Politicians will do any draconian measure to help kids except try and improve the lives of their parents so that they can actually dedicate time to parenting. Making it slightly harder to access the internet fixes nothing. What if instead of having the largest prison population in the world our government supported communities that make raising good children possible? Our society needs to lose this urge to diagnose each other and provide some forceful treatment and instead set sights on providing the pre-conditions for everyone to prosper and lead their version of a fulfilling life. Only then will we have functional, healthy children. I quite like what the mayor of Baltimore has been doing to revitalize his city and it seems to be leading to actual change there if you want a good example: https://m.youtube.com/watch?v=XQs59YY-e2I&pp=ygUXY2hhbm5lbCA...
IF it were for the kids - but I don't think it is.
> Making it slightly harder to access the internet fixes nothing.
This assumes it is about the children. But if you do not think so
then it opens up new alternatives suddenly, be it from tracking
people, to targeted ads or any other information that could be
gathered and eventually either monetized or put in tandem with
other information. We'd get age graphs that way too.
Before that we could speculate to some extent, but with mandatory
age sniffing and id-showing at all times, those who track people
and benefit from it, benefit now even more.
I'm glad I got to see the era where the internet was useful and exciting. I feel like every major change since about 2010 has pushed it more toward blandness and made it less useful.
This will be a big one. They're building the groundwork for a world-wide dystopia.
Come join us on what I will call the “scatternet”, the globally distributed, offline-first, async network full of all the things that made the old Internet great.
Save a few ISOs of still-free OSes and hoard a few extra cheap computers. (You might also want to get a 10Mhz capable radio.)
> The term “operating system” means software that supports the basic functions of a computer, mobile device, or any other general purpose computing device.
> The term “operating system provider” means a person that develops, licenses, or controls the operating system on a computer, mobile device, or any other general purpose computing device.
So excited to see the GNU vs. Linux debate finally land in court.
[Edit: Never mind, others have explained elsewhere in the discussion. It's the lawsuits Facebook is losing for addicting kids. So rather than, you know, stopping doing that, they want to instead legally force us to alter every OS on the planet. Disgusting.]
Just answering with a possibility here, but they could be seeking freedom from liability for failure to moderate content or ensuring their service is "not harmful". If it's only for consenting adults, and every adult can be pinned down with an identity, whatever happens can have the blame assigned away from meta.
> It leaves open to interpretation if it applies to all computers, or just general purpose ones.
That's not even the worst part:
> a person that develops, licenses, or controls the operating system
Suppose you write a generic piece of code that some third party then includes in an operating system, but you're the only relevant person in the jurisdiction. Are you now an "operating system provider"? If the "operating system" is made by hundreds of people or more, is it none of them or all of them or what?
Suppose you're a company and you've got a bunch of servers, which are computers, and you have root on them, i.e. you "control" the "operating system".
No worries, by that time so many people will have lost their jobs because of AI that you can hire a homeless person to register all your devices for a snickers. Dirty Mike and the Boys are going to own a lot of mobile devices, and control the world trade of snickers.
Do we know who is funding this? is this one of these things where Meta doesn't want the responsibility for this, so they are pushing to have the OS have the responsibility or something like that?
They also added this page since I posted that comment: https://web.archive.org/web/20260411112604/https://tboteproj... where they claim their website is "under surveillance" because it got a few thousand requests from Google Cloud et al, most of them to a single page. This really shows how low their standards are.
I share your wariness of the LLM garbage, but I believe the conclusions are correct. This has Facebook's stink all over it. I worked there and know of what I speak.
So we should believe the hallucinations because they sound like something that could be true? Does the LLM in the middle somehow makes it more trustworthy than if GP had just shared their own pattern-matching conjecture?
No. I think LLMs are garbage. Separately, and unrelated: I think Facebook is behind these bills. The LLM may be garbage and still sometimes produce a correct result.
Yes, it would be nice to know with certainty who is behind these bills. It sucks how much opaque money influences American politics.
Josh Gottheimer's press release[1] on HR8250 mentions the "Meta Parents Network." I don't know what that is, but it does have "Meta" in the name.
Buffy Wick's noise about AB1043 claimed it was passed with the support of tech companies. I have spoken directly to one person close to AB1043 who told me Facebook argued against AB1043. I have doubts. But if true, I suspect they were not arguing in good faith and had ulterior motives.
In the end, no matter who is secretly lobbying for or against age verification bills all over the planet, the bills are terrible, and we should fight them.
I was relieved to hear it was an emotionless mega-corporation catalyzing this, and not a sudden competence of evil bureaucracies in the USA and Europe.
> is this one of these things where Meta doesn't want the responsibility for this
Very likely, given the legal liability they are already facing from the "addictive" court cases that are turning against them. Moving the liability for "age verification" away means they will not also be facing a huge number of court cases accusing them of showing an underage person adult age content provided they followed the law's proscribed "ask the OS for the user's age" requirements.
Also, note that only a few months ago Zuckerberg was in court testifying that the single best place to perform "age verification" was in the operating system of a device. Now, like mushrooms after a long rain, at roughly the same time up pop bills in nearly every statehouse, Congress, even Brazil, that all read nearly identically and that all are so broad as to require "the OS in anything with a CPU do age verification". The nearly identical text in each highly implies a single lobbying entity is behind all of them (it would be quite the coincidence that 50 state houses, plus Congress and Brazil, all write nearly identical bills independently). And the connection back to Zuck's court testimony of "age verification is best done in the OS" highly implies that the single lobbying entity is Meta, or funded by Meta to obtain this outcome.
If something is codified in law, they can comply with the law fully, and yet not have any real backlash from users. This can also shield them from many lawsuits. Conversely, if they start ratcheting down age-verification on their own, users will become quite upset. If they don't ratchet it down, then... as you can see, potential lawsuit.
And this isn't just about LLMs, once the concept of "a platform is liable for harm" happens, it's about everything. Including content other people slap into an app store. And the US has been talking about section 230 removal, countries around the world are reducing such exclusions, so the wind is blowing towards even more liability for platforms.
If you look at Google's recent moves to identify all developers prior to install on Android, there may even be some of this in that. How can they ban someone from publishing illegal material, or material Google will be liable for, if they don't even know who the publisher is? They'll just slide into a new account.
(Note, I said "some" not "all", there is often not just one reason for an action)
So I suspect that the push is from all online platforms of any size or scope. It will shield them, protect them from liability, whist at the same time redirecting user ire at the legislation, not them. HN types might still brood, but the average person won't have insight. "Protect the children" as a reason works for the average person, it works very very well, and really, that's what a lot of these lawsuits are about.
So I point back to such lawsuits as the start of all of this. And I see it as why there is a push from Apple, Google, Meta and so on. And simply because I'm saying "big corp wants this, not just Meta", doesn't mean I'm saying "Meta isn't doing anything".
Meta can be pushing this, hard, whilst at the same time every other large corp can be working towards the same outcome.
Facebook. There's a wave of child endangerment lawsuits incoming and they want to head that off at the pass by having governments shift all that liability over to the OS vendors.
Microsoft just force-updated my operating system (despite declining every option and prompt) and the first thing I noticed working differently was it offering, in an OS popup, to "connect" the computer to "Facebook".
These people have root access to all our webcams.
I don't think we can tolerate these entities to continue to exist.
What can we do about it? The major tech firms have nearly all the power here, including quite obviously full capture of government (not just here but other countries as well).
How does that help Facebook? They already have plenty of signals to guess their users' age, what would they do with an other one? They are not going to ban children anyway.
The OS should start labeling everybody as a child by default. Forbid Facebook to show ads and any harming content by default. The OS has little less to lose with this approach than FB.
FB etc. may argue "device says this user is an adult", even though device may say that only because the parents don't set up separate user accounts e.g. shared family iPad, or because the kids being more tech savvy in the first place like we all were when I myself was a kid.
It must be OS responsibility because that’s the only place that allows the next step.
Everyone is so concerned with kids pretending to be adults, what about adults pretending to be kids? Any service that has any kind of private chat or picture sharing option will be a playground for “verified” kids.
Next step, “we must go further with the verifications until everyone is verified everywhere”. This is where the OS part comes in. Wish it was sarcasm.
MS is ratcheting up the 'mandatory Microsoft account' on Windows, probably for this reason. The 'identity strongly bound with the device' stuff on corporate devices is being tested and secured in that environment, and it is almost certainly one step from being forced onto non-corporate devices, once they 'have to' by law.
This is tiring. The text is so vague, and if a big country adopts it software companies will comply, and there's no reason to why smaller ones wouldn't, since 'the work is already done'.
I wonder if it would be illegal for an user to use an outdated system without those functions when they roll out, or to use outdated applications, or to distribute outdated applications, or to keep mirrors of multiple versions of operating systems. I doubt they thought that far, or if they care at all.
