Rendered at 08:38:58 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
DebtDeflation 11 hours ago [-]
Age verification at the OS level makes no sense to me. Most households aren't going to have a separate device for every family member and so you will end up with a tablet or computer set up by one of the parents (and thus having their age stored) that will be used by both parents and children. Likewise, people generally won't create a separate account for every potential user.
dathinab 10 hours ago [-]
> Age verification at the OS level makes no sense to me.
it's the only form of "age verification" which can be done in a somewhat privacy respecting way (as in at most leak the age)
the idea is to "bounce back" the "is old enough" decision to parent controls and let the parent choose (the Californian law doesn't quite do that perfectly, but goes into that direction)
and if you sell what is more or less a general purpose compute/internet access device with OS (which I do include phones into) I think it's very reasonable to either sell it to adults only (with a disclaimer it's "not for children") or include
proper parent controls
> Most households aren't going to have a separate device for every family member
in current times in the west it is very very common for many devices to be for one person only. Especially phones, or at least have different (OS) accounts.
but again this comes back to "parent controls", weather that is for a child (OS) account or a way to switch from a child profile to a adult profile doesn't matter
but in the end, the point of such laws should be to give parents tools to parent. As well as handling the case of parent acting in neglect by inaction. But if a parent intentional decides to give their children a device with their profile because they think it's fine than that should be their choice and responsibility.
> Likewise, people generally won't create a separate account for every potential user.
where it was possible I have not seen it not used, weather it's on a switch, gaming console or PC. It is the most convenient way of automatically separates logins, browsing history, game safes etc.
and the law als isn't made for that shared computer in the living room (through it will apply there). It's more about the devices children might use unsupervised, e.g. their phone.
johnisgood 7 hours ago [-]
Or just not have it at all? What is wrong with parental controls AND parenting? What real issue does this solve?
Bender 7 hours ago [-]
What is wrong with parental controls AND parenting?
Nothing. This has never been about protection of children. It is tracking real identity from every source to every destination otherwise known as user-tracking. If this was about protecting children they would require an RTA header on all adult and user-generated content sites and require the most common user agents to look for that header if parental controls are enabled. No tracking, no uploading anything. [1] Sufficient for small children which is more than we have now or will ever have thanks to corporate greed and lobbying.
> Or just not have it at all? What is wrong with parental controls AND parenting?
It doesn't hand over control of computing to governments
MintPaw 6 hours ago [-]
It solves the problem of your kid borrowing a phone from another kid at school.
lyu07282 7 hours ago [-]
That's why Meta paid for these os-based age identification laws[1], shifting the responsibility from itself onto the app stores. I agree it's probably preferable to do it on device instead of every website implementing an id check through shady as fuck[2] third parties like Persona. This whole thing is just such a mess though, people rightfully distrust everybody involved, all these bought and paid-for politicians. All of a sudden we have the same laws popping up all over the place, US, UK, Australia, Brazil, ... Nobody, not a single person involved gives a fuck about child safety. It's different billion dollar lobbies fighting amongst each other, each with different monetary incentives.
You know what they should do? They should scrap it all, no more "child safety" laws until we kicked money out of politics. Western liberal democracy is in a corruption and legitimacy crisis, this is just it's latest symptom.
Apparently there's been work to expose Meta pushing/funding this, to shift age responsibility from them and force for fine grained age data to be provided to apps.
11 hours ago [-]
TiredOfLife 7 hours ago [-]
Every semi competent os has suppoert for multiple users
izacus 11 hours ago [-]
What are you talking about, most households give personal phones to their children, especially teenagers.
Laptops aren't rare either.
zamalek 10 hours ago [-]
Give the kid a device that is age-controlled. No need for all devices to support it.
pas 10 hours ago [-]
the law is there because parents are fucking clueless unprincipled whining crybabies, who need a lot of support, and sometimes that includes a bit of pushing ...
or who knows what problem is this supposed to fix. orphans buying phones? kids buying secret phones behind their parents back?
bradfa 11 hours ago [-]
I suspect there’s quite a difference between what most people do and what most HN commenters do.
dathinab 10 hours ago [-]
I frequently see comments which would have made sense in the past (e.g. early 2000th) but kinda aren't fully reflecting reality anymore
it's as if humans have a tendency to make up their mind/world view in their younger years and then tend to kinda stick with it/only change it slowly as long as no big live changing events happen
chazeon 9 hours ago [-]
Most CA households may be, but obviously not everywhere
nout 13 hours ago [-]
In the meantime systemd already added handling for Age to the system bus. Next step is to add your race, then income, then who you voted for...
crimsonnoodle58 11 hours ago [-]
Why? Why should Linux ever implement local laws like this as core functionality? Especially invasive/anti-privacy ones.
If someone wants to introduce an age-verification-ca-module, fine, but not make it core. Yes I understand systemd is not the kernel, but its ubiquitous enough.
That just says to every country around the world; Windows, Mac, and even Linux is on board too, let's make it law also!
I dunno, I always expected Linux to be the last bastion of freedom and not to capitulate so easily.
wormius 11 hours ago [-]
Systemd has always rubbed me the wrong way, and its uptake across all the base distros turns me off, but at least...
There are still distros without it, I may have to go to one, since I already jumped Win10 to Cachy for the BS MS is pulling. I was going to go systemd-free but Cachy "just worked" compared to the others in terms of setup. So I stuck with it.
