I don’t like to shill for companies, but I’m glad System76 made a statement. The addendum does feel like their legal team made them add it though:

> Some of these laws impose requirements on System76 and Linux distributions in general. The California law, and Colorado law modeled after it, were agreed in concert with major operating system providers. Should this method of age attestation become the standard, apps and websites will not assume liability when a signal is not provided and assume the lowest age bracket. Any Linux distribution that does not provide an age bracket signal will result in a nerfed internet for their users.

> We are accustomed to adding operating system features to comply with laws. Accessibility features for ADA, and power efficiency settings for Energy Star regulations are two examples. We are a part of this world and we believe in the rule of law. We still hope these laws will be recognized for the folly they are and removed from the books or found unconstitutional.

Anyways, it feels like all sides of the political spectrum are trying to strip away any semblance of anonymity or privacy online both in the US and abroad. No one should have to provide any personal details to use any general computing device. Otherwise, given the pervasive tracking done by corporations and the rise of constant surveillance outdoors, there will be nowhere for people to safely gather and express themselves freely and privately.

Not commenting on this specific law, but I do believe the premise that children should be exposed to everything is wrong, and that the overall view on humans in this post is naive.

These days, exposing an immature brain to the raw internet is basically just handing the brain and personality over to be molded by large corporations and algorithms.

And humans have never been rational, self-contained actors that self-educate perfectly when exposed to information, converging on an objectively good and constructive worldview. Quite the opposite.

Humans develop in relation to one another, increasingly in relation to algorithms, and sometimes become messed up, and sometimes those mess-ups would have been avoidable had relations or exposure been different.

In fact I would say you as a parent is not doing your job if you are not trying to make sure a 12 year old isn't pulled into, say, an anorexia rabbit hole.

Whether that is best done through making sure exposure doesn't happen, or through exposure and education, will depend on the child and parent (and society) in question. What worked best for a highly rational self-reliant geek teen may simply be a disaster for another human. And what worked for an upper class highly educated family may not work for a poor family with alcoholized parents or working 18 hours a day to make ends meet.

And parents are not perfect -- if all parents were perfect, there also would be no alcoholics and drug addicts or poverty or war. But people are imperfect, and it's natural to make laws to mitigate at least the worst effects of that. (Again, haven't read this specific law proposal, but found the worldview of OP a bit naive.)

> Throwing them into the deep end when they’re 16 or 18 is too late.

I saw this a lot in college. Kids that didn’t have any freedom or autonomy while living at home went wild in college. They had no idea how to self-regulate. A lot of them failed out. Those who didn’t had some rough years. Sheltering kids for too long seems to do more harm than good. At least if they run into issues while still children, their parents can be there to help them through it so they can better navigate on their own once they move out.

Fxxk off, to all political actors pretending this is about child protection. Protecting children is not the job of the OS, the device manufacturer, or the internet service provider. It is the parent’s job. If you cannot supervise, monitor, and discipline your child’s internet use, that is your failure, not theirs.

They can provide tools, sure. But restricting adults because some parents fail at parenting is insane. That is how a totalitarian state grows: by demanding the power to monitor and control every individual.

If you cannot control your children, that is your fault. And if that is the case, you should think twice before having kids.

Rather than age verification, this is what we should be doing instead:

Don't let phone manufacturers lock the bootloader on phones. Let the device owner lock it with a password if they decide to. Someone will make a child-friendly OS if there is demand. Tech-savvy parents should be able to install that on their kid's phone and then lock the bootloader.

What about non-tech-savvy parents?

There should be a toggle in the phone's settings to enable/disable app installation with a password, like sudo. This will let parents control what apps get installed/uninstalled on their kid's device.

But what about apps or online services that adults also use?

Apps and online services can add a password-protected toggle in their user account settings that enables child mode. Parents can take their child's phone, enable it, and set the password.

----

All it takes is some password-protected toggles. They will work better than every remote verification scheme.

The only problem with this solution is that it does not help certain governments build their global mass surveillence and propaganda apparatus, and tech companies can't collect more of your personal info to sell, and they can't make your devices obsolete whenever they want.

Comparing today's internet to the 90s is hardly fair. It has become extremely predatory, and most places youth gravitate towards are controlled by algorithms with the goal of getting them hooked on the platforms to make them available for manipulation by the platform's customers.

Of course, there will be stories of smart kids doing amazing things with access to vast troves of information, but the average story is much sadder.

The EU is working on a type of digital ID that an age-restricted platform would ask for, which only gives the platform the age information and no further PII.

