I am ambivalent. While studying the anatomy of thr opposite sex is laudable from an educational standpoint, I think it is not the proper analogy to use.

Modern online platforms, like social media, is like hard alcohol; both have addiction and potential cognitive damage as known side effects.

Thus, when thinking of TikTok et al. age verification can be justified.

On the OS level though, that is clearly "throwing out bady, bath and the rest of the furniture"-level bonkers.

If one is sufficiently old, one was blessed by one's early birth. Modern social media is first and foremost designed to make addicted. This is a far cry from the early stuff the parent-generation experienced.

The internet will be to future generations what "medicine of the olden time" is to us: what were they thinking?!

They have to use a combination of "oh boobies" and "think of the children" because the techbros are rather intertwined with the current government. Plus the demagogues rely upon these networks, they wouldn't like the algorithm quietly tweaked to defavour them.

And, honestly, I wouldn't be surprised to discover down the way that all this age verification nonsense is mass data collection in disguise. You know how Netflix verified me? I had to pay €1 using a bank card (and that €1 was never collected, they only wanted to know the request was authorised). Sure, I could have lied and used somebody else's card, but then the liability falls on my head for lying. If age verification needs photos in various poses, copies of official ID documents.... where does it go, who has copies, who can siphon off copies, how and when is it deleted, what will they do when the info is stolen (note I said when, not if), the list of questions goes on and on. And so far all I see is a great big shrug. If we're really lucky, lessons might be learnt, but I rather doubt it.

Honestly, the continued attempts at normalising corporate/commercial surveillance in our lives (often with governmental support because politicians are dumb and easily bought) ought to be the story, not whether or not it's even remotely viable to run an open source age verification system.

I came to the same opinion. I fully agree with the points in the article.

But playboy isn't a good illustration of the inappropriate access. The far better illustration is from the concluding paragraph:

"PornHub, DraftKings Sportsbook & Casino, or Twitter. "

The fact is that there are things that kids 6, 10, 12 should not be exposed to. But the answer isn't to keep them off the internet (impossible, regressive and short sighted) the answer is that those harmful platforms have to be responsible for the harms they can and do cause.

Same.

Playboy and smutty VHSes are nothing like the hardcore material PornHub et al can supply 24/7.

Usenet and early BBS are nothing like the addictive algorithms of TikTok, Facebook, etc...

It's like equating a drop of water with an ocean.

"PornHub, DraftKings Sportsbook & Casino, or Twitter."

And, apparently, the pay-to-equip video games infesting the aether today.

"You spent HOW MUCH on Grand Mine Duty powerups??? On MY credit card???"

From memory /etc/shadow already has a couple of "age" fields. ;)

An /etc/bollocks file

# @(#) /etc/bollocks - see /etc/termcap

logname:has=[y|n]:dob=yyyymmdd:maturity=years:preferences=[lbtiq+]:

There will likely be a RFC for the LDAP schema but the US has pretty much redefined RFC to mean really fucked consensus.

"man shadow" is your friend. They're to do with password ageing. There's one field reserved for future use.

I said it another thread and I'll say it again here. It's total hypocrisy. This law is originated from a Democrat and not a Republican. I'm only pointing this out because it's not just a "one side" situation. Both of our parties in this two-party system are corrupt and not out for our best interests. They just go about stomping with different methods. In the mean time, this is the same state that would argue that you shouldn't need a valid ID to vote and that right has clear requirements on it that are easily enforceable if ID is required. Nobody has to invade your personal, private life privacy. That same ID is required to drive a car and to perform many, many other functions in our society but they say that it's not reasonable to expect everyone to have a valid ID to vote. I'm not here to trumpet (pun intended) that we must require an ID for voting. I'm just stating that it's total hypocrisy to try and implement a system like this when they group behind this particular stupidity already makes excuses as to why having a valid, proof of ID is such a big problem for much of our country.

Again, don't focus on the example of voter ID. Focus on the stupidity of this kind of law.

