EEVblog® Electronics Community Forum
General => General Technical Chat => Topic started by: jonovid on February 28, 2026, 09:05:25 am
-
California lawmaker wants to require anyone using ANY operating system -- Windows, Linux or otherwise -- to verify their age before use
WTF is it with some people that like dystopian things. :palm:
https://www.pcgamer.com/software/operating-systems/a-new-california-law-says-all-operating-systems-including-linux-need-to-have-some-form-of-age-verification-at-account-setup/
(https://www.pcgamer.com/software/operating-systems/a-new-california-law-says-all-operating-systems-including-linux-need-to-have-some-form-of-age-verification-at-account-setup/)
https://www.reddit.com/r/linux/comments/1rgl4hy/a_new_california_law_says_all_operating_systems/ (https://www.reddit.com/r/linux/comments/1rgl4hy/a_new_california_law_says_all_operating_systems/)
-
In the old days where the software could be installed with a separate installer, or even further back in the DOS days where the software was simply in a separate subdirectory, the integration between the program and the OS was minimal.
These days, apps and OS are now highly integrated for the purposes of security. And due to the high integration, it can be difficult to ascertain which part of the system would be responsible for age verification.
I haven’t even mentioned the philosophical rationale for age limits, only the technical justification that doing it in the OS is probably the only way to do it today.
-
You have to laugh when they accuse China of being so controlling and then they turn around and do the same and more.
And I cannot see how it could be enforced. How can they prevent anyone from installing any OS?
-
Manufacturers are in a very strong position right now.
They can simply say 'no', our product is not and will not be made compliant with this law, which is (for now at least) specific to California. Therefore, our product is not for sale or use there.
The rest of the world market is huge. Apple, Microsoft and Google will survive. And as for Linux, there's no-one to sue.
That creates an interesting situation in California, of course. Literally everyone needing a new OS setting up hits a brick wall, and it shouldn't take too long before that sways opinion in a very decisive way indeed.
-
They can simply say 'no', our product is not and will not be made compliant with this law, which is (for now at least) specific to California. Therefore, our product is not for sale or use there.
It's already started. "MidnightBSD Responds to California's Age Verification Law by Excluding California"
https://www.youtube.com/watch?v=4qu5-tXVSG (https://www.youtube.com/watch?v=4qu5-tXVSG)
-
Manufacturers are in a very strong position right now.
They can simply say 'no', our product is not and will not be made compliant with this law, which is (for now at least) specific to California. Therefore, our product is not for sale or use there.
this law is binding on vendors with california nexus and does not relate to products sold in california
And as for Linux, there's no-one to sue.
there is an individual or corporation behind every linux distro
-
They can simply say 'no', our product is not and will not be made compliant with this law, which is (for now at least) specific to California. Therefore, our product is not for sale or use there.
It's already started. "MidnightBSD Responds to California's Age Verification Law by Excluding California"
(https://www.eevblog.com/forum/chat/os-must-verify-your-age-before-use/?action=dlattach;attach=2771821;image)
-
My take is that this proposal is just posturing by some politician who knows full well it will never happen.
-
The disaster is that if it starts in California, serving as a lab for the most dystopian stuff for a good while now, it will spread to the whole western world. This is almost certain, unless of course there's a sudden change in how the western world operates. We can always dream. But you can already see that this "age verification" frenzy is currently spreading like cancer everywhere in the western world. Doing it as the OS level looks ridiculous and unenforceable for now, but otherwise this is spreading to everything else very rapidly.
This thing is absolutely insane. Yes, it looks impossible to enforce, but see MidnightBSD's reaction: they don't want to bother figuring out if it can be enforced or not, they just choose to bail out.
This also looks like the death of "free software" in general, as the very features required in software to enforce this are against the principles of free software. So projects have actually no choice but say: ok, we're out.
Insane stuff. Soon you'll have to prove your age to drink tap water?
I said long ago that one of these days, there will be politicians who will try making using free software illegal. This is increasingly looking like the mechanical consequence of this series of measures: to comply, software will inevitably have to be linked to opaque, commercial services, which is not only against free software principles, but will probably have a cost that most projects can't support, apart from the bigger ones.
We can just reasonably hope this will never succeed, but this is not looking good anyway.
-
It's completely unenforceable.
It's just like the online safety act in the UK. You just put a VPN on and go, yeah, Adult-Content-Site.com I'm from Norway let me in. The law doesn't and can't require vendors to detect VPNs, that's technically infeasible.
The other issue is that a UK regulator can't sue a US company for not complying with their law. No US court will uphold Parliament's sovereignty in the US. And too right! It's our stupid law not theirs. So all they can do is stomp around and maybe apply for a DNS level block.
Ultimately all that will happen is that VPN use will go through the roof.
-
They are all working on making VPNs illegal for individuals. Yes, don't underestimate their will to make this dystopia work out.
Whether this one measure is enforceable is dubious, but it would sure deter many people from using a VPN.
-
Installing Windows is creepy enough these days, if they start asking for my ID, I'll just switch to Linux again. (hmm they want it for all OS's tho)
Years ago I had a facebook acc., I wouldn't join now since they basically want you to upload your ID. I also hate how a landline phone number does't work for much of anything online, they want a cell#. But not all cellphones even need payment plans, and ID for billing/etc. So it's extra annoying, since I hate giving out my cell #.
-
They are all working on making VPNs illegal for individuals. Yes, don't underestimate their will to make this dystopia work out.
Whether this one measure is enforceable is dubious, but it would sure deter many people from using a VPN.
Even the most totalitarian / authoritarian states fail to block VPNs (Russia, China, UAE...)
Plus use of a VPN is essential for some people, to access my work network for instance, I need a VPN.
VPN traffic looks just like any other encrypted traffic especially if VPN-over-HTTPS tunnel is used. And you can't block HTTPS because then you basically just blocked 99% of the internet, even poxy sites like eevblog.com. I'm looking forward to widespread rollout of DNS-over-HTTPS too which will block the last path for governments to block websites via DNS queries. Your ISP will have no idea what you're accessing, so implementing court orders becomes impossible.
I can pay for my VPN with crypto or cash. (I don't, because that would be inconvenient, but it's absolutely an option.)
About the only thing that could happen is seizure of your devices & checking what apps/programs are in use. Sure, it could happen, but we're a long way from this. Right now we have a moral panic over kids looking at boobies on the internet.
-
Right now we have a moral panic over kids looking at boobies on the internet.
A lot of guys probably got disappointed after finding out that the "forbidden" female nipple looks just like their own.
https://www.dailymail.co.uk/lifestyle/article-4011576/Can-tell-male-female-Genderless-Nipple-account-Instagram-challenges-double-standard-app-s-anti-nipple-policy-close-ups-men-women.html (https://www.dailymail.co.uk/lifestyle/article-4011576/Can-tell-male-female-Genderless-Nipple-account-Instagram-challenges-double-standard-app-s-anti-nipple-policy-close-ups-men-women.html)
The genitals are a different story, but I have to say the first time I saw a picture of female genitals was completely unexpected, in a high school library. And in an old fashioned paper book, not online. It was a human biology book targeted towards medical students, so it had full color pictures of various body parts with labels explaining what each part is. My first thought was "girls are so complicated down there!" It was before social media, but I'm sure it would have been fun to make an anonymous note that such a book exists in the school library.
-
Even the most totalitarian / authoritarian states fail to block VPNs (Russia, China, UAE...)
Plus use of a VPN is essential for some people, to access my work network for instance, I need a VPN.
VPN traffic looks just like any other encrypted traffic especially if VPN-over-HTTPS tunnel is used. And you can't block HTTPS because then you basically just blocked 99% of the internet, even poxy sites like eevblog.com. I'm looking forward to widespread rollout of DNS-over-HTTPS too which will block the last path for governments to block websites via DNS queries. Your ISP will have no idea what you're accessing, so implementing court orders becomes impossible.
I can pay for my VPN with crypto or cash. (I don't, because that would be inconvenient, but it's absolutely an option.)
About the only thing that could happen is seizure of your devices & checking what apps/programs are in use. Sure, it could happen, but we're a long way from this. Right now we have a moral panic over kids looking at boobies on the internet.
This topic of VPNs is quite complex and I have been thinking of starting a thread in the appropriate section ... but I'n sort of lazy.
I can speak about my experience in China. They do detect regular VPN connections and they allow some according to their own policies and to their policy of that day.
For example, if you travel in China with a US roaming plan you have your VPN already baked in and no problem. I suppose they figure foreigners need to access the outside world while in China. I have never had any problems using this system.
In China you can buy VPN plans. I have no personal experience but I suppose just the cost discourages the great majority of the population and the government does not need to block 100%. Most people I have talked to in China do not feel any loss by not being able to access Youtube or western social sites. They live in their own Chinese universe. If someone for some reason really needs to access the outside they can do it but that small hurdle is enough to keep the majority inside the firewall. And that is all the government wants or needs to do.
When I am in China I can access my computer desktops in Europe or US using Anydesk. No problem. I can access anything and everything with the browser, email, etc. I also leave behind my own VPN servers which are my own and not on any list of known VPN services. I can connect to these VPN servers (using OpenVPN) but the connection is so slow as to be unusable. The Chinese firewall detects it is VPN traffic and slows it down drastically. I suppose it detects the Open VPN protocol.
So, for my next visit I was thinking of studying the possibility of somehow cloaking the VPN traffic but it requires studying the issue and it is probably more complicated than it is worth my effort. I would need to modify the servers and the clients' softwares.
As I am using Open VPN I was also considering studying WireGuard but I am further put off by the fact that Linux Mint Network Manager does not natively support Wireguard.
At any rate, it seems VPNs are becoming more necessary for several reasons. Not only do some countries block access to some sites outside their country but also some sites block access from outside their country. Many US web sites block access from outside the US.
The Internet, which was going to unite the world, is becoming a group of isolated internet islands.
-
Soldar
So, for my next visit I was thinking of studying the possibility of somehow cloaking the VPN traffic but it requires studying the issue and it is probably more complicated than it is worth my effort. I would need to modify the servers and the clients' softwares.
As I am using Open VPN I was also considering studying WireGuard but I am further put off by the fact that Linux Mint Network Manager does not natively support Wireguard.
At any rate, it seems VPNs are becoming more necessary for several reasons. Not only do some countries block access to some sites outside their country but also some sites block access from outside their country. Many US web sites block access from outside the US.
The Internet, which was going to unite the world, is becoming a group of isolated internet islands.
That's interesting, it would be neat to have an app where all our cell phone personal/business information was held remotely. Then if someone wanted to search our phone emails, contacts etc. there would be nothing on it. Would they need a search warrant to access our private remote vpn server which could be in another country?. As well if we lost our cell phone we could just delete the connection authorization.
I like that idea and privacy is always a concern.
-
FOSS projects already strike back: https://github.com/c3d/db48x/blob/dev/LEGAL-NOTICE.md
Important notice to residents of California and Colorado
As a consequence of recent legislative activity in California and Colororado:
- California residents may no longer use DB48x after Jan 1st, 2027.
- Colorado residents may no longer use DB48x after Jan 1st, 2028.
DB48x is probably an operating system under these laws. However, it does not, cannot and will not implement age verification.
-
I wonder what would happen to all IoT devices running FreeRTOS, QNX, ThreadX, OpenWrt, Zephyr, ...
-
I wonder what would happen to all IoT devices running FreeRTOS, QNX, ThreadX, OpenWrt, Zephyr, ...
Good point. Some home appliances are now complex enough to have operating systems. Does your "smart dishwasher" running Linux for its network stack have to verify the user's age? Or is this restricted to devices with viable display devices? (I'm assuming a 7-segment display showing "8008135" isn't dangerous to children.)
-
That's interesting, it would be neat to have an app where all our cell phone personal/business information was held remotely. Then if someone wanted to search our phone emails, contacts etc. there would be nothing on it. Would they need a search warrant to access our private remote vpn server which could be in another country?. As well if we lost our cell phone we could just delete the connection authorization.
I like that idea and privacy is always a concern.
For many years now UK and US (and probably others) may inspect your devices and corporate workers are told to hold no corporate info in their laptops but to connect to their corporate VPN once at their destination.
They also may ask for your social sites activity. Partly for that reason I am not on any social network but that is also suspicious to them.
Western authorities preach freedom and privacy while doing the exact opposite.
Years ago I used to encrypt some keys and files and disguise them as digital camera files in the digital camera, separate from the laptop. I suppose that would be discovered if I were a high value target but I am just a regular guy so I guess they would not put too much effort into it.
But I don't have a separate digital camera any more. I suppose I could do something similar with photo files on my phone.
In all my travels around the world the US immigration people have been the worst by far. Just being mean and abusive for no reason.
Yeah, it is a good idea to keep vital info in a server elsewhere and travel with blank devices.
-
My take is that this proposal is just posturing by some politician who knows full well it will never happen.
unanimously approved by state senate and assembly, signed by governor and chaptered into law 4 months ago
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202520260AB1043
-
My take is that this proposal is just posturing by some politician who knows full well it will never happen.
unanimously approved by state senate and assembly, signed by governor and chaptered into law 4 months ago
https://leginfo.legislature.ca.gov/faces/billHistoryClient.xhtml?bill_id=202520260AB1043
Wow. California is much worse than I knew. It will be interesting to see what comes of this in real practice.
I will read it carefully. Tomorrow.
-
To put links in one place:
California : https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Colorado : https://leg.colorado.gov/bill_files/111670/download
-
California gave us Pro 65. I don't know if the labels leak out of the US, but they are all over the US and on everything in California.
The law requires that companies must tell users they are being exposed to cancer-causing agents unless the company tests their product to verify that the agents are below a specified level.
Instead of testing, which costs a fortune, the companies all put the Pro65 label on everything and tell you that you may be exposed to cancer-causing agents.
Seeing a dining room chair with a cancer hazard warning is hilarious. Glass jars, guitar picks, you name it.
I believe it's proof that there's a label maker cabal at work. They have their own police, too. Tear a label off a mattress and find out.
-
California gave us Pro 65. I don't know if the labels leak out of the US, but they are all over the US and on everything in California.
The law requires that companies must tell users they are being exposed to cancer-causing agents unless the company tests their product to verify that the agents are below a specified level.
Instead of testing, which costs a fortune, the companies all put the Pro65 label on everything and tell you that you may be exposed to cancer-causing agents.
Seeing a dining room chair with a cancer hazard warning is hilarious. Glass jars, guitar picks, you name it.
I believe it's proof that there's a label maker cabal at work. They have their own police, too. Tear a label off a mattress and find out.
Law of unintended consequences.
