(5)(a) "COVERED APPLICATION" MEANS A CONSUMER SOFTWARE APPLICATION THAT IS ACCESSED THROUGH A COVERED APPLICATION STORE AND THAT MAY BE RUN OR DIRECTED BY A USER ON A DEVICE.
(b) "COVERED APPLICATION" DOES NOT INCLUDE:
(I) A SOFTWARE APPLICATION THAT DOES NOT PROCESS USERS' PERSONAL DATA; OR
(II) AN APPLICATION FROM A FREE, PUBLICLY AVAILABLE CODE REPOSITORY.
That wording could be interesting, because it's ambiguous if free is applicable to the repository or the project. Presumably, the latter. This means you could absolutely do source-open but not open-source and still get around it.
Well it says code repository not artifact repository. But it doesn't prohibit obfuscation or transpilation and more generally doesn't appear to specify anything beyond "free and publicly available". I really get the feeling that the people who wrote the law don't have a clear idea of what they're trying to say here and that any court decision is going to be a roll of the dice.
On the one hand, I'm absolutely against blanket age verification laws like this one, think there are better ways to solve the stated problem, and believe that the current crop of legislation is being pushed by bad actors for nefarious purposes by means of pandering to public mania.
On the other hand, I do appreciate that a possible unintended consequence of the out provided by (5)(b)(I) could be that PII (along with user generated content in general) becomes similarly radioactive to if the US had passed a GDPR equivalent. Either that or it's used as a justification for every single online service to require government ID in order to interact with it "because liability". Unfortunately I assume the latter is somewhat more likely at this point.
Also is it defined precisely what it means to "process users' personal data"?
> there are better ways to solve the stated problem
Call your representatives. There is overwhelming demand for age gating social media (based on, honestly, good evidence). This will be implemented based on who calls in. If the status quo of technical people being hopelessly nihilistic continues, it will be written in the stupidest ways possible.
TL;DR We need age verification laws to prevent minors from accessing the addictive stream of toxic sludge rather than outlawing its manufacture and distribution.
How exactly would you do this without, you know, violating the first amendment? Algorithmic feeds are nothing without the content. People get toxic sludge because they signal to the algorithm that they like that.
Presumably by outlawing the types of algorithms used with the legislation carefully limited to a particular context rather than anything being authored by an individual. Right to express oneself preserved, government regulates a harmful product, business as usual.
As far as this specific Colorado legislation goes (which is concerned with the ability to comply with their previously passed data privacy law) I think it's not entirely bad but I have two issues with it.
First, it reverses the problem. Services should be sending an age-appropriateness (or even just general content classification) signal to the device for local processing, not the other way around. If you're going to mandate that OS creators do anything it should be to implement a certain baseline level of (interoperable!) functionality as far as parental controls are concerned.
Second, the entire thing should be predicated on some metric such as MAU or revenue or combination thereof not on the exceedingly vague idea of a "free, publicly available code repository".
> First, it reverses the problem. Services should be sending an age-appropriateness (or even just general content classification) signal to the device for local processing, not the other way around.
OK, so say the device receives a signal that say that an app is not appropriate for children under 13. How would the device find out if the user trying to run the app is under 13?
The question itself (ie if the user is under 13) doesn't matter. Already for the current legislation there's nothing stopping the device owner from intentionally lying about the age. So really this entire exercise is about providing a standardized means of control over filtering, thus my observation that the proposed measure is both backwards and overly limited in scope.
The software on the device can do whatever it would like with the signal it receives, including consulting the user account metadata for declared age if the device owner so desires.
It’s just the algorithms promoting things I want banned.
You may choose to sign up to see all the toxic sludge you wish, as is our constitutional rights as Americans.
You say “they signal to the algorithm”, but how? How did they see it in the first place to be able to provide that signal? It was suggested to them.
Often because that kind of content is really sticky for the site. Whether because you like it or it outrages you or scares you it’s manipulative in a way that is symbiotic with the platform’s goals.
It provides perverse incentives for creators and companies.
> It’s just the algorithms promoting things I want banned.
And again: the only reason the algorithm promotes things is because that person signaled that they were interested in it. They might've gotten it recommended by a friend, acquaintance, whatever, but the point is that if nobody had recommended anything to them the algorithm would have no data.
