If I’m not mistaken, Meta has been lobbying heavily for all of these age-verification bills lately.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
mgfist 19 minutes ago [-]
It should be externalized to a degree. Facebook shouldn't be the ones verifying age, but there should be a trusted 3rd party service that does that, which just tells facebook "yes this user is old enough to use your service" or "no they're not old enough".
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
pianoben 14 minutes ago [-]
Or, and hear me out, _maybe our computers shouldn't spy on us in the first place_?
jachee 10 minutes ago [-]
“Impossible to get a man to understand a thing, when his paycheck depends on his not understanding it.”
inkysigma 13 minutes ago [-]
Except none of these bills (California or the one in question) as currently written require an ID to actually be verified, merely that the user provide an age. This seems intentional as it's seems to solve the user journey where a parent is able to set a reasonable default by simply setting up an associated account age at account creation. It's effectively just standardizing parental controls.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
bink 10 minutes ago [-]
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
inkysigma 3 minutes ago [-]
Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
SoftTalker 11 minutes ago [-]
Don't kid yourself, Meta already knows the age of all its users, at least within the broad categories that this bill defines.
pear01 13 minutes ago [-]
He doesn't want to have to stand up, turn around and apologize to parents on behalf of an asleep at the wheel Congress again.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
How should they do it? Surely they don't have a responsibility to do something that nobody knows how to do?
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
tyre 25 minutes ago [-]
They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
gruez 22 minutes ago [-]
>They could require government ID to sign up and an adult sponsor to certify accounts for kids. Plus a limit on how many accounts an adult can sponsor.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
Aunche 12 minutes ago [-]
> They could require government ID to sign up and an adult sponsor to certify accounts for kids.
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it has an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
Lerc 21 minutes ago [-]
I think the public in general woul be happier with the office on the moon idea than compulsory Government ID requirements to use services.
observationist 14 minutes ago [-]
It's up to parents to parent. It's not up to the government, and Facebook pushing this shit is evil.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
ehl0 21 minutes ago [-]
bad take man. these companies don't care about kids; they just want to take the responsivity off of themselves. they don't actually put any money towards child safety.
Really, I’m surprised that for all of the discussions on HN around these individual statewide acts that I see so little discussion of Meta as a primary force pushing them.
pesus 34 minutes ago [-]
There are probably many more people that would profit of it on HN.
iAMkenough 33 minutes ago [-]
I wonder if Meta monitors their employees comments on HN?
alephnerd 58 seconds ago [-]
They don't but frankly no one who matters actually gives a s#it about HN.
hypeatei 33 minutes ago [-]
Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
Don't get me wrong, it's good to know but it's not earth shattering information.
gruez 24 minutes ago [-]
>Why does it matter specifically that Meta is doing it? This has long been a goal for intelligence apparatus and big tech: get rid of anonymity online to "fight terrorism" and sell ads respectively.
How does getting the OS to do age verification "get rid of anonymity online" or help "sell ads"? Assuming the verification is implemented in a competent way (ie. it's not just providing an id scan for any app to read), it's probably one of the more privacy friendly ways to implement age verification, that's also more secure than an "are you over 18" prompt on every website.
hypeatei 11 minutes ago [-]
You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate our privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
> implemented in a competent way (ie. it's not just providing an id scan for any app to read)
What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
gruez 4 minutes ago [-]
>You've accepted the overton window shift that age verification is an inevitability and that we need to give up information to the operating system because any other way would violate your privacy! It's naive to see this internationally coordinated effort to "save the children" as anything other than the temperature in the pot being turned up.
If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case. The popular sentiment against smartphones and social networks harming kids (thereby necessitating bans/verification) have been boiling over for a while now (eg. "The Anxious Generation, 2024"), and meta is just trying to get ahead of this with laws that favor them.
>What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
Probably less likely to cause vulnerabilities than web usb or web bluetooth , both of which gets some pushback here but nowhere as much an API that returns a number.
JumpCrisscross 30 minutes ago [-]
> Why does it matter specifically that Meta is doing it?
Their entire top leadership has shown a multi-year tendency towards psychopathy and lying. Knowing Meta is pushing this bill makes me want to understand why my views and theirs randomly agree as well as carefully read the bill text for any signs Adam Mosseri was within 500 feet of it.
JCattheATM 23 minutes ago [-]
> my views and theirs randomly agree
That's probably a sign that you should reevaluate your views.
I've seen skepticism about the veracity of the claims, in part as various sources cited in the git repo pointed to todo files not actual data[1] (in that example was only just hours ago a source file was added, when the project still claims part of the conclusions are based on data said to be contained there).
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
This coordinated state level attack on the legislative process is crazy. These people can't seem to be bothered to do the basics of governing, but they always find time to do this cross-state nightmare fuel.
glitchc 27 minutes ago [-]
The law as is written mainly targets social media platforms. For an OS to comply, all it needs to do is provide a field during account creation that records the user's date of birth as supplied by the user. There is no onus on the operator to confirm the veracity of this information, or even record it anywhere other than the local OS install itself. I think we're safe.
JCattheATM 23 minutes ago [-]
It's the start of a very slippery slope.
naikrovek 9 minutes ago [-]
Slippery slopes are a logical fallacy. Every single decision moving you down the slope is intentional. No sliding occurs if nothing actively pushes things down the slide.
