Many people here are going off on wild tangents over this. You should just read the law, it’s only a couple thousand words of quite plain English.
Many here have taken completely incorrect assumptions from the title. This law is for developers, not users.
Summary:
Requires OS devs ask for DOB, age, or both at account creation time.
Requires an API that allows app store devs to request this age data for the account. At minimum this API must signal that the account is a member of one of these categories: ‘user under 13, user over 13 and under 16, user is over 16 and under 18, user is over 18’.
Explicitly bars OS devs from sending more data than explicitly necessary to meet 1 (hint: photo ID, facial recognition).
Explicitly bars app devs recieving the data from requesting more data from the OS nor the App store.
Bars app stores from using the data for any other reason and specifically calls out anticompetitive practices.
Bars app store and OS devs from sharing this data with any third party for any other reason than to comply with this law.
Has injunctions and civil penalties of $2500 (max per user) affected by negligent violations (eg a child account is served adult content), and $7500 (max per user) affected by intentional violations.
The only problem I have with this is that it should only apply to commercial software (app stores and OS). Libre/FOS software should not have to police ages on their app stores, due to their far reduced budgets (often zero), developer time, and the nature of the software being generally anti-centralized and anti-surveillance-capitalism. Though I’d be fine with it for FOSS software distributed via commercial app stores, as long as they gave a longer lead time to implement (EG a couple of years).
The only problem have with this is that it should only apply to commercial software (app stores and 0S). Libre/FOS software should not have to police ages on their app stores,
It’s a bit like saying the only problem with the Titanic is the water inside.
The law is bad, whether it can be worse or not is just tangential. But still, this law as is applies to computers, phones… And nas, some routers, watches, advance calculators… As they all have OS and can install apps. As per app stores, guess what, thats the GNOME app store, but also flatpak, jellyfin (can install apps as plugins), pip, docker, git… And what about plain executables? Githut should ask for your age too to download artifacts?
Porn started with only age verification by the user as a prompt, and we see where that is going now.
But still, this law as is applies to computers, phones… And nas, some routers, watches, advance calculators… As they all have OS and can install apps.
No. It specifically only applies to general purpose computing devices which means all of the items you listed after computers and phones are not affected. Can you hook up a monitor to your NAS without involving a soldering board and some additional hardware? Your router? Then it’s not general purpose computing. They both require additional computers to interface with them to be used. ‘General purpose computing device’ has been referred in prior legal documents to mean:
“means any general purpose computing device (e.g. server product, personal computer, desktop, laptop, netbook, slate or tablet), including any device that is designed as, marketed as, or capable (through docking or otherwise) of performing the functions of, such general purpose computing devices, and any replacement for any of the foregoing.”
(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
You then go on to complain about it affecting FOSS stores? That’s exactly my complaint. Who are you convincing here?
Jellyfin, Docker, git??
(2) “Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.
‘General purpose computing device’ has been referred in prior legal documents to mean:
"means any general purpose computing device
Great, general computing device means general computing device. Brilliant.
Then you come with the requirement of a monitor… Why? That’s not on the definition. And isn’t a router a server product? Servers generally don’t need a monitor
Docker or git are not distributing extensions, and on Linux docker doesn’t run on a separate host application, unless you bend the meaning of containers to the point of nonsense. I’m curious about the reasoning for git.
From what you said, only jellifin is excluded in my example.
I’m not trying to convince anybody, just explain the current and potential future issues.
Im not sure I understand your point about this law being for developers not users.
The fines may only be applied to operating system developers for failing to implement these systems… but having those systems at all still drastically impacts end users in a negative way.
Many users below are going off on rants about the police state fining them as end-users for user breeches (which is not any part of this law).
In addition, putting my age as ‘over 18’ in a box when i set up a login affects me in any way other than ‘drastically’.
Eg: greenahimada with 51 upvotes 2 down.
For everyone trying to figure out how this would be enforced, it’s not about being proactively enforced. (and data collection is 99% of it)
(Untrue)
It’s about adding a double-tap “Well, these people also violated our age verification law, so they have to pay a fine,” added to any incident where it’s convenient to add this in. If a minor sends another minor a snap that would trigger CP laws, and one of the phones isn’t age verified correctly, fine to the parents and hands up in the air “We tried!” A minor is involved in torrenting movies? “Look, kids using illegal OS! Fine to the parents!”
(Untrue)
This is how laws work across a lot of corrupt developing countries.
It isn’t mandating you affirm you’re older than 18. It’s asking explicitly for your age or your birthday.
While the API then would take that data to transmit your age bracket to other systems.
This might not be drastically burdensome on an individual workstation, I’ll stand corrected on that. And it’s not disclosing your actual birthdate to anyone either (though I still feel like it should be my choice whether or not to store that information on my personal device).
In either case, we started with this “affirm your age” kind of law on various kinds of restricted websites (pornography and alcohol) and it’s easy to just lie. So now that is now morphing into more invasive age verification strategies.
I view this law as easily circumvented theater that has the aside effect of being a slippery slope toward more aggressive anti-privacy systems in the future.
It literally explains the minimum as asking the user for their age, DOB, or both. It then says delopers may not ask for more than the minimum data.
Further, the law states that if a developer intentionally breaches any part of the law (which would include the requirements) there is a $7500 fine per impacted user, and injunctions. Accidental breaches are $2500 per user, and injuctions. These are very high penalties in context - someone like Microsoft would be on the hook for trillions, and as such, corpos will not be rushing to play fools and test the law by asking more than the bare minimum.
If this is confusing then please seek out one of the many legal blogs/videos covering it by lawyers because I can’t break it down further than I already have.
