I will start making a list for linux then.

rm - ok for all ages.

grep - 18+, you can obviously use this to search for porn.

find - 18+, see grep.

reboot - ok for all ages.

echo - ok for all ages.

cat - 18+, prints the porn you found directly to your terminal.

sudo - 18+, obviously.

kill - ok for all ages. This is the US, right.

ps - 18+, no peeping at other processes.

There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place." There are just too many examples. For instance:

- Microstamping requirements for guns—printing a unique barcode on every bullet casing (Glock gen3 cannot be retired, thus, the auto-mode switch bug cannot be patched...)

- 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems

- Now, you need to verify your age... on your microwave?

At this rate, California should just go back to the Stone Age. Modern technology is simply not compatible with clueless politicians who are more eager to virtue-signal than to solve any actual problems or even borther to study the subject about the law they are going to pass. There will be more and more technology restrictions (or outright bans on use) in California because it's becoming impossible to operate anything here without getting sued or running afoul of some overreaching regulation.

Ignoring all the tedious 'no, you're a bad person for having different priorities and beliefs to me' comments that this will inevitably inspire, I have to ask: why does the operating system need to be involved in this? The intended target of the regulation seems to be app stores.

Someone has fallen victim to Politician's Logic: https://www.youtube.com/watch?v=vidzkYnaf6Y

Reaction 1: how would this even work with embedded systems that have no UI to input this data?

Reaction 2: it's open source, make the lawmakers do submit the changes.

Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions, or even older versions of distributions? When there's no exchange of money, a law like this is seems like it would be suppression of free speech.

Reaction 4: Someone needs to maliciously comply, in advance, on all California government systems. Shutdown the phones, the Wi-Fi, the building access systems, their Web servers, data centers, alarm systems, payroll, stop lights, everything running any operating system. Get everyone to do it on the same day as an OS boycott. And don't turn things back on until the law is repealed.

> [..] requires an account holder to _indicate_ [..]

i.e. this doesn't require age verification at all

just a user profile age property

> [..] interface that identifies, at a minimum, which of the following _categories_ pertains to the user [..]

so you have to give apps and similar a 13+,16+,18+,21+ hint (for US)

if combined with parent controls and reasonably implemented this can archive pretty much anything you need "causal" age verification for

- without any identification of the person, its just an age setting and parent controls do allow parents to make sure it's correct

- without face scans or similar AI

- without device attestation/non open operating systems/hardware

like any such things, it should have some added constraints (e.g. "for products sold with preinstalled operating system", "personal OS only" etc.)

but this gets surprisingly close to allowing "good enough privacy respecting" age verification

the main risk I see is that

- I might have missed some bad parts parts

- companies like MS, Google, Apple have interest in pushing malicious "industry" standards which are over-enginered, involve stuff like device attestation and IRL-persona identification to create an artificial moat/lock out of any "open/cost free" OS competition (i.e. Linux Desktop, people installing their own OS etc.).

---

"causal" age verification == for games, porn etc. not for opening a bank account, taking a loan etc. But all of that need full IRL person identification anyway so we can ignore it's use case for any child protection age verification law

----

it's still not perfect, by asking every day daily used software can find the birthdate. But vendors could take additional steps to reduce this risk in various ways, through never perfect. But nothing is perfekt.

---

Enforcement is also easy:

Any company _selling_ in California has to comply, any other case is a niche product and for now doesn't matter anyway in the large picture.

Skimming the actual text of the law[1], I don't see anything particularly objectionable. Basically it requires a toggle when creating/editing a local user account that signals "this user is/is not a child". Applications could then tailor their content for child/not child audiences.

Which isn't to suggest that it's a good law, just not really "age verification".

[1]: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

Sounds to me that this is how kids learn to spin their own operating systems (a la LFS, Gentoo)and apps.

This is how people bought personal computers when the mainframe priesthood banned them.

It appears that very soon, young people will "de facto" need to have this level of competence in order to survive and thrive in a world of "in loco parentis" operating systems and apps.

The latin reveals my age, but one thing about my age:

People my age did exactly that. We built our own hardware when there was none. We compiled (or copied) operating systems and apps. A couple of my friends wrote an operating system and a C compiler.

"My generation" created this entire internet thingy, installed and web-based apps.

Indeed, dumb-asses are going to level up young people.

As noted at the end of the article, I suspect the impact for many OS's is going to be that they add a line in the fine print somewhere saying not for use in California.

Richard Stallman's "Right to Read" is disturbingly prescient, as usual.

> (g) This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains.

So, this makes desktop Linux illegal, but all the software-as-a-service like Microsoft Azure and OpenAI get off scott-free?

Fantastic.

Regulating something they visibly had no clue about, just because they had idle time and paper: Is California trying to speedrun the innovation no man's land of EU?

What about:

- servers living in datacenters

- realtime operating systems in embedded devices

- the Intel Management Engine

- the OS on every smart chip in credit cards and debit cards

- wireless cameras, roombas, smart TVs, smart fridges

- cars. Those automotive systems have OSes too right?

