Are you aware of this?
California’s Digital Age Assurance Act, effective January 1, 2027, mandates that operating system providers and application developers implement age verification measures to protect minors online. This includes collecting age information during account setup and providing age bracket signals to developers when apps are downloaded
Yeah …
Instead of actually fixing the issue, let’s make stupid legislation that makes a lot of noise and fixes nothing. How about something like “Hey, parents, if you refuse to properly educate and supervise your children we are going to fine you into the poor-house.” … and then actually enforce it …
Greetings from the Fedora Project Leader,
I was not personally aware of this. I’ll look into it.
Because this is a legal matter, I’m going to refrain from speculating or opining about this until I sync with the project’s nominal legal assistance concerning impact.
This looks like the bill: Bill Text - AB-1043 Age verification signals: software applications and online services.
That sounds like required telemetry, but I wonder if that could be geo-locked to Cali? (I’m across the country along with apparently 48 other states not requiring it; Cali can keep their telemetry 
)
Basically … If you lie about your age when asked during software/OS/Online age verification, you can be fined $2,500 by the state of California …
So, as a “Good Faith Effort” by the provider of the age verification software … I would say ask 2 simple questions:
Then if {my_birth_year} - {my_parent’s_birth_year} is < 18
HALT! … Go ask your California Mommy for permission …
Record the failure on the provider’s system
Exit
And then watch the lawsuits fly and lawyers get rich …
( I would just give California back to Mexico and call it a day … LOL)
saw this on \.
I’m not sure it requires telemetry.
I’m now aware of a similar legislation in Colorado.
I really don’t want to get over my skis and speculate too much. But I’m hopeful that the biggest impact for the entire ecosystem is that we figure out a way to have an OS local API that applications can choose to query.. and ask the OS what age bracket the current user is… and then the application is able to make UI/UX choices based on the OS provided information.
I think the point is to not have to have all the applications have to figure out how to ask for age information individually. The point I think is to ensure age information can be part of OS account creation and applications can query the OS to determine which age bucket a user is in. No telemetry… just a way for applications to query the OS… a local API… sounds a lot like a dbus service to me.
So what I am envisioning in my head is a family desktop computer… where the parents are the administrators.. and they create an account for their kid. When they create an account, the OS needs to have a way for them to optionally indicate the age bucket for the human associated with the account. Applications then could choose to query the OS concerning the age bucket and make UI/UX adjustments based on the age bucket info the OS returns.
Again I’m still coming up to speed on these peices of legislation, and I still need to have more discusisons with people. What I think is being mandated by legislation is making sure OSes have a documented way for applications to query for the age bucket information for the user. Do not take that as binding understanding, that is my current understanding based on what I’m reading currently in terms of editorial interpretation of the legilstation that I can find. There’s work to do here to get clarity on that.
End of the day.. this might be a simple as extending how we currently map uid to usernames and group membership and having a new file in /etc/ that keeps up with age. It might be as simple as that and we extend the administrative cli and gui tools to populate that file as part of account creation. That might be simpliest and it solves the problem for the full ecosystem of linux OSes. Then applications just have to start choosing to look at the file.
this is always a case of “ask for legal advice” as there is always a catch that common sense misses!
Could use /etc/group … add a group for underAgedUser:x:98:{UIDname} then when user is enrolled/added to Linux, just add a checkbox for Under Aged User? (or something similar … If true/selected, then add user to group 98.
Obviously not perfect but at least a “Good Faith Effort” on the behalf of the OS provider.
Indeed, ask a lawyer…
I sincerely hope the legal advice permits the rest of the world to have naught to do with this.
Apparently blocking the state’s an option: https://ostechnix.com/midnightbsd-excludes-california-digital-age-assurance-act/
You could write to the committee looking at the first proposal in Colorado telling them it’s an unworkable proposal.
Why are you considering complying with that? There is no way this isn’t just the first step towards imposing all kinds of nitpicky compliance.
