People here seem very against this, but I don't really see it. This only require to have a form asking about your age and provide an API to read it, right?
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
People here seem very against this, but I don't really see it. This only require to have a form asking about your age and provide an API to read it, right?
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
There are basically 2 possibilities with the outcome of this law: It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois (which wouldn't be effective either, but might be the kind of compliance theatre we'll see from maintainers worried about liability).
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
> It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
"so full of holes as to be meaningless"
what is the solution then to age gating apps that the public feels should be age gated? (TikTok, Instagram, etc). it seems like every app implementing its own guessing system would have even more holes, right?
this is one where I am sympathetic. the moment when someone, with their parent, is setting up a device seems like the best point to check age. right?
am I missing something?
the solution is to remove the bits of those apps that are harmful to children (and adults): the algorithmic data feed, the infinite scroll, the engagement tactics, the advertising
but how can you remove adult-only features for children only without knowing the age?
They're saying we should remove the features in general because they're anti-features harmful to everyone, and focusing on children distracts from that fact.
This conclusion is up for debate, but that's what they mean.
We should ban oil, drive EVs, everyone write Rust only, and invest in index funds. We should, but it's not going to happen.
don't do harmful things is pretty easy and can apply to adults too!
People lie, so there would need to be some kind of proof provided, right? How much data will one need to give up to use a computer? Where/how is that data stored? What else will it be used for? What happens when it’s hacked? How will test systems or servers work? If I want a computer that isn’t linked to the rest of my ecosystem, can I still do that or will age verification require I login with a cloud account?
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
It's not all about you.
I was using myself as an example. Nearly 60% of homes don't have any kids under 18.
I don't really see any good arguments in favor of it, so why do it? There's no reason my OS needs to know anything about me.
I guess I'm more surprised by the intensity of the backlash this generates here. I agree with you that mandating (weak) OS APIs like this the right approach, but that alone wouldn't warrant the severe reaction this is getting right?
A big chunk of the problem with this kind of legislation for me is that it inherently indicates a failure to govern to me. I disagree with the premise of the solution, but even more so this is trying to legislate a specific engineering solution for our current systems rather than any form of financial, objective guidance, or have reasonably actionable and enforceable consequences.
While laws that target engineering decisions are sometimes reasonable, they are always accompanied with specific guidance from a credible academic based institution (e.g. mechanical and civil engineering use private licensing bodies and develop specific curriculum and best practices).
The only time this law will ever be enforced is punitively for other crimes against major actors who are extremely limited in number. It is unenforceable for Linux, trivial for Apple, Microsoft, and Google to add to their OS. Presumably easy to spoof, the law describes it as minimal but once again, there isn't a specification so who knows. Websites won't be liable, they're getting a sweetheart deal here.
In practice what this law does is absolve abusive platforms an from any responsibility. It adds extra meaningless work and overhead for legitimate adult platforms while opening themselves up to new potential legal challenges, and ultimately doesn't replace the responsibility its removing.
This doesn't make children safer. This doesn't make the internet safer. This kind of legislation makes it easier to abuse children online by removing responsibility from platforms that are known to be dangerous to them yet profit from their presence the most.
It's considered offensive to the strongly freedom-loving FOSS community, and it's basically legally-required tech debt, which is annoying to all maintainers
Code is speech. Open source projects are an exercise in speaking publicly. This law mandates particular speech in your otherwise Free as in freedom code.
How are you not outraged? People are missing the above forest for the "oh but it's a tiny little easy API and I don't see any downsides" trees.
Seems pretty reasonable to get annoyed at a law that at best will be useless and at worse dangerous, while it will directly dictate features into the tools we all use everyday. All for no gain for anyone but maybe Meta and some other big companies.
Why should an OS demand personal information from its users? It creates an unnecessary risk that the information will be leaked.
Laws exist that dictate what apps are allowed to do depending on the user's age. This means that in order to follow the law they must collect the user's age. If collecting the user's age is a common requirement of apps it makes sense for the operating system to expose an easy way to do that to make app development easier on that platform.
No, it makes sense for an App Store to do that. Or, that HTTP headers are set at the device or network proxy.
User account creation wizards could just create the dot files for the App Store. These weird laws ban OS.
The issue is that software can be installed from outside of the app store on pretty much every OS. Also if you have multiple app stores it would be convenient if they could all get it from the same place.
I'm skeptical we should ban all operating systems which permit this without an interactive age check. Shouldn't the free market acolytes be arguing that parents can choose between competitors which offer ever-improving parental controls?
to me, it's both the slippery slope argument and the lack of real reason other than "protecting minors". operating systems were designed to run the program/programs. You can make applications use this API to determine the user age, or you can just...ask the user in the application itself. I also don't see why this is a requirement rather than an option the same way I don't see why having a Microsoft account is required to install windows or access to internet (without the current workarounds) or even those password reset questions and to some extent asking for first and last name. If I want to add those information, let me do that myself or when i use said software, don't make it a hard requirement.