Accordingly, it is never too late to lobby against these things.
areoform 4 minutes ago [-]
Not if you're being pushed down the slope.
It's not an accident that this appeared within a month or two of the California one. I would bet good money that there's someone shopping this bill around.
If you do a frequency analysis of when these bills are being introduced, you'll notice an odd cluster internationally. Less charitably, they're coordinating / talking / being pushed by someone. More charitably, the "idea" is spreading.
It's a very odd idea to spread though. Age "verification" isn't something people are truly passionate about.
I suspect that, long-term, this is about surveillance. The powers that be would rather kill the golden genie that's general purpose compute than have teens and radical youth with compute.
This is going to get bad.
nlitened 3 minutes ago [-]
> Slippery slopes are a logical fallacy
How is this a counter-argument? I often read this, as if there's some international trusted organization of logical thinkers that has approved inclusion of slippery slope to a list of logical fallacies that must never be invoked in a conversation.
Every single time five years later it turns out that the slope actually was slippery.
mattnewton 4 minutes ago [-]
Like gravity, there is some inexorably force drawing the state towards mass surveillance tools as it makes the job easier. Removing friction that fights against that force is real
mattnewton 20 minutes ago [-]
Seems like a slippery slope. Now the infrastructure is there to ask apple, Google and microsoft to confirm identity with selfies over the internet.
firtoz 30 minutes ago [-]
It's kinda convenient because every service needs to ask you for the age now because they can't serve under 13s in a lot of cases. Having it be a simple API would be a decent convenience, no?
If you connect it with a permission system where you can choose whether to provide this information (e.g. >13 as a bool or age as an integer or the birthday as a date) that can't be too bad I guess?
I haven't read the whole thing of course.
pull_my_finger 6 minutes ago [-]
It WOULD be nice if it only got used appropriately. But in 2026 its just one more metric to narrow down your profile for advertisers. Wouldn't it be convenient if you could just opt-out of tracking with a convenient API like the literal "do not track" header in browsers? It exists, but none of the people who SHOULD use it pay it any attention except as, ironically, another metric used to track people.
Not to mention that computing is a global thing, and in order for this to be useful it would definitely have to be providing more specific information than just a bool. Maybe chats require 13+, but pornography requires 18+. Maybe those ages are different based on location. All advertisers would need to do is ping the various different checks to get your actual or at least very approximate age.
This kind of thing is a slippery slope, and its ripe for abuse by doxxers, advertisers and big brother himself. Burn this with fire. I'm totally in agreement with the others that suggest stuff like this should b just get banned from getting introduced and reintroduced constantly trying to sneak it in as a rider or hidden provision. The people DON'T want it.
edgyquant 20 minutes ago [-]
What if someone else is using the computer/phone/etc?
spullara 49 minutes ago [-]
this is completely insane. we need some kind of constitutional amendment to get rid of all this kind legislation forever.
Aunche 21 minutes ago [-]
People are making way too big a deal of this IMO. This is basically the OS equivalent of that checkbox you click to enter a porn website that gets exposed to Meta, so they can claim that they did what they all the they could to protect children if they get sued by parents. Any determined kid would figure out a way around this, but I can see it stopping younger and less determined kids, and it's a useful tool for parents.
zardo 8 minutes ago [-]
Wouldn't a some kind of technical standard proposal be a more sensible way to do this than trying to pass OS laws state by state?
jjtheblunt 33 minutes ago [-]
it's entirely possible such nonsense is all show, and wouldn't be passed, however.
i'm from illinois, worked in california, and no longer live in either. from afar, it seems that whatever california bureaucrats propose, after a short delay, gets proposed by their little sibling bureaucrats in illinois.
golbez9 11 minutes ago [-]
This is 100% true
dmitrygr 29 minutes ago [-]
This. IL and MA follow whatever CA does with a few year lag. Considerations of sanity never enter into the discussion.
ActorNightly 18 minutes ago [-]
I actually see the golden lining here
>"Operating system provider" means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
I.e Linux will most likely to be immune, since its not tied to a particular computer.
Which just means Linux stay winning. It already made big headway in the video game space, so its prime to take over personal computing too.
karmakaze 3 minutes ago [-]
Wouldn't that include using it on any cloud service that let's you pick it?
jmye 3 minutes ago [-]
> since its not tied to a particular computer.
That's a really weird and nonsensical reading of "operating system software on a computer".
tokai 6 minutes ago [-]
All the distros are the providers here. The Linux kernel is not an operating system.
varispeed 28 minutes ago [-]
constitutional amendment to criminalise corporate lobbying with severe penalties - including capital punishment and confiscation of entire corporation.
chronic20001 43 minutes ago [-]
[flagged]
prophesi 38 minutes ago [-]
> For the record, I don’t care enough about age verification. Whether the law passes or not, I don’t really care.
Sounds like there actually would be some benefit commenting about it on HN.
alephnerd 34 minutes ago [-]
No one who matters uses HN or cares about HN. The handful of us on HN who are in or near a position to affect change are basically here due to habit or $#itposting until we get banned.
So they are right in that sense - commenting on HN is cathartic but ultimately useless.
And the people who matter and are against this also don't use HN because they view this platform as toxic and reactionary.
prophesi 31 minutes ago [-]
There are software engineers who directly work for the platforms lobbying for this whom post here.
alephnerd 30 minutes ago [-]
ICs don't matter. I can fire one and hire 5, and increasingly, the demographics on HN don't align with those who work in those organizations.
