Sorry but I don’t think the article text backs up the title?
The claim is that they have to enforce age verification, but the quoted law says:
Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Doesn’t this just mean it needs to ask for an age at setup, so e.g. parents can set it up with an age and they can automatically be restricted?
I don’t see anywhere actual verification is required, if you’re setting it up yourself then just lie?
Honestly, this sounds like my preferred path if we are gonna do anything.
But also, every FreeDos install ,server, managed network switch, IoT device, gas pump, etc. now needs to verify user age.
Also, it has to make “reasonable” effort to verify the age. Maybe just asking your age isn’t considered reasonable by the state. Since the law doesn’t lay out what to do, anything you do might become unreasonable depending on the winds of the day.
Nah it seems it doesn’t apply to physical devices (except general computing devices as mentioned elsewhere)
(f) This title does not apply to any of the following:
(1) A broadband internet access service, as defined in Section 3100.
(2) A telecommunications service, as defined in Section 153 of Title 47 of the United States Code.
(3) The delivery or use of a physical product.
(3) seems to imply the OS that runs your switch or gas pump isn’t included. But I see nothing in the law that clarifies servers or any CLI only interface, or even any OS that doesn’t have accounts.
Where do you quote “reasonable” from? The only part of the law with that word is referring to a different, already existing law (or the bit about reasonable technical limitations causing the wrong signals sent in the API).
Nah I don’t think it does. You don’t really get that because the intent of a law is important in court cases.
Mobile phones are specifically covered:
(g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
I’m just not sure. It seems contradictory to me, since the manufacturer of a physical device is also “a person or entity that controls the operating system”. Unless they sell the hardware with no OS installed? This exemption doesn’t seem to mean anything.
With how they’ve defined “App Store”, basically any product that can download applications is affected by this, including devices that don’t even have the concept of a user account. I’m a little unclear still on what’s required of an entirely offline OS.
Ok I did it, I read the full text of the law, and you’re right.
The existence of Linux or anything not big tech and the broad range of options within seems to be ignored. Does a CLI only OS need to provide a GUI for its “accessible interface”?
On a different note, I did see the last point here:
(f) This title does not apply to any of the following:
(1) A broadband internet access service, as defined in Section 3100.
(2) A telecommunications service, as defined in Section 153 of Title 47 of the United States Code.
(3) The delivery or use of a physical product.
(3) seems to imply the OS that runs your microwave isn’t included.
I am also using my phone with no account linked to it, as it is not required. It still seems to be an ignored usecase, even with the added context you provided.
Yeah perhaps. Or that “account” doesn’t really need to bw what we think of as an account.
Could it be covered, but they would still have to ask? It says if it wasn’t done at setup it has to ask, so perhaps an account-less OS would still be expected to ask for an age and provide it when asked?
And I don’t understand, because windows already does this and has for years. I don’t live in California though, so I don’t know the particular nuances they are asking for.
The problem is, and has always been, getting parents to use the tools. So unless you’re sending parents to jail for not doing this, then it’s totally optional and most won’t use it.
If you want screentime limits, content filters, browsing history, restricted programs, age verification, wallet control, friends list filters, etc. It exists and is available on Windows and Xbox for free.
I think the next bit from the article I didn’t quote explains that:
“(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user.”
The categories are broken into four sections: users under 13 years of age, over 13 years of age under 16, at least 16 years of age and under 18, and “at least 18 years of age.”
I think the idea is that you would say that under 16s can’t use social media. Then you’d enforce this not with the horrendous Australian strategy of having everyone IDed, but instead you would enforce it by having an API that websites and apps could use that would tell them the age of the user.
So basically:
Parent sets up device for kid and sets their age.
Kid tries to download Facebook app
Gets denied because they are under age
Kid tries to go to facebook website instead
Website sends request to browser for user’s age, browser asks Windows (or whatever OS) for age and provides this age back to Facebook
Facebook denies access because user is under age
Windows might already have parental controls within Windows, but it’s the ability for apps and websites to know the age (or in this case age range) that is the important part.
Windows can do that too, for the applications and websites that support it. There is no point in forcing it onto other ecosystems if parents are not willing to use the tools in the ones they already exist in.
So this is where devils advocate comes into play. Pretty sure we all are agreed that this law, or anything like it, is ‘not good’. And I’ll leave it at that. Just keep that context in mind as I elaborate further.
Windows actually does do this on install. However, the Microsoft Family feature uses Microsoft Accounts. So technically, sure it’s not the OS (though it IS part of the OS, as you don’t need to download anything extra to enable it’s functions).