I read the bill and I feel like it's missing any technical details. It's almost like they read my suggestion [1] but then left some parts out. The technical parts. As I read it one can just enter whatever name, age and other details in the setup of a computer they desire. It's missing any checks for a header on the server to detect adult content labels. What am I missing? What forces me to enter my real information? Are operating system developers going to be granted access to the DMV databases? Or forced to use some third party that scratched the back of some politicians? If I block connectivity to this will I not be able to log in? If someone performs a successful DDoS to the site will I not be able to log in? It feels like several pages of the bill are missing. How does the OS know it is visiting an adult site?
The site "reclailthenet" calls it age "verification", but it's not a "verification" at all. There's your mystery.
All the bill wants is that you can set up an iPhone for kids, an children account on Ubuntu (YOU decide whether it's a children's account) and then, presumably, the browser vendors implement an AgeAPI that allows website operators to query the user age.
Your device tells us you're 10 years old. Access to Instagram denied.
Your device tells us you're 16. You're not allowed to visit gambling-porn-and-industrial-accidents.org
It's, of course, exactly the opposite of the "identity-tied age verification government-control, ID-document-leak" dystopia that the scare crowds here are peddling. But you'll never hear a word of acknowledgement from them.
These people act as if those "I'm 13 or older, i can create an Instagram account and waste my life" or "I'm 18 or older, let me watch porn and strangle my girlfriend" buttons are the peak of civilization.
Ah, well that's at least half of what I suggested. Telling the site the age seems leaky to me, I would still prefer the apps check for the RTA header so all decisions stay on the device and not leak anything. Curious where it goes from here but based on your reply it does not seem quite as bad as I imagined. Thankyou for the clarification.
Government should like the RTA header as they can fine sites daily that are missing it. Lobbyists could push companies that do the header checks.
They have dropped all the decision making for the details in the lap of the politically controlled FTC. Which also means that future FTCs could change the rules based on political goals.
> Vendors shouldn't sell unlocked devices to kids.
This part is neither necessary nor sufficient.
Put aside the Orwellian premise of "devices are locked by default". People keep making the analogy to things like cigarettes, but if a kid wants a steady supply of cigarettes then they need a steady supplier. If they want an "unlocked device" they just need money and Craigslist, once. It doesn't matter what you make Walmart do and it correspondingly doesn't make any sense to involve them.
If your kids have enough unsupervised money to buy electronics then you're either fine with them being unsupervised or you already have bigger problems than a used laptop.
Kids having $20-30 means you're fine with them being unsupervised? Computers and smartphones are incredibly cheap.
In person, we expect stores won't sell cigarettes to kids. We should simply expect companies won't provide age restricted services to kids. The liability and requirements should be on those companies.
If they're able to get a burner phone unsupervised then I think they could also pay an adult to do the face scan for them or borrow your ID from your purse to authenticate an account. What level of security would you need to totally prevent that kind of thing? Unless it checks your age every time you log in with biometrics I don't see it.
(Of course adding any level of friction will deter some kids, but needing to get a whole new device other than the one their parents gave them is already a lot of friction, isn't it?)
We could e.g. try saying it's sufficient that the user makes ongoing credit cards payments as a proof of age. Or sure maybe you need to verify with every purchase, which is how e.g. alcohol works.
Don't currently take payments for your business model? Probably what you're doing is anticompetitive and we shouldn't allow it anyway.
What for?
I use family link for my kids devices. It works good enough.
Everything else seems way too intrusive.
Apple is horrible in this regard. Their solutions never really work.
A joint venture for an (optional) cross-platform family app would be more than enough.
This, plus a (voluntary) content rating that's offered via an API (could even be simple meta data on a webpage).
Done.
the major players need to allow me to elect one of them as my family manager, and control permissions across ecosystems, from my management portal. i should be able to freely swap apple, google, microsoft, facebook, or a startup as my management and permissions tool.
instead I have a disparate management account and portal for every service on the planet. roblox, fortnite, facebook all want to appear to "make it easy" as if they hold the delusional belief that their management portal is the only one I have to manage. then add a spouse that also wants to change or tinker a setting.
if any law is going to get passed: it should be that any company over a certain size, who adds parental controls, needs to expose them externally to 3rd party management software.
Sounds like a problem. Luckily it turns out my phone has two cameras and a laser dot projector pointed at my face right now. Not hard to imagine a future solution to this issue were we to pass this legislation, sadly…
Longer answer: In the UK, Apple already implements age "verification" at the OS level, starting with IOS/IPadOS 26.4. If Apple had not implemented this, it would still be in compliance with UK law. Apple is anticipatorily obedient.
A company like Apple has visibility of the legislative pipeline in its markets. Looks like the UK was a test bed.
Lots of OECD countries, all at the same time, are pushing for online age verification or OS-level age verification, both equally intrusive and implemented in privacy-violating ways by conflating identity verification and age verification.
The end result is not protecttion of minors, but abolishing anonymity on the Internet. Social media companies claim to want the former, but in reality just want to shift liability to OS and device vendors. Governments happily accept the "side effect" of being able to find and root out dissidents.
Firstly, you keep using that word; I do not think it means what you think it means.
On the Internet, especially forums such as HN, you are "pseudonymous". That is, you made up a name for yourself, and that's how you're known to others. At the very least, we are all identified by IP addresses, which are again, fairly stable and unique pseudonyms. There are nearly zero truly anonymous corners of the Internet, because anonymous communications are chaotic and anarchic.
Secondly, it was the NSF who mandated that everyone accessing the Internet must have an associated and authenticated account with an identity that is known to their provider. These rules went into effect in the early 1990s. Perhaps they have been discarded or observed only in the breach, but truly, nobody is a stranger on the Internet. Even if nobody knows you're not a dog, your ISP or your coffeehouse still know who you are, when you connected, what device and so forth.
So, please let us stop pretending there is "anonymity" here, or that there ever has been. Whatever you've done in the past, it will eventually be unmasked. Yes, people on Discord and Wikipedia alike are freaking out over this prospect, but it was always going to happen. We've been laying down a very permanent record for over 50 years. Eventually it will all be correlated with real identities, Facebook or not.
there is no anonymity on the internet. the sum of your devices characteristics are close to unique anyway (i could be wrong but i think this is accurate). which kind of supports the hypothesis that this is about shifting responsibility for age verification due to laws coming from other countries recently. i have no idea how this will work on linux, it probably wont.
There’s a version of this I could support:
- pre-specified age gates baked into the protocol (perhaps just 13 and 18).
- account admins on a device get to specify which bracket is associated with the account
- an api that allows sites to query whether the current user’s account is above one of the thresholds
Leaks pretty minimal PII (the user is between 13 and 18 would be the tightest identifier obtainable with the above gates). But still allows for age gating some content without relying on self-reported age.
Am I optimistic the actual solution won’t be more invasive? Sadly no…
I've been trying to download media for a while now. I don't have a huge collection; most media is not actually very good. But, the internet soon will just be an awful conglomeration of cable TV / a big shitty mall / a horrible outrage & propaganda machine. It's already most of the way there. Either destroyed from within by bots, data brokers and corporations, or destroyed from without by government, surveillance, and regulation. I recommend you start treating the internet like a mall; it's not some place you'd actually like to go. You get in, get what you need, and get out. Some people will will disagree with the analogy on the grounds that they _like_ going to malls. Well, good news, the new internet might be for you.
I mainly post in Usenet and IRC, and download PD movies (seriously) and books. I don't pirate any more because even current pirated media it's somehow a free advertisement for these people.
From Gutenberg, PD comics from the golden era -and pulp scifi-, noir movies, old weird science/fantasy series in B/W and whatnot, I'm pretty much covered. Ironically most current scifi media can be traced to...Bradbury novels, PKD's paranoia and some Weird Science comics.
Once 1984 gets into PD, that's it. It is in Canada, but you can
read it online as long as you don't download or share it:
So this bill creates a commission to ensure that the information cannot be stolen or breached from operating systems, but says nothing about how the applications querying this information must protect or leverage it. I basically requires that any application get to know a user's birthday, as long as it's "necessary". What a fucking joke! I'm so sick and tired of this bullshit.
Edit: Oh, and the commission gets to make up the rules on how ages should be verified. So, prepare for a whole other level of PII leakage that isn't even captured by the text of the bill.
Age verification inherently means identity verification. There's no way to prove your age without first proving that you are YOU, either by showing your face or authenticating with some third party authority, usually government or a corporation.
The idea that you should be locked out of using your own computer until you do this is utterly insane. What problem does it solve that existing parental control tools don't? A generation of parents already trust their babies with iPads for this reason. And what of the millions of Americans who don't have current ID?
I hope Josh Gottheimer will get a lot of money for his work there.
I also remember a few weeks ago, people such as Poettering and others
said this is all harmless, nothing bad would ever possibly happen.
