floofloofUS state laws push age checks into the operating system
I’ve been posting this in other threads too and while the OS angle is huge, and worth picking a fight with, I haven’t seen any coverage over how this goes after developers too.
I think this is an attack on ALL open-source.
These bills are written by people who are clearly or maliciously tech illiterate and don’t understand either the terminology or the practical impacts. And of course it’s wrapped in ‘what about the children?!’
They include definitions like (paraphrasing; not quoting a specific bill, but New York, Colorado and California do this):
- “Application” is any software application that may be run on a user’s device – so … EVERYTHING.
- “Application Store” is any publicly accessible website or similar service that distributes applications – so … also everywhere, such as GitHub or GeoCities.
- “Developer” is a person who writes, creates or maintains an application – so if you have a github repo, or you’ve posted a binary or perhaps even a script somewhere recently, you’re a developer.
And then require both developers and operating system providers to handshake this age verification data or face financial ruin. I think the original intent or appearance of intent is that the store developer needs to do the handshake. I’m not a lawyer, but I can’t imagine these definitions aren’t vague enough that they can’t be weaponized against basically anything software.
I have a github account, and have contributed to “applications”. As I read them, these bills pose a serious threat to me if I continue to do so, as that makes me a “developer” and would need to ensure the things I contribute to are doing age verification – which I don’t want to do.
I think that even outside the surveillance aspect, the chilling effect of devs not publishing applications is the end-goal. Gatekeeping software to the big publishers who have both the capacity to follow the law and the lawyers/pockets to handle a suit. These laws are going to be like the DMCA 1201 language (which had much much more prose wrapped around it and was at least attempting to limit scope), which HAS been weaponized against solo devs trying to make the world better.
I fully expect some suit against multiple github repo owners on Jan 2, 2027.
I’ve emailed the office of Buffy Wicks, the author of the California bill, with similar details as the above. I haven’t yet identified the authors of the NY and CO bills, but I’m working on that too. If you live in one of these places, please contact your state officials and tell them this is a bad idea – and if you don’t live there, keep an eye on your state bills.
You gotta stop equating Microslop-owned GitHub with code forges/repositories. The first step is change language to be inclusive to other platfrom while not specially mentioning the proprietary, megacorporate option—such as saint code forge or VCS host. The second step is to create an account elsewhere as you primary spot. Our framing of these things matter, & if you don’t like the state imposing its will on you, the corporate option here is more or less an extension of the state (contributors in Yemen for example will be blocked under US sanctions, bug reporters will be required to agree to the ToS & data collection machine of Microsoft, if the capitalist class doesn’t like your project they will have it removed like Yuzu & yt-download while they will allow state-sponsor gangs like ICE to remain on the platform). Break out of “the network effect”.
It wasn’t Microslop-owned for most of my experience with it, but even sourceforge went the way of enshittification. The only real hope is, unfortunately, decentralization. My worry that is that discoverability is the payment.
We can’t trust that any single point of failure won’t eventually fall to corporate greed. But if there’s a central place to locate things, there’s a central place to control them; even if it’s literally “search”!
Funny as search doesn’t work on MS GitHub without auth. If you post your library on a language’s forum, a personal blog post, & some other place, the search engines (or ugh LLMs with Exa search) can find the. There are decentralized forge options like Radicle, or at least a nonprofit-owned. But all snapshot-based VCSs will have the limitation of needing some centralized source of truth in most cases since the model makes a conflict out of patches being pulled in out of order (which the patch theory-based stuff covers).
But we can all still watch the wording aspect so folks feel free to not do dumb things like assume code = Git = MS GitHub.
Fair enough. My point wasn’t to equate code with github, but to suggest that github, and any other code repository, is effectively an app store by the definition of the California law, and is therefore supposedly responsible for handling this ‘age signal’ bullshit.
Similarly, GeoCities from the 90’s is a publicly accessible website (*actually it’s not – just tried and it seems to completely dead now as opposed to mostly dead in early 2000’s, RIP) with the ability to (and did) distribute software and would have also been an “application store”. Archive.org is maybe a better example now: you can download tons of ‘applications’ from there and none of them will ever have age verification baked in. Is Archive.org now illegal? Let’s find out.