But you have to go out of your way now to do an offline windows install without a Microsoft Account. If you’re that savvy, you’re capable of monitoring your child without the help of big government. If you’re a child, then nothing but honesty is keeping you from jumping walls.
But that is windows, and this is Linux. Now I’m not making accusations, but do we really want to push the idea that this form of control needs to be pushed out across everything, simply because the current solution that would work for most families isn’t done at the “OS” level?
And to top it off, I don’t even see it working. Most family devices are set up on an account with a single login. Managing access is not a ‘one and done’ process, at some point you will have to provide permissions, install software, change active hours, approve screen time requests, troubleshoot related problems, and more (and soooo much more if your kid is technically adept). Is it no wonder that most parents just give kids free reign to their computers and consoles?
So before we go around and ruin the experience and privacy of everyone, can we at least ask what the people who want this have done instead? Cause it really does feel like it’s coming from a group who wants everything done for them.
I’m not sure exactly why people keep bringing up privacy concerns here. The law does not require collecting IDs or face scans. It requires os providers to add a screen where the account holder specifies the age or DOB of the user. The OS is not allowed to send that information to 3rd parties unless it is required by the law. And when they do need to send it, they are required to send the minimum information (just the age range, not even the DOB).
This law actually does more to penalize the parents that give their children free access to the internet. If the parent circumvents or enters the wrong age then they are penalized.
In addition it also forbids developers from asking for more verification data unless they are confident that your age range is incorrect. Which stops developers, for instance Discord, from requesting IDs without reason.
I do not think this law is written well at all. But I also would not mind more structure to how age attestations are done.
I’m sure many parents are capable of monitoring their children online. They either just don’t care or don’t think they should have to.
Fair on the privacy aspect, but again, I’ll point out that Microsoft Family already does the age bracket thing. I think how it’s done is slightly different, as software/websites have to disclose age groups rather than requesting it. Different sides of the same coin to be sure.
As for parents, I think it’s a mixed bag. I know a lot who are a mess at computers. Most don’t even know these tools even exist. Those that do, don’t have the time to do it properly (it only takes one night when your kid gets locked out of their account doing schoolwork due to screen time limits and your trying to troubleshoot why your approval to your kids request isn’t going thru via your phone, etc). But there certainly are also those that don’t care at all or feel they shouldn’t have to do it. It’s getting better though, I see a lot less young people with tech blindness every year.
Sorry but I don’t think the article text backs up the title?
The claim is that they have to enforce age verification, but the quoted law says:
Doesn’t this just mean it needs to ask for an age at setup, so e.g. parents can set it up with an age and they can automatically be restricted?
I don’t see anywhere actual verification is required, if you’re setting it up yourself then just lie?
Honestly, this sounds like my preferred path if we are gonna do anything.
But also, every FreeDos install ,server, managed network switch, IoT device, gas pump, etc. now needs to verify user age.
Also, it has to make “reasonable” effort to verify the age. Maybe just asking your age isn’t considered reasonable by the state. Since the law doesn’t lay out what to do, anything you do might become unreasonable depending on the winds of the day.
Nah it seems it doesn’t apply to physical devices (except general computing devices as mentioned elsewhere)
(3) seems to imply the OS that runs your switch or gas pump isn’t included. But I see nothing in the law that clarifies servers or any CLI only interface, or even any OS that doesn’t have accounts.
Where do you quote “reasonable” from? The only part of the law with that word is referring to a different, already existing law (or the bit about reasonable technical limitations causing the wrong signals sent in the API).
Is a mobile phone not a “physical device”? An operating system always has to run on physical hardware, so does this just invalidate the entire thing?
Nah I don’t think it does. You don’t really get that because the intent of a law is important in court cases.
Mobile phones are specifically covered:
I’m just not sure. It seems contradictory to me, since the manufacturer of a physical device is also “a person or entity that controls the operating system”. Unless they sell the hardware with no OS installed? This exemption doesn’t seem to mean anything.
With how they’ve defined “App Store”, basically any product that can download applications is affected by this, including devices that don’t even have the concept of a user account. I’m a little unclear still on what’s required of an entirely offline OS.
I am not sure what’s required of a bare bones Linux install (general computing device) that has access to a package manager (application store)!
But why do they assume that I am going to create an account to simply use an OS?
Ok I did it, I read the full text of the law, and you’re right.
The existence of Linux or anything not big tech and the broad range of options within seems to be ignored. Does a CLI only OS need to provide a GUI for its “accessible interface”?
On a different note, I did see the last point here:
(3) seems to imply the OS that runs your microwave isn’t included.
