Politicians will do any draconian measure to help kids except try and improve the lives of their parents so that they can actually dedicate time to parenting. Making it slightly harder to access the internet fixes nothing. What if instead of having the largest prison population in the world our government supported communities that make raising good children possible? Our society needs to lose this urge to diagnose each other and provide some forceful treatment and instead set sights on providing the pre-conditions for everyone to prosper and lead their version of a fulfilling life. Only then will we have functional, healthy children. I quite like what the mayor of Baltimore has been doing to revitalize his city and it seems to be leading to actual change there if you want a good example: https://m.youtube.com/watch?v=XQs59YY-e2I&pp=ygUXY2hhbm5lbCA...
well, and this bill literally only makes you prove age to ... set up the device.
how are we in 2026 and phones dont have guest mode or "i handed it to my kid mode"
apple's guided access is a terrible 1% solution to the problem. in one click i should be able to put my phone into some kind of locked down mode that exposes only what is allowed, starting with nothing unless whitelisted, with multiple profiles.
in the same sense, all the streaming services having their own separate kids profiles, instead of the streaming device having a single kids mode that exposes only the kids mode content from each app makes kids mode useless when a kid can just change the app, or gets stick into a single provider and i have to go help them switch.
> Politicians will do any draconian measure to help kids except [...]
They are covering for and not prosecuting perpetrators in the biggest child trafficking and abuse scandal in recent memory -- the Epstein case. Let us do away with even a surface-level pretense that they care about kids at all.
> Politicians will do any draconian measure to help kids except try and improve the lives of their parents so that they can actually dedicate time to parenting.
Because in their eyes your children are not your children. You are simply a custodian of their future work force asset. If you educate your children too much into individualism, they (today’s politicians) may see a diminished return of whatever they want to achieve.
And if you don’t agree with me on an emotional level, well, just remember the words of Elon Musk (paraphrasing): we need people to have children because we need to have workforce in the future. Translation: we need people to have children because who will work for us and makes tons of money.
If you have it too good, you aren’t dependent on them, you have all the carrots. They have no stick. They want to have the stick.
IF it were for the kids - but I don't think it is.
> Making it slightly harder to access the internet fixes nothing.
This assumes it is about the children. But if you do not think so
then it opens up new alternatives suddenly, be it from tracking
people, to targeted ads or any other information that could be
gathered and eventually either monetized or put in tandem with
other information. We'd get age graphs that way too.
Before that we could speculate to some extent, but with mandatory
age sniffing and id-showing at all times, those who track people
and benefit from it, benefit now even more.
Agreed. I’m sure some house members will vote for it because they only had a random staffer read the bill and heard that it gives them a good talking point in the next election. I just wanted to point out what’s maybe obvious to everyone that this won’t help kids. I’m sure this is being pushed by Meta/whatever other ad dependent business wants to pass off liability of verifying age with the added benefit to everyone in power that it’s easier to track everyone as a result.
Based on the few snippets quoted in the article, I think as written this bill gets closer to a good, privacy-preserving, non-authoritarian version of "age verification" than any of the attempts so far. What it seems to be aiming for is essentially mandatory parental controls at the OS level. No ID checking or government/third party involvement, it just uses whatever age the parents enter when they set up the device/user account for their kid. And apps don't actually get that info so there's very little privacy impact, just exposing an API that would allow apps/websites to query "is this user underage?" seems like it would satisfy the law as written.
The only remaining issue I see here is that I think the law may be a bit too heavy handed in how it tries to legislate this system into existence. Trying to tell Bob Hacker writing an OS in his basement what features his code has to include feels a little too authoritarian for my tastes. Probably there are some economic or regulatory levers that could be pulled instead to ensure this system gains mainstream adoption without criminalizing ordinary software development.
Again though, I didn't read the whole bill, just the article, so I could be wrong here on some of the details.
1. The text implies software should get access to your date of birth, rather than talking about age groups. If it becomes the case that websites can get your precise date of birth, this will be the ultimate fingerprinting vector that will put the fight for online privacy dead in the water.
2. The text talks about "verifying" dates of birth. This can only imply the involvement of face scanning or ID checking and third parties.
3. The text itself is very vague about details such as verifying, because it leaves many details entirely to the FTC, which recently announced they will stop enforcing privacy protections under COPPA for companies violating it to perform age verification of children[0]. So you can fully expect that if we are putting computing entirely in the hands of the current commission we will be probably screwed.
The text itself is less than 4 pages. I recommend reading it for yourself[1].
Agreed. Weirdly many people are against. This really seems like the best possible option. Actually helps parents as without this there is no way to enforce kid age. So instead of having it all per account and everything linked in most privacy invading way, just your OS tells the apps/browser whatever was set in there by the parent. I want this now!
Exactly. People often forget that Congress can only exercise a limited domain of enumerated powers. The big one is regulating Interstate Commerce, which is already huge because of how interconnected the country is today, and is even bigger because of creative stretching of its reach (did you know that the Civil Right's Act's ban on discrimination by businesses is within Congress's Interstate Commerce power, because somebody might patronize your business from out of state?).
Anyway, I suspect Bob Hacker has a strong case that such a law as applied to himself would be beyond the scope of Interstate Commerce. Until he tries to sell or make his OS widely available, at least.
Given how broadly the commerce clause has been interpreted I don't think we can rely on that to save us here. Criminalizing Bob publishing his OS on GitHub is still too authoritarian for my liking.
Just off the top of my head, something like "physical hardware with web access sold in the US without an ID check at the checkout counter must include this feature in its preinstalled OS" would be a better way to write the law in my opinion. Plenty of ways around it if you're a hobbyist or for some reason really don't want to comply, but a big enough hassle that all the major commercial OS providers would probably find it easiest to just include the feature. (Especially since this is a feature most parents would probably appreciate anyway.)
No, the information flow and point of decision making are completely backwards as the bill was written by Facebook/Meta purely to absolve themselves of liability and foist it into others, including parents themselves!
The right way to facilitate parental controls with legislation is to put a requirement on service providers [over a certain number of users] to publish well-known tags stating the age suitability of their site/app/pages. Then put a requirement on mass-market device manufacturers [over a certain size] to include parental control software that can filter based on these tags. When parental controls are enabled on a device, any site/app without tags "fails closed" and doesn't display - meaning the open web and open devices continue to coexist with the tag system.
The key parts 1. the information signals flow the correct way, from the company with a well-known identity to the end-users' device where it can be acted upon per the device owner's desires 2. the legal liability lands in the right place - tags signify legally-significant representation of content and 3. the long tail of small-scale websites and devices are completely unaffected
This would also leave the makers of parental control software (bundled with device or third-party aftermarket) free to implement additional features that parents desire (eg block social media, even if the site says it's fine for <18), rather than leaving those decisions entirely in the hands of corporate lawyers (as this bill does, because once again it was written by Facebook/Meta).
It's always the same pattern. There is no way to protect the children while also preserving freedom. The rationale behind it is irrelevant. For this to work everything would have to be locked down right?
This is not in the interest of the people nor any children.
Listen, I would actually be willing to support something like this, but Jesus Christ when will we put somebody in congress with a CS background who can literally just chime in and say "use Zero Knowledge Proofs for this, people might actually buy that you're not just building a surveillance state."
> when will we put somebody in congress with a CS background who can literally just chime in and say "use Zero Knowledge Proofs for this, people might actually buy that you're not just building a surveillance state."
Well that would be counter-productive to actually building a surveillance state.
there is a significant population in management, court and law enforcement that does support state-mandated registration using full profile ID for using public infrastructure. It was on the railroad system in the USA, and was part of the profound shift to individual cars.
I'm glad I got to see the era where the internet was useful and exciting. I feel like every major change since about 2010 has pushed it more toward blandness and made it less useful.
This will be a big one. They're building the groundwork for a world-wide dystopia.
Come join us on what I will call the “scatternet”, the globally distributed, offline-first, async network full of all the things that made the old Internet great.
Save a few ISOs of still-free OSes and hoard a few extra cheap computers. (You might also want to get a 10Mhz capable radio.)
For sporadic medium-long distance communication over packet radio. 10MHz isn’t too crowded and can be easily used for regional communications (and occasionally long distance) via atmospheric bounce. It also works well at low power and the antenna is shorter than other long distance modes like the longer wave HF bands (20m+).
Sending data by radio is messy, slow, and generally disappointing. Start your journey by reading up on the Aloha system https://en.wikipedia.org/wiki/ALOHAnet.
I always felt this moment would come eventually. The trend is centralisation of power and control. It's depressing. It's been a long time coming at a slow but consistent cadence.
> The term “operating system” means software that supports the basic functions of a computer, mobile device, or any other general purpose computing device.
> The term “operating system provider” means a person that develops, licenses, or controls the operating system on a computer, mobile device, or any other general purpose computing device.
So excited to see the GNU vs. Linux debate finally land in court.
[Edit: Never mind, others have explained elsewhere in the discussion. It's the lawsuits Facebook is losing for addicting kids. So rather than, you know, stopping doing that, they want to instead legally force us to alter every OS on the planet. Disgusting.]