Lo and behold, now it is the new mandatory law. All people will soon
have to go for age sniffing, in order to access information. Linux
is only for the Underground now.
Salvage old free as in freedom distros. Learn about i2pd and tunneling Usenet/IRC and Email (even cool online Nethack/Wesnoth/FreeCiv gameplays over it, any turn based libre game will work).
There are some Usenet servers (text content only, no binaries, all illegal crap it's cut down by design) listening under I2P servers. By design enforcing any cross-pond law it's impossible.
Learn about NNCP in order to tunnel messages over it, really useful for asynchronous connections such as Email and Usenet: https://nncpgo.org
Also, learn connect to a Pubnix and to use Usenet/IRC/Email/Mastodon services (tut it's a TUI Mastodon client) from remote servers. Make their own law obsolete across the world. Learn Mutt and GPG too, it's about 20 minutes of your life and for basic email a simple text editor like Nano, Mg or Mcedit would suffice to compose an email.
Try free Biltbee servers over IRC too, these can be connected even from DOS IRC clients in order to connect to modern services such as Jabber, Steam chat and even discord (join the &bitlbee channel once you connected ot a public Bitlbee server, there are several, and type down 'plugins' to get the available chat systems in that service) and thus any age bullshit for FreeDOS it's by design unenforceable without breaking network drivers and TCP/IP stacks as TSR's and whatnot. Ditto for old Amiga, RiscOS and such old releases which are unsupported. And banning retro computing would make the several civil right unions sue the state (and the judges) like crazy for huge amounts of money. Even META too as being the main lobby instigator.
With the dawn of this bill I am finally building out my airgapped network.
I’ll be passing messages to and from the former internet using NNCP bundles. I’m planning to work on some interesting solutions for async communications over Nostr, with some alternate paths through radio for emergencies. Finally looking into steganography as well.
I can already smell the exceptions - some companies will be exempted from these restrictions due to "national security implications", or, more realistically, "we distracted the President with a golden gewgaw and a bribe".
We still have to provide a way for people that don’t have (smart) phones, but I would absolutely implement asking the phone instead of a 3rd party when available.
We don’t gain anything from asking a 3rd party. In fact it costs money per request.
All this fake good intent to prevent another TikTok which was the only media which transmited the reality on the ground during the Gaza genocide. And its aftermath in the youth mind and in the University campuses.
Fascists and industrialists have to take control, again, of the minds.
(See oligarchy's appetite for social and media companies)
Glad to see that Elise Stefanik came out of fucking hiding in NY-21 to dump this stupid "parents decide" bill on us when she couldn't even be assed to help her constituents over the past several months when one of the main hospitals in her district is bankrupt and closing.
Last time we saw her anywhere near here was her "farewell tour" when she was supposed to go be Trump's UN stooge. Haven't seen her up here since.
Glad to know we get to die up here for on-device age verification for everyone else.
It is just crazy how much of a tech billionaire centric the US government is, they can come up with Thanos' idea of wiping out 50% of the population and politicians would do it as long as Zuckerberg or anyone else in the techno bubble asked for it.
> they can come up with Thanos' idea of wiping out 50% of the population and politicians would do it as long as Zuckerberg or anyone else in the techno bubble asked for it.
Stay tuned. With mass unemployment/underemployment there’s gonna a be a lot of “extra” people.
I have a kid. All I want is the ability to put a "there's a baby driving" bumper sticker on their devices. And to have pornhub et al steer around them.
I'd suggest that this is actually a pretty common desire from parents. We don't want to collect your IDs. We don't want to install spyware in your webcams. We do want a way to signal there's a kid driving a device.
This article is long on hyperbole and short on facts. I gave up about six paragraphs in, being far more informed about what the author feared about this legislation than its actual content.
Sure, if it would mandate ID harvesting, I'm against it. If it requires biometric verification, no. But if we can just have a way to put bright orange vests on devices that require special treatment... That doesn't feel invasive to me.
I'd prefer to cut all the "think of the children!" charlatans off at the pass. Your kid got traumatized by some crazy hyper porn? Why the heck didn't you flag their device?
In short: you seem to want the Internet to parent your child. I have kids and do not want any of this for them, because all of it is a slippery slope to falling deeper into the surveillance state.
As a parent: do your job and take responsibility for your kids. While it's not trivial this also isn't overly complicated anymore.
If your child needs a helmet to use the internet, as the politicians announcing HR8250 seem to think[1], Apple or whomever is free to offer that as a feature. There is no need for this to be legislated, especially when the legislation does not work in open source environments.
[1] Not hyperbole. They said that. It was an analogy, but one that highlights how ignorant of the technology the authors of these bills are.
There's already like 17 different parental control solutions out there for every device platform. You can and should use one and don't let your kid go to any website or use any specific app without your approval first.
I can understand the "baby mode" desire, but as the other reply pointed out, this does not need to be legislated. The big OS companies can easily offer this feature for those that want it.
I'm curious though about all this porn that apparently hides behind a rock on the device and leaps out to corrupt tiny minds when they least suspect it.
Shock websites aside, pornography generally doesn't ambush you. Unless you're a republican giving a presentation and have no idea how that porn got in there.
And, AB1043 specifically exempts websites, so it doesn't protect anyone from the goatse's of the world anyway.
These bills will not do what they purport to do, but they will do a whole lot of bad stuff.
> We do want a way to signal there's a kid driving a device.
Which is extremely irresponsible. It creates a false sense of security and abandons your child to the whims of strangers. This seems akin to putting a "please don't hurt me" sticker on your child and then letting them roam around downtown unsupervised.
> But if we can just have a way to put bright orange vests on devices that require special treatment
There is software you can already use which will lock the device down and only allow it to go to pre-approved sites. I'm unwilling to give up any of my civil rights for your level of convenience above this.
Yeah this is the way for sure. The OP forgets that young users advertising their age online with an "orange vest" might not be best idea.
There's almost endless choice of legit quality native apps for kids, curated from trusted sources. These alone far exceed healthy screen time if all were downloaded. Or as you say, curated web links in a locked browser.
How much screen time should kids do anyway, it's crazy how much is available before worrying about WWW on top of their games, apps and videos.
You put your child in the driver’s seat and expect others to make sure it doesn’t make a wrong turn? Did you really have to give it the keys to this hypothetical car instead of, say, LEGO?
Or just don't give your child unfettered access to screens. There is zero reason your child needs x unmonitored hours with YouTube or Netflix or a browser or anything else.
I have a kid. Actually two kids. They have their usage controlled by google family. I review weekly their internet usage, screen time is limited to 2 hours/day. They dont have social media. School research and etc, they do at home, in the "main computer" in our dinning room. Youtube too. In the end is our responsibility to educate and protect our kids. I truly dont see a need for such extra controls if the parents aren't interested in enforcing it.
The breathless fearmongering over an age field on account set up is just completely over-the-top. This is probably the least bad out of all possible ways to implement age checking. The benefit of this is that it can short-circuit support for more onerous age verification. The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end. The question is how awful will the new normal be? Legislation like this is a win all around, a complete nothingburger. We should be celebrating it, not fighting it tooth and nail.
The tech crowds utter derangement over this minor mandate is truly a sight to behold.
This bill requires actual verification and leaves it up to the politically controlled FTC to determine how this should happen. It’s a disaster.
> The Parents Decide Act solves the self-reported-birthday problem by demanding something verifiable, which in practice means a government ID, a credit card, a biometric scan, or some combination.
> However, Gottheimer has not specified which. The bill does not either. It’s up to the FTC to decide.
The article's analysis doesn't appear to be accurate. From the bill:
(a) Requirements.—An operating system provider, with respect to any operating system of such provider, shall carry out the following:
(1) Require any user of the operating system to provide the date of birth of the user in order to—
(A) set up an account on the operating system; and
(B) use the operating system.
(2) If the relevant user of the operating system is under 18 years of age, require a parent or legal guardian of the user to verify the date of birth of the user.
(3) Develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer.
The only requirement for "verification" is to enter a birthdate on account set up, and underage accounts have the parent "verify" the birthdate. There is certainly some ambiguity in the bill which is not good, but efforts should be towards resolving the ambiguity in favor of a lack of intrusiveness.
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to carry out this section, including regulations relating to the following:
(A) How an operating system provider can—
(i) verify the date of birth of a parent or legal guardian described in subsection (a)(2); and
(ii) carry out the requirements described in subsection (a) with respect to an operating system of such provider that may be shared by individuals of varying ages.
(B) Data protection standards related to how an operating system provider shall ensure a date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user, to carry out this section and any regulation promulgated under this section—
(i) is collected in a secure manner to maintain the privacy of the user or the parent or legal guardian of the user; and
This needs to be simply fought because it's a measure that is supposed to fight the reluctance of the society, not actual problem. For the actual problem it's ineffective. This will be met by surprise once it's fully implemented and new, worse measures will be proposed. Hence, it needs to be cut off as early as possible to spare everyone the trouble.