Companies (not talking about system76) amazingly always find the shittyest interpretations of their obligations to make sure to destroy the regulations intention as much as they can. The cookie popups should have been an option in the browser asking the user whether they want to be tracked and platforms were meant to respect this flag. Not every site asking individually, not all this dark pattern annoyance. It's mind-blowing that that was tanked so hard.

This law feels like a battle in The Coming War on General Computation, as Cory Doctorow put it:

> I can see that there will be programs that run on general purpose computers and peripherals that will even freak me out. So I can believe that people who advocate for limiting general purpose computers will find receptive audience for their positions. But just as we saw with the copyright wars, banning certain instructions, or protocols, or messages, will be wholly ineffective as a means of prevention and remedy; and as we saw in the copyright wars, all attempts at controlling PCs will converge on rootkits; all attempts at controlling the Internet will converge on surveillance and censorship, which is why all this stuff matters.

Full talk: https://www.youtube.com/watch?v=HUEvRyemKSg

I'm surprised by the complete lack of dissent or even nuance in the discussion here. I'm much more ambivalent on this: the historical record for prohibition is not good, but instagram and the like are uniquely and disastrously harmful and the companies pushing them on children are powerful in a way that has no real historical precedent. In the balance, anything the reduces the power those companies have over our lives (and our politics) has to be at least considered. In other words, I don't think this is necessarily the right measure - but I'm desperate.

Didn't regulating cigarettes kind of work?

So much for freedom and democracy lectured by Americans and westerners to the rest of the world. This is just censorship of every form of freedom of speech. This got nothing to do with children or youth. They will eventually censor and track everyone.

I can't fathom all the rage and confusion here about these laws. It's been a well-known effect since forever that when a government deems that something needs to be done, they'll go for the first "something-shaped" solution.

This all could've been avoided. Governments all over the world have been ringing the alarm bells about lack of self-regulation in tech and social media. And instead of doing even a minimum of regulation, anything to calm or assuage the governments, the entire industry went balls-to-the-wall "line go up" mode. We, collectively, only have ourselves to blame, and now it's too late.

If you look back, it didn't have to be this way: - Governments told game publishers to find a system to handle age rating or else. The industry developed the ESRB (and other local systems), and no "or else" happened. - Governments told phone and smart device manufacturers to collectively standardize on a charging standard, almost everyone agreed on USB-C and only many years later did the government step in and force the lone outlier to play ball. If that one hadn't been stubborn, there wouldn't have been a law.

The industry had a chance to do something practical, the industry chose not to, and now something impractical (but you better find a way anyway, or else) will be forced upon them. And I won't shed a tear for the poor companies finally having to do something.

"Age verification" is such a politician's way to label this. It doesn't actually verify your age. What it does do is set the groundwork to argue that none of us should use any software on any computer that an App Store with Age Verification doesn't allow us to.

But there's a bigger issue than just what software you're allowed to run on your own computer. What's really insidious is the combination of the corporate and government interest. If every server tracks how old you are, it's a short step to tracking more information. Eventually it's a mandatory collection of metadata on everyone that uses a computer (which is every human). Something both corporations and governments would love.

You were worried about a national ID? No need. We'll have national metadata. Just sign in with your Apple Store/Google Store credentials. Don't worry about not having it, you can't use a computer without it. Now that we have your national login, the government can track everything you do on a computer (as all that friendly "telemetry" will be sent to the corporate servers). Hope you didn't visit an anti-Republican forum, or you might get an unfortunate audit.

I don’t really mind age verification, since we do it in real life (outside the internet) constantly for products and services that are meant for adults, like some-rated movies and alcohol.

I do mind a lot of the data process. I do not want my id, personal preferences or any metadata of my self stored anywhere ever. And IF by some weird law some process has to store some data somewhere of me, i want to have very easy full access to it so i can delete it whenever i want. You can keep the process itself but anything else has to go.

Yes, i have a passport. Yes, it was verified and validated. No you may not know or store the color of my eyes.

I also do not want curious kids to be prosecuted for poking around. They should teach them and thank them for finding flaws.

I wonder who is behind this sudden push for these age verification laws. This wasn't an issue until recently and suddenly there are not just laws in California and Colorado, but also New York and Brazil.

"Liberty has costs, but it’s worth it"

The whole point. Very well worded post. I weep for the all digital future.

Are these laws not 1A violations due to code being speech and the gov not being allowed to compel speech?

This is becoming a wedge issue. It should not be. As an industry, we can solve this. As an industry, we have too. If we don't, legislators will do it for us. And they'll make a bad job of it. And if you petition your local legislator wherever yiu are in the world, then that's cool, but if this is solved locally, we will see serious fragmentation. As an industry projecting ones politics isn't going to make much difference.