I wish Lennart would just stop already.
opan 7 minutes ago [-]
Your link's not loading for me, but I can recommend Guix System to anyone looking for a systemd-free distro similar to NixOS. For something Arch-like, there's Void (but beware it is not actually based on Arch, so no AUR or pacman).
wolvoleo 5 hours ago [-]
Yeah it's one of the reasons I run BSD. I don't want stuff changing that works well. And I don't want big tech suits telling me what's good for me.
BSD is much less invested in chasing the next big thing, and also has much less contributions from big tech. Which for me are both pluses. Of course I respect those who differ but they have Linux.
And when I see what Poettering is working on now with ammutable I'm even more glad I'm not on that train.
handoflixue 10 hours ago [-]
> Why? Why should Linux ever implement local laws like this as core functionality? Especially invasive/anti-privacy ones.
1) It's legally required to sell computers with that OS in certain jurisdictions
2) I presume there is at least one person actually selling said
3) The feature is so trivially easy to bypass that it presents no reasonable privacy threat at this time (IIRC, it's just a numeric field with no validation?)
crimsonnoodle58 9 hours ago [-]
Lets up the ante.
After seeing how easily California bent OS developers (commerical and open source) to comply with their local laws, Canada decides they will go one further. They aren't happy with a simple date field that can be easily fudged. So they pass a law that requires all OS's to continually scan the biometrics of users using the OS. ie. Camera if it has one, fingerprint reader once an hour, voice analysis, etc.
They also refuse to allow computers to be sold in their country unless OS developers comply with their law.
Do you think you'll see such enthusiam to comply? Or will the line be drawn at some point?
dathinab 10 hours ago [-]
> Why?
it's maintained by companies
they have to comply with law
that they are mostly US companies doesn't exactly help either
Muromec 12 hours ago [-]
Finally we can set the evil bit correctly on a kernel level.
throwawayk7h 3 hours ago [-]
to clear up a misconception for everyone, systemd doesn't do age verification. it just lets you set age restrictions on accounts. It's very sensible.
iugtmkbdfil834 12 hours ago [-]
That is ok. The writing was on the wall for a while. It is time to let it go. It served its purpose. We might as well start mapping out a way without it in a more serious way out of sheer necessity. I know I am.
enoint 9 hours ago [-]
Nit: introducing a user account field is not the same as the system bus. It’s in ~/.identity and might be absent altogether.
ranger_danger 4 hours ago [-]
> Next step is to add your race, then income, then who you voted for
I don't see what prevents anyone (e.g., a distro maintainer) from patching that anti-feature out of the source or disabling with with root access. As long as people can control the software running on their machines, which is the idea behind Linux, nothing that people don't actually want will stay in the system.
Systemd shouldn't be foisting this nonsense on Linux users however. I suppose the anti-systemd subset of the Linux community was proven right after all, this is the kind of issue that can end up facing when a huge piece of opinionated software like systemd more or less becomes an indispensable part of Linux.
If you think that's bad, just wait till you see eastern tech.
haolez 11 hours ago [-]
That's an interesting topic. Please, elaborate.
joe_mamba 11 hours ago [-]
Western surveillance tech is superior because it gives you the option to choose your gender on a fluid scale when they're vacuuming your private data, whereas backwards eastern tech limits you to only male or female.
nout 11 hours ago [-]
What about not asking for gender when gender is completely irrelevant to the thing that the user is trying to do?
joe_mamba 11 hours ago [-]
But how would the government know who's writing mean comments against them online without detailed surveillance?
alexdns 11 hours ago [-]
it was reverted ?
crooked-v 11 hours ago [-]
Someone tried to gaslight the maintainers into reverting it and was rejected.
stego-tech 12 hours ago [-]
Good on them. Devices shouldn't collect any extraneous data by default other than that needed to fulfill a feature a user consciously selects, and that includes this stupid age verification spyware regimes are pushing.
An adult had to pay for the ISP connection; that's the extent of age verification needed. We shouldn't be demanding adults expose their identities to for-profit entities and surveillance states, so much as mandating for-profit companies make parental controls easier to use, more effective, and stopping them from harvesting data on kids in the first place.
Not every corner of the universe needs to be baby-proofed; we just need to build a society where parents are enabled and supported to be parents, rather than outsourcing such a critical role to strangers and/or devices so they can get back to work.
pxeboot 12 hours ago [-]
> An adult had to pay for the ISP connection
In many countries, it is still possible to buy a prepaid SIM without any ID.
stubish 9 hours ago [-]
Fewer and fewer countries. I think none of the countries I've been too where I've purchased a SIM without ID allow that anymore. It is required to try to limit purchase by scam call centers and to enable phone number portability.
wolvoleo 5 hours ago [-]
So, they can change that if they want.
AlexandrB 9 hours ago [-]
And if such a country wants to keep kids off of the unrestricted internet they should just ban that practice.
Symbiote 1 hours ago [-]
And HN would complain even more about the loss of privacy.
loloquwowndueo 11 hours ago [-]
> An adult had to pay for the ISP connection
Ever heard of free wifi?
stego-tech 9 hours ago [-]
I have! And an adult still has to pay the connection charges to offer that free wi-fi. Or provide the funds for a kid to buy a device to connect to said free wi-fi.
You can go down the rabbit hole as far as you like, but it's to no avail. At some point, an adult has to consciously enable the child to connect to the internet. Full stop.