- all those IoT devices, including California’s traffic cameras

What age signals should those devices send out? Is there an exclusionary clause?

How wouldn't this also apply to things like useradd(8) or simply automated user account setup, e.g. like cups, sshd, etc? Do we need to add this to vi for use in vipw on UNIX?

Bill text appears to be a copy/paste from a similar Colorado bill that just made the rounds. Methinks there's a special interest group trying to ram this garbage through a bunch of state legislatures.

Are lawmakers bored? Who is asking for this? Not the tax paying citizens.

Alcohol is harmful, and you want to prevent minors from obtaining it without parental supervision. Do you pass a law requiring every car to log the age of every occupant in case the driver drives to an establishment that sells alcohol? No, that's stupid. You require the person providing the alcohol to check age only when they are about to hand over the alcohol. Until someone actually attempt to access alcohol, they should not be asked their age.

Now exchange "car" for "OS" and "alcohol" for "age-sensitive content"

Does not require verification, no biggie, this is essentially a parental control system.

It's not clear that this applies where the "operating system provider" does not have "accounts". Linux should be OK, but "Ubuntu One" might have problems.

It's a good reason not to put cloud dependencies into things.

I've taken trips to California in the past for both personal and professional reasons. I'm seriously reconsidering whether I'll do that again in the future.

What happens if I bring a laptop with an "illegal" OS without this unwanted "feature" into the state? Will I be denied access to public wifi in hotels and restaurants? Or will it grant me access, but snitch on me -- make a call to the state police to come deal with someone with an illegal laptop? Will I be forced to install a different OS while a police officer watches? Will my laptop be confiscated and destroyed as contraband? Will I be thrown in a California prison?

I don't want to take a risk and find out.

Yikes, these government folks just sign without even thinking or having a single clue about how the rule will work. They are completely irresponsible.

California is a confusing state, age verification for operating systems while almost releasing this monster on the public: https://www.latimes.com/california/story/2026-02-26/serial-c...

I miss the days when politicians just generally ignored computers and left us alone.

Although it appear stupid, maybe an OS level endorsement of user age is actually a more reasonable middle ground than delegating mandatory age verification to data brokers...

It still parents that usually buy the computers and set up the différents user accounts. So the responsibilities would be put back in their hands as machine owners to correctly tag kid's accounts. OS vendors would then only be responsible to accurately transmit this declarative information to requesting App/services.

Of course some smart kids are gonna find a way to bypass that (as any other mesure you can imagine, because kids are smart). But nonetheless we could have a good enough OS level declarative age for 95% uses cases and send to the trashbin all the age verification creep that is the current trend.

Ah, so this is what Lennart Poettering has been cooking? [1]

[1] https://news.ycombinator.com/item?id=46784572

Sure, I'll ask where the user is located, and if they choose California, I'll ask them for their age. And if they choose over 21 I'll scold them for voting for Gavin.

Hmm i think at te moment its only Linux that has by default local only accounts except if being used in some sort of SSO environment .

Microsoft has been pushing aggressively to deprecate the local and funnel everyone to Microsoft online accounts , while Android and macOS/iOS are already in such a state by default.

Coupled with the same accounts being used for online login, looks like a feature creep panopticon in the making. With Linux lucking out be default.

I know this sounds absurd. But let me try not to be cynical and explain how we got here, according to what I understand:

First, let's admit the push for age verification laws isn't a partisan or ideological thing. It's a global trend. This California law has bipartisan sponsorship and only major org opponent is the evil G [1]. While age verification is unpopular in tech community, I imagine a lot of average adult voters agree that limiting children's access to wilder parts of the Internet is a good thing.

On this premise, the discussion is then who should be responsible for age verification. The traditional model is to require app developers / website owners to gatekeep -- like the Texas and Ohio laws that require PornHub to verify users' IDs. But such model put too much burden on small developers, and it's a privacy nightmare to have to share your PII with random apps.

This is why we see this new model. States start to believe it seems more viable to dump the responsibility on big tech / platforms. A newer Texas law is adopt this model (on top the traditional model) to require app stores to verify user age (but was recently blocked by court) [2]. And this California law pretty much also takes this model -- the OS (thinking as iOS / Android / Windows with app store) shall obtain the user age and provide "a signal regarding the users age bracket to applications available in a covered application store".

While many people here are concerning open-source OSes, and the language do cover all OSes -- my intuition is no lawmaker had ever think about them and they were not the target.

[1] https://calmatters.digitaldemocracy.org/bills/ca_202520260ab... [2] https://www.politico.com/news/2026/01/05/big-tech-won-in-tex...

Can I wash my laundry without an ID? Because my washing machine can connect to wifi, supports different user's profiles, etc, thus it has an OS.

I'm under the impression anyone doing nefarious things online are probably more-than tech savvy enough to not install an OS that rats them out...right?

