HN

Comments (324)

• Menu

  fangpenlin
  There's an obvious theme with lawmakers in California—they pass laws to regulate things they have zero clue about, add them to their achievement page, cheer for themselves, and declare, "There! I've made the world a better place." There are just too many examples. For instance:- Microstamping requirements for guns—printing a unique barcode on every bullet casing (Glock gen3 cannot be retired, thus, the auto-mode switch bug cannot be patched...)- 3D printers should have a magical algorithm to recognize all gun parts in their tiny embedded systems- Now, you need to verify your age... on your microwave?At this rate, California should just go back to the Stone Age. Modern technology is simply not compatible with clueless politicians who are more eager to virtue-signal than to solve any actual problems or even borther to study the subject about the law they are going to pass. There will be more and more technology restrictions (or outright bans on use) in California because it's becoming impossible to operate anything here without getting sued or running afoul of some overreaching regulation.
• Menu

  bmitch3020
  Reaction 1: how would this even work with embedded systems that have no UI to input this data?Reaction 2: it's open source, make the lawmakers do submit the changes.Reaction 3: how would this ever be enforced? Would they outlaw downloading distributions, or even older versions of distributions? When there's no exchange of money, a law like this is seems like it would be suppression of free speech.Reaction 4: Someone needs to maliciously comply, in advance, on all California government systems. Shutdown the phones, the Wi-Fi, the building access systems, their Web servers, data centers, alarm systems, payroll, stop lights, everything running any operating system. Get everyone to do it on the same day as an OS boycott. And don't turn things back on until the law is repealed.
• Lanzaa
  > apply the privacy and data protections afforded to children to all consumers and prohibits an online service, product, or feature from, among other things, using dark patterns to lead or encourage children to provide personal information beyond what is reasonably expected to provide that online service, product, or feature or to forego privacy protectionsMy question, is if "the children" are worth protecting, why not adults? I would like to opt into not having to deal with dark patterns. Why not a age independent system, which a user can opt into and which "children" are automatically optd into.
• Menu

  nlitsme
  I will start making a list for linux then.rm - ok for all ages.grep - 18+, you can obviously use this to search for porn.find - 18+, see grep.reboot - ok for all ages.echo - ok for all ages.cat - 18+, prints the porn you found directly to your terminal.sudo - 18+, obviously.kill - ok for all ages. This is the US, right.ps - 18+, no peeping at other processes.
• BLKNSLVR
  I seem to be doing more and more illegal things as time passes, whilst not changing my behavior at all.Curious.
• Menu

  dathinab
  > [..] requires an account holder to _indicate_ [..]i.e. this doesn't require age verification at alljust a user profile age property> [..] interface that identifies, at a minimum, which of the following _categories_ pertains to the user [..]so you have to give apps and similar a 13+,16+,18+,21+ hint (for US)if combined with parent controls and reasonably implemented this can archive pretty much anything you need "causal" age verification for- without any identification of the person, its just an age setting and parent controls do allow parents to make sure it's correct- without face scans or similar AI- without device attestation/non open operating systems/hardwarelike any such things, it should have some added constraints (e.g. "for products sold with preinstalled operating system", "personal OS only" etc.)but this gets surprisingly close to allowing "good enough privacy respecting" age verificationthe main risk I see is that- I might have missed some bad parts parts- companies like MS, Google, Apple have interest in pushing malicious "industry" standards which are over-enginered, involve stuff like device attestation and IRL-persona identification to create an artificial moat/lock out of any "open/cost free" OS competition (i.e. Linux Desktop, people installing their own OS etc.).---"causal" age verification == for games, porn etc. not for opening a bank account, taking a loan etc. But all of that need full IRL person identification anyway so we can ignore it's use case for any child protection age verification law----it's still not perfect, by asking every day daily used software can find the birthdate. But vendors could take additional steps to reduce this risk in various ways, through never perfect. But nothing is perfekt.---Enforcement is also easy:Any company _selling_ in California has to comply, any other case is a niche product and for now doesn't matter anyway in the large picture.
• Menu

  cjs_ac
  Ignoring all the tedious 'no, you're a bad person for having different priorities and beliefs to me' comments that this will inevitably inspire, I have to ask: why does the operating system need to be involved in this? The intended target of the regulation seems to be app stores.Someone has fallen victim to Politician's Logic: https://www.youtube.com/watch?v=vidzkYnaf6Y
• Menu

