This is a most excellent place for technology news and articles.
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established.
It's so fucking obvious the people who wrote this have no idea other operating systems than iOS, Windows and Android exist.
For fuck's sake.
What are parental controls?
GOTEM! THIS IS ALL ABOUT POWER & CONTROL, AND THESE PEOPLE WANT TO COVER THEIR ASSES TOO!
Goodbye tech ownership in Colorado if this passes. We're moving one step closer to the government issuing out thin clients that only they control.
Year of the Linux desktop inbound.
Age verification is identity verification.
"OPERATING SYSTEM PROVIDER" MEANS A PERSON THAT DEVELOPS, LICENSES, OR CONTROLS THE OPERATING SYSTEM SOFTWARE ON A DEVICE.
great, for my devices then, that would be me
Not the OS.
The OS "provider"
Linus Torvalds ain't gonna check my ID. And i don't want him to, either.
Everyone was born at 00:00:00 UTC on 1 January 1970
This is getting ridiculous.
Linux is the only reasonable choice anymore.
Linux won't be legal in Colorado if they pass this. You'll need an account with some age-policing, ID-reporting corporation to be able to use a computing device.
How do they imagine they could enforce this though? Presumably quite selectively, based on the user's political leanings.
Are they going to check people's PCs at the state borders as they move in then?
Do you have any ~~fruit~~ computers to declare?
Presumably quite selectively, based on the user’s political leanings.
Not defend Democrats too much here, but they clearly have far less of a habit of doling out enforcement based on political leanings than the Republicans, even if they do enforce things quite selectively when it comes to actual leftists while letting Nazis run around with seeming impunity.
Colorado has been a solidly Blue state since the end of the W. Bush years, and even then, it was pretty split down the middle with just over half of the votes going to Bush. It's honestly been mostly-Blue-dominated since 1992. (Lauren Boebert notwithstanding)
Further, the two main sponsors of the bill are both Democrats. This genuinely seems to me to be another example of "heart in the right place but don't know what the fuck they're actually doing" which seems common for the tech illiterate and often for Democrats in general.
Once again, not saying Democrats aren't guilty of selective enforcement, just pointing out that they're far less likely to do so (or at least less likely to do so against conservatives, for genuine leftists it seems up for debate).
Now, that also means nothing in context to how other politicians can use this kind of legislation negatively, even if the writers and sponsors truly have the best of intentions. Democrats had the best intentions when it came to the PATRIOT Act and the creation of the Department of Homeland Security as well, and way back then folks like me were saying "this seems pretty dangerous, especially if we ever have a despot take control of the country and the levers for these tools" which clearly has come to pass.
Sorry for the stupid question, but what would an “operating system provider” mean here? Does that mean “the organization that builds and distributes the operating system”? If so, Linux is sort of screwed in CO; even The Linux Foundation can’t act for Linux the same way Apple or Microsoft can for macOS or Windows respectively. Maybe Red Hat could, but only for their flagship distro RHEL, and the E stands for Enterprise, lest we forget.
If “operating system provider” were interpreted to mean “system administrator”, however (which is a stretch, but still), that might be a decent solution, since it has the effect of age-limiting content in an enforceable way, but keeps identity information from being centralized under a government or (single) private agency. The sysadmin for children would be parents, who are the only ones who would be providing the hardware, and that could work, especially if there was only the child’s account on the device (like a cell phone).
I dunno if the above is horribly ignorant; if so, I’m open to being more educated on the topic.
Ah, I found the official answer to my question in the definitions (definition 9):
"OPERATING SYSTEM PROVIDER" MEANS A PERSON THAT DEVELOPS, LICENSES, OR CONTROLS THE OPERATING SYSTEM SOFTWARE ON A DEVICE.
This still leaves room for ambiguity, though, especially when it comes to Linux: is the OSP the person who installs the OS (e.g. a sysadmin)? They control the operating system on that device. Or are they the individual/organization that deems what software counts as a given operating system (e.g. Microsoft or Linus)? They develop and license the operating system that happens to be on a given device. Maybe it’s both, but the context suggests the latter more strongly to me.
It also says the age will be acquired 'upon login', so I'm not sure how that would work with linux. More anti-tech old farts making the rules
More anti-tech old farts making the rules
Wish we could blame it on them being old, but the primary sponsors aren't that old. Matt Ball looks late thirties, early forties at most and Amy Paschal looks late forties, early fifties at most. I couldn't find background on their specific ages, but Matt Ball's bio refers to still raising his children, which also implies the younger side.
https://leg.colorado.gov/bills/SB26-051
Just think: Without legislation like this, kids will be able to see people having sex! Thus, ending their lives. Not so different from staring into the eyes of Medusa!
The amount of children exposed to sex that have died—or suffered worse consequences like early onset conservatism—may have been zero so far but the dangers are clear! We must skip right over parental involvement in child rearing and go straight to the source of the problem: Computers.
