Senate Bill 26-051 reflects that pattern. The bill does not directly regulate individual websites that publish adult or otherwise restricted content. Instead, it shifts responsibility to operating system providers and app distribution infrastructure.
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established. The provider would then generate an age bracket signal and make that signal available to developers through an application programming interface when an app is downloaded or accessed through a covered application store.
App developers, in turn, would be required to request and use that age bracket signal.
Rather than mandating that every website perform its own age verification check, the bill attempts to embed age attestation within the operating system account layer and have that classification flow through app store ecosystems.
The measure represents the latest iteration in a series of Colorado efforts that have struggled to balance child safety, privacy, feasibility and constitutional limits.
I fully expect this to become a move to hamper linux, or any non-windows desktop usage, because “we can’t trust a user who has full access to their OS” or some other bullshit.
Holy fuck this is bad
Only for privacy and anonymity, companies like Google and Microsoft will do fabulously however. Who donates to him I wonder.
AFAIK, only adults can sign up for internet access, so a minor watching porn on the internet is the same as said minor watching their parents’ adult DVDs or drinking alcohol their parents purchased. It’s already illegal for adults to give minors access to these things, so what’s next? Alcohol bottles that only open and DVDs / Bluerays that only play if you can provide an ID and prove your age every time?
Why can’t we just have better parental controls? I’m a parent and I do want to protect my kids but I will not upload a photo or anything else.
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established.
It’s so fucking obvious the people who wrote this have no idea other operating systems than iOS, Windows and Android exist.
Ok but isn’t that just this?
Declared Age Range / AgeRangeService - iOS
Use Play Age Signals API - Android
For fuck’s sake.
What are parental controls?
Goodbye tech ownership in Colorado if this passes. We’re moving one step closer to the government issuing out thin clients that only they control.
“OPERATING SYSTEM PROVIDER” MEANS A PERSON THAT DEVELOPS, LICENSES, OR CONTROLS THE OPERATING SYSTEM SOFTWARE ON A DEVICE.
great, for my devices then, that would be me
Age verification is identity verification.
This is getting ridiculous.
Linux is the only reasonable choice anymore.
Linux won’t be legal in Colorado if they pass this. You’ll need an account with some age-policing, ID-reporting corporation to be able to use a computing device.
How do they imagine they could enforce this though? Presumably quite selectively, based on the user’s political leanings.
What is in the actual bill? I haven’t read any of this but if it was just a year of birth box at local signup then this could actually be pretty good. A sort of halfway between local only parental controls & age-policing, ID-reporting corporations.
https://leg.colorado.gov/bills/SB26-051
Here’s a summary, but the text of the actual bill can be gotten by clicking on “Recent Bill (PDF)”
Presumably quite selectively, based on the user’s political leanings.
Not defend Democrats too much here, but they clearly have far less of a habit of doling out enforcement based on political leanings than the Republicans, even if they do enforce things quite selectively when it comes to actual leftists while letting Nazis run around with seeming impunity.
Colorado has been a solidly Blue state since the end of the W. Bush years, and even then, it was pretty split down the middle with just over half of the votes going to Bush. It’s honestly been mostly-Blue-dominated since 1992. (Lauren Boebert notwithstanding)
Further, the two main sponsors of the bill are both Democrats. This genuinely seems to me to be another example of “heart in the right place but don’t know what the fuck they’re actually doing” which seems common for the tech illiterate and often for Democrats in general.
Once again, not saying Democrats aren’t guilty of selective enforcement, just pointing out that they’re far less likely to do so (or at least less likely to do so against conservatives, for genuine leftists it seems up for debate).
Now, that also means nothing in context to how other politicians can use this kind of legislation negatively, even if the writers and sponsors truly have the best of intentions. Democrats had the best intentions when it came to the PATRIOT Act and the creation of the Department of Homeland Security as well, and way back then folks like me were saying “this seems pretty dangerous, especially if we ever have a despot take control of the country and the levers for these tools” which clearly has come to pass.
Democrats had the best intentions when it came to the PATRIOT Act and the creation of the Department of Homeland Security as well,
How do you know what their intentions were?
Well, not all of them, obviously. Yet, for example, I tend to think Joe Biden actually did have good intentions considering the bulk of the PATRIOT Act was based on his prior legislation in the 90s, his Omnibus Counterterrorism Act. It’s worth noting this was in response to a wave of US homegrown right-wing white nationalist radicalism and terrorism in the 1990’s such as Waco and Ruby Ridge. The Oklahoma City Bombing would happen a month after this bill first appeared. Considering the shitstorm we’re in regarding virulent white nationalist terrorism, I kind of think back when he first wrote it that it wasn’t such a bad idea.
People who were more clearly war hawks like Hillary Clinton? Probably a lot less likely to have had great intentions.
Yet others, like Ron Wyden, who has been a consistent critic of the out of control national security state and voted against military intervention in Iraq in 2002 also voted for the PATRIOT Act. He also spent a great deal of time trying to amend the PATRIOT Act as well.