Organize and fight the policy. Do not take your frustration out on people and companies that just try to adjust to a law. Talk to your representatives. Create educational websites similar to fightchatcontrol.eu.

If my parents blocked me from doing admin stuff (which was not even possible back then) I would certainly not started to code by myself when I was a tween

More concerning than that is that it all doesn't seem because they care about teenagers and kids.

Just a reminder of what liability the CA age verification law imposes upon developers and providers.

It's not enough to adhere to the OS age signal:

> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.

> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

Developers are still burdened with additional liability if they have reason to believe users are underage, even if their age flag says otherwise.

The only way to mitigate this liability is to confirm your users are of age with facial and ID scans, as it is implemented across platforms already. Not doing so opens you up to liability if someone ever writes "im 12 lol" on your app/platform.

California may be able to target companies like System76, but it will be completely powerless against modular and decentralized distros like Debian and Arch.

> The challenges we face are neither technical nor legal. The only solution is to educate our children about life with digital abundance. Throwing them into the deep end when they’re 16 or 18 is too late. It’s a wonderful and weird world. Yes, there are dark corners. There always will be. We have to teach our children what to do when they encounter them and we have to trust them.

This resonates so much with me. I don’t want to control my kids. I will never be able to protect them from everything. I hope I won’t be able because I want to die before them. I want them to be able to navigate in the world and have all the cognitive tools necessary to avoid being fooled. I want to rest in peace knowing they can in turn educate their own children. I want to trust them and be relieved that I can focus on some tasks of my own without needing to constantly worry about them.

It's sad to see such big brother crap in Linux, which sees like the exact opposite of the hacker ethos it was originally built upon.

requiring the OS to broadcast an age bracket to every app and website is building a new tracking vector and calling it child safety lol

These lawd prove one thing: the politicians know nothing about the subject matter.

What is almost more disturbing: at least some of the politicians will have been advised by consultants or lobbyists who know what they're advocating for. What's their game?

> A parent that creates a non-admin account on a computer, sets the age for a child account they create, and hands the computer over is in no different state. The child can install a virtual machine, create an account on the virtual machine and set the age to 18 or over.

Er, how does a child install a VM from a non-admin account?

> Or the child can simply re-install the OS and not tell their parents.

It's gonna be pretty easy to detect when the parent finds programs are missing/reset or the adult account they created can't log in with their password.

The California law seems entirely tame and sane, whereas the New York bill seems pretty heavy-handed and authoritarian. They are in no way similar to each other.

Linux distributions could do a lot of good geo blocking California right now.

Remember when it was the parents' responsibility to raise their children?

On using VMs I suggested something similar earlier https://lemmy.ml/post/43994511/24315514 so it's clearly not a deep or original ideas. It will be figured out quickly. In fact any kid reading that article or those comments is probably already researching about this topic and chatting about their successes and failures with friends. No way it can hold.

I have to wonder

A. If end users will mod their distros to send a "signal" (TBD?) to websites.

B. If end users will just grab a pirate OS with apps compiled to not care about age.

Hopefully the latest TAILS I downloaded is free of Big (over 18) Brother. And (A)

Or just compile, Gentoo and LFS style.

C. If pirates just take care of all this for friends and neighbors.

D. When, not if, this unconstitutional coercion is challenged in court and cancelled via petition. Remember Proposition 8?

I'm surprised zero-knowledge proofs have not been mentioned. This is a technique where (for example) the government signs your digital license, then you can present a proof that you are over 18 to a site without revealing anything else about yourself. ZKPassport exists, Privacy Pass is an implementation being standardized by the IETF, and Google is working on a similar implementation. Granted, these are not yet widely used, but I'd be very interested in hearing HN's thoughts on this.

Let's try to figure out what a good policy solution looks like:

- entities with harmful or adult content must require proof of the user being over 18

- entities cannot ask for, store, or process more detailed information without explicit business needs (this should be phrased in a way that disallows Instagram from asking for your birth year, for example)

- entities cannot share this data with other sites, to avoid privacy leaks, unless there is an explicit business need (this is tricky to get right; someone might try to set up a centralized non-anonymous age-verification service, erasing many benefits)

- entities must in general not store or process information about the user that is not strictly relevant to their function

- there ought to be different treatment for anonymous users (which ideally these protocols will allow, just submit proof of work plus a ZKP that you are a human and authorized to access the resource) compared to pseudonymous and non-anonymous users, who are more at risk of being censored or tracked.

There's some loopholes here, but if the government can enact good policy on this I personally think it's feasible. Please share your thoughts, if you have a minute to do so.

