This is a most excellent place for technology news and articles.
If I could trust that the people in government know how computers work I'd be down but well I can't
Hey Colorado. GFY and get your damn politicians under control.
First I've heard of it, dude. Don't get your knickers in a twist.
I fully expect this to become a move to hamper linux, or any non-windows desktop usage, because "we can't trust a user who has full access to their OS" or some other bullshit.
Holy fuck this is bad
Only for privacy and anonymity, companies like Google and Microsoft will do fabulously however. Who donates to him I wonder.
AFAIK, only adults can sign up for internet access, so a minor watching porn on the internet is the same as said minor watching their parents’ adult DVDs or drinking alcohol their parents purchased. It’s already illegal for adults to give minors access to these things, so what’s next? Alcohol bottles that only open and DVDs / Bluerays that only play if you can provide an ID and prove your age every time?
DON'T give them ideas!
I've been a longtime mobile and web developer, have a teenage kid with a phone, and am a big privacy advocate (card-carrying member of ACLU and EFF). As a parent, I don't want my kid exposed to cyber-bullying, toxic social media, or algorithmic bullshit.
And I will tell you this: the operating system is 100% where you want to do age verification.
I don't want individual social media sites, dodgy third-party orgs, or government agencies scanning our faces or IDs. Under a family sharing plan, the OS already knows how old the kid is. Any site wanting to gate access can privately ask the OS if age > X without spilling their PII. Same concept as OAuth. An opaque, encrypted token indicating GO or NO-GO.
Raging that they shouldn't do any of this is just idiotic. Unfettered access got us CSAM, kids getting radicalized, or bullied to the point of self-harm. Fuck that.
From a technical point of view, having OS-level verification is the least worst, and in my technical opinion, the best option.
As a software engineer that works on virtualization and is interested in software freedom, this law terrifies me because it's a trojan horse for something much much worse than the already shitty status quo: remote attestation.
And I will tell you this: the operating system is 100% where you want to do age verification
No, it's the last place you want to do this check. Let me explain: because users control the PCs they buy right now, meaning they can install any OS and programa the so wish to install; governments at some point will decide that they cannot trust the results given by any OS.
The only way for governments will be to actually trust third parties (again) that will check properties in your computer through a module that controls the whole computer and users don't have access to.
This is called remote attestation: https://www.eff.org/deeplinks/2023/08/your-computer-should-say-what-you-tell-it-say-1
With this technology, users don't decide what programa they can install and run, they can't even decide what websites can they visit.
It's a brutal encroachment on the computer freedom you have enjoyed up to now, and the perfect tool for an authoritarian government to enforce what can you watch and in general, can do with your computer.
If this law is approved, I guarantee you it will spread and will have expanded versions requiring remote attestation. (Don't worry, lobbyists will find a way to sell remote attestation preserves privacy to make it go down easier)
The end result is a nightmare-fueling scenario where someone like Peter Thiel through Persona not only has your information because it needed to verify to create the account in your computer, but Microsoft also has it, and governments through Microsoft may decide to limit which platforms you can access (X or something worse), if also if you've been a bad citizen, if you can run programs in any computer that can be legally sold.
All in all, this law is incredibly dangerous in the current political climate where even supposedly democratic governments are pushing for more authoritarian controls to digital life. And I'm surprised organisations like EFF haven't seen this yet
And I will tell you this: the operating system is 100% where you want to do age verification.
Oh, what's that you're using? It's Linux? Sure that's fine, just make sure the age verification check works on it.
Wait, what do you mean you have "root access"? Why do you keep repeating "it's my hardware and I own it"? You removed the age check system? You can do that! Hey, he's not supposed to be able to do that!
Colorado proposes bill to ban open source operating systems
As a parent, systems and web developer of both open source and proprietary software. This would single-handedly be one of the most damaging things to ever happen to the world of personal computing.
From a technical point of view, having OS-level verification is the least worst, and in my technical opinion, the best option.
It's a horribly bad opinion. It's the same old problem with client-side anti-chest. You can't trust the hardware. If the user has full access to the computer, then they can do whatever they want with it. This is a core issue in security modelling. So what's the answer? Try to lock down the system. This is why anti-cheat software, to play a video game, has more access to your computer's hardware than you do as a user. Full access to every single file, data in memory, webcams, things on screen, etc.
What's going to happen if it becomes mandated that age checks must happen in the OS? We're going to get computers so locked down that you won't be able to open a .txt file without some kind of authentication check.
No thanks. I'm happy to avoid every single age-check required service.
Account is created? Who said were making accounts for our operating systems
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established.
It's so fucking obvious the people who wrote this have no idea other operating systems than iOS, Windows and Android exist.
Apple already has iCloud age settings
Why can’t we just have better parental controls? I’m a parent and I do want to protect my kids but I will not upload a photo or anything else.
This is getting ridiculous.
Linux is the only reasonable choice anymore.
Linux won't be legal in Colorado if they pass this. You'll need an account with some age-policing, ID-reporting corporation to be able to use a computing device.
How do they imagine they could enforce this though? Presumably quite selectively, based on the user's political leanings.
What is in the actual bill? I haven't read any of this but if it was just a year of birth box at local signup then this could actually be pretty good. A sort of halfway between local only parental controls & age-policing, ID-reporting corporations.
https://leg.colorado.gov/bills/SB26-051
Here's a summary, but the text of the actual bill can be gotten by clicking on "Recent Bill (PDF)"
Presumably quite selectively, based on the user’s political leanings.
Not defend Democrats too much here, but they clearly have far less of a habit of doling out enforcement based on political leanings than the Republicans, even if they do enforce things quite selectively when it comes to actual leftists while letting Nazis run around with seeming impunity.