And again: how do you propose to get this to survive the first amendment? Algorithms are a form of speech under law.
By that logic no product regulation could ever exist because it restricts in some way the free expression of any corporation subject to it.
Obviously that's nonsense. Government bodies in the US are permitted to regulate the products traded on the market, at least within reason.
> the only reason the algorithm promotes things is because that person signaled that they were interested in it.
What point do you believe yourself to be making here? The only reason anyone shoots up heroin is because they want to. Or alternatively, someone can want a particular product without appreciating the toxic chemicals it happens to expose him to.
> By that logic no product regulation could ever exist because it restricts in some way the free expression of any corporation subject to it.
Except that this is case law, not something I'm pulling out of my ass. See Moody v. NetChoice, LLC, 603 U.S. ___ (2024), in which the court ruled that compiling and curating user-generated content into "a distinctive expressive offering" is protected editorial discretion, and that "the First Amendment offers protection when an entity engaging in expressive activity, including compiling and curating others' speech, is directed to accommodate messages it would prefer to exclude." The court did not rule on whether the same First Amendment protection extends to personalized curation decisions made algorithmically solely based on user behavior online without any reference to a site's own standards or guidelines. However, we cannot definitively say that the algorithms Facebook and co. use are not making decisions based on standards or guidelines of some kind, whether those be the community guidelines FB publishes or something else, because we don't know how they work internally, and they very well could be AI-driven with community guidelines in the prompt or something. Or they could be generic off-the-shelf recommender algorithms. Or something totally different. This bit TikTok in Anderson v. TikTok, where the third circuit court ruled that TikTok's "for you" feed was first-party expression and therefore not shielded by section 230, which is itself a massively misunderstood law of it's own.
Literally the only thing I am trying to illustrate is that "ban all the algorithmic feeds" is not as easy as you suggest, and the definitive research proving that they are harmful has yet to actually be found when meta-analysis is conducted[0][1]. The (far more) harmful thing is these platforms extremely lax moderation. Granted, moderation is impossible to truly do competently at scale, but still.
Can't say I agree. Notice that the proposed legislation isn't specific to social media. Rather it's explicitly advanced in support of Colorado's data privacy laws as they apply to minors.
There's evidence of lots of different issues, a few age related but most not. Adults certainly aren't immune to adversarial algorithms and dark patterns and the practical need for privacy isn't limited to children. It's more that we only seem to be able to achieve broad consensus to add additional regulations where it concerns children.
It's always written in the most midwit way possible, then, once predicted failure happens it's patched up to be slightly better. That's the default assumption for most of the things.
What do you expect? American politics selects for mediocrity. Being a world-class expert on something is a career disadvantage. Most of the electorate wants wants bullshit artists and cartoon characters.
No, the mania is based on extremely bad/cherry picked evidence. There are at least 6 studies alone (some including meta-analysis) which has found absolutely no link to prove social media is addictive or harmful to children. If anything, they've found the opposite, and one even suggests that calling it addictive might be causing the very problem we're pretending to solve
So if your service is proprietary, but your client is open source, it looks like your're free to go.
As someone that relies on third-party clients to get usable interfaces, if this gets widely adopted it would be great news. It would end the cat-and-mouse game from companies trying to force users onto first-party clients.
But the text says "or," not "and." So by my interpretation if you process user data but are available via "free, public" repo, you're not covered. I presume "free" is defined elsewhere in the text, and that it approximates "open-source."
(e) AN OPERATING SYSTEM PROVIDER OR DEVELOPER THAT DISTRIBUTES AN OPERATING SYSTEM OR APPLICATION UNDER LICENSE TERMS THAT PERMIT A RECIPIENT TO COPY, REDISTRIBUTE, AND MODIFY THE SOFTWARE WITHOUT ANY PLATFORM-IMPOSED TECHNICAL OR CONTRACTUAL RESTRICTIONS IMPOSED BY THE PROVIDER OR DEVELOPER ON INSTALLING ALL MODIFIED VERSIONS.
Aha, thanks! So I think that raises the question of whether e.g. RHEL is affected. Technically it could be argued that they don't add any additional restrictions, but I wonder if Colorado will see it that way.
But only if the user is not getting the app through an app store but from a "code repository"? I'm not sure if I interpret that correctly, but at first glance it seems confusing and ambiguous.