Just answering with a possibility here, but they could be seeking freedom from liability for failure to moderate content or ensuring their service is "not harmful". If it's only for consenting adults, and every adult can be pinned down with an identity, whatever happens can have the blame assigned away from meta.
This will be perfect for those washing machine manufacturers! It will permanently pair itself to your passport with e-fuses, so that if you ever try to resell your old washing machine on the secondary market, it'll be worthless unless you also sell the buyer your passport
No worries, by that time so many people will have lost their jobs because of AI that you can hire a homeless person to register all your devices for a snickers. Dirty Mike and the Boys are going to own a lot of mobile devices, and control the world trade of snickers.
I got a house with a 25-year roof, an indestructible Japanese shitbox car I can repair myself from scrap if I have to, and enough in the bank at three to five percent to pay my taxes, all of my hobbies, eating steak every day if I wanted and my share of the universal multi-payer health care system in my country.
That puts me for the rest of my life at a level of fuck you.
And if the system breaks down, I’m just going to hunt and eat you.
How big do you think your chance of survival is meeting someone hungry who spent over a decade in war and conflict zones and is still here?
I’m more concerned about the future for your sake than for mine.
Social score is for communists and autocratic regimes, minton. I live in a democra…
Wait, 27% for the right-wing extremists in Germany?
The strongest party if there were elections today?
Some of them publicly state they are the friendly faces of facism?
I will send your administration a request to put your statue on top of the Arc de Trump. If they can pay 400 million for a ballroom, they can spend one for a diamond statue of the man that saved a lot of American lives today.
True heroes don’t always wear capes. Sometimes they have butcher knife’s.
> It leaves open to interpretation if it applies to all computers, or just general purpose ones.
That's not even the worst part:
> a person that develops, licenses, or controls the operating system
Suppose you write a generic piece of code that some third party then includes in an operating system, but you're the only relevant person in the jurisdiction. Are you now an "operating system provider"? If the "operating system" is made by hundreds of people or more, is it none of them or all of them or what?
Suppose you're a company and you've got a bunch of servers, which are computers, and you have root on them, i.e. you "control" the "operating system".
IMHO, the law tries to target the last entity which has practical control over the OS design and implementation aka the final developer/integrator.
For example in the Linux world, it's the distributions.
Where it gets murky is with Android (and to a lesser extent Windows).
IMHO, the entities which should be responsible are Google and Microsoft.
But since vendors, specially in the Android world, can heavily tweak the OS, there is a case that it's more the device manufacturers like Samsung which are responsible.
The relevant interpretation in practice will usually happen naturally, and the most ambiguous stuff will be set by jurisprudence if necessary.
If this legislation becomes law, it will be interesting to see how the Linux hacker community reacts. Laws are virtually meaningless if there is no practical way to enforce them and if there are enough people who oppose them. Just take a look at the history of file sharing over the past three decades. For this new law to prevent the proliferation of Linux distros that are not in compliance with age verification requirements, there would need to be very powerful enforcement mechanisms, including criminal prosecution. Even then, it's difficult to see how severe criminal penalties and/or civil liabilities could stop hackers from building and distributing illicit versions of Linux. It's just basic economics; demand creates supply. Linux moves into the black market with new distros of Clandestine-OS.
Do we know who is funding this? is this one of these things where Meta doesn't want the responsibility for this, so they are pushing to have the OS have the responsibility or something like that?
They also added this page since I posted that comment: https://web.archive.org/web/20260411112604/https://tboteproj... where they claim their website is "under surveillance" because it got a few thousand requests from Google Cloud et al, most of them to a single page. This really shows how low their standards are.
I share your wariness of the LLM garbage, but I believe the conclusions are correct. This has Facebook's stink all over it. I worked there and know of what I speak.
So we should believe the hallucinations because they sound like something that could be true? Does the LLM in the middle somehow makes it more trustworthy than if GP had just shared their own pattern-matching conjecture?
No. I think LLMs are garbage. Separately, and unrelated: I think Facebook is behind these bills. The LLM may be garbage and still sometimes produce a correct result.
Yes, it would be nice to know with certainty who is behind these bills. It sucks how much opaque money influences American politics.
Josh Gottheimer's press release[1] on HR8250 mentions the "Meta Parents Network." I don't know what that is, but it does have "Meta" in the name.
Buffy Wick's noise about AB1043 claimed it was passed with the support of tech companies. I have spoken directly to one person close to AB1043 who told me Facebook argued against AB1043. I have doubts. But if true, I suspect they were not arguing in good faith and had ulterior motives.
In the end, no matter who is secretly lobbying for or against age verification bills all over the planet, the bills are terrible, and we should fight them.
I was relieved to hear it was an emotionless mega-corporation catalyzing this, and not a sudden competence of evil bureaucracies in the USA and Europe.
> is this one of these things where Meta doesn't want the responsibility for this
Very likely, given the legal liability they are already facing from the "addictive" court cases that are turning against them. Moving the liability for "age verification" away means they will not also be facing a huge number of court cases accusing them of showing an underage person adult age content provided they followed the law's proscribed "ask the OS for the user's age" requirements.
Also, note that only a few months ago Zuckerberg was in court testifying that the single best place to perform "age verification" was in the operating system of a device. Now, like mushrooms after a long rain, at roughly the same time up pop bills in nearly every statehouse, Congress, even Brazil, that all read nearly identically and that all are so broad as to require "the OS in anything with a CPU do age verification". The nearly identical text in each highly implies a single lobbying entity is behind all of them (it would be quite the coincidence that 50 state houses, plus Congress and Brazil, all write nearly identical bills independently). And the connection back to Zuck's court testimony of "age verification is best done in the OS" highly implies that the single lobbying entity is Meta, or funded by Meta to obtain this outcome.
If something is codified in law, they can comply with the law fully, and yet not have any real backlash from users. This can also shield them from many lawsuits. Conversely, if they start ratcheting down age-verification on their own, users will become quite upset. If they don't ratchet it down, then... as you can see, potential lawsuit.
And this isn't just about LLMs, once the concept of "a platform is liable for harm" happens, it's about everything. Including content other people slap into an app store. And the US has been talking about section 230 removal, countries around the world are reducing such exclusions, so the wind is blowing towards even more liability for platforms.
If you look at Google's recent moves to identify all developers prior to install on Android, there may even be some of this in that. How can they ban someone from publishing illegal material, or material Google will be liable for, if they don't even know who the publisher is? They'll just slide into a new account.
(Note, I said "some" not "all", there is often not just one reason for an action)
So I suspect that the push is from all online platforms of any size or scope. It will shield them, protect them from liability, whist at the same time redirecting user ire at the legislation, not them. HN types might still brood, but the average person won't have insight. "Protect the children" as a reason works for the average person, it works very very well, and really, that's what a lot of these lawsuits are about.
So I point back to such lawsuits as the start of all of this. And I see it as why there is a push from Apple, Google, Meta and so on. And simply because I'm saying "big corp wants this, not just Meta", doesn't mean I'm saying "Meta isn't doing anything".
Meta can be pushing this, hard, whilst at the same time every other large corp can be working towards the same outcome.
Facebook. There's a wave of child endangerment lawsuits incoming and they want to head that off at the pass by having governments shift all that liability over to the OS vendors.
Microsoft just force-updated my operating system (despite declining every option and prompt) and the first thing I noticed working differently was it offering, in an OS popup, to "connect" the computer to "Facebook".
These people have root access to all our webcams.
I don't think we can tolerate these entities to continue to exist.
What can we do about it? The major tech firms have nearly all the power here, including quite obviously full capture of government (not just here but other countries as well).
Basically a mass-protest via network packets. Could we argue sending packets to a server is essentially a form of protest protected by speech similar to a public gathering?
How does that help Facebook? They already have plenty of signals to guess their users' age, what would they do with an other one? They are not going to ban children anyway.
The OS should start labeling everybody as a child by default. Forbid Facebook to show ads and any harming content by default. The OS has little less to lose with this approach than FB.
FB etc. may argue "device says this user is an adult", even though device may say that only because the parents don't set up separate user accounts e.g. shared family iPad, or because the kids being more tech savvy in the first place like we all were when I myself was a kid.
Every one of these age assurance laws basically says:
1. The OS vendor must provide an age bucket using the minimum amount of data necessary
2. App vendors (i.e. Facebook) must use the OS vendor's age buckets to determine age
The idea is that the next time Facebook gets hit with a child endangerment lawsuit, they can say "Well, we used the age buckets the government told us to, and they said the plaintiff was 18+, so we're not liable".
This, of course, assumes that most social media and Internet regulation will continue being targeted at children only, both because courts are reluctant to enforce 1A on laws that censor children[0] and because the current political class actually benefits from the harms Facebook does to adults. Like, a good chunk of government surveillance is just buying data from Google and Facebook.
[0] The root password to the US constitution is "th1nk0fth3cHIldren!!1" after all
It must be OS responsibility because that’s the only place that allows the next step.
Everyone is so concerned with kids pretending to be adults, what about adults pretending to be kids? Any service that has any kind of private chat or picture sharing option will be a playground for “verified” kids.
