this post was submitted on 27 Feb 2026
114 points (99.1% liked)

Linux

12537 readers
403 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
114
An upcoming California law requires operating system providers to enforce basic mandatory age verification (www.pcgamer.com)
submitted 9 hours ago by cm0002@infosec.pub to c/linux@programming.dev
19 comments fedilink hide all child comments
 

Apparently this will include Linux...

you are viewing a single comment's thread
view the rest of the comments
[–] panda_abyss@lemmy.ca 21 points 8 hours ago* (last edited 8 hours ago) (2 children)

In essence, while the bill doesn't seem to require the most egregious forms of age verification (face scans or similar), it does require OS providers to collect age verification of some form at the account/user creation stage—and to be able to pass a segmented version of that information to outside developers upon request.

As much as I hate this, just filling in a drop down on OS install is fine with me. This is the ideal solution. Tell your kid’s device it’s for a kid, then use the default age restrictions correctly. That’s perfectly fine to me.

Anything to avoid evil age verification services that force deanonymization through every app and service.

I do still hold a strong reservation against these age locks — how long until the US deems LGBTQ and teaching about slavery as “mature” topics?

[–] pivot_root@lemmy.world 5 points 3 hours ago* (last edited 3 hours ago)

I disagree. This is a first step towards something far worse.

It sets up the infrastructure for getting user ages and allowing services and websites to get an attestation from the operating system. Once that system is widely used and becomes ingrained, they can create a follow-up bill that demands the attestation be cryptographically verifiable by a trusted party.

In that scenario, the only way the operating system's promise that you're not a minor would be trusted is if it was signed by whoever holds the private keys—and that's definitely not going to be you, the device owner.

It would either be the government, or more likely, the operating system vendor. In the former case, now services can cryptographically prove that you're a resident of $state in $country, which is amazing for fingerprinting and terrible for anonymity. In the latter case, you can guarantee that only the corporations will be holding the key (like with Microsoft and secure boot), and you can kiss goodbye to your ability to access services on FOSS operating systems like Linux or custom Android ROMs.

This proposal is just a way to get their foot in the door with something palatable. If you've ever come across banking apps on Android using Google Play Services' SafetyNet feature to restrict access to only "secure" devices, you'll know exactly how this turns out: either you use the phone you own the "approved" way with a stock ROM where Google has more permissions than you do, or you're not doing your banking on your phone.

[–] GammaGames@beehaw.org 3 points 7 hours ago

Agree with everything you say, I don’t like that it has to happen but having the device report whether you’re a child or adult makes more sense than having every service do it poorly themselves.