Does that mean I need to download the Android apk from a git repository? Would a clever lawyer be able to argue that the release section on GitHub is outside the repository and therefore not fulfilling this clause?
Would F-Droid still not be exempt because it is structured like a store and offers pre-built binaries?
"It's only for porn sites" to "its only for social media" to "its doesn't include open source projects" to "its only when you need an internet connection".
That's how politics works actually. Something has to be done but also not upset X, Y, Z because they will be loud. It's quite okay situation when it happens I think.
Yeah. I think a lot of us just look at computers and operating systems differently than these legislators. But we need to more effectively communicate our needs and side effects of their policies. And elect younger folk sheesh.
So a FOSS app running a device local diffusion model specifically for porn would be free of age checks. From a technical perspective that's not all that different from, say, an ansible playbook or bash script or whatever to download a model from HF and configure a local inference stack yet I feel like it must be an unintended loophole.
I'm actually OK if websites trend toward being endpoints and there's competition for frontends. The unification of the two by site owners has been a net negative for the internet.
As someone working on an open source project in CO, this is a welcome fit of common sense. How do these laws typically work in other jurisdictions, do they block non-conforming sites? Or does it open you up to lawsuits?
Edit: It looks like these laws will be enforced by app stores primarily, because they have more significant liability. I'm guessing they won't take the effort to provide exemptions to jurisdictions with the open source carveout unless it is common.
You have to add a couple fields or so to whatever gathers user info at account creation time. Personally I would find that non-trivial because nowadays those are usually GUIs and I haven't done any GUI stuff in ages. People who current write GUI apps for current OSes would have no problem.
Then you need to use that data in a way that lets you provide an API for apps to check the age bracket of the current user.
That part is easy, although some people will no doubt make it way more complicated than it needs to be (probably making it part of systemd or something ridiculous like that).
What I would do is create a file in some standardized location for each age bracket. These files would be protect so that ordinary users cannot open them for reading. When an account is set up, an access control list entry would be added to the appropriate files that allows that user to open the file for reading.
The API for apps to check if the user is in an age range they allow is to simply use the normal file access API to try to open the age bracket files corresponding to the age ranges they are checking for.
Does anyone have a citation for this that wasn't written by Claude? It wouldn't surprise me, but I refuse to look through AI slop to check the accuracy of the report.
There are so many things where we don’t do that. There are laws against giving children so many dangerous things, because you can’t watch them constantly outside the house, and honest I think unrestricted internet is worse for a child than alcohol. I’m not saying this is the right answer, but pretending it’s just a parental problem seems oversimplifying.
> it’s just a parental problem seems oversimplifying.
how/why did children survive all those generations ago where these dangerous things have existed, and all of a sudden, parents are now powerless and unable to parent?
Well for one they did not have access to 4k 60 fps incest porn at a moments notice in your pocket.
You had to go to a special store where an adult checked your age.
But I guess the better option would be to give parents the propper tools. For example every OS could have the option to set up a child account, that gives the age range to the app store / website the user visits. And the app store owner and website owner (of a certain size? Not sure) have to implement it. Just like store owners can't sell alcohol or porn mags to underage customers.
It's morbidly interesting to watch public discourse on what is and isn't considered a solely-parental responsibility. For example, we seem to have more or less accepted that comprehensive sex education should be taught in school (thank goodness), in part because it cannot be assumed that all children have a parent or guardian who can or will teach them these things. And yet this same consideration barely comes up when discussing internet safety.
Of course you do. And farmers like subsidies for corn. That's a general idea for them too. And of course you're going to say the public benefits from open source projects and the farmer will say starving no good. Middle class see, middle class do but think they no do.
We have age verification for many things. The problem now is trust. There is, for obvious reasons, negative trust that this won't ultimately harm people. That it won't be used to harvest more data and invade our digital lives even more. That negative trust is there because we see a constant ability to gather even more information about us, and use it to produce real harm, but no hint at an entity actually fighting back to protect people. If anyone in any government is reading this, you do not gain my trust that big tech will not abuse my information by requiring big tech to collect more of my information, you just loose my trust in the government. Earn my trust back and then, maybe, in some distant future, we can talk about 'but who will think of the children' legislation like this.
