Here is the exact text of the california law, make your own opinion.

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml...

What I got out of it was that an os has to provide an interface to applications so that if they make an age request(note that the law says nothing about when or what applications will make a age request) the os can provide something. and it has to provide an interface for the user to enter the information.

So when we map this requirement onto the mechanism of how the os provides information to applications. and how users set up the system. I have come to the conclusion that compliance on a unix-like platforms is as simple as

echo ${AGE_CATEGORY} > ~/.config/ca_ab_1043

Then the program can get the age category anytime it wants to. the user is able to put this information in at account setup just like the law asks using an accessible interface, the same interface everything else on a unix-like platform uses, the shell.

You’d need some script that updates the age category based on the user’s provided birthday (which is not shared with the applications) but otherwise yeah

No you don't, the compliant user will up date this information as necessary.

The law says the user provides the birthdate or age and the bracket is derived from it

I wish the legislators thought about the privacy implications of this, because anyone can learn your birthday by watching when the category changes.

The brackets are a few years wide, so it could take a bit of waiting. But yeah I’d consider setting a slightly different day/month for a child if I was paranoid.

I guess you could also make the bracket selectable instead of requiring the age

> The brackets are a few years wide, so it could take a bit of waiting.

There are millions of people moving between the proposed age brackets every day. This is a DoB-gifting firehose to ad tech.

Ad tech doesn't need this feature to know roughly how old you are.

Also, various sites were already legally required to gather this information anyway to know if someone is over or under 13.

I believe the California law (which has passed) requires operating systems to collect the DoB or Age of the user when setting up a user account, and then expose an API that shares the users age range (not their actual age or birthdate) when requested by an application.

It does not require the OS to actually verify the age, collect government IDs, or any other data.

The intention, I think, is to put the responsibility for communicating the users age on the OS, instead of having each application or service do their own age verification (by scanning IDs, requesting user data, etc). Since it’s set on the machine, a parent can set it once for their kid when setting up the device.

Or I guess the kid can set it if they're smart enough to reinstall the OS or spawn a VM. I'm sure there will be online resources to help them that kids know how to share

Yeah if you have admin access to your device and know what you’re doing it’s basically a non-issue. I’m guessing a savvy high schooler can change their age bracket easily.

If you want to give a young child a laptop or computer though, it maybe helps keep them away from objectionable content.

The California law says nothing about verification or immutability, what if someone made a mistake when putting in their age? Why do we need to hide it? Better to just let the user change this at will.

Yeah the most likely thing (for the California law, at least) is that compliant OS's expose a form at account creation where you input a birthdate or age, and have either a CLI/file/setting where you can change the birthdate or age with admin permissions. No verification is needed

LD_PRELOAD can intercept getpwnam(). Why not getpwage() as well?

The short answer is that a lot of states now require KYC by service providers under the guise of adult content prohibition, "protecting the children", or mass surveillance. So the service providers like Facebook are trying to foist off the responsibility to the operating system. The pesky details of storing and managing PII becomes Somebody Else's Problem, and if the operating system implements an easily bypassed KYC e.g. a simple check box and then the kid get radicalized or get exposed to problematic content, the service provider can just shrug and point the finger at the OS. In other words it shifts the responsibility to the lowest level instead of the platform companies.

You can frame it nefariously, but honestly, it just makes way more sense to me. I want as little of my personal info as possible in the hands of random services, and that includes the stuff needed for KYC checks.

In the original article there are some blue underlined words. “California” is one of them. If you click it, you will get a nifty video answer to your question.

According to an opinion piece at The Register, California's is vague and nobody knows, including the law's proponents: https://news.ycombinator.com/item?id=47398798

Depends on the law. Some of them say that the age range must be provided to all applications through an API, and all apps and “app stores” must filter content based on this value. Others say that this isn’t enough and you actually have to verify the age based on some commercial scheme like CC or ID verification. Some say you have to send the age to websites. Many of these laws seem to be in direct conflict about what is allowed and not allowed.

In all cases, at least in the US, these laws violate the first amendment (as code is a form of speech), and freedom respecting users and devs need to resist them until they can be defeated in court.

Honestly the laws don’t consider open source operating systems at all. They’re meant for the overwhelming majority who are using commercial operating systems. They imagine something like android or iOS or windows where yeah they ask the question during user creation and then handle the age gating in their app stores, anything outside that model isn’t something they’re going to spend any time thinking about, because why would they?