Computers have been giving everyone access to too much information for too long! We must restrict it! The first step is to get an implementation that actually works to censor information—to save the children (wink wink)—then later, we will have the tools necessary to censor whatever we want!
When glorious dictator decides that information about trans-genic mice must be erased from the Internet, we shall have the power to do so!
We must protect little Billy from seeing tits, so he can keep laser focus on preparing for the next school shooting.
Hear, hear. When I was young my friends and I wanted to see the naked boobies but because the internet had not been invented we just couldn't. It was impossible! Its not the kind of thing you find lying around!
Definitely not in ziplock bags hidden in the nearest forest to the school, put there by your older brother...
The reasoning in Australia is not about sex but cyber bullying. It’s a big problem and certainly more difficult to refute than kids watching porn.
How the fuck does age gating prevent cyber bullying? That's not an age issue, it's an asshole issue.
Oh wait, because it's not about age at all but identifying individuals who think differently when the regime. Whichever regime that is.
Like those cases where the cyberbullying was coming from the children's own fucking parents.
This goes in a better direction than web sites doing it themselves, I think. The government put out an open source tool that runs locally and the browser just gets a yay/nay return code from it.
The only thing this bill seems to affect are apps. It has no provision for websites, meaning kids would still have unlimited access to adult content. If a kid wants to get around browser checks, all they have to do is either install an older browser that doesn't use the OS verification, or find a plug-in that fakes it (and of course those will immediately come out).
Even worse, if the OS requires ALL software to acknowledge the age verification checks, what do you think that means? Everyone in Colorado is required to immediately spend thousands to buy all new versions of every program they use? And what happens to the software that is no longer updated? If you're lucky, you can buy something completely different and spend months rebuilding all your old information into the new system? Sounds wonderful.
I think it's pretty clear that this was written by people who are used to getting everything from the iOS store/macOS store/Microsoft store/Google Play store and have no fucking clue what using a computer that isn't "app-based" is like.
On paper, I like this solution better than every app/site developer having to hack together (or outsource) their own age verification system. But I'm sure it opens up a ton of potential problems. And if it's open source, someone could just fork it and make a version that always says "yes" so unfortunately it'll never be FOSS.
Some kind of cryptographic signing of the executable could probably help with that.
Ultimately I don't believe there can ever be a foolproof solution and the emphasis should be on client-side parental controls.
How do they secure age data? Age is most likely two characters, with a max of three characters. If there are penalties for sharing the age data when they aren't supposed to, how do they secure this? Even with cryptography a two character number with only 70-ish reasonable and expected variations is going to be difficult to secure.
How do they ensure no one who is a different age ever uses the device? "Use mom's iPad" is univseral. Does mom get in trouble for letting her child use her device, does the parent end up with the fine?
However, if a developer has clear and convincing information that a user's age is different than the age indicated by an age signal, the developer shall use that information as the primary indicator of the user's age range.
I feel like #1 and #2 are problems whether its client side or server side. As for #3 I would lean in the direction of there being a one-time check with no persistent knowledge. Like when you flash your ID to the bartender to order a drink. A client app that scans the ID and returns the answer to the requestor.
But I don't think there is any way to reliably implement this sort of thing. I think it should really just be left to parental control and monitoring.
I think part of the problem is there shouldn't be a server-side to this. Because that's opening the door to all kinds of intrusive data-collection to determine age, even if they claim it should be done "minimally." Define "minimal." That seems to fly in the face of "clear and convincing information that a user’s age is different than the age indicated by an age signal" which is a direct quote from the Bill.
And as for number 3, I don't see how no persistent knowledge could work. If the client app has read the data ("scanned the ID") that means the client-app can now store that data anywhere the client-app has write access.
Further, it's not like in real life when the bartender can scan the person up and down, look at the ID and make the assessment that McLovin is clearly underage.
If it's open source it can be verified that it's not storing the data.
And I 100% agree that software scanning an ID is an overall bad way to verify. With a CC# validation at least that shows up on my statement, but if my kid is sneaky enough to get mine out of my wallet I have no way of knowing.
Maybe our goverments should spend more effort to determine if it's citizens are even just alive or dead to put a dent in the half a trillion dollars the fed govt pays out to dead citizens they dont know are dead. Then we can maybe talk about how the fuck these idionts are guna conrirm th3 age of their living citizens.
Or hey heres another thought, use this effort to design a better consumer price index which is currently a huge guess of economic status based on the most minimal of factors of the tiniest sample sizes of data.
Where did you get this from? Sounds like more of the crap from DOGE where Musk had no clue how computers work so he just assumed that everyone listed in SSI was getting automatically paid.
Another aspect beyond making Linux legally dubious is this: How do they actually secure the age-data?
Age is generally two characters with a limited character set [0-9] even with an extremely well hashed and salted you're looking at only less than 70 combinations being very likely.
There are penalties for sharing with a third party, but what if it's trivial for a third party to exfiltrate this data?
They keep trying to make Linux more appealing.