What for? That's kind of strange. Maybe if its a critical project, but for random projects that aren't like apache web server, nginx, or Linux Kernel, I don't care, heck I would argue if its a very very small change, and it has been scrutinized I don't care who it came from.
(5)(a) "COVERED APPLICATION" MEANS A CONSUMER SOFTWARE APPLICATION THAT IS ACCESSED THROUGH A COVERED APPLICATION STORE AND THAT MAY BE RUN OR DIRECTED BY A USER ON A DEVICE.
(b) "COVERED APPLICATION" DOES NOT INCLUDE:
(I) A SOFTWARE APPLICATION THAT DOES NOT PROCESS USERS' PERSONAL DATA; OR
(II) AN APPLICATION FROM A FREE, PUBLICLY AVAILABLE CODE REPOSITORY.
That wording could be interesting, because it's ambiguous if free is applicable to the repository or the project. Presumably, the latter. This means you could absolutely do source-open but not open-source and still get around it.
Well it says code repository not artifact repository. But it doesn't prohibit obfuscation or transpilation and more generally doesn't appear to specify anything beyond "free and publicly available". I really get the feeling that the people who wrote the law don't have a clear idea of what they're trying to say here and that any court decision is going to be a roll of the dice.
On the one hand, I'm absolutely against blanket age verification laws like this one, think there are better ways to solve the stated problem, and believe that the current crop of legislation is being pushed by bad actors for nefarious purposes by means of pandering to public mania.
On the other hand, I do appreciate that a possible unintended consequence of the out provided by (5)(b)(I) could be that PII (along with user generated content in general) becomes similarly radioactive to if the US had passed a GDPR equivalent. Either that or it's used as a justification for every single online service to require government ID in order to interact with it "because liability". Unfortunately I assume the latter is somewhat more likely at this point.
Also is it defined precisely what it means to "process users' personal data"?
> there are better ways to solve the stated problem
Call your representatives. There is overwhelming demand for age gating social media (based on, honestly, good evidence). This will be implemented based on who calls in. If the status quo of technical people being hopelessly nihilistic continues, it will be written in the stupidest ways possible.
Of course we could make predatory algorithms illegal. Or just algorithmic timelines/discovery algorithms.
Nah. Can’t stop the money. Let make brain destroying scams and ad spam legal as long as you’re over 18.
TL;DR We need age verification laws to prevent minors from accessing the addictive stream of toxic sludge rather than outlawing its manufacture and distribution.
How exactly would you do this without, you know, violating the first amendment? Algorithmic feeds are nothing without the content. People get toxic sludge because they signal to the algorithm that they like that.
Presumably by outlawing the types of algorithms used with the legislation carefully limited to a particular context rather than anything being authored by an individual. Right to express oneself preserved, government regulates a harmful product, business as usual.
As far as this specific Colorado legislation goes (which is concerned with the ability to comply with their previously passed data privacy law) I think it's not entirely bad but I have two issues with it.
First, it reverses the problem. Services should be sending an age-appropriateness (or even just general content classification) signal to the device for local processing, not the other way around. If you're going to mandate that OS creators do anything it should be to implement a certain baseline level of (interoperable!) functionality as far as parental controls are concerned.
Second, the entire thing should be predicated on some metric such as MAU or revenue or combination thereof not on the exceedingly vague idea of a "free, publicly available code repository".
I definitely agree with those. Age verification laws in general I have lots of beef with because they're so nonsensical.
> First, it reverses the problem. Services should be sending an age-appropriateness (or even just general content classification) signal to the device for local processing, not the other way around.
OK, so say the device receives a signal that say that an app is not appropriate for children under 13. How would the device find out if the user trying to run the app is under 13?
The question itself (ie if the user is under 13) doesn't matter. Already for the current legislation there's nothing stopping the device owner from intentionally lying about the age. So really this entire exercise is about providing a standardized means of control over filtering, thus my observation that the proposed measure is both backwards and overly limited in scope.
The software on the device can do whatever it would like with the signal it receives, including consulting the user account metadata for declared age if the device owner so desires.
It’s just the algorithms promoting things I want banned.
You may choose to sign up to see all the toxic sludge you wish, as is our constitutional rights as Americans.
You say “they signal to the algorithm”, but how? How did they see it in the first place to be able to provide that signal? It was suggested to them.