Lawmaker: We should make it a legal requirement to warn consumers of hazardous compounds in the things they use and eat.
Public: Yeah, that sounds like a Good Idea. Let's do that!
Companies: Boy, that law sounds expensive to comply with. Let's do the bare minimum we can to avoid being sued. In a few years, no one will care about those silly warnings anyway.
On the face of it, the law is a good idea. But by having no restriction against including the message, you end up with absurdities like this:
(https://upload.wikimedia.org/wikipedia/commons/d/d0/Disneyland_Prop_65_Warning.jpg)
One way to fix it is to set requirements that such a warning only be displayed when there is a demonstrable risk to health by exposure. No one is going to care about 1 ppb of lead in some paint somewhere, but if that's 1 ppm of lead and it's in drinking water, it's suddenly a problem. Deciding on those limits isn't easy.
Or just repeal the legislation. It's clearly defective.
-
One way to fix it is to set requirements that such a warning only be displayed when there is a demonstrable risk to health by exposure.
There is a demonstrable risk to teenager mental health by exposure to social media.
-
California lawmaker wants to require anyone using ANY operating system -- Windows, Linux or otherwise -- to verify their age before use
WTF is it with some people that like dystopian things. :palm:
And how will the OS verify age?
Any system must keep users real identity anonymous to the requestor and untrackable by the verification authority. Otherwise, it'll be a privacy nightmare and won't be accepted (how's Discord new rules (https://techcrunch.com/2026/02/24/discord-delays-global-rollout-of-age-verification-after-backlash/) going?).
One possible solution* could be:
Website or local app produces a session token which is hashed and submitted to a gov't Age of Majority verification site (with valid login) returning a signed version of the submitted hash valid for a period of time. Requestor validates the signature against one of a list of verification authority public keys (a few hundred may be manageable) or a new certificate usage field type.
But this would require a standard (RFP) and gov't infrastructure. Many sub-national gov'ts already have a plastic card so this would be an electronic extension of that.
____________________________
* I'm not a cryptologist.
-
I wonder what would happen to all IoT devices running FreeRTOS, QNX, ThreadX, OpenWrt, Zephyr, ...
Good point. Some home appliances are now complex enough to have operating systems. Does your "smart dishwasher" running Linux for its network stack have to verify the user's age? Or is this restricted to devices with viable display devices? (I'm assuming a 7-segment display showing "8008135" isn't dangerous to children.)
What about my smartTV.. Its primary function is to watch TV, not to browse the interwebs. It still has a webbrowser though, so I can visit whatever site I want. Oh UK blocks certain sites? I can install a VPN network wide on any router, which I presume is not binding for any age requirement as a router is by-definition a multi-user device (otherwise you can just connect your PC to your ISP modem).
Why are politicians so oblivious about what/who these age/ID requirements are going to stop? Regular users know how easy and affordable it is to grab a VPN/proxy tunnel and reappear in another country where those laws don't apply. Power users are completely unaffected.
And I'm fairly certain with AI slop we'll have widely available tools that can fool facescans as well. And if it doesn't, you generate a new persona and you can try again.
So they will have to drop the face scan option and require full ID cards.. which gets leaked again.. so ultimately only the criminals get handed bigger and bigger data banks to harvest our data from.
I hope this will backlash very hard very quickly. It has to. Otherwise I foresee a lot of people just unplug their computers and request a paper form to declare their taxes like its the 80s again.
-
The law says
An operating system provider shall [...] Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device
So, when you set up the main account or a secondary account you are requested to state a DOB or age for that account. Just your word for it. No checking.
I suppose this could work if a parent sets up an account for their minor child but other then that I cannot see how it can not easily be defeated.
A minor can easily download and install any OS and state any age and nobody is going to check.
Maybe I am missing something.
-
Do they define what an OS is? I ask as does the firmware on an STM32 get into the muddy waters?
Does this mean all mobile phones now need to have age verification?
I used to accept that legislators were computer illiterate back in the 2000 as there were still plenty that have never used a computer. These days its harder to accept but yet they still put stuff in place without thinking of how its going to work.
-
Or just repeal the legislation. It's clearly defective.
Repeal the people who passed it.
Or the whole system which allows such people to do anything more than flipping burgers.
-
In related news.
Apple are already adding age verification to iPhones apparently as we speak.
Anthropic said, "No!" to the government who wanted to use Claude for government, "Anthropic said, our model has guard rails preventing it's use for surveillance. Gov said, "Then turn that off.". Anthroipic said, "No".
The result? The administration flagged them as a "Supply chain risk". This means that any company doing business with the US gov can no longer use any Anthropic software or even have it in the same environment. Petty playground stuff, but it is where we are today.
This is not to "protect the children", but it is about the children. The target is not those who pass the tests, the target is those who try and fail. The children being taught that submitting to this kind of a ID check, even in their favourate games on their phones, is "Normal". Long before they have the ability to 'consent' to it, long before the parents have even worked out what is happening, their children are conditioned into the dystopia highlighted as a warning, not a map, by Ben Elton, blind faith.
-
I wonder what would happen to all IoT devices running FreeRTOS, QNX, ThreadX, OpenWrt, Zephyr, ...
Good point. Some home appliances are now complex enough to have operating systems. Does your "smart dishwasher" running Linux for its network stack have to verify the user's age? Or is this restricted to devices with viable display devices? (I'm assuming a 7-segment display showing "8008135" isn't dangerous to children.)
What about my smartTV.. Its primary function is to watch TV, not to browse the interwebs. It still has a webbrowser though, so I can visit whatever site I want. Oh UK blocks certain sites? I can install a VPN network wide on any router, which I presume is not binding for any age requirement as a router is by-definition a multi-user device (otherwise you can just connect your PC to your ISP modem).
Why are politicians so oblivious about what/who these age/ID requirements are going to stop? Regular users know how easy and affordable it is to grab a VPN/proxy tunnel and reappear in another country where those laws don't apply. Power users are completely unaffected.
And I'm fairly certain with AI slop we'll have widely available tools that can fool facescans as well. And if it doesn't, you generate a new persona and you can try again.
So they will have to drop the face scan option and require full ID cards.. which gets leaked again.. so ultimately only the criminals get handed bigger and bigger data banks to harvest our data from.
I hope this will backlash very hard very quickly. It has to. Otherwise I foresee a lot of people just unplug their computers and request a paper form to declare their taxes like its the 80s again.
I mean, if you start thinking about it - it gets absurd.
My car has CarPlay and a media player, I guess you could watch adult content on it. At least while in park. So does the car need to verify age?
Basically the concern seems to be that teenagers are looking at more extreme pr0n and getting access earlier and earlier because of the proliferation of smart devices - and this is causing problems with violence towards women, sexual misdevelopment etc. It is an issue, but it's not an issue solved by making life difficult for ordinary adults. Whether or not they want to look at naked people doing natural, or unnatural things - age-gating the internet effects everything from sites like Imgur blocking the whole UK because they don't want to deal with the OSA, to verifying age for social media, to making it impractical for smaller websites to operate with the significant costs that these laws impose.
It is a venerable goal, to stop kids seeing this content, which we know to be harmful. But it's not an achievable goal without parental intervention. Here's an idea. If you buy a phone for your kiddlywink, when you first turn it on, it'll ask if you if you want to see adult content or not. Press 'no' for a kid's phone. This signal then passes to the application layer and advertised to websites, which can choose to censor or not (it's impractical to force them, you just have to do it on good faith, because the internet is a global marketplace). This is what the law is intended to do. The trouble is, the lawmakers wrote the law in such a way that it applies to refrigerators and cars and open source kernels, because they're morons. These filters will be bypassed; you're never going to stop everyone. Lawmakers need to recognise that.
-
It started with p0rn, if you think it's still about that, you haven't been paying attention. It's in children's games for chat access and about to be on all social media if they go ahead with the under 16s ban.
You already need to submit to this kind of process if you want a job in the UK. There are dozens of providers to offload the "onboarding, ID and background checks" which use the systems put in place for "Digital ID Mandatory roll out". The only thing that changed there is they removed the word "Mandatory". Making it "optional" to enroll in the digital ID scheme. Optional in the same sense that eating is.
Making it more difficult for adults to access things is only a small part of it. Remember there will be children facing these prompts and immediately submitting to the biometrics scans, photo and document uploads. All when they are too young to legally consent to them.
EDIT: My kid has a phone and a tablet. Both Android. Both are setup as "Child devices". ie. The account is the parents. What the child's android can do is fairly controllable. However. My kids is still presented with ID checks in Roblox, Minecraft and others. She has already taken her photo for them and failed to verify. So her data is now collected.
The other way to look at this and the "slip of term" has already emerged in several places by accident. KYC. Know your client. A requirement placed upon banks to verifiy the identity and background for fraud checks of all it's clients.
The banks and those with money just flipped this around and sold government on AI and digital ID.... as KYC, Know your cititzen.
Now the banks can use government digital ID and background check systems and when they do business with a fraudster just tell the government it was their fault. They verified the citizen.
-
Targeted ads can't work without age filtering you silly users! You wouldn't want a child being advertised hair regrowth serums or hot singles in {YOUR AREA} would you?
-
[attachimg=1]
-
See above for original image.
Good ol' defenestration
-
https://lists.ubuntu.com/archives/ubuntu-devel/2026-March/043510.html
-
And now it expands to Colorado, NY and ... Brazil.
-
The disaster is that if it starts in California, serving as a lab for the most dystopian stuff for a good while now, it will spread to the whole western world.
Well, paper plates are still compostable in the Carolinas, so there's hope :)
-
California lawmaker wants to require anyone using ANY operating system -- Windows, Linux or otherwise -- to verify their age before use
WTF is it with some people that like dystopian things. :palm:
And how will the OS verify age?
It doesn't, it just asks for your age, like thousands of websites and account sign up forms do already.
-
California lawmaker wants to require anyone using ANY operating system -- Windows, Linux or otherwise -- to verify their age before use
WTF is it with some people that like dystopian things. :palm:
And how will the OS verify age?
It doesn't, it just asks for your age, like thousands of websites and account sign up forms do already.
You can "identify" as any age, right?
-
You can "identify" as any age, right?
For the time being. Rest assured, they will not stop at this.
-
The Californian bill (and for now, probably the similar bills elsewhere) does apparently not require more than indeed asking for the user's age at "account creation" (which is already pretty questionable if you consider what an OS "account" is or at least should be). Then it mandates that "apps" having an age bracket should check if the age declared in the OS account in use is within range. So it does give access to a personal information (age) to any app or service. This is a problem and completely stupid in terms of OS security - it doesn't match the Unix model whatsoever.
But yes, rest assured that once that pill has been swallowed, they will switch to mandating stricter verification through third-party services, which is already in the works elsewhere.
-
You can "identify" as any age, right?
For the time being. Rest assured, they will not stop at this.
This topic really seems to be on the bubble as far as skirting the rules against politics.
California even passed a law forbidding school staff from engaging parents about their children's activities and attributes at school, which can have very detrimental impacts on a child's well-being, both physically and mentally. Alternatively, in this thread's case, CA lawmakers are forcing children and all to provide such personal details to companies and governments.
Obviously, up next is the issue that you can't trust anyone to report their true age.
So next, they will issue those nice government-controlled digital IDs that are "optional".
Think of the children!
Absurd. :palm:
-
Alternatively, in this thread's case, CA lawmakers are forcing children and all to provide such personal details to companies and governments.
Already been the case for decades if you create a Minecraft account or Roblox account, or whatever other account kids like to use. Nothing new here.
-
Alternatively, in this thread's case, CA lawmakers are forcing children and all to provide such personal details to companies and governments.
Already been the case for decades if you create a Minecraft account or Roblox account, or whatever other account kids like to use. Nothing new here.
I don't know, I feel that this is different. The potential scope change seems enormous, doesn't it?
For the OS requirement, all people must enter data to use the OS. If every OS, mobile, TV, radio, router, Wi-Fi, switch, desktop, thermometer, stove, refrigerator, dishwasher, test equipment, Car, Bluetooth speaker... I don't know where it stops, actually. Linux is running everywhere.
The limitation in the law says "any other general purpose computing device." What does that even mean? A calculator computes, and a calculator App provides general computing. I'm sure there will be lots of lawsuits to spend money to figure all of this out.
-
I'm sure this will be unpopular here but... I believe every country should be able to enforce their laws as they see fit.
Currently, US defaultism is everywhere. It's coercive that the US embeds their laws (DMCA, copyright) into trade deals. Unfettered access to users world-wide will no longer be assumed.
Anonymity has created transnational real-world problems like: hate, luring, incitement to violence/suicide, gambling, etc.
It's high time Internet borders are enforced like physical ones. And that media company officers answer for what they publish on the Internet.
So next, they will issue those nice government-controlled digital IDs that are "optional".
I get it. You're worried about gov't overreach and tracking. This is unjustified paranoia in a democratic society as you have input here through elected representatives who shape laws. Fix your democracy if you don't trust your gov't. IRL you can't get anywhere without the gov't knowing who you are; eg. SS#/SIN, credit card, passport, drivers license, bank card, etc.
Just like plastic IDs, Age of Majority verification that doesn't reveal real identity nor facilitate tracking can be engineered (and that doesn't rely on 3rd party for-profit nannies). There are Internet RFPs for everything. Propose one that just meets the need and it may be adopted world-wide. Otherwise, the risk is every jusidiction imposing their specific solution.
Non-US, western gov'ts will be tightening screws as their voters are demanding action.
-
I'm sure this will be unpopular here but... I believe every country should be able to enforce their laws as they see fit.
Currently, US defaultism is everywhere. It's coercive that the US embeds their laws (DMCA, copyright) into trade deals. Unfettered access to users world-wide will no longer be assumed.
Anonymity has created transnational real-world problems like: hate, luring, incitement to violence/suicide, gambling, etc.
It's high time Internet borders are enforced like physical ones. And that media company officers answer for what they publish on the Internet.
So next, they will issue those nice government-controlled digital IDs that are "optional".
I get it. You're worried about gov't overreach and tracking. This is unjustified paranoia in a democratic society as you have input here through elected representatives who shape laws. Fix your democracy if you don't trust your gov't. IRL you can't get anywhere without the gov't knowing who you are; eg. SS#/SIN, credit card, passport, drivers license, bank card, etc.
Just like plastic IDs, Age of Majority verification that doesn't reveal real identity nor facilitate tracking can be engineered (and that doesn't rely on 3rd party for-profit nannies). There are Internet RFPs for everything. Propose one that just meets the need and it may be adopted world-wide. Otherwise, the risk is every jusidiction imposing their specific solution.
Non-US, western gov'ts will be tightening screws as their voters are demanding action.
