As of today, about half of all U.S. states have some form of age verification law around. Nine of those were passed in 2025 alone, covering everything from adult content sites to social media platforms to app stores.
Right now, California’s Digital Age Assurance Act (AB 1043) is all the rage right now, which targets not only websites and apps but also operating systems. Come January 1, 2027, every OS provider must collect a user’s age at account setup and provide that data to app developers via a real-time API.
Colorado is also working on a near-identical bill, which we covered earlier.
The EFF’s year-end review put it more bluntly: 2025 was “the year states chose surveillance over safety.” The foundation’s concern, which I concur with, is, where does this stop? Self-reported birthday today, government ID tomorrow? There appears to be no limit to these laws’ overreach.
The population of the united States has suddenly jumped in age to 54. They don’t give Fuchs.
One should be able to skip it when creating an account and then it should default to Jan 1st 1970 on all open source OS’s to provide anonymity.
this is the pipeline to fully
trustedrestricted computing.Linux couldn’t possibly comply properly with these new restrictions? Consumer grade prebuilts and laptops now only run “certified” operating systems, just like most mobile devices.
Surveillance and censorship are the ends, “age” (identity) verification is the means.
The problem with Linux for the government is that it has a unique ability for being easily modified by users. You sure can force some very popular distros to follow these laws but you cannot force less popular distros made by enthusiasts to comply. Especially if those enthusiasts live not in your country.
The very day I hear that my os is asking people their age is the day I find a different one.
No, it mightn’t. Err, won’t.
The most practical solution is probably to “not sell Linux in California anymore”. I guess distributions could geofence the iso download page for plausible deniability and then that’s that, right?
Who the hell is “selling” Linux?
Red Hat.
The other distros? No idea.
I knew someone was going to come back with Red Hat. I just didn’t expect it to be you!
Hey even I use Linux daily.
Actually, I’m not really sure why “even I” should be shocking. I write code for a living. Surely I should be using Linux once in a while.
Anyway RHEL is probably the only Linux distro I can think of that costs money and comes with support. The major cloud providers sometimes have their own Linux distros they use as well (looking at you, Amazon) and you can argue they are selling Linux, but not as directly as RHEL does.
I’d like to go back to KDE Neon, but it doesn’t play nice with thermals on my Surface.
(and I totally expect you to be a Linux user … why haven’t you bragged about using Arch yet?)
why haven’t you bragged about using Arch yet?
Well Manjaro is Arch-based, but it feels like cheating to say that. Anyway, I used Manjaro, btw.
Wait, so instead of me telling every website I’m 90, I’ll tell my OS I’m 90 and the sites will query that, and this somehow works better? I’m not 90 btw, so all I’m doing is just changing who I’m lying to from zyn.com to Fedora? Great plan.
They know people will do this. It’s only stage 1. After this system is integrated, they will complain that people are misusing the feature and it needs to be upgraded to ID or biometrics. Boiling the frog.
Your Linux distro may be next. I use Arch by the way.
I lolled. Thanks I needed that.
Of course you do.
He’s a player, after all. 101010 (I assume that’s binary for 80085).
We don’t talk about 80085. Who the hell turns their calculator upside down now?
I couldn’t find any threads on the forum about this. I would like to know how/if Arch will handle this.
In my youth I was taught that democracy meant that the government served the people.
What do any of these laws have to do with serving the people? Do they have anything to do with the will of the people?
The government serves the class that controls production and right now that class is really really concerned about what everyone does when they aren’t slaving away for them.
Billionaires are people.
They have the will to fuck everything that moves.
Billionaires certainly are people, but these laws don’t even serve billionaires in any meaningful sense, so that’s hardly an explanation without more elaboration.
It’s serving the will of prudes, religious fruitcakes, inattentive parents, the technologically illiterate, and anyone dumb enough to be taken in by the “think of the children!” Rhetoric of the control-freaks.
Unfortunately this is a rather large constituency.
I would find it very sad if they were a majority, anywhere. :(
The problem is the silent majority.
And what counts as silent.
Because if you haven’t actually demonstrated, talked to, or written (with a letter) to a politician, you’re effectively silent.
Talking about it with friends and family and on the internet is tantamount to silence when it comes to influencing politics.
The other side, the raving lunatics who want total surveillance… they are loud as hell.