HN is basically slashdot now.
prophesi 25 minutes ago [-]
> and increasingly, the demographics on HN don't align with those who work in those organizations.
People have been worried about that on HN for years, but I still see the same culture. There do seem to be more bots and astroturfing, but that's a systemic issue with all social media platforms today.
alephnerd 21 minutes ago [-]
> People have been worried about that on HN for years, but I still see the same culture...
And that's the crux of the issue - the industry and people have changed, but HN hasn't changed discourse wise and is growing increasingly disconnected demographically speaking.
A large portion of HNers are men in their late 30s to 50s, and no longer located in the Bay Area or NYC.
No one's who matters is having these kinds of conversations on HN - they're meeting IRL with Luma invites or in signal/imessage/discord group chats.
strongpigeon 34 minutes ago [-]
People here seem very against this, but I don't really see it. This only require to have a form asking about your age and provide an API to read it, right?
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
bloppe 18 minutes ago [-]
There are basically 2 possibilities with the outcome of this law: It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois (which wouldn't be effective either, but might be the kind of compliance theatre we'll see from maintainers worried about liability).
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
strongpigeon 11 minutes ago [-]
> It's rather so full of holes as to be meaningless, or it's so invasive as to force open source projects to try to geofence Illinois.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
al_borland 12 minutes ago [-]
People lie, so there would need to be some kind of proof provided, right? How much data will one need to give up to use a computer? Where/how is that data stored? What else will it be used for? What happens when it’s hacked? How will test systems or servers work? If I want a computer that isn’t linked to the rest of my ecosystem, can I still do that or will age verification require I login with a cloud account?
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
SoftTalker 7 minutes ago [-]
It's not all about you.
jwitthuhn 18 minutes ago [-]
Why should an OS demand personal information from its users? It creates an unnecessary risk that the information will be leaked.
nancyminusone 23 minutes ago [-]
I don't really see any good arguments in favor of it, so why do it? There's no reason my OS needs to know anything about me.
strongpigeon 18 minutes ago [-]
I guess I'm more surprised by the intensity of the backlash this generates here. I agree with you that mandating OS APIs like this doesn't seem necessary, but that alone wouldn't warrant the severe reaction this is getting right?
bloppe 14 minutes ago [-]
It's considered offensive to the strongly freedom-loving FOSS community, and it's basically legally-required tech debt, which is annoying to all maintainers
tokai 10 minutes ago [-]
Seems pretty reasonable to get annoyed at a law that at best will be useless and at worse dangerous, while it will directly dictate features into the tools we all use everyday. All for no gain for anyone but maybe Meta and some other big companies.
toomuchtodo 31 minutes ago [-]
I am very pro social media regulation (with regards to age gating) due to the evidenced harm it causes, and which court cases have shown these companies are well aware of internally; with that said, this is an attempt by social media companies to shift liability to keep business as usual/status quo. This is no different than what oil companies have done, cigarette companies, chemical companies who have polluted at scale while knowing the harm, etc.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
> This is an attempt by social media companies to shift liability to keep business as usual/status quo.
Do you mind expanding on why that is? Is it because it allows them to say "well the API told us they're adults so we're all good"?
steviedotboston 16 minutes ago [-]
and the verification that the OS has to provide is minimal. the OS doesn't need to verify and ID or anything. Probably just a checkbox when you create the account that you're an adult, or child, etc. and then that's provided to the browser. So it effectively becomes meaningless if the goal is to get children off social media.
akdev1l 23 minutes ago [-]
>keep business as usual/status quo.
Umm isn’t that what we want? Or are you suggesting there should be some other legislation in place?
toomuchtodo 19 minutes ago [-]
Age gating first [1] (no social for under X age), keep tightening the policy ratchet as data and evidence indicates.
Purdue sold less than 4% of the prescription opioid pain pills in the U.S. from 2006 to 2012. They were a scapegoat for pill farm doctors and an incredible lack of personal responsibility from prescribers, pharmacists and patients.
toomuchtodo 19 minutes ago [-]
Personal responsibility isn't a thing from a consumption perspective, it's primarily brain chemistry. See: GLP-1s [1] [2] (tldr they patch the brain's reward center against suboptimal reward chasing and demand)
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human.
That's exactly how I see it. Verification should be on the social media platforms not your OS.
hypeatei 16 minutes ago [-]
What if I don't want my computer asking for my age and providing an API to give up that information? Why is the government mandating software devs to add bloat and privacy violating features to operating systems?
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
saityi 22 minutes ago [-]
Even if open source operating systems comply and add such a feature, what's to stop individual people from removing this and blocking the API requests before they install the OS? Or providing dummy responses? They're open source, after all.
Is the government going to require some sort of automated checks that verify every person who connects to the internet has this API on their OS and go after individuals that aren't in compliance?
I wonder how this will mix wit federal laws saying you aren't allowed to track users under the age of 13yo? Will this then be forced as a browser API/header passed to every server/request?
johnisgood 34 minutes ago [-]
Yeah but if so, what does it have to do with the OS itself, i.e. outside the browser?
tracker1 19 minutes ago [-]
From articles I've seen, it's mostly Facebook lobbying to "pass the buck" upstream to the OS level to actually inquire... this of course will blead into the OS provided "store" interfaces most likely. And while, likely mostly targeting Apple and Google, MS/Windows and Linux are definitely going to be catching stray bullets. In particular vendors with Linux pre-installed... hence System 76 adding the feature to PopOS. Who knows if/how this will come about in practice or how consistently.
albertsw 17 minutes ago [-]
How old is root?
