California's age verification law may end up exempting most Linux distributions
Posted by Fcking_Chuck@reddit | linux | View on Reddit | 139 comments
Posted by Fcking_Chuck@reddit | linux | View on Reddit | 139 comments
Reltrete@reddit
It wasn't possible on linux in the first place. 🤔
Desertcow@reddit
As far as proposals go, it was the most feasible for Linux. The requirements were basic age attestation without verification and an API to request the age. Compared to other proposals which demand actual age verification, it was possible, just a blatant invasion of privacy
Reltrete@reddit
The would only work if the user complys with it. I can as a user just compile it out.
null_not@reddit
People keep losing the plot on this. Parents set up their kids devices and few kids will be able to do what you're describing, and if they do it's a disciplinary issue between the kids and their parents. No cares if you're an adult accessing things for adults. That's the basic logic behind this law, which is better than the other laws that are invading people's privacy.
matt95110@reddit
But the issue is people who are adults don’t want to verify their age just to use their computer.
No-Consequence-1863@reddit
Read their comment again. The California law is age attestation not verification. You know like how you click that button thats says “I am 18”.
matt95110@reddit
So if you can just do that then what is the point?
FifteenthPen@reddit
The point of the law is to make it difficult to win a lawsuit against companies like Facebook, Twitter, etc. when a child views adult content on them. The companies can just point out that the child had to have access to an adult account on the device they used to access the adult content, and thus the responsibility falls squarely on whoever let the child use the adult account on the device.
onlysubscribedtocats@reddit
It moves the attestation from the user's input to the device's administrator's settings. Read: the parents', probably.
mina86ng@reddit
Then they should have no issue with AB 1043 since it does not require age verification.
matt95110@reddit
Then what is the point of it?
null_not@reddit
It basically sets up a liability framework, making it clear that app stores and software distributors can not knowingly distribute material not intended for people under a certain age. With out the OS level age signal there is no way for them to know (with in reason). People lie to get around stuff, and in this case with a minor trying to access adult content, that's a disciplinary issue between them and their parents. The publishers and software distributors are doing their part by checking provided information.
matt95110@reddit
So if it is virtually unenforceable then why bother implementing it?
sparky8251@reddit
So when its inadequate they can more easily justify age verification in a follow up bill.
Anyone defending this bill has lost the plot, the entire point is to boil the frog and here people are gleefully allowing themselves to be boiled like total morons.
null_not@reddit
It's enforceable against the software developers and distributors, and sets up a fine structure for those that knowingly distribute to people under 18 or outside their age bracket. It also creates something easy for parents to do. It's not about policing the public, it's about creating reasonable barriers and assigning areas of responsibility. Think of it like a baby gate to keep your little one from just walking into a room they aren't suppose to go in. Can they climb it? Sure, with difficulty. Can adults just step over it? Yes, easily, but it's for the adults. And parents aren't paying attention and the kid climbs the gate, that's no ones fault but the parents.
matt95110@reddit
I’m Canadian. How am I getting fined for this?
null_not@reddit
Your app store or software wont be available in California.
matt95110@reddit
Because I have to hear about it.
mina86ng@reddit
Do you even read comments you reply to? Let me quote u/null_not:
matt95110@reddit
I read the comment and I understand it, and at no point does that do anything productive.
0xe1e10d68@reddit
Clearly you do not understand it.
matt95110@reddit
It it doesn’t work, so it does nothing. It is pointless.
null_not@reddit
I really don't get why people don't understand that they can just put in any date that is [TODAY]-18 and it'll be fine.
pfmiller0@reddit
The point is to provide a mechanism that parents can use if they want to restrict their kids access to certain sites on their home devices.
matt95110@reddit
But that doesn’t work. Just parent your damn kids.
No-Consequence-1863@reddit
The law is helping parents do that. It’s requiring OS vendors to provide parental controls.
0xe1e10d68@reddit
Of course it works. If parents set it up, then kids won't be able to access the websites that are only for of age people. That's the entire point.