Colorado has been a solidly Blue state since the end of the W. Bush years, and even then, it was pretty split down the middle with just over half of the votes going to Bush. It's honestly been mostly-Blue-dominated since 1992. (Lauren Boebert notwithstanding)
Further, the two main sponsors of the bill are both Democrats. This genuinely seems to me to be another example of "heart in the right place but don't know what the fuck they're actually doing" which seems common for the tech illiterate and often for Democrats in general.
Once again, not saying Democrats aren't guilty of selective enforcement, just pointing out that they're far less likely to do so (or at least less likely to do so against conservatives, for genuine leftists it seems up for debate).
Now, that also means nothing in context to how other politicians can use this kind of legislation negatively, even if the writers and sponsors truly have the best of intentions. Democrats had the best intentions when it came to the PATRIOT Act and the creation of the Department of Homeland Security as well, and way back then folks like me were saying "this seems pretty dangerous, especially if we ever have a despot take control of the country and the levers for these tools" which clearly has come to pass.
Democrats had the best intentions when it came to the PATRIOT Act and the creation of the Department of Homeland Security as well,
How do you know what their intentions were?
Well, not all of them, obviously. Yet, for example, I tend to think Joe Biden actually did have good intentions considering the bulk of the PATRIOT Act was based on his prior legislation in the 90s, his Omnibus Counterterrorism Act. It's worth noting this was in response to a wave of US homegrown right-wing white nationalist radicalism and terrorism in the 1990's such as Waco and Ruby Ridge. The Oklahoma City Bombing would happen a month after this bill first appeared. Considering the shitstorm we're in regarding virulent white nationalist terrorism, I kind of think back when he first wrote it that it wasn't such a bad idea.
People who were more clearly war hawks like Hillary Clinton? Probably a lot less likely to have had great intentions.
Yet others, like Ron Wyden, who has been a consistent critic of the out of control national security state and voted against military intervention in Iraq in 2002 also voted for the PATRIOT Act. He also spent a great deal of time trying to amend the PATRIOT Act as well.
And as much as Democrats drink from the same well of corporate funding as Republicans, I wouldn't say the majority of the party is outright evil or don't care what happens to their constituents. Schumer obviously doesn't give a fuck, but I also don't think he's actually representative of the party as a whole as much as he just has power in a party that puts seniority over merit in intraparty politics.
It's easy to forget how much shock and terror 9/11 really did put into people which colored how quickly they foolishly signed off on the PATRIOT Act.
The left was saying that the PATRIOT Act was a bad idea from day one, just like we were with the Iraq War. People keep ignoring the left (or dismiss us as paranoid) and we keep getting proven right over and over and over again.
No shit, I was one of those people. I just don't ascribe to malice what can adequately be explained by stupidity, being out of touch, and not thinking through long-term political consequences. Once again, the Omnibus Counterterrorism Act was largely in response to white nationalist home-grown terrorism, which not having squashed that in the 90s is literally part of why we have the problems we have to day with a white nationalist government. Still didn't make it great, but I have a lot more sympathy for its origins in that era.
Are they going to check people's PCs at the state borders as they move in then?
"OPERATING SYSTEM PROVIDER" MEANS A PERSON THAT DEVELOPS, LICENSES, OR CONTROLS THE OPERATING SYSTEM SOFTWARE ON A DEVICE.
great, for my devices then, that would be me
Age verification is identity verification.
For fuck's sake.
What are parental controls?
Ok but isn’t that just this?
Declared Age Range / AgeRangeService - iOS
Use Play Age Signals API - Android
Goodbye tech ownership in Colorado if this passes. We're moving one step closer to the government issuing out thin clients that only they control.
Not the OS.
The OS "provider"
Linus Torvalds ain't gonna check my ID. And i don't want him to, either.
Everyone was born at 00:00:00 UTC on 1 January 1970
Just think: Without legislation like this, kids will be able to see people having sex! Thus, ending their lives. Not so different from staring into the eyes of Medusa!
The amount of children exposed to sex that have died—or suffered worse consequences like early onset conservatism—may have been zero so far but the dangers are clear! We must skip right over parental involvement in child rearing and go straight to the source of the problem: Computers.
Computers have been giving everyone access to too much information for too long! We must restrict it! The first step is to get an implementation that actually works to censor information—to save the children (wink wink)—then later, we will have the tools necessary to censor whatever we want!
When glorious dictator decides that information about trans-genic mice must be erased from the Internet, we shall have the power to do so!
We must protect little Billy from seeing tits, so he can keep laser focus on preparing for the next school shooting.
GOTEM! THIS IS ALL ABOUT POWER & CONTROL, AND THESE PEOPLE WANT TO COVER THEIR ASSES TOO!
This goes in a better direction than web sites doing it themselves, I think. The government put out an open source tool that runs locally and the browser just gets a yay/nay return code from it.
On paper, I like this solution better than every app/site developer having to hack together (or outsource) their own age verification system. But I'm sure it opens up a ton of potential problems. And if it's open source, someone could just fork it and make a version that always says "yes" so unfortunately it'll never be FOSS.
It wouldn't even work on paper. All it would take to twist this into something dystopian is requiring cryptogtaphic attestation for the age range, and knowing lawmakers, they would justify it as a countermeasure for kids lying about their age. Expand the feature as a web API so websites can use the "easier" and "more secure" system-level age verification process and—oh look, now we can't use important websites without a commercial operating system.
It would be like Secure Boot but worse. At least with that you can turn it off or enroll your own keys.
