Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
Including an age flag field in user data on Linux is fairly trivial, and I’ve seen several proposals for it. Once that’s in place it’s up to browsers, “app stores”, or anything else that needs it to request the data and use it.
The effort from a Linux team here would amount to little more than a “are you 18 yes/no” and there’s no way that would be considered good enough down the line if not now.
Yet, with the way the California bill is written, so long as that data was collected at account creation, it would be adaquate.
Sure. For now. But in any case, aren’t they legally viable if someone complains?
That’s one bit that I do think could do with clarifying. As written resposibility seems to be split between the developer and the controller. From the rest of the bill, it seems like the developer is in the clear if the system functions, and it’s down to the computer controller to ensure users are correctly set up.
What would these systems look like? Im curious.
My concern is that, even if these systems are technically possible, the law will settle on using lucky inefficient methods of age verification such as using AI to scan someone’s face.
It one of the reasons I like the way the California bill has been written, it’s very clear that you set the flag, or provide a date, and not only makes no mention of verifying it in any way, but also requires that anything using it trusts it and may not perform any other checking. A service using that data is also explicitly not liable if it’s wrong, so they have no insentive check any further.
It is, obviously, possibly that laws will change in future, but it seems to me that having something like this in place actually makes it harder to implement anything more intrusive later.
Yeah I’ve heard of similar systems in Europe. It’s similar to two factor authentication. Hopefully something like this could also screen out bots, making influence campaigns more difficult. But regardless, however its implemented I hope it will be easy for not-for-profit operating systems (such as linux distros) to operate