This is a lot more effective than asking parents to monitor their kids 24/7.
null_not@reddit
There's no verification with California's law. That's where people have lost the plot and don't seem to understand. It creates a frame work of liability assignment and basic age gating. It's not a bouncer at a door to the internet or your login screen checking ID.
flying-sheep@reddit
People are losing the plot, but there’s a very valid concern that implementing these laws opens the door for future more restrictive laws. Any legal and technical tool you give the government will become weaponized under a more fascist government.
null_not@reddit
I live under a arguably fascist government, or at least fascist inclined. You can't throw away the concept of regulation for public safety because an authoritarian could potentially abuse it later. You stop authoritarians before they even shake a hand, get near a microphone, or come down an escalator.
acidw4sh@reddit
How's that working out for you?
null_not@reddit
The fascism? Not good. The public safety regulation? Great. Would be nice if there were more, like around food safety, labor rights, infrastructure, etc.
Wolf_Deity@reddit
So you don't like the destination but you like how we got here?
null_not@reddit
I think fascism and public safety are separate things unless you take issue with public safety.
TheCh0rt@reddit
I hate safety. We need to normalize people falling down stairs, bugs in salads and most importantly, 4-way accidents at 4-way stops. If elected, I pledge to you I will replace all STOP signs with GO signs. I will upgrade all the water pipes to lead piping. And I will make housing affordable by making building codes irrelevant if you enter the Konami code before you begin digging.
axonxorz@reddit
hahaha ridiculous position is hilarious so funny
null_not@reddit
That's just anti-social.
deviled-tux@reddit
The “age verification” (there never was any verification) crowd loses the plot when their two neurons accidentally rub together
null_not@reddit
I mean, I understand the paranoia and confusion because there are actual laws with invasive and draconian components going into place in some states and some countries, but this isn't this and people need to wrap their heads around that instead of being reactionary.
Extras@reddit
In time we will very clearly see this was the first step toward what comes next.
Reltrete@reddit
I don't know the US but in europe there are already classes in the lower grades that teaches coding basics.
Also in your world children would never get courious about stuff and even teach themself? I mean thats how every human build up interests. Thats how I learned coding even if my parents don't know it.
null_not@reddit
Again, disciplinary issue between those kids and their parents. Parents need to actually parent their kids.
Reltrete@reddit
That thats not working you can see in literally every part of the past 30 years 🤣. I also don't think that parents willingly would enforce a bullshit control-law on their children that would require that their parents loyalty towards the state is bigger than towards their children.
0xe1e10d68@reddit
That's not what's happening lol. There's no "loyalty to the state"; it's just a mechanism to ensure that kids can't just enter an age of 18 on any website; it's also quite easy for parents to set up and they won't have to closely monitor everything their kids do all the time. That's been the problem.
0xe1e10d68@reddit
Completely irrelevant; almost no kid knows how to do it; and the point is not to make a system that works 100% of the time. It just needs to work for 95% of kids.
wednesdayminerva@reddit
oh my god THANK you
null_not@reddit
I feel like most people didn't actually read the law. The changes that are being proposed by committee mentioned in the post make sense though. You can't hold a foundation that distributes opensource software responsible for an out of compliance fork.
Sit_Ubu_Sit-Good_Dog@reddit
The issue comes when you need to connect to something that uses your machine for age verification. Using a machine without age verification built in will basically shut you out of the internet and prevent you from using any non open source software.
deviled-tux@reddit
You’re literally just making stuff up at this point.
Sit_Ubu_Sit-Good_Dog@reddit
What do you think the end game of this is? They’re trying to remove anonymity from the internet. What happens now when you try to connect to a system that you don’t meet the requirements for? Does it say, “oh, don’t worry, you’ve opted out”, or does it deny the connection?
deviled-tux@reddit
Brother I am not gonna argue your delusions away.
albanese-killer@reddit
they are talking about mostly garbage internet, like social media. only a moron wouldn’t see that as the end goal.
bright side is, if it truly does become enforced at a system level, it will actually dawn a new golden age for decentralised sitez.
Sit_Ubu_Sit-Good_Dog@reddit
I just asked you a question, bro. If you don’t want to answer, why are you bothering to reply? Go be smug somewhere else.
Karol-A@reddit
Why not? AFAIK most major distros did take steps in order to complyÂ
Reltrete@reddit
Because of 2 things 1. No institution to force or to enforce 2. The code is opensource with kernel and everything available you can just delete the verification as a user. Even complete amateurs can props do it with youtubevideos thats going to pop up left and right
Karol-A@reddit
No institution to enforce? Isn't the institution the state, as with literally any law?
If you delete the verification, then you're now distributing a system that isn't compliant with the law and could be persecuted for it. Whether anyone would is a separate matter, but I don't think the law made any exemptions for this
jonythunder@reddit
But that's the thing, they can distribute something that's compliant and then people can just patch it out. It's not the times of the 386 and 486 where you'd take several days to compile the kernel.