And as much as Democrats drink from the same well of corporate funding as Republicans, I wouldn’t say the majority of the party is outright evil or don’t care what happens to their constituents. Schumer obviously doesn’t give a fuck, but I also don’t think he’s actually representative of the party as a whole as much as he just has power in a party that puts seniority over merit in intraparty politics.
It’s easy to forget how much shock and terror 9/11 really did put into people which colored how quickly they foolishly signed off on the PATRIOT Act.
The left was saying that the PATRIOT Act was a bad idea from day one, just like we were with the Iraq War. People keep ignoring the left (or dismiss us as paranoid) and we keep getting proven right over and over and over again.
No shit, I was one of those people. I just don’t ascribe to malice what can adequately be explained by stupidity, being out of touch, and not thinking through long-term political consequences. Once again, the Omnibus Counterterrorism Act was largely in response to white nationalist home-grown terrorism, which not having squashed that in the 90s is literally part of why we have the problems we have to day with a white nationalist government. Still didn’t make it great, but I have a lot more sympathy for its origins in that era.
Are they going to check people’s PCs at the state borders as they move in then?
Do you have any
fruitcomputers to declare?
Not really, the microsoft asshole that coded systemd wants chips on hardware for linux just like 10/11. He’s going to help fuck linux the same way they fucked windows.
Bro Poettering worked for Microsoft for four years after working for Red Hat for fourteen and then left to create Amutable, and no offense, but I don’t see his goals for Amutable to be about trying to force everyone to use his solution as much as giving groups who use massive numbers of Linux servers an option for something they can more securely lock down and ensure hasn’t been fucked with. I don’t think he’s out here building a desktop distribution and telling end-users they need it for security.
This is just FUD fearmongering, especially considering how small the company is. He isn’t forcing the entire ecosystem to adopt his ideas.
If you want to trust the pedomericans, that’s your problem.
Dude, Poettering is literally Guatemalan by birth, grew up in Brazil, and lives in Germany. Amutable is based out of fucking Berlin!
Stop reaching.
“Guys will do literally anything but
go to therapyuse systemd.”And who is he working for ? The pedomericans.
Dude you sound like a Republican talking about china being behind everything. It’s time to fucking reassess and touch some fucking grass.
Show me who on the board of Amutable is who he is “working” for, since he’s one of the founders, and most of the people involved are European, or show me the funding for Amutable that’s coming from these “pedomericans” you claim or seriously shut the fuck up. Because none of what you’re saying makes a lick of sense.
You don’t have to like or use the tools these people create. Are you forced to use systemd? No, there are alternatives. There’s valid criticisms (of which there are many for Poettering) and then there’s whatever horseshit you’re peddling here.
You might need help. If you’re unwilling to seek help, then at least learn to code and, you know, read the code.
Not the OS.
The OS “provider”
Linus Torvalds ain’t gonna check my ID. And i don’t want him to, either.
Everyone was born at 00:00:00 UTC on 1 January 1970
GOTEM! THIS IS ALL ABOUT POWER & CONTROL, AND THESE PEOPLE WANT TO COVER THEIR ASSES TOO!
Just think: Without legislation like this, kids will be able to see people having sex! Thus, ending their lives. Not so different from staring into the eyes of Medusa!
The amount of children exposed to sex that have died—or suffered worse consequences like early onset conservatism—may have been zero so far but the dangers are clear! We must skip right over parental involvement in child rearing and go straight to the source of the problem: Computers.
Computers have been giving everyone access to too much information for too long! We must restrict it! The first step is to get an implementation that actually works to censor information—to save the children (wink wink)—then later, we will have the tools necessary to censor whatever we want!
When glorious dictator decides that information about trans-genic mice must be erased from the Internet, we shall have the power to do so!
I would argue that early and excessive exposure to very misogynistic porn can be damaging to a child in that it can reinforce that misogyny and bad sexual patterns/ideas.
I would also argue that it is the job of the parent or guardian of said child to make sure the information they get online (or anywhere for that matter) is age-appropriate, and not the job of the state.
These are clearly laws that are either not well thought through or (probably more likely) intentionally limiting of every citizen’s privacy. I don’t think that even if the porn or bullying or whatever problem was as bad as they say it is that this would even be justified.
When my kids were young, but old enough that they may inadvertently stumble upon porn, I told them the truth. The truth that so few explain to their children. The truth that many adults don’t understand and many more completely forget.
Porn is fake.
It’s not real. The sounds? Acting. The breasts? Those are fake too. The perfect skin? Makeup (or airbrush).
Even “amateur” porn is fake! As soon as someone agrees to be filmed having sex it ceases to be real.
Also, let me get this straight: Your greatest fear from children being exposed to porn is they might begin to accept mysogyny‽ As in, you think porn is the most likely place kids will be exposed to it and somehow just nod their heads‽ “Oh wow, that’s totally sexist! But they’re having sex so it must be OK. I’ll try to be like that!” (Child nods head).
Or perhaps you think kids will be viewing so much porn—specifically, the mysogynistic kind—that it will somehow carve mysogyny into their minds?
This is so much like the beliefs of conservatives that try to ban books that mention LGBTQ people. Stop and think for a moment: How much porn did you view as a kid? How did that impact your life?
