Mastodawn

i want to clarify something w.r.t. california requiring age "verification" at an operating system level. the way the law is specified is actually exactly the correct way to do this - users self-report their age during setup and that information is available to applications that have a reason to request it. it is entirely within the spirit of the law to add whatever age the user reports to a database that can be read from, like /etc/passwd which already can store things like emails or phone numbers. there is no suggestion that an ID check or facial scan be part of account setup, and any vendor implementing this would be doing so of their own accord

the vision of an age verification scheme like california's is that an adult can set up a child's account to be in a specific age group, then have the system automatically inhibit the child's access to applications that they aren't allowed to access. this could be further built upon by laws requiring ex. gambling services to check this signal before allowing the user to sign up. of course this can be circumvented, but all laws can

the way this will effect linux is not going to be described well by media because they don't tend to have the best understanding of the open source ecosystem. it will be up to distributions (not linux itself) to ensure there is an age step in account setup and a library for accessing that information. this is fairly simple to implement and work has already started on it

additionally, i am not interested in debating anyone on whether age verification should exist. im trying to clear up misinformation about a very simple bill that anyone can read. if i don't know you, i have no reason to discuss philosophy with you

coverage on this bill (and the one in colorado) continues to be misleading. neither bill prohibits children from creating accounts. neither bill prohibits children from installing an operating system. the closest to what system76 reports as saying "anyone under 18 isn’t supposed to create a computer account on their own" is the definition of an account holder being someone over 18, but this is not at all an enforced part of the law. again, no part of the law says you have to be an adult to create an account, the law is just focused on the case of parents creating accounts for their children

new york's proposed bill, on the other hand, explicitly disallows self-reporting age, and will thus lead to id uploads and/or face scans on practically every computing device. this is the exact thing that people were fearmongering california's bill to be about, yet nobody seems to be talking about it. if you want a big scary privacy invasion bill to yell about, yell about the new york one which actually does the things you're scared about, not the california one that mandates one field during account setup

despite my disagreements with system76's framing of this issue, i do very much appreciate their efforts to exclude open source software from these requirements: fosstodon.org/@carlrichell/116201429639953387 . while the california and oregon bill have been overblown, excluding open source projects would make a lot of sense, and their work is genuinely useful. im glad the money ive spent on system76 hardware is going to lobbying for open source carve-outs

Carl Richell (@[email protected])

Today, I met with Colorado Senator Matt Ball, co-author of Colorado OS Age Attestation Bill SB26-051. Sen. Ball suggested excluding open source software from the bill. This appears to be a real possibility. Amendments are expected for the CA age attestation bill. It's my hope we can move fast enough to influence excluding open source in the CA bill amendments. No illusions, it's an uphill battle, but we have an open door to advocate for the open source community.

Fosstodon

@mia Oh, that's actually really cool! Luckily I haven't seen much misinformation (only one post) yet, but this makes it totally clear. Thanks for explaining it!

RTG-powered Vel Mar 4

@mia on Linux (or at least GNOME? i have no idea what others do), there is Malcontent, which i think is absolutely capable of this with some work. it already has the necessary signaling, at least for native apps. maybe we’ll have some web api for this in the future as well

@mia Everyone was born in 1984.

@lispi314 @mia I always put 2000, easier math.

gabboman the wafrn dev Mar 4

careful, thats a nuanced take people will want to kill you for it

V For Viennetta Mar 4

@mia Agree with all of this. Like realistically having the operating system be the thing that stores and reports the age/age group is about the best way to do this in a privacy-respecting way, whether it makes any *sense* to do it in an unverifiable way is obvs abother matter but... it's fine, really?

Some people I think are just really dead set against age verification in general and seem to think that problems caused by letting kids loose on the modern Internet go away if you just ignore them

@mia thank you. I legit got tired of all the "Linux will become illegal" doom posting.

I of course am going to question if this will be a slipper slide, but criticizing the correct thing is important.

@mia oh. this is exactly how I've conceptualized the ideal age verification in the past... they stole my idea :)

princess pancake

@mia Saying this is the "correct" way is very bold unless you live in a vacuum

electron band gap moe Mar 4

@mia I think the system as described in the law is basically fine, I just think that the fact that it's mandatory and applies to all operating systems is, uh, a can of worms. is it going to be illegal to host ISOs of old Debian/Arch/whatever distributions?

@saikou @mia Imagine you get your door kicked info for torrenting, you immediately assume it's about piracy but actually it's about all the old Linux ISOs without age verification.

Humphrey Archer Mar 5

@mia
Actually, what you describe is entirely acceptable to me.
No notes

@mia the issue isn't that it's obviously toothless and benign. It's mandatory to implement, and nobody objects because it's optional to actually use. But it's the thin end of the wedge. Once all the infrastructure is set up and all the software supports it, the argument against making it obligatory to check will be harder to resist when it's no longer a technical issue.

@mia "there is no suggestion that an ID check or facial scan be part of account setup". Yet...

I'm sure they'll think they now have just the right amount of control and won't ever want to push things further.

Adam Beer Mar 7

@mia One thing that's extremely bad about the California law is that every software developer must collect the user's age bracket (with the OS and package manager's help) every time their software is downloaded. And this includes command-line utilities like btop and ripgrep.

FurryBeta Mar 10

@mia Agreeing with the law or not (For the record, I do not. This is a gateway drug for further surveillance, imo), this isn’t actually a bad way to implement the age requirement. Like you said, the /etc/passwd file already has the gecos field, so date-of-birth could be added and any call for age could return the calculated age for the DoB. It would require just minimal changes to the adduser commands. Great idea.