The law doesn’t require anything of users, it requires something of OS providers.
For a FOSS OS, any user with root access would be considered an “OS Provider” under the definitions provided in this law. With FOSS, there is no real distinction between “user” and “developer”.
You are right, it just says whoever “controls the OS”, which is very vague. Even without going to open source, a user still controls the OS even on Windows or macOS. To a lesser degree of course, but in the same way a driver controls a car even if they can’t or won’t try to modify it.
The windows user uses the OS. The windows user does not control the OS. They only have access to the functions that Microsoft has provided. The Attorney General of California won’t be able to argue that the sysadmin is the OS Provider of a Windows installation. The OS Provider of Windows is Microsoft.
The Attorney General of California would easily be able to argue that the OS Provider of a particular Linux instance is the sysadmin of that instance.
They only have access to the functions that Microsoft has provided.
And a user of Ubuntu only has access to the functions that Canonical has provided.
Unless they have root access and modify the OS. Or they have administrator access on Windows and modify the OS. Which is the case for both by default. I don’t really see the distinction. There is clearly a provider company behind both, and in both cases the user could add this age check functionality by themselves by installing an utility that provides it.
And a user of Ubuntu only has access to the functions that Canonical has provided.
That is not at all accurate.
Administrator access to Windows is not at all comparable to root access on Linux. Windows “root” access is held solely by Microsoft, and granted only to Microsoft employees and contractors. They are the only ones with the capability of changing Microsoft’s binary blobs.
Canonical doesn’t restrict root access. Everyone who installs Ubuntu has root access by default.
Suppose Canonical adds this capability to Ubuntu. Suppose I take an Ubuntu install, and remove this capability. Who is the provider of the resulting OS, Canonical, or me? Obviously, I am responsible for the changes; I am obviously the OS Provider in this scenario. What I am saying is that I was the OS provider before I made the changes. For FOSS software, the end user fits the OS Provider definition that California creates with this law.
What does the comparability of root/admin access change in this situation?
Suppose Microsoft adds this capability to Windows, and you edit the registry to disable it. How is that any different?
I can see the argument for something like iOS. But on Windows you would be able to add or remove such functionality. What is the difference that makes the user the OS Provider on Ubuntu but not on Windows, in your eyes?
Let’s say you own a computer store in California, you sell Windows laptops, and you setup your preinstalled Windows image with the registry edit made, because customers don’t like the silly age prompt. How are you not the OS Provider?
Suppose Microsoft adds this capability to Windows, and you edit the registry to disable it. How is that any different?
By allowing the end user to change it instead of locking it down, they are not making a good faith effort to comply, and they lose their liability protection. To maintain their immunity, at the very least they will need to prohibit Californians from disabling the feature.
Canonical is prohibited from adding comparable terms.
I can see the argument for something like iOS.
How is iOS any different from Windows here?
Let’s say you own a computer store in California, you sell Windows laptops, and you setup your preinstalled Windows image with the registry edit made, because customers don’t like the silly age prompt. How are you not the OS Provider?
Again, to maintain their immunity under this law, they would have to prohibit me from doing this in their licensing agreement. My violation is what protects Microsoft. I would, indeed, be the OS provider in that scenario.
But in the scenario you describe, I’m not the end user.
Neither Canonical nor I can include the same restrictive terms in our OS offerings. We can simply inform our users that the OS is not California compliant. Our users become their own OS Providers as soon as they decide to use them in California.
The law doesn’t require sending the data anywhere, so that’s not a problem.
The law doesn’t require anything of users, it requires something of OS providers. OS providers have addresses and entities to fine.
For a FOSS OS, any user with root access would be considered an “OS Provider” under the definitions provided in this law. With FOSS, there is no real distinction between “user” and “developer”.
You are right, it just says whoever “controls the OS”, which is very vague. Even without going to open source, a user still controls the OS even on Windows or macOS. To a lesser degree of course, but in the same way a driver controls a car even if they can’t or won’t try to modify it.
The windows user uses the OS. The windows user does not control the OS. They only have access to the functions that Microsoft has provided. The Attorney General of California won’t be able to argue that the sysadmin is the OS Provider of a Windows installation. The OS Provider of Windows is Microsoft.
The Attorney General of California would easily be able to argue that the OS Provider of a particular Linux instance is the sysadmin of that instance.
And a user of Ubuntu only has access to the functions that Canonical has provided.
Unless they have root access and modify the OS. Or they have administrator access on Windows and modify the OS. Which is the case for both by default. I don’t really see the distinction. There is clearly a provider company behind both, and in both cases the user could add this age check functionality by themselves by installing an utility that provides it.
That is not at all accurate.
Administrator access to Windows is not at all comparable to root access on Linux. Windows “root” access is held solely by Microsoft, and granted only to Microsoft employees and contractors. They are the only ones with the capability of changing Microsoft’s binary blobs.
Canonical doesn’t restrict root access. Everyone who installs Ubuntu has root access by default.
Suppose Canonical adds this capability to Ubuntu. Suppose I take an Ubuntu install, and remove this capability. Who is the provider of the resulting OS, Canonical, or me? Obviously, I am responsible for the changes; I am obviously the OS Provider in this scenario. What I am saying is that I was the OS provider before I made the changes. For FOSS software, the end user fits the OS Provider definition that California creates with this law.
What does the comparability of root/admin access change in this situation?
Suppose Microsoft adds this capability to Windows, and you edit the registry to disable it. How is that any different?
I can see the argument for something like iOS. But on Windows you would be able to add or remove such functionality. What is the difference that makes the user the OS Provider on Ubuntu but not on Windows, in your eyes?
Let’s say you own a computer store in California, you sell Windows laptops, and you setup your preinstalled Windows image with the registry edit made, because customers don’t like the silly age prompt. How are you not the OS Provider?
By allowing the end user to change it instead of locking it down, they are not making a good faith effort to comply, and they lose their liability protection. To maintain their immunity, at the very least they will need to prohibit Californians from disabling the feature.
Canonical is prohibited from adding comparable terms.
How is iOS any different from Windows here?
Again, to maintain their immunity under this law, they would have to prohibit me from doing this in their licensing agreement. My violation is what protects Microsoft. I would, indeed, be the OS provider in that scenario.
But in the scenario you describe, I’m not the end user.
Neither Canonical nor I can include the same restrictive terms in our OS offerings. We can simply inform our users that the OS is not California compliant. Our users become their own OS Providers as soon as they decide to use them in California.