11 hours ago [-]
charcircuit 11 hours ago [-]
Apps requesting an age is not extraneous and there are many legal and safety reasons why an app may collect this information. If the operating system doesn't do it you run into the cookie banner situation where every individual site has to implement a dialog box asking the user instead of there being a standardized way to do it.
stego-tech 9 hours ago [-]
Except the cookie banners are also optional, unless you're using third-party services to collect that data. Don't blame the cookie banner, blame the dozens or hundreds of "partners" that site is using to "process" your data, blame the site owner for building such a travesty of a page that they have so many "partners" in the mix harvesting extraneous info unnecessary for basic functionality instead of building a better, cleaner, leaner, targeted service.
charcircuit 8 hours ago [-]
So is an app needing the age of the user. That doesn't mean there are not a bunch of people who will collect the information. It's like saying washing your hands before cooking food is optional and that people should blame restaurants for serving food. It's not a serious suggestion. Restaurants will continue with the business model of exchanging food for money and websites will continue with the business model of showing ads. These kinds of businesses will exist forever.
I wonder how things like computers at the library will work. This whole thing is just so stupid and intrusive. I can't imagine anyone will benefit from this except advertisers, doxxers and Big Brother.
wolvoleo 5 hours ago [-]
You're not really going to be watching porn at the library though, just saying
hackinthebochs 1 hours ago [-]
In fact, many libraries have computers sectioned off in semi-private areas exactly for this reason...
cadamsdotcom 11 hours ago [-]
This is excellent; silly laws on the books should exclude countries from access to things.
Unfortunately it’s not enough because there’s also a need to work to get the laws repealed AND stop the endless attempts to bring them back.
h4kunamata 10 hours ago [-]
We expected no less from GOS project.
systemd which was already in hot water over because the problems it creates over service, this was the last drop to get folks dropping systemct altogether.
echelon_musk 15 hours ago [-]
How's that gonna pan out with Motorola?
HybridStatAnim8 13 hours ago [-]
Motorola likely wont sell devices with GOS preinstalled in those regions.
NotPractical 13 hours ago [-]
Wasn't most of the hype surrounding the Motorola partnership based on the idea that you'd be able to get a device with GrapheneOS pre-installed, boosting the legitimacy of GrapheneOS as a competitor to Google Android? Sure, "GrapheneOS adds several more supported devices" is cool and all, but it's not nearly as exciting...
HybridStatAnim8 10 hours ago [-]
No. The bare minimum is that Motorola provides the needed baseline hardware security requirements to their future devices. Everything else is just a bonus. There could be green-boot support and/or preinstalled devices, but thats not a necessity. GOS benefits with an official hardware platform, potentially early partner access to AOSP source code, input on hardware and firmware decisions, and Motorola benefits by potentially having GOS features, better hardware security, and making tons of money from alternate OS users, GOS or otherwise.
sammysep 10 hours ago [-]
[dead]
raverbashing 13 hours ago [-]
More likely they will just add their own age widget themselves
estimator7292 14 hours ago [-]
If Motorola have a problem with it, they obviously aren't the right partner for Graphene.
Graphene obviously won't want to partner with a company that immediately bends over backwards for this kind of puritanical nonsense.
HybridStatAnim8 13 hours ago [-]
Motorola wont break the law. They just wont sell preinstalled devices, if preinstalled devices was even on the table for 2027.
izacus 14 hours ago [-]
Motorola will obviously have a problem with violating the law in several US states.
Like, what's unclear here? Do you seriously say that corporations should just ignore laws which they don't like?
fwn 14 hours ago [-]
If shipping a specific device configuration to the US is illegal, Motorola should not ship this specific device configuration to the US.
I do not think our parent is suggesting otherwise.
AFAIK Motorola and GrapheneOS are not merging, they are getting into a partnership. They do not have to think or do exactly the same.
Apple can comply with both CCP and US demands at the same time without a problem. I am sure Motorola can adjust their services to the markets they are working in, as well.
izacus 13 hours ago [-]
Motorola is pretty much only present in US these days, why would they build a product that can't be sold in their primary market?
Demanding that OSes outright violate the law because you disagree with your own elected government is pretty insane.
dmantis 3 hours ago [-]
Quick google shows that in 2024 half of the Motorola phone sales were in LATAM, especially Brazil. What makes you say that the key market is the US?
HybridStatAnim8 13 hours ago [-]
They are not building a product that cannot be sold in their primary market. They are not designing GrapheneOS devices, they are improving existing devices to meet GOS requirements. There will still be an OEM OS for those devices. Preinstalled GOS devices can simply not be sold there.
13 hours ago [-]
prmoustache 12 hours ago [-]
Can't speak about other continents but Motorola smartphones are at least available all over Europe so your initial statement is incorrect.
Brian_K_White 11 hours ago [-]
Your arguments show a lack of the least imagination, let alone simple reasoning.
There are countless ways to satisfy any regulation while still doing whatever you actually want to do.
The very most obvious is simply sell the device, in the affected areas, with any sort of os that meets the letter of the law in that area.
If it's also easy for the user to install something else once it becomes their property, well that's the new owner's business atthat point, Motorola did their part and complied with everything required.
No one needs to demand a company violate anything. That is just a silly argument to even try to make. Calling people insane for things they never said nor even implied is what's insane.
drnick1 11 hours ago [-]
This is absolutely the right stance to take against such stupid mandates.
idatum 10 hours ago [-]
Can someone catch me up how FB et al are not the ones responsible for age verification?
