FIPS updates/approvals always take a long time.

Just to clarify the law does not allow your os to transmit your dob. Only your age bracket.

But that is effectively what this bill does, just rather than a check box it is a date entry. There is no verification requirement. Only indication (attestation).

You are right. I have no additional response to this that would not make me sound like an asshole.

I’m sorry I am really not seeing what you are referencing from your link. This appears to be a link to the state administration manual which deals with how departments in the state of California operate.

This does not appear to be a law especially when you look at the procedure for revising the SAM.

Responsibility for updating SAM content is assigned to authoring state departments

Ie. Not assembly members.

Edit: sorry I didn’t respond to your second point. From the Cali law:

1798.503(b) An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.

exasperated sigh I don’t want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

• The law does not require ID verifications it only required that a parent indicate the age of their child when setting up their account.
• The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
• An “accessible interface” is not well defined here. But it could be as simple as a system call rather than a REST API call. Similar to open file or malloc. (this means no centralized government server storing the data)

I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don’t exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.

To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.

The intentions for the law?

AB 1043 offers a scalable, privacy-first approach that helps keep kids safe while holding tech companies accountable.

-Assemblymember Wicks

This ia a quote directly from the author of the bill link for reference.

Now of course the obvious question many people might ask is “are they being truthful?” But that is a question that people will have to answer for themselves.

Just want to clarify something about your comment since it feels like you have not had a chance to read the law yet.

(this is in reference to the Cali law but I am told the Colorado one is basically identical). The Cali law does not, in any way, require ID verification, it only requires that a parent attest to the age of their child when setting up an account for them.

This is not my argument for this exact law or any of these laws. I just want to make sure we all understand what we are talking about before going for the pitchforks.

While I can’t comment on any case law surrounding compelled speech. I don’t thing that this would qualify as compelled speech.

Just based off a quick web search it seems that compelled speech is more about the government telling news organizations to report what they tell them.

Can you provide any sources for these? Maybe a california legislator saying they plan to do this? Or a proposed law? Otherwise it is just the slippery slope fallacy. While that doesn’t disprove what you said it does not provide a valid argument for it either.

How I understood it would be that the api could be implemented as an API contained within your os. So it would be more equivalent to comparing it to a system call like open file or allocate memory than a REST API.

This is just the slippery slope argument.

The California law does not require verification. Only attestation.

The California law does not require age verification. Only attestation. From what I have heard the Colorado one is basically identical.

The NY one I have heard is more stringent. But I have not read that or the Colorado one.

You should avoid using generalizations so much. Not everyone is willing to pay the prices. Some people do avoid buying tickets from them, I know they aren’t my first choice.

This “us vs them” mentality is not healthy for anyone.

Except some larger artists only post their tickets to these sites. Because they are the largest. And if the artists sell elsewhere, nothing is stopping TM/LN from scalping the tickets to resell on their own site.

So, based on your argument, airlines should be able to form monopolies? You don’t need to fly anywhere.

Automakers? You aren’t required to drive anywhere. Just use uber/lyft/walk.

You are right, lower class people don’t deserve entertainment. /s

Antitrust laws exist for a reason.

I fully agree, the definition of application is too broad and should be revised. But how do we revise it without also introducing loopholes that companies can exploit.

All the law requires developers to do is receive the signal and treat that as the primary indicator of the user’s age and to comply with applicable laws (ie. things you should have been doing already anyways).

For applications like ls (which let me be clear that I do not believe this app should be covered by this law) it could be as easy as requesting the signal from the OS, deciding that the user’s age bracket does not matter for your execution, and just performing as usual.

They should really limit the definition of application to just social media apps. (which would likely include things like irc apps).

Yea they have to ask for your age bracket. That’s not the same as an ID.

I agree, the definition of an application is much too broad. And should be revised. But the difficulty is how do you restrict it without also creating a multitude of loopholes for businesses to exploit. At the very least we should restrict it to applications whose primary purpose is to interact with the internet.

And before you say it, yes I am aware that that still leaves many apps like curl, wget, ssh being covered. But it could be a start.

Or maybe just restrict it to social media applications. I am not a lawyer, I definitely don’t have a great grasp of how to create the type of language that is appropriate for laws.

It prevents apps from asking for additional ID verification. I’d rather my os ask me for a number I am able to lie about than to have to send my ID to 30 different apps and data aggregators.

Many people say that we should put more responsibility on the parents for what their kids are allowed to do online. This law does that.

Sorry it is really hard to understand what you are arguing here.

If you don’t want your info (whether you are an adult a teen or a child) to be shared with “owners of apps that are on the Epstein list”, then don’t install those apps. There is nothing in this law requiring you to download any particular app.

If an app were sending this data to a third party, like palantir, then they would be in direct violation of this law.

If you were expecting to be able to leave decisions about your personal privacy and security to any governing body then you are in for a sore awakening. You should be well aware of how privacy and security are things that we have to take personal responsibility for.