Often because that kind of content is really sticky for the site. Whether because you like it or it outrages you or scares you it’s manipulative in a way that is symbiotic with the platform’s goals.
It provides perverse incentives for creators and companies.
> It’s just the algorithms promoting things I want banned.
And again: the only reason the algorithm promotes things is because that person signaled that they were interested in it. They might've gotten it recommended by a friend, acquaintance, whatever, but the point is that if nobody had recommended anything to them the algorithm would have no data.
And again: how do you propose to get this to survive the first amendment? Algorithms are a form of speech under law.
By that logic no product regulation could ever exist because it restricts in some way the free expression of any corporation subject to it.
Obviously that's nonsense. Government bodies in the US are permitted to regulate the products traded on the market, at least within reason.
> the only reason the algorithm promotes things is because that person signaled that they were interested in it.
What point do you believe yourself to be making here? The only reason anyone shoots up heroin is because they want to. Or alternatively, someone can want a particular product without appreciating the toxic chemicals it happens to expose him to.
> By that logic no product regulation could ever exist because it restricts in some way the free expression of any corporation subject to it.
Except that this is case law, not something I'm pulling out of my ass. See Moody v. NetChoice, LLC, 603 U.S. ___ (2024), in which the court ruled that compiling and curating user-generated content into "a distinctive expressive offering" is protected editorial discretion, and that "the First Amendment offers protection when an entity engaging in expressive activity, including compiling and curating others' speech, is directed to accommodate messages it would prefer to exclude." The court did not rule on whether the same First Amendment protection extends to personalized curation decisions made algorithmically solely based on user behavior online without any reference to a site's own standards or guidelines. However, we cannot definitively say that the algorithms Facebook and co. use are not making decisions based on standards or guidelines of some kind, whether those be the community guidelines FB publishes or something else, because we don't know how they work internally, and they very well could be AI-driven with community guidelines in the prompt or something. Or they could be generic off-the-shelf recommender algorithms. Or something totally different. This bit TikTok in Anderson v. TikTok, where the third circuit court ruled that TikTok's "for you" feed was first-party expression and therefore not shielded by section 230, which is itself a massively misunderstood law of it's own.
Literally the only thing I am trying to illustrate is that "ban all the algorithmic feeds" is not as easy as you suggest, and the definitive research proving that they are harmful has yet to actually be found when meta-analysis is conducted[0][1]. The (far more) harmful thing is these platforms extremely lax moderation. Granted, moderation is impossible to truly do competently at scale, but still.
[0]: https://www.techdirt.com/2023/12/18/yet-another-massive-stud... (this one links to 6 other studies)
[1]: https://www.techdirt.com/2026/01/21/two-major-studies-125000...
> based on, honestly, good evidence
Can't say I agree. Notice that the proposed legislation isn't specific to social media. Rather it's explicitly advanced in support of Colorado's data privacy laws as they apply to minors.
There's evidence of lots of different issues, a few age related but most not. Adults certainly aren't immune to adversarial algorithms and dark patterns and the practical need for privacy isn't limited to children. It's more that we only seem to be able to achieve broad consensus to add additional regulations where it concerns children.
It's always written in the most midwit way possible, then, once predicted failure happens it's patched up to be slightly better. That's the default assumption for most of the things.
What do you expect? American politics selects for mediocrity. Being a world-class expert on something is a career disadvantage. Most of the electorate wants wants bullshit artists and cartoon characters.
No, the mania is based on extremely bad/cherry picked evidence. There are at least 6 studies alone (some including meta-analysis) which has found absolutely no link to prove social media is addictive or harmful to children. If anything, they've found the opposite, and one even suggests that calling it addictive might be causing the very problem we're pretending to solve
Wondering if providing a reference implementation of a safer age verification/gate would be one way to defeat these laws.
So if your service is proprietary, but your client is open source, it looks like your're free to go.
As someone that relies on third-party clients to get usable interfaces, if this gets widely adopted it would be great news. It would end the cat-and-mouse game from companies trying to force users onto first-party clients.
Most proprietary services would process user data.
It's also naive to believe that a fraction of open source in a companies pipeline would give them a free pass for everything.
But the text says "or," not "and." So by my interpretation if you process user data but are available via "free, public" repo, you're not covered. I presume "free" is defined elsewhere in the text, and that it approximates "open-source."