1970-01-01 33 minutes ago [-]
The "one weird trick" that all government hates? Stop forcing OSes to function with accounts. "User account" is an artifact of UNIX. You don't need an account to start a car, send and email, nor boot an operating system. I know it's hard to grasp, but it's true.
gruez 31 minutes ago [-]
What's the "user account" for an iPhone? Sure you might have to sign into icloud, but that's not mandatory. It's effectively a single user system.
thoughtpalette 24 minutes ago [-]
Growing up, I vividly remember user accounts being important for our families personas on Windows XP. There's definitely a place for them, but there should be an option to not use one.
Unless your specifically calling out accounts that require online registration for the OS. I'm vehemently against that requirement.
datsci_est_2015 21 minutes ago [-]
> You don't need an account to start a car, …
Don’t say this too loud please, I don’t honestly think we’re too far from this reality, at least from an “Overton Window” point of view.
TheChaplain 41 minutes ago [-]
Curious how OpenBSD or Haiku will comply.
prmoustache 27 minutes ago [-]
For what I understand, OpenBSD could just patch useradd so that the age category is mentionned in the comment field of /etc/passwd or a random text file in /etc.
Haiku could just run an automatic dialog asking you if you are minor, in Illinois or California and write a text file with the corresponding age category of said person.
These bills do not mandate that todo user cannot modify that information AFAIK.
JCattheATM 22 minutes ago [-]
I can't imagine OpenBSD would be bothered by laws specific to a very small selection of US states.
dpe82 30 minutes ago [-]
By adding a simple birthdate field to your account info and a system API of some sort for retrieving the account owner's age range, same as everyone else.
johnisgood 35 minutes ago [-]
What is the reasoning behind this exactly? Yeah, I know Meta is behind it, but surely they will throw it out if it is absord, right... right?
thrill 44 minutes ago [-]
“Use of this computer is illegal in the state of Illinois - your friendly neighborhood SWAT team has been notified.”
fredgrott 7 minutes ago [-]
here is the date I will put out....
1 10 0000
or even better
1 10 -2000
This will turn into most useless set of laws ever
wosined 20 minutes ago [-]
Karens making stupid bills. What is and what is not an OS?
exabrial 46 minutes ago [-]
Why suddenly are all of the blue states doing this BS? What is going on and what control is this affording the government?
tadfisher 41 minutes ago [-]
Lobbying from Meta. They do not want to do age-verification themselves (and pay for it).
Meta is behind a huge amount of it, they have funded the majority of these
dzink 43 minutes ago [-]
Meta is lobbying with millions for it.
anonym29 33 minutes ago [-]
Blue states: paternalism over your property, liberty for your body
Red states: paternalism over your body, liberty for your property
gruez 30 minutes ago [-]
except for during covid, where there was a weird reversal.
anonym29 12 minutes ago [-]
I don't even know if that was much of a "reversal".
Blue states were paternalistic over both your property (business and social gathering shutdowns) and your body (masking, social distancing enforcement), while red states (particularly Texas, Florida) were very laissez-faire for both.
What's perplexing about this is that research has generally correlated higher amygdala activity (fear/worry) with political conservatism, and lower amygdala activity with political progressivism, but in this case, the effect seemed almost inverted.
pengaru 34 minutes ago [-]
i look forward to the police showing up and explaining to me how computing is a privilege, not a right
hypeatei 41 minutes ago [-]
What are they going to do to enforce this? Take down open source projects that "operate" in Illinois because a user downloaded the software there? Absolute joke and everyone should treat it that way; advanced compliance here means implicit support for the surveillance state.
anthk 40 minutes ago [-]
Read and share "Free Software, Free Society" now.
Richard Stallman advised us about it long ago.
Thank god Plan9 got relicensed into GPL. 9front might not totally free, but it's a step in case GNU+Linux gets utterly broken.
And, yes, please, go try Trisquel (novice users), GUIX (experts) and Hyperbola (experts and protocol purists).
Avoid every Google, Amazon, Facebook, Apple, Netflix service with nonfree JS.
shablulman 46 minutes ago [-]
[dead]
2OEH8eoCRo0 37 minutes ago [-]
Thanks nerds. We are getting the shittiest possible age verification because nerds are maximalist in the other direction.
mikestorrent 46 minutes ago [-]
I don't like this whole thing, but compared to what I was fearing would happen, this idea is nowhere near as bad.
What I expected was that we'd end up with the OS vendors actually being mandated to really do age verification, and then submitting that using Web Credentials and Secure Attestation so that the far end could trust the whole thing, locking open-source OS's out of the mix and creating more of a walled garden online than we already have. I was guessing it would become a simple checkbox on e.g. Cloudflare - "[ ] allow adult users only" or whatever - and that it would end up with vast swathes of the internet going off limits for anyone not on closed-source systems.
Now, it looks like this is just a way for parents to tell the OS "this is a kid account" and have it flow through to websites so they can easily proactively block kids from connecting without having to implement any of that crap. Yes, it's much potentially easier for a child to circumvent; but any kid who can get around that sort of thing from within an OS could probably just wipe/reinstall anyway, so who cares?
