Mastodawn

California's AB 1043 (Digital Age Assurance Act) is annoying, but nowhere near the danger of other age verification proposals. The requirement is for a signal of age/age bracket from OS to application. It is not verification as we usually define it.

You can make slippery slope arguments, but before you do, worth reading the stated arguments for/against the bill.

Also this bill has been law for some time now??? Goes into effect in 2027, but it became law in October 2025!

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Bill Text - AB-1043 Age verification signals: software applications and online services.

AB 1043 Age verification signals: software applications and online services.

Show thread

katzenberger

@mttaggart

You are mistaken. 1798.501. (b) clearly states that applications are assumed to have knowledge of the age span the user in front of the screen falls into.

That provides enough leverage for taking out applications, one by one, by stating they require legal age for usage. All it takes is a relentless series of campaigns employing the most prominent of the Four Horsemen of the Apocalypse, "Think of the children!!!".

Appeasement and compliance in advance is not an appropriate answer here. TBH I'm appalled by swaths of developers suggesting implementations already, e.g. for #Debian.

Show thread

Taggart Mar 3

@katzenberger Counterpoint: the desire to age-gate applications already exists independently of this measure. Discord is instructive here, as the amount of power granted to the age verifier in that case is substantial. Compare that structure to this one. AB 1043 doesn't create leverage; it takes it away.

Remember that the signal being requested is not independently verified in any way, shape, or form. It just exists, and 1798.501 (b) (3) indicates that the signal shall be authoritative. This takes power away from skeevy entities like Persona and states who would leverage them.

I also think the (b)(2)(B) and (b)(3)(B) are important here:

(B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

(B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

At first this sounds bad! "Hey, if you can tell the user is lying, you can't ignore it." But what that means in practice is the developer shouldn't have any way of knowing whether the user is lying. Put another way, it's the privacy-invasive applications that will have the hardest time complying with this.

Show thread

katzenberger Mar 3

@mttaggart

That is only a counterpoint if one accepts, upfront, that every platform needed to implement it.

The title won't even go into effect until next year. And developers are already discussing implementation details at length: barely whether it affects them (Linux); barely ways how to contest or fight it.

The issue with AB 1043 is not that it is "inacceptably intrusive". Allegedly being "less intrusive" is the intended pseudo-debate, besides the piling up of implementation details, both designed to signal "this ship has sailed", or "resistance is futile", whatever you prefer.

The issue is that it creates leverage even on platforms that, so far, have resisted such intrusions; and that, so far, have not been know for compliance in advance.

The issue is that every such bridgehead serves a purpose that goes way beyond it. That's what it is: a bridgehead.