The agreements that your country signs with other countries are up to you and your countrymen.
I assume you trust your government when it agrees to those terms, or you're working to fix your democracy.
I see no reason for countries not to defend their intellectual property in their negotiations. I'm not a fan of copyright and patents, but those are part of the legal systems of various countries, so why shouldn't they defend them like borders?
From my perspective, I prefer, as much as possible, to be my own choice. In my view, the US Constitution gets something very right. It does not define any rights of people but only the limits on government.
I don't expect you to know all of this as I don't know everything about the history and views of all other countries. There are two concepts woven into the fabric of the US.
1. All rights belong to the people
2. Government can't be trusted and must be controlled, not the people
What you see is as unjustified paranoia, I see is infringement on my rights. So as you've indicated, that's what I convey to my representatives.
Now that maybe that's a bit clearer. Do you feel the age verification in OSes is a good thing, and you're arguing that, or are you suggesting that these laws might work their way into your country when you sign trade agreements? I'm honestly unsure.
EDIT:
I'm worried this is turning very political, and I'm just going to get out now. I'm leaving my rebuttal above, but I'm not going to pursue this any further, as I don't see it as in the spirit of the rules or likely to prove insightful for the new laws the topic brought up.
-
Bill: "the OS wants my ID"
Jane: "Bill, thats weird, just use your own GNU OS"
-
The fundamental problem is that lawmakers have little real idea how anything technical works, but have no difficulty passing laws. A similar thing is happening with laws requiring 3D printers to detect and refuse to print guns. Sounds like a simple solution. But even a human being would have trouble implementing this. Is it legal to print a non-working model of a gun for museum display or motion picture use? How is software to tell a squirt gun or paint sprayer from a "gun". Is it okay to print a Phasor for Star Trek cosplay?
One way to get the lawmakers to back off on this requirement would be to come to them with the proposal that the only way to sort of effectively do an age check would be to have an appropriately encrypted chip implanted in everyone, which would be read by computer attached peripherals and approve operation after handshake approval from age monitoring central. Any lawmaker who publicly released that something like this was being legislated would have to hurry to escape the lynch mob.
-
Now that maybe that's a bit clearer. Do you feel the age verification in OSes is a good thing, and you're arguing that, or are you suggesting that these laws might work their way into your country when you sign trade agreements? I'm honestly unsure.
Many people believe that age verification is necessary to limit ongoing harms.
The USA imposes their idea of free speech on the rest of the world through coercive trade policy. Take it or leave it isn't really free will. The USA is not currently interested in the protection of minors nor letting other countries decide for themselves if it means placing limits on their technology companies in any way when operating in those jurisdictions. Ideology, politics, and trade policy steer technology.
As for a technical solution, it doesn't need to be baked into the OS. It could be in the browser, or in a microcontroller. it can be just an Internet service like a DNS request. The internet device would just have a URL to a verification server (run by your gov't or its agent). A new/existing gov't issued ID having your age on file (eg. drivers license) can be setup on the device (initial request is a time-limited verifier token that is locally stored; not your ID). When a requestor (website) wants to verify your age (or the minor you authorize with your ID), the verifier token with the hash of the requestor token is sent to the verification server and a signed response of the hash is returned to the requestor which validates the signature before proceeding. The protocol is published so you know what data is going where. Neither requestor or verifier knows about the other. And the requestor doesn't know your real identity.
I don't know how 3rd-parties are verfiying pictures of supposed valid IDs. Only the issuing authority can truly verify it. At least the bouncer at the door can tell if your ID is fake by the hologram and your mugshot.
-
The fundamental problem is that lawmakers have little real idea how anything technical works, but have no difficulty passing laws. A similar thing is happening with laws requiring 3D printers to detect and refuse to print guns. Sounds like a simple solution. But even a human being would have trouble implementing this. Is it legal to print a non-working model of a gun for museum display or motion picture use? How is software to tell a squirt gun or paint sprayer from a "gun". Is it okay to print a Phasor for Star Trek cosplay?
One way to get the lawmakers to back off on this requirement would be to come to them with the proposal that the only way to sort of effectively do an age check would be to have an appropriately encrypted chip implanted in everyone, which would be read by computer attached peripherals and approve operation after handshake approval from age monitoring central. Any lawmaker who publicly released that something like this was being legislated would have to hurry to escape the lynch mob.
It's even more absurd when you consider 3D printers don't "know" what they're printing... at least not the standard model that most people know.
A print file consists of G-code which moves an extruder around on a bed, which may or may not print a gun. It's easily possible to construct G-code in a way that obscures the meaning and shape of an object. It's computationally a hard problem to determine what an object looks like from data like that, especially for a small 32-bit MCU.
Software slicing a 3D printed object might be able to recognise a gun. However, this software is almost always open source, and whilst they may have a "New York" version that includes some AI algorithm to reject guns, everyone will just download the standard unencumbered version. And whilst VPNs exist, you can't even pass a law that says "New York residents must get X version of software with gun-detection algorithm". Because if someone is going to print a gun to do nefarious things, then a VPN is the least of their worries.
-
The fundamental problem is that lawmakers have little real idea how anything technical works, but have no difficulty passing laws. A similar thing is happening with laws requiring 3D printers to detect and refuse to print guns. Sounds like a simple solution. But even a human being would have trouble implementing this. Is it legal to print a non-working model of a gun for museum display or motion picture use? How is software to tell a squirt gun or paint sprayer from a "gun". Is it okay to print a Phasor for Star Trek cosplay?
One way to get the lawmakers to back off on this requirement would be to come to them with the proposal that the only way to sort of effectively do an age check would be to have an appropriately encrypted chip implanted in everyone, which would be read by computer attached peripherals and approve operation after handshake approval from age monitoring central. Any lawmaker who publicly released that something like this was being legislated would have to hurry to escape the lynch mob.
It's even more absurd when you consider 3D printers don't "know" what they're printing... at least not the standard model that most people know.
A print file consists of G-code which moves an extruder around on a bed, which may or may not print a gun. It's easily possible to construct G-code in a way that obscures the meaning and shape of an object. It's computationally a hard problem to determine what an object looks like from data like that, especially for a small 32-bit MCU.
Software slicing a 3D printed object might be able to recognise a gun. However, this software is almost always open source, and whilst they may have a "New York" version that includes some AI algorithm to reject guns, everyone will just download the standard unencumbered version. And whilst VPNs exist, you can't even pass a law that says "New York residents must get X version of software with gun-detection algorithm". Because if someone is going to print a gun to do nefarious things, then a VPN is the least of their worries.
Valid points, and that G-Code is also what runs on CNC that manufacturers use to make firearms. Even if you were able to be super accurate in detecting "gun" how do you know if you are allowed? When is it ok to build one for a movie or play?
I've seen people post here about protecting children with laws. I protected mine by being a parent.
My buddy here in Toronto this week was talking about how difficult it is to continue his fight with his 13-year-old daughter, whom he and his wife have refused to allow to have a phone. Both of his daughters have devices that allow them to contact their parents, but they aren't allowed to have smartphones. That's their choice as a parent, and the government doesn't have to be involved.
Is it because parents don't want to be parents, or do people want to parent other people's children?
-
I've seen people post here about protecting children with laws. I protected mine by being a parent.
My buddy here in Toronto this week was talking about how difficult it is to continue his fight with his 13-year-old daughter, whom he and his wife have refused to allow to have a phone. Both of his daughters have devices that allow them to contact their parents, but they aren't allowed to have smartphones. That's their choice as a parent, and the government doesn't have to be involved.
Is it because parents don't want to be parents, or do people want to parent other people's children?
I think there are a few factors here. Kids feel like they need access to social media because all of their friends are on social media. They see their friends laughing at TikTok memes and chatting to each other on Whatsapp or whatever they now use the most, and they want in on that. So there's pressure on the parents to give in and grant access to that. Parents also feel that they don't want to socially isolate their kids, making them seem like the weird kids that don't know what's going on. Some parents have rose-tinted glasses about their kids, seeing them as perfect and not seeing the toxic side enabled by social media (like bullying others, it happens).
The platform owners (Meta, Bytedance, Google) basically want to maximise engagement as more engagement = more ad views/clicks and more data. Maybe kids don't buy that much but they influence decisions and in the future they will become good consumers like us all.
But these platforms are cesspools... full of bullying, self-harm, suicide info, pr0n (especially extreme stuff), all sorts... they are not really 'safe' places to be, especially for young developing minds.
Australia has seen fit to ban kids from using social media. I think this is ultimately a good idea implemented badly. It's badly implemented because platforms have to capture the ID of their users. I think there should be a more secure way to do it. But I think we have enough info out there to see that social media isn't having good impacts on kids.
And perhaps banning social media for under 16s will ultimately make kids put their phones down a bit more? Less doomscrolling is probably good.
I think the idea of an OS attesting age of the user is reasonable (provided it's just an "honour system", that the parent sets up when the device is first turned on). If it's done that way, it can be used for age filtering in a way that adults can opt out of, and doesn't impact them at all. I have concerns with the way the law is written. I would have just gone for making it a recommended feature, that the operating system provides, and apps are 'strongly recommended' to use (perhaps if you are under 18, you can't install any 'apps' that don't have an age rating?) OS providers will be happy enough to add such a feature in, simply because it will give them good PR to be seen to be doing something about the problem, and many devices already have parental controls anyway so this is just a natural extension. Provided adults can do what they like and easily get past this feature, I've no issue with the idea.
-
The platform owners (Meta, Bytedance, Google) basically want to maximise engagement as more engagement = more ad views/clicks and more data. Maybe kids don't buy that much but they influence decisions and in the future they will become good consumers like us all.
But these platforms are cesspools... full of bullying, self-harm, suicide info, pr0n (especially extreme stuff), all sorts... they are not really 'safe' places to be, especially for young developing minds.
These companies do deal in addiction. They are just as bad for adults, maybe worse. I bailed on Social media years ago and only post to FB because my mother insists I post pictures of all my travels. But that's an in/out activity. The glimpses I see through others are wild. Filled with hate and vile things that incite strong emotions that are obviously geared towards getting reactions and driving engagement.
There are many tools available to help parents manage their kids' access and content. Parenting isn't easy.
I don't know how the law helps more than the tools already available to those parents.
But then there's the huge amount of the population that's addicted and can be of any age.
-
The fundamental problem is that lawmakers have little real idea how anything technical works, but have no difficulty passing laws. A similar thing is happening with laws requiring 3D printers to detect and refuse to print guns. Sounds like a simple solution. But even a human being would have trouble implementing this. Is it legal to print a non-working model of a gun for museum display or motion picture use? How is software to tell a squirt gun or paint sprayer from a "gun". Is it okay to print a Phasor for Star Trek cosplay?
One way to get the lawmakers to back off on this requirement would be to come to them with the proposal that the only way to sort of effectively do an age check would be to have an appropriately encrypted chip implanted in everyone, which would be read by computer attached peripherals and approve operation after handshake approval from age monitoring central. Any lawmaker who publicly released that something like this was being legislated would have to hurry to escape the lynch mob.
It's even more absurd when you consider 3D printers don't "know" what they're printing... at least not the standard model that most people know.
A print file consists of G-code which moves an extruder around on a bed, which may or may not print a gun. It's easily possible to construct G-code in a way that obscures the meaning and shape of an object. It's computationally a hard problem to determine what an object looks like from data like that, especially for a small 32-bit MCU.
Software slicing a 3D printed object might be able to recognise a gun. However, this software is almost always open source, and whilst they may have a "New York" version that includes some AI algorithm to reject guns, everyone will just download the standard unencumbered version. And whilst VPNs exist, you can't even pass a law that says "New York residents must get X version of software with gun-detection algorithm". Because if someone is going to print a gun to do nefarious things, then a VPN is the least of their worries.
Some day, if you want code, you'll need to prove who your are before the govt sends the code to "your" device.
-
Less doomscrolling is probably good.
This. Instead of age verification, there must be laws banning two things:
- endless loading (scrolling);
- showing content that the user never subscribed to explicitly.
This will drastically improve the situation in an instant.
-
thm_w: "It doesn't, it just asks for your age, like thousands of websites and account sign up forms do already."
Yes, but the problem is it is then supposed to "report" this back to a central server. The whole idea of the GNU freedom philosophy is that software should not, unless the user explicitly opts-in in a non-coerced manner. ever be sending any kind of telemetry data back to a central server, in some cases a central server won't even exist at all (sure, most Linux distros have a central sever to host isos for download, but that's not necessarily a server which can, let alone should, also collect installation logs).
And there is always the slipepry slope Louis Rossmann warns about, make them embed typing in a DOB for now, then make them infect it with central-server-dependent "strong" verification methods later. This needs to be met with the same attitude by Linux distros that they have to the diktats passed by North Korea or Russia, "We're not in California* so we can do whatever we like, and good luck trying to censor all the multitude of distribution channels which can let Californian users download it anyway".
*many big tech firms might be California based, but plenty of Linux distro small tech "firms" are not
shapirus, "...banning two things:" Absolutely right, but then totalitarians can't harness actual sensible measures as means of inflicting more intrusions upon populations. If governments actually wanted to "fix" social media your two steps would go a long way, but they don't want to fix it, they simply want a wrapping paper (usually available in two flavours "national security" or "protect the children") to cover their quest to destroy online freedom. And all the supposed "fixes" being pushed are ones which the big social media firms are in favour of, because they're designed so that social media companies get to keep their market dominance and huge profits, as opposed to real solutions which wouldn't hurt freedom at all but would likely involve the collapse of that whole market sector.
Linux distros need to make a defiant stand against this, Nobody ever complied their way out of tyranny.
P.S. I did not see it here, I don't think, but in another thread somewhere... there were folks asking things to the effect of:
"Will distro $name pledge defiance of these new diktats, I want to move away from Windows but don't want to move and suddenly find my new OS is as bad as Windows".
If anyone who was saying that somewhere sees my comment here, yes, move, move to whichever distro you like, move now, if the distro you move to starts doing something bad then moving between distros is still less work than the initial escape from Microsoft. And even a distro doing something bad is probably not going to be as bad as what Microsoft/Apple/Google will willing do within their operating systems. And where a distro does something bad that probably involves just one specific updated package which can be blocked individually so you keep getting updates for everything but the "Airstrip one California edition" package. Don't wait on hearing a distro's response, pick one and get started.
-
California gave us Pro 65. I don't know if the labels leak out of the US, but they are all over the US and on everything in California.
The law requires that companies must tell users they are being exposed to cancer-causing agents unless the company tests their product to verify that the agents are below a specified level.
Instead of testing, which costs a fortune, the companies all put the Pro65 label on everything and tell you that you may be exposed to cancer-causing agents.