  hosh
  What about:- servers living in datacenters- realtime operating systems in embedded devices- the Intel Management Engine- the OS on every smart chip in credit cards and debit cards- wireless cameras, roombas, smart TVs, smart fridges- cars. Those automotive systems have OSes too right?- all those IoT devices, including California’s traffic camerasWhat age signals should those devices send out? Is there an exclusionary clause?
• Menu

  k310
  Sounds to me that this is how kids learn to spin their own operating systems (a la LFS, Gentoo)and apps.This is how people bought personal computers when the mainframe priesthood banned them.It appears that very soon, young people will "de facto" need to have this level of competence in order to survive and thrive in a world of "in loco parentis" operating systems and apps.The latin reveals my age, but one thing about my age:People my age did exactly that. We built our own hardware when there was none. We compiled (or copied) operating systems and apps. A couple of my friends wrote an operating system and a C compiler."My generation" created this entire internet thingy, installed and web-based apps.Indeed, dumb-asses are going to level up young people.
• Menu

  userbinator
  Richard Stallman's "Right to Read" is disturbingly prescient, as usual.
• Menu

  glenstein
  As noted at the end of the article, I suspect the impact for many OS's is going to be that they add a line in the fine print somewhere saying not for use in California.
• Menu

  gradientsrneat
  > (g) This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains.So, this makes desktop Linux illegal, but all the software-as-a-service like Microsoft Azure and OpenAI get off scott-free?Fantastic.
• radium3d
  Yikes, these government folks just sign without even thinking or having a single clue about how the rule will work. They are completely irresponsible.
• hafthor
  What about embedded RTOS, like WindRiver or Zephyr? What if I write a memory manager and flash storage file manager for a really barebones MCU like a PIC? It didn't even define what an operating system is. What constitutes an update? If a security patch to DOS 6 came out, would it suddenly be required to have this tech? Is z/OS going to have this tech?Overall, I think don't think it's a bad idea for devices to be able to host an age verification system that offers requestable boolean proof of age, like if porn site demands over 18 to view, the user, regardless of age, is prompted and if they accept, it returns either a positive cryptographic claim or a cancel signal if not of age. If they don't accept the prompt, the same cancel signal goes back. The idea that this feature would need a mandate of law is dumb.
• Menu

  rhinoceraptor
  How wouldn't this also apply to things like useradd(8) or simply automated user account setup, e.g. like cups, sshd, etc? Do we need to add this to vi for use in vipw on UNIX?
• rm30
  This law perfectly demonstrates the constraint problem: regulators assumed age verification is a simple checkbox at account setup.Right now I'm on an ESP32 with free RTOS, will I need to add a keyboard and display just for age verification?
• lacoolj
  10/13/25 Chaptered by Secretary of State - Chapter 675, Statutes of 2025. 10/13/25 Approved by the Governor. 09/24/25 Enrolled and presented to the Governor at 3 p.m.Why is this "news" today? Am I missing something?
• Menu

  throw03172019
  Are lawmakers bored? Who is asking for this? Not the tax paying citizens.
• Menu

  Animats
  It's not clear that this applies where the "operating system provider" does not have "accounts". Linux should be OK, but "Ubuntu One" might have problems.It's a good reason not to put cloud dependencies into things.
• matheusmoreira
  I miss the days when politicians just generally ignored computers and left us alone.
• egorfine
  Ah, so this is what Lennart Poettering has been cooking? [1][1] https://news.ycombinator.com/item?id=46784572
• Menu

  Bender
  Feel free to call me paranoid for seeing patterns where there are none but this to me looks like just one phase of a preparation for a very large event entirely unrelated to every age verification reason given thus far. I won't guess any further. "I'm a good boy."
• Menu