Isnt that literally one of the first rules of the DNM Bible?

It's also completely pointless because users routinely use shared accounts. It was thus on the WinXP machine at home, and still is today on iPads and android tablets. Yes, Apple has made it dysfunctional so that rich people will get one iPad per person, but many children use games and social media apps via their parents accounts. Who is going to set up an AppleID for their 8 year old? (Well I did, but normal people?)

The people who wrote this law work for Microsoft and think people have individual laptops and phones with a cellular plan. They care nothing for user privacy, in fact they want persistent digital identifies for advertising.

I don’t see anything in that bill (https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...) that requires age verification.

It says users, on account creation, must indicate their age or birth year (or both) and that programs must have access to that info, but I don’t see any requirement about checking whether what the user enters is correct.

What does make it weird is that it requires account holders to enter that data at account creation, and it defines an account holder as ”an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state”

So, kids are allowed to create an account, but then, an account holder has to enter their age or birth year.

To top it of “a parent or legal guardian who is not associated with a user’s device” is not an account holder, so let’s say a 15-year old buys a laptop or smartphone and wants to set it up. There’s nobody associated with the device, so there are no account holders. Who should enter that age info?

On many smartphones, having a grown-up create an account first won’t work, as there’s no way to set up a second account.

> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure

That isn’t age verification at all

I seem to be doing more and more illegal things as time passes, whilst not changing my behavior at all.

Curious.

> …requires an account holder to indicate the birth date, age, or both, of the user of that device…

The way I read that, you just have to ask for an indication of age. Like when I'm not logged in to Steam and I want to look at a game with blood, it asks for a birth year and I pretend to be 109. That's not exactly "age verification." Am I missing something?

Who is actively lobbying against the “war on root access”? Which are the NGOs/PACs/non-profits with the best track record of getting results here? FSF and EFF come to mind, but I can’t think of others and don’t know of track records for any of them.

10/13/25 Chaptered by Secretary of State - Chapter 675, Statutes of 2025. 10/13/25 Approved by the Governor. 09/24/25 Enrolled and presented to the Governor at 3 p.m.

Why is this "news" today? Am I missing something?

> apply the privacy and data protections afforded to children to all consumers and prohibits an online service, product, or feature from, among other things, using dark patterns to lead or encourage children to provide personal information beyond what is reasonably expected to provide that online service, product, or feature or to forego privacy protections

My question, is if "the children" are worth protecting, why not adults? I would like to opt into not having to deal with dark patterns. Why not a age independent system, which a user can opt into and which "children" are automatically optd into.

This is a really strong example of how both the left and the right have been moving away from liberalism (ie, "classical liberalism," the general belief that people should be free to make their own choices and pursue their own interests) for the past 16 years or so. A bill like this could have just as easily come from Texas.

Practically, I think this is tough. How does a business verify their 20k Linux servers in AWS? What prevents Linux users from simply modifying their code such that they no longer do age verification? I think it's easy to imagine circumventing this one law, but this is another brick in the wall. Maybe your bank stops working on Linux. Maybe major websites stop working unless they get your citizen ID and age verification data from your OS. Maybe no one makes a browser that doesn't try to grab that information.

Not joking; stock up on books and keep a collection of media that you own personally. Perhaps your linux computer will start looking a lot like your PC from the early 90s: not connected to the internet, just used for word processing, some installed games, and media.

Is this the end of "smart" washing machines and refrigerators?

I can imagine Samsung asking for the user's age every time you want to grab a snack and refusing to unlock the door otherwise.

Or perhaps... they could add a camera to the fridge and send a stream 24/7 to their servers so they can identify the age of whoever opens the door. For complying with the laws of California, honestly!

Isn't it possible to jam and deny with any remote auth dependency?

Recently after we spent hours getting a Chromebook set up after a "Power Wash" due to remote auth failure, it wanted the old password and there was no option but to wipe the device.

They held our homedir hostage with required remote auth.

We were not able to log into our computer and lost all of our data because of remote auth.

Secure critical systems must not have a centralized remote auth dependency that can be denied.

clearly there's something I don't understand (or is the law just really this stupid?) - but what would this even look like for linux? every user account requires an associated age?

but users don't have a 1:1 mapping to the people that log into them. linux users that aren't used by any particular person, but by a particular _service_ are common. so are linux users that could be logged into by any number of people, and which have no specific single owner.

I actually prefer an OS-level API for Age verification rather than treating everyone as a child-by-default unless they upload their personal information to some random vendor.

BUT this is obviously not the right way to implement this.

How is this an OS concern? Shouldn't age verification be a government concern to implement a system which does a privacy preserving verification? And until such a system exists, there should be no laws about online verification at all?

Looking forward to resisting the regime.

Governments that require age verification for operating systems to protect children also drop bombs on civilian neighborhoods, fight wars that orphan millions and tolerate child labor, exploitation, poverty.

History teaches us governments are the best at protecting children.