Is it lack of something similar to PKI for identify verification?
whynotmaybe 10 hours ago [-]
If we go back a few years and analyze the porn magazines that are sold in a gas station, it's not up to the magazine to ensure that the "reader" has the legal age.
So we delegated the responsibility twice, first the gas station attendant must check the age of the buyer and then, the buyer should check the age of any reader.
So now, who's the "gas station attendant" in our situation?
hackinthebochs 1 hours ago [-]
Why would you want every site on the internet to traffic in government IDs? This is by far the least bad out of all possible ways to implement age checking. The benefit of this is that it can short-circuit support for more onerous age verification. The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end. The question is how awful will the new normal be? This implementation is a win all around, a complete nothingburger. We should be celebrating it, not fighting it tooth and nail.
The tech crowds utter derangement over this minor mandate is truly a sight to behold.
pas 10 hours ago [-]
because there are other sites/apps online too, and it's better to decouple the "obtaining the verification" and the "presenting the verification"
and if sites and apps don't need to be in the loop for this they can't end up leaking all over the 'net
arbirk 11 hours ago [-]
We are back to printing books, boys
nothrowaways 11 hours ago [-]
Apple should be championing this.
enoint 9 hours ago [-]
They should be proactively marketing the best parental controls on the market.
hereme888 10 hours ago [-]
so... just sell a phone with a script prompts the user to install the OS, and it auto-verifies hashes, can't be bypassed, etc. Is that too simplistic a solution?
HybridStatAnim8 3 hours ago [-]
I highly doubt that would work but there could be, say, a card in the box with the link to the webinstaller and the webinstaller can be made even easier.
CommanderData 10 hours ago [-]
Will a record be kept associating a device to a person through the verification system?
What's next, browsers sending this to $website every time you need to post a comment on the web.
Dylan16807 9 hours ago [-]
Having an age setting is not verification.
Having an age setting is not verification.
I hate the articles that lump everything together.
wolvoleo 5 hours ago [-]
No but it is one of the building blocks for a verification system.
Dylan16807 5 hours ago [-]
It could be used in one. But it would need so many changes that it doesn't advance that kind of thing by much.
It also gets sites to stop doing their own invasive verification systems.
wolvoleo 4 hours ago [-]
I still view it as a step in the wrong direction. And it sends a message that this kind of law is ok.
Dylan16807 1 hours ago [-]
That depends on what kind of law you view this as. As a parental control like the V-chip (but hopefully with a higher percent of parents using it) it's nothing new.
Svoka 14 hours ago [-]
Seems like a pure virtue signaling: they don't sell or make hardware. It is mandated only for pre-installed operating systems, from what I understand.
crtasm 14 hours ago [-]
They've partnered with Motorola to have it preinstalled on phones, this is in TFA.
HybridStatAnim8 13 hours ago [-]
Preinstalled devices is not the main goal of the partnership. GOS is ok without having that to start. Motorolas stock OS will still be available.
fph 11 hours ago [-]
Let me add that the typical GrapheneOS user will probably prefer to install the OS themselves rather than trust what comes preinstalled.
HybridStatAnim8 10 hours ago [-]
The typical GOS user generally doesnt want to do that. Flashing is a hurdle that increases barrier for entry. Reducing or eliminating that burden is ideal. Greenboot support would make flashing a little easier.
627467 6 hours ago [-]
> typical GOS user generally doesnt want to do that
How do you know this? Is there an official (or even unofficial) source of GOS preinstalled devices that a substantial amount of "typical GOS user" has acquired?
Or maybe you are talking about "potential user of GOS"?
In any case: if you installed it yourself you mostly have to trust the source of the installer. If you purchase a pre-installed device you're basically back to the android/ios model: you have to trust the manufacturer AND the maker of the OS
HybridStatAnim8 3 hours ago [-]
I have helped a significant number of GOS users install GOS to their device. If you perform post install steps correctly then you do not need to trust where you got it from, as the post install steps are there to verify your install is genuine. If GOS gets greenboot support for motorola devices, then not getting a yellowboot screen will show it is genuine and you wont need to trust anything.
moffkalast 13 hours ago [-]
Could just ship it along on an SD card with a single button install you do yourself. Technically not preinstalled.
idle_zealot 13 hours ago [-]
This is emblematic of a misunderstanding technologists often have about the law. We try to treat it like code we can exploit and hack around. But there is no compiler deterministically producing outcomes. Of course, this misunderstanding is often bolstered by the accurate observation that lawyers and businesses find loopholes and favorable interpretations that to us appear much like the exploits we propose. The critical element that's often missed, though, is the human one. To get away with an exploit, to have the case law updated to reflect your favorable interpretation, you need power, influence, and alignment on your interests. There are tax "loopholes" now that are commonly used but in a prior era, under the same laws, would have seen you dragged into court and eviscerated. If you tried your cute SD card trick a judge would tear you a new one. If Microsoft tried it, they could maybe talk to the right people before the case and come to an understanding that this little loophole was convenient for dev devices or something, and convince a judge to rule that they could do it, but only if accompanied by some external age confirmation they could self-attest to, with some wording that makes it clear that the trick is only usable by large and well-respected institutions. The law is not an impartial arbiter that you can outsmart. It's the enforcement mechanism for multiple tiers or rules that bind different classes. This age gathering law is a classic moat law. It exists to prevent outgroups from shipping software that's incompatible with this age communication system, and in a business-to-business context serves to establish obligations between ingroup members. Any other clever interpretation of the law will be discarded regardless of specific wording.
moffkalast 13 hours ago [-]
Right, my bad. It's easy to forget our society is a convoluted backroom quid pro quo even if we pretend otherwise on paper.