  MangoCoffee
  It's funny that more and more Chinese style laws are being passed in the West.What's next? Chinese style social credit? You’ll need 800 points to run a sudo command?Free society? Mass surveillance. The West is becoming more of a nanny state like China every year.
• Menu

  wasmainiac
  Does not require verification, no biggie, this is essentially a parental control system.
• Perenti
  Will this only apply to an OS with human user accounts? I wonder how autonomous agents that are operating systems running on bare hardware are defined under this strange law. Not all OS are for humans. Consider many uni-kernel applications.
• Menu

  newsoftheday
  California is a confusing state, age verification for operating systems while almost releasing this monster on the public: https://www.latimes.com/california/story/2026-02-26/serial-c...
• Menu

  fnordfnordfnord
  There’s a concerted global effort to push this legislation. It’s also been proposed in Colorado and, some version of it’s been passed in the UK and Australia.
• rickcarlino
  Who is actively lobbying against the “war on root access”? Which are the NGOs/PACs/non-profits with the best track record of getting results here? FSF and EFF come to mind, but I can’t think of others and don’t know of track records for any of them.
• p0w3n3d
  People who cannot tell what is an operating system and what is not are writing laws
• brooke2k
  clearly there's something I don't understand (or is the law just really this stupid?) - but what would this even look like for linux? every user account requires an associated age?but users don't have a 1:1 mapping to the people that log into them. linux users that aren't used by any particular person, but by a particular _service_ are common. so are linux users that could be logged into by any number of people, and which have no specific single owner.
• syntaxing
  I don’t think the title is correct? All OS must have age profiles that external sources can query. There’s nothing explicit that checks the age itself in the law?
• bhewes
  Fun to watch my generation who was raised by helicopter parents turn into tank parents using scorched earth techniques.
• Brian_K_White
  I thought the lefties were supposed to be the smart ones.
• Menu

  dpoloncsak
  I'm under the impression anyone doing nefarious things online are probably more-than tech savvy enough to not install an OS that rats them out...right?Isnt that literally one of the first rules of the DNM Bible?
• Menu

  rzerowan
  Hmm i think at te moment its only Linux that has by default local only accounts except if being used in some sort of SSO environment .Microsoft has been pushing aggressively to deprecate the local and funnel everyone to Microsoft online accounts , while Android and macOS/iOS are already in such a state by default.Coupled with the same accounts being used for online login, looks like a feature creep panopticon in the making. With Linux lucking out be default.
• CWuestefeld
  It's not stated here, but is it implied that app platforms that, themselves, have an "app store", would be required to read this datum and pass it to their app store?For example, I've got a map application on my phone that lets me download maps, widgets, POI lists, etc. from their app store. It seems like enabling that age signal through this exchange is exactly what the politicians are looking for.
• Menu

  cm2187
  so my smart microwave will require some age verification?
• bsaul
  Why can't we have normal politicians anymore, anywhere on the spectrum ? They're all racing for stupidity, it's simply terrifying.
• Menu

  982307932084
  Looking forward to resisting the regime.
• Menu

  crumpled
  Is Github an application store? Is npm? apt? yum?If not, why not? You need age verification before you even create an account.
• lacoolj
  Feels like they're trying to implement a new wide-reaching protocol/spec by requiring it by law first, then expecting someone to magically develop something, and god forbid it's a different standard than anyone else's.By next January there will be 30 different methods of age input signalling between OS and application. And then by 2030 we might have the top 3 adopted as established defacto standards.somewhat related-ish https://xkcd.com/927/ :)
• anon
  undefined
• noosphr
  Californian seems like a state with a golden goose they keep trying to kill in ever more idiocitally inventive ways.
• Menu

  eleventyseven
  Headline is wrong. There is no verification requirement.All this does is require the user to select a non-verified age bracket on first boot. You can lie, just like porn sites today. I thought HNers wanted parents to govern their children's use of technology with these kinds of mechanisms.
• Menu

  jrmg
  The actual bill: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...Bill text (it’s longer, but the rest is mostly definitions of the terms used here):1798.501. (a) An operating system provider shall do all of the following:(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:(A) Under 13 years of age.(B) At least 13 years of age and under 16 years of age.(C) At least 16 years of age and under 18 years of age.(D) At least 18 years of age.(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.(2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.(B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.(3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.(B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.(4) A developer that receives a signal pursuant to this title shall use that signal to comply with applicable law but shall not do either of the following:(A) Request more information from an operating system provider or a covered application store than the minimum amount of information necessary to comply with this title.(B) Share the signal with a third party for a purpose not required by this title.
• Crontab
  Ahh, new stupidity inbound.
• Brian_K_White
  Maybe this is just an unsuspectedly astute way to get Microsoft to reenable local accounts?
• Menu

