I fully agree, the definition of application is too broad and should be revised. But how do we revise it without also introducing loopholes that companies can exploit.

All the law requires developers to do is receive the signal and treat that as the primary indicator of the user’s age and to comply with applicable laws (ie. things you should have been doing already anyways).

For applications like ls (which let me be clear that I do not believe this app should be covered by this law) it could be as easy as requesting the signal from the OS, deciding that the user’s age bracket does not matter for your execution, and just performing as usual.

They should really limit the definition of application to just social media apps. (which would likely include things like irc apps).

Yea they have to ask for your age bracket. That’s not the same as an ID.

I agree, the definition of an application is much too broad. And should be revised. But the difficulty is how do you restrict it without also creating a multitude of loopholes for businesses to exploit. At the very least we should restrict it to applications whose primary purpose is to interact with the internet.

And before you say it, yes I am aware that that still leaves many apps like curl, wget, ssh being covered. But it could be a start.

Or maybe just restrict it to social media applications. I am not a lawyer, I definitely don’t have a great grasp of how to create the type of language that is appropriate for laws.

It prevents apps from asking for additional ID verification. I’d rather my os ask me for a number I am able to lie about than to have to send my ID to 30 different apps and data aggregators.

Many people say that we should put more responsibility on the parents for what their kids are allowed to do online. This law does that.

Sorry it is really hard to understand what you are arguing here.

If you don’t want your info (whether you are an adult a teen or a child) to be shared with “owners of apps that are on the Epstein list”, then don’t install those apps. There is nothing in this law requiring you to download any particular app.

If an app were sending this data to a third party, like palantir, then they would be in direct violation of this law.

If you were expecting to be able to leave decisions about your personal privacy and security to any governing body then you are in for a sore awakening. You should be well aware of how privacy and security are things that we have to take personal responsibility for.

I agree until this law there was no reason for my os to know my age. This law creates that reason.

Any law can be bad if we take into account the imagined future possibilities. Should we outlaw electricity because it might be used in some way to make nukes?

If lawmakers try to issue further requirements for ID or facial scans then we can fight that. But until then there is nothing in this law that affects me outside of needing to enter a number less than 2005 when I setup my OS.

If you don’t have any kids then you literally can’t be fined under this law.

No… The law literally says that if you make a good faith effort then you are not liable.

An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.

Also the 2500$ is only for negligent violations.

Look, I don’t want linux to leave Cali. I have primarily used linux for the past 8 years and have no desire to use windows anymore than I have to. But, as you said, the linux community throwing their hands up and deciding to exit Cali and Colorado is just playing right into Microsoft’s desires.

The law actually has a specific provision preventing both os providers and developers from sending your information to whoever they want.

And the OS is only allowed to send the minimum information that is required. Ie. your age bracket.

Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.

I mean yea. If you don’t make a good faith effort to implement this age attestation page and api to allow apps to pull from it. Then yes. You would be liable.

You could of course decide to not provide to residents of California and Colorado. No one is forcing you to provide for either of these states.

There is not requirement in the bill to prevent users in specific age brackets from accessing certain content or applications.

It simply defines that a method for age attestation (not verification) must exist and that the age bracket data be made available to apps and appstores.

The people who decide what age brackets can access would be the appstores and the developers.

I will concede that using the word “controls” for the OS provider could be misunderstood. What I would assume is that they are meaning control as in the person/entity that provides updates for the system. Ie, MS, Apple, Linux Foundation, Canonical, etc.

… That is literally what this law does.

When a parent creates the account for their child they specify the age. If the parent decides to lie or circumvent the system and it affects their child then they would be fined.

Just to be clear the law itself says absolutely nothing about actually verifying the age.

I haven’t seen any devs in the linux space actually write about a real solution but my guess is likely not. Since the law specifies that users are “children”.

Are they? The law effectively only applies penalties to the parents. If you have not ready the law I highly recommend it. It is very short and says nothing about actually verifying the age of the user. It is equivalent of entering your age on steam or the “are you 18+” questions.

I think people are down voting you since they actually have not read the law themselves and don’t realize that the law itself says nothing about actually verifying that the age is correct. It is no more than what you said, like steam asking your birthdate before you look at certain games in the store.

The point of it is actually the exact opposite. With this law the parent would set the age of their child. And if they decide to lie and their child is affected then they could be fined.

The other thing it does is if a platform decides to ignore the age range of a user and it affects a child then they could be fined. But as long as they do best effort then it really only affects the parents.

It also prevent platforms from requesting additional ID verification unless they have confidence that the age bracket of that user is incorrect.

This was passed and signed last October. Why is this just hitting the news cycle?

It saddens me that someone who is willing to stand so strongly against an oppressive law would work to discourage discussion about those laws on free social platforms.

I hope you can consider your words next time and we can enter into a good faith discussion over the merits and demerits of any law.

I appreciate the insight. And you are right, that was my lack of understanding about how it could be struck down in court.

I do want to talk briefly on your point about these other devices where the law might actually apply since I have seen a few people bring up this point.

I the definition of an OS provider the law asserts that an OS is “computer, mobile device, or any other general purpose computing device.” (emphasis mine)

To me this clearly excludes those other types of devices because routers, tvs, etc are not general purpose.

As far as public computers I think that is a really good point and speaks to the vagueness of the law. There is no clear direction on how that works in such a common use case.

Coming from the engineering side as well and I’ve put more time, thought, and effort into project proposals than it feels like they put into this law.

I fully agree. None of this should be required to operate a computer. We should focus on the parents that give their children free range of the internet without teaching them anything and the school ciriculum which is lacking in this department as well.

To me it feels like the lawmakers have some good intentions with this law, but it was rushed through so quickly that they forgot to ask themselves how this actually would be applied and who they are actually trying to protect.

Edit: oh. Also I just wanted to point out that outside of the title and abstract the law does not use the word verify/verification. It just says “indicate” which is way too vague.

Totally a valid point.

Just to clarify I am not for this law. I do not think that this should have been passed. But also the law seems to have some good intentions and I don’t want to jump to conclusions after just reading headlines.

It feels like the law makers want to standardize and restrict how this age verification works without actually providing any guidance whatsoever on how to implement such a system.

I’m curious to see what systems companies come up with and what major flaws they will have (intentional or not) that data collectors will exploit.

This actually speaks to one of the concerning things about this law. There is a section forbidding developers from collecting additional information (unless they have confident information that your age is incorrect). But there is no such clause for OS providers.

Developers shall not “Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.”

Or

“Share the signal with a third party for a purpose not required by this title.”

This means that discord could not collect IDs or face scans without confidence that your age is incorrect. But windows can still require whatever they want.

But I guess silver lining is that neither of them can sell or even share the data with 3rd parties. Pretty minimal silver lining though.