There's also an interesting political split to note among the opposition here. I see a lot of people vehemently against this, and as far as I can see this is largely for concerns regarding one of 1) privacy abuses, 2) censorship, or 3) restriction of general computing. Still, there is a problem with harmful content and platforms on the web. (Not just for minors, I don't think we should pretend it doesn't harm adults too.) The privacy crowd seems to be distinctly different from the computing-freedom crowd; the most obvious example is in attitudes towards iOS. As I personally generally align more towards what I perceive as the privacy-focused side, I'm very interested in what people more focused on software freedom think about zero-knowledge proofs as a politically workable solution here.

Let's be clear: this is a first step. The obvious next step is to require proof of age.

This ties in nicely with the international movement to require ID to use social media.

Why is this an international movement? Suddenly, simultaneously, all over the Western world? It's enough to make on believe in conspiracies...

It's simple. Don't comply. Software engineers, despite not having the same requirement of mechanical engineers, should uphold the ethical obligations of their craft. This law is harmful. Given the requirement of compelled speech, given code has been _proven_ to be such, Do. Not. Comply.

I'm in two minds about this. I think that by and large We Have A Problem. And i don't mean a problem with children on the internet. We have a problem with people on the internet. There are so many examples of grown adults who have clearly become addled.

I live in the UK, I work in London. I can go on X and look at what Elon Musk is posting about the UK and as a reasonable person I can quite reasonably say he's gone mental. The algorithm has broken that mans brain. And it's not just him, a whole slew of establishment women lost their absolute minds about the trans issue (and Graham Linehan). Mumsnet became a centre for radicalization. You know and some one who grew up on the internet at quite a sweet spot I'm very comfortable looking at that stuff and going "Oh yeah, you guys are being groomed by these algorithms and you're defenceless to it".

There's a whole load of "How do we protect the children from this", but I don't think there's actually been much a reckoning with how grown adults are getting sucked into this vortex. The algorithms on the internet clearly have some trap doors that just absolutely funnel people into crazy places.

All of which is to say: We have a serious problem that's effecting everyone not just kids, and I think we've got almost no answers for how to tackle it.

The result is this- poorly thought through sweeping laws that aren't solving the problem, and have massive negative side effects. I think Jonathon Haidt has a lot to answer for in funnelling this complex issue affecting everyone into this reactionary "won't someone think of the children!" campaign for banning technology for kids.

Don't see how anyone is gonna make me do anything. Just evade anything like this through various means and opt out of things that reduce your quality of life (by destroying your freedom and making you a slave)

I was gifted my first computer, running Windows 95, at 11 years of age. By age 13 I was probably within the five people who better understood how to do stuff on a computer in my town. By age 16 I was making Pokemon hackroms, flash animations for newgrounds and translating manga for pirate sites in photoshop. By then I knew my entire life would be tied to computers somehow.

Now some 50-60yo politician who has never even created a folder in their desktop without help wants to dictate how I should have used my device?

Fuck'em

California and Colorado do not get to govern out of state residence, thats interstate commerce and its federal domain, period.

The time is coming where we will unseat legislative traitors who use EU/Old World manipulations in the USA.

An unjust law is no law at all. That is the exception the rule of law requires to remain moral.

So this has recently also affected Ubuntu.

One developer began a discussion:

https://lists.ubuntu.com/archives/ubuntu-devel/2026-March/04...

Their attempts of a "solution" are quite interesting. One other user suggested that GUI tools ask for the age of the user.

Well ... I have a very strong opinion here. I have been using Linux since over 20 years and I will not ever give any information about my personal data to the computer devices I own and control. So any GUI asking for this specifically would betray me - and I will remove it. (Granted, it is easier to patch out the offending betrayal code and recompile the thing; I do this with KDE where Nate added the pester-donation daemon. Don't complain about this on reddit #kde, he will ban you. KDE needs more money! That's the new KDE. I prefer oldschool KDE but I digress so back to the topic of age "verification").

The whole discussion about age "verification" appears to be to force everyone into giving data to the government. I don't buy for a moment that this is about "protecting children". And, even IF it were, I could not care any less about the government's strategy. Even more so as I am not in the country that decided this in the first place, so why would I be forced to comply with it when it ends up with GUI tools wanting to sniff my information and then give it to others? For similar reasons, one reason I use ublock origin is to give as few information to outside entities when I browse the web (I am not 100% consistent here, because I mostly use ublock origin to re-define the user interface, which includes blocking annoying popups and what not; that is the primary use case, but to lessen the information my browser gives to anyone else, is also a good thing. I fail to see why I would want to surrender my private data, unless there is really no alternative, e. g. online financial transactions.)