LibreOffice can be used to produce and consume Pornographic Content in the form of of erotic stories, so it makes sense (within the “logic” of this law) that it’s age-gated.
It cannot serve such content (or any content, for that matter). You have to either get the content (from an app that would have an age gate, such as a Web browser) or make it yourself. The law is about serving content, not about making or viewing it.
Many people here are going off on wild tangents over this. You should just read the law, it’s only a couple thousand words of quite plain English.
Many here have taken completely incorrect assumptions from the title. This law is for developers, not users.
Summary:
The only problem I have with this is that it should only apply to commercial software (app stores and OS). Libre/FOS software should not have to police ages on their app stores, due to their far reduced budgets (often zero), developer time, and the nature of the software being generally anti-centralized and anti-surveillance-capitalism. Though I’d be fine with it for FOSS software distributed via commercial app stores, as long as they gave a longer lead time to implement (EG a couple of years).
It’s a bit like saying the only problem with the Titanic is the water inside.
The law is bad, whether it can be worse or not is just tangential. But still, this law as is applies to computers, phones… And nas, some routers, watches, advance calculators… As they all have OS and can install apps. As per app stores, guess what, thats the GNOME app store, but also flatpak, jellyfin (can install apps as plugins), pip, docker, git… And what about plain executables? Githut should ask for your age too to download artifacts?
Porn started with only age verification by the user as a prompt, and we see where that is going now.
Just read the law. It is barely 1000 words.
No. It specifically only applies to general purpose computing devices which means all of the items you listed after computers and phones are not affected. Can you hook up a monitor to your NAS without involving a soldering board and some additional hardware? Your router? Then it’s not general purpose computing. They both require additional computers to interface with them to be used. ‘General purpose computing device’ has been referred in prior legal documents to mean:
“means any general purpose computing device (e.g. server product, personal computer, desktop, laptop, netbook, slate or tablet), including any device that is designed as, marketed as, or capable (through docking or otherwise) of performing the functions of, such general purpose computing devices, and any replacement for any of the foregoing.”
You then go on to complain about it affecting FOSS stores? That’s exactly my complaint. Who are you convincing here?
(2) “Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.
No.
Great, general computing device means general computing device. Brilliant.
Then you come with the requirement of a monitor… Why? That’s not on the definition. And isn’t a router a server product? Servers generally don’t need a monitor
Docker or git are not distributing extensions, and on Linux docker doesn’t run on a separate host application, unless you bend the meaning of containers to the point of nonsense. I’m curious about the reasoning for git.
From what you said, only jellifin is excluded in my example.
I’m not trying to convince anybody, just explain the current and potential future issues.
Im not sure I understand your point about this law being for developers not users.
The fines may only be applied to operating system developers for failing to implement these systems… but having those systems at all still drastically impacts end users in a negative way.
Many users below are going off on rants about the police state fining them as end-users for user breeches (which is not any part of this law).
In addition, putting my age as ‘over 18’ in a box when i set up a login affects me in any way other than ‘drastically’.
Eg: greenahimada with 51 upvotes 2 down.
(Untrue)
(Untrue)
(… Rant continues).
It isn’t mandating you affirm you’re older than 18. It’s asking explicitly for your age or your birthday.
While the API then would take that data to transmit your age bracket to other systems.
This might not be drastically burdensome on an individual workstation, I’ll stand corrected on that. And it’s not disclosing your actual birthdate to anyone either (though I still feel like it should be my choice whether or not to store that information on my personal device).
In either case, we started with this “affirm your age” kind of law on various kinds of restricted websites (pornography and alcohol) and it’s easy to just lie. So now that is now morphing into more invasive age verification strategies.
I view this law as easily circumvented theater that has the aside effect of being a slippery slope toward more aggressive anti-privacy systems in the future.
It says that OS developers must track users or be fined, so they will track users.
The statute does not define:
What counts as “minimum”
How necessity is measured
Whether “minimum” refers to data fields, granularity, frequency, or retention
Whether metadata (e.g., device ID, timestamp, API call logs) is included or excluded
This legislature calls App Providers and developers to track people and barely even gives lipservice to what is allowed.
We don’t want our OS’s tied to our identities. This does not explicitly forbid that
Read the law (its barely 1000 words) because your claims are not substantiated by it.
I already read it. That’s how i came up with what I wrote man.
You go re-read it and tell me
What counts as “minimum”
How necessity is measured
Whether “minimum” refers to data fields, granularity, frequency, or retention
They don’t cover shit about ANY of that.
It literally explains the minimum as asking the user for their age, DOB, or both. It then says delopers may not ask for more than the minimum data.
Further, the law states that if a developer intentionally breaches any part of the law (which would include the requirements) there is a $7500 fine per impacted user, and injunctions. Accidental breaches are $2500 per user, and injuctions. These are very high penalties in context - someone like Microsoft would be on the hook for trillions, and as such, corpos will not be rushing to play fools and test the law by asking more than the bare minimum.
If this is confusing then please seek out one of the many legal blogs/videos covering it by lawyers because I can’t break it down further than I already have.
Does that mean if minor need to use computer to write essay as homework in Libre Office they couldn’t, cause age verification?
No, because LibreOffice would accept the under-13 age category.
LibreOffice can be used to produce and consume Pornographic Content in the form of of erotic stories, so it makes sense (within the “logic” of this law) that it’s age-gated.
It cannot serve such content (or any content, for that matter). You have to either get the content (from an app that would have an age gate, such as a Web browser) or make it yourself. The law is about serving content, not about making or viewing it.
Ok, that does make sense.