Just wait, in due time:

lying about your age will become a felony

the use of computers will be restricted to official software only, verified by the government

encrypted communication not piped through official channels in plaintext will be banned

programming requires a license and all code must be submitted for official review before you can run it

Programming will be done by government approved AI and generated code will be automatically submitted to another government approved AI for review prior to release to the prompter.

This is where it will be pushed to.

I can foresee 'wire fraud' convictions for twelve year olds. In Soviet America, everyone is a criminal.

The California law is this is age indication, not age verification. It's like the on-device age verification in that there was in the 2000s on computers and consoles. It's fine for the parent who wants to use it and ignorable for the parent who wants to continue having no interest in parenting. It's odd that it was written in law, but it has been and here we are. The good bit is that age indication has been written into law, not age verification.

You tell the GUI how old you are on first run or in user settings, and this data is stored in a file which is readable by the software package downloader app (the "app store"). If you wanted to make it nicer for the user, you'd check which area the user is in in regional settings and hide or show the age option so as you don't bother those users who aren't in an age indication area. Further updates to the age field require the root password.

Then Ubuntu, Mint, or whoever update the SQL tables in the app store, adding the new column, and setting the minimum age to 3 for every app, and return this new field to the software package downloader. The 1% of apps which need it are adjusted by hand. Then the software package downloader filters on the new field and also displays it with each software package.

Then the parent doesn't give their offspring the root password and that's it, job done.

If there were a standard age file in Linux then Steam could use it too, and suddenly it all starts to make a bit more more sense.

It's not thin edge of the wedge or the end of the world (which in case you hadn't noticed, the thin edge of the wedge was about a year ago and the end of the world is real soon now). It's just a tool that a parent can use if they want to without having to stand over their kids' shoulder which is what some people consider parenting, but it really isn't.

Since I don't want my children's PII and restrictions on their computer, I'm not parenting? Maybe I parent so that I don't need an OS-Based nanny?

Try this on for size: Obviously, since you think the state needs to nanny, you've got your own parenting issues and your parents were bad. (See how dumb that type of conclusion is and how damaging it is to society?)

Be careful of that name-calling and wild speculation.

It's not PII, it's a number. It doesn't even have to be the right one.

Ten years or so ago I set age controls on the console so it didn't show games which weren't appropriate. Later on I unset them because it wasn't necessary any more. Did using age indication make me a terrible parent? You tell me.

It would have been nice to have got to a point in the free market where every device has on-device controls to set an age and app stores/social media/games heed that setting. Unfortunately we didn't get that, we got a free-for-all instead. So really given all the laws that could be enacted as a consequence of that, this is probably the least worst one.

If you want an example of worse laws, look to Australia or the UK.

I've been using computers since 1979 and never saw that.

Second, third, and fourth paragraphs were my idea for how to have age indication in Linux, but there a reply just below tells me it's already been done.

This is already part of Linux and has been for years. It's called OARS, which means Open Age Rating Service. It's used by Gnome Software, KDE Discover, and Flathub. It just doesn't become active until you install parental controls (provided by libmalcontent and malcontent-control). The information is stored in /var/lib/AccountsService/users/${user}

I haven't tried it myself.

So Linux does have age indication parental controls. All that has to be done is distros provide the package by default and life goes on.

Thanks for the info. It's a shame knowledge about this isn't more widespread, then we wouldn't have articles proclaiming the death of Linux, distro owners prohibiting distribution in California, or so many people believing on-device parental controls are a threat to Linux.

> If there were a standard age file in Linux then Steam could use it too, and suddenly it all starts to make a bit more sense.

Try telling that to an indignant mob lighting torches and waving pitchforks about and see how many downvotes that gets you.

They would rather have CSAM available for all rather than allow sensible privacy protecting efforts to prevent that.

Where are these privacy protecting efforts of which you write? There have been multiple demands over the years but surprisingly (or maybe not) nobody has produced a proof of concept to be picked apart by real security experts.

> Then Ubuntu, Mint, or whoever update the SQL tables in the app store

Do you imagine apt-get getting updated to support ages, especially on a computer used by the whole family? And what if it's being run by a service account, or as part of the system, not by an actual user?