JoeDawson8@reddit
*prosecuted
deviled-tux@reddit
Do you know there is a difference between civil and criminal law? Because it definitely seems like you don’t.
Like for one the word is “prosecuted”. The state prosecutes criminal acts. Civil law violations are dealt with entirely different processes there is no prosecution.
Lastly the law explicitly says the OS provider has no liability if the user lies and there’s no liability to the user either.
Karol-A@reddit
I'm not familiar with English legal lingo, so that might be the issue here. Not my first languageÂ
deviled-tux@reddit
I see. Persecuted is what happens to minorities (for example). Prosecuted is when the state charges you with a crime.
You can persecute someone (basically just harass or oppress someone) but only the state can prosecute someone.
For a more clear example:
A civil law violation is closer to a parking ticket than a crime. (Parking laws are civil laws not criminal)
Reltrete@reddit
As in state force ios, apple complys. State forces microslop, mircoslop complys. State forces linux, who complys. And an private user normally don't distribute software.
mina86ng@reddit
Ubuntu, System76, Red Hat, Dell and other companies who offer commercial support or integration services.
javopat227@reddit
Well Ubuntu, red hat, Debian, Linus (himself).
Reltrete@reddit
Thats the part were its at, they have no say about the usage of the os since the os is opensourcen, even programmed in the user can even recompile the kernel to get rid of it.
It not like ios or microslop were the code is not openly available.
Shawnj2@reddit
There are a lot of major companies behind Linux which don’t want to be sued, eg IBM and Canonical
SketchiiChemist@reddit
Open source software, you could just turn it off or compile it out if you wanted
Karol-A@reddit
Then I think you'd be the one liable for not providing the necessary functionality? The enforcement remains questionable and you could likely avoid it, but I don't think compiling by yourself really exempted anyone from this law
SketchiiChemist@reddit
The question was is it enforceable, not if choosing to circumvent it meant you'd be in violation of it. And with open source software it's very possible to just not provide it
megayippie@reddit
No, the law seemed better than that. You would be fine doing that. You simply would not be allowed to share executables with that change with others. So perhaps the FSF would sue you
torsten_dev@reddit
Far from it.
C4rpetH4ter@reddit
It probably could be, but it wouldn't be as intrusive or centralised as on windows or mac, just a "please verifify that you are over 18" and it wasn't published or saved anywhere.
I feel like red hat enterprice and ubuntu could do it since they are company run, but community linux distroes wouldn't.
AudioHamsa@reddit
Looks like the variety of lobbying efforts by Open Spurce vendors and associations has worked.
iLikeDickColon3@reddit
servers hosting could have effected it as another user here said
Smasher3825@reddit
California wants more people to use Linux, I guess.
rebbsitor@reddit
It's still a bad law. Operating System providers shouldn't be responsible for age verification for 3rd party services.
This is Meta and others looking to offload responsibility.
Willing_Context7531@reddit
Yeah we all agree it's a bad law.
All the recent polling shows that most parents and most teenagers want some form of age verification laws.
Circle jerking that these laws suck without offering alternatives to constituent demands is performative complaining.
rebbsitor@reddit
Making laws that do nothing except shift responsibility and have no real-world effect on the problem they're attended to address is performative legislating.
TalosMessenger01@reddit
I don’t like this argument because those third party services shouldn’t be responsible either. Why are we looking at people having to either give their data to Microsoft/Google/[other OS provider] or to every single online service they use which the government decides to put age limits on?
Honestly the second option is even worse because you have to trust more entities with not using it improperly or leaking it.
IAmRoot@reddit
Yeah, the real problem are the algorithms designed to push the agenda of the social media owners. The real solution is to mandate social media be limited to newest and top voted/activity within a sliding window.
detroitmatt@reddit
I think the real solution is to deprivatize social media
Shawnj2@reddit
More realistically there was pushback from tech companies that use Linux who used their lobbying powers to make lawmakers aware of how idiotic the bill is
Willing_Context7531@reddit
They acknowledged from the very beginning that amendments would be needed to make exemptions. It was signed with that understanding.
They didn't need massive lobbying, they were already doing it.
https://www.gov.ca.gov/wp-content/uploads/2025/10/AB-1043-Signing-Message.pdf
Seriously, I encourage you and anyone that upvoted your post to go on youtube and watch a cartoon on how legislation is crafted and passed. Legislation being passed this way is very common across all 50 states.
