Ridley @ WATCH LYCORECOMar 21
I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like. you know basically every online service has been required to ask for your age since 1998? this is literally just "at account creation, the device owner can set an age field. to whatever they want. and then apps can query that instead of asking themselves."
you can set it to the unix epoch if you want
Show thread✧✦Catherine✦✧Mar 21
@rcombs yeah i really don't get it
Show thread✧✦Catherine✦✧Mar 21
@rcombs everyone knows young people will lie about their age. this enables them to lie about their age very easily. why the fuck would you put up a fuss about it
Show threadCassandrichMar 21
@whitequark @rcombs I think there are two aspects here. One is the matter of unknown and untrusted folks inserting themselves into projects eagar to comply in advance. This expresses a disempowerment of communities and a surrender of editorial control to a fascist government. From this perspective, it's the statement of values that matters more than any practical effect.
Show thread✧✦Catherine✦✧Mar 21
@dalias @rcombs how is it "in advance" if there are laws about it today?
Show threadCassandrichMar 21
@whitequark @rcombs Is that a serious question? There is no law that says that we as the authors of a program have to modify it to behave in a certain way. If there is, it's unconstitutional. Even if it weren't, we wouldn't comply. It's complying in advance if nobody is holding a gun to your head or putting handcuffs on your wrists. Governments do not decide what we can write.
Show threadCassandrichMar 21
@whitequark @rcombs Even as a Linux business not up for civil disobedience, it's complying in advance if you don't go to court, either waiting for the state to take you to court, or preemptively suing to block enforcement. You wait until a court rules that you have to comply to do it (and then you deal with the fact that the upstream FOSS projects won't comply, so you have to maintain your own patches to comply, and you can use that hardship to help your case in court) rather than just agreeing to do it to begin with.
Show threadRidley @ WATCH LYCORECOMar 21
@dalias @whitequark it is absolutely absurd to demand this course of action (at great expense and risk) of a business whose lawyers say "yes this is most likely constitutional, yes you're required to comply"
Show threadRidley @ WATCH LYCORECOMar 21
@dalias @whitequark like, even if you *did* intend to take this to court, the correct de-risk is clearly to implement the extremely simple required API in advance, so you can roll it out quickly and not end up in contempt if the court case doesn't go your way
Show threadspheruliticMar 22
@rcombs @dalias @whitequark is it established legal opinion that the solution is "extremely simple"? Or is that a wildly optimistic guess? Every developer hour spent chasing this poorly defined requirement is an hour wasted from a business perspective. If the government wants to play product owner they need to provide actionable acceptance criteria before I lift a finger to implement.
Show threadRidley @ WATCH LYCORECO
@spherulitic it is my professional *technical* opinion that the API required is quite straightforward
Mar 22 at 8:20pmWeb
Show threadspheruliticMar 22
@rcombs so I'm thinking of this in terms of my own application. It has the official Scrabble dictionary loaded in and quizzes users on words to anagram. Its a simple concept. To approach this I need to know, for each of 275,000 words, which are appropriate for that age group. Then I need to add metadata to my database, alter my application to respect the metadata, and then implement attribute based access control to filter my application capability based on region and age group. Not to mention once I've got this PII in my system I have to worry about CPRA and GDPR and all kinds of laws around the globe. Its a multi month project to make sure a human being doesn't see the word fuck before the government decides they're ready.
Show threadRidley @ WATCH LYCORECOMar 22
@spherulitic I don't see where AB-1043 requires any of this? beyond possibly having to query the age value in the first place (which *does* seem kinda bonkers if no applicable law requires you to actually do anything with it)
Show threadspheruliticMar 22
@rcombs if I ask for the data and immediately discard it, technically GDPR and all the other privacy laws still apply, but I can probably get away with ignoring them if I don't use or store the data. This would also be a remarkable waste of everyone's time. But here we are.
Show threadRidley @ WATCH LYCORECOMar 22

@spherulitic IANAL, but I would expect that GDPR only applies to data that you actually collect, not to what your software reads but does not send home

definitely a waste of time (feels like an error in drafting by the legislature tbh?), but like. a trivial waste of time