HybridStatAnim8 13 hours ago [-]
Sounds like it exposes a ton of attack surface. Better to just have a card with a link to the webinstaller, probably.
izacus 13 hours ago [-]
I'm sure noone in the legal system of California would notice that trick!
moffkalast 13 hours ago [-]
Well correct me if I'm wrong but dumb laws are usually not written by people who know much shit about fuck. So it's entirely possible they wouldn't.
tredre3 11 hours ago [-]
You sound like a teenager fighting his parents. "Technically you didn't say WHICH bed I had to be in by midnight!!!!! I was in A bed, I followed the rules!!!!"
Society (mostly) works because we all agree that laws have intents. The wording is crafted as best as possible, and for the rest we have judges to shutdown lawyers trying to be a moffkalast smart asses.
moffkalast 9 hours ago [-]
Call it what you want, I still think that if the, ahem, intent, of a law is to reduce personal freedoms then it should be protested in as many annoying ways as possible. Should at least get some publicity even if it gets struck down.
razingeden 12 hours ago [-]
Virtue signal away. I’m with whatever device and OS purveyors are willing to tell these tyrants to get stuffed.
I haven’t cut over to it completely yet but I think this’ll be the last nail in the coffin for my time as an Apple user. It’s already a loveless marriage , it’s already over, I’m already sleeping with GrapheneOS on the side. it’s asking when I’m going to leave her and it’s always “soon, baby. soon.”
iugtmkbdfil834 12 hours ago [-]
As they should, I was personally surprised so many people were surprised come ICE raids that government can buy and track location via apps, advertising and your phone in general. Regular people need an idea, who is.. uhh.. less likely to sell them down the river.
HybridStatAnim8 13 hours ago [-]
Its a statement for the future. They arent bound to add this now but they could be in the future. They will adapt accordingly to avoid it.
enoint 9 hours ago [-]
The California law does apply to existing OS, right?
OutOfHere 13 hours ago [-]
I think that malicious compliance all the way might have been the better option here. If a birth date is all that is needed, let the user enter a random one. If actual biometric verification is needed alongside, let the user also paste the code to a fake biometric validator that always returns valid.
It is the same philosophy as with an app that forcibly wants an invasive permission to the detriment of the user. Let the app have the permission while in a sandbox so it sees nothing.
HybridStatAnim8 13 hours ago [-]
Giving in in any capacity is unacceptable. The GrapheneOS foundation is based in Canada and is not obligated to record this information, so they wont. They have no reason to comply, be it malicious or otherwise.
iugtmkbdfil834 12 hours ago [-]
Agreed. This is one of those moments you might as well simply say no. For practical reasons too, your users do have options and tend to be the kind that will drop a distribution if it goes rogue.
mmooss 13 hours ago [-]
[flagged]
snackbroken 12 hours ago [-]
People who live in authoritarian states like North Korea or California can (and arguably should) ignore the fact that GrapheneOS is illegal where they live and use it anyway.
applfanboysbgon 12 hours ago [-]
If you want a privacy-violating OS, there are already two big options on the market. A secure OS for people who do not live in authoritarian surveillance states offers a benefit to some people, even if not all people. A third privacy-violating OS offers no value to anyone anywhere in the world.
epolanski 12 hours ago [-]
As they stated "If GrapheneOS devices can't be sold in a region due to their regulations, so be it."
Polizeiposaune 12 hours ago [-]
Asking the device owner for the user's birth date is precisely what the (California) law requires.
Biometrics are not required.
The concept appears to be that a parent or guardian could enter the birth date before turning the device over to a child.
Malicious compliance would be providing this age bracket API:
This is a real-time interface (as required by the law) that takes 18 years to complete. (Remember: "Real-time" does not mean "fast").
ErroneousBosh 10 hours ago [-]
> Asking the device owner for the user's birth date is precisely what the (California) law requires.
Why would anybody bother to implement that?
OutOfHere 11 hours ago [-]
The New York bill specifies a biometric requirement.
WhyNotHugo 12 hours ago [-]
You'd need to closely read the law and have a lawyer advise you, but a neat attempt might be to just ask for the date of birth, send that "in real time" to the App Store program, and then have that program simply discard it?
I don't think current iterations of the law require that this be sent off-device in any way.
Polizeiposaune 12 hours ago [-]
The second requirement of the California law is that there be an API available to all apps that returns the age band a user is in -- one of:
age < 13
age >= 13 && age < 16
age >= 16 && age < 18
age >= 18
A non-maliciously compliant implementation would need to retain a date of birth or equivalent until the user was over 18.
A maliciously compliant API could just wait 18 years after account creation before yielding an answer. (remember folks: "real time" does not mean "fast").
One of the oddities about the way the law is phrased is that it requires the age band information about the user be provided to "the developer" rather than to the application.
ErroneousBosh 10 hours ago [-]
> The second requirement of the California law is that there be an API available to all apps that returns the age band a user is in -- one of:
Is anyone actually going to bother to do this though? Why would they?
endofreach 13 hours ago [-]
Agree. I didn't even think of that. Embarrassing. Your approach might have been the best option.
onetokeoverthe 15 hours ago [-]
[dead]
endofreach 13 hours ago [-]
I know it's gonna be a very unpopular opinion. I do like, appreciate, respect & admire that they are ready to die on a hill. I just don't think it's the right hill. I do not have an issue with the legality of it. Rather I think age verification is actually not bad. Sure i see the potential danger. But there is potential benefits, that'd counter the danger, by a lot.
