US national level OS-level age verification bill proposed - https://news.ycombinator.com/item?id=47772203 - April 2026 (223 comments)
> Making it slightly harder to access the internet fixes nothing.
This assumes it is about the children. But if you do not think so then it opens up new alternatives suddenly, be it from tracking people, to targeted ads or any other information that could be gathered and eventually either monetized or put in tandem with other information. We'd get age graphs that way too.
Before that we could speculate to some extent, but with mandatory age sniffing and id-showing at all times, those who track people and benefit from it, benefit now even more.
Exactly. If it was about kids, then you do not direct legislation towards everybody, but at parents. Give parents the software and tools (parental control settings) to restrict their child from searching certain terms and accessing certain sites. Bob or Susan (middle age adults), down the street, should have nothing to do with that.
It's about outright surveillance, tracking, censorship, control, and politicians putting money in their pocket. "Kids" is just a cover for their intentions and dirt. More has to be done to call out the deception.
how are we in 2026 and phones dont have guest mode or "i handed it to my kid mode"
apple's guided access is a terrible 1% solution to the problem. in one click i should be able to put my phone into some kind of locked down mode that exposes only what is allowed, starting with nothing unless whitelisted, with multiple profiles.
in the same sense, all the streaming services having their own separate kids profiles, instead of the streaming device having a single kids mode that exposes only the kids mode content from each app makes kids mode useless when a kid can just change the app, or gets stick into a single provider and i have to go help them switch.
They do. Android have had multi-user and guest profiles since Android 5.
The only reason I really know this is because I heard how Google completely bungled it in Android 14 on Pixel devices[1] :D
[1]: https://arstechnica.com/gadgets/2023/10/android-14s-ransomwa...
To me that's faster and much closer to a safe "hand the device to a kid" mode.
Same applies to guided access and a facetime call. I dont want them to switch apps or hang up the call, the phone gets locked down.
Because in their eyes your children are not your children. You are simply a custodian of their future work force asset. If you educate your children too much into individualism, they (today’s politicians) may see a diminished return of whatever they want to achieve.
And if you don’t agree with me on an emotional level, well, just remember the words of Elon Musk (paraphrasing): we need people to have children because we need to have workforce in the future. Translation: we need people to have children because who will work for us and makes tons of money.
If you have it too good, you aren’t dependent on them, you have all the carrots. They have no stick. They want to have the stick.
I’m pretty much a pure anarchist in terms of principles, but I’m a pragmatist in practice. I’d describe my approach in politics as “What do you wish the government would stop doing? Let’s focus on making that happen.”
You can’t change a culture by changing the political system, but my hope is that you can change a political system by changing the culture. I want to be as independent of the state as I can possibly be, and I want to encourage others to do the same. My hope is that this sort of cultural shift will eventually lead the shrinking of the state. I don’t expect to live to see that happen, but I hope my children and their children do.
Aside from the above, just don’t harm others. That’s it.
Responding to what you've said, my unfortunate experience is that culture always ends up going sideways. As movements grow in mindshare they tend to attract people focused on power/expedience, only applying the initial precepts towards those ends. And gaining control over some existing centralized power structures is much more lucrative than a given person's share of the distributed wealth that would be created by successfully constraining them.
Which ties right into the problem I saw with your original comment. A statement like "Government should be so powerless as to be unattractive targets for corporate influence" lands in the political/partisan context by default. And while perhaps that's a symptom of how [unfortunately] inured in centralized politics we are, it's still a fact. So even though we can both take a step back and lay out the context where that can be an agreeable productive statement, the overwhelming use of similar statements is actually to attack individual liberty by getting people to overfocus on the nominal government while giving a pass to another primary contingent of the centralized power structure.
It's not a solution to anything.
For example of powerless governments - look at literally any war-torn African country and their standard of living.
Specific to this, though: there’s a big difference between a stateless society and a failed state. You’re describing failed states.
I also very much agree with you about the result of a power vacuum. I argue that a power vacuums exist not because of the absence of a state, but because of the absence of a state where the populace expects and relies on a state to be.
I didn’t say we should get rid of it all tomorrow morning :)
I smile at that delicious irony every time I see it.
* Apple just autocorrected “knave” to “Kanye” when I typed it.
those even worse things have tried very, very hard to obstruct, slow, impede, and ruin government trust so they can enforce their monopolies.
They are covering for and not prosecuting perpetrators in the biggest child trafficking and abuse scandal in recent memory -- the Epstein case. Let us do away with even a surface-level pretense that they care about kids at all.
I believe that would help kids out much more than this shit bill would.
TANSTAAFL.
Those Are Not Slogans That Are Applicable Followed Literally.
They are laying the foundation at the infrastructure layer to build a Digital surveillance net, look at the pieces with the eye of an Architect -
https://www.cnbc.com/2026/04/15/banks-citizenship-data-colle...
And
https://www.congress.gov/bill/119th-congress/house-bill/8250...
https://withpersona.com/blog/what-is-drivers-license-verific...
My understanding is that if you are under 18, you can get away with uploading a selfie.
I think your are correct, I don't believe such a requirement exists in the bill itself and that's a big part of the article. Because the law doesn't require this, there's a very real risk that people won't realize that, if you are an adult, you will be required to upload a photo of your state ID. Prople might support the bill and only realize what it means in practical terms once it is too late and it has become law.
