California Law says All OSes Need Age Verification

Message

b11n · Post by **b11n** » Fri Mar 20, 2026 5:32 am

gjy0724 wrote:Apparently its official that age verification components will be part of systemd...guess who is pushing systemd. Like I needed another reason not to use it!

It's possible for all these things to be simultaneously true:
• the law is an ass
• nevertheless, there will be apps and services that choose to comply with it
• people are going to want low-friction pathways to using those apps/services
• systemd is a reasonably sensible place to put that logic*

Now if Poettering starts running around holding guns to people's heads demanding they install his stuff I'll take this all back, but there's no need to use some bad legislation as an excuse to fan the flames of a tired old culture war in the Open Source Community. We should be fighting the enemy, not each other, like they want us to do.

Anyway, even if you have to have to run systemd and you don't want this, you can patch it out, it's open source, there's no laser beams and trip-wires. The freedom of choice to do this is what we're running Gentoo for, isn't it?

Or, if you're like me, probably just give it a fake DOB. It's not like I haven't been doing that since I was 12, logging on to BBSs with lots of, uhh, beer.

* and seriously, don't come at me with any of that Unix Philosophy "do-one-thing" malarkey, it's not a law of physics, and it's not the 1970s any more

This post was brought (and bought!) to you by the official Systemd Paid Shill Program. Professional driver, do not attempt. Filmed on a private road. 300 milliseconds off your boot time, or your money back.

dbtx · Post by **dbtx** » Fri Mar 20, 2026 5:30 pm

This is probably not legally sound / correct / safe / stable, but it is sometimes amusing and other times a fair indictment of some actors. There is also some "curl | sudo bash", which is an antipattern at best, but hey the whole WWW is an antipattern now.

https://agelesslinux.org/

Post by **NeddySeagoon** » Fri Mar 20, 2026 6:23 pm

That ageless linux link is a wee gem.
Read it all.

It might install on Gentoo too:

ChrisJumper · Post by **ChrisJumper** » Fri Mar 20, 2026 10:59 pm

No. Gentoo is not about this. Something who find us will understand. And it is the same as a copy by some source code itself. Gentoo is browsed by LLMs in 3/4 times instead of humans i think.
You can implement some age verification. But i do not think so. Just host outside of the USA, should be enough.

b11n wrote:
gjy0724 wrote:Apparently its official that age verification components will be part of systemd...guess who is pushing systemd. Like I needed another reason not to use it!
• the law is an ass

Focus on your last sentence. Law was the source code of the past. Before Math. And open source too! It was kind of glue between humans. And because law was a new invention it was like math or language and social standards like religion on a higher layer as bleeding edge cooperation.

We need to take care and have strong bounds together.

Spanik · Post by **Spanik** » Sat Mar 21, 2026 9:26 am

ChrisJumper wrote:No. Gentoo is not about this. Something who find us will understand. And it is the same as a copy by some source code itself. Gentoo is browsed by LLMs in 3/4 times instead of humans i think.
You can implement some age verification. But i do not think so. Just host outside of the USA, should be enough.

A bit above in the thread there is a link to very similar legislation in South-America. Then there is the Red Flag Linux mention. And there are enough politicians in the EU that take the US as a guiding light. Not to mention the extremely well funded lobby groups that have zero integrity. I don't think that will be enough.

oscoder · Post by **oscoder** » Sat Mar 21, 2026 8:34 pm

My question about this, as someone outside the USA - how does it play with data protection legislation in other countries?

For example in the UK, my training erred on the side of caution, but seemed to say that any storage or disclosure of data needed to be strictly necessary. So in a country that doesn't mandate this... sharing the age of a user with random apps and websites ("app stores") might be in violation

IANAL of course but this raises the question if it's even possible to make an OS which complies with all laws on all countries. Compliance with one may violate another. USE flags seem like the best option for now? I'm sure developers outside of California et al will develop something to spoof age signals to any binaries that need it

wildhorse · Post by **wildhorse** » Sun Mar 22, 2026 10:52 am

Apparently there are at least four problems with age verification.