As a parent whose kids are continually trying to see what trouble they can get into, I appreciate that I will get one more potential weapon in the fight.
Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
shit_game 34 minutes ago [-]
> Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
You're being a fool by actually being a bit relieved it's going this way.
These bills are meant to nudge the overton window[0] of digital politics in the direction of mandating realtime identity verification for all forms of computing. Advertisers want it, governments want it, _bad people and bad governments want it_. By pushing a very small and "weak" legally-required form of user identification on everything under the guise of "saving the kids", all involved parties can point at those who disagree and say "Look, if you disagree you must want to hurt children!" And so the bills pass, and a weak form of identity verification passes and is enforced. Then it'll be shown it doesn't work, and the proposed solution will be to make these identity verification laws more intrusive and more restrictive. Repeat ad-nauseum.
You shouldn't be downvoted for this, the problem is exactly as you described.
tracker1 41 minutes ago [-]
What do you think comes after this? This is just a first step towards exactly requiring age verification at the OS/Store level... Then comes ever more restrictive and intrusive tracking and eliminating all anonymity as a final goal.
Time to start throwing up hobby BBS sites... and I think in this case text mode interfaces over web might be an advantage.
Larrikin 40 minutes ago [-]
Websites can send down a single header indicating adult content. The device, the parent setup to indicate the users age, can respect that. Legitimate adult websites will not show the content. There is no need for any verification beyond that or it's just government mandated surveillance.
jacobgkau 30 minutes ago [-]
> There is no need for any verification beyond that or it's just government mandated surveillance.
There is no verification beyond that in these sorts of bills (CA, CO, IL). It's the parent's responsibility to watch their kids when they set up an account.
> Legitimate adult websites will not show the content.
This is a big problem (that won't necessarily be solved by this particular legislation, granted). There are already voluntary rating HTML tags websites can add to indicate parental control software should block them, but they're voluntary and non-standardized. Websites can choose not to comply with no real-world consequences. And I don't think platforms like Reddit or X, which are ostensibly all-ages social media but also have an abundance of adult content, are properly set up to serve tags like that on NSFW posts but not other ones.
It's a tricky problem to solve, and, imo, it's one the tech industry has demonstrated it doesn't have any desire to solve itself, hence legislation starting to get involved.
> Websites can send down a single header indicating adult content.
It sounds at first glance like a no-brainer that websites shouldn't have access to any information and the enforcement should be done at a local level (like the current voluntary HTML tags that locally installed parental control software can sometimes read). But some websites might want to display alternate content to minors-- e.g. a Wikipedia article with some images withheld, or Reddit sending a user back to an all-ages subreddit instead of just fully breaking or failing to load when the user stumbles upon something 18+. For anything like that, the website will need to know in some form that the user isn't able to see 18+ content.
jacobgkau 39 minutes ago [-]
Yeah, the laws in CA, CO, and now IL are essentially just mandating generally available OS's implement a standardized, local parental control system.
Detractors will say parents should just install existing parental control software, even though it's existed in its current form for decades and is obviously not effective. And they'll say it should be the parents' responsibility to enforce what their kids are doing with computers, while ignoring the fact that these laws provide tools allowing parents to do just that (the parents are the ones responsible for supervising their kids when they create accounts to ensure they're not lying about their age-- if the kids lie during setup, it's on the parents).
Anyone with kids will probably acknowledge that it's much easier supervising your kid once when they first set up an account on a new device than it would be to supervise them 24/7 when they're using the internet. But for some reason, lots of people without kids are in a panic about having to type in any date older than 18 years ago. The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
LooseMarmoset 25 minutes ago [-]
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
Because that's exactly what will happen. This is battlespace preparation for the destruction of anonymity on the internet, because politicians find this inconvenient.
pianoben 8 minutes ago [-]
> while ignoring the fact that these laws provide tools allowing parents to do just that
These tools are called "parental controls" and already exist - we don't need laws to compel their production.
...unless, of course, the true aim is to use this as a beachhead for further expansion of privacy-violating requirements.
You write this off as a "slippery-slope" argument, but given that there are already quite a few tools that do what this law aims for, what's the point?
SoftTalker 3 minutes ago [-]
Because the tools don't work, and are too fragmentary and burdensome.
Would you prefer to inform each movie theater in town which movies your child is permitted to watch? Or just rely on the rating system that applies to most movies and is honored by most theatres?
Parents want one setting that says "this is a child" and then expect online platforms to respond appropriately. As we expect and mostly have in the real world.
dormento 25 minutes ago [-]
The parents can already do that. Its called "parenting". The fact that they won't even though there are (non-required!) tools they could be using to do so is baffling to me.
> if the kids lie during setup, it's on the parents
Pretty much a "Yes, and?" scenario. See above.
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
I get where you're going, but precisely this. These things always start slow... then fast. The old adage "first they came for x, then y" is not a joke or an exaggeration. It is pretty much historic observation. I've lived long enough to know that whenever someone invokes the "think of the children" defense, there's always a catch.
jeffbee 5 minutes ago [-]
The argument about the California bill is not that it is a slippery slope, but that it was drafted by people with zero domain knowledge. It applies equally to toaster ovens as well as iPhones.
Rendered at 19:07:14 GMT+0000 (Coordinated Universal Time) with Vercel.