I seriously doubt it changed much. Unless, of course, you were reading Playboy for the articles.
We must protect little Billy from seeing tits, so he can keep laser focus on preparing for the next school shooting.
Hear, hear. When I was young my friends and I wanted to see the naked boobies but because the internet had not been invented we just couldn’t. It was impossible! Its not the kind of thing you find lying around!
Definitely not in ziplock bags hidden in the nearest forest to the school, put there by your older brother…
The reasoning in Australia is not about sex but cyber bullying. It’s a big problem and certainly more difficult to refute than kids watching porn.
Yes! Because cyber bullying can only happen on platforms that are designed specifically for adults. By banning children from social networks, we will have completely eliminated the problem and totally not at all created much worse problems like potentially leaking the identities of millions of people and destroying the entire concept of privacy.
(Nods head vigorously)
How the fuck does age gating prevent cyber bullying? That’s not an age issue, it’s an asshole issue.
Oh wait, because it’s not about age at all but identifying individuals who think differently when the regime. Whichever regime that is.
Like those cases where the cyberbullying was coming from the children’s own fucking parents.
Protecting parent’s rights to abuse their kids is a common, if unstated, goal of laws like this.
This goes in a better direction than web sites doing it themselves, I think. The government put out an open source tool that runs locally and the browser just gets a yay/nay return code from it.
On paper, I like this solution better than every app/site developer having to hack together (or outsource) their own age verification system. But I’m sure it opens up a ton of potential problems. And if it’s open source, someone could just fork it and make a version that always says “yes” so unfortunately it’ll never be FOSS.
It wouldn’t even work on paper. All it would take to twist this into something dystopian is requiring cryptogtaphic attestation for the age range, and knowing lawmakers, they would justify it as a countermeasure for kids lying about their age. Expand the feature as a web API so websites can use the “easier” and “more secure” system-level age verification process and—oh look, now we can’t use important websites without a commercial operating system.
It would be like Secure Boot but worse. At least with that you can turn it off or enroll your own keys.
Some kind of cryptographic signing of the executable could probably help with that.
Ultimately I don’t believe there can ever be a foolproof solution and the emphasis should be on client-side parental controls.
The only thing this bill seems to affect are apps. It has no provision for websites, meaning kids would still have unlimited access to adult content. If a kid wants to get around browser checks, all they have to do is either install an older browser that doesn’t use the OS verification, or find a plug-in that fakes it (and of course those will immediately come out).
Even worse, if the OS requires ALL software to acknowledge the age verification checks, what do you think that means? Everyone in Colorado is required to immediately spend thousands to buy all new versions of every program they use? And what happens to the software that is no longer updated? If you’re lucky, you can buy something completely different and spend months rebuilding all your old information into the new system? Sounds wonderful.
I think it’s pretty clear that this was written by people who are used to getting everything from the iOS store/macOS store/Microsoft store/Google Play store and have no fucking clue what using a computer that isn’t “app-based” is like.
-
How do they secure age data? Age is most likely two characters, with a max of three characters. If there are penalties for sharing the age data when they aren’t supposed to, how do they secure this? Even with cryptography a two character number with only 70-ish reasonable and expected variations is going to be difficult to secure.
-
How do they ensure no one who is a different age ever uses the device? “Use mom’s iPad” is univseral. Does mom get in trouble for letting her child use her device, does the parent end up with the fine?
However, if a developer has clear and convincing information that a user’s age is different than the age indicated by an age signal, the developer shall use that information as the primary indicator of the user’s age range.
- How do they determine age other than self-reporting with anything other than wholesale spying on user habits? What other way could they possibly glean “clear and convincing information that a user’s age is different than the age indicated by an age signal” other than spying on a user’s device use? This also implies remote-control of the OS if the operating system vendor can change the age-gate remotely based on user habits.
- You don’t.
- Easy. The device constantly captures images of the user and checks them against the user image on file
- By scanning a government issued ID and checking against an online database with poor security.
I feel like #1 and #2 are problems whether its client side or server side. As for #3 I would lean in the direction of there being a one-time check with no persistent knowledge. Like when you flash your ID to the bartender to order a drink. A client app that scans the ID and returns the answer to the requestor.
But I don’t think there is any way to reliably implement this sort of thing. I think it should really just be left to parental control and monitoring.
I think part of the problem is there shouldn’t be a server-side to this. Because that’s opening the door to all kinds of intrusive data-collection to determine age, even if they claim it should be done “minimally.” Define “minimal.” That seems to fly in the face of “clear and convincing information that a user’s age is different than the age indicated by an age signal” which is a direct quote from the Bill.
And as for number 3, I don’t see how no persistent knowledge could work. If the client app has read the data (“scanned the ID”) that means the client-app can now store that data anywhere the client-app has write access.
Further, it’s not like in real life when the bartender can scan the person up and down, look at the ID and make the assessment that McLovin is clearly underage.
If it’s open source it can be verified that it’s not storing the data.
And I 100% agree that software scanning an ID is an overall bad way to verify. With a CC# validation at least that shows up on my statement, but if my kid is sneaky enough to get mine out of my wallet I have no way of knowing.
-