How does a person provide the information?
How can this be done while protecting privacy?
How to make the procedure convenient?
How to integrate the procedure into the operating system?

These are important questions, because this is all about protecting children, a "social problem" of our time. (cough) Fortunately the Epstein-class is working on the laws to protect the children.

The beacon of our democracy, the European Commission (EC) of the EU, provides the solution: The EUDI wallet (EU Digital Identity Wallet).

The Age Verification Manual
The age verification use case allows EU citizens to prove they are above a specific age threshold (e.g., over 16, 18, or 21) using a verifiable digital credential stored in their EUDI Wallet. The wallet enables selective disclosure: confirming age without revealing full birthdate or other identifying information. It is more secure than sharing a passport or national ID as less identifying data is shared.
This use case manual explains in practical terms how the age verification will work with EU Digital Identity Wallets. It also provides links to relevant technical and legal resources.

https://ec.europa.eu/digital-building-b ... ion+Manual
(posted by the EC)

So far, I could not find any document that refers to the EC solution as well as the integration of age verification into the operating system and applications (as required by legislators in the USA).

ISO 27566-1 provides a framework that reconciles all demands. It also addresses security, meaning that the technical solution has to be tamper-proof - against any attack. Some comments in this thread point out how easy it would be to bypass the law. I am sure the Epstein-class knows that too. Android anyone?

sigra · Post by **sigra** » Sun Mar 22, 2026 6:31 pm

wildhorse wrote:How does a person provide the information?

For example by showing an ID card to the system administrator who creates the account. (Hopefully not necessary if the system administrator is a parent of the user.)

How can this be done while protecting privacy?

Instead of storing the date of birth, the user can be added to a group representing an age bracket. Of course, the user then has to go to the system administrator when aging into another bracket.

jrittenh · Post by **jrittenh** » Sun Mar 22, 2026 9:23 pm

sigra wrote:
wildhorse wrote:How does a person provide the information?
For example by showing an ID card to the system administrator who creates the account. (Hopefully not necessary if the system administrator is a parent of the user.)

How can this be done while protecting privacy?
Instead of storing the date of birth, the user can be added to a group representing an age bracket. Of course, the user then has to go to the system administrator when aging into another bracket.

And when aging into a new bracket, you have just de-anonymized the age of the user.

Max Steel · Post by **Max Steel** » Mon Mar 23, 2026 11:45 am

sigra wrote:Instead of storing the date of birth, the user can be added to a group representing an age bracket. Of course, the user then has to go to the system administrator when aging into another bracket.

Which has completely different problems.
For Example: Drinking Age in Europe is slightly different between countries. But you can have teens at 16 buying and drinking beer and wine unsupervised in germany.
while in the united states you have to be 21 for either of this.

Next example: Driving Age in europe is usually 18. some countries allow 17 for learners.
while in the united states it's different per state, but you can start at 16, usually.

Soooo, while age brackets are an idea for privacy. It really just complicates things. As far as i'm aware, this whole argument stems from the fact that some social medias fears lawsuits because of the ages of their users and trys the whole "but but but the Operating Systems allow them to use us!"

or in other words. i'll patch every inclusions of age verification, even when my country develops some anti-privacy laws of their own.

dmpogo · Post by **dmpogo** » Tue Mar 24, 2026 4:33 am

sigra wrote:
wildhorse wrote:How does a person provide the information?
For example by showing an ID card to the system administrator who creates the account. (Hopefully not necessary if the system administrator is a parent of the user.)

How can this be done while protecting privacy?
Instead of storing the date of birth, the user can be added to a group representing an age bracket. Of course, the user then has to go to the system administrator when aging into another bracket.

I thought modern kids (at least teenagers) are pretty capable of installing OS and be administrator on their own ? Or at list isn't it what we try to develop them to be capable of ?

Post by **NeddySeagoon** » Tue Mar 24, 2026 11:10 am

If you have physical access to a PC, you can do what you want with it.
Secure boot makes that a bit harder.