It seems their strategy is to externalize their responsibility to verify age themselves, and thus reduce their exposure to liabilities when child protection acts like COPPA are violated.
It abso-fucking-lutely should not be at the OS level though, for so many reasons. Even the implementation alone would be a nightmare. Do I need to input my ID to use a fridge or toaster oven? Ridiculous.
I think this is a reasonable balance without being invasive as there's now a defined path to do reasonable parenting without being a sysadmin and operators cannot claim ignorance because the user input a random birthday. The information leaked is also fairly minimal so even assuming ads are using that as signal, it doesn't add too many bits to tracking compared to everything else. I think the California bill needs a bit of work to clarify what exactly this applies to (e.g. exclude servers) but I also think this is a reasonable framework to satisfy this debate.
I've seen the argument that this could lead to actual age verification but I think that's a line that's clearly definable and could be fought separately.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
At some level I don't blame him. It is also a bit strange how in that act alone he showed more accountability than most of the politicians that were questioning him, never mind most executives. I suppose Josh Hawley wants to be liable for personal lawsuits for his acts of Congress too... people cringe at his "robotic" demeanor but I can't remember the last time someone turned and faced people and apologized like this. Most people asked to do the same (even in front of the same body) never do.
https://youtu.be/yUAfRod2xgI
There have been numerous cases in history where governments have attempted to legislate the outcome they want without regard to how that might be done or if it was possible in the first place. Obviously it can never deliver the results they want.
It would be like passing a law to say every company must operate an office on the moon, and then saying that companies lobbying for an advanced NASA space program is them externalising their responsibility.
It would be a mess, but solve the problem. It’s not that we don’t have the technology, we just don’t want to because the friction would decimate user numbers and engagement; it would be much simpler to regulate (e.g. usage limits on minors); and minors are less monetizable, which would lead to lower CPM on ads.
Then there’s the legal liability if you know someone is a minor and they’re sending nudes, for example. And the privacy concerns of tying that back to de-anonymized individuals.
But obviously I wouldn’t believe that social media companies care about user privacy on behalf of people.
Requiring all online account creation to go through some government vouching system sounds far worse for privacy than OS doing age verification.
Even if they used an open source zero knowledge proof, HN will still immediately dismiss it has an attempt to steal your data. The proposal here and the similar bill that passed in California doesn't require any validation that you enter you age correctly.
It's not about protecting children. It's about increasing adtech intrusion, protecting revenue from liability, pushing against anonymity, and for all the various apparatus of power, it's about increasing leverage and control over speech.
https://www.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a...
Don't get me wrong, it's good to know but it's not earth shattering information.
How does getting the OS to do age verification "get rid of anonymity online" or help "sell ads"? Assuming the verification is implemented in a competent way (ie. it's not just providing an id scan for any app to read), it's probably one of the more privacy friendly ways to implement age verification, that's also more secure than an "are you over 18" prompt on every website.
> implemented in a competent way (ie. it's not just providing an id scan for any app to read)
What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
If you're trying to imply Meta is behind the "overton window shift", that's plainly not the case. The popular sentiment against smartphones and social networks harming kids (thereby necessitating bans/verification) have been boiling over for a while now (eg. "The Anxious Generation, 2024"), and meta is just trying to get ahead of this with laws that favor them.
>What if there are vulnerabilities? You're inherently introducing more attack surface and providing more data than you would without these laws.
Probably less likely to cause vulnerabilities than web usb or web bluetooth , both of which gets some pushback here but nowhere as much an API that returns a number.
Their entire top leadership has shown a multi-year tendency towards psychopathy and lying. Knowing Meta is pushing this bill makes me want to understand why my views and theirs randomly agree as well as carefully read the bill text for any signs Adam Mosseri was within 500 feet of it.
That's probably a sign that you should reevaluate your views.
Which has led some to suspect much is LLM generated and not properly human-reviewed, in addition to the very short timeframe from initial self-disclosed start of the research to publishing it online (mere 2-3 days) despite the confident tone the author uses.
[1] https://web.archive.org/web/20260317184359/https://lobste.rs...
Accordingly, it is never too late to lobby against these things.
It's not an accident that this appeared within a month or two of the California one. I would bet good money that there's someone shopping this bill around.
If you do a frequency analysis of when these bills are being introduced, you'll notice an odd cluster internationally. Less charitably, they're coordinating / talking / being pushed by someone. More charitably, the "idea" is spreading.
It's a very odd idea to spread though. Age "verification" isn't something people are truly passionate about.
I suspect that, long-term, this is about surveillance. The powers that be would rather kill the golden genie that's general purpose compute than have teens and radical youth with compute.
This is going to get bad.
How is this a counter-argument? I often read this, as if there's some international trusted organization of logical thinkers that has approved inclusion of slippery slope to a list of logical fallacies that must never be invoked in a conversation.
Every single time five years later it turns out that the slope actually was slippery.
If you connect it with a permission system where you can choose whether to provide this information (e.g. >13 as a bool or age as an integer or the birthday as a date) that can't be too bad I guess?
I haven't read the whole thing of course.
Not to mention that computing is a global thing, and in order for this to be useful it would definitely have to be providing more specific information than just a bool. Maybe chats require 13+, but pornography requires 18+. Maybe those ages are different based on location. All advertisers would need to do is ping the various different checks to get your actual or at least very approximate age.