I am also using my phone with no account linked to it, as it is not required. It still seems to be an ignored usecase, even with the added context you provided.
Yeah perhaps. Or that “account” doesn’t really need to bw what we think of as an account.
Could it be covered, but they would still have to ask? It says if it wasn’t done at setup it has to ask, so perhaps an account-less OS would still be expected to ask for an age and provide it when asked?
And I don’t understand, because windows already does this and has for years. I don’t live in California though, so I don’t know the particular nuances they are asking for.
The problem is, and has always been, getting parents to use the tools. So unless you’re sending parents to jail for not doing this, then it’s totally optional and most won’t use it.
If you want screentime limits, content filters, browsing history, restricted programs, age verification, wallet control, friends list filters, etc. It exists and is available on Windows and Xbox for free.
I think the next bit from the article I didn’t quote explains that:
I think the idea is that you would say that under 16s can’t use social media. Then you’d enforce this not with the horrendous Australian strategy of having everyone IDed, but instead you would enforce it by having an API that websites and apps could use that would tell them the age of the user.
So basically:
Windows might already have parental controls within Windows, but it’s the ability for apps and websites to know the age (or in this case age range) that is the important part.
I much prefer this than handing over ID.
Windows can do that too, for the applications and websites that support it. There is no point in forcing it onto other ecosystems if parents are not willing to use the tools in the ones they already exist in.
Windows doesn’t ask at install, and also this law requires them to ask for already set up accounts too.
This will make it a lot more visible.
So this is where devils advocate comes into play. Pretty sure we all are agreed that this law, or anything like it, is ‘not good’. And I’ll leave it at that. Just keep that context in mind as I elaborate further.
Windows actually does do this on install. However, the Microsoft Family feature uses Microsoft Accounts. So technically, sure it’s not the OS (though it IS part of the OS, as you don’t need to download anything extra to enable it’s functions).
But you have to go out of your way now to do an offline windows install without a Microsoft Account. If you’re that savvy, you’re capable of monitoring your child without the help of big government. If you’re a child, then nothing but honesty is keeping you from jumping walls.
But that is windows, and this is Linux. Now I’m not making accusations, but do we really want to push the idea that this form of control needs to be pushed out across everything, simply because the current solution that would work for most families isn’t done at the “OS” level?
And to top it off, I don’t even see it working. Most family devices are set up on an account with a single login. Managing access is not a ‘one and done’ process, at some point you will have to provide permissions, install software, change active hours, approve screen time requests, troubleshoot related problems, and more (and soooo much more if your kid is technically adept). Is it no wonder that most parents just give kids free reign to their computers and consoles?
So before we go around and ruin the experience and privacy of everyone, can we at least ask what the people who want this have done instead? Cause it really does feel like it’s coming from a group who wants everything done for them.
I’m not sure exactly why people keep bringing up privacy concerns here. The law does not require collecting IDs or face scans. It requires os providers to add a screen where the account holder specifies the age or DOB of the user. The OS is not allowed to send that information to 3rd parties unless it is required by the law. And when they do need to send it, they are required to send the minimum information (just the age range, not even the DOB).
This law actually does more to penalize the parents that give their children free access to the internet. If the parent circumvents or enters the wrong age then they are penalized.
In addition it also forbids developers from asking for more verification data unless they are confident that your age range is incorrect. Which stops developers, for instance Discord, from requesting IDs without reason.
I do not think this law is written well at all. But I also would not mind more structure to how age attestations are done.
I’m sure many parents are capable of monitoring their children online. They either just don’t care or don’t think they should have to.
Fair on the privacy aspect, but again, I’ll point out that Microsoft Family already does the age bracket thing. I think how it’s done is slightly different, as software/websites have to disclose age groups rather than requesting it. Different sides of the same coin to be sure.
As for parents, I think it’s a mixed bag. I know a lot who are a mess at computers. Most don’t even know these tools even exist. Those that do, don’t have the time to do it properly (it only takes one night when your kid gets locked out of their account doing schoolwork due to screen time limits and your trying to troubleshoot why your approval to your kids request isn’t going thru via your phone, etc). But there certainly are also those that don’t care at all or feel they shouldn’t have to do it. It’s getting better though, I see a lot less young people with tech blindness every year.
I agree. This doesn’t seem any more egregious than clicking a button on a website that says “I am over 18”.
Which website is that?
The one with naked people on it.
Do you have the slightest idea how little that narrows it down?
Mr. Powers, everybody says that nudity and cursing aren’t Internet-safe. How much poem could there possibly be?
Wait, there is more than one?