From the press release [my emphasis]:
Require operating system developers like Apple and Google to verify users’ ages when setting up a new device, rather than relying on self-reported ages.
cross-posted from: https://beehaw.org/post/25834609
The U.S. has been quietly building up a set of state-level laws that push operating system providers into the age verification plague.
California’s AB 1043, signed in October 2025, requires OS providers to collect age data at account setup and pipe it to apps through a real-time API. It kicks in on January 1, 2027.
Colorado is working on something nearly identical. SB26-051 (which we covered when it was still a proposal) passed the state Senate 28-7 on March 3, 2026, and is now waiting on a House vote to become law there too.
However, these are just state-level laws. A new federal bill, H.R.8250, introduced on April 13, 2026, by Rep. Josh Gottheimer, with Rep. Elise M. Stefanik signing on as cosponsor, has us intrigued.
Besides obviously being Meta pushing for these, people should start paying attention to the politicians pushing them.
We should not forget these names.
Welp. It’s back to zines and pirate radio.
This is Zuckerberg doing this via Meta:
https://old.reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/
Unidentified users are worth way less than users that they can link to an identity, a law like this passing would massively increase the value of Meta’s user base to advertisers and data brokers.
‘Protecting the children’ is a long used way to shut down dissenting voices (“Why does xxxx want to put our children in danger?!!!”).
There is no “age verification” possible, only identity verification that reveals your age. Once OSes have kill switches installed that operate based on your identity, it’s a pretty straight line to enforcing that only the “right people” have access to computers.
All programmers work for California now. They pass a stupid law, and we get to work on it. I guess this will just move our employer up the chain.
As a European, would it be enough for me to use a distribution that is not from the US? So they would not have to implement age verification at operating system level. All the service (such as Flatpak in example) would still work without verification, right? Can I escape the US law as a European user?
Possibly. That’s up to your distro. However, consider that EU as well is starting to speak about age verification. It’s quite clear that the whole “West” aspires to be more like Russia and China.
That’s about the applications, not on operating system level.
Every day, the words “Violent Uprising” sound a lot less problematic in my ears.
Unfortunately, the majority will go “nothing to hide” and move on. Only when the effects hit will they notice.
We surely need to send protest emails and letters to legislators and government representatives – as citizens did in EU for the “chat control” proposals – and organize protest marches, strikes, and so on.
But yes, if the regime behaves more and more like a Russian state, rather than a democracy, and doesn’t care about citizens’ protests, then “violent uprising” becomes almost a moral imperative. “Democracy” means “government by the people”, and it’s we people who must make sure no one takes the government out of our hands; nobody else can do that for us.
I hope this just manifests as a transition from “I lied about my age to steam, Minecraft and pornhub” to “I let my OS lie about my age to steam, Minecraft and pornhub.”
But I get the fear that they’re going to take it too far and require ID, especially since the feds are a thousand times worse than the state governments in question.
From the press release [my emphasis]:
Require operating system developers like Apple and Google to verify users’ ages when setting up a new device, rather than relying on self-reported ages.
Yes, I read that but how? We 100% should be more concerned with fed implementation than what states were doing, as I’m betting it’s going to be as stupid as UKs approach to app based verification.
I’m not sure they could even do that in a reasonable way when there are use cases like offline installs, no cameras, etc, but given Windows requires hoops to jump to avoid getting an MS account, that’s probably not going to be a concern of theirs (as Congress is exceptionally inept). At least the CA law seems to consider that, given it’s just self report.
Very true:
But when technologists tell policymakers this, they tell us that they have every confidence in our ingenuity, and also, they can’t be certain we’re not telling a Zuck-style fable about how the stuff we merely disprefer is actually impossible. They tell us to NERD HARDER!
NERD HARDER! is the answer every time a politician gets a technological idée-fixe about how to solve a social problem by creating a technology that can’t exist.
https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers
That’s depressing, lol. Well, my guess is it won’t be 100% enforceable because there will always be computers with root access, and it won’t matter while Windows and Mac capitulate and 95% of the market complies because they’re used to signing up for shit. It might be illegal at the user level but not enforceable, much like a lot of other things.
Silver lining, another generation of horny teens will learn to love Linux the same way I was pushed into rooted devices at a young age.
I wish, but I’m not so sure. Look at what happened with the Californian age-verification laws and Systemd for example. Some (arsehole, in my personal opinion) FOSS developers hurried up and bent over backwards to start complying. We’ll probably end up having “Linux” distros that will comply, and Linux distros, probably distributed via secret channels, that won’t.
What is to stop everyone from lying? I would enter 1/1/1900 if ever forced to.
The crucial point in this new press release is the requirement for “operating system developers like Apple and Google to verify users’ ages when setting up a new device, rather than relying on self-reported ages.”
I hope they meant “verify user age by entering it at account setup” instead of “the user reports their age when they open a website”, like the california law. Still stupid to write it like this, but at least a little bit less bad.
That’s not “verified” you’d need to upload some sort of government ID like you need to for porn inant western countries now.
While for porn you can just use a VPN, if this bill requires ot at device level it will be harder to get around.