Let's try to be a little bit sensible here. Presumably the requirement to check depends on the nature of the application. A completely offline app for example has no use for an age check and thus wouldn't need to read it.
No, derangement is declaring "The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end." without fighting it at all and just mindlessly accepting it because you were told it was going to happen.
It should be really easy to get your bank account information then. You're just going to give it to me, right? What is this? You're fighting me tooth and nail instead of celebrating giving me your banking info?
Well, perhaps your mental model of the actual objections to it are incomplete. There are a few problems and I'm curious what you have to say about them. First, "The benefit of this is that it can short-circuit support for more onerous age verification". Do you think that it "can" or that it "will"? Big difference. It could also go the other way, right? Opening the door to a more onerous version? Why do you think that isn't worth considering? Secondly, "This is probably the least bad out of all possible ways to implement age checking". What about parental controls that exist already? Someone seriously tried to tell me last time that parental controls "suck", but that's irrelevant, they don't have to suck, and in fact anything can suck. That's just happenstance. So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls? Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that? In that case, parental controls actually give you more power, and make this new age check completely obsolete. Thoughts? Lastly, maybe you're not from the USA, but we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right? It's also a nothingburger, right? But then, you've compelled people to put something in every published book. Actually, that's a bad analogy. We should say that ALL BOOKS require this signature field on the first page. After all, we don't know what kinds of expletives and horrible things people might have written in the margins of the book (assuming it's being sold second-hand). That would be okay with you, right? Nothingburger? But it compels people to write something, and that's a door most legal scholars know not to open.
> The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end.
And books..? And the newspaper? What if a child reads about a horrible murder in the newspaper that keeps them up at night? What if the government outlaws books and newspapers because they can contain bad things? We'd better add a "adult/ not adult" checkbox to the first page to "short-circuit support for more onerous age verification".
>It could also go the other way, right? Opening the door to a more onerous version?
I don't see a plausible scenario where the implementation of this mandate makes further mandates more easy to get passed. An age field and an API to access it is as trivial as it gets. More onerous age checking is not something that is an extension to or somehow made more easy given the pre-existence of the age field. No argument against more onerous checking is undermined or rendered less severe due to an age field already existing. There is no slippery slope here.
>So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls?
There is already a pretty significant market for parental controls, so presumably if their quality were a limiting factor in their adoption the market would have responded already. Parents simply aren't interested enough or savvy enough to apply them. Parental controls also just intrinsically suck for a lot of reasons. They are either mostly ineffective or wildly intrusive, like giving total access to children's communications and internet activity to external companies.
>Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that?
Presumably an adult is involved in purchasing devices and setting up accounts for their young children. Putting an age of account holder field into the account set up workflow seems pretty effective. It's not 100%, but it doesn't need to be for it to be a major improvement over the status quo. The lack of verification is a feature of this mandate, not a bug.
>we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right?
As those pushing this kind of legislation are fond of pointing out, we have age checks for buying alcohol or purchasing adult magazines in shops. Presumably these don't run afoul of the first amendment. This idea that we can't or shouldn't mandate age checking in some form to access content deemed inappropriate to children is just a losing argument. Again, the writing is on the wall here.
At this point anything that makes computers less usable is a good thing, time we go back to the real world. It was extremely unpleasant while it lasted.
This was a great comment, you challenged them but in a reasonable way and with really good questions
I wish public discourse were more this way - if someone is arguing in good faith, actually answering what you asked moves the conversation forward, it’s just on the person to give you a serious answer
Politicians will do any draconian measure to help kids except try and improve the lives of their parents so that they can actually dedicate time to parenting. Making it slightly harder to access the internet fixes nothing. What if instead of having the largest prison population in the world our government supported communities that make raising good children possible? Our society needs to lose this urge to diagnose each other and provide some forceful treatment and instead set sights on providing the pre-conditions for everyone to prosper and lead their version of a fulfilling life. Only then will we have functional, healthy children. I quite like what the mayor of Baltimore has been doing to revitalize his city and it seems to be leading to actual change there if you want a good example: https://m.youtube.com/watch?v=XQs59YY-e2I&pp=ygUXY2hhbm5lbCA...
IF it were for the kids - but I don't think it is.
> Making it slightly harder to access the internet fixes nothing.
This assumes it is about the children. But if you do not think so then it opens up new alternatives suddenly, be it from tracking people, to targeted ads or any other information that could be gathered and eventually either monetized or put in tandem with other information. We'd get age graphs that way too.
Before that we could speculate to some extent, but with mandatory age sniffing and id-showing at all times, those who track people and benefit from it, benefit now even more.
Digitally suspended boomers try to ruin it for everyone else.
This is equivalent to China’s Digital ID without branding it as such - because such branding would fail.
They are laying the foundation at the infrastructure layer to build a Digital surveillance net, look at the pieces with the eye of an Architect -
https://www.cnbc.com/2026/04/15/banks-citizenship-data-colle...
And
https://www.congress.gov/bill/119th-congress/house-bill/8250...
I'm glad I got to see the era where the internet was useful and exciting. I feel like every major change since about 2010 has pushed it more toward blandness and made it less useful.
This will be a big one. They're building the groundwork for a world-wide dystopia.
Come join us on what I will call the “scatternet”, the globally distributed, offline-first, async network full of all the things that made the old Internet great.
Save a few ISOs of still-free OSes and hoard a few extra cheap computers. (You might also want to get a 10Mhz capable radio.)
> The term “operating system” means software that supports the basic functions of a computer, mobile device, or any other general purpose computing device.
> The term “operating system provider” means a person that develops, licenses, or controls the operating system on a computer, mobile device, or any other general purpose computing device.
So excited to see the GNU vs. Linux debate finally land in court.
Brazil just passed the exact same law, nearly unanimously. Even the wording and definitions are exactly the same. This is scary as hell.
>This is scary as hell.
"The greatest trick the devil ever pulled was convincing the world he didn't exist."
If it looks like a conspiracy, it's probably one.
It's not even a conspiracy at this point, Meta was proven to be lobbying hard for this via small proxy companies.
And why? What's in it for Meta?
[Edit: Never mind, others have explained elsewhere in the discussion. It's the lawsuits Facebook is losing for addicting kids. So rather than, you know, stopping doing that, they want to instead legally force us to alter every OS on the planet. Disgusting.]
Just answering with a possibility here, but they could be seeking freedom from liability for failure to moderate content or ensuring their service is "not harmful". If it's only for consenting adults, and every adult can be pinned down with an identity, whatever happens can have the blame assigned away from meta.
edit: I took too long to write this :)
This is horribly vague.
>a computer, mobile device, or any other general purpose computing device.
It leaves open to interpretation if it applies to all computers, or just general purpose ones.
Does a car count as a mobile device?
> It leaves open to interpretation if it applies to all computers, or just general purpose ones.
That's not even the worst part:
> a person that develops, licenses, or controls the operating system
Suppose you write a generic piece of code that some third party then includes in an operating system, but you're the only relevant person in the jurisdiction. Are you now an "operating system provider"? If the "operating system" is made by hundreds of people or more, is it none of them or all of them or what?
Suppose you're a company and you've got a bunch of servers, which are computers, and you have root on them, i.e. you "control" the "operating system".
Car is clearly a mobile device; it has a touchscreen and an IMEI.
Going to be fun when my washing machine asks me to upload a scan of my passport to the CIA before it will open the door.
were you trying to launder any dirty laundry :)
No worries, by that time so many people will have lost their jobs because of AI that you can hire a homeless person to register all your devices for a snickers. Dirty Mike and the Boys are going to own a lot of mobile devices, and control the world trade of snickers.
https://www.youtube.com/watch?v=1FkK8ZFE7Y0
The CIA hates that trick.
lol what makes you think YOU won’t be the homeless person.
And what about containers/VMs, or booting software bare metal?
Does my laptop have to pass my age verification to a Docker container?
Am I at risk of government censorship (or worse) if I create a hobby smart home app that boots bare metal on a Raspberry Pi?
Or even the shell apps that I run daily. Does curl (which can access any web url) have to validate my age? What about AI models/ollama?
Is a scientific calculator, like kids are expected to use at school, a general purpose device?
It has an OS, a network stack, an interpreter. Usually used for games as much as for classwork.
"General Purpose Computing Device"
A car houses numerous Turing-complete computation systems.
BIOS or now UEFI support basic functions of computers... Does that mean those should as well have On-Device age checks?
Thank you for the laugh in these dreadful times. :D
yeah there is no "one" provider in that example
Linux is Obsolete!
Long live Linux!
Do we know who is funding this? is this one of these things where Meta doesn't want the responsibility for this, so they are pushing to have the OS have the responsibility or something like that?