It's not stated here, but is it implied that app platforms that, themselves, have an "app store", would be required to read this datum and pass it to their app store?

For example, I've got a map application on my phone that lets me download maps, widgets, POI lists, etc. from their app store. It seems like enabling that age signal through this exchange is exactly what the politicians are looking for.

Little bit picking at straws but I sure would love to find some way to punt this law. Medtronic has an insulin delivery solution which involves the distribution of a custom Android phone with a closed source app. Other fields in medicine do this as well as a matter of course, so that they can guarantee clinical operation on that particular device (rather than risk app operation on Android device fragmentation) and get OK’d by the FDA. The FDA testing process can take upwards of 4 years, and is usually cleared for -specific- operating system versions (which, by the end of testing, can be very old).

I wonder: since that operating system needs to attest and (vaguely) eventually report an age and other identifiers to a government API and app developers, will that report violate HIPAA?

"For the purpose of....covered application stores."

I'd like to see that definition. My OS doesn't have an "application store", so I doubt it's impacted by this law.

So if you write your own operating system without age verification you're not allowed to use it?

Is Github an application store? Is npm? apt? yum?

If not, why not? You need age verification before you even create an account.

Aha... Interesting, I'm the sysadmin of myself so I verify myself that I'm entitled to be root on my iron. Sometimes politicians reveal themselves in their future program dreaming things like mandatory online accounts on corporatocracty-controlled servers for all...

A better law would have been to require the apps look for an RTA header. [1] If detected trigger parental control password prompt which would only be enabled if a parent enabled parental controls.

Server operators could add this header to anything adult or that may contain user-contibuted content in their sleep. App developers could add a snippet of code to look for the header in their sleep. Then have a law that requires parents with small children under 10 must enable parental controls on devices used by their children. Why under 10? No confrontation with teens. The small children will grow into the process. No PII shared. No asking for ID. No sharing ID. Not on the OS, not on a third party website. I don't like green eggs and ham, I don't like them Sam I am.

We all know that once this law has been complied to they will extend it to require ID be uploaded to whatever company gives the most kick-backs to Gavin and an API key will have to be saved on the OS per account. This data will be leaked in 3 ... 2 ...

[1] - https://news.ycombinator.com/item?id=46152074

It's funny that more and more Chinese style laws are being passed in the West.

What's next? Chinese style social credit? You’ll need 800 points to run a sudo command?

Free society? Mass surveillance. The West is becoming more of a nanny state like China every year.

Will this only apply to an OS with human user accounts? I wonder how autonomous agents that are operating systems running on bare hardware are defined under this strange law. Not all OS are for humans. Consider many uni-kernel applications.

This law perfectly demonstrates the constraint problem: regulators assumed age verification is a simple checkbox at account setup.

Right now I'm on an ESP32 with free RTOS, will I need to add a keyboard and display just for age verification?

The actual bill: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

Bill text (it’s longer, but the rest is mostly definitions of the terms used here):

1798.501. (a) An operating system provider shall do all of the following:

(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.

(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:

(A) Under 13 years of age.

(B) At least 13 years of age and under 16 years of age.

(C) At least 16 years of age and under 18 years of age.

(D) At least 18 years of age.

(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.

(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

(2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.

(B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

(3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.

(B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:

(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.

(B) Share the signal with a third party for a purpose not required by this title.

OK, so way at the bottom it says this:

"This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains."

This is obviously a law so poorly written that it'll never pass a court challenge. Assuming anyone brings one.

People who cannot tell what is an operating system and what is not are writing laws

So silly question, in theory this is like brewing beer... what if a kid wants to make an operating system?

> "That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure."

I've been working around the Microsoft user-creation requirement for years. Looks like they were ahead of the game. CA is marching towards private-business surveillance. What could go wrong?

"That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure."

Not exactly true as you can do local account installs.

I wonder if you can get around the law by just having people build their own image from the source.

Our lawmakers have zero idea how software works.

"useradd bob" is an "account setup". does that need age verification too? haha

Headline is wrong. There is no verification requirement.

All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.

All the law asks is that 'adduser' asks for their birthday; and and age restricted software checks this on installation. Given we already have software it is illegal to sell to children this seems like an easy win? (Obviously it is still down to the parents to ensure the account is setup correctly)

There’s a concerted global effort to push this legislation. It’s also been proposed in Colorado and, some version of it’s been passed in the UK and Australia.

It doesn't require age verification, only age attestation.

More significantly, it does require all applications (from "covered application stores", but which has a definition for that which seems to include not only what you would normally call an app store, but any website or other source from which an app can be downloaded) to check the age signal provided by the OS when the application is "downloaded and launched".

While it is poorly drafted, circular, and self-contradictory on some definitions and other points, it arguably seems to prohibit age verification within the scope of apps it covers, in that:

(1) It requires all OS's to have an age attestation feature, (2) It requires all applications to use the age attestation feature, (3) It requires developers of applications to rely on the info from the age attestation feature as the "primary indicator of a users age range for determining the user's age", with the only exception being if the developer has internal (not external) information which is "clear and convincing information" that the user's age is different from what is signalled by the OS.

