TaggartMar 2

California's AB 1043 (Digital Age Assurance Act) is annoying, but nowhere near the danger of other age verification proposals. The requirement is for a signal of age/age bracket from OS to application. It is not verification as we usually define it.

You can make slippery slope arguments, but before you do, worth reading the stated arguments for/against the bill.

Also this bill has been law for some time now??? Goes into effect in 2027, but it became law in October 2025!

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Bill Text - AB-1043 Age verification signals: software applications and online services.

AB 1043 Age verification signals: software applications and online services.

Show threadGlyphMar 2
@mttaggart it hasn’t gone into effect yet, it happens jan 1 2027 I believe. I was also surprised that it actually passed already, but i agree with your assessment: it’s not *great* but it does avoid a ton of the more serious harm from other proposals, and arguably heads off the need for those other, worse things. the panic about it seems confused about what it actually does
Show threadTaggart
@glyph All I'm seeing is foot-in-the-door arguments. Also, FWIW, this thing is practically unenforceable outside of managed app stores. It's not like GitHub is going to check the age signal before cloning software, yet "covered application store" would include code forges.
Mar 2 at 6:34pmWeb
Show threadGlyphMar 2

@mttaggart the worries I'm seeing is that "linux is illegal now!!!" because of the "per affected child" penalty (but also a bunch of worries about AI and whatnot that are totally irrelevant here).

My own reading is that the "per affected child" thing is liability for online services *receiving* the signal, not for the OS vendors and certainly not per copy of the OS. Does that track with your understanding?

Show threadTaggartMar 2

@glyph Mmm, not quite. My reading of 1798.503. (a) is that both OS and app developers can violate the title in different ways.

The OS developer, if failing to create the signal/implement the API, could be found in violation. And the app developer, if failing to request/process the signal, could be in violation. The difference between negligent and intentional violation is interesting, but mostly for defense attorneys.

Show threadGlyphMar 2
@mttaggart Ah, good point. In that case I guess maybe some of the concern is warranted? It irks me that so much of it is tinged with this underlying assumption that nobody can ever regulate what a Linux distribution does because Linux must always be Free, though. Like maybe this law should be repealed but also vendors really *should* have some kind of capacity to at least respond to this sort of regulation, because *some* version of "your platform must have this API" is probably very good
Show threadGlyphMar 2
@mttaggart (by "this API" I do not mean age-verification, I mean literally any API to do anything)
Show threadTaggartMar 2

@glyph I haven't put this together yet, but my instinct is that the conceptual distance between something like this and GDPR is much smaller than most think.

Also not for nothing, but California has a vested interest in not completely destroying industries that are, ah, not for minors.

Show threadGlyphMar 2

@mttaggart yeah exactly.

I am trying to not let my opinions harden too much here until more experts have weighed in though. Maybe there are some unintended-side-effect bombs hiding in here that I haven't considered.