HN

Comments (78)

• Menu

  sdrinf
  Counterpoint to peeps on this thread:* This approach is the _most consistent_ with retaining anonymity on the internet, while actually helping parents with their issues. If any age-relevant gatekeeping needs to be made on the internet at all, this is the one I find acceptable.* this is because the act very specifically does NOT require age _verification_ ie using third-parties to verify whether the claimed age is correct. Rather, it is piggybacking on the baked-in assumption, that parents will set up the device for their kids, indicating on first install what the age/DoB is, then handing over the device -a setting which can, presumably, only be modified with parental consent* yes, there are edge cases, esp in OSS, and yes, it would be nice to iron those out -but the risk = probability x impact calculus on this is very very low.* If retaining anonymity on the internet is of value to you, don't let the perfect be the enemy of good enough.
• Menu

  amluto
  What a crappy law.> Section 1798.500(e)(1) states:“Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.So… DNS servers are “covered application stores”, right? As is PyPI or GitHub or any other such service. S3 and such, too — lots of facilitating going on.And I’m wondering… lots of things are general purpose computers. Are servers covered? How about embedded systems? Lots of embedded systems are quite general purpose.edit: Yikes, whoever wrote the text of the law seems to have failed to think at all.> (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.The developer shall request? Not the application? So if I write an application and you download it and run it on an operating system, then I need to personally ask your OS how old you are? This makes no sense.> (2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.Did they forget to make this conditional on getting g the right answer? If I develop an application used by a 12-year-old and the OS says the user is 18+ (which surely will happen all the time even if no one lies because computers have multiple users), and the OS answers my query, then courts are directed to deem that I have actual knowledge that the user is under 13? Excuse me?
• Menu

  csense
  A lot of people people contributing to FOSS are volunteers. The calculus of working on stuff for free involves an assumption that your worst-case outcome is you make $0. This act's punitive fines change the worst-case outcome to somewhere around -$9999999 or more.If you work on any programming project at all in any capacity:- Are you confident your work doesn't fall afoul of this?- Are you confident they won't decide to come after you anyway for insane political, bureaucratic or "seeing-like-a-state" dysfunctions?- Are you willing to bet millions of dollars in potential fines that your answers to the previous two questions are correct?
• Menu

  blackqueeriroh
  This is an intentionally vague law, and seems like the governor is more than happy to call for amendments: https://www.gov.ca.gov/wp-content/uploads/2025/10/AB-1043-Si...
• DankRaft
  I haven’t made up my mind on whether I like this law or not, but this is a bigger condemnation of the FOSS community than anything else. This law was introduced over a year ago, it was reviewed by multiple committees and nobody from the FOSS community ever went up to Sacramento to speak against it. A couple of emails to the right people back in March 2025 would’ve had a real shot of turning this bill into a non-issue. But nobody paid attention until it became a news cycle, and now it’s too little too late.I hope this is a wakeup call for the linux community: if you don’t wanna get choked out by bad legislation, you have to get politically organized.
• Menu

  bruce511
  On the one hand the legislation seems unimplementable for many OS makers, not just FOSS ones.(The issue of "primary owner of the device" being the most problematic.)Equally the concept of "app store" is different for different OS's. iOS and Android are clear. Mac and Windows are mostly "download and run from website" (although both want to pivot to appstore, with varying degrees of success.)Then we need to wonder if yum and apt are stores, given that they aren't actually owned by "linux".In truth though it kinda doesn't matter. It's trivial to add an "age" field to account creation. It's trivial for users to enter any date they like. So on the one hand it's easy for OS makers to comply, it's easy for users to lie.Presumably if the law could have mandated age checks then would have, so I'm not even sure thus is slippery slope. Most minors don't have photo ID. Most desktop hardware doesn't have a camera (at the time of account creation.)This feels like performative law-making. Vague language. Unenforceable user participation.
• Menu