AudioHamsa@reddit
This happened.
A lot.
Turbulent_Fig_9354@reddit
Normies don’t give a shit about this. Most of these apps collect your age data already anywaysÂ
megayippie@reddit
"we have to move silicon valley elsewhere if you do this" is probably the reason . Run tech companies without Linux? No, you not
zlice0@reddit
exactly my thoughts when i saw it. would be such a pos pita stupid thing to do for the whole reason cali is still a leading econ
C4rpetH4ter@reddit
Yeah, 80% of servers gone? Or 100% of supercomputers.
It would be shooting yourself in the foot.
za72@reddit
that would actually be so helpful... I hate fixing my dads laptop every other month
CthulhusSoreTentacle@reddit
Honestly good.
deviled-tux@reddit
So like is anyone going to apologize for harassing that one developer who wanted to comply with the law? (Btw the infrastructure is still needed because in theory you can ship a proprietary OS based on Linux)
I wouldn’t hold my breath waiting for that apology
LepidusII@reddit
Nope
theEvilQuesadilla@reddit
Who wanted to comply with the law? Why the hell would anyone apologise for harassing someone like that?
Saxasaurus@reddit
You shouldn't be harassing anyone for any reason. Certainly not an open source developer for writing code you don't like.
theEvilQuesadilla@reddit
lmao. There are myriad valid reasons to harass countless people, mate. For example, known rapist Brock Allen Turner. It's perfectly valid to harass him. And no, I didn't personally harass this particular developer.
Arnas_Z@reddit
Nope, fuck him.
IamThunderFart@reddit
No, that guy was an opportunistic, gaslighting cocksucker that acted all innocent and there was nothing organic about his behavior. Fuck that asshole.
deviled-tux@reddit
I can hear the two neuron cells rubbing together
djao@reddit
I think it's reasonable that if someone wants to distribute a proprietary Linux-based OS (ChromeOS, Android), then they need to implement the age related infrastructure themselves.
hairfred@reddit
Always wondered how the hell they think they're going to implement age verification for servers? You need to be a certain age to access content on this server, but the server user has to be old enough too! Many machines, heck even some user profiles are shared, owned by an organisation rather than an individual. How do you go about enforcing this globally, or around proxies / VPNs, for actual age VERIFICATION you need a reliable source of truth for the user's age; so you presumably need an ID, any if it's in a physical form you need some hardware to scan / photograph that and verify it with some auth server.
I am a layperson on this matter, but it seems really impractical and fraught with problems.
Willing_Context7531@reddit
The bill was literally passed with the understanding that exemptions would be amended in throughout the year.
pfmiller0@reddit
The CA law has no verification requirement, just attestation. You're thinking of some other jurisdictions which are proposing laws with actual verification.
frankenmaus@reddit
Not even attestation. Only mere "indication".
gmes78@reddit
This doesn't target servers at all.
hairfred@reddit
From what I understand of this particular legislation; is that it isn't verification at all anyway, simply an input field with an API that allows software to ask for the user's age.. it just seems a pointless endeavour to me.
If / when it comes to actual verification I don't really understand how they would make a law without being explicit. What differentiates a consumer device from a server? Is it hardware? Is it distro level? kernel, DE? All options seem problematic. I really can't see how they can practically distinguish in such a black & white way without there being so many loopholes & problems. Some countries seem to be pursuing these kinds of laws (I think the current UK gov is likely to be attempting more control); but I cannot see them ever working the way they perhaps think or hope for.
deviled-tux@reddit
The point is for the OS and applications to cooperate so that unified parental control measures can be introduced.
For example if this law existed before then the whole discord age verification thing would be illegal. They would have to use the standard OS APIs.
deviled-tux@reddit
> “Application” does not include software components that are not themselves offered to consumers as a stand-alone executable application through a covered application store."
They kind of explicitly say it now though I guess the circular definition isn’t good.
My understanding of “standalone executable application” would be a desktop program which you can double click to start. Laws are typically read as a reasonable person would understand them. (Ultimately a judge says what a “reasonable person” is and how it is interpreted)
Not as whatever delusional “gotcha” reasoning people on reddit can come up with.
BashfulMelon@reddit
I was told by the conspiracy nuts that this was impossible and governments never do things like this. I'm sure they'll do the mental gymnastics to spin this as further evidence of the conspiracy.