This kind of thing is a slippery slope, and its ripe for abuse by doxxers, advertisers and big brother himself. Burn this with fire. I'm totally in agreement with the others that suggest stuff like this should b just get banned from getting introduced and reintroduced constantly trying to sneak it in as a rider or hidden provision. The people DON'T want it.
i'm from illinois, worked in california, and no longer live in either. from afar, it seems that whatever california bureaucrats propose, after a short delay, gets proposed by their little sibling bureaucrats in illinois.
>"Operating system provider" means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
I.e Linux will most likely to be immune, since its not tied to a particular computer.
Which just means Linux stay winning. It already made big headway in the video game space, so its prime to take over personal computing too.
That's a really weird and nonsensical reading of "operating system software on a computer".
Sounds like there actually would be some benefit commenting about it on HN.
So they are right in that sense - commenting on HN is cathartic but ultimately useless.
And the people who matter and are against this also don't use HN because they view this platform as toxic and reactionary.
HN is basically slashdot now.
People have been worried about that on HN for years, but I still see the same culture. There do seem to be more bots and astroturfing, but that's a systemic issue with all social media platforms today.
And that's the crux of the issue - the industry and people have changed, but HN hasn't changed discourse wise and is growing increasingly disconnected demographically speaking.
A large portion of HNers are men in their late 30s to 50s, and no longer located in the Bay Area or NYC.
No one's who matters is having these kinds of conversations on HN - they're meeting IRL with Luma invites or in signal/imessage/discord group chats.
Surely I'm missing something? Is the backlash due to fear of a slippery slope?
Linux distros always have a "root" user. Does that user have to be asked its age before being usable? What about docker containers, which often come with a non-root user? What about installation media, which is often a perfectly usable OS? It would either have to be so easy to get around this law that most kids could do it easily, or so overzealously enforced as to disrupt the entire cloud industry.
My guess reading the law as linked is that it's much closer to the former than the latter. That being said, you're right that it does bring a bunch of headache alongside with it for little-to-no benefits.
There are so many ways for this to go badly or simply be annoying.
I’m a guy in my 40s with no kids. I shouldn’t need to deal with all of this. Let the parents turn on parental controls for their kids; don’t force it on everyone.
If Meta needs to find a way to verify age, then that is also their problem. They are trying to make it the world’s problem. I don’t use any Meta products, so again I would question why I need to care about this… why will it become my problem?
The slippery slope then comes in addition to all of this.
It seems Apple already implemented their age verification API. I got prompted for it when opening the MyChart app a few weeks ago. The API used in that case only sends a Boolean if the user is over 18 or not, this is the best of the bad options. However, they have other APIs to get other data from a digital ID. The user is at the whim of the API the developer chooses to use. They can say no, but then they can’t use the app. I’m not sure how Apple validated my age, as I hadn’t loaded an ID into my wallet, but my Apple account is nearly 18 years old, so that might be good enough? If I were to get a Mac and just want to use a local account, then what happens? Can I not verify my age? Will I be able to use the computer or be locked out of the browser? These are some of the fears I have if they take this too far. Maybe some of them are unfounded, but I guess time will tell.
Meta and TikTok (and YouTube shorts to an extent) are the new Sackler family and Purdue pharma. They will hold on to these profit and power engines as long and hard as possible. They will not stop causing the harm unless forced to with regulation.
https://en.wikipedia.org/wiki/Sackler_family
https://en.wikipedia.org/wiki/Opioid_epidemic_in_the_United_...
https://www.profgalloway.com/addiction-economy/
Do you mind expanding on why that is? Is it because it allows them to say "well the API told us they're adults so we're all good"?
Umm isn’t that what we want? Or are you suggesting there should be some other legislation in place?
[1] Tracking Efforts To Restrict Or Ban Teens from Social Media Across the Globe - https://www.techpolicy.press/tracking-efforts-to-restrict-or... - February 23rd, 2026
Let us not blame humans for suboptimal brain chemistry taken advantage of by malicious torment nexus threat actors. Fix the policy, bug fix the human, disempower the threat actors. Defend and empower the human.
[1] Why Ozempic Beats Free Will - https://www.psychologytoday.com/us/blog/hot-thought/202410/w... - October 4th, 2024
[2] https://news.ycombinator.com/item?id=45907422 (additional citations)
(think in systems)
The slippery slope isn't a fallacy in this case as we've seen the pot slowly come to a boil after 9/11 with various laws like the Patriot Act, FISA, etc. and classified programs within the NSA (and I'm sure all the three letters) which violate the rights of Americans everyday. Now it's a coordinated effort across multiple western countries all of a sudden to introduce laws around verifying your age. It's clear where this is going.
Is the government going to require some sort of automated checks that verify every person who connects to the internet has this API on their OS and go after individuals that aren't in compliance?
Unless your specifically calling out accounts that require online registration for the OS. I'm vehemently against that requirement.
Don’t say this too loud please, I don’t honestly think we’re too far from this reality, at least from an “Overton Window” point of view.
Haiku could just run an automatic dialog asking you if you are minor, in Illinois or California and write a text file with the corresponding age category of said person.
These bills do not mandate that todo user cannot modify that information AFAIK.
1 10 0000
or even better
1 10 -2000
This will turn into most useless set of laws ever
Red states: paternalism over your body, liberty for your property
Blue states were paternalistic over both your property (business and social gathering shutdowns) and your body (masking, social distancing enforcement), while red states (particularly Texas, Florida) were very laissez-faire for both.
