- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
Of course, this is not only about Ubuntu, Fedora, or Linux Mint, as it would apply to all GNU/Linux distributions, desktop environments, and application hubs lke Flathub or Snap Store, which will have to comply with the upcoming law in the near future in some way, especially since similar laws have already been proposed in other US states, including New York and Colorado.
Well great! Because no one is asking you to provide your identity. Both California and Colorado laws say that you only provide a birthdate (that you set) on a child’s account. So, don’t make a child’s account?
Your argument is literally the slippery slope argument, so maybe we can agree that the whole topic is blown out of proportion.
sudo?The community’s reaction is not “blown out of proportion”. I’d say the reaction is actually not proportional enough.
I hate lists in comments, but fine.
Up to $2,500 per affected child for negligent violations Up to $7,500 per affected child for intentional violationsThey don’t, there is no mandatory reporting, there is no “phone home” of compliance. It is only, and I mean only a boolean check in the OS, “Is the user a child or not”.
There is no section mentioning penalties for individuals entering false age information. You are completely free to submit whatever age you wish. This is 100% for parents to create a childs account.
No. This is the largest bit of misinformation about these bills. There is no place where a database is created. It is literally an OS level signal that says “Child is under X age”. A browser can check that signal, and if little Billie wants to see something adult related, the browser blocks it saying that they are under aged. It is still 100% opt in, there is no requirement for an OS to take an age, only that they must allow the option.
NO. They have no idea! There is no tracking at all! Seriously. Read the law for yourself.
NO. If the account is a default, normal adult account, all developers can trust that signal. “A developer that relies in good faith on a signal… is presumed to have accurately determined the user’s age and to be in compliance…”
This is the only slightly ambiguous part, which CA at least knowledges is a gap, if there is a shared account. This law does not state anything about that, and only puts in place that a child should be able to create a child account. At this point the OS would say that the user is an adult, and would fire the signal that they are an adult, and from the other parts of the law there is no liability if the parent didn’t set it up as a child’s account.
Seriously. Please go read it yourself. I’ve been an open source advocate for a long time, and I’m a software engineer. Nothing in this law seems alarming to me. Annoying sure, but literally I can’t think of a better more privacy friendly way to do this. It is quite literally only saying “You must have a way to create a child’s account, so that the API is there for other apps to block access”. It’s literally just closing the giant loophole of “I’m totally over 21” that we all made fun of for years.
In fact what I really love is that it’s doing what we always wanted from the beginning. Put the onus on the parents. This quite literally puts 100% of the onus on them. Like as an app developer I can say
If !os.isChild showPorn. It’s quite literally saying “Look, we’ve done as much as we can, you had one job to do as a parent and that was to set your child’s account as a child account, and you didn’t. That’s on you.” As an engineer myself, if all I have to do is check a flag to make sure kids don’t use my NSFW app, then that sounds like a win.https://legiscan.com/CA/text/AB1043/id/3269704
Hard disagree, If it doesn’t matter how one uses a computer, then why would one have to comply with the state’s requirement to specify who is using a computer? In this case, the state is regulating the way a minor uses a computer and plans to enforce it with legal action including severe monetary fines.
Do you know how digital fingerprinting with metadata works? This information, even just Age brackets will be very helpful to accomplish this.
In respect to everything else, which I appreciate you taking the time to type, it’s important to remember how legal precedent works, how laws are interpreted, and how legal overreach happens.
These two statements are in conflict and cannot both be true.
This is the same cat and mouse game that has always existed in prohibited material. There will always be loopholes and sometimes those loopholes will expose users to increased risk.
Note, I haven’t even gotten to the fact that not only computers use Linux. Some refrigerators might use it to run it’s “smart” features. And refrigerators might store alcohol.
This is not doing that. It is poorly protecting the distubitors of “harmful content”. Likely, this will only benefit large companies like Meta. If your goal as a parent is to restrict porn websites, some firewall rules would do a better job, and even that is doomed to failure as you won’t be able to add all porn websites. A combination of education, an honest talk with your child, and the realization that abstinence/prohibition does not work would be a better approach than any technical one.
And what if a website or app doesn’t check this or add a nudity flag for the device/browser to check? Do you think porn sites in other countries will care?
For this:
They are not in conflict, because the onus is on the parents to set up a child’s account. So if the parent did their job, then the child can never click “I am over 21” because at the OS level it’s blocked. They would need their parent to bypass that again. For adults, on your device, you simply never set up a child’s account, and you don’t need to worry about it. So yes, I consider that closed. A child loses the ability to click “I’m over 21”. Adults if anything hopefully don’t have to click that anymore, but I’m guessing for safety they’ll still force us to tick the box.
So far this isn’t for the web at all, but I see this as clearing up the grey areas. Maybe they don’t care, maybe they do. Maybe it puts more power on the browser to help stop it. If a website or app does not listen to it there are consequences for it, but seeing how it’s quite literally a boolean check it sounds pretty easy to be in compliance. That’s the monetary damages we saw above.
I don’t know man, I see this, which is a simple thing a parent can set on an account: are they a child or not. Or, the alternative, which is everyone has to upload their government ID to some third party site, have it stored for all of eternity, and collated and collected, just so they can access discord, or social media, or whatever. The thing is that I do not believe there exists governments right now who are willing to let any of it slide anymore, they are demanding that something be done. Nothing is no longer an option. If we have to choose one of the options, (and by not choosing it means they will choose for you), this seems like the safest most privacy focused option.
We will never agree on this since your whole premise is built on a lie.
You are claiming that it’s inevitable for the state to govern how we use our devices. When the realty is, that the state does not need to be involved at the operating system level.
If this was actually about protecting kids, then maybe the state should go after tech companies like xAI which hosts a child pornography generator known as Grok.
This is not about that, this is actually a law that will protect xAI, and allow them to continue to generate non consensual pornography including those of children.
If a child sees harmful material like child pornography that xAI generates, somehow that is now the operating system developer’s fault. And it’s not impossible to imagine in a few years the parents would also be legally liable.
Okay calling it a lie is a harsh term, and I thought we were coming to at least a mutual understanding of each other’s points.
I do not disagree with you, that it shouldn’t be them getting involved. However, what is happening is that they are getting involved whether we like it or not. This is the fundamental difference in our viewpoints. If you think there is still a chance to hold out, go for it, but I think there is no way to avoid it at this point.
I see it very clearly. That it’s going to happen whether we like it or not. I personally think if all the OSes just held out and said “No way we’re not doing anything” then the obvious response is that sites will need to require IDs for everything, and we lost even harder. It’s better to suggest a tech forward privacy based approach now rather than let them dictate that everyone should take IDs.
That’s my point of view. I know you disagree, and we’re not going to come to an agreement, so I don’t see the need to continue this thread.