If age attestation in the OS becomes law, there's much less friction afterwards to pass another law to have age verification as well. It should not be humored under the mistaken belief that "it's just age attestation in the OS - nothing invasive about that".

LOL whats the enforcement scenario and who is going to be targeted for punishment if it doesn't happen?

This is truly stupid.

This is all very discussed in concrete terms of what exactly the terms of the law are, how this will be possibly implemented..etc.

But what about your outrage you all at the moral and ethical implications of this?

Extremely stupid that this will fall on the OS.

Accomplishes three things: Demonizes age verification, big tech gets to dodge it, cedes more control of your PC.

Fun to watch my generation who was raised by helicopter parents turn into tank parents using scorched earth techniques.

Californian seems like a state with a golden goose they keep trying to kill in ever more idiocitally inventive ways.

I really hate this new world where one jurisdiction - California, Europe, wherever - makes a law and suddenly every other jurisdiction has to comply because the law-making jurisdiction is big enough that tech companies can't abandon it.

And since it doesn't make sense to have dozens of different versions of their apps, they write to the strictest jurisdiction's laws.

If everyone has the power to make laws that apply to everyone...it's chaos.

Feel free to call me paranoid for seeing patterns where there are none but this to me looks like just one phase of a preparation for a very large event entirely unrelated to every age verification reason given thus far. I won't guess any further. "I'm a good boy."

so my smart microwave will require some age verification?

That would make retro computing illegal :(

They’re trying to destroy all the best nerdy hobbies. First drones, then 3D printing, now even my precious Amiga!

It’s to stop 14 year olds compiling the Linux kernel.

Remember when you leave California, please leave the dumb ideas there

I figured California would have been against the age verification on the adult sites like Texas and some other states are doing but then they go and 1UP them and decide to require age verification on the whole OS

Remember in that South Park episode where Cartman had a V-Chip[0] installed in his head and he would get shocked if he said big floppy donkey dick?

In all honesty the V-Chip was meant to protect children.

Age verification and identity assurance[1] is meant to reduce online banking fraud and combat terrorism/espionage.

Whats next outlawing encryption with Clipper Chip[2] 2.0 and saying its to save the whales? I guess we have QUIC and other DRM tech to ruin our day so it doesn't even matter.

I would prefer we drop the think of the children[3] charade and act like adults and get serious about online crime/fraud/terrorism and maximizing online banking.

The biggest problem with this thought domain is that the internet is global and we are thinking at regional, national, and state levels. For so many years everyone has heard complaints about the great firewall of China only to build our own? I guess we have no other choice since bad apples spoil the bunch[4].

[0]https://en.wikipedia.org/wiki/V-chip [1]https://pages.nist.gov/800-63-3/sp800-63-3.html [2]https://en.wikipedia.org/wiki/Clipper_chip [3]https://en.wikipedia.org/wiki/Think_of_the_children [4]https://en.wikipedia.org/wiki/Bad_apples

undefined

Trump - making heroic efforts to give Newsom the presidency in 2028. Newsom valiantly resisting those efforts.

A few thoughts:

Won't kids just lie about their age, like they do to sign up with social media?

What if more than one person uses the pc?

What if it is sold?

If the OS is open source, then the user could remove the software code to collect the data.

This is protect-young-people theater.

If

Buffy Wicks obviously should not be legislating APIs. But I think it's funny how badly this misinterprets the situation. The local user account on a computer has never been less relevant than it is today.

How will this work with the numerous "Hobby" Operating Systems out there ?

What is the reason fir this law, what problem does it try to solve. It's not clear to me what age gas to do with using an operating system.

They should also require background checks for gun safes.

Dutch disease. Govt. just needs to keep the cash cows happy. Everybody else is irrelevant; just critters roaming the land.

I don’t think the title is correct? All OS must have age profiles that external sources can query. There’s nothing explicit that checks the age itself in the law?

It’s a shit law, but it’s publisher- and distributor-targeted, so the overly-dramatic armchair-rebels in the forum can calm themselves; nobody’s coming after the person with a Linux machine bc it’s not compliant. Because it’s a state law, Cali will have geo-fenced app stores and this’ll just accelerate the breakout from manufacturer-maintained app stores. Websites that host downloads will just have a user attestation that they’re not Californians and be hosted abroad. There’s also no verification method; it’s literally just a requirement that account creation asks for an age - something websites do all the time and is not remotely burdensome, just ask all the ones convinced my DoB is a year and 4 months after my actual.

It's getting to be time for tech firms to leave California.

undefined

Crazy idea, bear with me on this, but perhaps it's time to stop giving children smartphones.

Why can't we have normal politicians anymore, anywhere on the spectrum ? They're all racing for stupidity, it's simply terrifying.