It isn't clear to me if requiring photo ID is a practical requirement or a decision the two incumbent vendors have made for their own reasons. My guess is that it is the cheapest and easiest solution.
You can talk about birthday hash or whatever, I don’t see it happening
Apple, Google and such will contract out this age verification to a third-party which will ask you to upload your ID and a 3D face captcha, which the third party will delete within 15 days, but somehow magically still make it into an unfortunate, unavoidable data leak a couple of years later.
Do you have a source for this claim?
...in a world where any legislator ever consulted with cryptography and security engineers on this sort of thing.
What we are going to get is people printing fake IDs on paper and holding them up to a camera.
> The term “operating system provider” means a person that develops, licenses, or controls the operating system on a computer, mobile device, or any other general purpose computing device.
So excited to see the GNU vs. Linux debate finally land in court.
"The greatest trick the devil ever pulled was convincing the world he didn't exist."
If it looks like a conspiracy, it's probably one.
[Edit: Never mind, others have explained elsewhere in the discussion. It's the lawsuits Facebook is losing for addicting kids. So rather than, you know, stopping doing that, they want to instead legally force us to alter every OS on the planet. Disgusting.]
edit: I took too long to write this :)
As someone that doesn't have a Meta account (and will not), this could become potentially problematic.
>a computer, mobile device, or any other general purpose computing device.
It leaves open to interpretation if it applies to all computers, or just general purpose ones.
Does a car count as a mobile device?
Going to be fun when my washing machine asks me to upload a scan of my passport to the CIA before it will open the door.
https://www.youtube.com/watch?v=1FkK8ZFE7Y0
The CIA hates that trick.
That puts me for the rest of my life at a level of fuck you.
And if the system breaks down, I’m just going to hunt and eat you. How big do you think your chance of survival is meeting someone hungry who spent over a decade in war and conflict zones and is still here?
I’m more concerned about the future for your sake than for mine.
Arrogance is usually a defense mechanism that you can't fix with logic... people use it to shield themselves from their own insecurities so they don't feel inadequate or threatened.
If you can't see your own flaws, you can't understand why others don't like your behavior.
"As a rule, strong feelings about issues do not emerge from deep understanding."
Oh stop it. You’re breathtaking!
Know what gave it away?
> enough in the bank at three to five percent
I mean lol if he’s expecting banks to be around in a societal collapse situation he’s got another thing coming, wonder how the shitbox car will do when fuel runs out in 8 weeks worldwide. Mad max baby!
https://health.yahoo.com/wellness/nutrition/articles/ultrapr...
Oh, AGI can turn everyone into matchsticks, but when I talk about turning humans into tasty sausage the internet goes wild.
It’s obviously sarcasm, just for the neurodivergent talent in here panic buying cannibalism safe bunkers now.
/s
I'm adapted to the American diet, so I'm sure that they'll cover my nutritional needs.
Let's stay on opposite sides of the pond like Godzilla and King Kong.
I like you whisky.
That’s a deal I can get behind.
I will send your administration a request to put your statue on top of the Arc de Trump. If they can pay 400 million for a ballroom, they can spend one for a diamond statue of the man that saved a lot of American lives today.
True heroes don’t always wear capes. Sometimes they have butcher knife’s.
Wait, 27% for the right-wing extremists in Germany? The strongest party if there were elections today? Some of them publicly state they are the friendly faces of facism?
Oh, oh. I’m in danger.
That's not even the worst part:
> a person that develops, licenses, or controls the operating system
Suppose you write a generic piece of code that some third party then includes in an operating system, but you're the only relevant person in the jurisdiction. Are you now an "operating system provider"? If the "operating system" is made by hundreds of people or more, is it none of them or all of them or what?
Suppose you're a company and you've got a bunch of servers, which are computers, and you have root on them, i.e. you "control" the "operating system".
For example in the Linux world, it's the distributions.
Where it gets murky is with Android (and to a lesser extent Windows).
IMHO, the entities which should be responsible are Google and Microsoft.
But since vendors, specially in the Android world, can heavily tweak the OS, there is a case that it's more the device manufacturers like Samsung which are responsible.
The relevant interpretation in practice will usually happen naturally, and the most ambiguous stuff will be set by jurisprudence if necessary.
So let's say someone in e.g. South America publishes an Android ROM. >99% of the code was written by Google but the author isn't using Google Play or any form of Google service for updates, it's only using the base Android code with their own updater.
If someone in California uses this ROM and the person in the other jurisdiction made modifications so that it doesn't comply with this law, who is in trouble? It's pretty unreasonable to claim that it's Google, but then is it no one, since the party responsible is outside the jurisdiction?
I would argue it falls more on a case like the Linux distributions one and the guy in South America is responsible.
Google, in my opinion, can be held accountable for Android because they deeply control the ecosystem (App Store, APIs, Services) and de-facto prevents significant modifications, specially when they deal with Android security framework & mechanisms (if you modify this stuff too deeply, the Apps could break).
But if a distribution cuts ties with that, then it's the author or the entity behind it who is responsible, and if it's deemed illegal, downloading his ROM should be blocked in the US.