I’m assuming you’re in the USA. If this a correct assumption, then you’re not in a democracy, strictly speaking; but a republic.
I am not. I am from a country whose constitution starts with the statement that it is a democratic republic.
And you believe it?
This is not going to work people will distribute linux distros on mesh networks like libremesh or meshtastic networks.
I don’t think Meshtastic would work for that with a 200char limit.
Usenet and torrents otoh, already can’t stop that. Not to mention lying is still a thing. I’m 136 years old so I should know.
Me and the other 99% of Steam users allegedly born on January 1st agree with you
I said that people would use mesh networks like meshtastic or libremesh. Not those exact mesh networks.
Fair enough
Presumably even if Linux must provide a means of reporting an age, you can always modify that distro to always report the oldest age?
Yes
The California law is just "put this column in your DB and make a getAge() call.
sysctl user.legal_bullshit.pretend_age_quote_verification_unquote=99Watch that land on distros everywhere.
Age Verification Laws
The most misleading title ever. They are surveillance laws
The thing about doing age verification at the OS level is the user could just install a crack that rewrites the necessary code. It’ll take some heavy DRM type stuff to block that. Possibly hardware support, like a specialised TPM.
No way can that be standardised and then rolled out quickly. If they rush it then it’ll be some proprietary power grab.
The alternative is each website and app does it separately which will be spotty and provide endless security breaches.
It’ll be a shitshow either way.
The thing is, this shouldn’t really be a problem.
I am still against where all this age verification crap is coming from, and I’m against what specifically “age verification” entails; but here’s the thing: We keep saying, “It should be the parent’s responsibility to secure their kids”—and while that’s true, you can do all the talking and educating you want, but the fact is that the internet is now nigh-fully integrated with our lives, and unless you are surveilling your kid at every moment they are on the internet (don’t recommend), not every parent has the time, resources, or know-how to keep their children safe on the internet without help.
So to play naive for a moment and ignore the well-understood reality that “child safety” is an atom-thick veil for mass surveillance: Why did we give up so fast on device parental controls? The info being stored on the OS / user settings actually isn’t so bad of an idea if the implementation valued both safety and privacy. Upon setting up the device or account, it is the parent’s responsibility to create a password or biometric or whatever to activate/deactivate the safety mode. No personal information required. It should be pretty easy. Are there technically ways for the kid to get around this? Yes, but that’d be breaking the trust. In the same way you’d deal with your kid sneaking out of the house, you deal with that separately. The existence of websites that don’t perform the check is inevitable no matter what you do.
And if you don’t believe your kid needs a safety lock on the internet, then that’s your prerogative.
It’s apparent that many parents need a more convenient tool available to them, but privacy doesn’t need to be compromised in order to achieve a safer internet. I got lazy while writing this, and I’m sure that’s clear in some spots, but I’m just gonna post it. There’s possibly something huge that I’m overlooking, so I’ll just let someone else point it out.
It’s a bit crazy to think about how things have changed. When I was a kid, the only computer in the house that was online was in the office/living room, so my parents could walk past at any time and see what I was up to. This was in the MSN beta days, and I was usually in teen chat, which, given the beta, meant that we were all teens whose parents had gotten prerelease Win95 discs (actually, in my case, it was the head of my high school math department who “loaned” me his CD).
As a result, it was pretty chill. Having your phone at all hours and no oversight seems an absurd situation.
You’re not overlooking anything. You hit the nail on the head, these laws are about surveillance and censorship and that’s why they’re being implemented in the worst and least privacy respecting way possible. The next step is to make sure it’s impossible to circumvent by enforcing locked bootloaders and secure boot. Phones are 90% of the way there already and it probably wouldn’t be too hard for them to fuck up the desktop/laptop side of things either.
The issue still remains that with a check like this, who is to say what content need be age-restricted now lies with the state. They could (and will) restrict content and information that I think my kid should have access to, and it will be a bit all-or-nothing.
Provided the above, I’d say the centralizing of information is the chief concern @SnotFlickerman@lemmy.blahaj.zone.
I don’t know what a satisfying and achievable solution looks like here with that considered.
My Linux is not ever going to have any age verification.
I’m not living in those backwards contry and if that push ever comes to shove, there will always be way around it. It’s the beauty of open source, no entity is liable to comply. And we’re in the brink of ad-hoc internet which would render that stupid centralized and overgoverned shit to zero.