Absolutely write a letter.
I would argue, not complying and taking a public stance against it would be the only way to go unless you’re prepared for government overreach into operating systems to become commonplace.
I have had these thoughts:
California Prop 12 regulates pork and egg production (crafted by “animal rights” groups with the objective of making both prohibitively expensive). This got contested all the way upstairs, and the Supreme Court found that under States’ Rights, if California (CA) wants to be lunatics, they are allowed to be lunatics, and upheld it. HOWEVER, the court also found that under the Commerce Clause, CA law did not apply outside of CA, and that CA could not demand egg and pork producers in other states to be equally loony before they could sell product into CA. In short, CA cannot in any way enforce this outside their own borders, not even by restricting commerce from other states.
So that’s where it stands, under court precedent: California and Colorado can do this within their own borders, but they can’t enforce it on any other state, nor can they prohibit the noncompliant from crossing state lines. (Same as they can’t stop vehicles driving in from other states.)
And under the above, an OS preinstalled in another state then that PC sold into CA would not be regulated, as doing so would violate the Commerce Clause.
Enforcing it at all is a different matter, since the internet knows no such boundaries, and geofencing won’t prevent someone from using a VPN, or driving to Las Vegas and downloading eg. Fedora anyway (or just using an older OS, so long as they don’t need to use “software stores”). And there’s folks like me – I’m on satellite internet, and it geolocates me in another state entirely, about 800 miles away.
And exactly how do they plan to get users to comply? The only way to do so is if OS vendors enforce it. Fill in the age field, or it won’t install. After that, you’re into the murky grey area that surrounds software piracy, because absent identity verification (NOT required under this CA law’s text) you can’t stop users from inputting any age they like. One suspects were such ID verification enforced, it would work about as well as those states’ voter verification (ie. not at all).
What this DOES do is give the nefarious legal protection: “Your kid claimed he was 21, so it’s not our fault if he did $_age-restricted-by-law-thing on our site.”
Microsoft is the 800 pound gorilla here, and what Microsoft does is going to dictate whether this flies for everyone else. If they go along with it, anyone who doesn’t is functionally dead in the market, and such laws will spread elsewhere. If Microsoft says “you-and-which-army plan to enforce this?” then the law is DOA instead.
However, I fear Microsoft will say “Nifty opportunity to enforce that Microsoft login” and go right along with it. (Especially as I believe the next major iteration of Windows will be OS-by-subscription, which will require a credit card or bank account for billing. What did you think TPM was really about, hmmm?)
And yes, if parents hadn’t offloaded so much responsibility for parenting onto the government (albeit strongly “encouraged” to do so by mandatory public schooling) we wouldn’t be having this discussion, but that horse is long since out of the barn, down the road, and out of sight.
Good points. FYI: System76 and HP have made a deal to use Pop!_OS and have trained their people on it, so if Colorado law passes, good luck to anyone using Pop.
Absolutely… this is fully in the realm of requiring legal advice. And this is ecosystem wide impact here. I fully expect there are a whole bunch of conversations going on right now.
I guess here’s one way, from https://www.midnightbsd.org/download/
California residents are not authorized to use MidnightBSD for desktop use in the state of California effective January 1, 2027. California law CA AB1043 requires a complex age verification system implemented for operating systems with no exceptions for small open source projects. At this time, we don’t have development time or a plan in place for this.
Kinda have to like them for the push back.
Is there any chance that we could make that the needed adaptations in the Fedora media regarding this matter will impact only California users, without affecting the rest of the users? I mean, anaconda (and any linux installer) is already asking and even autodetecting your timezome. Which seems very close to what we need to create a trigger that will be used exclusively by California users. I also have seen other people suggesting just creating separated isos. iirc chinese distros do something similar to comply with chinese law while at the same time prevent these laws to affect other people in the rest of the world.
The main problem here as I see is that RHEL just can’t avoid to comply with this law and this is going to impact Fedora somehow.