To what extend is this real? What is the probability this will enter law fully? Is it just a proposal?

What about embedded RTOS, like WindRiver or Zephyr? What if I write a memory manager and flash storage file manager for a really barebones MCU like a PIC? It didn't even define what an operating system is. What constitutes an update? If a security patch to DOS 6 came out, would it suddenly be required to have this tech? Is z/OS going to have this tech?

Overall, I think don't think it's a bad idea for devices to be able to host an age verification system that offers requestable boolean proof of age, like if porn site demands over 18 to view, the user, regardless of age, is prompted and if they accept, it returns either a positive cryptographic claim or a cancel signal if not of age. If they don't accept the prompt, the same cancel signal goes back. The idea that this feature would need a mandate of law is dumb.

Sounds like a box checker. "Enter a four digit number lower than 2011 to use this computer properly". Ok then...

How about you go after the guys that actually do harm to children and let the rest of us live in peace?

Using any software made in California should be treated as a privacy and security threat.

Just when you thought windows couldn’t possibly get any shittier.

I can't keep up with all these attacks on personal computing/libre software/the web.

- AI causing RAM/disk price shocks and shortages

- Google attempting to lock down Android

- The EeYou codifying the Google-Apple duopoly into age-verification legislation

- Age verification requirements spreading rapidly

- AI scraping meaning many sites have WAF rules set to 'max'. It's getting extremely hard to browse the internet with a VPN + privacy features such as WebGL blocking etc. Geoblocking seems to be on the rise too (eg Trenitalia, Aegean Air).

- Governments wanting backdoors on devices

- Broadband price increases (10-25% rises are being baked into annual contracts here in the UK)

It seems in 2026 they've really gone full speed ahead.

What is the future going to look like? A Government-approved Apple OR Google spying device for the things you need to exist as a citizen... and a bunch of paper books/library cards/porn mags?

This sounds like one of those laws that get used not so much to force compliance, but to punish noncompliance as part of a larger case.

Feels like they're trying to implement a new wide-reaching protocol/spec by requiring it by law first, then expecting someone to magically develop something, and god forbid it's a different standard than anyone else's.

By next January there will be 30 different methods of age input signalling between OS and application. And then by 2030 we might have the top 3 adopted as established defacto standards.

somewhat related-ish https://xkcd.com/927/ :)

Cant't wait to see how Intel adds this feature to the minix built into the cpu.

I’d lay odds this is a free speech issue. Someone will sue.

If you're a Mac or Windows user, I mean, fine.

This is just not going to be a thing on Linux.

Are there app stores on Linux? Yes, that's what FlatHub and Snap supposed to be.

So what, should Canonical just block Ubuntu downloads to anyone in the state of California? No security researcher is going to download an operating system that asks them their age for example. I feel like it draws a red line for me also.

This law is so completely insane. It sounds like it was written by some Apple fanboy to whom there is no other operating system other than Apple. The very state that spawned GNU and BSD is the same state that is not only demanding your data but enshrining its use in spyware in law.

Are things like calculators excluded because they don't have proper app stores?

Since Linux is a kernel, not an operating system, it's unaffected by this law.

Maybe this is just an unsuspectedly astute way to get Microsoft to reenable local accounts?

This will be implemented as a dropdown asking for your birthdate, which anyone can lie on, and everyone will move on

Apparently the redacted politicians that were caught raping and murdering little boys and girls in the Epstein files are entitled to a higher level of privacy than either you or me.

this looks like law created for age or identity verification providers (persona etc). No one would build it from scratch. It will be passed to these providers.

Was there HN discussion at the time the bill was introduced / passed?

Another clueless politician coming up with a law that makes him feel as if he did something right.

Next they'll try to ban sexps without age verification.

There is sudden concern with teenager's safety

I guess California will release California OS with age verification.

What a ridiculous law, smells of some sort of frog boiling scheme to me.

step1: "lets see if we can get away with imposing a small easy requirement, you know 'think of the children'"

step2: "now that we have a foot in the door, lets see if we can get some real tracking in place, for the children of course"

Anyhow: as far as I can tell compliance on linux would be as simple as

    echo $YEAR_BORN > ~/.config/ca_ab_1043

"The road to hell is paved with good intentions." - unknown

I thought the lefties were supposed to be the smart ones.

These lawmakers are not even wrong.

To be wrong, one must understand what one is talking about.

Sigh.

Next step will be reporting potentially unlawful activities.

Waiting for BSD community maintainers reactions

Our leaders are lost people.

make Califonia computerless. stupid politcians passing stupid laws. imagine this guy becoming president.

America is losing the plot.

Next it will be all devices able to run Doom.

Not sure if California is EU-lite or it has surpassed them, it sucks sometimes here, they are on a path to regulate and ruin everything.

This is Big Tech manipulating us to be against regulations on their platforms including preventing pedophilia on Instagram, Twitter, Snapchat, etc. I'm still very much so in favor of regulating them. This smokescreen of a policy isn't going to confuse me.