In truth, if I were a defender of this law (which I'm not), I would not worry too much about it. This text is here to force mainstream OS vendors to provide an API for age verification. The micro-subset of people flashing custom roms onto their phone or recompiling a piece of OSS software with some flag disabled is in practice so small that it's not really an issue.
While I do agree that this law could be better written, properly categorizing in it the cases of MS, Apple, Google and maybe entities like Linux Distribution honestly is kind of a nightmare.
Does my laptop have to pass my age verification to a Docker container?
Am I at risk of government censorship (or worse) if I create a hobby smart home app that boots bare metal on a Raspberry Pi?
Or even the shell apps that I run daily. Does curl (which can access any web url) have to validate my age? What about AI models/ollama?
It has an OS, a network stack, an interpreter. Usually used for games as much as for classwork.
A car houses numerous Turing-complete computation systems.
They also added this page since I posted that comment: https://web.archive.org/web/20260411112604/https://tboteproj... where they claim their website is "under surveillance" because it got a few thousand requests from Google Cloud et al, most of them to a single page. This really shows how low their standards are.
Yes, it would be nice to know with certainty who is behind these bills. It sucks how much opaque money influences American politics.
Josh Gottheimer's press release[1] on HR8250 mentions the "Meta Parents Network." I don't know what that is, but it does have "Meta" in the name.
Buffy Wick's noise about AB1043 claimed it was passed with the support of tech companies. I have spoken directly to one person close to AB1043 who told me Facebook argued against AB1043. I have doubts. But if true, I suspect they were not arguing in good faith and had ulterior motives.
In the end, no matter who is secretly lobbying for or against age verification bills all over the planet, the bills are terrible, and we should fight them.
[1] https://gottheimer.house.gov/posts/release-gottheimer-announ...
I think Facebook is behind these bills. I think that from personal experience working at Facebook.
That an LLM may have arrived at the same conclusion is unrelated. LLMs are garbage. Don't use them.
Very likely, given the legal liability they are already facing from the "addictive" court cases that are turning against them. Moving the liability for "age verification" away means they will not also be facing a huge number of court cases accusing them of showing an underage person adult age content provided they followed the law's proscribed "ask the OS for the user's age" requirements.
Also, note that only a few months ago Zuckerberg was in court testifying that the single best place to perform "age verification" was in the operating system of a device. Now, like mushrooms after a long rain, at roughly the same time up pop bills in nearly every statehouse, Congress, even Brazil, that all read nearly identically and that all are so broad as to require "the OS in anything with a CPU do age verification". The nearly identical text in each highly implies a single lobbying entity is behind all of them (it would be quite the coincidence that 50 state houses, plus Congress and Brazil, all write nearly identical bills independently). And the connection back to Zuck's court testimony of "age verification is best done in the OS" highly implies that the single lobbying entity is Meta, or funded by Meta to obtain this outcome.
These people have root access to all our webcams.
I don't think we can tolerate these entities to continue to exist.
Basically a mass-protest via network packets. Could we argue sending packets to a server is essentially a form of protest protected by speech similar to a public gathering?
On theirs: "Just for the sake of making the numbers work, have you tried putting in 'kill all the poor'?". https://youtu.be/s_4J4uor3JE
I am increasingly coming to recognize proceduralist liberalism as a suicide pact.
1. The OS vendor must provide an age bucket using the minimum amount of data necessary
2. App vendors (i.e. Facebook) must use the OS vendor's age buckets to determine age
The idea is that the next time Facebook gets hit with a child endangerment lawsuit, they can say "Well, we used the age buckets the government told us to, and they said the plaintiff was 18+, so we're not liable".
This, of course, assumes that most social media and Internet regulation will continue being targeted at children only, both because courts are reluctant to enforce 1A on laws that censor children[0] and because the current political class actually benefits from the harms Facebook does to adults. Like, a good chunk of government surveillance is just buying data from Google and Facebook.
[0] The root password to the US constitution is "th1nk0fth3cHIldren!!1" after all
with age requirements for use of social media, Meta faces tremendous liability in many countries if they cannot do the verification correctly.
they don't want to do it, nor face the risks, so they'll push it to the OS.
they also know that banning under-16s means a huge market will be gone, so they want an easy-to-bypass OS fix. if their tween market gets around the hardware and OS it's not their problem, but Meta can't it if it's on them.
in other words lets annihilate the free internet and maybe democracy so we can lower our risk profile
https://www.cnn.com/2026/01/07/business/character-ai-google-...
If something is codified in law, they can comply with the law fully, and yet not have any real backlash from users. This can also shield them from many lawsuits. Conversely, if they start ratcheting down age-verification on their own, users will become quite upset. If they don't ratchet it down, then... as you can see, potential lawsuit.
And this isn't just about LLMs, once the concept of "a platform is liable for harm" happens, it's about everything. Including content other people slap into an app store. And the US has been talking about section 230 removal, countries around the world are reducing such exclusions, so the wind is blowing towards even more liability for platforms.
If you look at Google's recent moves to identify all developers prior to install on Android, there may even be some of this in that. How can they ban someone from publishing illegal material, or material Google will be liable for, if they don't even know who the publisher is? They'll just slide into a new account. (Note, I said "some" not "all", there is often not just one reason for an action)
So I suspect that the push is from all online platforms of any size or scope. It will shield them, protect them from liability, whist at the same time redirecting user ire at the legislation, not them. HN types might still brood, but the average person won't have insight. "Protect the children" as a reason works for the average person, it works very very well, and really, that's what a lot of these lawsuits are about.