'Evil maid' attacks are well documented.

Random thought. How does the LFS book require age verification?

nokilli · Post by **nokilli** » Tue Mar 24, 2026 11:21 am

Keep an eye on AI.

These guys are wagging the dog right now. China upended things with these open-weight models you can run locally. Big AI of course would rather you remain in their embrace.

How that connects with this specifically I'm not sure but it's a gate (age-based verification) and there's content that they ultimately want to keep on the other side of a gate (the open-weight models.)

Big money = big agenda. Some hideous shit is coming our way and the opening salvo always seems to be protecting the kiddies.

tlhonmey · Post by **tlhonmey** » Wed Mar 25, 2026 12:58 am

FredER wrote:I don't think this law is enforceable on a consumer level. Especially when talking about Linux and Gentoo. The people using these OS's are such a small part of the public that the litigation about the law regarding these "niches" wouldn't be worth the trouble of enforcement I think.

You mistake the purpose. The purpose of this law is to establish precedent that the government may dictate what software you run on your devices and how it behaves.

Whether or not the law is practically enforceable in its present form is irrelevant. All that matters is the precedent that this is OK in principle.

Once that precedent is in place, the next restriction will simply be that all new computing devices sold must implement non-user-modifiable SecureBoot with government-specified keys. Or something effectively similar to that.

After which all software development will be like the plans Google is already rolling out for Android where you must register your real identity with a central authority in order to even run software that you wrote yourself.

Basically, all the worries that people had about where things were going when SecureBoot first came out as a feature will finally come to pass, "for the children."

And from there, the big money interests will aim to remake computers and the Internet into a system like that described in https://www.gnu.org/philosophy/right-to-read.html

JustAnother · Post by **JustAnother** » Wed Mar 25, 2026 3:30 am

There is another dimension to this: exposure. The people passing these laws know that rigid enforcement is not practical for a host of reasons.
They aren't that stupid. But they want you to think they are stupid.

But when they cast a very broad net and outlaw just about everything, that exposes just about everyone to arbitrary, selective, and capricious enforcement.
Hence the overly broad wording and draconian penalties.

This is happening right now with banks. Say anything to displease somebody, and funny things start happening to your accounts.
Now it is coming to computers and the ability to express oneself, even privately.

It is called lawfare and a few other things.

dbtx · Post by **dbtx** » Wed Mar 25, 2026 3:41 am

NeddySeagoon wrote:Random thought. How does the LFS book require age verification?

Of course it can't require anything, but-- and I only just learned this-- the recipe calls for systemd.

It reminds me of politicians trying to prevent and control 3D-printed weapons by trying to require all 3D printer firmware to detect naughty things and then stop working... or something. They have no idea that they have no idea.

flysideways · Post by **flysideways** » Wed Mar 25, 2026 4:12 pm

https://nmdoj.gov/press-release/new-mex ... inst-meta/

$375 million for not protecting the children.

maalth · Post by **maalth** » Fri Mar 27, 2026 12:59 am

flysideways wrote:https://nmdoj.gov/press-release/new-mex ... inst-meta/

$375 million for not protecting the children.

The "age verification" is the workaround of COPPA. Meta is behind these bills/laws. There's a reddit thread on the full research and where the money is going. This benefits Meta in 2 ways.

1 - By having the age of the user at the OS level, it absolves Meta's liability if they happen to "violate" COPPA.
2 - This helps META serve ads to humans instead of AI/bots

dmpogo · Post by **dmpogo** » Fri Mar 27, 2026 4:44 am

maalth wrote:
flysideways wrote:https://nmdoj.gov/press-release/new-mex ... inst-meta/

$375 million for not protecting the children.
The "age verification" is the workaround of COPPA. Meta is behind these bills/laws. There's a reddit thread on the full research and where the money is going. This benefits Meta in 2 ways.

1 - By having the age of the user at the OS level, it absolves Meta's liability if they happen to "violate" COPPA.
2 - This helps META serve ads to humans instead of AI/bots

And if it absolves meta from liability, that means that liability is moved to OSes