Seeing a dining room chair with a cancer hazard warning is hilarious. Glass jars, guitar picks, you name it.
I believe it's proof that there's a label maker cabal at work. They have their own police, too. Tear a label off a mattress and find out.
the labels on mattresses is to prevent shops selling used or filled with crap mattresses once you bought it you can tear it off if you like, no different than the ingredient list on food
afaiu the prop65 stickers are getting changed to now require what cancer-causing agents that are in the product
-
California gave us Pro 65. I don't know if the labels leak out of the US, but they are all over the US and on everything in California.
The law requires that companies must tell users they are being exposed to cancer-causing agents unless the company tests their product to verify that the agents are below a specified level.
Instead of testing, which costs a fortune, the companies all put the Pro65 label on everything and tell you that you may be exposed to cancer-causing agents.
Seeing a dining room chair with a cancer hazard warning is hilarious. Glass jars, guitar picks, you name it.
I believe it's proof that there's a label maker cabal at work. They have their own police, too. Tear a label off a mattress and find out.
the labels on mattresses is to prevent shops selling used or filled with crap mattresses once you bought it you can tear it off if you like, no different than the ingredient list on food
afaiu the prop65 stickers are getting changed to now require what cancer-causing agents that are in the product
Which will help very little, while making it worse in several other ways. The small benefit is allowing the consumer to decide if he cares about said agent. Which may help some small number of very well informed people. The harm is forcing all business entities to do more research on their products. Not just once, but at regular intervals since the list of such agents grows continually. Then redoing their labeling as required, meaning buying new signs and discarding old label stock. It will also make the label size either quite large, or the print unreadably small in many cases. Certainly any grocery selling current food products will have to list all of their "highly processed food" since it is now implicated in intestinal cancers. And highly processed by many definitions includes bread, sausages, all canned food and a long list of others.
-
California gave us Pro 65. I don't know if the labels leak out of the US, but they are all over the US and on everything in California.
The law requires that companies must tell users they are being exposed to cancer-causing agents unless the company tests their product to verify that the agents are below a specified level.
Instead of testing, which costs a fortune, the companies all put the Pro65 label on everything and tell you that you may be exposed to cancer-causing agents.
Seeing a dining room chair with a cancer hazard warning is hilarious. Glass jars, guitar picks, you name it.
I believe it's proof that there's a label maker cabal at work. They have their own police, too. Tear a label off a mattress and find out.
the labels on mattresses is to prevent shops selling used or filled with crap mattresses once you bought it you can tear it off if you like, no different than the ingredient list on food
afaiu the prop65 stickers are getting changed to now require what cancer-causing agents that are in the product
The mattress label reference is a joke. I'm not sure if that translates. Just like mattress stores in the US appear to be some sort of money laundering scheme, since there are so many, and you never see anyone in them.
Do you believe the mattress label prevents fraud, or, as you say, selling mattresses that are filled with used material?
The FDA actually does unannounced inspections for Foods and Drugs.. I'm not aware of the mattress industry being inspected. Mattresses and food are not in the same category. The only thing they may have in common is that they both have labels.
Your statement implies that the changes to Proposition 65 will require companies to list all cancer-causing agents in a product. That is misinformation.
The changes that will take effect in 2028 require a new icon and the listing of "at least one cancer-causing agent". Alcohol, formaldehyde, benzene, PFAS, and several other highly used chemicals will be among the defaults that everyone uses. The biggest impact is on the cost of updating labels and deciding which chemicals they will disclose in their products. Consumers will continue to see labels on everything, and they will literally mean nothing.
Any product that comes precooked will carry a warning, as will red meat, wine, spirits, fish, soy products in higher dosages, and so on. The prevalence of the warning is why no one pays attention to it. The funniest ones I've seen are the warnings about cancer in ammunition.
This is an utter failure of the government to do what it set out to do, and it costs consumers money in the process.
-
thm_w: "It doesn't, it just asks for your age, like thousands of websites and account sign up forms do already."
Yes, but the problem is it is then supposed to "report" this back to a central server. The whole idea of the GNU freedom philosophy is that software should not, unless the user explicitly opts-in in a non-coerced manner. ever be sending any kind of telemetry data back to a central server, in some cases a central server won't even exist at all (sure, most Linux distros have a central sever to host isos for download, but that's not necessarily a server which can, let alone should, also collect installation logs).
Thats not what it says in the bill, no.
Which will help very little, while making it worse in several other ways. The small benefit is allowing the consumer to decide if he cares about said agent. Which may help some small number of very well informed people. The harm is forcing all business entities to do more research on their products. Not just once, but at regular intervals since the list of such agents grows continually. Then redoing their labeling as required, meaning buying new signs and discarding old label stock. It will also make the label size either quite large, or the print unreadably small in many cases. Certainly any grocery selling current food products will have to list all of their "highly processed food" since it is now implicated in intestinal cancers. And highly processed by many definitions includes bread, sausages, all canned food and a long list of others.
Yeah, better off letting companies put whatever they want in your food without researching if its safe to use or not.
Don't know why they are bothering requiring testing for heavy metals in baby food as well, babies are not well informed enough to read those results. https://www.food-safety.com/articles/8979-california-passes-law-requiring-tests-for-toxic-heavy-metals-in-baby-foods-disclosure-of-results (https://www.food-safety.com/articles/8979-california-passes-law-requiring-tests-for-toxic-heavy-metals-in-baby-foods-disclosure-of-results) /s
-
thm_w: "It doesn't, it just asks for your age, like thousands of websites and account sign up forms do already."
Yes, but the problem is it is then supposed to "report" this back to a central server. The whole idea of the GNU freedom philosophy is that software should not, unless the user explicitly opts-in in a non-coerced manner. ever be sending any kind of telemetry data back to a central server, in some cases a central server won't even exist at all (sure, most Linux distros have a central sever to host isos for download, but that's not necessarily a server which can, let alone should, also collect installation logs).
Thats not what it says in the bill, no.
Which will help very little, while making it worse in several other ways. The small benefit is allowing the consumer to decide if he cares about said agent. Which may help some small number of very well informed people. The harm is forcing all business entities to do more research on their products. Not just once, but at regular intervals since the list of such agents grows continually. Then redoing their labeling as required, meaning buying new signs and discarding old label stock. It will also make the label size either quite large, or the print unreadably small in many cases. Certainly any grocery selling current food products will have to list all of their "highly processed food" since it is now implicated in intestinal cancers. And highly processed by many definitions includes bread, sausages, all canned food and a long list of others.
Yeah, better off letting companies put whatever they want in your food without researching if its safe to use or not.
Don't know why they are bothering requiring testing for heavy metals in baby food as well, babies are not well informed enough to read those results. https://www.food-safety.com/articles/8979-california-passes-law-requiring-tests-for-toxic-heavy-metals-in-baby-foods-disclosure-of-results (https://www.food-safety.com/articles/8979-california-passes-law-requiring-tests-for-toxic-heavy-metals-in-baby-foods-disclosure-of-results) /s
There's a mixing of categories here regarding regulations and labeling, and they aren't directly comparable.
Companies can and do put whatever they want in food. In the US, it's called the Generally Recognized as Safe (GRAS) loophole.
Also, how do you think sildenafil makes it into food/supplements? What controls US companies the most is the fear of being sued into oblivion and of executives going to jail if they are publicly traded for failing to meet their fiduciary responsibilities.
California's law for baby food testing is BS, too. They only require the testing of samples and posting them where no one will ever see them. And the kicker is, if your food test above the action levels, you can still put it on the market and sell it as long as that QR code is there.
I'm not saying that governments shouldn't enforce basic safety. The US FDA has issues, but because it can enforce regulations and violations can carry criminal and civil liability, the apparatus can be effective. I do not see how the farce of Prop 65 does anything but drive up consumer costs for no benefit. While I haven't completely read the whole of the baby food testing legislation, what I have read indicates it is also a farce and likely to just mean poor people will have children eating more heavy metals.
-
There's a mixing of categories here regarding regulations and labeling, and they aren't directly comparable.
Same general idea, more testing, more enforced labeling is generally good.
"Our finding that Californians are generally less exposed to toxic chemicals than are other Americans"
https://silentspring.org/news/peoples-exposure-toxic-chemicals-declined-us-following-listing-under-california-law (https://silentspring.org/news/peoples-exposure-toxic-chemicals-declined-us-following-listing-under-california-law)
California's law for baby food testing is BS, too. They only require the testing of samples and posting them where no one will ever see them. And the kicker is, if your food test above the action levels, you can still put it on the market and sell it as long as that QR code is there.
The point is that its an improvement, obviously specific limits would be best yes. No idea why they didn't do that. But you do get:
- regular testing strictly required per batch produced
- consumers or regulators can easily look up those test results
This is compared to the current state of industry self regulation, they might test every batch or they might not, the results will never be released unless FDA asks for them. Industry self regulation does not work.
what I have read indicates it is also a farce and likely to just mean poor people will have children eating more heavy metals.
Zero chance that enforced testing and publicly available results directly causes higher levels of heavy metals in baby foods.
https://advocacy.consumerreports.org/research/lead-in-food-california-requires-companies-to-disclose-heavy-metal-levels-in-baby-food/ (https://advocacy.consumerreports.org/research/lead-in-food-california-requires-companies-to-disclose-heavy-metal-levels-in-baby-food/)
https://www.consumerreports.org/babies-kids/baby-formula/baby-formula-contaminants-test-results-a7140095293/ (https://www.consumerreports.org/babies-kids/baby-formula/baby-formula-contaminants-test-results-a7140095293/)
-
There's a mixing of categories here regarding regulations and labeling, and they aren't directly comparable.
Same general idea, more testing, more enforced labeling is generally good.
"Our finding that Californians are generally less exposed to toxic chemicals than are other Americans"
https://silentspring.org/news/peoples-exposure-toxic-chemicals-declined-us-following-listing-under-california-law (https://silentspring.org/news/peoples-exposure-toxic-chemicals-declined-us-following-listing-under-california-law)
Let's link to the study and discuss it. The article you linked to links to the study but its broken.
Trends in NHANES Biomonitored Exposures in California and the United States following Enactment of California's Proposition 65 (https://pubmed.ncbi.nlm.nih.gov/39432449/)
The funding for this study and the effectiveness of Prop 65 are tied together, making it in the study's best interest to show that Prop 65 works.
There was no pre-study baseline period; causal attribution was limited to weak; the core datasets weren't designed for this purpose, and there's evidence of substitutions for non-listed chemicals.
You can choose to believe the study, but until something more respected and with far less problematic core components is available, I'll wait.
California's law for baby food testing is BS, too. They only require the testing of samples and posting them where no one will ever see them. And the kicker is, if your food test above the action levels, you can still put it on the market and sell it as long as that QR code is there.
The point is that its an improvement, obviously specific limits would be best yes. No idea why they didn't do that. But you do get:
- regular testing strictly required per batch produced
- consumers or regulators can easily look up those test results
This is compared to the current state of industry self regulation, they might test every batch or they might not, the results will never be released unless FDA asks for them. Industry self regulation does not work.
I classify these "benefits" in the "We must do something" bin, and I don't see them as generally effective. The food industry is very much regulated. If we don't want heavy metals in the food, then ban it. The level of testing I've seen required is, from what I can tell, less than what the industry says it does. But test results will be available, and the food, even if actionable levels are present, will be on sale at the store.
If the intent is to reduce the exposure, the law is broken. This is a "Think of the children, we must do something" law that has been proven over and over again to be flawed and to encourage more problems. Heavy metals are bad for everyone. They remain just as harmful to child development, and maybe more so after the child has stopped eating baby food. I don't know a good time to eat arsenic and lead.
what I have read indicates it is also a farce and likely to just mean poor people will have children eating more heavy metals.
Zero chance that enforced testing and publicly available results directly causes higher levels of heavy metals in baby foods.
https://advocacy.consumerreports.org/research/lead-in-food-california-requires-companies-to-disclose-heavy-metal-levels-in-baby-food/ (https://advocacy.consumerreports.org/research/lead-in-food-california-requires-companies-to-disclose-heavy-metal-levels-in-baby-food/)
https://www.consumerreports.org/babies-kids/baby-formula/baby-formula-contaminants-test-results-a7140095293/ (https://www.consumerreports.org/babies-kids/baby-formula/baby-formula-contaminants-test-results-a7140095293/)
I think you missed my point. Generally speaking, the more money you have (Wealthier), the more food choices you have. The data I've seen related to the baby food discussion show that higher-priced brands and diverse food sources are less prone to the issue. With rice, fish, and grains having some of the highest levels as sources of stock, they are also among the most inexpensive. Combined, the higher the dietary intake and the higher the environmental exposure, the more likely it is to be the case. Unfortunately, this is only speculation, since no one has actually conducted any studies to find the best way to solve the problem. They are just reacting and placing regulations out there in hopes of "Doing something".
For consumers, label fatigue is real. Most people have no idea what a Prop 65 label means. Most people have no idea what most of the labeling means. If you ask most people, they would likely believe they are generally protected because the government has led them to believe they are actually protecting them.
This is why I would suggest that, if there are problems, ban the problem or make it illegal with criminal liabilities.
-
Yes, again they should set a ban level, we clearly agree. They haven't for whatever reason, regulatory capture? Who knows.
Doing this (labeling and showing results) is still far better than doing nothing.
"Label fatigue" is still better than not having the information available. You might not look at it, many other people do. I'd love to see chocolate bars listing how much lead and cadmium were present in that specific batch.
I think you missed my point. Generally speaking, the more money you have (Wealthier), the more food choices you have. The data I've seen related to the baby food discussion show that higher-priced brands and diverse food sources are less prone to the issue. With rice, fish, and grains having some of the highest levels as sources of stock, they are also among the most inexpensive. Combined, the higher the dietary intake and the higher the environmental exposure, the more likely it is to be the case. Unfortunately, this is only speculation, since no one has actually conducted any studies to find the best way to solve the problem. They are just reacting and placing regulations out there in hopes of "Doing something".
Again I don't see how requiring more testing is going to make cheaper brands worse wrt heavy metals.
If I only have the choice of two low priced brands, and one has lower lead content, then that is the one I'll choose. Not everyone will do that sure. But more and more people now are reading ingredient lists and nutritional labels now, because they realize the garbage that ends up in food.
-
Yes, again they should set a ban level, we clearly agree. They haven't for whatever reason, regulatory capture? Who knows.
Doing this (labeling and showing results) is still far better than doing nothing.
"Label fatigue" is still better than not having the information available. You might not look at it, many other people do. I'd love to see chocolate bars listing how much lead and cadmium were present in that specific batch.