>(3) THIS ARTICLE 30 DOES NOT APPLY TO:
(e) AN OPERATING SYSTEM PROVIDER OR DEVELOPER THAT DISTRIBUTES AN OPERATING SYSTEM OR APPLICATION UNDER LICENSE TERMS THAT PERMIT A RECIPIENT TO COPY, REDISTRIBUTE, AND MODIFY THE SOFTWARE WITHOUT ANY PLATFORM-IMPOSED TECHNICAL OR CONTRACTUAL RESTRICTIONS IMPOSED BY THE PROVIDER OR DEVELOPER ON INSTALLING ALL MODIFIED VERSIONS.
Aha, thanks! So I think that raises the question of whether e.g. RHEL is affected. Technically it could be argued that they don't add any additional restrictions, but I wonder if Colorado will see it that way.
But only if the user is not getting the app through an app store but from a "code repository"? I'm not sure if I interpret that correctly, but at first glance it seems confusing and ambiguous.
Does that mean I need to download the Android apk from a git repository? Would a clever lawyer be able to argue that the release section on GitHub is outside the repository and therefore not fulfilling this clause?
Would F-Droid still not be exempt because it is structured like a store and offers pre-built binaries?
Boiling frog strikes again.
"It's only for porn sites" to "its only for social media" to "its doesn't include open source projects" to "its only when you need an internet connection".
That's how politics works actually. Something has to be done but also not upset X, Y, Z because they will be loud. It's quite okay situation when it happens I think.
Yeah. I think a lot of us just look at computers and operating systems differently than these legislators. But we need to more effectively communicate our needs and side effects of their policies. And elect younger folk sheesh.
It took almost 30 years for politicians to close down the openness of the internet. Not too bad.
I foresee a wave of new porn-related open source applications in Colorado's future.
So a FOSS app running a device local diffusion model specifically for porn would be free of age checks. From a technical perspective that's not all that different from, say, an ansible playbook or bash script or whatever to download a model from HF and configure a local inference stack yet I feel like it must be an unintended loophole.
I'm actually OK if websites trend toward being endpoints and there's competition for frontends. The unification of the two by site owners has been a net negative for the internet.
It is very fortunate for us that the authors were kind enough to demonstrate this has nothing to do with safety by adding this exemption.
As someone working on an open source project in CO, this is a welcome fit of common sense. How do these laws typically work in other jurisdictions, do they block non-conforming sites? Or does it open you up to lawsuits?
Edit: It looks like these laws will be enforced by app stores primarily, because they have more significant liability. I'm guessing they won't take the effort to provide exemptions to jurisdictions with the open source carveout unless it is common.
Good development, along with the most recent changes to https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
A colleague is hosting a virtual session on these and other similar bills around the world in two days https://maintainermonth.github.com/schedule/2026-05-22-age-a...
Or, now slightly out of date, read https://github.blog/news-insights/policy-news-and-insights/w... Added: I had not scrolled far enough on the front page, https://news.ycombinator.com/item?id=48214215 is on this blog.
hopefully if each state starts crafting dumb laws like this they all get banned via commerce clause due to infeasibility of compliance
This one is trivial to comply with.
You have to add a couple fields or so to whatever gathers user info at account creation time. Personally I would find that non-trivial because nowadays those are usually GUIs and I haven't done any GUI stuff in ages. People who current write GUI apps for current OSes would have no problem.
Then you need to use that data in a way that lets you provide an API for apps to check the age bracket of the current user.
That part is easy, although some people will no doubt make it way more complicated than it needs to be (probably making it part of systemd or something ridiculous like that).
What I would do is create a file in some standardized location for each age bracket. These files would be protect so that ordinary users cannot open them for reading. When an account is set up, an access control list entry would be added to the appropriate files that allows that user to open the file for reading.
The API for apps to check if the user is in an age range they allow is to simply use the normal file access API to try to open the age bracket files corresponding to the age ranges they are checking for.
This TOTALLY ORGANIC movement to suddenly please think about the children with required age verification in software makes me sick.
Whoever is behind this needs to be exposed, tarred, and feathered.
It's pretty well understood to be Meta, isn't it?
Does anyone have a citation for this that wasn't written by Claude? It wouldn't surprise me, but I refuse to look through AI slop to check the accuracy of the report.