  bananamogul
  I really hate this new world where one jurisdiction - California, Europe, wherever - makes a law and suddenly every other jurisdiction has to comply because the law-making jurisdiction is big enough that tech companies can't abandon it.And since it doesn't make sense to have dozens of different versions of their apps, they write to the strictest jurisdiction's laws.If everyone has the power to make laws that apply to everyone...it's chaos.
• senfiaj
  I guess California will release California OS with age verification.
• rkagerer
  Was there HN discussion at the time the bill was introduced / passed?
• Menu

  croes
  > That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedureThat isn’t age verification at all
• Menu

  phendrenad2
  Sure, I'll ask where the user is located, and if they choose California, I'll ask them for their age. And if they choose over 21 I'll scold them for voting for Gavin.
• TomMasz
  This sounds like one of those laws that get used not so much to force compliance, but to punish noncompliance as part of a larger case.
• cs702
  These lawmakers are not even wrong.To be wrong, one must understand what one is talking about.Sigh.
• jeremy_su
  China did this 15 year ago..Fuck yeah, America
• anon
  undefined
• conradfr
  Next it will be all devices able to run Doom.
• Menu

  boznz
  How will this work with the numerous "Hobby" Operating Systems out there ?
• pipeline_peak
  You hear that, NetBSD!
• TJSomething
  Is this a weird attempt at device verification?
• kkfx
  Aha... Interesting, I'm the sysadmin of myself so I verify myself that I'm entitled to be root on my iron. Sometimes politicians reveal themselves in their future program dreaming things like mandatory online accounts on corporatocracty-controlled servers for all...
• Menu

  ta9000
  Many of you commenting haven't read the legislation and it shows.
• jeffbee
  Buffy Wicks obviously should not be legislating APIs. But I think it's funny how badly this misinterprets the situation. The local user account on a computer has never been less relevant than it is today.
• OutOfHere
  It's getting to be time for tech firms to leave California.
• 2OEH8eoCRo0
  Extremely stupid that this will fall on the OS.Accomplishes three things: Demonizes age verification, big tech gets to dodge it, cedes more control of your PC.
• ReptileMan
  Trump - making heroic efforts to give Newsom the presidency in 2028. Newsom valiantly resisting those efforts.
• Menu

  monday_
  One could cope that this regulation can not apply to Linux or other OSS operating systems. But this is only true unless the bootloaders on consumer devices are mandated to be closed next.We already have Secure Boot, the infrastructure is in place. It is currently optional, but a law like this can change that.
• tamimio
  Good luck enforcing that in linux, simply because open source community agreed to never agree on anything. The strength of anything is also its weakness, always.
• upmind
  What is the point of this?
• Menu

  bell-cot
  "The road to hell is paved with good intentions." - unknown
• ywhsrbsgn
  Apparently the redacted politicians that were caught raping and murdering little boys and girls in the Epstein files are entitled to a higher level of privacy than either you or me.
• blurbleblurble
  I hope the headline is just ragebait cause I feel infuriated
• Menu

  uniq7
  You know the non-governmental organization "Save the Children"? Maybe it's time to create a new one called "Fuck the Children" to defend people from these laws designed to mine privacy under the pretense of protecting minors.
• Mars008
  Next step will be reporting potentially unlawful activities.
• tonymet
  How will this work with ephemeral VMs? If you spin up a few hundred a day, will each one prompt you for birthday ? And whose birthday ? The CEO?
• jimt1234
  So now I have to prove who I am just to use something I purchased? Am I gonna have to prove my age/identity to my new laundry machine (it runs on OS)?
• wormius
  Lol no.
• Menu

  sandworm101
  Ok. No more linux in california. Forget silicon valley. Forget all the supercomputers at research establishments. Forget all the smart TVs. Forget all the cars with in-dash computers. Let's see how long california can keep its lights on without embedded linux.In all seriousness, rather than comply, linux distros should enforce this law. Any linux install that detects itself being in california should automatically shutdown with a loud error message. I give it a week before a madmax situation develops.
• aichen_dev
  [dead]