I think you missed my point. Generally speaking, the more money you have (Wealthier), the more food choices you have. The data I've seen related to the baby food discussion show that higher-priced brands and diverse food sources are less prone to the issue. With rice, fish, and grains having some of the highest levels as sources of stock, they are also among the most inexpensive. Combined, the higher the dietary intake and the higher the environmental exposure, the more likely it is to be the case. Unfortunately, this is only speculation, since no one has actually conducted any studies to find the best way to solve the problem. They are just reacting and placing regulations out there in hopes of "Doing something".
Again I don't see how requiring more testing is going to make cheaper brands worse wrt heavy metals.
If I only have the choice of two low priced brands, and one has lower lead content, then that is the one I'll choose. Not everyone will do that sure. But more and more people now are reading ingredient lists and nutritional labels now, because they realize the garbage that ends up in food.
I certainly don't see a huge misalignment in perspectives. The issue with half measures and "We've gotta do something" is that it leads people to believe the problem is solved. That, and there are monetary downsides, such as the slight but incremental costs passed on to the consumer.
As for the impact to poor. The testing isn't, or its frequency has no impact. Let me try once more.
Whatever benefits labeling may bring tend to accrue to people who are more educated and better off. That slides the distribution of contaminants further to the poor or less educated side. The expectation in a market is that the less desirable products become cheaper, and the less affluent accept more problems in trade for cheaper products. These generalizations are pretty well understood in the market. I'm speculating that this will continue with baby food, and at some point, the data will likely show an overall increase, with adjusted datasets for poor people's intake of heavy metals.
Unfortunately, since we aren't actually removing the contamination, we'll likely see this study at some point.
-
We all dislike using passwords, but they are a necessary evil. But Microsoft has taken it to the next level of bureaucracy in their ecosystem. If my business account needs its password changed by Microsoft, I have to use its Authenticator five times, as well as type in the new password a few times on the phone and the PC. I think they need to reengineer the process to make the user experience a good one rather than being a pain in the backside. It is as if Gates still works at Microsoft.
-
The problem here is not the Californian legislature, it's outrage culture.
The Californian law is reasonable, it's not age verification at all. It's a verification of the age set by the owner/installer for users, a parental control.
A similar thing happened with the final chatcontrol law in the EU, the law was actually 100% clear that nothing in it could be read as a prohibition on E2EE nor could be used to force disclosure of message content. People still pretend it had huge loopholes.
-
The problem here is not the Californian legislature, it's outrage culture.
The Californian law is reasonable, it's not age verification at all. It's a verification of the age set by the owner/installer for users, a parental control.
I think the biggest objection is the definition of "operating system" is far too wide; it should have been limited to specific systems.
Otherwise, the idea of prompting a user on setup the question, "do you want to set up parental controls?" is not too bad. Since 18+ is treated as a valid age range, that's effectively the same as having no parental controls.
A similar thing happened with the final chatcontrol law in the EU, the law was actually 100% clear that nothing in it could be read as a prohibition on E2EE nor could be used to force disclosure of message content. People still pretend it had huge loopholes.
ChatControl was bad because it would require providers of E2EE services to scan content before it was submitted for things like CSAM and terrorist material, either by breaking the encryption or requiring the app to scan content. If a hash happened to match - which due to the fuzzy, AI based nature of the test was likely to happen to both innocent and guilty parties - a police force would have sufficient evidence for a warrant which would then allow them to search your phone.
It violates a primary right of privacy, searching people without evidence to generate possible evidence of malfeasance, and could have put innocent people through a years long process trying to prove they are not a sex offender. It was a bad idea for sure.
-
The problem here is not the Californian legislature, it's outrage culture.
The Californian law is reasonable, it's not age verification at all. It's a verification of the age set by the owner/installer for users, a parental control.
A similar thing happened with the final chatcontrol law in the EU, the law was actually 100% clear that nothing in it could be read as a prohibition on E2EE nor could be used to force disclosure of message content. People still pretend it had huge loopholes.
because people know that once you open the floodgates in the name of "protecting the children", it'll be extended and abused for something else about 5 minutes later
-
ChatControl was bad because it would require providers of E2EE services to scan content before it was submitted for things like CSAM and terrorist material, either by breaking the encryption or requiring the app to scan content. If a hash happened to match - which due to the fuzzy, AI based nature of the test was likely to happen to both innocent and guilty parties - a police force would have sufficient evidence for a warrant which would then allow them to search your phone.
For the final law, that was a purely theoretical loophole. Without the original detection order from the draft (which put the burden of checking for false positives on the service providers, using message content) the whole law was fairly meaningless. If the burden is on government after a court order based on a simple flag and a huge false positive rate? They wouldn't have bothered.
-
because people know that once you open the floodgates in the name of "protecting the children", it'll be extended and abused for something else about 5 minutes later
First of all dishonest discourse just leads to more dishonesty, if that was the point people wanted to make they should have just done so. Second of all that's bullshit. The majority just reacted to pundit headlines, we're all boomers now.
-
When it comes to invasive, data mining, biometric scans, photos, ID scans, NFC scans....
Nobody is thinking of the children. If they were they would realise that all of these "Age/ID" checks WILL and ARE being carried out by children. Our childrens data is being mined, collected, leaked and used by predators.
Who is thinking about the children there?
"This account is a verified child, her name is Joze, Joze likes to play Minecraft and Roblox, they are 7yo.", along with a picture of her and personal information, contact details etc.
That is the information the predators pay for of the dark web. They get batches of thousands of results, thousands of targets.
I think all of this was cooked up on Epstein island to be honest.
-
Never forget the "old" adage: Follow the money!
It was never about protecting the children, like it never is. It's about bypassing peoples rights and gathering data to sell off. And who's the one behind it all?
[attach=1]
https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/ (https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/)
The update after the original thread on Reddit was removed:
https://web.archive.org/web/20260314074025/https://www.reddit.com/r/linux/comments/1rtd51g/update_i_pulled_irs_filings_for_the_org_that/ (https://web.archive.org/web/20260314074025/https://www.reddit.com/r/linux/comments/1rtd51g/update_i_pulled_irs_filings_for_the_org_that/)
Some Youtube coverage:
https://youtu.be/o41VCmCgm9I (https://youtu.be/o41VCmCgm9I)
https://youtu.be/s6Nu6FMRWrQ (https://youtu.be/s6Nu6FMRWrQ)
-
Age verification is getting out of hand
https://www.youtube.com/watch?v=wZonPM4aXFY (https://www.youtube.com/watch?v=wZonPM4aXFY)
State Sells Your Data But Protects Names of Those Who Misuse It
https://www.youtube.com/watch?v=J5ypZ5rrMtI (https://www.youtube.com/watch?v=J5ypZ5rrMtI)
-
This thing is absolutely insane. Yes, it looks impossible to enforce, but see MidnightBSD's reaction: they don't want to bother figuring out if it can be enforced or not, they just choose to bail out.
This also looks like the death of "free software" in general, as the very features required in software to enforce this are against the principles of free software. So projects have actually no choice but say: ok, we're out.
MidnightBSD is a backstabber, it was the first one to claim rejecting the OS age verification however it's the first one to bend over and implement it (in version 404)https://nitter.net/midnightbsd/status/2039096879950987669#m (https://nitter.net/midnightbsd/status/2039096879950987669#m).
And yes, if OS-level age verification proceeds to require an ID and hardware attestationhttps://samtrevino.substack.com/p/age-assurance-laws-and-the-end-of (https://samtrevino.substack.com/p/age-assurance-laws-and-the-end-of)(the thing that makes banking apps refuse to run if you root your phone). All non-approved (including but not limited to FOSS like most Linux distros)OSes, will no longer function normally.
-
This not about adult content on the internet.
Adult content on the internet has been around since Danni Ashe taught herself HTML, and self-funded the site "Danni's Hard Drive" in 1995.
When it comes to protecting children, governments have not done a great job, particularly when the abusers are rich and powerful. I'm not convinced that mass information collection is the answer. The first complaints about Jeffrey Epstein date back to at least 1996.
They had his name in 1996 and collecting age information from millions of people wouldn't have made a difference.
There has been a long history of countries and companies collecting personal information and some of it is not good.
The collection of religious affiliation in census held in many European countries in the 1930s was later used after those countries experienced an unplanned change of government in the 1940s. This use of personal information did not turn out well for at least one minority religious group.
There was at least one tech company involved in that 1930s data collection.
https://scholarship.shu.edu/omj/vol5/iss4/6/ (https://scholarship.shu.edu/omj/vol5/iss4/6/)
https://besacenter.org/ibm-holocaust/ (https://besacenter.org/ibm-holocaust/)
IBM now has a subsidiary that provides an enterprise linux operating system and once again, they will comply with the government requests.
How the data will be used, we don't know, but in a country that loves to go to war and supply weapons for those wars, it could be used to collect age information of potential draft dodgers. This could then be matched with IP address data and other location data.
It could also be used to cross reference date of birth with other data on protesters who use "objectionable (https://www.fire.org/news/river-sea-now-criminal-offense-millions-australians-arrests-are-underway)" statements in their protests against those wars.
The correlation between the introduction on laws restricting free speech and the need to collection information from internet users seems to be much stronger than any correlation with adult content which has been around for 30 years and widely available for 20 years.
-
It's the digital equivalent of "Papers please!"
The initial run is just to normalise this to expected and just normal for you to have to provide it. That's why they are targetting children. Not protecting, targetting.
-
https://www.youtube.com/watch?v=_k_70iqBCDc (https://www.youtube.com/watch?v=_k_70iqBCDc)
UK centric but still on topic.
-
Today, Ursula von der Leyen presented the European Age Verification App.
I have no idea how it works and I do not feel like investigating too much but I understand it just stores a token or cookie with the date of birth signed by the authorizing authority. That token can be requested by whoever and confirm the signature is correct.
Still, that system would just confirm a DOB for a device or account on that device.
Does not bother me or interest me much but it may be a benefit for me because I often cannot access some video or other info because YouTube or other server says they need to verify my age and I do not have an account. Maybe I would consider getting the certificate depending of how I see it. Then again, maybe not.
Edit:
https://ec.europa.eu/digital-building-blocks/sites/spaces/EUDIGITALIDENTITYWALLET/pages/930450954/The+Age+Verification+Manual
-
And, it also made its way into a US federal law proposal (so now it's not just a couple states anymore). All at the same time.
-
I need to think about how this Euro system works because it is not clear to me.
https://ec.europa.eu/digital-building-blocks/sites/spaces/EUDIGITALIDENTITYWALLET/pages/930450954/The+Age+Verification+Manual
1.Sarah decides to access an online service offering adult content.
2.The adult online service requests age verification that she is over 18 through a standard EUDI Wallet interface.
3.The EUDI Wallet notifies the user of a pending request to prove their age, including: the name and identity of the requesting party.
4.She consents to share the requested info and her wallet uses verifiable credentials issued by a trusted authority (e.g., national civil registry) to generate a cryptographic proof that she meets the age requirement.
5.The proof is shared with the adult online service, which verifies it instantly without seeing any excess personal information.
6.She is now free to access the online service offering adult content, having proved her identity, while protecting her privacy.
I think the last line might be mistaken and should not be "having proved her identity" but rather "having proved her age".
Or I am not getting it.
-
I think the last line might be mistaken and should not be "having proved her identity" but rather "having proved her age".
The point is to link online characters to real identity, exposing dissidents. Remember, age verification is NEVER about children
-
The point is to link online characters to real identity, exposing dissidents. Remember, age verification is NEVER about children
If you are a pessimist you can believe that's the end goal, but the people working on the current technical implementation obviously are not working towards that.
https://github.com/eu-digital-identity-wallet/av-doc-technical-specification
The age verified peudonomous login is also an identity, for now they are working hard to keep it seperate from real identity. Both for the service provider and the real ID provider.
-
Or I am not getting it.
You need to take a step back, go up a layer and see the flow to see the missing step.
"Who is she?"
Before you can "authorise" you must "authenticate", to authenticate you need to "identify". Its not the former anyone really has a problem with but the later one. That's where the data collection happens, thats where the "master database" happens. Thats where the "third party" leaks come from.
"Who is she?" "Is it just someone else using her phone?", "How do we capture her identity and then authenticate her against it to make sure?"
If it was choice based, it would be used generated keys and passwords THEY, the citizen user, can change and invalidate.
It's bio-metrics. You can't (reasonably) change your face, eyes, finger print. Once compromised you are permenantly compromised.
-
Today, Ursula von der Leyen presented the European Age Verification App.
...and, immediately and predictably, it's been shown to be totally unfit for purpose.
https://x.com/Paul_Reviews/status/2044784814289523093
I've ported the Android app logic to a Chrome extension - stripping out the pesky step of handing over biometric data which they can leak... and pass verification instantly.
Step 1: Install the extension
Step 2: Register an identity (just once)
Step 3: Continue using the web as normal
The extension detects the QR code, generates a cryptographically identical payload and tells the verifier I'm over 18, which it "fully trusts".
This isn't a bug... it's a fundamental design flaw they can't solve without irrevocably tying a key to you personally; which then allows tracking/monitoring.
-
Two or three years ago the Spanish government announced an app which would be required to access adult content and they called it a "passport" which would allow users to access adult content. There was a lot of talk but the thought was that it was just a smoke screen to cover up the many corruption scandals which surfaced every day. There did not seem to be any serious development going on and every time some minister was asked about development state and technical details the answers were always about protecting the children and how the app would be secure, anonymous and all things good. In reality the track record for any software developed by the Spanish government is dismal. So the "porn passport"became somewhat of a joke and was dubbed the "masturport" (pajaporte). with time it just faded into obscurity and I thought it was abandoned but I looked it up just now and they say it is still being developed and will be integrated in "a European project". Which makes no sense but, whatever. It probably just means a few people are being paid for doing nothing. I would not trust any software developed by the Spanish government. And a lot of their websites have been hacked in spite of their assurances.
-
...and, immediately and predictably, it's been shown to be totally unfit for purpose.
A comment (https://t.me/durov/491) from Pavel Durov, the man behind the Telegram messenger:
The EU wants to force mandatory ID checks on anyone using social media — and ban people under 18 from accessing it. To that end, the EU Commission spent over a year building an “age verification app”, which its president pompously unveiled yesterday.
Today, this app got hacked in just 2 minutes.
But don’t rush to laugh at EU bureaucrats.
Their age verification app was hackable by design — it trusted the device (that’s instant game over). Unless the EU is run by clowns 🤡, this is their real plan:
Step 1 — Present a “privacy-respecting” but hackable app.
Step 2 — Get hacked (*YOU ARE HERE*).