It is literally just Meta. https://www.gadgetreview.com/reddit-user-uncovers-who-is-beh... https://old.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b... https://tboteproject.com/
The investigation you linked to is entirely hallucinated by LLMs: https://news.ycombinator.com/item?id=47659552 (tboteproject and the "Reddit researcher" are the same person).
They also added this page since I posted that comment: https://web.archive.org/web/20260411112604/https://tboteproj... where they claim their website is "under surveillance" because it got a few thousand requests from Google Cloud et al, most of them to a single page. This really shows how low their standards are.
I typoed the second link and can't edit anymore. Correct one: https://web.archive.org/web/20260411112604/https://tboteproj...
I share your wariness of the LLM garbage, but I believe the conclusions are correct. This has Facebook's stink all over it. I worked there and know of what I speak.
So we should believe the hallucinations because they sound like something that could be true? Does the LLM in the middle somehow makes it more trustworthy than if GP had just shared their own pattern-matching conjecture?
No. I think LLMs are garbage. Separately, and unrelated: I think Facebook is behind these bills. The LLM may be garbage and still sometimes produce a correct result.
Ok, but then we should look for an actual source beyond "Don't worry that it's garbage, it smells ok in this case."
You are arguing with something I did not say.
Yes, it would be nice to know with certainty who is behind these bills. It sucks how much opaque money influences American politics.
Josh Gottheimer's press release[1] on HR8250 mentions the "Meta Parents Network." I don't know what that is, but it does have "Meta" in the name.
Buffy Wick's noise about AB1043 claimed it was passed with the support of tech companies. I have spoken directly to one person close to AB1043 who told me Facebook argued against AB1043. I have doubts. But if true, I suspect they were not arguing in good faith and had ulterior motives.
In the end, no matter who is secretly lobbying for or against age verification bills all over the planet, the bills are terrible, and we should fight them.
[1] https://gottheimer.house.gov/posts/release-gottheimer-announ...
There's an SMBC strip that makes your exact point, except they intended it as satire, whereas you seem to mean it in earnest.
https://www.smbc-comics.com/comic/aaaah
I'm confused by how my point got so lost.
I think Facebook is behind these bills. I think that from personal experience working at Facebook.
That an LLM may have arrived at the same conclusion is unrelated. LLMs are garbage. Don't use them.
We're trying to have a discussion about facts, not opinions.
I was relieved to hear it was an emotionless mega-corporation catalyzing this, and not a sudden competence of evil bureaucracies in the USA and Europe.
> is this one of these things where Meta doesn't want the responsibility for this
Very likely, given the legal liability they are already facing from the "addictive" court cases that are turning against them. Moving the liability for "age verification" away means they will not also be facing a huge number of court cases accusing them of showing an underage person adult age content provided they followed the law's proscribed "ask the OS for the user's age" requirements.
Also, note that only a few months ago Zuckerberg was in court testifying that the single best place to perform "age verification" was in the operating system of a device. Now, like mushrooms after a long rain, at roughly the same time up pop bills in nearly every statehouse, Congress, even Brazil, that all read nearly identically and that all are so broad as to require "the OS in anything with a CPU do age verification". The nearly identical text in each highly implies a single lobbying entity is behind all of them (it would be quite the coincidence that 50 state houses, plus Congress and Brazil, all write nearly identical bills independently). And the connection back to Zuck's court testimony of "age verification is best done in the OS" highly implies that the single lobbying entity is Meta, or funded by Meta to obtain this outcome.
Detailed here: https://agelesslinux.org/lobbyists.html
Meta. Specifically to undercut Apple.
How does this undercut apple? This entrenches apple's position as a provider of "verified" devices.
Nope. Apple have been enthusiastic in their implementation of it even without it being required in several countries.
One thing which companies don't like, is a law suit.
https://www.cnn.com/2026/01/07/business/character-ai-google-...
If something is codified in law, they can comply with the law fully, and yet not have any real backlash from users. This can also shield them from many lawsuits. Conversely, if they start ratcheting down age-verification on their own, users will become quite upset. If they don't ratchet it down, then... as you can see, potential lawsuit.
And this isn't just about LLMs, once the concept of "a platform is liable for harm" happens, it's about everything. Including content other people slap into an app store. And the US has been talking about section 230 removal, countries around the world are reducing such exclusions, so the wind is blowing towards even more liability for platforms.
If you look at Google's recent moves to identify all developers prior to install on Android, there may even be some of this in that. How can they ban someone from publishing illegal material, or material Google will be liable for, if they don't even know who the publisher is? They'll just slide into a new account. (Note, I said "some" not "all", there is often not just one reason for an action)
So I suspect that the push is from all online platforms of any size or scope. It will shield them, protect them from liability, whist at the same time redirecting user ire at the legislation, not them. HN types might still brood, but the average person won't have insight. "Protect the children" as a reason works for the average person, it works very very well, and really, that's what a lot of these lawsuits are about.
So I point back to such lawsuits as the start of all of this. And I see it as why there is a push from Apple, Google, Meta and so on. And simply because I'm saying "big corp wants this, not just Meta", doesn't mean I'm saying "Meta isn't doing anything".
Meta can be pushing this, hard, whilst at the same time every other large corp can be working towards the same outcome.
Facebook. There's a wave of child endangerment lawsuits incoming and they want to head that off at the pass by having governments shift all that liability over to the OS vendors.
Microsoft just force-updated my operating system (despite declining every option and prompt) and the first thing I noticed working differently was it offering, in an OS popup, to "connect" the computer to "Facebook".
These people have root access to all our webcams.
I don't think we can tolerate these entities to continue to exist.
What can we do about it? The major tech firms have nearly all the power here, including quite obviously full capture of government (not just here but other countries as well).
How does that help Facebook? They already have plenty of signals to guess their users' age, what would they do with an other one? They are not going to ban children anyway.
It helps them by making it somebody else's responsibility to get it right and thus shields them from liability.
The OS should start labeling everybody as a child by default. Forbid Facebook to show ads and any harming content by default. The OS has little less to lose with this approach than FB.
So it lets them know for sure who is a child. What liability does that shield them from, and how?
FB etc. may argue "device says this user is an adult", even though device may say that only because the parents don't set up separate user accounts e.g. shared family iPad, or because the kids being more tech savvy in the first place like we all were when I myself was a kid.
It must be OS responsibility because that’s the only place that allows the next step.
Everyone is so concerned with kids pretending to be adults, what about adults pretending to be kids? Any service that has any kind of private chat or picture sharing option will be a playground for “verified” kids.
Next step, “we must go further with the verifications until everyone is verified everywhere”. This is where the OS part comes in. Wish it was sarcasm.
MS is ratcheting up the 'mandatory Microsoft account' on Windows, probably for this reason. The 'identity strongly bound with the device' stuff on corporate devices is being tested and secured in that environment, and it is almost certainly one step from being forced onto non-corporate devices, once they 'have to' by law.
Apple, Google, Meta and Microsoft. Maybe with a push from 3 letter agencies, because it makes their life easier.
Yes, time for pitchforks and guillotines is long overdue. Alas, wrong crowd.
"god forbid we should ever be 20 years without such a rebellion" - Thomas Jefferson
And then didn't (publicly) come out against suppressing the Whiskey Rebellion.
This is tiring. The text is so vague, and if a big country adopts it software companies will comply, and there's no reason to why smaller ones wouldn't, since 'the work is already done'.
I wonder if it would be illegal for an user to use an outdated system without those functions when they roll out, or to use outdated applications, or to distribute outdated applications, or to keep mirrors of multiple versions of operating systems. I doubt they thought that far, or if they care at all.
I hope people realize that most of these bills are being introduced in blue states by Democrats.
Republicans may not like porn, but they put the onus where it belongs, on the operator, not on the OS.
I read the bill and I feel like it's missing any technical details. It's almost like they read my suggestion [1] but then left some parts out. The technical parts. As I read it one can just enter whatever name, age and other details in the setup of a computer they desire. It's missing any checks for a header on the server to detect adult content labels. What am I missing? What forces me to enter my real information? Are operating system developers going to be granted access to the DMV databases? Or forced to use some third party that scratched the back of some politicians? If I block connectivity to this will I not be able to log in? If someone performs a successful DDoS to the site will I not be able to log in? It feels like several pages of the bill are missing. How does the OS know it is visiting an adult site?
[1] - https://news.ycombinator.com/item?id=46152074
The site "reclailthenet" calls it age "verification", but it's not a "verification" at all. There's your mystery.
All the bill wants is that you can set up an iPhone for kids, an children account on Ubuntu (YOU decide whether it's a children's account) and then, presumably, the browser vendors implement an AgeAPI that allows website operators to query the user age.
Your device tells us you're 10 years old. Access to Instagram denied. Your device tells us you're 16. You're not allowed to visit gambling-porn-and-industrial-accidents.org
It's, of course, exactly the opposite of the "identity-tied age verification government-control, ID-document-leak" dystopia that the scare crowds here are peddling. But you'll never hear a word of acknowledgement from them.