It was written by Claude, the question is if it's accurate.
Meta and the spooks, yeah
Not as simple as that.
Meta's well know campaign was actually to make the app stores (and maybe OSes) responsible for age verification, not apps.
Google and Apple campaigned to make apps responsible for it.
Big Tech in general.
The kids are very fucked up tho by the internet in our pockets. I'm Not sure that id on OS is the solution. But we should be trying something
Parenting problems require parenting solutions.
There are so many things where we don’t do that. There are laws against giving children so many dangerous things, because you can’t watch them constantly outside the house, and honest I think unrestricted internet is worse for a child than alcohol. I’m not saying this is the right answer, but pretending it’s just a parental problem seems oversimplifying.
> it’s just a parental problem seems oversimplifying.
how/why did children survive all those generations ago where these dangerous things have existed, and all of a sudden, parents are now powerless and unable to parent?
Well for one they did not have access to 4k 60 fps incest porn at a moments notice in your pocket.
You had to go to a special store where an adult checked your age.
But I guess the better option would be to give parents the propper tools. For example every OS could have the option to set up a child account, that gives the age range to the app store / website the user visits. And the app store owner and website owner (of a certain size? Not sure) have to implement it. Just like store owners can't sell alcohol or porn mags to underage customers.
That's literally precisely what this bill does.
Seriously?
They didn't survive, they died:
https://www.statista.com/statistics/1041714/united-kingdom-a...
It's morbidly interesting to watch public discourse on what is and isn't considered a solely-parental responsibility. For example, we seem to have more or less accepted that comprehensive sex education should be taught in school (thank goodness), in part because it cannot be assumed that all children have a parent or guardian who can or will teach them these things. And yet this same consideration barely comes up when discussing internet safety.
Please don't fulminate or use all-caps on HN. The guidelines make it clear we're trying for something better here. https://news.ycombinator.com/newsguidelines.html
I know this is attached to a stupid bill, but I really like the general idea of special carve outs for open source projects.
Of course you do. And farmers like subsidies for corn. That's a general idea for them too. And of course you're going to say the public benefits from open source projects and the farmer will say starving no good. Middle class see, middle class do but think they no do.
It does seem kind of elegant, doesn’t it, in terms of aligning incentives?
Annoyed by the age gating, or feel it to be commercially burdensome? Open your source, and poof, no more mandate!
Just trying to build and maintain a cool thing, and share it with the world? Never mind the compliance burden.
Call it an Identity Verification Bill, or think of something even more negative. That is more accurate and doesn't sound as attractive.
Names matter. We saw ChatControl 1.0 get defeated, it probably didn't hurt that the name implied censorship.
But it doesn't verify your identity so why would you call it that? It just says an OS has to have the option to create a child user account.
We have age verification for many things. The problem now is trust. There is, for obvious reasons, negative trust that this won't ultimately harm people. That it won't be used to harvest more data and invade our digital lives even more. That negative trust is there because we see a constant ability to gather even more information about us, and use it to produce real harm, but no hint at an entity actually fighting back to protect people. If anyone in any government is reading this, you do not gain my trust that big tech will not abuse my information by requiring big tech to collect more of my information, you just loose my trust in the government. Earn my trust back and then, maybe, in some distant future, we can talk about 'but who will think of the children' legislation like this.
This makes it even more unconstitutional. Privileging certain classes over others for compelled speech makes is way easier to strike down.
Good, California too now
will colorado be issuing arrest warrants for developers ?
The DOJ already has been prosecuting developers of open source tools.
(https://www.therage.co/tag/tornado-cash/)
Contributing to an open source project is one of the very few things on the net that I actually would want id verification on.
What for? That's kind of strange. Maybe if its a critical project, but for random projects that aren't like apache web server, nginx, or Linux Kernel, I don't care, heck I would argue if its a very very small change, and it has been scrutinized I don't care who it came from.
Raises the defensive bar for today-unaccountable slop and malware, at minimum.
Is there any push-back options?
I feel like age verification is important online - a copy of the real world. Check my ID before I go in the pub.
It feels like it's jumped all the way to positive-ID. Not just "of age" but become you are "First Last".
It's possible (right?) to assert age and is-human attributes w/o knowing which specific human at what specific age I am online?