Is this a weird attempt at device verification?

How will this work with ephemeral VMs? If you spin up a few hundred a day, will each one prompt you for birthday ? And whose birthday ? The CEO?

Define operating system.

This is basically the end of the Internet as it was. It's actually quite terrifying.

Ahh, new stupidity inbound.

what about the laws that say crossing the border is illegal?

They want to spy on everyone. This is against freedom.

I would not know why the operating system I use would need to sniff on me - or yield that information to anyone else.

This is clearly fascism.

we will own nothing, eat le bugs and be happy

So now I have to prove who I am just to use something I purchased? Am I gonna have to prove my age/identity to my new laundry machine (it runs on OS)?

undefined

wow that is messed up. Goodbye freedom

> Assembly Bill No. 1043 was approved by California governor Gavin Newsom in October of last year, and becomes active on January 1, 2027

It was already approved? This seems wildly invasive, and CA can't even pretend they're doing it to stop porn. CA is just monitoring citizens for the love of the game

You hear that, NetBSD!

China did this 15 year ago..Fuck yeah, America

This seems bizarre.

Many of you commenting haven't read the legislation and it shows.

RIP freedos

undefined

One could cope that this regulation can not apply to Linux or other OSS operating systems. But this is only true unless the bootloaders on consumer devices are mandated to be closed next.

We already have Secure Boot, the infrastructure is in place. It is currently optional, but a law like this can change that.

I wonder if that applies to the minix-derived operating system that’s running inside the intel management engine on intel cpus.

(I’m being sarcastic of course)

Make California the first society that goes back into a pre-technology era.

You know the non-governmental organization "Save the Children"? Maybe it's time to create a new one called "Fuck the Children" to defend people from these laws designed to mine privacy under the pretense of protecting minors.

Can't wait to have to prove to AWS I'm 18 before launching a server.

And I'll have to give a fake ID to our automated CI pipelines, I guess.

Mr. AI analyzed the wording in the link and said:

California Assembly Bill 1043 requires OS providers (including Linux) to add age verification at account setup, prompting users for birth date/age to signal age brackets to apps in covered stores. It may violate privacy by enabling data collection/misuse beyond age checks, similar to UK/Discord issues; no explicit civil rights violations noted, but could restrict access for adults/minors if misapplied. Benefits: Enables age-appropriate app content, protecting minors. Drawbacks: Privacy risks, enforcement hurdles (e.g., Linux disclaimers like "not for California use"), aligns with global trends amplifying concerns.

An updated deep dive by Mr. AI returned the following analysis:

Official link: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm... Revised pros: Enhances child safety via non-PII age brackets for app compliance; data minimization limits info shared; anticompetitive prohibitions prevent misuse; good faith shields from liability. Revised cons: Setup requires age input, risking misuse despite safeguards; enforcement challenges for open-source OS like Linux; increased developer liability for signals; potential access restrictions from errors or misreports. No clear privacy/civil rights violations for adults/minors, but implementation costs and global trend concerns persist.

My thoughts: California lawmakers keep turning the screw more and more to the left with AB 1043 being introduced by Democrat Buffy Wicks. Though it has bipartisan co-authors (8 Democrats, 3 Republicans) and passed the Assembly unanimously (58-0), it still feels a bit authoritarian to me. The California Assembly political divide is very left leaning with Democrats controlling 60 seats and Republicans 20 for a total of 80 with Democrats controlling a supermajority.

What's to stop someone from building their own Distro using LinuxFromScratch to bypass this new restriction? Nothing, in my view!

Which I had money cause, Florida looking good about now.

I thought Europe would do this type of stuff

undefined

They should just outsource these types of things to our ethics API

Linux doesn't care. We've already been down this road with media codecs and patents. Let every other OS continue their path to enshittifcation.

Boo.

I'm a law and order kind of guy, but this nonsense should probably be ignored.

Stuff like this just makes the anti-woke gang look more reasonable.

Not enjoying this verification can future

Pay close attention to which Linux distros trip on their shoelaces in their rush to implement this. Those are the people who will lick boots right up until we're not allowed to use PCs anymore, and turn you in for illegal assembly code.

Ok. No more linux in california. Forget silicon valley. Forget all the supercomputers at research establishments. Forget all the smart TVs. Forget all the cars with in-dash computers. Let's see how long california can keep its lights on without embedded linux.

In all seriousness, rather than comply, linux distros should enforce this law. Any linux install that detects itself being in california should automatically shutdown with a loud error message. I give it a week before a madmax situation develops.

What a great plot for a Black Mirror episode. Oh wait, it’s real life.

lol. The best kind of legislation (rated by entertainment value) is always written by people with no real understanding of the subject being governed.