Next step, “we must go further with the verifications until everyone is verified everywhere”. This is where the OS part comes in. Wish it was sarcasm.
MS is ratcheting up the 'mandatory Microsoft account' on Windows, probably for this reason. The 'identity strongly bound with the device' stuff on corporate devices is being tested and secured in that environment, and it is almost certainly one step from being forced onto non-corporate devices, once they 'have to' by law.
> Republicans may not like porn, but they put the onus where it belongs, on the operator, not on the OS.
While that might be true, I can't agree with the implication that this is better in any way. Having the onus on the operator forces you to have to send some form of verification out to all such operators you want to visit and they have repeatedly shown they are NOT capable of securely and privately handling that information.
The federal one was introduced by Democrat Josh Gottheimer (D-NJ) and cosponsored by Republican Elise Stefanik (R-NY). This push is extremely bipartisan.
The difference isn't really in the politicians, it's in the base, and how they will react to acts like this. Democrat voters will shame them, endlessly. They may not have alternatives to vote for, but they won't change their opinion to match whatever dweeb they were forced to vote for. Republican voters will always be on board with whatever they're told to be on board with.
Much of the USA accepts "gun deaths" as an unfortunate but acceptable price that must be paid for the widespread freedom to own guns.
When those same people are hysterical about Protecting The Children, you should understand that "protecting the children" is a distraction from whatever the actual intent may be.
The general public is thoughtless, and there's little reason to think the decision-makers are much more thoughtful, but Protecting The Children is merely this age's Trojan Horse.
I look forward to having to age verify the dbus and chrony and root accounts on every linux-based "smart" device in the future. That should be fun.
Will my children be able to use my smart oven/thermostat after I verify I'm 18+ on those devices?
I also wonder what verification will look like for containers and and VMs that might have a short life. Maybe that's how we keep IT jobs for a little while longer? Human age verification on every local account every time a container or VM is spun up.
This is tiring. The text is so vague, and if a big country adopts it software companies will comply, and there's no reason to why smaller ones wouldn't, since 'the work is already done'.
I wonder if it would be illegal for an user to use an outdated system without those functions when they roll out, or to use outdated applications, or to distribute outdated applications, or to keep mirrors of multiple versions of operating systems. I doubt they thought that far, or if they care at all.
> Vendors shouldn't sell unlocked devices to kids.
This part is neither necessary nor sufficient.
Put aside the Orwellian premise of "devices are locked by default". People keep making the analogy to things like cigarettes, but if a kid wants a steady supply of cigarettes then they need a steady supplier. If they want an "unlocked device" they just need money and Craigslist, once. It doesn't matter what you make Walmart do and it correspondingly doesn't make any sense to involve them.
If your kids have enough unsupervised money to buy electronics then you're either fine with them being unsupervised or you already have bigger problems than a used laptop.
Kids having $20-30 means you're fine with them being unsupervised? Computers and smartphones are incredibly cheap.
In person, we expect stores won't sell cigarettes to kids. We should simply expect companies won't provide age restricted services to kids. The liability and requirements should be on those companies.
If they're able to get a burner phone unsupervised then I think they could also pay an adult to do the face scan for them or borrow your ID from your purse to authenticate an account. What level of security would you need to totally prevent that kind of thing? Unless it checks your age every time you log in with biometrics I don't see it.
(Of course adding any level of friction will deter some kids, but needing to get a whole new device other than the one their parents gave them is already a lot of friction, isn't it?)
We could e.g. try saying it's sufficient that the user makes ongoing credit cards payments as a proof of age. Or sure maybe you need to verify with every purchase, which is how e.g. alcohol works.
Don't currently take payments for your business model? Probably what you're doing is anticompetitive and we shouldn't allow it anyway.
I'm not seeing how that affects my framing. Yes, it is more difficult. That sounds like a problem for businesses that want to offer restricted services online, and we should ensure it stays their problem, not everyone else's.
What for?
I use family link for my kids devices. It works good enough.
Everything else seems way too intrusive.
Apple is horrible in this regard. Their solutions never really work.
A joint venture for an (optional) cross-platform family app would be more than enough.
This, plus a (voluntary) content rating that's offered via an API (could even be simple meta data on a webpage).
Done.
the major players need to allow me to elect one of them as my family manager, and control permissions across ecosystems, from my management portal. i should be able to freely swap apple, google, microsoft, facebook, or a startup as my management and permissions tool.
instead I have a disparate management account and portal for every service on the planet. roblox, fortnite, facebook all want to appear to "make it easy" as if they hold the delusional belief that their management portal is the only one I have to manage. then add a spouse that also wants to change or tinker a setting.
if any law is going to get passed: it should be that any company over a certain size, who adds parental controls, needs to expose them externally to 3rd party management software.
Sounds like a problem. Luckily it turns out my phone has two cameras and a laser dot projector pointed at my face right now. Not hard to imagine a future solution to this issue were we to pass this legislation, sadly…
Longer answer: In the UK, Apple already implements age "verification" at the OS level, starting with IOS/IPadOS 26.4. If Apple had not implemented this, it would still be in compliance with UK law. Apple is anticipatorily obedient.
A company like Apple has visibility of the legislative pipeline in its markets. Looks like the UK was a test bed.
Lots of OECD countries, all at the same time, are pushing for online age verification or OS-level age verification, both equally intrusive and implemented in privacy-violating ways by conflating identity verification and age verification.
The end result is not protecttion of minors, but abolishing anonymity on the Internet. Social media companies claim to want the former, but in reality just want to shift liability to OS and device vendors. Governments happily accept the "side effect" of being able to find and root out dissidents.
Firstly, you keep using that word; I do not think it means what you think it means.
On the Internet, especially forums such as HN, you are "pseudonymous". That is, you made up a name for yourself, and that's how you're known to others. At the very least, we are all identified by IP addresses, which are again, fairly stable and unique pseudonyms. There are nearly zero truly anonymous corners of the Internet, because anonymous communications are chaotic and anarchic.
Secondly, it was the NSF who mandated that everyone accessing the Internet must have an associated and authenticated account with an identity that is known to their provider. These rules went into effect in the early 1990s. Perhaps they have been discarded or observed only in the breach, but truly, nobody is a stranger on the Internet. Even if nobody knows you're not a dog, your ISP or your coffeehouse still know who you are, when you connected, what device and so forth.
So, please let us stop pretending there is "anonymity" here, or that there ever has been. Whatever you've done in the past, it will eventually be unmasked. Yes, people on Discord and Wikipedia alike are freaking out over this prospect, but it was always going to happen. We've been laying down a very permanent record for over 50 years. Eventually it will all be correlated with real identities, Facebook or not.
there is no anonymity on the internet. the sum of your devices characteristics are close to unique anyway (i could be wrong but i think this is accurate). which kind of supports the hypothesis that this is about shifting responsibility for age verification due to laws coming from other countries recently. i have no idea how this will work on linux, it probably wont.
I read the bill and I feel like it's missing any technical details. It's almost like they read my suggestion [1] but then left some parts out. The technical parts. As I read it one can just enter whatever name, age and other details in the setup of a computer they desire. It's missing any checks for a header on the server to detect adult content labels. What am I missing? What forces me to enter my real information? Are operating system developers going to be granted access to the DMV databases? Or forced to use some third party that scratched the back of some politicians? If I block connectivity to this will I not be able to log in? If someone performs a successful DDoS to the site will I not be able to log in? It feels like several pages of the bill are missing. How does the OS know it is visiting an adult site?
The site "reclaimthenet" calls it age "verification", but it's not a "verification" at all. There's your mystery.
All the bill wants is that you can set up an iPhone for kids, an children account on Ubuntu (YOU decide whether it's a children's account) and then, presumably, the browser vendors implement an AgeAPI that allows website operators to query the user age.
Your device tells us you're 10 years old. Access to Instagram denied.
Your device tells us you're 16. You're not allowed to visit gambling-porn-and-industrial-accidents.org
It's, of course, exactly the opposite of the "identity-tied age verification government-control, ID-document-leak" dystopia that the scare crowds here are peddling. But you'll never hear a word of acknowledgement from them.
These people act as if those "I'm 13 or older, i can create an Instagram account and waste my life" or "I'm 18 or older, let me watch porn and strangle my girlfriend" buttons are the peak of civilization.
Ah, well that's at least half of what I suggested. Telling the site the age seems leaky to me, I would still prefer the apps check for the RTA header so all decisions stay on the device and not leak anything. Curious where it goes from here but based on your reply it does not seem quite as bad as I imagined. Thankyou for the clarification. I imagine eBPF or MAC rules could be used to block this.
Government should like the RTA header as they can fine sites daily that are missing it. Lobbyists could push companies that do the header checks.
They have dropped all the decision making for the details in the lap of the politically controlled FTC. Which also means that future FTCs could change the rules based on political goals.
So this bill creates a commission to ensure that the information cannot be stolen or breached from operating systems, but says nothing about how the applications querying this information must protect or leverage it. I basically requires that any application get to know a user's birthday, as long as it's "necessary". What a fucking joke! I'm so sick and tired of this bullshit.
