Why are Linux operating system providers taking it upon themselves to comply with the California law especially if they are not selling anything. Since it is just a downloadable piece of software then it is up to California state to set up a firewall to protect themselves from such harmful software.
Let's say I am a generic linux developer who develops variants of Debian Linux while sitting in my basement in any part of the world.
If one country wants to ban my software because I don't ask for their age, then set up suitable protections for your citizens.
Don't force me to do that. I am not responsible for protecting your citizens.
That is like saying if Saudi wants your id to make sure only males can download operating systems, so now will I add another restriction.
At least China takes it upon themselves to ban sites that they deem harmful for their citizens rather than forcing devs.
because the laws are coming with massive fines and penalties that will apply to people not even selling anything
unless you can confidently dodge American law enforcement, which is a big ask unless you are solidly anonymous somehow, then you are forced to react in some way
These days it seems best to not be in the US or any vassal country, in order to avoid this ridiculous overreaching of "we are the center of the world" lawmakers in the US.
I think you’re replying to someone based outside of California.
There's a huge fine in North Korea, perhaps even death, for saying "Kim Jong-un is a poopyhead" but I just said it and I don't care because I'm not in North Korea and I don't do any business there.
America enforces their law all around the world. They also have a strong power to lobby and set legal trends all over the world. It's a good thing NK don't have the capability, and perhaps the will also to do so.
Either Kim or his father had a family member murdered by poison in an airport. Putin has undoubtedly had people killed outside the borders of his territory. Lots of countries enforce their will upon people. The USA is just somewhat uniquely empowered to do it out in the open and with a guise of "respectability" due to outsized power.
I'm not disagreeing with you. Just pointing out an additional bit of detail.
Very common pattern in compliance, if you want to export to a country, (regardless of monetization method), manufacturers and distributors comply with local requirements like for example getting approved for local electrical parameters and implementing specific plugs for local sockets.
If you came to my website and downloaded something, I did not export it. Maybe you imported it, that’s on you.
But nobody 'came to your website', it's more like they sent you a letter and you mailed the package. That's exporting to me.
Consider that your server received a connection from an ISP that you know has global reach, and you sent the packages to IP addresses that are from a specific RIR and assigned to a specific country. That is if you are hosting directly if it's a third party, who knows.
Also, I am not a lawyer.
I am not a lawyer. Still, my two cents are:
You didn't geobock the download or prompt for then user's address first in your scenario. So it may constitute export because it would be reasonable to assume that you clearly intended to make it available worldwide.
Phil Zimmerman was investigated for illegaly exporting munitions because he made PGP available via FTP. The case was settled, so I don't know whether this argument would ultimately have been successful.
This is how the UK interprets things, but they seem to be alone on this in the present day.
Wyoming just passed a bill explicitly refuting this interpretation, other states are working on their own bills, and there is even a federal bill in the early stages.
The only exception that the US has ever acknowledged to this is ITAR, which is what the PGP case was built around, but it failed as you mentioned. But non age verified OSes are obviously not munitions.
Maybe some investigation worked this way, but to me it seems obvious twisting of supposed intention. If I don't geoblock, it is not necessarily because I want the thing to arrive somewhere. It can simply be, that I don't care who downloads it, or I don't want to waste my time with crazy laws, that I might not even know about. If Kiribati decides to have a new law, I probably won't even ever hear about it. Suddenly, me not knowing laws of another country, that don't even apply to me as citizen of my own country get construed into me "wanting to export"? Lol, what a silly line of thinking, which can only come from some people, who do everything to get to someone, including arguing in a completely twisted illogical way, and judges, who are removed from reality letting such a thing happen.
If we allow this shit to happen, be prepared for evolution deniers to push their nuts agenda through the same channels and similar. Suddenly, we won't find wikipedia articles any longer and suddenly having a blog about biology will lead to one being investigated.
If you gate access behind a Terms of Service, any violation is potentially a felony in USA. Any human who later litigated would have clicked Accept, or subverted your popup like a hacker.
New IPv6 allocations happen all the time so this is also problematic on a technical level.
Correct. Zimmerman was sued under ITAR and won in the Ninth Circuit court of appeals. They said that software language is free speech just like French is free speech.
So it's strange that California is trying to compel speech when the ninth circuit has already said that software regulation is unconstitutional.
I wonder whether the blast radius of the law might interfere with OSs running on cloud machines. That might explain why California based companies in the cloud business might want to ensure that the bits they resell are compliant.
This one seems to be attempting to provoke enforcement of the law against it.
Because despite the screeching, having good parental controls standardized across distros and OSS software is an idea that benefits Linux as a whole.
Parents already have full control over this because they make the choice to give their kids a device in the first place
Do they have full control or do they only have a choice between two extreme options?
They have full control. If you're talking about dangerous outcomes, those are reasons why parents don't give their kids things like knives or chemicals. Internet-connected devices should also warrant the same kind of caution
Having good parental controls would be nice. Unfortunately that does not describe AB 1043
Do you think the mechanisms required by this law, as described in the linked article, constitute ”good parental control”?
Yes, they sound reasonable and leave authonomy of using the feature to the parents while closing a massive gap that Linux distros have.
Nothing's perfect but being able to tell the os the user is say 5 and then not have sites etc. show porn seem better than nothing?
If you want that you get an OS that specifically supports child mode, you don't mandate all OSs default to having a child mode. The reason you don't do this is because when it's in place the default will be if you don't want to prove who you are you can't go anywhere on the internet except the most milquetoast sites (with no user created content) and the worst of the worst sites (that ignore these rules).
If I want to bash the government I don't want to have to choose between giving my id and going to terroristforum dot com.
If you're trusting a 5-year-old with a computer (connected to the internet, no less) and then letting them use it unsupervised, then you would already be putting a lot of trust in sites implementing age controls correctly (or at all). And if there's anything we know about the Internet, it's that web sites can be trusted, right? :-D Keep in mind, whatever law California passes, there will be web sites outside of Cali jurisdiction.
What's worse (and the point of the linked article), a kid who's not 5 but 10 would be very able to bypass this particular requirement, making it utterly useless. It's about as effective as the "parental controls" on Leisure Suit Larry. I'd argue that this is worse than nothing, because now the parent believes they have a working parental control mechanism when they actually don't. Which means you now have a 10 year old online without parental controls AND possibly without parental supervision.
What works:
- Talk to your children about what they can be finding online.
- Don't let children as young as 5 onto the internet unsupervised.
- Build trust with your child. Try to make sure your child trusts you enough to come to you if they encounter material they're not comfortable with.
- If you don't have that relation of trust, your child will hide their online "failures" from you. They are then more likely to be victimized by online predators by blackmail etc.