So I point back to such lawsuits as the start of all of this. And I see it as why there is a push from Apple, Google, Meta and so on. And simply because I'm saying "big corp wants this, not just Meta", doesn't mean I'm saying "Meta isn't doing anything".
Meta can be pushing this, hard, whilst at the same time every other large corp can be working towards the same outcome.
Everyone is so concerned with kids pretending to be adults, what about adults pretending to be kids? Any service that has any kind of private chat or picture sharing option will be a playground for “verified” kids.
Next step, “we must go further with the verifications until everyone is verified everywhere”. This is where the OS part comes in. Wish it was sarcasm.
In many cases, this consists of dramatically limiting user-to-user comms, hyper-aggressive filtering, sometimes even to restricting to pre-canned messages only. (I'm sure someone is already encoding morse code ethnic slurs into patterns of friendly gestures, but that's another story).
Here are more of his own words from the same letter:
> And what country can preserve it’s liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance? Let them take arms. The remedy is to set them right as to facts, pardon and pacify them. What signify a few lives lost in a century or two? The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants. It is it’s natural manure.
The blood of patriots and tyrants. He never expected rebellion to go unchallenged, he was advocating that we should maintain the spirit of rebellion as a guard against tyranny.
This will be a big one. They're building the groundwork for a world-wide dystopia.
Save a few ISOs of still-free OSes and hoard a few extra cheap computers. (You might also want to get a 10Mhz capable radio.)
Sending data by radio is messy, slow, and generally disappointing. Start your journey by reading up on the Aloha system https://en.wikipedia.org/wiki/ALOHAnet.
The only remaining issue I see here is that I think the law may be a bit too heavy handed in how it tries to legislate this system into existence. Trying to tell Bob Hacker writing an OS in his basement what features his code has to include feels a little too authoritarian for my tastes. Probably there are some economic or regulatory levers that could be pulled instead to ensure this system gains mainstream adoption without criminalizing ordinary software development.
Again though, I didn't read the whole bill, just the article, so I could be wrong here on some of the details.
1. The text implies software should get access to your date of birth, rather than talking about age groups. If it becomes the case that websites can get your precise date of birth, this will be the ultimate fingerprinting vector that will put the fight for online privacy dead in the water.
2. The text talks about "verifying" dates of birth. This can only imply the involvement of face scanning or ID checking and third parties.
3. The text itself is very vague about details such as verifying, because it leaves many details entirely to the FTC, which recently announced they will stop enforcing privacy protections under COPPA for companies violating it to perform age verification of children[0]. So you can fully expect that if we are putting computing entirely in the hands of the current commission we will be probably screwed.
The text itself is less than 4 pages. I recommend reading it for yourself[1].
[0] https://www.ftc.gov/news-events/news/press-releases/2026/02/...
[1] https://www.congress.gov/bill/119th-congress/house-bill/8250...
[1]: It says the parents verify the user's date of birth, which could just mean they get to say "yes, my kid is 12", and "a system to allow an app developer to access any information as is necessary" could just mean "is user over 18" if that's all that's necessary to comply with the FTC regulations.
The right way to facilitate parental controls with legislation is to put a requirement on service providers [over a certain number of users] to publish well-known tags stating the age suitability of their site/app/pages. Then put a requirement on mass-market device manufacturers [over a certain size] to include parental control software that can filter based on these tags. When parental controls are enabled on a device, any site/app without tags "fails closed" and doesn't display - meaning the open web and open devices continue to coexist with the tag system.
The key parts 1. the information signals flow the correct way, from the company with a well-known identity to the end-users' device where it can be acted upon per the device owner's desires 2. the legal liability lands in the right place - tags signify legal representations of the suitability of content and 3. the long tail of small-scale websites and devices are completely unaffected
This would also leave the makers of parental control software (bundled with device or third-party aftermarket) free to implement additional features that parents desire (eg block social media, even if the site says it's fine for <18), rather than leaving those decisions entirely in the hands of corporate lawyers (as this bill does, because once again it was written by Facebook/Meta).
This is the one thing that risks getting the law struck down by a court.
Anyway, I suspect Bob Hacker has a strong case that such a law as applied to himself would be beyond the scope of Interstate Commerce. Until he tries to sell or make his OS widely available, at least.
Just off the top of my head, something like "physical hardware with web access sold in the US without an ID check at the checkout counter must include this feature in its preinstalled OS" would be a better way to write the law in my opinion. Plenty of ways around it if you're a hobbyist or for some reason really don't want to comply, but a big enough hassle that all the major commercial OS providers would probably find it easiest to just include the feature. (Especially since this is a feature most parents would probably appreciate anyway.)
we know, for sure, that Clarence Thomas takes bribes. You think Facebook wouldn't cut him a check? Ditto for plenty of other Trump-installed justices on all levels.
This is not in the interest of the people nor any children.
No. As long as the focus is on giving parents tools to parent their kids and not on the government taking over that responsibility completely then there's no need for the government to lock anything down. You just give the parents locks and let them do the locking.
I think you are mixing up the bill this article is covering and the bill that California passed.