The bill itself sort of goes against its "purpose". If the purpose is to make a convenient API for stores to know their user, and avoid showing them certain content then why did the bill state: "If an operator has internal clear and convincing information that a user's age is different than the age indicated by a signal received in accordance with this Section, the operator shall use that information as the primary indicator of the user's age."
because many people lie in those forms. Many people on steam will select they were born in 1900, including myself. So how will this API help? the only way for it to be useful is if they later require full verification.
The way I see it (to strongman the bill's position) is that by mandating it at account creation, an adult/parent can ensure that the age is properly set for a minor/child.
That being said, I don't think this bill was that well thought out as the implication are far reaching (will I need to enter an age when provisioning a VM?).
I mostly see it as a clumsy attempt to provide a mechanism for age-category attestation in a way that is more privacy-friendly than Texas's "upload-your-id" law.
I can see the argument of parents or guardians ensuring the device is properly set for their child, but I feel like age is not the right information to use. But I agree, it's definitely not well thought out.
I feel like if we assume this is in good faith, and they want to make sure adults can ensure minors don't have access to certain content, why would they use age as the information? This can be solved, or even have been solved by having Parental Control feature like in IOS which provides finer options than what you would get with age.
This could OK if this was requiring that any device or operating system have access to parental control in any capacity (either by default or via third party application) and limited for things that would be used by minors so that VMs or other stuff don't have to worry about this. Or, they could mandate products to indicate that the feature exist. That way, a parent can decide what to give their child.
What if I don't want my computer asking for my age and providing an API to give up that information? Why is the government mandating software devs to add bloat and privacy violating features to operating systems?
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
Meanwhile Epstein and the pedo elite are untouchable and with no surveillance of course.
Why are we bringing up our pet issues in threads that have nothing to do with them
Signal your virtue in the threads that are dedicated to those issues please, we don’t need to bring this up in a thread dedicated to some dumb law
I am very pro social media regulation (with regards to age gating) due to the evidenced harm it causes, and which court cases have shown these companies are well aware of internally; with that said, this is an attempt by social media companies to shift liability to keep business as usual/status quo. This is no different than what oil companies have done, cigarette companies, chemical companies who have polluted at scale while knowing the harm, etc.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
https://en.wikipedia.org/wiki/Sackler_family
https://en.wikipedia.org/wiki/Opioid_epidemic_in_the_United_...
https://www.profgalloway.com/addiction-economy/
> This is an attempt by social media companies to shift liability to keep business as usual/status quo.
Do you mind expanding on why that is? Is it because it allows them to say "well the API told us they're adults so we're all good"?
and the verification that the OS has to provide is minimal. the OS doesn't need to verify and ID or anything. Probably just a checkbox when you create the account that you're an adult, or child, etc. and then that's provided to the browser. So it effectively becomes meaningless if the goal is to get children off social media.
Purdue sold less than 4% of the prescription opioid pain pills in the U.S. from 2006 to 2012. They were a scapegoat for pill farm doctors and an incredible lack of personal responsibility from prescribers, pharmacists and patients.
Personal responsibility isn't a thing from a consumption perspective, it's primarily brain chemistry. See: GLP-1s [1] [2] (tldr they patch the brain's reward center against suboptimal reward chasing and demand)
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human. My pattern matching in the comment you replied to stands imho, and while it is admittedly imperfect (as you point out), I believe it remains directionally accurate.
[1] Why Ozempic Beats Free Will - https://www.psychologytoday.com/us/blog/hot-thought/202410/w... - October 4th, 2024
[2] https://news.ycombinator.com/item?id=45907422 (additional citations)
(think in systems)
>keep business as usual/status quo.
Umm isn’t that what we want? Or are you suggesting there should be some other legislation in place?
Age gating first [1] (no social for under X age), keep tightening the policy ratchet as data and evidence indicates. OODA loop applied to policy [2].
[1] Tracking Efforts To Restrict Or Ban Teens from Social Media Across the Globe - https://www.techpolicy.press/tracking-efforts-to-restrict-or... - February 23rd, 2026
[2] https://en.wikipedia.org/wiki/OODA_loop
That's exactly how I see it. Verification should be on the social media platforms not your OS.
This is the framework for requiring government ID to use online services, which increasingly power even local computing (thanks to DRM and cloud services).
They want to abolish anonymous use of internet services, because anonymous publishing at scale is powerful and dangerous to incumbents when they can’t retaliate with malicious prosecution, police harassment, or assassination.
Please explain how this law (or the CA one for that matter) require government IDs. It is worded specifically to _not_ require ID.