Willing_Context7531@reddit
This was obvious when all the news broke and people were losing their minds.
Legislation is public information. Signing statements are public information.
When the bill was signed by the governor, it had an explicit statement that carve out exemptions would need to be made. This is done through standard amendment processes.
Tech "journalists" all ignored this publicly available information (all accessible from the device in our pockets).
Environmental_Mud624@reddit
whoever wrote this legislation is either an idiot or was trying to build in huge exceptions
Saxasaurus@reddit
If an distro distributes closed source software is it exempt or not? SteamOS is mostly OSS but important parts are closed. Is it exempt? Is software distributed through the package manager part of the OS? What about proprietary drivers? Are the drivers part of the OS if they are preinstalled? Or if they are installed using the package manager?
barfightbob@reddit
We're going to revert the birthday change to systemd now, right? Right?
If we can rush to add it, we can rush to remove it too, right? Or will systemd discover prudence conveniently now?
BoutTreeFittee@reddit
Does this mean I can't lie about my age to Steam any more?
nonanonymoususername@reddit
Linux is by nature multiuser , it is being automatically installed, it is running virtualization 4 layers deep with instances spun up and down on demand. The idea that everything instance must be age verified by a “user” , a user who will not be using it after install , is pants on head stupid
TheOgGhadTurner@reddit
REEEEEAAAALLLLYYY
rarsamx@reddit
The law has two components: the requirement for the OS to capture the bracket and provide the API and the requirement for the apps to check.
If Open-source OSs doesn't asks for age or doesn't check, the app may request verification and fail to start.
Games are one of the targets of the law. They don't get distributed by the OD repository so they will be covered.
The current increase in adoption for Linux on the desktop as been gamers. Those users will need to go back to proprietary OSs.
redundant78@reddit
this doesn't really track though. Steam already does its own age verification at the storefront level, it doesn't need an OS-level API for that. game devs and distributors can handle age checks in their own launchers without relying on the OS at all. nobody's going back to Windows over this lol
djao@reddit
Certainly some games are included in the original distro repositories. You seem to be referring exclusively to proprietary big ticket games.
The sensible solution for proprietary, big ticket games is for the game distribution platform (e.g. Steam, Lutris) to implement the required API.
rarsamx@reddit
But that's not what the law asks.
djao@reddit
Then what does the law ask?
C_hotpocketer@reddit
PLEASE REPS PLEASE DO YOUR JOB
Harryisamazing@reddit
So glad to hear it honestly, I can continue using linux without having to worry about submitting ID as crazy as the idea sounded
Sensitive_Box_@reddit
This doesn’t just end here. We kind of dodged one single bullet…Â
Harryisamazing@reddit
I know the end goal and where these laws are headed, its digital ID and to deanonymize every person that are connected online.
ConcaveNips@reddit
Steam already asks for age verification.
misterglassman@reddit
2026 is the year of Linux.
Interesting_Key3421@reddit
Who will save the children now? /s
adda5@reddit
Congress and American elites
metalOpera@reddit
They said "save" not "rape".
quilllord@reddit
the republicans
LasnajaB@reddit
Dont care, moved to devuan already...
JailbreakHat@reddit
For OS developers, I am sure it was only Linux and other open source OS developers that was against implementing this to their system. I am sure Microsoft would really be happy to implement this on Windows and Google would be equally support this legislation for Android since it would allow them to collect even more data and sell it to their advertisement partners. Apple on the other hand, despite it’s marketing is heavily towards privacy and security, wouldn’t also mind that much given that they already implemented age verification for UK in both iOS and macOS despite Online Safety Act has nothing to do with operating systems.
firedrakes@reddit
Come back to me with real lawyer chime in. Not reddit experts
frankenmaus@reddit
The current language already does not apply to linux distributions themselves as they are not "operating system providers" under the act.
mina86ng@reddit
Correct. It applies to Canonical, IBM, Dell etc.
frankenmaus@reddit
Not Canonical, I think.
Software is not an "operating system" until it is loaded on to and running on some hardware and, AFAIK, Canonical does not supply hardware.
mina86ng@reddit
They provide commercial support and partner with companies such as Dell or Lenovo, so I expect the law applies to them.
aliendude5300@reddit
Good. That's fantastic news!
matt95110@reddit
This is practically unenforceable on a Linux distribution anyways, so why bother trying to implement it?