tl;dr it was Meta (because of course it was).

I’m guessing one of the motives is to be able to get more data from non meta users. If the API exists at the operating system level, they can then use the code behind that stupid little Facebook button that every website has to get user age as well as the normal browser fingerprinting data.

My understanding is the API only applies to app stores.

Nope. Most of these legislations are pushing for OS level.

Yes, and the OS communicates this to the app stores.

App stores and anything else that makes a call to that API.

Your browser would have to allow that.

You mean the browsers all based on code from Google and Apple, who also want that info, and will be pressured to use that API to “protect the children” from adult websites?

No, I do not.

That question was rhetorical. Apple and Google account for 95% of the browser market.

I know what you meant, but I guess you’ve never heard of this little thing called a fork. Or Firefox.

Hi, I am here to tell you that it is not particularly trivial to make the kind of changes required to make the websites keep working while also preventing stuff similar to JS fingerprinting.
Some extensions do a decent job in certain cases, but the only ones that completely fix the problem are the ones that simply turn off JS. I checked out what Librewolf’s changes do, using amiunique.org and in some tests it even ends up increasing the uniqueness.

You will essentially require identifying different parts of the JS engine that expose said vulnerabilities and then creating mitigations for each of them, with either the “blend in” or “randomise” strategy and will also require to make sure they are not detected over any domain (due to partial overlap of either change).

This kind of change for a single person will require properly understanding the JS engine codebase and then making and maintaining all required patches over the course of the fork as the main project goes forward. This is pretty much a full time job.
Even if multiple people are working on it, one would still require a good understanding of the codebase.

I suggest recruiting one of the retired/laid-off Firefox engineers, if you have the funds.

…why are we talking about JS and fingerprinting?

The application of age indication is just going to be another metric that these companies use for fingerprinting and person identification, one that some analyst on their inside possibly considered a useful data point.

And while this particular API might be an easy one to target, for removal as a patch, it might end up being part of a JS framework that many websites use and will break in case the return value is not available.

So if people require sites to work, this will become just another feature, requiring similar mitigations to other JS features I mentioned, that will need to be handled in a way that it increases the anonymity of the user, lest the user be subjected to harassment.

By “harassment”, I mean the actual inescapable kind, not just random internet trolls.

The application of age indication is just going to be another metric that these companies use for fingerprinting

As I said, there’s nothing to suggest they would receive such an indicator, as far as I’m aware. The indicator is only required between the app store and the OS.

Facebook has “apps”, no?

Last I checked, it had stuff like FarmVille, FrontierVille, etc.

We weren’t talking about apps, we were talking about Facebook like buttons on websites.

Causation:

FaceBook website has apps

FaceBook website is an App store

FaceBook website requires access to Age API

Firefox needs to passthrough Age API to Facebook’s domain

All embedded FaceBook buttons now get to see your OS’s age

That’s not an app store.