Ubuntu, Fedora, Linux Mint Eye Age Verification Amid California Law Backlash

floofloof@lemmy.ca · edit-2 9 days ago

Ubuntu, Fedora, Linux Mint Eye Age Verification Amid California Law Backlash

CubitOom@infosec.pub · edit-2 9 days ago

You are ignoring the premise that an operating system is not a tool for accessing porn.
Details such as one’s birthdate are absolutely part of your identity.
There is no such thing as a “child” account in Linux.
- Who pays the open source developers to add this feature?
- Would it be against the law if a child uses sudo?
What possible legal consequences might there be?
- How would the state know that a user in compliance with the law?
- what are the consequences if a user or operating system is not in compliance?
- Is this data being recorded in a database?
- If they suspect you have a child using an “adult” account, does the state have the right to seize your computer?
- if a child uses an “adult” account to access “harmful” content and that somehow leads to damages, is there no ability to sue for those damages since the child was committing “fraud”?
- What if an adult is logged into an account and a child uses the computer while the adult is logged in?

The community’s reaction is not “blown out of proportion”. I’d say the reaction is actually not proportional enough.

Scrubbles@poptalk.scrubbles.tech · edit-2 9 days ago

I hate lists in comments, but fine.

This is irrelevant, it doesn’t matter how you use your computer
They don’t specify it has to be the user’s exact birthdate. It can quite literally be anything the parent wants to put in there. In fact when you read the law, it says “Age brackets”. The birthdate will not even be exposed in the API, only what bracket the user is in.
Correct, which is why it has to be mandated.

I supposed that’s on each distro to decide? It’s a mandate, they’re not defining payroll.
I read the laws for both CA and CO, it doesn’t say, but it does say that above applications will listen to that and may block functionality if the account says they are underage. As for circumventing, I assume each distro will want to prevent that from being circumvented.

What possible legal consequences might there be?

Up to $2,500 per affected child for negligent violations
Up to $7,500 per affected child for intentional violations

How would the state know that a user in compliance with the law?

They don’t, there is no mandatory reporting, there is no “phone home” of compliance. It is only, and I mean only a boolean check in the OS, “Is the user a child or not”.

What are the consequences if a user or operating system is not in compliance?

There is no section mentioning penalties for individuals entering false age information. You are completely free to submit whatever age you wish. This is 100% for parents to create a childs account.

Is this data being recorded in a database?

No. This is the largest bit of misinformation about these bills. There is no place where a database is created. It is literally an OS level signal that says “Child is under X age”. A browser can check that signal, and if little Billie wants to see something adult related, the browser blocks it saying that they are under aged. It is still 100% opt in, there is no requirement for an OS to take an age, only that they must allow the option.

If they suspect you have a child using an “adult” account, does the state have the right to seize your computer?

NO. They have no idea! There is no tracking at all! Seriously. Read the law for yourself.

if a child uses an “adult” account to access “harmful” content and that somehow leads to damages, is there no ability to sue for those damages since the child was committing “fraud”?

NO. If the account is a default, normal adult account, all developers can trust that signal. “A developer that relies in good faith on a signal… is presumed to have accurately determined the user’s age and to be in compliance…”

What if an adult is logged in and a child uses the computer?

This is the only slightly ambiguous part, which CA at least knowledges is a gap, if there is a shared account. This law does not state anything about that, and only puts in place that a child should be able to create a child account. At this point the OS would say that the user is an adult, and would fire the signal that they are an adult, and from the other parts of the law there is no liability if the parent didn’t set it up as a child’s account.

Seriously. Please go read it yourself. I’ve been an open source advocate for a long time, and I’m a software engineer. Nothing in this law seems alarming to me. Annoying sure, but literally I can’t think of a better more privacy friendly way to do this. It is quite literally only saying “You must have a way to create a child’s account, so that the API is there for other apps to block access”. It’s literally just closing the giant loophole of “I’m totally over 21” that we all made fun of for years.

In fact what I really love is that it’s doing what we always wanted from the beginning. Put the onus on the parents. This quite literally puts 100% of the onus on them. Like as an app developer I can say If !os.isChild showPorn. It’s quite literally saying “Look, we’ve done as much as we can, you had one job to do as a parent and that was to set your child’s account as a child account, and you didn’t. That’s on you.” As an engineer myself, if all I have to do is check a flag to make sure kids don’t use my NSFW app, then that sounds like a win.

https://legiscan.com/CA/text/AB1043/id/3269704

CubitOom@infosec.pub · 9 days ago

Hard disagree, If it doesn’t matter how one uses a computer, then why would one have to comply with the state’s requirement to specify who is using a computer? In this case, the state is regulating the way a minor uses a computer and plans to enforce it with legal action including severe monetary fines.
Do you know how digital fingerprinting with metadata works? This information, even just Age brackets will be very helpful to accomplish this.

In respect to everything else, which I appreciate you taking the time to type, it’s important to remember how legal precedent works, how laws are interpreted, and how legal overreach happens.

These two statements are in conflict and cannot both be true.

“There is no section mentioning penalties for individuals entering false age information. You are completely free to submit whatever age you wish.”
“It’s literally just closing the giant loophole of “I’m totally over 21” that we all made fun of for years.”

This is the same cat and mouse game that has always existed in prohibited material. There will always be loopholes and sometimes those loopholes will expose users to increased risk.

Note, I haven’t even gotten to the fact that not only computers use Linux. Some refrigerators might use it to run it’s “smart” features. And refrigerators might store alcohol.

Put the onus on the parents.

This is not doing that. It is poorly protecting the distubitors of “harmful content”. Likely, this will only benefit large companies like Meta. If your goal as a parent is to restrict porn websites, some firewall rules would do a better job, and even that is doomed to failure as you won’t be able to add all porn websites. A combination of education, an honest talk with your child, and the realization that abstinence/prohibition does not work would be a better approach than any technical one.

Like as an app developer I can say If !os.isChild showPorn

And what if a website or app doesn’t check this or add a nudity flag for the device/browser to check? Do you think porn sites in other countries will care?

Ubuntu, Fedora, Linux Mint Eye Age Verification Amid California Law Backlash

Ubuntu, Fedora, Linux Mint Eye Age Verification Amid California Law Backlash

Attention Required! | Cloudflare