These people act as if those "I'm 13 or older, i can create an Instagram account and waste my life" or "I'm 18 or older, let me watch porn and strangle my girlfriend" buttons are the peak of civilization.
Ah, well that's at least half of what I suggested. Telling the site the age seems leaky to me, I would still prefer the apps check for the RTA header so all decisions stay on the device and not leak anything. Curious where it goes from here but based on your reply it does not seem quite as bad as I imagined. Thankyou for the clarification.
Government should like the RTA header as they can fine sites daily that are missing it. Lobbyists could push companies that do the header checks.
They have dropped all the decision making for the details in the lap of the politically controlled FTC. Which also means that future FTCs could change the rules based on political goals.
People lend phones or computers to kids. The age associated with the user account means absolutely nothing.
And there obviously gonna be market for "verified" devices. Not like there is anything at all that could stop people of any ages looking at porn.
Identify devices, not people.
Distinguishing between child-locked and unlocked devices is something any website should be able to do easily. Adult-only should be a config setting.
Vendors shouldn't sell unlocked devices to kids.
Then it's up to parents take sure their kids only have locked devices. (Or not, if they're okay with it.)
> Vendors shouldn't sell unlocked devices to kids.
This part is neither necessary nor sufficient.
Put aside the Orwellian premise of "devices are locked by default". People keep making the analogy to things like cigarettes, but if a kid wants a steady supply of cigarettes then they need a steady supplier. If they want an "unlocked device" they just need money and Craigslist, once. It doesn't matter what you make Walmart do and it correspondingly doesn't make any sense to involve them.
If your kids have enough unsupervised money to buy electronics then you're either fine with them being unsupervised or you already have bigger problems than a used laptop.
Kids having $20-30 means you're fine with them being unsupervised? Computers and smartphones are incredibly cheap.
In person, we expect stores won't sell cigarettes to kids. We should simply expect companies won't provide age restricted services to kids. The liability and requirements should be on those companies.
If they're able to get a burner phone unsupervised then I think they could also pay an adult to do the face scan for them or borrow your ID from your purse to authenticate an account. What level of security would you need to totally prevent that kind of thing? Unless it checks your age every time you log in with biometrics I don't see it.
(Of course adding any level of friction will deter some kids, but needing to get a whole new device other than the one their parents gave them is already a lot of friction, isn't it?)
We could e.g. try saying it's sufficient that the user makes ongoing credit cards payments as a proof of age. Or sure maybe you need to verify with every purchase, which is how e.g. alcohol works.
Don't currently take payments for your business model? Probably what you're doing is anticompetitive and we shouldn't allow it anyway.
What about non businesses, like nonprofits, hobbyist groups, or individuals offering a service out of their own charity?
> In person, we expect stores won't sell cigarettes to kids. We should simply expect companies won't provide age restricted services to kids.
Stores won’t sell cigarettes to kids because doing that will probably get you arrested and shut down pretty quickly.
You are gliding past the crucial difference: detecting that someone is a minor in person is magnitudes easier than doing so online.
What for? I use family link for my kids devices. It works good enough. Everything else seems way too intrusive.
Apple is horrible in this regard. Their solutions never really work.
A joint venture for an (optional) cross-platform family app would be more than enough. This, plus a (voluntary) content rating that's offered via an API (could even be simple meta data on a webpage). Done.
the answer, as always, is always a protocol.
the major players need to allow me to elect one of them as my family manager, and control permissions across ecosystems, from my management portal. i should be able to freely swap apple, google, microsoft, facebook, or a startup as my management and permissions tool.
instead I have a disparate management account and portal for every service on the planet. roblox, fortnite, facebook all want to appear to "make it easy" as if they hold the delusional belief that their management portal is the only one I have to manage. then add a spouse that also wants to change or tinker a setting.
if any law is going to get passed: it should be that any company over a certain size, who adds parental controls, needs to expose them externally to 3rd party management software.
Nice. How does pornhub.com "verify" your age when accessing it from your family computer's Ububtu account "my kids account"?
Oh, there is no config to retrieve, no We API to speak to.
"I'm 18 or older"-button it is. Is that a workable solution?
This undermines the entire purpose of the legislation.
Very plausible that they would outlaw this if these bills pass and consolidate. Would be seen as a loophole.
Probably works as well as "forbidding" adults to sell or give beer to underage.
Sounds like a problem. Luckily it turns out my phone has two cameras and a laser dot projector pointed at my face right now. Not hard to imagine a future solution to this issue were we to pass this legislation, sadly…
Well I'm going to keep using GrapheneOS and whatever version(s) of Linux refuse to comply.
Makes me even more glad that I've already transitioned off Windows.
Tim Apple argued it was a violation of their engineers and managers free speech to make them engineer back doors
Wonder if they will stand up against this on the same grounds
https://www.apple.com/customer-letter/
Short answer: No. Apple already caved in advance.
Longer answer: In the UK, Apple already implements age "verification" at the OS level, starting with IOS/IPadOS 26.4. If Apple had not implemented this, it would still be in compliance with UK law. Apple is anticipatorily obedient.
A company like Apple has visibility of the legislative pipeline in its markets. Looks like the UK was a test bed.
Lots of OECD countries, all at the same time, are pushing for online age verification or OS-level age verification, both equally intrusive and implemented in privacy-violating ways by conflating identity verification and age verification.
The end result is not protecttion of minors, but abolishing anonymity on the Internet. Social media companies claim to want the former, but in reality just want to shift liability to OS and device vendors. Governments happily accept the "side effect" of being able to find and root out dissidents.
> abolishing anonymity on the Internet.
This is what Facebook wants.
> abolishing anonymity on the Internet.
Firstly, you keep using that word; I do not think it means what you think it means.
On the Internet, especially forums such as HN, you are "pseudonymous". That is, you made up a name for yourself, and that's how you're known to others. At the very least, we are all identified by IP addresses, which are again, fairly stable and unique pseudonyms. There are nearly zero truly anonymous corners of the Internet, because anonymous communications are chaotic and anarchic.
Secondly, it was the NSF who mandated that everyone accessing the Internet must have an associated and authenticated account with an identity that is known to their provider. These rules went into effect in the early 1990s. Perhaps they have been discarded or observed only in the breach, but truly, nobody is a stranger on the Internet. Even if nobody knows you're not a dog, your ISP or your coffeehouse still know who you are, when you connected, what device and so forth.
So, please let us stop pretending there is "anonymity" here, or that there ever has been. Whatever you've done in the past, it will eventually be unmasked. Yes, people on Discord and Wikipedia alike are freaking out over this prospect, but it was always going to happen. We've been laying down a very permanent record for over 50 years. Eventually it will all be correlated with real identities, Facebook or not.
My coffeehouse running an obsolete consumer router and accepting only cash actually has zero record of who I am.
o_O
> Firstly, you keep using that word; I do not think it means what you think it means.
I posted that word exactly once in this thread, and I was quoting someone else. But I like the Princess Bride too.
No idea what you're talking about with regard to the 90s. I can only tell you I was on the Internet then and it was not as you describe.
Regardless, there is a difference between "unmasked with a court order" and "everything you do online is tied to you for the benefit of ad brokers."
We can have reasonable privacy protections and still allow law enforcement to function.
there is no anonymity on the internet. the sum of your devices characteristics are close to unique anyway (i could be wrong but i think this is accurate). which kind of supports the hypothesis that this is about shifting responsibility for age verification due to laws coming from other countries recently. i have no idea how this will work on linux, it probably wont.
i think Apple turned on age verification in Singapore, South Korea and the UK:
https://support.apple.com/en-us/125666
what a dystopian world we live in.
"In the UK..."
Good thing I live in the US?
Looks like you missed the point. Apple won't fight this in the US because they aren't fighting it anywhere else and already caved.
I am continuously amazed by HN's ability to engage in apple pedestalism and ignoring everything else that goes against it.
They've already been pushing age verification out in several countries.
What pedestal did I put Apple on by highlighting past behavior? Oh right I didn't. You're just inferring incorrectly. Another HN specialty.
Other countries are not the US, btw. There are groups here ready to challenge such a move.
Continually amazed at HN ignorance of geography.
This is yet another underhanded attempt at making digital id mandatory. Child protection is just the trojan horse.
EU also released their age verification legislation. Notice how closely they are timed.
https://www.dw.com/en/eu-chief-urges-bloc-wide-push-on-age-v...
Pure coincidence?
It is all going according to plan.
There’s a version of this I could support: - pre-specified age gates baked into the protocol (perhaps just 13 and 18). - account admins on a device get to specify which bracket is associated with the account - an api that allows sites to query whether the current user’s account is above one of the thresholds
Leaks pretty minimal PII (the user is between 13 and 18 would be the tightest identifier obtainable with the above gates). But still allows for age gating some content without relying on self-reported age.