In different times, i might have argued differently. I'm not saying it's not worth protecting the world you deem worthy of protection. But no matter what that world is to any of you. The one we all share is changing for sure. Uncontrollably fast. And many things are gonna change. And many things won't matter that much anymore, if we actually end up going where we're headed.
I mean a this is just a super small part of it all, but i assume in this specific case, for graphene, it's a battle for privacy... and they're right. But we're still going into a future where we got 5,10,20,30 more years of "AI", even just keeping the same level of overall sophistication for most, but costs decreasing immensely... I don't know about you, but I don't think the ways we protect our privacy can be unaffected, already because we're going to learn all new aspects about which data is private. Just out of practicality. Extreme example: but if generating hundreds of obscene deepfakes of any person as easily as taking a photo with your iPhone... ah, i can't keep having this discussion, i hope i am just an insane moron who is wrong. But, just to be sure: instead of arguing if we should close the windows on the train that's burning, or leave them open, as some are smart and others need help, let's just get off the fucking train.
And yes of course. One might argue (I actually would), we should not start implementing laws like that or start making personal information a requirement to digital access.
But this might be the first step to a different future, or not. As i said, who cares where the train is headed. It's burning and nobody even really wants to be on it. Let's please get off the train.
Not saying the battle is lost. I have tried working on something because I still have great hope. But someone seriously must act. I tried, getting off the train. Or at least start standing up from my seat. Realizing it's not that easy to get off. It's embarrassing, but i can't even get off the train by myself... i tried anyway... but here i am, sitting again (currently on the floor, lost my seat, damn...)... i have been building something for the past 2 years. Well, trying to build something, an attempt to change course... ruining my life over it. And currently i failed, before i even got to a point where my prototype or any of the theoretical work even remotely represents the vision. But maybe i just learned, i was wrong about all of it. I hope i'll make it back being able to afford working on it and someday a way to make enough money to pay smarter people than me to join. But currently, it's insane for me for me to even dare dreaming about that. I have really dug myself a hole. Next time, it should at least be a hill...
So in the meantime: can people like the dudes & dudiñas from graphene please chose a wiser battle. If just some of all these people got together & worked on getting off the train, instead of working on things that seem meaningful now, but wouldn't even be considered worthy of being mentioned in the future... we'd have a shot.
Damn. I still just can't accept it, even though i've literally lost everything believing that. And i am ashamed so deeply believing in what i saw, and in friendly moments still see, as a future... thinking i could change it, without changing myself... but please god, in the end, let me not have been just bonkers, but convicted.
(As if that, would be, any different).
iugtmkbdfil834 12 hours ago [-]
I appreciate the thought, but I personally disagree having seen the patterns of the past 2-3 decades. There is zero real benefit to it save powers that be. Honestly, the only reasonable move forward is non-compliance. Everything else results in steady inching towards full blown panopticon ( and some would argue that we are already there ).
HybridStatAnim8 10 hours ago [-]
GOS is not going to compromise on user privacy and security. This is not a technical problem, it is a social one where parents refuse to do what they should have done from the start. The internet is not for kids. Presuming users to be guilty until proven innocent is unacceptable. Making mechanisms to obtain user data, even if it is completely and perfectly functional and achieves what it sets out to do, risks malicious parties obtaining that information. The only way to win the game is not to play, to not ever provide that data, and children shouldnt be playing the gane in the first place.
mmooss 13 hours ago [-]
The GrapheneOS Mastodon post says,
"GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account."
That raises the issues that GrapheneOS needs to solve, which may require more creativity than bold, somtimes combative statements.
If GrapheneOS doesn't comply with laws and regulations then they will sometimes be banned or restricted. If that happens, they may not be "usable by anyone around the world" for long.
That doesn't mean they have to capitulate or sacrifice security. They can find creative solutions, some of which are suggested here. The first step is to carefully read the spec to determine what is necessary, then talk to someone like the EFF, and find a way forward.
HybridStatAnim8 10 hours ago [-]
They wont break the law, they will just move to where there are no such regulations. This isnt a promise to violate laws.
notrealyme123 11 hours ago [-]
The problem is the spirit of the law, not the word.
it's the only form of "age verification" which can be done in a somewhat privacy respecting way (as in at most leak the age)
the idea is to "bounce back" the "is old enough" decision to parent controls and let the parent choose (the Californian law doesn't quite do that perfectly, but goes into that direction)
and if you sell what is more or less a general purpose compute/internet access device with OS (which I do include phones into) I think it's very reasonable to either sell it to adults only (with a disclaimer it's "not for children") or include proper parent controls
> Most households aren't going to have a separate device for every family member
in current times in the west it is very very common for many devices to be for one person only. Especially phones, or at least have different (OS) accounts.
but again this comes back to "parent controls", weather that is for a child (OS) account or a way to switch from a child profile to a adult profile doesn't matter
but in the end, the point of such laws should be to give parents tools to parent. As well as handling the case of parent acting in neglect by inaction. But if a parent intentional decides to give their children a device with their profile because they think it's fine than that should be their choice and responsibility.