The California law requires:
• When setting up an account for a child who is the primary user of a device the OS lets the parent specify the child's age or birthday.
• The OS to provide an API that apps can use to find out if the current user is a child and if so their age range (under 13, 13 but under 16, 16 but under 18, 18 or older).
The bill in Congress requires setting age information for all users. It does not specify how that age information is to be obtained, leaving such details to regulations that the FTC will write.
in present form its more than age verification, technically it could be for any other purposes.
I still prefer to have this in my OS above having every Random internet vendor collecting my biometrics and id documents.
Definitely. And with trusted computing for the OS and browser so that those random internet vendors can be sure the OS performed all the required validation.
> I don't see how anyone can force this on Linux.
That will be the problem of Linux, not of the lawmakers.
As TFA notes, once this is in place, we're behind the eight ball from then on. You want to post something that the government doesn't like, something that insults our Dear Leader or promotes a political alternative? Guess who's getting an "over 21" rating by the feds. We've already seen massive speech pressure brought to bear by the FCC and there's no reason to think this won't continue.
So I'm reluctant to give 'em an inch.
Well that would be counter-productive to actually building a surveillance state.
https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-...
1) It's one thing to use secure auth to access government services, banks etc. that need to know beyond reasonable doubt who you are to function at all. It's something else entirely to require every person in the EU (not just citizens) to ask the government for permission to speak online.
2) What does eIDAS fundamentally have to do with ZKP? There's one reference to ZKP in the 2024 update (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:...) which merely says states "should" use it. Doesn't mean much of anything by itself. To my knowledge, the ZKP-based AV shit is only being prepared to run and hasn't been in use yet - https://www.politico.eu/article/online-age-checks-are-coming...
Distinguishing between child-locked and unlocked devices is something any website should be able to do easily. Adult-only should be a config setting.
Vendors shouldn't sell unlocked devices to kids.
Then it's up to parents take sure their kids only have locked devices. (Or not, if they're okay with it.)
This part is neither necessary nor sufficient.
Put aside the Orwellian premise of "devices are locked by default". People keep making the analogy to things like cigarettes, but if a kid wants a steady supply of cigarettes then they need a steady supplier. If they want an "unlocked device" they just need money and Craigslist, once. It doesn't matter what you make Walmart do and it correspondingly doesn't make any sense to involve them.
If your kids have enough unsupervised money to buy electronics then you're either fine with them being unsupervised or you already have bigger problems than a used laptop.
In person, we expect stores won't sell cigarettes to kids. We should simply expect companies won't provide age restricted services to kids. The liability and requirements should be on those companies.
(Of course adding any level of friction will deter some kids, but needing to get a whole new device other than the one their parents gave them is already a lot of friction, isn't it?)
Don't currently take payments for your business model? Probably what you're doing is anticompetitive and we shouldn't allow it anyway.
That one seems pretty obvious. The point of public indecency laws is so that your family can go to McDonald's and not encounter some couple fornicating on the table. Whereas if you go to a private house where someone lives with a reputation for not being very selective about who they take their clothes off in front of, that's not a public establishment.
A privately owned PC connecting to a privately owned server is a private connection, not a public place. It's something you get by going there. You're not required to go to the frat house.
It doesn't matter if you're not required to go to the frat house. It matters whether the frat house lets the public in while exhibiting their fornication, or has filters at the door.
Stores won’t sell cigarettes to kids because doing that will probably get you arrested and shut down pretty quickly.
Apple is horrible in this regard. Their solutions never really work.
A joint venture for an (optional) cross-platform family app would be more than enough. This, plus a (voluntary) content rating that's offered via an API (could even be simple meta data on a webpage). Done.
Oh, there is no config to retrieve, no We API to speak to.
"I'm 18 or older"-button it is. Is that a workable solution?
Ofc as soon as you give your child root access it is over but that is on you
the major players need to allow me to elect one of them as my family manager, and control permissions across ecosystems, from my management portal. i should be able to freely swap apple, google, microsoft, facebook, or a startup as my management and permissions tool.
instead I have a disparate management account and portal for every service on the planet. roblox, fortnite, facebook all want to appear to "make it easy" as if they hold the delusional belief that their management portal is the only one I have to manage. then add a spouse that also wants to change or tinker a setting.
if any law is going to get passed: it should be that any company over a certain size, who adds parental controls, needs to expose them externally to 3rd party management software.
What a crock! Parents actually getting to decide could be trivially accomplished by a first-boot date of birth prompt, at which time the device goes into ‘child mode’ until the date that birthdate becomes the age of majority. Undoing that (say to repurpose the device for an adult) should require the parent who set it up to also do the wiping, much as existing “iCloud Lock” etc requires the owner’s consent to reset.
If a kid is old enough to buy their own phone or whatever and lie that they’re an adult… I’m not that worried about it. Teens have enjoyed sneaking into R-rated movies and raiding Dad’s Penthouse Magazine collection for generations. It’s fine.
Now, whatever this BS is… this has nothing to do with parents deciding.
Wonder if they will stand up against this on the same grounds
Longer answer: In the UK, Apple already implements age "verification" at the OS level, starting with IOS/IPadOS 26.4. If Apple had not implemented this, it would still be in compliance with UK law. Apple is anticipatorily obedient.
