Colorado moves age checks from websites to operating systems | Biometric Update
www.biometricupdate.com
As Colorado lawmakers once again revisit online age verification, the debate is no longer about whether to protect children online.

Senate Bill 26-051 reflects that pattern. The bill does not directly regulate individual websites that publish adult or otherwise restricted content. Instead, it shifts responsibility to operating system providers and app distribution infrastructure.

Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established. The provider would then generate an age bracket signal and make that signal available to developers through an application programming interface when an app is downloaded or accessed through a covered application store.

App developers, in turn, would be required to request and use that age bracket signal.

Rather than mandating that every website perform its own age verification check, the bill attempts to embed age attestation within the operating system account layer and have that classification flow through app store ecosystems.

The measure represents the latest iteration in a series of Colorado efforts that have struggled to balance child safety, privacy, feasibility and constitutional limits.

  • Tynan@lemmy.mlEnglish
    141·
    8 hours ago

    On paper, I like this solution better than every app/site developer having to hack together (or outsource) their own age verification system. But I’m sure it opens up a ton of potential problems. And if it’s open source, someone could just fork it and make a version that always says “yes” so unfortunately it’ll never be FOSS.

    • pivot_root@lemmy.worldEnglish
      2·
      2 hours ago

      It wouldn’t even work on paper. All it would take to twist this into something dystopian is requiring cryptogtaphic attestation for the age range, and knowing lawmakers, they would justify it as a countermeasure for kids lying about their age. Expand the feature as a web API so websites can use the “easier” and “more secure” system-level age verification process and—oh look, now we can’t use important websites without a commercial operating system.

      It would be like Secure Boot but worse. At least with that you can turn it off or enroll your own keys.

    • baronvonj@piefed.socialEnglish
      4·
      7 hours ago

      Some kind of cryptographic signing of the executable could probably help with that.

      Ultimately I don’t believe there can ever be a foolproof solution and the emphasis should be on client-side parental controls.