> Likewise, people generally won't create a separate account for every potential user.
where it was possible I have not seen it not used, weather it's on a switch, gaming console or PC. It is the most convenient way of automatically separates logins, browsing history, game safes etc.
and the law als isn't made for that shared computer in the living room (through it will apply there). It's more about the devices children might use unsupervised, e.g. their phone.
Nothing. This has never been about protection of children. It is tracking real identity from every source to every destination otherwise known as user-tracking. If this was about protecting children they would require an RTA header on all adult and user-generated content sites and require the most common user agents to look for that header if parental controls are enabled. No tracking, no uploading anything. [1] Sufficient for small children which is more than we have now or will ever have thanks to corporate greed and lobbying.
[1] - https://news.ycombinator.com/item?id=46152074
It doesn't hand over control of computing to governments
You know what they should do? They should scrap it all, no more "child safety" laws until we kicked money out of politics. Western liberal democracy is in a corruption and legitimacy crisis, this is just it's latest symptom.
[1] https://www.yahoo.com/news/articles/reddit-user-uncovers-beh...
[2] https://cybernews.com/privacy/persona-leak-exposes-global-su...
Laptops aren't rare either.
or who knows what problem is this supposed to fix. orphans buying phones? kids buying secret phones behind their parents back?
it's as if humans have a tendency to make up their mind/world view in their younger years and then tend to kinda stick with it/only change it slowly as long as no big live changing events happen
If someone wants to introduce an age-verification-ca-module, fine, but not make it core. Yes I understand systemd is not the kernel, but its ubiquitous enough.
That just says to every country around the world; Windows, Mac, and even Linux is on board too, let's make it law also!
I dunno, I always expected Linux to be the last bastion of freedom and not to capitulate so easily.
https://nosystemd.org/
There are still distros without it, I may have to go to one, since I already jumped Win10 to Cachy for the BS MS is pulling. I was going to go systemd-free but Cachy "just worked" compared to the others in terms of setup. So I stuck with it.
I wish Lennart would just stop already.
BSD is much less invested in chasing the next big thing, and also has much less contributions from big tech. Which for me are both pluses. Of course I respect those who differ but they have Linux.
And when I see what Poettering is working on now with ammutable I'm even more glad I'm not on that train.
1) It's legally required to sell computers with that OS in certain jurisdictions
2) I presume there is at least one person actually selling said
3) The feature is so trivially easy to bypass that it presents no reasonable privacy threat at this time (IIRC, it's just a numeric field with no validation?)
After seeing how easily California bent OS developers (commerical and open source) to comply with their local laws, Canada decides they will go one further. They aren't happy with a simple date field that can be easily fudged. So they pass a law that requires all OS's to continually scan the biometrics of users using the OS. ie. Camera if it has one, fingerprint reader once an hour, voice analysis, etc.
They also refuse to allow computers to be sold in their country unless OS developers comply with their law.
Do you think you'll see such enthusiam to comply? Or will the line be drawn at some point?
it's maintained by companies
they have to comply with law
that they are mostly US companies doesn't exactly help either
https://en.wikipedia.org/wiki/Slippery_slope
Systemd shouldn't be foisting this nonsense on Linux users however. I suppose the anti-systemd subset of the Linux community was proven right after all, this is the kind of issue that can end up facing when a huge piece of opinionated software like systemd more or less becomes an indispensable part of Linux.
https://www.youtube.com/watch?v=nXL-r8deB5o
An adult had to pay for the ISP connection; that's the extent of age verification needed. We shouldn't be demanding adults expose their identities to for-profit entities and surveillance states, so much as mandating for-profit companies make parental controls easier to use, more effective, and stopping them from harvesting data on kids in the first place.
Not every corner of the universe needs to be baby-proofed; we just need to build a society where parents are enabled and supported to be parents, rather than outsourcing such a critical role to strangers and/or devices so they can get back to work.
In many countries, it is still possible to buy a prepaid SIM without any ID.
Ever heard of free wifi?
You can go down the rabbit hole as far as you like, but it's to no avail. At some point, an adult has to consciously enable the child to connect to the internet. Full stop.
Unfortunately it’s not enough because there’s also a need to work to get the laws repealed AND stop the endless attempts to bring them back.
systemd which was already in hot water over because the problems it creates over service, this was the last drop to get folks dropping systemct altogether.
Graphene obviously won't want to partner with a company that immediately bends over backwards for this kind of puritanical nonsense.
Like, what's unclear here? Do you seriously say that corporations should just ignore laws which they don't like?
I do not think our parent is suggesting otherwise.
AFAIK Motorola and GrapheneOS are not merging, they are getting into a partnership. They do not have to think or do exactly the same.
Apple can comply with both CCP and US demands at the same time without a problem. I am sure Motorola can adjust their services to the markets they are working in, as well.
Demanding that OSes outright violate the law because you disagree with your own elected government is pretty insane.
There are countless ways to satisfy any regulation while still doing whatever you actually want to do.
The very most obvious is simply sell the device, in the affected areas, with any sort of os that meets the letter of the law in that area.
If it's also easy for the user to install something else once it becomes their property, well that's the new owner's business atthat point, Motorola did their part and complied with everything required.
No one needs to demand a company violate anything. That is just a silly argument to even try to make. Calling people insane for things they never said nor even implied is what's insane.
Is it lack of something similar to PKI for identify verification?