Edit: Oh, and the commission gets to make up the rules on how ages should be verified. So, prepare for a whole other level of PII leakage that isn't even captured by the text of the bill.
I've been trying to download media for a while now. I don't have a huge collection; most media is not actually very good. But, the internet soon will just be an awful conglomeration of cable TV / a big shitty mall / a horrible outrage & propaganda machine. It's already most of the way there. Either destroyed from within by bots, data brokers and corporations, or destroyed from without by government, surveillance, and regulation. I recommend you start treating the internet like a mall; it's not some place you'd actually like to go. You get in, get what you need, and get out. Some people will will disagree with the analogy on the grounds that they _like_ going to malls. Well, good news, the new internet might be for you.
I mainly post in Usenet and IRC, and download PD movies (seriously) and books. I don't pirate any more because even current pirated media it's somehow a free advertisement for these people.
From Gutenberg, PD comics from the golden era -and pulp scifi-, noir movies, old weird science/fantasy series in B/W and whatnot, I'm pretty much covered. Ironically most current scifi media can be traced to...Bradbury novels, PKD's paranoia and some Weird Science comics.
Once 1984 gets into PD, that's it. It is in Canada, but you can
read it online as long as you don't download or share it:
There’s a version of this I could support:
- pre-specified age gates baked into the protocol (perhaps just 13 and 18).
- account admins on a device get to specify which bracket is associated with the account
- an api that allows sites to query whether the current user’s account is above one of the thresholds
Leaks pretty minimal PII (the user is between 13 and 18 would be the tightest identifier obtainable with the above gates). But still allows for age gating some content without relying on self-reported age.
Am I optimistic the actual solution won’t be more invasive? Sadly no…
This is so dumb. There are 100 other ways to protect children that would be more effective than this. Not only will this approach not actually protect children, this will violate the privacy of billions of people. It will introduce identity theft at mass scale (good luck solving that on short notice) and it will make activist/journalists/military/political opposition vulnerable. Perhaps this is the purpose. Who would benefit from such a scenario...mmm?
As a parent this is perfect. I am baffled why this is not a standard yet. So setting an account age in Netflix works but the child can access anything. Make new accounts even. So I have to block half the internet. Somehow. On a shared computer. And all companies would have to get your ID and track that. It's crazy.
This compromises 0 privacy until it requires an ID. EU solution actually does and only supports specific devices.
Age verification inherently means identity verification. There's no way to prove your age without first proving that you are YOU, either by showing your face or authenticating with some third party authority, usually government or a corporation.
The idea that you should be locked out of using your own computer until you do this is utterly insane. What problem does it solve that existing parental control tools don't? A generation of parents already trust their babies with iPads for this reason. And what of the millions of Americans who don't have current ID?
They should mandate age verification from the other direction- make serving certain content to children a liability. They'll quickly figure out how to verify age all by themselves. No need to legislate implementation details.
Salvage old free as in freedom distros. Learn about i2pd and tunneling Usenet/IRC and Email (even cool online Nethack/Wesnoth/FreeCiv gameplays over it, any turn based libre game will work).
There are some Usenet servers (text content only, no binaries, all illegal crap it's cut down by design) listening under I2P servers. By design enforcing any cross-pond law it's impossible.
Learn about NNCP in order to tunnel messages over it, really useful for asynchronous connections such as Email and Usenet: https://nncpgo.org
Also, learn connect to a Pubnix and to use Usenet/IRC/Email/Mastodon services (tut it's a TUI Mastodon client) from remote servers. Make their own law obsolete across the world. Learn Mutt and GPG too, it's about 20 minutes of your life and for basic email a simple text editor like Nano, Mg or Mcedit would suffice to compose an email.
Try free Biltbee servers over IRC too, these can be connected even from DOS IRC clients in order to connect to modern services such as Jabber, Steam chat and even discord (join the &bitlbee channel once you connected ot a public Bitlbee server, there are several, and type down 'plugins' to get the available chat systems in that service) and thus any age bullshit for FreeDOS it's by design unenforceable without breaking network drivers and TCP/IP stacks as TSR's and whatnot. Ditto for old Amiga, RiscOS and such old releases which are unsupported. And banning retro computing would make the several civil right unions sue the state (and the judges) like crazy for huge amounts of money. Even META too as being the main lobby instigator.
With the dawn of this bill I am finally building out my airgapped network.
I’ll be passing messages to and from the former internet using NNCP bundles. I’m planning to work on some interesting solutions for async communications over Nostr, with some alternate paths through radio for emergencies. Finally looking into steganography as well.
I hope Josh Gottheimer will get a lot of money for his work there.
I also remember a few weeks ago, people such as Poettering and others
said this is all harmless, nothing bad would ever possibly happen.
Lo and behold, now it is the new mandatory law. All people will soon
have to go for age sniffing, in order to access information. Linux
is only for the Underground now.
I wish there were a way to fire lobbyists. There is no feedback loop, they can be as bad as they want and never suffer a minute for taking away peoples rights.
I can already smell the exceptions - some companies will be exempted from these restrictions due to "national security implications", or, more realistically, "we distracted the President with a golden gewgaw and a bribe".
We still have to provide a way for people that don’t have (smart) phones, but I would absolutely implement asking the phone instead of a 3rd party when available.
We don’t gain anything from asking a 3rd party. In fact it costs money per request.
All this fake good intent to prevent another TikTok which was the only media which transmited the reality on the ground during the Gaza genocide. And its aftermath in the youth mind and in the University campuses.
Fascists and industrialists have to take control, again, of the minds.
(See oligarchy's appetite for social and media companies)
It is just crazy how much of a tech billionaire centric the US government is, they can come up with Thanos' idea of wiping out 50% of the population and politicians would do it as long as Zuckerberg or anyone else in the techno bubble asked for it.
> they can come up with Thanos' idea of wiping out 50% of the population and politicians would do it as long as Zuckerberg or anyone else in the techno bubble asked for it.
Stay tuned. With mass unemployment/underemployment there’s gonna a be a lot of “extra” people.
Glad to see that Elise Stefanik came out of fucking hiding in NY-21 to dump this stupid "parents decide" bill on us when she couldn't even be assed to help her constituents over the past several months when one of the main hospitals in her district is bankrupt and closing.
Last time we saw her anywhere near here was her "farewell tour" when she was supposed to go be Trump's UN stooge. Haven't seen her up here since.
Glad to know we get to die up here for on-device age verification for everyone else.
In short: you seem to want the Internet to parent your child. I have kids and do not want any of this for them, because all of it is a slippery slope to falling deeper into the surveillance state.
As a parent: do your job and take responsibility for your kids. While it's not trivial this also isn't overly complicated anymore.
If your child needs a helmet to use the internet, as the politicians announcing HR8250 seem to think[1], Apple or whomever is free to offer that as a feature. There is no need for this to be legislated, especially when the legislation does not work in open source environments.
[1] Not hyperbole. They said that. It was an analogy, but one that highlights how ignorant of the technology the authors of these bills are.
I can understand the "baby mode" desire, but as the other reply pointed out, this does not need to be legislated. The big OS companies can easily offer this feature for those that want it.
I'm curious though about all this porn that apparently hides behind a rock on the device and leaps out to corrupt tiny minds when they least suspect it.
Shock websites aside, pornography generally doesn't ambush you. Unless you're a republican giving a presentation and have no idea how that porn got in there.
And, AB1043 specifically exempts websites, so it doesn't protect anyone from the goatse's of the world anyway.
These bills will not do what they purport to do, but they will do a whole lot of bad stuff.
There's already like 17 different parental control solutions out there for every device platform. You can and should use one and don't let your kid go to any website or use any specific app without your approval first.
> We do want a way to signal there's a kid driving a device.
Which is extremely irresponsible. It creates a false sense of security and abandons your child to the whims of strangers. This seems akin to putting a "please don't hurt me" sticker on your child and then letting them roam around downtown unsupervised.
> But if we can just have a way to put bright orange vests on devices that require special treatment
There is software you can already use which will lock the device down and only allow it to go to pre-approved sites. I'm unwilling to give up any of my civil rights for your level of convenience above this.
Yeah this is the way for sure. The OP forgets that young users advertising their age online with an "orange vest" might not be best idea.
There's almost endless choice of legit quality native apps for kids, curated from trusted sources. These alone far exceed healthy screen time if all were downloaded. Or as you say, curated web links in a locked browser.
How much screen time should kids do anyway, it's crazy how much is available before worrying about WWW on top of their games, apps and videos.
I have a kid. Actually two kids. They have their usage controlled by google family. I review weekly their internet usage, screen time is limited to 2 hours/day. They dont have social media. School research and etc, they do at home, in the "main computer" in our dinning room. Youtube too. In the end is our responsibility to educate and protect our kids. I truly dont see a need for such extra controls if the parents aren't interested in enforcing it.
You put your child in the driver’s seat and expect others to make sure it doesn’t make a wrong turn? Did you really have to give it the keys to this hypothetical car instead of, say, LEGO?
Or just don't give your child unfettered access to screens. There is zero reason your child needs x unmonitored hours with YouTube or Netflix or a browser or anything else.