There's no need to include apt-get, the law says app store which for Linux is the distro's GUI software package downloader or Steam.

...how one is supposed to have a reliable way of verifying age in an open source operating system...

...when it would be trivial to "userage = 42;" then "make"...

...and quite a few people are ideologically opposed to the idea of binary blobs so having them run a closed age verification service would be a non-starter...

...and wouldn't that be a brilliant way to backdoor systems that people think are reasonably secure, so not trusting is a completely valid approach.

Anyone? 'cos all I can hear is the sound of crickets.

They don't solve problems. They just write laws. And if you are caught breaking those laws, then the problem is yours.

Laws need some relationship with reality. A law to abolish gravity could be written but wouldn't be enforceable. The enforceability is tested when it comes before a judge. A test case with a good battery of expert witnesses could be its downfall.

However, in the US the real problem could be the 1st amendment. Until the FBI solved their problem another way Apple was contesting the order to put in a back door on the grounds that it was compelled speech and therefore unconstitutional, code being established as speech in Bernstein vs US.

If you look at one of the businesses lobbying FOR this law its Meta, as then once the age verification is the responsibility of the OS they are then off the hook for doing age verification themselves as they can just say we allow users to access our services based on what age the OS says they are. And pass the buck for any age checks to someone else.

The whole age verification falls apart anyway as soon as you move from consumer OS to that of businesses. No enterprise is going to want to have to do external age verification checks for every device and user they set up on their network, or what about servers that don't run a GUI and could be admin by people from all over the world. So no doubt there will have to be some use cases carved out for exemptions to this ill thought out law and as soon as you start making exemptions the kids will jump on that and find ways around ages check in minutes.

Although it might actually be good for Linux in these states as once kids realise that it will be trivial to bypass age checks on Linux since the source code is available and within days of any distro putting in age checks someone will fork the code and have removed it. It might actually push adaptation of FOSS in those regions.

At the moment you can't even tell Meta apps your age. If their apps are obliged to query the OS for the age and it's set too low, then their apps will be disabled into uselessness and won't be downloadable on new phones. Legally.

So, if you can't self-certify age... The state is going to have to support some kind of Internet service (and that won't be a juicy dos target). Or maybe license 3rd parties to do it.

This seems like a way for cloud-type computing to attack standalone machines -- you know, because the cloud knows best. I don't see any cloud/virtualization vendors not wanting to promote this. This has the side effects of making old OS and computers illegal? So we need new ones or move to cloud?

I say go for it, implement this fast and let it fail hard as the clown show it is.

You can self-certify age. It's not verification. Read the California law.

Read the New York one.

Worse than UK and Australia, which took some doing.

> The state is going to have to support some kind of Internet service

OR the state is going to support some kind of door to door policing; there will be more than enough applicants for "your local official age verifier" from the curtain twitchers to the self-appointed "voting fraud inspectors". The enthusiastic ones won't even make you call for them to come over and type their key into your OOBE screen: they'll happily knock in your at any time they find convenient "to just check your OS is still compliant".

that contains the word SEX.

Back in the early days of the internet, many US sites were so paranoid they banned people with addresses that contained the three letters SEX.

So no one in Sussex, Middlesex, Essex, counties here or in the USA could register.

Madness? You betcha but remember that the Pilgrim Fathers were puritains. They hated the human body so much that for a woman to even show a bare ankle was heresy.

The current evangelical movement in the USA want a return to the old days where only White Men who own land can vote, stand for office or even drive a car. The women in their world are there to have babies and raise the next generation of White Men.

Though to be fair Scunthorpe was never missed.

I believe this is called the Scunthorpe problem.

Paranoid control freaks using health and safety to destroy tech and the economy.

"Linux" already has this in the form of Gnome Parental Controls. I'm not sure what is needed beyond perhaps changing the installer to ask if you want to include this optional package in the installation instead of you adding it later.

I've never tried it, but once you install it, it includes more features in the user account set up to do all the age related things a computer can realistically do.