I hope the headline is just ragebait cause I feel infuriated

How did we get so dystopian all of a sudden

This is happening in Colorado too, meaning it could be part of a national push:

Colorado Senate Bill "26-051"

The actual bill and links to its two sponsors Matt Ball and Amy Paschal.

    https://leg.colorado.gov/bills/SB26-051

    https://leg.colorado.gov/legislators/matt-ball

    https://leg.colorado.gov/legislators/amy-paschal

* It also reveals that visitors to any site are children, compromising their privacy and opening them up to targeted advertising

* The data will undoubtedly be added to the accumulated, traded databases so many services use

* The bill makes onerous demands of developers to consider other items that may suggest the user is actually in a different age bracket, like doing websearches for "toys" (child) or "toys" (adult) - which works what percentage of the time, exactly?

* And it's totally ineffective, since kids can look at porn anywhere they want, or internationally, regards of useless bill like this

The most egregious part of this bill is that:

* It legislates that if kids connect to a website, that website can query their age brackets (an "age signal"). This means their approximate age is revealed for kids-specific advertising, manipulation, or even sold to a pedophile group.

A DEVELOPER SHALL REQUEST AN AGE SIGNAL WITH RESPECT TO A PARTICULAR USER FROM AN OPERATING SYSTEM PROVIDER OR A COVERED APPLICATION STORE WHEN THE DEVELOPER'S APPLICATION IS DOWNLOADED AND LAUNCHED.

Basically SB 26-051 creates a mechanism that can be used to harvest the data that certain users are kids and then sell that data to anyone who will pay for it.

Data like this is traded internationally, which makes it tragic that elected lawmakers would waste time pushing a bill whose only mid-term effect would be making Colorado less attractive to developers and software companies.

The irony is that normally your kids would have been protected, by standard practices, from having their age exposed. This bill reverses that, putting your children at more risk.

The bill also would force many devices to provide age bracket data that are surprising to most people, because this part:

"DEVICE" MEANS ANY GENERAL-PURPOSE COMPUTING DEVICE THAT CAN ACCESS A COVERED APPLICATION STORE OR DOWNLOAD AN APPLICATION.

... means anything with Internet access and storage. This includes smart televisions, thermostats, tablets, smartphones, smart watches, some fitness tracking devices, some smart toilets, and so on, all potentially reporting your activity on demand, even if that back-end service has nothing to do with porn.

The bill is also poorly structured. Clearly it's intended to focus on services like app stores (Android, Apple), but by attempting to integrate support for this into operating systems, makes it available to hostile actors for any purpose worldwide. Further, it requires developers to guess whether other available information on a user might mean they're really in a different age bracket, exposing them to fines of $2500 to $7500 per minor "affected" (note: "affected" is not defined in the bill). The exemptions give blanket protection to developers working on for-internal-use software, but give no exemptions to recreational programmers. non-profit personal software, university projects, and so on, casting a chilling effect across software engineering generally.

Lastly, the bill is ineffective. Most of the web runs on Linux, a coöperative international effort, nominally controlled by one man in Finland. There is no chance of this bill's mechanism being implemented in this context. Nor will other developers be especially interested in rewriting software for this Colorado-specific bill. Further, the kids supposedly being protected from all the Colorado native porn sites would just web-browse to nearly any porn site and be outside of Colorado anyway, if not outside the US entirely.

These sponsors aren't alone. Most elected lawmakers are equally bad at technology and protecting democracy from the threats that come from chipping away at privacy protection. Bills like this appear in other states all the time, despite being toothless, easily circumvented by kids (who trivially circumvent even face photo hurdles), or radically compromising the privacy of adults (like this one).

There's also the long game, where these sometimes Democrat-led bills in various states could eventually see a much deeper-reaching federal one, where, instead of a "age signal", the user's computer must send an "ID signal", allowing all personal interactions with the Internet to be tracked, analyzed for political and other biases, and used by backbone firewalls to control exactly what people are allowed to read. Very handy for a dictator who might want to block off "fake news".

This is only a hypothesis, but one has to wonder whether sponsors to such bills even care if the bills work or pass, since either way they still get to claim they Protected the Children! even though the bills themselves violate privacy for everyone, often cause websites about breast cancer to be censored, or pave the way for authoritarian control - something this one stands out for. The only thing really surprising is that this bill wasn't sponsored by MAGA Republicans deliberately to add another paving stone to the road to national censorship.

I urge everyone to get in touch with other Colorado representatives to call for a fight against this travesty of a bill. Further, I would excoriate the two sponsors by email and phone, and tell them now that you will not reward this sort of juvenile lawmaking with your vote. Lastly, tell other people about how Matt and Amy plan to strip away their privacy in a way that puts children more at risk than doing nothing.

Good luck enforcing that in linux, simply because open source community agreed to never agree on anything. The strength of anything is also its weakness, always.

What is the point of this?

My car has some sort of operating system, right?

My TV, my fridge, my 30 year-old TI-82, my sprinkler system… my mom’s pacemaker.

And will I have to verify again when I switch to command line? =P

What a joke.

Lol no.

[dead]

[dead]

[flagged]