The breathless fearmongering over an age field on account set up is just completely over-the-top. This is probably the least bad out of all possible ways to implement age checking. The benefit of this is that it can short-circuit support for more onerous age verification. The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end. The question is how awful will the new normal be? Legislation like this is a win all around, a complete nothingburger. We should be celebrating it, not fighting it tooth and nail.
The tech crowds utter derangement over this minor mandate is truly a sight to behold.
This bill requires actual verification and leaves it up to the politically controlled FTC to determine how this should happen. It’s a disaster.
> The Parents Decide Act solves the self-reported-birthday problem by demanding something verifiable, which in practice means a government ID, a credit card, a biometric scan, or some combination.
> However, Gottheimer has not specified which. The bill does not either. It’s up to the FTC to decide.
The article's analysis doesn't appear to be accurate. From the bill:
(a) Requirements.—An operating system provider, with respect to any operating system of such provider, shall carry out the following:
(1) Require any user of the operating system to provide the date of birth of the user in order to—
(A) set up an account on the operating system; and
(B) use the operating system.
(2) If the relevant user of the operating system is under 18 years of age, require a parent or legal guardian of the user to verify the date of birth of the user.
(3) Develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer.
The only requirement for "verification" is to enter a birthdate on account set up, and underage accounts have the parent "verify" the birthdate. There is certainly some ambiguity in the bill which is not good, but efforts should be towards resolving the ambiguity in favor of a lack of intrusiveness.
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to carry out this section, including regulations relating to the following:
(A) How an operating system provider can—
(i) verify the date of birth of a parent or legal guardian described in subsection (a)(2); and
(ii) carry out the requirements described in subsection (a) with respect to an operating system of such provider that may be shared by individuals of varying ages.
(B) Data protection standards related to how an operating system provider shall ensure a date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user, to carry out this section and any regulation promulgated under this section—
(i) is collected in a secure manner to maintain the privacy of the user or the parent or legal guardian of the user; and
Let's try to be a little bit sensible here. Presumably the requirement to check depends on the nature of the application. A completely offline app for example has no use for an age check and thus wouldn't need to read it.
This needs to be simply fought because it's a measure that is supposed to fight the reluctance of the society, not actual problem. For the actual problem it's ineffective. This will be met by surprise once it's fully implemented and new, worse measures will be proposed. Hence, it needs to be cut off as early as possible to spare everyone the trouble.
No, derangement is declaring "The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end." without fighting it at all and just mindlessly accepting it because you were told it was going to happen.
It should be really easy to get your bank account information then. You're just going to give it to me, right? What is this? You're fighting me tooth and nail instead of celebrating giving me your banking info?
Well, perhaps your mental model of the actual objections to it are incomplete. There are a few problems and I'm curious what you have to say about them. First, "The benefit of this is that it can short-circuit support for more onerous age verification". Do you think that it "can" or that it "will"? Big difference. It could also go the other way, right? Opening the door to a more onerous version? Why do you think that isn't worth considering? Secondly, "This is probably the least bad out of all possible ways to implement age checking". What about parental controls that exist already? Someone seriously tried to tell me last time that parental controls "suck", but that's irrelevant, they don't have to suck, and in fact anything can suck. That's just happenstance. So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls? Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that? In that case, parental controls actually give you more power, and make this new age check completely obsolete. Thoughts? Lastly, maybe you're not from the USA, but we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right? It's also a nothingburger, right? But then, you've compelled people to put something in every published book. Actually, that's a bad analogy. We should say that ALL BOOKS require this signature field on the first page. After all, we don't know what kinds of expletives and horrible things people might have written in the margins of the book (assuming it's being sold second-hand). That would be okay with you, right? Nothingburger? But it compels people to write something, and that's a door most legal scholars know not to open.
> The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end.
And books..? And the newspaper? What if a child reads about a horrible murder in the newspaper that keeps them up at night? What if the government outlaws books and newspapers because they can contain bad things? We'd better add a "adult/ not adult" checkbox to the first page to "short-circuit support for more onerous age verification".
At this point anything that makes computers less usable is a good thing, time we go back to the real world. It was extremely unpleasant while it lasted.
>It could also go the other way, right? Opening the door to a more onerous version?
I don't see a plausible scenario where the implementation of this mandate makes further mandates more easy to get passed. An age field and an API to access it is as trivial as it gets. More onerous age checking is not something that is an extension to or somehow made more easy given the pre-existence of the age field. No argument against more onerous checking is undermined or rendered less severe due to an age field already existing. There is no slippery slope here.
>So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls?
There is already a pretty significant market for parental controls, so presumably if their quality were a limiting factor in their adoption the market would have responded already. Parents simply aren't interested enough or savvy enough to apply them. Parental controls also just intrinsically suck for a lot of reasons. They are either mostly ineffective or wildly intrusive, like giving total access to children's communications and internet activity to external companies.
>Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that?
Presumably an adult is involved in purchasing devices and setting up accounts for their young children. Putting an age of account holder field into the account set up workflow seems pretty effective. It's not 100%, but it doesn't need to be for it to be a major improvement over the status quo. The lack of verification is a feature of this mandate, not a bug.
>we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right?
As those pushing this kind of legislation are fond of pointing out, we have age checks for buying alcohol or purchasing adult magazines in shops. Presumably these don't run afoul of the first amendment. This idea that we can't or shouldn't mandate age checking in some form to access content deemed inappropriate to children is just a losing argument. Again, the writing is on the wall here.
>No argument against more onerous checking is undermined or rendered less severe due to an age field already existing
From your point of view.
What I can tell you is that there are definitely people who will argue that this is, by the fact of being written into law, now the spirit of the law.
Then these people will argue that the spirit of the law is being broken, and the implementation needs to be better and tighter. Not that it needs to be repealed! Because clearly this is something that was wanted. And to many, many people, this will be sufficient argument not to complain about further measures.
This was a great comment, you challenged them but in a reasonable way and with really good questions
I wish public discourse were more this way - if someone is arguing in good faith, actually answering what you asked moves the conversation forward, it’s just on the person to give you a serious answer
how are we in 2026 and phones dont have guest mode or "i handed it to my kid mode"
apple's guided access is a terrible 1% solution to the problem. in one click i should be able to put my phone into some kind of locked down mode that exposes only what is allowed, starting with nothing unless whitelisted, with multiple profiles.
in the same sense, all the streaming services having their own separate kids profiles, instead of the streaming device having a single kids mode that exposes only the kids mode content from each app makes kids mode useless when a kid can just change the app, or gets stick into a single provider and i have to go help them switch.
They do. Android have had multi-user and guest profiles since Android 5.
The only reason I really know this is because I heard how Google completely bungled it in Android 14 on Pixel devices[1] :D
[1]: https://arstechnica.com/gadgets/2023/10/android-14s-ransomwa...
They are covering for and not prosecuting perpetrators in the biggest child trafficking and abuse scandal in recent memory -- the Epstein case. Let us do away with even a surface-level pretense that they care about kids at all.
I believe that would help kids out much more than this shit bill would.
TANSTAAFL.
Those Are Not Slogans That Are Applicable Followed Literally.
Because in their eyes your children are not your children. You are simply a custodian of their future work force asset. If you educate your children too much into individualism, they (today’s politicians) may see a diminished return of whatever they want to achieve.
And if you don’t agree with me on an emotional level, well, just remember the words of Elon Musk (paraphrasing): we need people to have children because we need to have workforce in the future. Translation: we need people to have children because who will work for us and makes tons of money.
If you have it too good, you aren’t dependent on them, you have all the carrots. They have no stick. They want to have the stick.
> Making it slightly harder to access the internet fixes nothing.
This assumes it is about the children. But if you do not think so then it opens up new alternatives suddenly, be it from tracking people, to targeted ads or any other information that could be gathered and eventually either monetized or put in tandem with other information. We'd get age graphs that way too.
Before that we could speculate to some extent, but with mandatory age sniffing and id-showing at all times, those who track people and benefit from it, benefit now even more.
They are laying the foundation at the infrastructure layer to build a Digital surveillance net, look at the pieces with the eye of an Architect -
https://www.cnbc.com/2026/04/15/banks-citizenship-data-colle...
And
https://www.congress.gov/bill/119th-congress/house-bill/8250...
The only remaining issue I see here is that I think the law may be a bit too heavy handed in how it tries to legislate this system into existence. Trying to tell Bob Hacker writing an OS in his basement what features his code has to include feels a little too authoritarian for my tastes. Probably there are some economic or regulatory levers that could be pulled instead to ensure this system gains mainstream adoption without criminalizing ordinary software development.
Again though, I didn't read the whole bill, just the article, so I could be wrong here on some of the details.
1. The text implies software should get access to your date of birth, rather than talking about age groups. If it becomes the case that websites can get your precise date of birth, this will be the ultimate fingerprinting vector that will put the fight for online privacy dead in the water.
2. The text talks about "verifying" dates of birth. This can only imply the involvement of face scanning or ID checking and third parties.
3. The text itself is very vague about details such as verifying, because it leaves many details entirely to the FTC, which recently announced they will stop enforcing privacy protections under COPPA for companies violating it to perform age verification of children[0]. So you can fully expect that if we are putting computing entirely in the hands of the current commission we will be probably screwed.