Step 3 — Remove privacy to “fix” the app.
Result — a surveillance tool sold as “privacy-respecting”.
The EU bureaucrats needed an excuse to silently start turning their “privacy-respecting” age verification app into a surveillance mechanism over all Europeans using social media. Today’s “surprising hack” just handed this excuse to them.
-
The point is to link online characters to real identity, exposing dissidents. Remember, age verification is NEVER about children
If you are a pessimist you can believe that's the end goal, but the people working on the current technical implementation obviously are not working towards that.
https://github.com/eu-digital-identity-wallet/av-doc-technical-specification (https://github.com/eu-digital-identity-wallet/av-doc-technical-specification)
The age verified peudonomous login is also an identity, for now they are working hard to keep it seperate from real identity. Both for the service provider and the real ID provider.
Age verification shouldn't exist because it does no benefit to you https://www.eff.org/deeplinks/2026/03/ab-1043s-internet-age-gates-hurt-everyone (https://www.eff.org/deeplinks/2026/03/ab-1043s-internet-age-gates-hurt-everyone) https://www.eff.org/deeplinks/2026/03/rep-finke-was-right-age-gating-isnt-about-kids-its-about-control (https://www.eff.org/deeplinks/2026/03/rep-finke-was-right-age-gating-isnt-about-kids-its-about-control)
The people who push age verification are the same group of people who pushed (and probably still going to push) Chat Control 2.0https://fightchatcontrol.eu/ (https://fightchatcontrol.eu/). They don't care about the security of you and your kids. They want to eliminate anonymity and enforce surveillance. Give an inch, take a mile. Chat Control 2.0 is cancelled only because of vehement pushback. Didn't give an inch? still took a quarter mile? half a mile? The age-verification-by-identity is that half a mile.
It's a well known fact that age verification is pushed by digital tech giants such as Metahttps://news.ycombinator.com/item?id=47361235 (https://news.ycombinator.com/item?id=47361235)https://old.reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/ (https://old.reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/), who used target advertisement on kids and teenagers. https://futurism.com/facebook-beauty-targeted-ads (https://futurism.com/facebook-beauty-targeted-ads).
The EU Digital Identity Wallet is also anti-FOSS, that has remote attestationhttps://www.gnu.org/philosophy/can-you-trust.en.html (https://www.gnu.org/philosophy/can-you-trust.en.html) from the US companieshttps://github.com/eu-digital-identity-wallet/av-doc-technical-specification/discussions/19 (https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/discussions/19).
-
Indeed.
-
Two videos covering the latest news out of the America's and it's not good.
https://www.youtube.com/watch?v=12YONf1Wl0I (https://www.youtube.com/watch?v=12YONf1Wl0I)
https://www.youtube.com/watch?v=vSt2yyJMWgw (https://www.youtube.com/watch?v=vSt2yyJMWgw)
-
The text of the bill can be found here
https://www.congress.gov/bill/119th-congress/house-bill/8250/text (https://www.congress.gov/bill/119th-congress/house-bill/8250/text)
After reading it I am not clear on how it wants to achieve the verification because mostly it says the Federal Trade Commission "shall promulgate regulations to carry out this section". So we would need to wait and see what the FTC promulgates.
The way I see it
1- they can force American OS "providers" to include such age verification system in their OS's sold in the US
2- They probably cannot prohibit American providers the selling of the same OS abroad without that feature
3- They cannot force foreign OS providers to do the same
4- They cannot prohibit people from installing whatever OS they want even without that feature.
BUT
5-they can force all US servers of adult content to check the age using that feature so that might force the users to want to install it.
We shall have to wait and see how it develops but I have no doubt the system will be hacked within hours of it being implemented.
-
On websites, apps (from stores associated to the manufacturers) anything on internet and not local I can understand that.
On a device or OS (with nothing else on it) that I brought just no!
Age verification is getting out of hand
* State Sells Your Data But Protects Names of Those Who Misuse It
Reminds me in late 2022 when I spoke to Octopus evergy about their terms and conditions over a fixed rate feed in tariff (for solar panels) and they demanded a smart meter install despite it being a fixed rate deal and wanting a fixed rate feed in tariff, something not needed in the other house for the solar panels there under the same arrangement in 2012.
The gentleman said there was a cut off switch which they'd use remotely in circumstances where the bills are not paid.
He then told me about data protection, your data is well protected and safe with us and complies with blah blah blah and that you can't be identified personally etc apart from, the DCC (Data Communications Company) run by Capita that collects the data from the meter and sends it to Octopus (fine) & the government (is this really necessary?), the police, and our third party partners (BIG NONO) which the gentleman refused to say which 3rd party entities these were. Yes I am sure the figures alone might not personally identify the bill payer but they could always collate the information and apart from the police legally obtaining a court order behind closed doors especially when so many organizations, the government is involved and these third parties that the gentleman refuse to disclose to me over the phone.
I remember saying what if I don't want the data being shared to these unknown to me third party partners and was told that that was part of the terms and conditions for those with a smart meter unless they put it in dumb mode but then no money for the feed power in which was a miniscule 5p? a kwh anyway at the time.
That'd be a blooming lie if the communications module or hub is still there but set in restricted mode under the SEC (Energy Security Code's) recent idea of dumb mode where they can still communicate with the meters and get it to do things.
So I said, Let's get this straight, * You, Capita, the government, the police, third party partner(s), basically EVERYBODY ELSE but the neighbours has access to my data? So refused it on that basis mainly of the non disclosure of these third party partners and no need for that to exist in any terms and conditions which can be open to misuse and abuse.
The whole thing sounded very unfavorable to me for a measly amount in returns for everybody but the neighbours to stick their head in our house through that smart meter, watch and graph everything that is switched on given enough time in the future.
Just my suspicion: I'd rather they have absolutely no reach that enables them such real time access on our usage and rather give one KWH hour figure a day, week or even monthly so they can leave us alone and not interfere, harass, fine us for what time we turn things on, how much power the appliances draw, how efficient they are or anything that could give them an excuse to financially penalize someone say over net zero policies they make up as they go along whilst making more money selling the data.
-
People like you and I are in the minority.
For a while they will just shrug and you go without their services.
Almost all companies now have a seconardy or even primary revenue stream from the data itself. Marketing processors and aggregators will pay hansomly for genuinely sourced up to date info.
As we are in the minority, we will not break this business model, we will unfortunately get discriminated against and denied service though. "Those are our terms and conditions.", "I reject them.", "Fine. Bye".
You would like to think this is where you go to the government and ask about the regulation permitting this or not.... but there you find them sitting in the same office, running the same business with the same 3rd party partners and THEIR reasons are far worse.
Example:
In 2020 I got a kitten. I had her checked out at the vet, vaccinated and chipped. The vet gave me the form for the chip. They got my name, address, phone number, email and the cats details.
Since then they email me telling me that my cat's profile is not fully set up and I must visit their website and update my details. I took a quick look. It's a data capture form. They want everything under the sun. what brands of foot she eats, who her vet is, and so on and so on... all marketing hooks to cross sell to me or worse. They sell me the chip once. But they can sell that data monthly if I update it.
I want an electronic NFC cat flap... however, looking at the options out there, all being cloud locked.... no thank you. I may just go and start a thread in the Tech Projects category instead. How hard can an NFC maglock with Wifi be, right?
-
https://www.youtube.com/watch?v=qFlyCLXdwT0 (https://www.youtube.com/watch?v=qFlyCLXdwT0)
-
Maybe I'm old school but things are getting really messed up.
I remember the good old days when people were paranoid about some psychotic billionaire wanting to chip your brain, replace your job with AI/robots and replace your car with a robo taxi. Yet today we see people like Elon Musk doing the same thing and most are on board. These are the same people talking about freedom of speech while suppressing it and privacy while extracting and selling our personal information. Railing about high taxes while paying none and government handouts while taking as many as they can.
Compulsive lying would seem to have become the norm which we now see daily on the news. George Orwell called it didn't he?. No civilization can function on lies and many speculate ours could be nearing it's end.
https://www.youtube.com/watch?v=3gzkHhSMHIA (https://www.youtube.com/watch?v=3gzkHhSMHIA)
How Civilizations Die, According to Arnold Toynbee
-
Referring to the Roman Empire
A great civilization is not conquered from without until it has destroyed itself within.
- - Will Durant, The Story of Philosophy.
-
Maybe I'm old school but things are getting really messed up.
I remember the good old days when people were paranoid about some psychotic billionaire wanting to chip your brain, replace your job with AI/robots and replace your car with a robo taxi. Yet today we see people like Elon Musk doing the same thing and most are on board. These are the same people talking about freedom of speech while suppressing it and privacy while extracting and selling our personal information. Railing about high taxes while paying none and government handouts while taking as many as they can.
Compulsive lying would seem to have become the norm which we now see daily on the news. George Orwell called it didn't he?. No civilization can function on lies and many speculate ours could be nearing it's end.
https://www.youtube.com/watch?v=3gzkHhSMHIA (https://www.youtube.com/watch?v=3gzkHhSMHIA)
How Civilizations Die, According to Arnold Toynbee
Humanity won't go extinct but will no longer progress. Mass surveillance is still less lethal than, let's say, black death. However, when it becomes total, it's no longer able to overcome the government because the behavior of every citizen can be predicted by AI. This is "unrecoverable dystopia" scenario of existential risk.
https://en.wikipedia.org/wiki/Global_catastrophic_risk#Non-extinction_risks (https://en.wikipedia.org/wiki/Global_catastrophic_risk#Non-extinction_risks)
A dystopian scenario shares the key features of extinction and unrecoverable collapse of civilization: before the catastrophe humanity faced a vast range of bright futures to choose from; after the catastrophe, humanity is locked forever in a terrible state.
-
Humanity won't go extinct but will no longer progress. Mass surveillance is still less lethal than, let's say, black death. However, when it becomes total, it's no longer able to overcome the government because the behavior of every citizen can be predicted by AI. This is "unrecoverable dystopia" scenario of existential risk.
https://en.wikipedia.org/wiki/Global_catastrophic_risk#Non-extinction_risks (https://en.wikipedia.org/wiki/Global_catastrophic_risk#Non-extinction_risks)
A dystopian scenario shares the key features of extinction and unrecoverable collapse of civilization: before the catastrophe humanity faced a vast range of bright futures to choose from; after the catastrophe, humanity is locked forever in a terrible state.
And we've made movies about it.
[attach=1]
-
So, to use my smart thermostat, smart light switches, or smart fridge / toaster, smart car, they will need to know the age of the each person using them?
I don't see how this is a problem.
-
Its okay though. History has shown us how it ends.
The soviets required a central control structure. It needed up to date and accurate information to work.
Farmers sent them rubbish data to look good and not get disiplined for low output.
This went on for decades until the Soviet Union was, on paper, 100 times better off than it was in reality.
The counter to all this mass data capture and surveilance is simple.
Taint the data. It's already happening and the beauty is, while some people are trying to organise it... it is happening "o'natural" and people are just giving invalid and bogus information on all the forms.
-
So, to use my smart thermostat, smart light switches, or smart fridge / toaster, smart car, they will need to know the age of the each person using them?
I don't see how this is a problem.
It isn't, the chip inserted into your hand at birth will verify it's you.
-
https://www.youtube.com/watch?v=Xa3-TkHBh90 (https://www.youtube.com/watch?v=Xa3-TkHBh90)
And three words that should never be allowed to be put together.
Digital Australia Card
-
So, to use my smart thermostat, smart light switches, or smart fridge / toaster, smart car, they will need to know the age of the each person using them?
I don't see how this is a problem.
You really don't?
-
So, to use my smart thermostat, smart light switches, or smart fridge / toaster, smart car, they will need to know the age of the each person using them?
I don't see how this is a problem.
You really don't?
I have a feeling you are missing the tone and intention of the message.
-
So, to use my smart thermostat, smart light switches, or smart fridge / toaster, smart car, they will need to know the age of the each person using them?
I don't see how this is a problem.
You really don't?
I have a feeling you are missing the tone and intention of the message.
Yup, you were supposed to view it as a sarcastic viewpoint.
If I am in the USA, and I want to use a computer at a public library, and I don't have a USA id to verify my age, am I now not allowed to use any such public resources.
What about online net café / gaming arcades?
-
So, to use my smart thermostat, smart light switches, or smart fridge / toaster, smart car, they will need to know the age of the each person using them?
I don't see how this is a problem.
You really don't?
I have a feeling you are missing the tone and intention of the message.
Yup, you were supposed to view it as a sarcastic viewpoint.
If I am in the USA, and I want to use a computer at a public library, and I don't have a USA id to verify my age, am I now not allowed to use any such public resources.
What about online net café / gaming arcades?
You're pointing out the absurdity of linking an OS "account" to a specific person, which indeed doesn't make sense in general. Such a "prerequisite" implies that using shared accounts, "guest" accounts, would become illegal as well. The implications are horrific. Merely allowing a friend or family member to use your "account" would become illegal. Letting anyone use your IoT devices would become illegal too. Your kids would not be allowed to use your family fridge.
Of course you were being sarcastic, but surely this is the point of view of a majority of people, otherwise this kind of laws would never be voted? Or maybe we just don't live in democracies? That can't be true. :horse:
-
If I am in the USA, and I want to use a computer at a public library, and I don't have a USA id to verify my age, am I now not allowed to use any such public resources.
What about online net café / gaming arcades?
This is already happening with the iPhone. At least a limited roll out of this has landed on iOS and the phone asks you to submit to an age verification check and if you refuse to comply... sets your phone to "Child mode" and denies you access to half the internet. No "Opt out". The report I watched even went as far as to say that private messages where being filtered and blurred due to their "client side scanning" tech.
A lot of folks here will be smiling about stay on old tech, but I'm sure they will come for you soon enough.
You see I don't fear the OS issues, or at least I don't think I will. However... the wolf knows there are more than one door.
My PCs and servers are linux. It should be trivial to disable this check.
However...
What about my phone? Android is not in my control?
What about in work when my work laptop starts asking me for a BioMetric scan and age check. Can I even refuse to comply and not be able to work?
As Brian summoned, what about any and all "public" access computers/terminals and even bank ATMs!
BTW. Changes rushing through in the UK are "porting" the driving licenses to the DigitalID One Login system this year. Opt out of that and you can't drive. Sign up to the GovID / DigitalID system is basically required and mandatory to get a professional role in the UK "today". Most 3rd party, off the shelf, back ground checks now require it and your HMRC (tax) login. That requires biometrics, photo ID, etc. etc. I'm already on that database now. No choice. No longer do they ask you for your references and your previous salaries or employment history... they ask you for your HMRC details and they go and check themselves.