Am I optimistic the actual solution won’t be more invasive? Sadly no…
I've been trying to download media for a while now. I don't have a huge collection; most media is not actually very good. But, the internet soon will just be an awful conglomeration of cable TV / a big shitty mall / a horrible outrage & propaganda machine. It's already most of the way there. Either destroyed from within by bots, data brokers and corporations, or destroyed from without by government, surveillance, and regulation. I recommend you start treating the internet like a mall; it's not some place you'd actually like to go. You get in, get what you need, and get out. Some people will will disagree with the analogy on the grounds that they _like_ going to malls. Well, good news, the new internet might be for you.
I mainly post in Usenet and IRC, and download PD movies (seriously) and books. I don't pirate any more because even current pirated media it's somehow a free advertisement for these people.
From Gutenberg, PD comics from the golden era -and pulp scifi-, noir movies, old weird science/fantasy series in B/W and whatnot, I'm pretty much covered. Ironically most current scifi media can be traced to...Bradbury novels, PKD's paranoia and some Weird Science comics.
Once 1984 gets into PD, that's it. It is in Canada, but you can read it online as long as you don't download or share it:
https://gutenbergcanada.ca/ebooks/ebooks/orwellg-nineteeneig...
Related HN post "Ageless Linux- Software for humans of indeterminate age" :
https://news.ycombinator.com/item?id=47381791
So this bill creates a commission to ensure that the information cannot be stolen or breached from operating systems, but says nothing about how the applications querying this information must protect or leverage it. I basically requires that any application get to know a user's birthday, as long as it's "necessary". What a fucking joke! I'm so sick and tired of this bullshit.
Direct link to the bill: https://docs.reclaimthenet.org/parents-decide-act-os-age-ver...
Edit: Oh, and the commission gets to make up the rules on how ages should be verified. So, prepare for a whole other level of PII leakage that isn't even captured by the text of the bill.
So, who's gearing up to sue the FTC for a declaratory judgment that this is unconstitutional?
Is that an option? Tell me more.
Yes, I am looking to sue to stop this insanity. If you're a lawyer reading this, please reach out.
An utterly insane idea for a law.
Age verification inherently means identity verification. There's no way to prove your age without first proving that you are YOU, either by showing your face or authenticating with some third party authority, usually government or a corporation.
The idea that you should be locked out of using your own computer until you do this is utterly insane. What problem does it solve that existing parental control tools don't? A generation of parents already trust their babies with iPads for this reason. And what of the millions of Americans who don't have current ID?
Right now the lobbyists are winning.
I hope Josh Gottheimer will get a lot of money for his work there.
I also remember a few weeks ago, people such as Poettering and others said this is all harmless, nothing bad would ever possibly happen.
Lo and behold, now it is the new mandatory law. All people will soon have to go for age sniffing, in order to access information. Linux is only for the Underground now.
Salvage old free as in freedom distros. Learn about i2pd and tunneling Usenet/IRC and Email (even cool online Nethack/Wesnoth/FreeCiv gameplays over it, any turn based libre game will work).
There are some Usenet servers (text content only, no binaries, all illegal crap it's cut down by design) listening under I2P servers. By design enforcing any cross-pond law it's impossible.
Learn about NNCP in order to tunnel messages over it, really useful for asynchronous connections such as Email and Usenet: https://nncpgo.org
Also, learn connect to a Pubnix and to use Usenet/IRC/Email/Mastodon services (tut it's a TUI Mastodon client) from remote servers. Make their own law obsolete across the world. Learn Mutt and GPG too, it's about 20 minutes of your life and for basic email a simple text editor like Nano, Mg or Mcedit would suffice to compose an email.
Try free Biltbee servers over IRC too, these can be connected even from DOS IRC clients in order to connect to modern services such as Jabber, Steam chat and even discord (join the &bitlbee channel once you connected ot a public Bitlbee server, there are several, and type down 'plugins' to get the available chat systems in that service) and thus any age bullshit for FreeDOS it's by design unenforceable without breaking network drivers and TCP/IP stacks as TSR's and whatnot. Ditto for old Amiga, RiscOS and such old releases which are unsupported. And banning retro computing would make the several civil right unions sue the state (and the judges) like crazy for huge amounts of money. Even META too as being the main lobby instigator.
Claim your freedoms back.
With the dawn of this bill I am finally building out my airgapped network.
I’ll be passing messages to and from the former internet using NNCP bundles. I’m planning to work on some interesting solutions for async communications over Nostr, with some alternate paths through radio for emergencies. Finally looking into steganography as well.
Hope to see you all there.
Not a mandate at this point. The bill was only introduced on April 13th.
This will be required in firmware eventually.
"The age check is the entry fee for owning a computer."
No, the fee is your identity and a record of your every thought and action.
I can already smell the exceptions - some companies will be exempted from these restrictions due to "national security implications", or, more realistically, "we distracted the President with a golden gewgaw and a bribe".
the US will kill every third space by any means necessary
their dwindling to irrelevance, like the UK, could not happen faster
Have you thought about what replaces the US once they're irrelevant? Because it's probably something much worse.
That means porn sites won't require me to independently verify my age right? Right?
We still have to provide a way for people that don’t have (smart) phones, but I would absolutely implement asking the phone instead of a 3rd party when available.
We don’t gain anything from asking a 3rd party. In fact it costs money per request.
All this fake good intent to prevent another TikTok which was the only media which transmited the reality on the ground during the Gaza genocide. And its aftermath in the youth mind and in the University campuses. Fascists and industrialists have to take control, again, of the minds. (See oligarchy's appetite for social and media companies)
Glad to see that Elise Stefanik came out of fucking hiding in NY-21 to dump this stupid "parents decide" bill on us when she couldn't even be assed to help her constituents over the past several months when one of the main hospitals in her district is bankrupt and closing.
Last time we saw her anywhere near here was her "farewell tour" when she was supposed to go be Trump's UN stooge. Haven't seen her up here since.
Glad to know we get to die up here for on-device age verification for everyone else.
It is just crazy how much of a tech billionaire centric the US government is, they can come up with Thanos' idea of wiping out 50% of the population and politicians would do it as long as Zuckerberg or anyone else in the techno bubble asked for it.
> they can come up with Thanos' idea of wiping out 50% of the population and politicians would do it as long as Zuckerberg or anyone else in the techno bubble asked for it.
Stay tuned. With mass unemployment/underemployment there’s gonna a be a lot of “extra” people.
Writing like this is frankly so exhausting. I don’t think anyone not already in the choir could make it through.
Some people really need shit spelled out to them. This does a great job of doing that in a small package.
Discussion on the bill source: https://news.ycombinator.com/item?id=47772203
I have a kid. All I want is the ability to put a "there's a baby driving" bumper sticker on their devices. And to have pornhub et al steer around them.
I'd suggest that this is actually a pretty common desire from parents. We don't want to collect your IDs. We don't want to install spyware in your webcams. We do want a way to signal there's a kid driving a device.
This article is long on hyperbole and short on facts. I gave up about six paragraphs in, being far more informed about what the author feared about this legislation than its actual content.
Sure, if it would mandate ID harvesting, I'm against it. If it requires biometric verification, no. But if we can just have a way to put bright orange vests on devices that require special treatment... That doesn't feel invasive to me.
I'd prefer to cut all the "think of the children!" charlatans off at the pass. Your kid got traumatized by some crazy hyper porn? Why the heck didn't you flag their device?
In short: you seem to want the Internet to parent your child. I have kids and do not want any of this for them, because all of it is a slippery slope to falling deeper into the surveillance state.
As a parent: do your job and take responsibility for your kids. While it's not trivial this also isn't overly complicated anymore.
The problem is with government mandates.
Apple and Google already ship OSes with comprehensive APIs and parental controls. There's not even any porn on the iOS App Store by policy.
Creating liability for random OS and app developers is absurd, and foreign porn websites aren't going to comply with this anyway.
This.
If your child needs a helmet to use the internet, as the politicians announcing HR8250 seem to think[1], Apple or whomever is free to offer that as a feature. There is no need for this to be legislated, especially when the legislation does not work in open source environments.
[1] Not hyperbole. They said that. It was an analogy, but one that highlights how ignorant of the technology the authors of these bills are.
Reddit and X are on the stores. I guess browsers are on the stores, at least on Android where they aren't necessarily Safari reskins.
You can just configure the device to not give the child the ability to download apps without approval.
There's already like 17 different parental control solutions out there for every device platform. You can and should use one and don't let your kid go to any website or use any specific app without your approval first.
I can understand the "baby mode" desire, but as the other reply pointed out, this does not need to be legislated. The big OS companies can easily offer this feature for those that want it.
I'm curious though about all this porn that apparently hides behind a rock on the device and leaps out to corrupt tiny minds when they least suspect it.