The text itself is less than 4 pages. I recommend reading it for yourself[1].
[0] https://www.ftc.gov/news-events/news/press-releases/2026/02/...
[1] https://www.congress.gov/bill/119th-congress/house-bill/8250...
I still prefer to have this in my OS above having every Random internet vendor collecting my biometrics and id documents.
This is the one thing that risks getting the law struck down by a court.
Anyway, I suspect Bob Hacker has a strong case that such a law as applied to himself would be beyond the scope of Interstate Commerce. Until he tries to sell or make his OS widely available, at least.
Just off the top of my head, something like "physical hardware with web access sold in the US without an ID check at the checkout counter must include this feature in its preinstalled OS" would be a better way to write the law in my opinion. Plenty of ways around it if you're a hobbyist or for some reason really don't want to comply, but a big enough hassle that all the major commercial OS providers would probably find it easiest to just include the feature. (Especially since this is a feature most parents would probably appreciate anyway.)
The right way to facilitate parental controls with legislation is to put a requirement on service providers [over a certain number of users] to publish well-known tags stating the age suitability of their site/app/pages. Then put a requirement on mass-market device manufacturers [over a certain size] to include parental control software that can filter based on these tags. When parental controls are enabled on a device, any site/app without tags "fails closed" and doesn't display - meaning the open web and open devices continue to coexist with the tag system.
The key parts 1. the information signals flow the correct way, from the company with a well-known identity to the end-users' device where it can be acted upon per the device owner's desires 2. the legal liability lands in the right place - tags signify legally-significant representation of content and 3. the long tail of small-scale websites and devices are completely unaffected
This would also leave the makers of parental control software (bundled with device or third-party aftermarket) free to implement additional features that parents desire (eg block social media, even if the site says it's fine for <18), rather than leaving those decisions entirely in the hands of corporate lawyers (as this bill does, because once again it was written by Facebook/Meta).
This is not in the interest of the people nor any children.
Well that would be counter-productive to actually building a surveillance state.
This will be a big one. They're building the groundwork for a world-wide dystopia.
Save a few ISOs of still-free OSes and hoard a few extra cheap computers. (You might also want to get a 10Mhz capable radio.)
Sending data by radio is messy, slow, and generally disappointing. Start your journey by reading up on the Aloha system https://en.wikipedia.org/wiki/ALOHAnet.
> The term “operating system provider” means a person that develops, licenses, or controls the operating system on a computer, mobile device, or any other general purpose computing device.
So excited to see the GNU vs. Linux debate finally land in court.
"The greatest trick the devil ever pulled was convincing the world he didn't exist."
If it looks like a conspiracy, it's probably one.
[Edit: Never mind, others have explained elsewhere in the discussion. It's the lawsuits Facebook is losing for addicting kids. So rather than, you know, stopping doing that, they want to instead legally force us to alter every OS on the planet. Disgusting.]
edit: I took too long to write this :)
As someone that doesn't have a Meta account (and will not), this could become potentially problematic.
>a computer, mobile device, or any other general purpose computing device.
It leaves open to interpretation if it applies to all computers, or just general purpose ones.
Does a car count as a mobile device?
Going to be fun when my washing machine asks me to upload a scan of my passport to the CIA before it will open the door.
https://www.youtube.com/watch?v=1FkK8ZFE7Y0
The CIA hates that trick.
That puts me for the rest of my life at a level of fuck you.
And if the system breaks down, I’m just going to hunt and eat you. How big do you think your chance of survival is meeting someone hungry who spent over a decade in war and conflict zones and is still here?
I’m more concerned about the future for your sake than for mine.
Wait, 27% for the right-wing extremists in Germany? The strongest party if there were elections today? Some of them publicly state they are the friendly faces of facism?
Oh, oh. I’m in danger.
https://health.yahoo.com/wellness/nutrition/articles/ultrapr...
Oh, AGI can turn everyone into matchsticks, but when I talk about turning humans into tasty sausage the internet goes wild.
It’s obviously sarcasm, just for the neurodivergent talent in here panic buying cannibalism safe bunkers now.
/s
I'm adapted to the American diet, so I'm sure that they'll cover my nutritional needs.
Let's stay on opposite sides of the pond like Godzilla and King Kong.
I like you whisky.
That’s a deal I can get behind.
I will send your administration a request to put your statue on top of the Arc de Trump. If they can pay 400 million for a ballroom, they can spend one for a diamond statue of the man that saved a lot of American lives today.
True heroes don’t always wear capes. Sometimes they have butcher knife’s.
That's not even the worst part:
> a person that develops, licenses, or controls the operating system
Suppose you write a generic piece of code that some third party then includes in an operating system, but you're the only relevant person in the jurisdiction. Are you now an "operating system provider"? If the "operating system" is made by hundreds of people or more, is it none of them or all of them or what?
Suppose you're a company and you've got a bunch of servers, which are computers, and you have root on them, i.e. you "control" the "operating system".
For example in the Linux world, it's the distributions.
Where it gets murky is with Android (and to a lesser extent Windows).
IMHO, the entities which should be responsible are Google and Microsoft.
But since vendors, specially in the Android world, can heavily tweak the OS, there is a case that it's more the device manufacturers like Samsung which are responsible.
The relevant interpretation in practice will usually happen naturally, and the most ambiguous stuff will be set by jurisprudence if necessary.
Does my laptop have to pass my age verification to a Docker container?
Am I at risk of government censorship (or worse) if I create a hobby smart home app that boots bare metal on a Raspberry Pi?
Or even the shell apps that I run daily. Does curl (which can access any web url) have to validate my age? What about AI models/ollama?
It has an OS, a network stack, an interpreter. Usually used for games as much as for classwork.
A car houses numerous Turing-complete computation systems.
They also added this page since I posted that comment: https://web.archive.org/web/20260411112604/https://tboteproj... where they claim their website is "under surveillance" because it got a few thousand requests from Google Cloud et al, most of them to a single page. This really shows how low their standards are.
Yes, it would be nice to know with certainty who is behind these bills. It sucks how much opaque money influences American politics.
Josh Gottheimer's press release[1] on HR8250 mentions the "Meta Parents Network." I don't know what that is, but it does have "Meta" in the name.
Buffy Wick's noise about AB1043 claimed it was passed with the support of tech companies. I have spoken directly to one person close to AB1043 who told me Facebook argued against AB1043. I have doubts. But if true, I suspect they were not arguing in good faith and had ulterior motives.
In the end, no matter who is secretly lobbying for or against age verification bills all over the planet, the bills are terrible, and we should fight them.
[1] https://gottheimer.house.gov/posts/release-gottheimer-announ...
https://www.smbc-comics.com/comic/aaaah
I think Facebook is behind these bills. I think that from personal experience working at Facebook.
That an LLM may have arrived at the same conclusion is unrelated. LLMs are garbage. Don't use them.
Very likely, given the legal liability they are already facing from the "addictive" court cases that are turning against them. Moving the liability for "age verification" away means they will not also be facing a huge number of court cases accusing them of showing an underage person adult age content provided they followed the law's proscribed "ask the OS for the user's age" requirements.
Also, note that only a few months ago Zuckerberg was in court testifying that the single best place to perform "age verification" was in the operating system of a device. Now, like mushrooms after a long rain, at roughly the same time up pop bills in nearly every statehouse, Congress, even Brazil, that all read nearly identically and that all are so broad as to require "the OS in anything with a CPU do age verification". The nearly identical text in each highly implies a single lobbying entity is behind all of them (it would be quite the coincidence that 50 state houses, plus Congress and Brazil, all write nearly identical bills independently). And the connection back to Zuck's court testimony of "age verification is best done in the OS" highly implies that the single lobbying entity is Meta, or funded by Meta to obtain this outcome.
https://www.cnn.com/2026/01/07/business/character-ai-google-...
If something is codified in law, they can comply with the law fully, and yet not have any real backlash from users. This can also shield them from many lawsuits. Conversely, if they start ratcheting down age-verification on their own, users will become quite upset. If they don't ratchet it down, then... as you can see, potential lawsuit.
And this isn't just about LLMs, once the concept of "a platform is liable for harm" happens, it's about everything. Including content other people slap into an app store. And the US has been talking about section 230 removal, countries around the world are reducing such exclusions, so the wind is blowing towards even more liability for platforms.
If you look at Google's recent moves to identify all developers prior to install on Android, there may even be some of this in that. How can they ban someone from publishing illegal material, or material Google will be liable for, if they don't even know who the publisher is? They'll just slide into a new account. (Note, I said "some" not "all", there is often not just one reason for an action)
So I suspect that the push is from all online platforms of any size or scope. It will shield them, protect them from liability, whist at the same time redirecting user ire at the legislation, not them. HN types might still brood, but the average person won't have insight. "Protect the children" as a reason works for the average person, it works very very well, and really, that's what a lot of these lawsuits are about.
So I point back to such lawsuits as the start of all of this. And I see it as why there is a push from Apple, Google, Meta and so on. And simply because I'm saying "big corp wants this, not just Meta", doesn't mean I'm saying "Meta isn't doing anything".