So we delegated the responsibility twice, first the gas station attendant must check the age of the buyer and then, the buyer should check the age of any reader.
So now, who's the "gas station attendant" in our situation?
The tech crowds utter derangement over this minor mandate is truly a sight to behold.
and if sites and apps don't need to be in the loop for this they can't end up leaking all over the 'net
What's next, browsers sending this to $website every time you need to post a comment on the web.
Having an age setting is not verification.
I hate the articles that lump everything together.
It also gets sites to stop doing their own invasive verification systems.
How do you know this? Is there an official (or even unofficial) source of GOS preinstalled devices that a substantial amount of "typical GOS user" has acquired?
Or maybe you are talking about "potential user of GOS"?
In any case: if you installed it yourself you mostly have to trust the source of the installer. If you purchase a pre-installed device you're basically back to the android/ios model: you have to trust the manufacturer AND the maker of the OS
Society (mostly) works because we all agree that laws have intents. The wording is crafted as best as possible, and for the rest we have judges to shutdown lawyers trying to be a moffkalast smart asses.
I haven’t cut over to it completely yet but I think this’ll be the last nail in the coffin for my time as an Apple user. It’s already a loveless marriage , it’s already over, I’m already sleeping with GrapheneOS on the side. it’s asking when I’m going to leave her and it’s always “soon, baby. soon.”
It is the same philosophy as with an app that forcibly wants an invasive permission to the detriment of the user. Let the app have the permission while in a sandbox so it sees nothing.
Biometrics are not required.
The concept appears to be that a parent or guardian could enter the birth date before turning the device over to a child.
Malicious compliance would be providing this age bracket API:
boolean is_user_over_18() { sleep (18 * 365.25 * 86400); return true; }
This is a real-time interface (as required by the law) that takes 18 years to complete. (Remember: "Real-time" does not mean "fast").
Why would anybody bother to implement that?
I don't think current iterations of the law require that this be sent off-device in any way.
age < 13
age >= 13 && age < 16
age >= 16 && age < 18
age >= 18
A non-maliciously compliant implementation would need to retain a date of birth or equivalent until the user was over 18.
A maliciously compliant API could just wait 18 years after account creation before yielding an answer. (remember folks: "real time" does not mean "fast").
One of the oddities about the way the law is phrased is that it requires the age band information about the user be provided to "the developer" rather than to the application.
Is anyone actually going to bother to do this though? Why would they?
In different times, i might have argued differently. I'm not saying it's not worth protecting the world you deem worthy of protection. But no matter what that world is to any of you. The one we all share is changing for sure. Uncontrollably fast. And many things are gonna change. And many things won't matter that much anymore, if we actually end up going where we're headed.
I mean a this is just a super small part of it all, but i assume in this specific case, for graphene, it's a battle for privacy... and they're right. But we're still going into a future where we got 5,10,20,30 more years of "AI", even just keeping the same level of overall sophistication for most, but costs decreasing immensely... I don't know about you, but I don't think the ways we protect our privacy can be unaffected, already because we're going to learn all new aspects about which data is private. Just out of practicality. Extreme example: but if generating hundreds of obscene deepfakes of any person as easily as taking a photo with your iPhone... ah, i can't keep having this discussion, i hope i am just an insane moron who is wrong. But, just to be sure: instead of arguing if we should close the windows on the train that's burning, or leave them open, as some are smart and others need help, let's just get off the fucking train.
And yes of course. One might argue (I actually would), we should not start implementing laws like that or start making personal information a requirement to digital access.
But this might be the first step to a different future, or not. As i said, who cares where the train is headed. It's burning and nobody even really wants to be on it. Let's please get off the train.
Not saying the battle is lost. I have tried working on something because I still have great hope. But someone seriously must act. I tried, getting off the train. Or at least start standing up from my seat. Realizing it's not that easy to get off. It's embarrassing, but i can't even get off the train by myself... i tried anyway... but here i am, sitting again (currently on the floor, lost my seat, damn...)... i have been building something for the past 2 years. Well, trying to build something, an attempt to change course... ruining my life over it. And currently i failed, before i even got to a point where my prototype or any of the theoretical work even remotely represents the vision. But maybe i just learned, i was wrong about all of it. I hope i'll make it back being able to afford working on it and someday a way to make enough money to pay smarter people than me to join. But currently, it's insane for me for me to even dare dreaming about that. I have really dug myself a hole. Next time, it should at least be a hill...
So in the meantime: can people like the dudes & dudiñas from graphene please chose a wiser battle. If just some of all these people got together & worked on getting off the train, instead of working on things that seem meaningful now, but wouldn't even be considered worthy of being mentioned in the future... we'd have a shot.
Damn. I still just can't accept it, even though i've literally lost everything believing that. And i am ashamed so deeply believing in what i saw, and in friendly moments still see, as a future... thinking i could change it, without changing myself... but please god, in the end, let me not have been just bonkers, but convicted.
(As if that, would be, any different).
"GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account."
https://grapheneos.social/@GrapheneOS/116261301913660830
That raises the issues that GrapheneOS needs to solve, which may require more creativity than bold, somtimes combative statements.
If GrapheneOS doesn't comply with laws and regulations then they will sometimes be banned or restricted. If that happens, they may not be "usable by anyone around the world" for long.
That doesn't mean they have to capitulate or sacrifice security. They can find creative solutions, some of which are suggested here. The first step is to carefully read the spec to determine what is necessary, then talk to someone like the EFF, and find a way forward.