Digital ID is completely optional, just like eating and drinking and breathing are.
What about the hypothetical of... this catches on, all governments get on board with it. Then they realise its not worknig, so they move up one layer and demand that these OS's and Applications provide a packet header flag denoting the age of the user and the ISP becomes responsible for filtering and blocking non-adult traffic. Lets put it bluntly. "Non-tracked to the individual traffic". Your digital fingerprint on every packet.
-
BTW. If you explore the "Why?", "Why would they do this?"
Power. Control. Because they now can. Because the technology allows it and almost requires it.
I grew up in the 80s. In my teens I had a running conspriacy theory about the government, no, I called "The system", watching everything you did, credit cards, phones, mail, etc. This was pre-internet for me.
Of course when I grew up a bit and studied computers I quickly learnt that the processing power just did not exist to start coorelating data across all these billions of records. It just just didn't. "The system" was not watching you because they system didn't have enough power or compute to.
In the 2000s I did hold to the "coorelation" issue. All those little bits of information and associations you leave lying around the internet, could, technically be coorelated and aggregated into a profile. Whether it is accurate or not is another matter.
However. Again people rightly pointed out that that power does not exist yet either. Marketers are maybe able to aggregate a couple of close datasets but the effort is high, so the cost is high. If they can sell without doing it, they wont bother.
Now in 2025+ they very much do have that power and that compute and they have the technology in AI that can do that mass coorelation and at minimal human effort too.
This fact alone immediately REQUIRES that governments capitalise on it as quickly as possible. The AI investments we see DEMAND it and are in fact exactly why that level of investment exists and even the banks are holding the risks happily. If it proceeds the banks obligation to do "KYC" gets released from them and all the costs associated with it. Instead it becomes "Know your citizen" and when the bank wants to vett someone is "sound" they just make a GovID API call. If the government say they are sound, they are sound, transaction approved. If the government say that "No, Joe Blogs smell funny", then "Transaction denied", even if it was for a loaf of bread or a tank of gas. Even if the system is completely wrong.
And having such a system that can scan and coorelate millions of individuals across hundreds of datasets and build profiles and answer queries on individuals. Is completely useless unless you have one very key bit of information. A "primary key" for the individual. If you can coorelate all of that together and then pin it onto a single person legally, then it will actually give you the control you want. Therefore. Digital ID is a prereq for all of this and it's why they are pushing it through teh front door, back door and every f'ing window right now.
The weapon we can use against it is to "taint the data". Enough bogus and "looks right" information that is actually made up, deliberately obsfucating or just fabricated will eventually make the whole thing unusable.
.. or I've always been a little paranoid.
-
https://www.youtube.com/shorts/tCKmWVM5iuc (https://www.youtube.com/shorts/tCKmWVM5iuc)
People at least seem to be taking things into their own hands in London.
-
.....
You see I don't fear the OS issues, or at least I don't think I will. However... the wolf knows there are more than one door.
My PCs and servers are linux. It should be trivial to disable this check.
When secure boot and signature based execution are required Linux is no safe haven. Amazon recently announced no side loading on their TV stick, Google will block side loading of unverified apps. Both of these are examples of a Linux environment that it wouldn't be trivial to disable checks.
I've experienced corporate systems already that lock down and check that Linux is secure boot and only executing signed code. It's not far fetched to see that in the future for some "Think of the Children!" law.
-
.....
You see I don't fear the OS issues, or at least I don't think I will. However... the wolf knows there are more than one door.
My PCs and servers are linux. It should be trivial to disable this check.
When secure boot and signature based execution are required Linux is no safe haven. Amazon recently announced no side loading on their TV stick, Google will block side loading of unverified apps. Both of these are examples of a Linux environment that it wouldn't be trivial to disable checks.
I've experienced corporate systems already that lock down and check that Linux is secure boot and only executing signed code. It's not far fetched to see that in the future for some "Think of the Children!" law.
Will your computer's "Secure Boot" turn out to be "Restricted Boot"? https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot (https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot)
-
Will your computer's "Secure Boot" turn out to be "Restricted Boot"? https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot (https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot)
The banking app or some other tools will refuse to launch on "insecure" systems. This will be required by the governments, you know, for safety and security. They also won't accept your digital ID from non-secure booted systems, so you won't be able to do municipal things. You won't be able to use credit cards to shop online and so on. These things are already creeping into the computer world.
The benefits of secure boot and signed code are low-hanging fruit to gain more control.
-
If I am in the USA, and I want to use a computer at a public library, and I don't have a USA id to verify my age, am I now not allowed to use any such public resources.
What about online net café / gaming arcades?
BTW. Changes rushing through in the UK are "porting" the driving licenses to the DigitalID One Login system this year. Opt out of that and you can't drive. Sign up to the GovID / DigitalID system is basically required and mandatory to get a professional role in the UK "today". Most 3rd party, off the shelf, back ground checks now require it and your HMRC (tax) login. That requires biometrics, photo ID, etc. etc. I'm already on that database now. No choice. No longer do they ask you for your references and your previous salaries or employment history... they ask you for your HMRC details and they go and check themselves.
Digital ID is completely optional, just like eating and drinking and breathing are.
You've just described the basics of the 1980s proposal known as the 'Australia Card' (Which was soundly defeated) here's Wikipedia's account of that sorry idea. It was of course going to be a 'voluntary' thing but if you didn't have one you'd be barred from work, owning a home, renting a home, having a bank account, etc...
https://en.wikipedia.org/wiki/Australia_Card (https://en.wikipedia.org/wiki/Australia_Card)
-
Will your computer's "Secure Boot" turn out to be "Restricted Boot"? https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot (https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot)
The banking app or some other tools will refuse to launch on "insecure" systems. This will be required by the governments, you know, for safety and security. They also won't accept your digital ID from non-secure booted systems, so you won't be able to do municipal things. You won't be able to use credit cards to shop online and so on. These things are already creeping into the computer world.
The benefits of secure boot and signed code are low-hanging fruit to gain more control.
or more precisely, "secure" boot only benefits them, not us. I purposely turn off "secure" boot and disable TPM. I guess I'll have to search for ways of emulation/circumvention methods
"secure" boot is part of "Tivoization" https://www.gnu.org/philosophy/tivoization.html (https://www.gnu.org/philosophy/tivoization.html)
-
I am in the UK for a few days and have found out Imgur.com is blocked here. I use some other forums where people host the images in imgur but the images are blocked.
Going to imgur.com yields the message
Content not available in your region.
Learn more about Imgur access in the United Kingdom
It seems related to so-called "data protection" laws. Imgur finds it easier to block UK than to have to deal with the complexities of the law. Many other American sites do the same and block all of Europe or, maybe, all IPs outside of the USA.
I can still get around these blocks by using VPN but it is disheartening to see the one Internet is becoming a number of separate, disconnected islands.
-
It's very disheartening.
I can't blame Imgur for not wanting to deal with Ofcom. The restrictions are significant. Imgur allows almost unlimited user upload capability, to comply with OSA, Imgur would either need to age-gate the whole site (requires engaging with an age assurance provider or taking credit card details), or they would need to filter out adult content, self harm stuff, ...
If they fail to do that, Ofcom can potentially fine them up to 10% of global turnover.
Now the idea of a UK government agency fining a US corporation is fraught with legal difficulty. It's almost certain any US court would throw out such a case, much like Trump trying to sue the BBC is likely to fail on similar grounds. But it would still cost a significant amount to defend. The juice isn't worth the squeeze - what little they'd get from remaining in the UK market isn't worth it any more. So it's easy enough to just geoblock the UK and say, nope, not our problem.
4chan have taken the opposite stance of essentially saying, go on, try suing us, we're in the USA, you're not. As strategies go, it's very likely to succeed, but Ofcom will just not try suing them because the loss of such a case would make them look like total muppets. Well, even more so than they currently look.
You just need a VPN nowadays to access the internet as a global resource. It's particularly annoying for Imgur since they block a lot of VPNs (possibly unintentionally due to similar IPs, but they're ratelimited with an error message.)
-
Well, another thing the UK could do is order Internet suppliers to block whatever they do not want people in the UK to see. But I suppose this could be challenged in the courts of justice.
Essentially it is what LaLiga does in Spain. They claim people watch soccer matches without paying and that Cloudfare is responsible of facilitating this so the courts have authorized that all internet providers must block Cloudfare during soccer matches even if this blocks many other websites that have nothing to do with the issue. The fact that any judge could consider this is fair justice speaks volumes about the "learned judges". They have also subpoenaed the CEO and other executives of Cloudfare and demanded they show up in Spain to answer to accusations. They executives in California must have been laughing like crazy.
What I find most concerning is the accumulation of information about private people by companies like Google, credit cards, airlines, etc. And this is not voluntary on our part. If you want to interact with any bank or whoever, you need to install an app on your phone and you need to have a Google or Apple account to download and install the app. The degree of knowledge and control this gives Google is just outstanding and, IMHO, should not be legal.
A customer of a bank or other business should be able to install their app without going through Google.
IMHO the privacy laws of European countries are useless. Much bureaucracy but no real effect.
-
If you want to interact with any bank or whoever, you need to install an app on your phone and you need to have a Google or Apple account to download and install the app.
No one told that to the major UK high street bank that I use.
I don't have any banking app installed on any of my devices, and I manage to 'interact' with them just fine. Even when things go pear-shaped (such as when the chip in my bank card failed and I required access to emergency funds and a new card).
It therefore 'depends', on where you live and who you choose to bank with.
-
Well, another thing the UK could do is order Internet suppliers to block whatever they do not want people in the UK to see. But I suppose this could be challenged in the courts of justice.
UK courts have already blocked piratebay and sites like that. However, enforcement is spotty. It's been unblocked for several years now here. ISPs do not care what you do with your connections, in general.
Essentially it is what LaLiga does in Spain. They claim people watch soccer matches without paying and that Cloudfare is responsible of facilitating this so the courts have authorized that all internet providers must block Cloudfare during soccer matches even if this blocks many other websites that have nothing to do with the issue. The fact that any judge could consider this is fair justice speaks volumes about the "learned judges". They have also subpoenaed the CEO and other executives of Cloudfare and demanded they show up in Spain to answer to accusations. They executives in California must have been laughing like crazy.
Seriously? Cloudflare covers like, 25% of the internet now. And that is blocked because people pirate football?? Insane.
Seems that it breaks loads of workflows:
https://www.reddit.com/r/docker/comments/1sjio1g/no_one_in_spain_can_docker_pull_right_now_because/ (https://www.reddit.com/r/docker/comments/1sjio1g/no_one_in_spain_can_docker_pull_right_now_because/)
-
Well, another thing the UK could do is order Internet suppliers to block whatever they do not want people in the UK to see. But I suppose this could be challenged in the courts of justice.
UK courts have already blocked piratebay and sites like that. However, enforcement is spotty. It's been unblocked for several years now here. ISPs do not care what you do with your connections, in general.
Essentially it is what LaLiga does in Spain. They claim people watch soccer matches without paying and that Cloudfare is responsible of facilitating this so the courts have authorized that all internet providers must block Cloudfare during soccer matches even if this blocks many other websites that have nothing to do with the issue. The fact that any judge could consider this is fair justice speaks volumes about the "learned judges". They have also subpoenaed the CEO and other executives of Cloudfare and demanded they show up in Spain to answer to accusations. They executives in California must have been laughing like crazy.
Seriously? Cloudflare covers like, 25% of the internet now. And that is blocked because people pirate football?? Insane.
Seems that it breaks loads of workflows:
https://www.reddit.com/r/docker/comments/1sjio1g/no_one_in_spain_can_docker_pull_right_now_because/ (https://www.reddit.com/r/docker/comments/1sjio1g/no_one_in_spain_can_docker_pull_right_now_because/)
Spanish "justice" lives in another world. There was a similar case where a judge ordered Telegram blocked but the protests made him go back on it after just a few days.
https://protonvpn.com/blog/spain-telegram-block (https://protonvpn.com/blog/spain-telegram-block)
On Friday, March 22, 2024, a Spanish National High Court judge ordered internet service providers (ISPs) in Spain to block access to Telegram, but this ruling was suspended on March 25.
The ruling was made in response to a complaint by Atresmedia, EGEDA, Mediaset, and Telefonica, some of the country’s most prominent media companies, that the privacy-focused messaging app is being used to distribute copyrighted content that belongs to them.
There are many web sites affected by the blocking of cloudflare but for now it continues on soccer days and it makes some sites unusable. It is just crazy that they damage the rights of the majority just to protect the rights of a few. This is the equivalent of "there are pickpockets in the underground so therefore we order the underground closed".
-
If you want to interact with any bank or whoever, you need to install an app on your phone and you need to have a Google or Apple account to download and install the app.
No one told that to the major UK high street bank that I use.
I don't have any banking app installed on any of my devices, and I manage to 'interact' with them just fine. Even when things go pear-shaped (such as when the chip in my bank card failed and I required access to emergency funds and a new card).
It therefore 'depends', on where you live and who you choose to bank with.
I thought it would be clear from the context that I was referring to the use of smartphone apps.
And many banks, especially online type banks, require the use of their apps and do not have web interface.
Also many government agencies have apps that must be downloaded through Google (or Apple) and this rubs me the wrong way. I find it to be very wrong that a government makes have a Google account so I can interact with the government. The government should not depend on Google. This is just wrong.
Google has a degree of monopoly power which should not be allowed. The first thing I would do is force them to allow the download of Apps without the need to have a Google account.
-
I thought it would be clear from the context that I was referring to the use of smartphone apps.
And many banks, especially online type banks, require the use of their apps and do not have web interface.
Also many government agencies have apps that must be downloaded through Google (or Apple) and this rubs me the wrong way. I find it to be very wrong that a government makes have a Google account so I can interact with the government. The government should not depend on Google. This is just wrong.
Google has a degree of monopoly power which should not be allowed. The first thing I would do is force them to allow the download of Apps without the need to have a Google account.
Similarly, I thought that my point was clear too. I don't have any banking smartphone apps installed and I still am able to have a fully functional relationship with any of a number of major banks.
To choose to use a bank which only offers access via dedicated smartphone app is exactly that, a personal choice, and also a choice by said bank as to how it wishes to deliver it services. I fail to see how it constitutes 'monopoly power' being exerted by Google.
-
The other way to look at this is the reality.
If Google/Apple were not vetting those apps and if Google/Apple were not actively ensuring their OS safety there would be NO online banking apps.
The only reason they exist at all is because Google and Apple present a security enough platform for them to exist.
Try running your banking app on GrapheneOS and see how far you get.