Meta can be pushing this, hard, whilst at the same time every other large corp can be working towards the same outcome.
These people have root access to all our webcams.
I don't think we can tolerate these entities to continue to exist.
Basically a mass-protest via network packets. Could we argue sending packets to a server is essentially a form of protest protected by speech similar to a public gathering?
1. The OS vendor must provide an age bucket using the minimum amount of data necessary
2. App vendors (i.e. Facebook) must use the OS vendor's age buckets to determine age
The idea is that the next time Facebook gets hit with a child endangerment lawsuit, they can say "Well, we used the age buckets the government told us to, and they said the plaintiff was 18+, so we're not liable".
This, of course, assumes that most social media and Internet regulation will continue being targeted at children only, both because courts are reluctant to enforce 1A on laws that censor children[0] and because the current political class actually benefits from the harms Facebook does to adults. Like, a good chunk of government surveillance is just buying data from Google and Facebook.
[0] The root password to the US constitution is "th1nk0fth3cHIldren!!1" after all
Everyone is so concerned with kids pretending to be adults, what about adults pretending to be kids? Any service that has any kind of private chat or picture sharing option will be a playground for “verified” kids.
Next step, “we must go further with the verifications until everyone is verified everywhere”. This is where the OS part comes in. Wish it was sarcasm.
Republicans may not like porn, but they put the onus where it belongs, on the operator, not on the OS.
While that might be true, I can't agree with the implication that this is better in any way. Having the onus on the operator forces you to have to send some form of verification out to all such operators you want to visit and they have repeatedly shown they are NOT capable of securely and privately handling that information.
I am certain they love it, given what kinds of businesses see a spike when the RNC comes to town.
More accurately, restricting it is a useful policy platform that helps them win elections.
The difference isn't really in the politicians, it's in the base, and how they will react to acts like this. Democrat voters will shame them, endlessly. They may not have alternatives to vote for, but they won't change their opinion to match whatever dweeb they were forced to vote for. Republican voters will always be on board with whatever they're told to be on board with.
Josh Gottheimer is indeed a Democrat.
When those same people are hysterical about Protecting The Children, you should understand that "protecting the children" is a distraction from whatever the actual intent may be.
The general public is thoughtless, and there's little reason to think the decision-makers are much more thoughtful, but Protecting The Children is merely this age's Trojan Horse.
Will my children be able to use my smart oven/thermostat after I verify I'm 18+ on those devices?
I also wonder what verification will look like for containers and and VMs that might have a short life. Maybe that's how we keep IT jobs for a little while longer? Human age verification on every local account every time a container or VM is spun up.
I wonder if it would be illegal for an user to use an outdated system without those functions when they roll out, or to use outdated applications, or to distribute outdated applications, or to keep mirrors of multiple versions of operating systems. I doubt they thought that far, or if they care at all.
Distinguishing between child-locked and unlocked devices is something any website should be able to do easily. Adult-only should be a config setting.
Vendors shouldn't sell unlocked devices to kids.
Then it's up to parents take sure their kids only have locked devices. (Or not, if they're okay with it.)
This part is neither necessary nor sufficient.
Put aside the Orwellian premise of "devices are locked by default". People keep making the analogy to things like cigarettes, but if a kid wants a steady supply of cigarettes then they need a steady supplier. If they want an "unlocked device" they just need money and Craigslist, once. It doesn't matter what you make Walmart do and it correspondingly doesn't make any sense to involve them.
If your kids have enough unsupervised money to buy electronics then you're either fine with them being unsupervised or you already have bigger problems than a used laptop.
In person, we expect stores won't sell cigarettes to kids. We should simply expect companies won't provide age restricted services to kids. The liability and requirements should be on those companies.
(Of course adding any level of friction will deter some kids, but needing to get a whole new device other than the one their parents gave them is already a lot of friction, isn't it?)
Don't currently take payments for your business model? Probably what you're doing is anticompetitive and we shouldn't allow it anyway.
Stores won’t sell cigarettes to kids because doing that will probably get you arrested and shut down pretty quickly.
Apple is horrible in this regard. Their solutions never really work.
A joint venture for an (optional) cross-platform family app would be more than enough. This, plus a (voluntary) content rating that's offered via an API (could even be simple meta data on a webpage). Done.
Oh, there is no config to retrieve, no We API to speak to.
"I'm 18 or older"-button it is. Is that a workable solution?
Ofc as soon as you give your child root access it is over but that is on you
the major players need to allow me to elect one of them as my family manager, and control permissions across ecosystems, from my management portal. i should be able to freely swap apple, google, microsoft, facebook, or a startup as my management and permissions tool.
instead I have a disparate management account and portal for every service on the planet. roblox, fortnite, facebook all want to appear to "make it easy" as if they hold the delusional belief that their management portal is the only one I have to manage. then add a spouse that also wants to change or tinker a setting.
if any law is going to get passed: it should be that any company over a certain size, who adds parental controls, needs to expose them externally to 3rd party management software.
Wonder if they will stand up against this on the same grounds
https://www.apple.com/customer-letter/
Longer answer: In the UK, Apple already implements age "verification" at the OS level, starting with IOS/IPadOS 26.4. If Apple had not implemented this, it would still be in compliance with UK law. Apple is anticipatorily obedient.
A company like Apple has visibility of the legislative pipeline in its markets. Looks like the UK was a test bed.
Lots of OECD countries, all at the same time, are pushing for online age verification or OS-level age verification, both equally intrusive and implemented in privacy-violating ways by conflating identity verification and age verification.
The end result is not protecttion of minors, but abolishing anonymity on the Internet. Social media companies claim to want the former, but in reality just want to shift liability to OS and device vendors. Governments happily accept the "side effect" of being able to find and root out dissidents.
This is what Facebook wants.
Firstly, you keep using that word; I do not think it means what you think it means.
On the Internet, especially forums such as HN, you are "pseudonymous". That is, you made up a name for yourself, and that's how you're known to others. At the very least, we are all identified by IP addresses, which are again, fairly stable and unique pseudonyms. There are nearly zero truly anonymous corners of the Internet, because anonymous communications are chaotic and anarchic.
Secondly, it was the NSF who mandated that everyone accessing the Internet must have an associated and authenticated account with an identity that is known to their provider. These rules went into effect in the early 1990s. Perhaps they have been discarded or observed only in the breach, but truly, nobody is a stranger on the Internet. Even if nobody knows you're not a dog, your ISP or your coffeehouse still know who you are, when you connected, what device and so forth.
So, please let us stop pretending there is "anonymity" here, or that there ever has been. Whatever you've done in the past, it will eventually be unmasked. Yes, people on Discord and Wikipedia alike are freaking out over this prospect, but it was always going to happen. We've been laying down a very permanent record for over 50 years. Eventually it will all be correlated with real identities, Facebook or not.
> Firstly, you keep using that word; I do not think it means what you think it means.
I posted that word exactly once in this thread, and I was quoting someone else. But I like the Princess Bride too.
No idea what you're talking about with regard to the 90s. I can only tell you I was on the Internet then and it was not as you describe.
Regardless, there is a difference between "unmasked with a court order" and "everything you do online is tied to you for the benefit of ad brokers."
We can have reasonable privacy protections and still allow law enforcement to function.
https://support.apple.com/en-us/125666
what a dystopian world we live in.
Good thing I live in the US?
They've already been pushing age verification out in several countries.
Other countries are not the US, btw. There are groups here ready to challenge such a move.
Continually amazed at HN ignorance of geography.
Makes me even more glad that I've already transitioned off Windows.
This is all fine until they put some Id verification in. Then anything open is cooked.
[1] - https://news.ycombinator.com/item?id=46152074
All the bill wants is that you can set up an iPhone for kids, an children account on Ubuntu (YOU decide whether it's a children's account) and then, presumably, the browser vendors implement an AgeAPI that allows website operators to query the user age.
Your device tells us you're 10 years old. Access to Instagram denied. Your device tells us you're 16. You're not allowed to visit gambling-porn-and-industrial-accidents.org
It's, of course, exactly the opposite of the "identity-tied age verification government-control, ID-document-leak" dystopia that the scare crowds here are peddling. But you'll never hear a word of acknowledgement from them.
These people act as if those "I'm 13 or older, i can create an Instagram account and waste my life" or "I'm 18 or older, let me watch porn and strangle my girlfriend" buttons are the peak of civilization.
Government should like the RTA header as they can fine sites daily that are missing it. Lobbyists could push companies that do the header checks.
Yes, I am looking to sue to stop this insanity. If you're a lawyer reading this, please reach out.
EU also released their age verification legislation. Notice how closely they are timed.
https://www.dw.com/en/eu-chief-urges-bloc-wide-push-on-age-v...
Pure coincidence?
It is all going according to plan.
Direct link to the bill: https://docs.reclaimthenet.org/parents-decide-act-os-age-ver...
Edit: Oh, and the commission gets to make up the rules on how ages should be verified. So, prepare for a whole other level of PII leakage that isn't even captured by the text of the bill.