I also don't think we should call this age "verification" law. This is very clearly written by a lobbiyst or several lobbyists who want to sniff more data off of people. The very underlying idea here is wrong - I would not accept Linux to become a spy-tool for the government. I am not interested in how a government tries to reason about this betrayal - none of those attempts of "explanation" apply in my case. It is simply not the job of the government to sniff after all people at all times. This would normally require a warrant/reasonable suspicion of a crime. Why would people surrender their rights here? Why is a government sniffing after people suddenly? These are important questions. That law suddenly emerging but not in the last +25 years is super-suspicious.

It’s simple you can’t go drinking under age, you can’t drive a car under age. And the harm that can come from the internet is well above this so it makes sense to also ask for id. I agree though that it needs a system to protect information. It’s not about the system being always fail safe it’s about the general rule that by default what is happening is not legal to protect and not put the burden on every parent or family.

„But Jonas parents allow him to do that“ in reality Jonas parents should not have a say in this.

None of the facts he states are unknown or new to the authors of the mentioned bills.

We should collectively make sure that any PRs trying to land these changes are very well reviewed. We wouldn't want any security holes to slip by. I think a couple dozen rounds of reviews should suffice. I've heard great things about how productive AI can be at generating very thorough code quality assessments. After all, we should only ship it once it's perfect.

To be more direct - if you're in any editorial position where something that smells like this might require your approval, please give it the scrutiny it deserves. That is, the same scrutiny that a malicious actor submitting a PR that introduces a PII-leaking security hole would receive. As an industry we need to civil disobedience the fuck out of this.

this is how and adult sounds like in a room full of children.

I have been saying this all along. You can't prevent kids from getting around restrictions. All you can do is try to help them understand what they find on the other side and what some options are. Age-gating is just a way to push forward a surveillance agenda. The fact thats happening everywhere all at once proves my point.

Definitely started exploring at 8/9 writing Perl and CGI

remember El Mencho, it should have been a title!

I was enrolled in the united states navy nuclear program at 17. we are just making kids dumb with this bullshit

I love Pop!_OS (and Cosmic) but if they start with this bullshit I need to switch to other Linux distributions. Worst case, will build my own...

Aaaaand to throw it all away at the end with "well when the rubber meets the road we'll comply anyway, thanks for inhaling my hot air." Take a damn stand and dare them to sue the hacker known as Linux or whatever.

I mean, genuine question, is Linux Mint or MX Linux endangered by this?

Unless I'm missing something, I have zero concern for companies who sell out by complying.

The code was "free as in freedom" when you decided to build your company on it; and while you're not legally obligated to defend that freedom, and I, and hopefully other consumers, find that you are morally obligated to.

As a resident of New York, I am disturbed to see Democrat representatives introduce such horrific bills. I guess I will not be voting Democrat again!

Good words, glad to see more companies taking a principled stance on these important matters. That leading quote is great for sharing with non-technical friends. We have 365d 23h of non-voting time to take direct action to make our world better.

This is the one thing that truly scares me. I've decided I'm not going to verify my age anywhere or use facial recognition apps to login anywhere. And this is a much bigger fear for my job than AI.

At the moment only some countries banning porn, social media and gambling. But how soon will I have to do it for a work app? And will I lose my job then if I refuse?

I don't think the argument that children might bypass parental controls therefore devices should not have parental controls.

>Limiting a child’s ability to explore what they can do with a computer limits their future.

Parents don't want to limit their children from writing software. Saying that limiting minors from accessing porn will limit their future is another argument I doing think many will agree with.

The prostitutes pushing for this do not deserve words. They deserve ridicule, public humiliation, and worse. The computer is a tool. Whoever would encumber it is an obvious shill for the corporations (google/apple/microsoft) who would like to attach an identity (i.e. tolls and controls) to actions prior generations could do freely and without surcharge. It is a modern-day enclosure movement. Its proponents should be juicily spat upon.

The age verification laws are awesome!

I mean... How else would you educate children about computers and evading stupid restrictions?

tl;dr they don't like them and don't want them in place but will comply

I don't really see a problem where there is a standard api (or even syscall!) to rethrieve a persons age bracket and for various apps being able to easily implement it. But please make it fucking optional.

Make it optional and assume an adult otherwise, it's a good idea if it's optional and doesn't have dumb fines, you could have fines for not enforcing it / not using the api [porn sites] that already exists [and it doesn't work since 1 button is not age verification].

I see this as a good way for parents and institutions to set up their phones, school laptops etc and would pretty much solve the large majority of these issues while having a fraction of the invasiveness.