A company like Apple has visibility of the legislative pipeline in its markets. Looks like the UK was a test bed.
Lots of OECD countries, all at the same time, are pushing for online age verification or OS-level age verification, both equally intrusive and implemented in privacy-violating ways by conflating identity verification and age verification.
The end result is not protecttion of minors, but abolishing anonymity on the Internet. Social media companies claim to want the former, but in reality just want to shift liability to OS and device vendors. Governments happily accept the "side effect" of being able to find and root out dissidents.
This is what Facebook wants.
Firstly, you keep using that word; I do not think it means what you think it means.
On the Internet, especially forums such as HN, you are "pseudonymous". That is, you made up a name for yourself, and that's how you're known to others. At the very least, we are all identified by IP addresses, which are again, fairly stable and unique pseudonyms. There are nearly zero truly anonymous corners of the Internet, because anonymous communications are chaotic and anarchic.
Secondly, it was the NSF who mandated that everyone accessing the Internet must have an associated and authenticated account with an identity that is known to their provider. These rules went into effect in the early 1990s. Perhaps they have been discarded or observed only in the breach, but truly, nobody is a stranger on the Internet. Even if nobody knows you're not a dog, your ISP or your coffeehouse still know who you are, when you connected, what device and so forth.
So, please let us stop pretending there is "anonymity" here, or that there ever has been. Whatever you've done in the past, it will eventually be unmasked. Yes, people on Discord and Wikipedia alike are freaking out over this prospect, but it was always going to happen. We've been laying down a very permanent record for over 50 years. Eventually it will all be correlated with real identities, Facebook or not.
So your router probably belongs to at least 2 botnets, and I bet they have logs of your MAC, your browser fingerprints, and your comings and goings!
> Firstly, you keep using that word; I do not think it means what you think it means.
I posted that word exactly once in this thread, and I was quoting someone else. But I like the Princess Bride too.
No idea what you're talking about with regard to the 90s. I can only tell you I was on the Internet then and it was not as you describe.
Regardless, there is a difference between "unmasked with a court order" and "everything you do online is tied to you for the benefit of ad brokers."
We can have reasonable privacy protections and still allow law enforcement to function.
https://support.apple.com/en-us/125666
what a dystopian world we live in.
Good thing I live in the US?
Those other countries have different legal norms.
Apple has engaged in censorship in China to stay in business there that they didn't engage in in the US.
Until whatever happens happens the idea they will behave the same in their own backyard low effort speculation
They've already been pushing age verification out in several countries.
Other countries are not the US, btw. There are groups here ready to challenge such a move.
Continually amazed at HN ignorance of geography.
With warm weather approaching I will log off this throwaway, setup as something to do during a cold stretch, and forget it exists.
I wonder if it would be illegal for an user to use an outdated system without those functions when they roll out, or to use outdated applications, or to distribute outdated applications, or to keep mirrors of multiple versions of operating systems. I doubt they thought that far, or if they care at all.
There are some Usenet servers (text content only, no binaries, all illegal crap it's cut down by design) listening under I2P servers. By design enforcing any cross-pond law it's impossible.
Learn about NNCP in order to tunnel messages over it, really useful for asynchronous connections such as Email and Usenet: https://nncpgo.org
Also, learn connect to a Pubnix and to use Usenet/IRC/Email/Mastodon services (tut it's a TUI Mastodon client) from remote servers. Make their own law obsolete across the world. Learn Mutt and GPG too, it's about 20 minutes of your life and for basic email a simple text editor like Nano, Mg or Mcedit would suffice to compose an email.
Try free Biltbee servers over IRC too, these can be connected even from DOS IRC clients in order to connect to modern services such as Jabber, Steam chat and even discord (join the &bitlbee channel once you connected ot a public Bitlbee server, there are several, and type down 'plugins' to get the available chat systems in that service) and thus any age bullshit for FreeDOS it's by design unenforceable without breaking network drivers and TCP/IP stacks as TSR's and whatnot. Ditto for old Amiga, RiscOS and such old releases which are unsupported. And banning retro computing would make the several civil right unions sue the state (and the judges) like crazy for huge amounts of money. Even META too as being the main lobby instigator.
Claim your freedoms back.
I’ll be passing messages to and from the former internet using NNCP bundles. I’m planning to work on some interesting solutions for async communications over Nostr, with some alternate paths through radio for emergencies. Finally looking into steganography as well.
Hope to see you all there.
Republicans may not like porn, but they put the onus where it belongs, on the operator, not on the OS.
While that might be true, I can't agree with the implication that this is better in any way. Having the onus on the operator forces you to have to send some form of verification out to all such operators you want to visit and they have repeatedly shown they are NOT capable of securely and privately handling that information.
The difference isn't really in the politicians, it's in the base, and how they will react to acts like this. Democrat voters will shame them, endlessly. They may not have alternatives to vote for, but they won't change their opinion to match whatever dweeb they were forced to vote for. Republican voters will always be on board with whatever they're told to be on board with.
I am certain they love it, given what kinds of businesses see a spike when the RNC comes to town.
More accurately, restricting it is a useful policy platform that helps them win elections.
If anything, the GOP is worse on this issue.
Josh Gottheimer is indeed a Democrat.
Yes, I am looking to sue to stop this insanity. If you're a lawyer reading this, please reach out.