  cvhc
  Repost my comment in the other thread: I know this sounds absurd. But let me try not to be cynical and explain how we got here, according to what I understand:First, let's admit the push for age verification laws isn't a partisan or ideological thing. It's a global trend. This California law has bipartisan sponsorship and only major org opponent is the evil G [1]. While age verification is unpopular in tech community, I imagine a lot of average adult voters agree that limiting children's access to wilder parts of the Internet is a good thing.On this premise, the discussion is then who should be responsible for age verification. The traditional model is to require app developers / website owners to gatekeep -- like the Texas and Ohio laws that require PornHub to verify users' IDs. But such model put too much burden on small developers, and it's a privacy nightmare to have to share your PII with random apps.This is why we see this new model. States started to believe it seems more viable to dump the responsibility on big tech / platforms. A newer Texas law is adopt this model (on top the traditional model) to require app stores to verify user age (but was recently blocked by court) [2]. And this California law pretty much also takes this model -- the OS (thinking as iOS / Android / Windows with app store) shall obtain the user age and provide "a signal regarding the users age bracket to applications available in a covered application store".While many people here are concerning open-source OSes, and the language do cover all OSes -- my intuition is no lawmaker had ever think about them and they were not the target.[1] https://calmatters.digitaldemocracy.org/bills/ca_202520260ab...[2] https://www.politico.com/news/2026/01/05/big-tech-won-in-tex...
• Menu

  givemeethekeys
  Copyright, patents, censorship, age controls etc... have never worked on kids.When it comes to technology, parents will always, always be years behind their kids. The kids will find a way to circumvent all these controls that the laws are trying to force technology providers into implementing.These laws won't result in less violence, lower drug use, more opportunity, or closer, more tight knit communities.
• Menu

  cbdevidal
  They’ll just slap a “Not for use in California” label over the download page then move on with their lives
• ZiiS
  A lot of words to say adding a column to passwd and changing all software that creates accounts will take some work. For me giving parents more tools seems easily worth the work, but I can understand others who disagree.
• bitwize
  All open source projects should withdraw immediately from the United States, IP-block all USA downloads, and headquarter themselves in sensible countries without such laws. Any state having these laws means they can drag you into their courts for violating them.
• ocbyc
  This is a mess.
• Menu

  shevy-java
  So how does it apply? Is that the mandatory age verification clause that forces everyone into becoming a data sniffer?California is kind of strange - on the one hand giving rise to open source; on the other hand being a lobbyist's paradise.
• Tyrubias
  The Digital Age Assurance Act is a disaster both in concept and in its statutory language. Its author(s) seem to be entirely unaware of how software is distributed outside of walled gardens like Apple’s ecosystem. If I’m understanding the law correctly, then even software like Homebrew would have to implement some kind of integration with macOS to detect a user’s age. On a naive level, I’m surprised such an obviously flawed bill was passed and signed in California, where there are so many tech companies and lobbyists. The realist in me, however, realizes that tech companies don’t care about the privacy and software supply chain impacts and might even want these impacts to happen as a way of consolidating their control over the market. As an American progressive, it disappoints me that the only thing progressives and conservatives seem to agree is stripping ordinary people of any semblance of anonymity or privacy in the name of “safety”.
• Menu

  hyperion2010
  Annoyingly? Ironically? The best technical implementation of this law would be to make it possible for the "device owner" to tell the OS to set a flag that the user was under age. Never send the age, never send anything else. Just have a global variable indicating that the user is under age that can be accessed by the browser.Now what would happen after that?First oses would have to implement the above in a way that could not be bypassed, pretty much impossible if the child has access to the device.Then you would need to require that websites honor that token or any similar token no matter how it was implemented ... https MITM etc. good luck with that.Finally once all the implementation and enforcement hurdles are complete every website out there would immediately know that the user browsing was a child and all the trackers and ad networks on the web would immediately start targeting those users because children are marks.Now you need even more laws and regulations to protect the children from being targeted by advertising companies, and good luck with enforcing that.
• Menu

  dmitrygr
  "It probably does not apply to you" and "Laws are usually applied as intended" and "You'll probably be ok" is what i keep hearing.None of that addresses "if you get unlucky and some prosecutor decides to help his career by prosecuting you as an enabler-of-child-inappropriate-whatever-it-is". YOLOing away one's freedom on "probably" seems risky, and there is no reward to be had for doing it.The only sane solution is to simply add "not for use in california" to all OSs, until California gets its collective head out of its collective rectum.
• Menu

  drnick1
  Stallman was, once again, right. We need free software and hardware more than ever because of idiotic laws like this. Because of the decentralized development model, there is no single company or developer that can be unfairly targeted and coerced into adding anti-features such as age verification or encryption backdoors. California can shove its requests where the sun don't shine.
• hiprob
  When will the AI bubble pop already? Things seem to just get worse
• anon
  undefined
• Menu

  xvector
  Incredible that California lawmakers choose to deliberately ignore the entire tech industry (that brings California its revenue.)