-
Most banks still allow you to access your accounts via just a web browser, but many have restrictions for some operations that still require using a mobile app to at least validate (or else you have to go to your bank in person). The reason is that there is biometric authentication via mobile devices (fingerprint or face recognition), while there is no such thing, as of yet, on web browsers on a desktop OS. At least not anything that is recognized as secure enough. Now that's usually only required for more critical operations, such as anything that would require signing a new contract, or transfering a large amount of money, so it's not necessary in your day-to-day life.
-
The reason is that there is biometric authentication via mobile devices (fingerprint or face recognition), while there is no such thing, as of yet, on web browsers on a desktop OS. At least not anything that is recognized as secure enough.
Over here in Aus all the banking apps I'm aware of do not require any of that additional security on the device, as they will install and operate happily on devices that lack those features (but still run the same OS).
Some (banking) 2FA apps are just a giant window dressing around a standard TOTP, branded (or not for those that just ask you to use Symantec VIP). What they really care about it not being able to clone/copy/backup the authentication keys which is entirely at odds with what the user wants (do you only have a single house key with zero backups ?).
But soldar is correct that there are neo/"new" banks that don't even have a website and only want to go through an app. To "compete" with that traditional banks are moving some of their products/features to app only. As discussed this is a business choice (reaffirmed by our consumer protection bodies as not discrimination) and businesses will do whatever they like. However, citizens access to government services is generally protected. But for example Australian government(s) are also moving away from fair access with some of their online platforms only being accessible if you have their companion app(s) either for authentication, or app only content....
lols when the "app only" content was clearly just a html rendered page that they would only serve to their app (99% of that app being just sandboxed web browser, used as presentation and most internal navigation).
To choose to use a bank which only offers access via dedicated smartphone app is exactly that, a personal choice, and also a choice by said bank as to how it wishes to deliver it services. I fail to see how it constitutes 'monopoly power' being exerted by Google.
Why are you forcing together two individual clauses that soldar clearly isn't? Requiring citizens to have either a google or apple store account and a supported device, just to access services they are already entitled to seems like monopoly level stuff to me.
Australia had this when the only way to complete your taxes was either paper forms, paying a professional to submit the data on your behalf, or.. using a windows program:
https://appdb.winehq.org/objectManager.php?sClass=application&iId=1123 (https://appdb.winehq.org/objectManager.php?sClass=application&iId=1123)
the official answer, you have to buy windows! but the government will pay you back for that expense:
https://www.theregister.com/2012/07/24/ato_virtualisation_deductions/ (https://www.theregister.com/2012/07/24/ato_virtualisation_deductions/)
But that was back when there was a paper/in-person option still available.
-
If Google/Apple were not vetting those apps and if Google/Apple were not actively ensuring their OS safety there would be NO online banking apps.
I think the question is rightly: what can an app do that a webpage cant? ... that is of benefit/interest to the customer.
Push notifications? No thanks.
Storing the access keys where I cant get to them? No thanks.
-
The other way to look at this is the reality.
If Google/Apple were not vetting those apps and if Google/Apple were not actively ensuring their OS safety there would be NO online banking apps.
The only reason they exist at all is because Google and Apple present a security enough platform for them to exist.
Try running your banking app on GrapheneOS and see how far you get.
It's never about security, it's always about control. There's nothing physically prevent these banking apps from running on degoogled phones. However there's collusion/conflict of interest that made between google/apple and these banks so that those banking apps won't run on other ROMs or modified systems. There are ways to bypass it, it's hard but not impossible
-
The other way to look at this is the reality.
If Google/Apple were not vetting those apps and if Google/Apple were not actively ensuring their OS safety there would be NO online banking apps.
The only reason they exist at all is because Google and Apple present a security enough platform for them to exist.
Try running your banking app on GrapheneOS and see how far you get.
I disagree strongly and your point does not address my point.
First, If you could download the App directly from your bank there is no obstacle in the bank ensuring its security and they could use anyone they wanted, including Google for that purpose. Same as you can download programs to your computer.
But my point is that even if you download it from Google you should not be required to have a Google account. I do not wish Google to have so much info on me.
-
May it please the Court:
I propose that the requirement for phone apps to be downloaded necessarily from Google or Apple, should be prohibited in the EU based on the following grounds:
1- It gives Google excessive and unjustified information of individuals and this contravenes the right to privacy.
2- It ties in a product which the consumer wants (example a bank account but can be anything) with a product the consumer may not want (a Google account). Tying-in has long been considered an anticompetitive practice and often declared illegal. See note below.
3- Users in the EU depend on a foreign company, in this case a USA company (Google) and the company or the government of that country could stop or block the functioning of their services in the EU which would be catastrophic for the daily life and functioning in the EU. This is in fact a yield of sovereignty to the USA which should not be allowed.
Much of the same can be said about American Credit card payment services, especially #3 and #1.
Based on these points I believe the EU should take steps to counter all three of them. For starters and effective immediately Google should be forced to allow the download in the EU of apps without the need to have a Google account.
Next the EU should ensure Google operates in the EU with offices and servers in the EU which can be adequately and effectively controlled by the EU authorities. Probably require Google set up a European subsidiary very tightly controlled.
The EU should not cede sovereignty like this. Apps, banking, payments, etc should be tightly controlled by the EU and not by the USA.
China and Russia have their own systems and the EU should too. We need to stop being an American underage colony.
Of course, it won't happen. EU leaders are useless, not fit for purpose and corrupt as can be.
AI:
Linking the purchase of products—often referred to as tying—is considered an anti-competitive practice when a seller with significant market power forces buyers to purchase an unwanted product (the "tied" product) as a condition of acquiring a desired product (the "tying" product).
This practice is scrutinized under antitrust laws because it can harm competition by limiting consumer choice and preventing competitors from entering the market for the tied product.
Key Elements of Anticompetitive Tying
For a tying arrangement to be deemed illegal, it often requires the following elements:
- Two Separate Products: The tied and tying items must be distinct products, not just components of a single item.
- Coercion: The seller forces the buyer to take the second product, rather than offering it as an optional bundle.
- Market Power: The seller holds significant, dominant power in the market for the tying (first) product.
Examples of Anticompetitive Behavior
Software and Hardware: Requiring that an operating system only be purchased with a specific web browser (e.g., United States v. Microsoft).
Medical Equipment: A manufacturer of a specialized, patented machine forcing hospitals to buy their, and only their, disposable consumables.
Services: A lender making a loan conditional on the borrower purchasing insurance from a subsidiary (a violation of the Bank Holding Company Act).
-
Looks like California is considering an exemption for open source. But don't they know android is open source?
https://www.eff.org/deeplinks/2026/05/one-step-forward-two-steps-back-cas-ab-1856-exempts-open-source-expands-age-gating (https://www.eff.org/deeplinks/2026/05/one-step-forward-two-steps-back-cas-ab-1856-exempts-open-source-expands-age-gating)
-
It's never about security, it's always about control.
My bank very early in the internet banking days used dedicated hardware to sign transactions (and verify them, though only for single transactions) while most banks were using one time use codes or SMS. I think the security guarantees of Google/Apple do play a role in them giving the app leeway to be authoritative.
Security which say Graphene can't offer. Graphene own the keys to the universal backdoor on Graphene phones and they just don't have the same economic incentive and power to protect it as Google/Apple.
-
I cannot see how it could be enforced. How can they prevent anyone from installing any OS?
They can't.
This is political signaling more than anything else. The goal is not to pass a workable law. The goal is to make headlines, signal “I’m protecting kids”, pressure tech companies, establish a bargaining position, appeal to parents who don’t understand the tech. These bills are often written to be maximally dramatic, knowing full well that they will be struck down, watered down, amended beyond recognition and never enforced. The headline is the point.
This is exactly how the UK’s “Age Appropriate Design Code” started — extreme drafts, then a much narrower final law.
-
It's already started. "MidnightBSD Responds to California's Age Verification Law by Excluding California"
Small OS projects don’t have legal teams or resources, so they block California entirely. Midnight BSD is doing what everyone else will do, except Microsoft and Apple and maybe some corporate service Linuxes.
-
This is exactly how the UK’s “Age Appropriate Design Code” started — extreme drafts, then a much narrower final law.
Have you been paying attention? The UK law works the other way. They introduce a small part wait for the public outcry to quieten down, then they start adding the "Amendments" the OSA has had about 3 or 4 tightenings so far and more are coming.
-
If Google/Apple were not vetting those apps and if Google/Apple were not actively ensuring their OS safety there would be NO online banking apps.
I think the question is rightly: what can an app do that a webpage cant? ... that is of benefit/interest to the customer.
Push notifications? No thanks.
Storing the access keys where I cant get to them? No thanks.
There's lot of things that webpages can't do that would be important for a banking app:
- Access touch ID/face ID/etc.
- Store large files on the phone, e.g. encryption keys.
- Verify against custom CAs.
- Prevent screenshots & key/touch capture.
They're also generally slower than native applications because they require JavaScript, and they require a continuous network connection for downloading resources, whereas the mobile app just needs to download e.g. account balance & transactions.
-
If Google/Apple were not vetting those apps and if Google/Apple were not actively ensuring their OS safety there would be NO online banking apps.
I think the question is rightly: what can an app do that a webpage cant? ... that is of benefit/interest to the customer.
Push notifications? No thanks.
Storing the access keys where I cant get to them? No thanks.
There's lot of things that webpages can't do that would be important for a banking app:
- Access touch ID/face ID/etc.
- Store large files on the phone, e.g. encryption keys.
- Verify against custom CAs.
- Prevent screenshots & key/touch capture.
They're also generally slower than native applications because they require JavaScript, and they require a continuous network connection for downloading resources, whereas the mobile app just needs to download e.g. account balance & transactions.
They could do those things, but as above I'm not aware of any that require biometric resources. Current support for browser based biometric (enforced) authentication is mature:
https://en.wikipedia.org/wiki/WebAuthn (https://en.wikipedia.org/wiki/WebAuthn)
Encryption keys should not be large files and the encapsulation of them is exactly what I'm saying is anti-consumer. Oh you lost your phone or it was reset? you'll need to setup all your identity again from scratch from primary documents run through validation as we only let you have one key instance at a time which cannot be backed up, reality of what has and does occur.
Preventing screenshots and key interception is mostly security theatre and gets in the way of useful things like accessibility (screen readers or alternative keyboard entry) or password managers. Oh boy does that one grate me the wrong way, "please enter your password": ... on our custom keyboard looking thing which has completely different layout and operation to the OS default. We got the scaling wrong and keys are too small to hit with the touch API (which isn't using prediction and dynamic sizing for touch input like the OS native key entry) oh well whatever you don't have any other choice.
Banks have been notoriously bad at digital authentication:
https://security.stackexchange.com/questions/266608/should-a-bank-be-able-to-shorten-your-password-without-your-involvement (https://security.stackexchange.com/questions/266608/should-a-bank-be-able-to-shorten-your-password-without-your-involvement)
https://www.troyhunt.com/banks-arbitrary-password-restrictions-and-why-they-dont-matter/ (https://www.troyhunt.com/banks-arbitrary-password-restrictions-and-why-they-dont-matter/)
Locking people out because their end changes the password silently!
Part of the issue of apps is they are (google and apple "stores") distributed through the narrow channel and not available for older devices, oh you cant login until you update your 400MB "app" to get access (real example of a fintech app that has little user function so your claims of data saving are not guaranteed). Not available for that OS you have, no access for you. Sure it's a convenient cost saving for the developers to reduce the testing scope, but we have very widely supported web standards, and from my experience bugs are just as common either way.
-
Preventing screenshots and key interception is mostly security theatre and gets in the way of useful things like accessibility (screen readers or alternative keyboard entry) or password managers.
.. and screenshare utilities whether you know they are install or not. Also remote access systems like "TeamViewer" which exist on mobile phone and are routinely used by scammers to hijack people's computers and logged in online banking sessions.
The phone OS having a secure and validated way of reporting such activity and the banking apps being able to immediately log the user out, prevents that entire genre of scam functioning on mobile devices.
-
Android and iOS both allow the keyboard "app" to be replaced, which is why some of these banking apps insist on using a custom keyboard as a malicious keyboard could intercept passwords and PINs. The better apps force the OS keyboard. There's currently no web API that can say "only accept OS keyboard" as far as I know.
And you can still record the screen unless screenshare permission is forbidden which would allow key presses to be read (you can see the keys change/highlight).
You can't block custom keyboards via web apps and you can't stop screenshots, so web apps for banking are always going to be less secure than native, and slower.
-
Mom simply hands her fully unlocked mobile to her kid(s).
Seen this with kid at the age of 3! Foget about age lock.
-
Preventing screenshots and key interception is mostly security theatre and gets in the way of useful things like accessibility (screen readers or alternative keyboard entry) or password managers.
.. and screenshare utilities whether you know they are install or not. Also remote access systems like "TeamViewer" which exist on mobile phone and are routinely used by scammers to hijack people's computers and logged in online banking sessions.
The phone OS having a secure and validated way of reporting such activity and the banking apps being able to immediately log the user out, prevents that entire genre of scam functioning on mobile devices.
Relying on the OS to enforce no screen sharing by [app choice] is just the same level of confidence as relying on the OS to protect against no screen sharing by [user choice]. Preventing screenshots by the OS is also not the same level of risk.
-
You can't block custom keyboards via web apps and you can't stop screenshots, so web apps for banking are always going to be less secure than native, and slower.
sure, you can walk it off into the "perfect" security system (below). I'm saying blocking screen shots (as distinct from screen sharing) is the sort of anti consumer thing that apps encourage/make-easy and why those sorts of apps are a crap way to interact with things that are routinely done via a website... often with the same provider/service.
Adding app only features that are not at all related to the difference in capabilities/functionality between an app and a website.... anti-consumer.
Look at things like the PayPal app which they push aggressively. No additional features or functionality over the website (perhaps some security advantage) but in return they want access to your browser history, exact location, etc. "just" a 465MB app.
Or a bank offering their 2FA TOPT app, just a TOPT, 160MB and updates every few months, does not support a 3 year old device. A trivial feature which other services let you choose your own tool for instead some upgrade forcing crapware. For a possible sliver of security improvement.
-
This is exactly how the UK’s “Age Appropriate Design Code” started — extreme drafts, then a much narrower final law.
Have you been paying attention? The UK law works the other way. They introduce a small part wait for the public outcry to quieten down, then they start adding the "Amendments" the OSA has had about 3 or 4 tightenings so far and more are coming.
There's more https://reclaimthenet.org/uk-wants-message-scanning-on-phones (https://reclaimthenet.org/uk-wants-message-scanning-on-phones). Full client side scanning, turning smartphones into telescreens.