So the parent installs Linux and is root and then sets up user accounts for each child as appropriate. Job done.

As for applying age related restrictions to someone with root access, good luck with that one. By definition, root can do anything, including changing or replacing parts of the OS.

"Linux is for the young, intellectually gifted, and curious."

Is it that US legislators are not happy with voters with these characteristics?

No, they're just corrupt. When various pressure groups like Common Sense Media and rich tech companies like Meta come along and say the OS or app stores should verify age, this is what you get. You also get press releases about protecting kids and holding tech companies accountable...while taking money from Meta to do exactly what Meta wants.

All so Meta etc can avoid liability for COPPA violations.

I'm struggling to get animated about this. My kids both under sixteen have iphones, they need apple accounts to do this which I set up with their ages (roughly correct), and that's fine. They can't do certain things and if there needs to be an exception, as the responsible adult for those accounts I'm asked and can give approval. It largely works.

If they use a computer rather than a phone, it's also going to be one I've set up for them. Frankly I don't want them on pornhub or 4chan, and while obviously I keep an eye on them I would have no major issue if the OS also had a knowledge of their (approx) age and was able to use this to limit them too. None of this stops me setting up a Raspberry Pi for them to play with. But the internet is an open sewer and if you're under sixteen and using it unmonitored, I would ask why.

And if you're over sixteen, this doesn't matter one jot. If my next computer asks me for an age to create an account, I type in a random date from the 1970s and move on without a second thought.

Will it work 100% of the time? No. Is it going to prevent adults from doing what they want? No. Will it make it harder for dubious businesses to target my kids? Yes.

I realise this is off-message so lets just assume I made lots of allusions to Orwell and government overreach, and said "think of the children" a few times.

"[T]he internet is an open sewer and if you're under sixteen and using it unmonitored, I would ask why."

I did at that age in the mid-'90s, with dial-up. Only one parent had the technical acumen to even try to get online; the other had no hope.

Of course, back then, the internet sewage was only sewer-sized -- now, it's an ocean. And no, I don't want my kids playing in it, but that's my job, not an OS's. Yet eventually I must release them into the wild and hope they'll not rush into the worst like I did in college (with massive bandwidth that's always on).

Legislators need to remember that in a few years the current under-16s or whatever will be voters. They will have created new cohort of voters already pissed off with them.

Chances are, no they won't.

Engagement in the democratic process is lamentably low in western countries that give them the chance.

One consequence of poor engagement is that votes are all too often cast against something rather than for something. Give a group something to vote against and its members will be more likely to vote. A thousand wound up kids vs ten thousand adults would can't be arsed? Not good numbers for a candidate.

https://use-their-id.com/

And this is only the START of shenanigans!!

This seems appropriate:

https://www.youtube.com/watch?v=I0kfe5tkdD4

Being a parent has very few requirements. Natural selection takes care of the worst. If you can produce offspring, congratulations you are a parent. Being tech savvy is not required. Being smarter than your offspring is not required. Being smarter than a politician is not required. It bodes well for humankind for yougnsters to be smarter than the current average adult. As a child I could have bypassed these OS age things. My parents were wise with experience and in their areas of expertise, not stupid. I knew more about these new-fangled computer things. I still learned a lot from my parents. My mother is still learning a lot from me about computers. I see a lot of parents where their kids will be able outsmart them on these OS age things. But those same parents could successfully impart behaviour the old-fashioned way by imparting respect for elders (obviously with exceptions) no tech solution needed.

> For example, to use Linux, you might need to submit a driver's license.

One of the most American statements I've read this week.

Amnesty bins.

Bin 1: Knives, machetes, swords & other sharp weapons.

Bin 2: Nitrous cylinders, herbal cigarettes, dodgy pills.

Bin 3: Slackware CDs.

It is really pathetic that no one has figured out yet that the way to fix this is through the courts in the United States. Perhaps some company with guts like IBM who is the patron of Red hat might decide to come forward and use their considerable influence and resources to bring this to the Supreme Court. This is a matter of privacy and a possibly even free speech.