Shock websites aside, pornography generally doesn't ambush you. Unless you're a republican giving a presentation and have no idea how that porn got in there.
And, AB1043 specifically exempts websites, so it doesn't protect anyone from the goatse's of the world anyway.
These bills will not do what they purport to do, but they will do a whole lot of bad stuff.
> "there's a baby driving"
Why does your baby need internet?
> We do want a way to signal there's a kid driving a device.
Which is extremely irresponsible. It creates a false sense of security and abandons your child to the whims of strangers. This seems akin to putting a "please don't hurt me" sticker on your child and then letting them roam around downtown unsupervised.
> But if we can just have a way to put bright orange vests on devices that require special treatment
There is software you can already use which will lock the device down and only allow it to go to pre-approved sites. I'm unwilling to give up any of my civil rights for your level of convenience above this.
Yeah this is the way for sure. The OP forgets that young users advertising their age online with an "orange vest" might not be best idea.
There's almost endless choice of legit quality native apps for kids, curated from trusted sources. These alone far exceed healthy screen time if all were downloaded. Or as you say, curated web links in a locked browser.
How much screen time should kids do anyway, it's crazy how much is available before worrying about WWW on top of their games, apps and videos.
You wouldn’t drop a toddler in the cbd and expect them to be fine, why would you expect a device to be any different?
You need to be a parent and stop expecting the people around you to do it for you.
Edit: and there are already device level parental controls.
You put your child in the driver’s seat and expect others to make sure it doesn’t make a wrong turn? Did you really have to give it the keys to this hypothetical car instead of, say, LEGO?
Or just don't give your child unfettered access to screens. There is zero reason your child needs x unmonitored hours with YouTube or Netflix or a browser or anything else.
I have a kid. Actually two kids. They have their usage controlled by google family. I review weekly their internet usage, screen time is limited to 2 hours/day. They dont have social media. School research and etc, they do at home, in the "main computer" in our dinning room. Youtube too. In the end is our responsibility to educate and protect our kids. I truly dont see a need for such extra controls if the parents aren't interested in enforcing it.
I think you should just give your away children in servitude to neo-feudal overloards. You're halfway there. You clearly don't want to be a parent.
The breathless fearmongering over an age field on account set up is just completely over-the-top. This is probably the least bad out of all possible ways to implement age checking. The benefit of this is that it can short-circuit support for more onerous age verification. The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end. The question is how awful will the new normal be? Legislation like this is a win all around, a complete nothingburger. We should be celebrating it, not fighting it tooth and nail.
The tech crowds utter derangement over this minor mandate is truly a sight to behold.
This bill requires actual verification and leaves it up to the politically controlled FTC to determine how this should happen. It’s a disaster.
> The Parents Decide Act solves the self-reported-birthday problem by demanding something verifiable, which in practice means a government ID, a credit card, a biometric scan, or some combination.
> However, Gottheimer has not specified which. The bill does not either. It’s up to the FTC to decide.
The article's analysis doesn't appear to be accurate. From the bill:
(a) Requirements.—An operating system provider, with respect to any operating system of such provider, shall carry out the following:
(1) Require any user of the operating system to provide the date of birth of the user in order to—
(A) set up an account on the operating system; and
(B) use the operating system.
(2) If the relevant user of the operating system is under 18 years of age, require a parent or legal guardian of the user to verify the date of birth of the user.
(3) Develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer.
The only requirement for "verification" is to enter a birthdate on account set up, and underage accounts have the parent "verify" the birthdate. There is certainly some ambiguity in the bill which is not good, but efforts should be towards resolving the ambiguity in favor of a lack of intrusiveness.
Verification is explicitly required.
(d) Regulations.—
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to carry out this section, including regulations relating to the following:
(A) How an operating system provider can—
(i) verify the date of birth of a parent or legal guardian described in subsection (a)(2); and
(ii) carry out the requirements described in subsection (a) with respect to an operating system of such provider that may be shared by individuals of varying ages.
(B) Data protection standards related to how an operating system provider shall ensure a date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user, to carry out this section and any regulation promulgated under this section—
(i) is collected in a secure manner to maintain the privacy of the user or the parent or legal guardian of the user; and
(ii) is not stolen or breached.
Fair point. Leaving the nature of verification open ended is not good and should be part of the legislation.
This needs to be simply fought because it's a measure that is supposed to fight the reluctance of the society, not actual problem. For the actual problem it's ineffective. This will be met by surprise once it's fully implemented and new, worse measures will be proposed. Hence, it needs to be cut off as early as possible to spare everyone the trouble.
Like the authors of these bills, you appear not to understand the technology.
Consider AB1043. It mandates that applications check the age of the user each time the application is launched.
Think about what that means when you run `make` in a source directory. How many times is the compiler application launched?
Let's try to be a little bit sensible here. Presumably the requirement to check depends on the nature of the application. A completely offline app for example has no use for an age check and thus wouldn't need to read it.
This bill doesn't seem to create a requirement for the application, but e.g. the California one required all applications to check age.
https://en.wikipedia.org/wiki/Anticipatory_obedience
No, derangement is declaring "The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end." without fighting it at all and just mindlessly accepting it because you were told it was going to happen.
It should be really easy to get your bank account information then. You're just going to give it to me, right? What is this? You're fighting me tooth and nail instead of celebrating giving me your banking info?
It's derangement to jump from an adult/not-adult bit to bank account information.
It's derangement to be the lowest comment here about to be flagged and still think: ITS NOT ME THAT'S THE ASSHOLE! ITS EVERYONE ELSE!
Everyone is sick of your personality disorder.
Yes, because consensus surely is a reliable guide to truth.
least bad way to implement age checking is just asking user
An completely ineffective age check is not an age check.
Hack's portfolio site located at: itcanthappenhere.retard.
Well, perhaps your mental model of the actual objections to it are incomplete. There are a few problems and I'm curious what you have to say about them. First, "The benefit of this is that it can short-circuit support for more onerous age verification". Do you think that it "can" or that it "will"? Big difference. It could also go the other way, right? Opening the door to a more onerous version? Why do you think that isn't worth considering? Secondly, "This is probably the least bad out of all possible ways to implement age checking". What about parental controls that exist already? Someone seriously tried to tell me last time that parental controls "suck", but that's irrelevant, they don't have to suck, and in fact anything can suck. That's just happenstance. So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls? Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that? In that case, parental controls actually give you more power, and make this new age check completely obsolete. Thoughts? Lastly, maybe you're not from the USA, but we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right? It's also a nothingburger, right? But then, you've compelled people to put something in every published book. Actually, that's a bad analogy. We should say that ALL BOOKS require this signature field on the first page. After all, we don't know what kinds of expletives and horrible things people might have written in the margins of the book (assuming it's being sold second-hand). That would be okay with you, right? Nothingburger? But it compels people to write something, and that's a door most legal scholars know not to open.
> The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end.
And books..? And the newspaper? What if a child reads about a horrible murder in the newspaper that keeps them up at night? What if the government outlaws books and newspapers because they can contain bad things? We'd better add a "adult/ not adult" checkbox to the first page to "short-circuit support for more onerous age verification".
This is the most elegant and polite refutation of age verification I've ever seen
This is brilliant. I haven't even thought about some of the questions you ask. Thank you.
>It could also go the other way, right? Opening the door to a more onerous version?
I don't see a plausible scenario where the implementation of this mandate makes further mandates more easy to get passed. An age field and an API to access it is as trivial as it gets. More onerous age checking is not something that is an extension to or somehow made more easy given the pre-existence of the age field. No argument against more onerous checking is undermined or rendered less severe due to an age field already existing. There is no slippery slope here.
>So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls?
There is already a pretty significant market for parental controls, so presumably if their quality were a limiting factor in their adoption the market would have responded already. Parents simply aren't interested enough or savvy enough to apply them. Parental controls also just intrinsically suck for a lot of reasons. They are either mostly ineffective or wildly intrusive, like giving total access to children's communications and internet activity to external companies.
>Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that?
Presumably an adult is involved in purchasing devices and setting up accounts for their young children. Putting an age of account holder field into the account set up workflow seems pretty effective. It's not 100%, but it doesn't need to be for it to be a major improvement over the status quo. The lack of verification is a feature of this mandate, not a bug.
>we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right?
As those pushing this kind of legislation are fond of pointing out, we have age checks for buying alcohol or purchasing adult magazines in shops. Presumably these don't run afoul of the first amendment. This idea that we can't or shouldn't mandate age checking in some form to access content deemed inappropriate to children is just a losing argument. Again, the writing is on the wall here.
At this point anything that makes computers less usable is a good thing, time we go back to the real world. It was extremely unpleasant while it lasted.
This was a great comment, you challenged them but in a reasonable way and with really good questions
I wish public discourse were more this way - if someone is arguing in good faith, actually answering what you asked moves the conversation forward, it’s just on the person to give you a serious answer