EU also released their age verification legislation. Notice how closely they are timed.
https://www.dw.com/en/eu-chief-urges-bloc-wide-push-on-age-v...
Pure coincidence?
It is all going according to plan.
Direct link to the bill: https://docs.reclaimthenet.org/parents-decide-act-os-age-ver...
Edit: Oh, and the commission gets to make up the rules on how ages should be verified. So, prepare for a whole other level of PII leakage that isn't even captured by the text of the bill.
Will my children be able to use my smart oven/thermostat after I verify I'm 18+ on those devices?
I also wonder what verification will look like for containers and and VMs that might have a short life. Maybe that's how we keep IT jobs for a little while longer? Human age verification on every local account every time a container or VM is spun up.
Makes me even more glad that I've already transitioned off Windows.
This is all fine until they put some Id verification in. Then anything open is cooked.
All the bill wants is that you can set up an iPhone for kids, an children account on Ubuntu (YOU decide whether it's a children's account) and then, presumably, the browser vendors implement an AgeAPI that allows website operators to query the user age.
Your device tells us you're 10 years old. Access to Instagram denied. Your device tells us you're 16. You're not allowed to visit gambling-porn-and-industrial-accidents.org
It's, of course, exactly the opposite of the "identity-tied age verification government-control, ID-document-leak" dystopia that the scare crowds here are peddling. But you'll never hear a word of acknowledgement from them.
These people act as if those "I'm 13 or older, i can create an Instagram account and waste my life" or "I'm 18 or older, let me watch porn and strangle my girlfriend" buttons are the peak of civilization.
Government should like the RTA header as they can fine sites daily that are missing it. Lobbyists could push companies that do the header checks.
https://www.congress.gov/119/bills/hr8250/BILLS-119hr8250ih....
https://www.congress.gov/bill/119th-congress/house-bill/8250...
It's short and in plain language. The article is longer than the bill. Here's the totality of the requirements:
(a) REQUIREMENTS.—An operating system provider, with respect to any operating system of such provider, shall carry out the following:
(1) Require any user of the operating system to provide the date of birth of the user in order to—
(A) set up an account on the operating system; and
(B) use the operating system.
(2) If the relevant user of the operating system is under 18 years of age, require a parent or legal guardian of the user to verify the date of birth of the user.
(3) Develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer.
---
This part from REGULATIONS is also nominally important:
(B) Data protection standards related to how an operating system provider shall ensure date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user, to carry out this section and any regulation promulgated under this secion—
(i) is collected in a secure manner to maintain the privacy of the user or the arent or legal guardian of the user; and
(ii) is not stolen or breached.
---
I appreciate the brevity of the bill, but it delegates a lot of discretion to the FTC to regulate things like "How an operating system provider can verify the date of birth of a parent or legal guardian", so it's up to the discretion of someone in the executive branch as to whether GNU and/or Linux will have to scan your driver's license and upload that scan to some government contractor's servers, say.
We already saw that: some eagerly implemented this stuff, some rejected.
From Gutenberg, PD comics from the golden era -and pulp scifi-, noir movies, old weird science/fantasy series in B/W and whatnot, I'm pretty much covered. Ironically most current scifi media can be traced to...Bradbury novels, PKD's paranoia and some Weird Science comics.
Once 1984 gets into PD, that's it. It is in Canada, but you can read it online as long as you don't download or share it:
https://gutenbergcanada.ca/ebooks/ebooks/orwellg-nineteeneig...
Leaks pretty minimal PII (the user is between 13 and 18 would be the tightest identifier obtainable with the above gates). But still allows for age gating some content without relying on self-reported age.
Am I optimistic the actual solution won’t be more invasive? Sadly no…
I hope Josh Gottheimer will get a lot of money for his work there.
I also remember a few weeks ago, people such as Poettering and others said this is all harmless, nothing bad would ever possibly happen.
Lo and behold, now it is the new mandatory law. All people will soon have to go for age sniffing, in order to access information. Linux is only for the Underground now.
No, the fee is your identity and a record of your every thought and action.
We don’t gain anything from asking a 3rd party. In fact it costs money per request.
When those same people are hysterical about Protecting The Children, you should understand that "protecting the children" is a distraction from whatever the actual intent may be.
The general public is thoughtless, and there's little reason to think the decision-makers are much more thoughtful, but Protecting The Children is merely this age's Trojan Horse.
Much of the USA recognizes that "gun deaths" are caused by criminals who aren't going to follow any gun laws in the first place.
the next step if this bill passes seems to nessecarily involve excluding holdouts from content rated beyond toddler safe.
Age verification inherently means identity verification. There's no way to prove your age without first proving that you are YOU, either by showing your face or authenticating with some third party authority, usually government or a corporation.
The idea that you should be locked out of using your own computer until you do this is utterly insane. What problem does it solve that existing parental control tools don't? A generation of parents already trust their babies with iPads for this reason. And what of the millions of Americans who don't have current ID?
- And For Other Purposes.
am i the only one seeing that?
i see a lot of discussion pro and con age verification, there should be much more concern about the purpose of that phrase for other puposes.
is some one actually trying to sneak a catch all like that into it, or is it a bargaining chip. [see we removed "for other purposes", its all better, now we can pass it]
their dwindling to irrelevance, like the UK, could not happen faster
"TOO LOW, PULL UP. TOO LOW, PULL UP"
Take your country back before it's too late.