What's perplexing about this is that research has generally correlated higher amygdala activity (fear/worry) with political conservatism, and lower amygdala activity with political progressivism, but in this case, the effect seemed almost inverted.
Richard Stallman advised us about it long ago.
Thank god Plan9 got relicensed into GPL. 9front might not totally free, but it's a step in case GNU+Linux gets utterly broken.
And, yes, please, go try Trisquel (novice users), GUIX (experts) and Hyperbola (experts and protocol purists).
Avoid every Google, Amazon, Facebook, Apple, Netflix service with nonfree JS.
What I expected was that we'd end up with the OS vendors actually being mandated to really do age verification, and then submitting that using Web Credentials and Secure Attestation so that the far end could trust the whole thing, locking open-source OS's out of the mix and creating more of a walled garden online than we already have. I was guessing it would become a simple checkbox on e.g. Cloudflare - "[ ] allow adult users only" or whatever - and that it would end up with vast swathes of the internet going off limits for anyone not on closed-source systems.
Now, it looks like this is just a way for parents to tell the OS "this is a kid account" and have it flow through to websites so they can easily proactively block kids from connecting without having to implement any of that crap. Yes, it's much potentially easier for a child to circumvent; but any kid who can get around that sort of thing from within an OS could probably just wipe/reinstall anyway, so who cares?
As a parent whose kids are continually trying to see what trouble they can get into, I appreciate that I will get one more potential weapon in the fight.
Can someone tell me whether I am being a fool by actually being a bit relieved it's going this way?
You're being a fool by actually being a bit relieved it's going this way.
These bills are meant to nudge the overton window[0] of digital politics in the direction of mandating realtime identity verification for all forms of computing. Advertisers want it, governments want it, _bad people and bad governments want it_. By pushing a very small and "weak" legally-required form of user identification on everything under the guise of "saving the kids", all involved parties can point at those who disagree and say "Look, if you disagree you must want to hurt children!" And so the bills pass, and a weak form of identity verification passes and is enforced. Then it'll be shown it doesn't work, and the proposed solution will be to make these identity verification laws more intrusive and more restrictive. Repeat ad-nauseum.
0: https://en.wikipedia.org/wiki/Overton_window
Time to start throwing up hobby BBS sites... and I think in this case text mode interfaces over web might be an advantage.
There is no verification beyond that in these sorts of bills (CA, CO, IL). It's the parent's responsibility to watch their kids when they set up an account.
> Legitimate adult websites will not show the content.
This is a big problem (that won't necessarily be solved by this particular legislation, granted). There are already voluntary rating HTML tags websites can add to indicate parental control software should block them, but they're voluntary and non-standardized. Websites can choose not to comply with no real-world consequences. And I don't think platforms like Reddit or X, which are ostensibly all-ages social media but also have an abundance of adult content, are properly set up to serve tags like that on NSFW posts but not other ones.
It's a tricky problem to solve, and, imo, it's one the tech industry has demonstrated it doesn't have any desire to solve itself, hence legislation starting to get involved.
> Websites can send down a single header indicating adult content.
It sounds at first glance like a no-brainer that websites shouldn't have access to any information and the enforcement should be done at a local level (like the current voluntary HTML tags that locally installed parental control software can sometimes read). But some websites might want to display alternate content to minors-- e.g. a Wikipedia article with some images withheld, or Reddit sending a user back to an all-ages subreddit instead of just fully breaking or failing to load when the user stumbles upon something 18+. For anything like that, the website will need to know in some form that the user isn't able to see 18+ content.
Detractors will say parents should just install existing parental control software, even though it's existed in its current form for decades and is obviously not effective. And they'll say it should be the parents' responsibility to enforce what their kids are doing with computers, while ignoring the fact that these laws provide tools allowing parents to do just that (the parents are the ones responsible for supervising their kids when they create accounts to ensure they're not lying about their age-- if the kids lie during setup, it's on the parents).
Anyone with kids will probably acknowledge that it's much easier supervising your kid once when they first set up an account on a new device than it would be to supervise them 24/7 when they're using the internet. But for some reason, lots of people without kids are in a panic about having to type in any date older than 18 years ago. The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
Because that's exactly what will happen. This is battlespace preparation for the destruction of anonymity on the internet, because politicians find this inconvenient.
These tools are called "parental controls" and already exist - we don't need laws to compel their production.
...unless, of course, the true aim is to use this as a beachhead for further expansion of privacy-violating requirements.
You write this off as a "slippery-slope" argument, but given that there are already quite a few tools that do what this law aims for, what's the point?
Would you prefer to inform each movie theater in town which movies your child is permitted to watch? Or just rely on the rating system that applies to most movies and is honored by most theatres?
Parents want one setting that says "this is a child" and then expect online platforms to respond appropriately. As we expect and mostly have in the real world.
> if the kids lie during setup, it's on the parents
Pretty much a "Yes, and?" scenario. See above.
> The arguments I've heard against it are almost all slippery-slope (e.g. "they're gonna do this first, and then add ID requirements next year, because that's what I fear will happen.")
I get where you're going, but precisely this. These things always start slow... then fast. The old adage "first they came for x, then y" is not a joke or an exaggeration. It is pretty much historic observation. I've lived long enough to know that whenever someone invokes the "think of the children" defense, there's always a catch.