Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
OS age verification would effectively make some, if not most, linux distributions (or other less-popular operating systems) illegal. Because many linux distributions are made by small team of volunteers. In some cases a linux distribution might be maintained by literally one person. So these people likely do not have the time or money to include something like age verification into the operating system.
That said, there are some technically possible ways where this could be done to reduce the load on developers (perhaps with access codes, and a government maintained database) but the way age verification had is being done right now (face scanning, etc) would be a real headache to implement and quite possibly cost or time prohibitive.
It would be a shame if age verification laws effectively made open source operating systems illegal. It would suck if these laws inadvertently made it legally required that we need to support big tech companies like Apple or Microsoft in order to use a computer.
This is why I consider it regulatory capture in a trench coat.
Including an age flag field in user data on Linux is fairly trivial, and I’ve seen several proposals for it. Once that’s in place it’s up to browsers, “app stores”, or anything else that needs it to request the data and use it.
The effort from a Linux team here would amount to little more than a “are you 18 yes/no” and there’s no way that would be considered good enough down the line if not now.
Yet, with the way the California bill is written, so long as that data was collected at account creation, it would be adaquate.
Sure. For now. But in any case, aren’t they legally viable if someone complains?
That’s one bit that I do think could do with clarifying. As written resposibility seems to be split between the developer and the controller. From the rest of the bill, it seems like the developer is in the clear if the system functions, and it’s down to the computer controller to ensure users are correctly set up.
What would these systems look like? Im curious.
My concern is that, even if these systems are technically possible, the law will settle on using lucky inefficient methods of age verification such as using AI to scan someone’s face.
It one of the reasons I like the way the California bill has been written, it’s very clear that you set the flag, or provide a date, and not only makes no mention of verifying it in any way, but also requires that anything using it trusts it and may not perform any other checking. A service using that data is also explicitly not liable if it’s wrong, so they have no insentive check any further.
It is, obviously, possibly that laws will change in future, but it seems to me that having something like this in place actually makes it harder to implement anything more intrusive later.
Yeah I’ve heard of similar systems in Europe. It’s similar to two factor authentication. Hopefully something like this could also screen out bots, making influence campaigns more difficult. But regardless, however its implemented I hope it will be easy for not-for-profit operating systems (such as linux distros) to operate