybe helps keep them away from objectionable content.
The California law says nothing about verification or immutability, what if someone made a mistake when putting in their age? Why do we need to hide it? Better to just let the user change this at will.
Yeah the most likely thing (for the California law, at least) is that compliant OS's expose a form at account creation where you input a birthdate or age, and have either a CLI/file/setting where you can change the birthdate or age with admin permissions. No verification is needed
In the original article there are some blue underlined words. “California” is one of them. If you click it, you will get a nifty video answer to your question.
Depends on the law. Some of them say that the age range must be provided to all applications through an API, and all apps and “app stores” must filter content based on this value. Others say that this isn’t enough and you actually have to verify the age based on some commercial scheme like CC or ID verification. Some say you have to send the age to websites. Many of these laws seem to be in direct conflict about what is allowed and not allowed.
In all cases, at least in the US, these laws violate the first amendment (as code is a form of speech), and freedom respecting users and devs need to resist them until they can be defeated in court.
Honestly the laws don’t consider open source operating systems at all. They’re meant for the overwhelming majority who are using commercial operating systems. They imagine something like android or iOS or windows where yeah they ask the question during user creation and then handle the age gating in their app stores, anything outside that model isn’t something they’re going to spend any time thinking about, because why would they?
The short answer is that a lot of states now require KYC by service providers under the guise of adult content prohibition, "protecting the children", or mass surveillance. So the service providers like Facebook are trying to foist off the responsibility to the operating system. The pesky details of storing and managing PII becomes Somebody Else's Problem, and if the operating system implements an easily bypassed KYC e.g. a simple check box and then the kid get radicalized or get exposed to problematic content, the service provider can just shrug and point the finger at the OS. In other words it shifts the responsibility to the lowest level instead of the platform companies.
You can frame it nefariously, but honestly, it just makes way more sense to me. I want as little of my personal info as possible in the hands of random services, and that includes the stuff needed for KYC checks.
Are there any other comparable options? Seems like every distro i’ve tried before this wanted to be windows or macos, and didn’t succeed at being either. I like it for not trying to be them.
That said, every time I peek under the hood (or into the omarchy git repo) i get pretty worried the whole thing seems glued together with a bunch of vibe-coded scripts
Surprised G. Orwell or A. Huxley didn't think of it first.
In some jurisdictions it's illegal to target kids with advertisement, and I believe also to track them? Reporting your age as 8-12 is gonna be the new, but actually functional "no tracking" header.
That last part actively pre-empts apps from any of the ID collection/biometrics stuff like Discord's been trying to pull, though don't ask me how that's supposed to work when it conflicts with other state laws that want to mandate collecting ID info.
Or the user can compile a version that predates "age verification"
I prefer a satirical 'ShouldItAgeVerify' page that points the ridiculousness of shoving verification at unexpected places.
Law doesn't work like this.
This is not law, this is impersonating God, or a bad prompt to LLM I guess.
See also https://github.com/AntiSurv/oss-anti-surveillance for a project to patch out any future age verification code.
Who decides what's age-appropriate? Is it the parents? Nope. Is it the business? Yup!
https://news.ycombinator.com/item?id=47436240
I mean, why wouldn't they?
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml...
What I got out of it was that an os has to provide an interface to applications so that if they make an age request(note that the law says nothing about when or what applications will make a age request) the os can provide something. and it has to provide an interface for the user to enter the information.
So when we map this requirement onto the mechanism of how the os provides information to applications. and how users set up the system. I have come to the conclusion that compliance on a unix-like platforms is as simple as
echo ${AGE_CATEGORY} > ~/.config/ca_ab_1043
Then the program can get the age category anytime it wants to. the user is able to put this information in at account setup just like the law asks using an accessible interface, the same interface everything else on a unix-like platform uses, the shell.
I guess you could also make the bracket selectable instead of requiring the age
There are millions of people moving between the proposed age brackets every day. This is a DoB-gifting firehose to ad tech.
It does not require the OS to actually verify the age, collect government IDs, or any other data.
The intention, I think, is to put the responsibility for communicating the users age on the OS, instead of having each application or service do their own age verification (by scanning IDs, requesting user data, etc). Since it’s set on the machine, a parent can set it once for their kid when setting up the device.
If you want to give a young child a laptop or computer though, it maybe helps keep them away from objectionable content.
In all cases, at least in the US, these laws violate the first amendment (as code is a form of speech), and freedom respecting users and devs need to resist them until they can be defeated in court.
I love omarchy, but manchild/edgelord behaviour from the lead doesn’t exactly instill confidence.
That said, every time I peek under the hood (or into the omarchy git repo) i get pretty worried the whole thing seems glued together with a bunch of vibe-coded scripts