This compromises 0 privacy until it requires an ID. EU solution actually does and only supports specific devices.
Instead of "age verification", call it (and everything like it) Epstein law. The government wants the information of who is a kid and who isn't broadcasted to all the apps, safe AND malicious. There's no good reason to let random developers freely collect lists of kids out of those people who choose to try an app. It's Epstein law.
Being able to easily bypass an age gate makes such info unreliable, verification removes the unreliability such that the data can then be used for both good and evil reasons.
Last time we saw her anywhere near here was her "farewell tour" when she was supposed to go be Trump's UN stooge. Haven't seen her up here since.
Glad to know we get to die up here for on-device age verification for everyone else.
Consider: if the tone of your writing will put off anyone who disagrees with you, what’s the value in “livening it up”? Again, it’s preaching to the choir.
Stay tuned. With mass unemployment/underemployment there’s gonna a be a lot of “extra” people.
The tech crowds utter derangement over this minor mandate is truly a sight to behold.
Consider AB1043. It mandates that applications check the age of the user each time the application is launched.
Think about what that means when you run `make` in a source directory. How many times is the compiler application launched?
AB1043 is short; you can read it for yourself: https://legiscan.com/CA/text/AB1043/id/3273385
``` (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched. ```
If it were meant as "when the application is downloaded and every time the application is launched" it would probably have been written as "when the application is downloaded or launched".
Also, there would be no point in mentioning downloads if that was a separate check because the app developer cannot request the signal upon download because their app is not running then.
The most reasonable conclusion is that the app must check the first time it is launched.
> The Parents Decide Act solves the self-reported-birthday problem by demanding something verifiable, which in practice means a government ID, a credit card, a biometric scan, or some combination.
> However, Gottheimer has not specified which. The bill does not either. It’s up to the FTC to decide.
(a) Requirements.—An operating system provider, with respect to any operating system of such provider, shall carry out the following:
(1) Require any user of the operating system to provide the date of birth of the user in order to—
(A) set up an account on the operating system; and
(B) use the operating system.
(2) If the relevant user of the operating system is under 18 years of age, require a parent or legal guardian of the user to verify the date of birth of the user.
(3) Develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer.
The only requirement for "verification" is to enter a birthdate on account set up, and underage accounts have the parent "verify" the birthdate. There is certainly some ambiguity in the bill which is not good, but efforts should be towards resolving the ambiguity in favor of a lack of intrusiveness.
(d) Regulations.—
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to carry out this section, including regulations relating to the following:
(A) How an operating system provider can—
(i) verify the date of birth of a parent or legal guardian described in subsection (a)(2); and
(ii) carry out the requirements described in subsection (a) with respect to an operating system of such provider that may be shared by individuals of varying ages.
(B) Data protection standards related to how an operating system provider shall ensure a date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user, to carry out this section and any regulation promulgated under this section—
(i) is collected in a secure manner to maintain the privacy of the user or the parent or legal guardian of the user; and
(ii) is not stolen or breached.
It should be really easy to get your bank account information then. You're just going to give it to me, right? What is this? You're fighting me tooth and nail instead of celebrating giving me your banking info?
> The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end.
And books..? And the newspaper? What if a child reads about a horrible murder in the newspaper that keeps them up at night? What if the government outlaws books and newspapers because they can contain bad things? We'd better add a "adult/ not adult" checkbox to the first page to "short-circuit support for more onerous age verification".
I wish public discourse were more this way - if someone is arguing in good faith, actually answering what you asked moves the conversation forward, it’s just on the person to give you a serious answer
I don't see a plausible scenario where the implementation of this mandate makes further mandates more easy to get passed. An age field and an API to access it is as trivial as it gets. More onerous age checking is not something that is an extension to or somehow made more easy given the pre-existence of the age field. No argument against more onerous checking is undermined or rendered less severe due to an age field already existing. There is no slippery slope here.
>So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls?
There is already a pretty significant market for parental controls, so presumably if their quality were a limiting factor in their adoption the market would have responded already. Parents simply aren't interested enough or savvy enough to apply them. Parental controls also just intrinsically suck for a lot of reasons. They are either mostly ineffective or wildly intrusive, like giving total access to children's communications and internet activity to external companies.
>Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that?
Presumably an adult is involved in purchasing devices and setting up accounts for their young children. Putting an age of account holder field into the account set up workflow seems pretty effective. It's not 100%, but it doesn't need to be for it to be a major improvement over the status quo. The lack of verification is a feature of this mandate, not a bug.
>we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right?
As those pushing this kind of legislation are fond of pointing out, we have age checks for buying alcohol or purchasing adult magazines in shops. Presumably these don't run afoul of the first amendment. This idea that we can't or shouldn't mandate age checking in some form to access content deemed inappropriate to children is just a losing argument. Again, the writing is on the wall here.
From your point of view.
What I can tell you is that there are definitely people who will argue that this is, by the fact of being written into law, now the spirit of the law.
Then these people will argue that the spirit of the law is being broken, and the implementation needs to be better and tighter. Not that it needs to be repealed! Because clearly this is something that was wanted. And to many, many people, this will be sufficient argument not to complain about further measures.