From Gutenberg, PD comics from the golden era -and pulp scifi-, noir movies, old weird science/fantasy series in B/W and whatnot, I'm pretty much covered. Ironically most current scifi media can be traced to...Bradbury novels, PKD's paranoia and some Weird Science comics.
Once 1984 gets into PD, that's it. It is in Canada, but you can read it online as long as you don't download or share it:
https://gutenbergcanada.ca/ebooks/ebooks/orwellg-nineteeneig...
Leaks pretty minimal PII (the user is between 13 and 18 would be the tightest identifier obtainable with the above gates). But still allows for age gating some content without relying on self-reported age.
Am I optimistic the actual solution won’t be more invasive? Sadly no…
This compromises 0 privacy until it requires an ID. EU solution actually does and only supports specific devices.
https://news.ycombinator.com/item?id=47381791
Age verification inherently means identity verification. There's no way to prove your age without first proving that you are YOU, either by showing your face or authenticating with some third party authority, usually government or a corporation.
The idea that you should be locked out of using your own computer until you do this is utterly insane. What problem does it solve that existing parental control tools don't? A generation of parents already trust their babies with iPads for this reason. And what of the millions of Americans who don't have current ID?
There are some Usenet servers (text content only, no binaries, all illegal crap it's cut down by design) listening under I2P servers. By design enforcing any cross-pond law it's impossible.
Learn about NNCP in order to tunnel messages over it, really useful for asynchronous connections such as Email and Usenet: https://nncpgo.org
Also, learn connect to a Pubnix and to use Usenet/IRC/Email/Mastodon services (tut it's a TUI Mastodon client) from remote servers. Make their own law obsolete across the world. Learn Mutt and GPG too, it's about 20 minutes of your life and for basic email a simple text editor like Nano, Mg or Mcedit would suffice to compose an email.
Try free Biltbee servers over IRC too, these can be connected even from DOS IRC clients in order to connect to modern services such as Jabber, Steam chat and even discord (join the &bitlbee channel once you connected ot a public Bitlbee server, there are several, and type down 'plugins' to get the available chat systems in that service) and thus any age bullshit for FreeDOS it's by design unenforceable without breaking network drivers and TCP/IP stacks as TSR's and whatnot. Ditto for old Amiga, RiscOS and such old releases which are unsupported. And banning retro computing would make the several civil right unions sue the state (and the judges) like crazy for huge amounts of money. Even META too as being the main lobby instigator.
Claim your freedoms back.
I’ll be passing messages to and from the former internet using NNCP bundles. I’m planning to work on some interesting solutions for async communications over Nostr, with some alternate paths through radio for emergencies. Finally looking into steganography as well.
Hope to see you all there.
No, the fee is your identity and a record of your every thought and action.
I hope Josh Gottheimer will get a lot of money for his work there.
I also remember a few weeks ago, people such as Poettering and others said this is all harmless, nothing bad would ever possibly happen.
Lo and behold, now it is the new mandatory law. All people will soon have to go for age sniffing, in order to access information. Linux is only for the Underground now.
their dwindling to irrelevance, like the UK, could not happen faster
"TOO LOW, PULL UP. TOO LOW, PULL UP"
Take your country back before it's too late.
We don’t gain anything from asking a 3rd party. In fact it costs money per request.
Stay tuned. With mass unemployment/underemployment there’s gonna a be a lot of “extra” people.
Last time we saw her anywhere near here was her "farewell tour" when she was supposed to go be Trump's UN stooge. Haven't seen her up here since.
Glad to know we get to die up here for on-device age verification for everyone else.
As a parent: do your job and take responsibility for your kids. While it's not trivial this also isn't overly complicated anymore.
Apple and Google already ship OSes with comprehensive APIs and parental controls. There's not even any porn on the iOS App Store by policy.
Creating liability for random OS and app developers is absurd, and foreign porn websites aren't going to comply with this anyway.
If your child needs a helmet to use the internet, as the politicians announcing HR8250 seem to think[1], Apple or whomever is free to offer that as a feature. There is no need for this to be legislated, especially when the legislation does not work in open source environments.
[1] Not hyperbole. They said that. It was an analogy, but one that highlights how ignorant of the technology the authors of these bills are.
I'm curious though about all this porn that apparently hides behind a rock on the device and leaps out to corrupt tiny minds when they least suspect it.
Shock websites aside, pornography generally doesn't ambush you. Unless you're a republican giving a presentation and have no idea how that porn got in there.
And, AB1043 specifically exempts websites, so it doesn't protect anyone from the goatse's of the world anyway.
These bills will not do what they purport to do, but they will do a whole lot of bad stuff.
Why does your baby need internet?
> We do want a way to signal there's a kid driving a device.
Which is extremely irresponsible. It creates a false sense of security and abandons your child to the whims of strangers. This seems akin to putting a "please don't hurt me" sticker on your child and then letting them roam around downtown unsupervised.
> But if we can just have a way to put bright orange vests on devices that require special treatment
There is software you can already use which will lock the device down and only allow it to go to pre-approved sites. I'm unwilling to give up any of my civil rights for your level of convenience above this.
There's almost endless choice of legit quality native apps for kids, curated from trusted sources. These alone far exceed healthy screen time if all were downloaded. Or as you say, curated web links in a locked browser.
How much screen time should kids do anyway, it's crazy how much is available before worrying about WWW on top of their games, apps and videos.
You need to be a parent and stop expecting the people around you to do it for you.
Edit: and there are already device level parental controls.
The tech crowds utter derangement over this minor mandate is truly a sight to behold.
> The Parents Decide Act solves the self-reported-birthday problem by demanding something verifiable, which in practice means a government ID, a credit card, a biometric scan, or some combination.
> However, Gottheimer has not specified which. The bill does not either. It’s up to the FTC to decide.
(a) Requirements.—An operating system provider, with respect to any operating system of such provider, shall carry out the following:
(1) Require any user of the operating system to provide the date of birth of the user in order to—
(A) set up an account on the operating system; and
(B) use the operating system.
(2) If the relevant user of the operating system is under 18 years of age, require a parent or legal guardian of the user to verify the date of birth of the user.
(3) Develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer.
The only requirement for "verification" is to enter a birthdate on account set up, and underage accounts have the parent "verify" the birthdate. There is certainly some ambiguity in the bill which is not good, but efforts should be towards resolving the ambiguity in favor of a lack of intrusiveness.
(d) Regulations.—
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to carry out this section, including regulations relating to the following:
(A) How an operating system provider can—
(i) verify the date of birth of a parent or legal guardian described in subsection (a)(2); and
(ii) carry out the requirements described in subsection (a) with respect to an operating system of such provider that may be shared by individuals of varying ages.
(B) Data protection standards related to how an operating system provider shall ensure a date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user, to carry out this section and any regulation promulgated under this section—
(i) is collected in a secure manner to maintain the privacy of the user or the parent or legal guardian of the user; and
(ii) is not stolen or breached.
Consider AB1043. It mandates that applications check the age of the user each time the application is launched.
Think about what that means when you run `make` in a source directory. How many times is the compiler application launched?
It should be really easy to get your bank account information then. You're just going to give it to me, right? What is this? You're fighting me tooth and nail instead of celebrating giving me your banking info?
> The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end.
And books..? And the newspaper? What if a child reads about a horrible murder in the newspaper that keeps them up at night? What if the government outlaws books and newspapers because they can contain bad things? We'd better add a "adult/ not adult" checkbox to the first page to "short-circuit support for more onerous age verification".
I don't see a plausible scenario where the implementation of this mandate makes further mandates more easy to get passed. An age field and an API to access it is as trivial as it gets. More onerous age checking is not something that is an extension to or somehow made more easy given the pre-existence of the age field. No argument against more onerous checking is undermined or rendered less severe due to an age field already existing. There is no slippery slope here.
>So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls?
There is already a pretty significant market for parental controls, so presumably if their quality were a limiting factor in their adoption the market would have responded already. Parents simply aren't interested enough or savvy enough to apply them. Parental controls also just intrinsically suck for a lot of reasons. They are either mostly ineffective or wildly intrusive, like giving total access to children's communications and internet activity to external companies.
>Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that?
Presumably an adult is involved in purchasing devices and setting up accounts for their young children. Putting an age of account holder field into the account set up workflow seems pretty effective. It's not 100%, but it doesn't need to be for it to be a major improvement over the status quo. The lack of verification is a feature of this mandate, not a bug.
>we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right?
As those pushing this kind of legislation are fond of pointing out, we have age checks for buying alcohol or purchasing adult magazines in shops. Presumably these don't run afoul of the first amendment. This idea that we can't or shouldn't mandate age checking in some form to access content deemed inappropriate to children is just a losing argument. Again, the writing is on the wall here.
From your point of view.
What I can tell you is that there are definitely people who will argue that this is, by the fact of being written into law, now the spirit of the law.
Then these people will argue that the spirit of the law is being broken, and the implementation needs to be better and tighter. Not that it needs to be repealed! Because clearly this is something that was wanted. And to many, many people, this will be sufficient argument not to complain about further measures.
I wish public discourse were more this way - if someone is arguing in good faith, actually answering what you asked moves the conversation forward, it’s just on the person to give you a serious answer