Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tzs a day ago

Are Unix and Unix-like vendors making implementing this harder than it needs to be? Here is what is required for laws like California's.

1. To modify account creation so that in the scenarios where the law applies (account is being created for a child who is the primary user of the device) to ask for the age and/or birthdate of the child.

2. A way for applications to ask for the age range of the user ([0, 13), [13, 16), [16, 18), [18-infinity)).

Implicit is to store enough information from #1 to support #2.

The way I would store that information is by creating a directory, say /etc/age_group, and in that creating one file named after each age range. These files would be owned by root and not group or world readable.

On creating an account this applies to add an access control list (ACL) entry for that account to the appropriate file in /etc/age_group that allows that user to read it.

Then for #2 the way applications can check is by simply checking which files /etc/age_group it can open.

This should be more portable than the other ways I've seen proposed. POSIX access control lists are included I believe on every major Linux distribution (and also MacOS, FreeBSD, and maybe other BSDs).

This would give application writers on most Unix and Unix-like systems a common way to check if they are on a system that implements the California law (does it have /etc/age_group?) and a common way to check age group.

db48x a day ago | parent | next [-]

That’s a clever start, but it has a problem. What happens when the list of age groups changes? This list is not fixed; it changes over both time and space. How do I tell the difference between a system that doesn’t support age attestation vs one that only supports age groups that I don’t know about? For example, suppose I am looking to see if the user is in the `over_13` age group, but only `/etc/age_group/adolescente` exists? What if there are multiple readable files?

Systemd’s solution is simpler and doesn’t have these edge cases. A higher level of software, such as the desktop environment, can query the user’s birth date from systemd and use their locale settings or time zone or other information to compute the correct age group.

nine_k a day ago | parent | prev [-]

This is a great idea. It very compactly implements a barebones parental control system: a parent (with admin access) can assign an age group to a user account, and apps which care can easily check it.

I think it's exactly how such a system should work: apps, sites, etc should declare an age limit, and the user's OS should decide if it's going to give the user access to them. This approach is opposite to having the user to prove their age (and worse, the legal identity) to the web site, app, etc.

razingeden 21 hours ago | parent [-]

Well you got me there.

For the most part, I actually agree that Ubuntu is an appropriate operating system for toddlers.

nine_k 21 hours ago | parent [-]

I ran a Debian box for my daughter when she was a toddler and a pre-schooler. She was good at selecting her favorite movies and music in XBMC, and enjoyed simple drawing apps.