"Operating system provider" is defined, but that's kinda useless unless "operating system" is defined first.
> 1798.500. For the purposes of this title:
> (i) “User” means a child that is the primary user of the device.
Child is defined:
> (d) “Child” means a natural person who is under 18 years of age.
But that means this is impossible:
> (b) (4) Whether the user is at least 18 years of age.
This law hasn't even passed
So, if you don't run applications, does this matter? Also, enforcement is by the CA attorney general, so random people can't go after you.
So github.com is the violator, here, since it's a software application that may be run by a user on a computer and can download applications (loads of them!).
There's no further elaboration on what age signals are preferred, so my assumption is that a DoB field in the user profile and a system service to request the age bucket is good enough. It's absolutely silly, but DB48X could implement that.
There's a related question of who is actually liable under this law - it seems written to target just Apple, Google, and Microsoft; and it only makes sense in the context of consumer electronics. Like, how does this work with enterprise systems? Servers? Is IBM going to have to rush out a patch for z/VM to ask the system administrator what their date of birth is?
You put the age of the owning company. If the company is under 18 then too bad for you.
There are many way to make the internet safe for kids without removing anonymity. But the they wouldn't get what they want, would they?
There's also a cabal that wants surveillance, but since the California law doesn't require surveillance, this isn't that. The California law just mandates a parental control feature.
Seems to violate the open source definition paragraph 5, no?
- Does such prohibition has any legal force at all? Does it do anything to prevent responsibility according to the bill? Wouldn't just saying "CA/CO have zero jurisdiction over us, get screwed" be a saner choice (of course it would be better if the project wouldn't host on M$'s servers).
- The main project license is GPLv3. GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility. But they still keep GPLv3 LICENSE.txt, which is problematic in itself - if LICENSE.txt says one thing and LEGAL-NOTICE.txt another, the conclusion might be that no license applies so no one may use the software at all!
- If they are reusing any GPL software that they don't hold copyright on, they might be or might not be in violation (would need a real lawyer to say if that's the case or not).
And on the actual matter of things, it's really sad to see California to be on the front line of this crap (this screams ageism). And, dear "adults", screw your parental authority so much. Whatever skills I've gained before the university I've done against an explicit parental prohibition. This is what I live off now. Screw you all.
It's not even just that. The license expressly forbids adding other conditions and restrictions, and says that people who receive software, licensed under the GPL, with added conditions ore restrictions, can just remove those restrictions.
If the author really wants to add a restriction like this, they have to switch to a different license.
It's yet another surface that totalitarian parental control has crept into, and it's a serious problem. Young people kept strictly within the iron grip of their guardians generally aren't the ones who become happy actualized all-star adults.
Obviously there should be some limits on what teenagers and children can access, it shouldn't be entirely free reign, but robbing them of space to bend the rules severely limits their potential for growth and incurs a strong risk of extinguishing their spark.
Is it? The only people who should be deciding those limits are parents. If they fail to set and enforce those limits then any negative outcomes for the child are due to their own negligence, and can be adjudicated as child abuse per those laws.
(And OS makers need to get better at this; from what I understand, it's not difficult for savvy kids to bypass parental controls on iOS and Android.)
The internet is full of amazing things but it is simultaneously a largely unfiltered cesspool.
Imagine you live in the suburbs, but at some point the house to your left got demolished and replaced with a casino that doesn't ID anyone. The house to your right got demolished and replaced with a liquor store that doesn't ID anyone. And the house across the street got demolished and replaced with the headquarters of a local group of political extremists.
Sure, there also happens to be an award winning library a couple houses down. But that's largely irrelevant when it comes to the question of how you're supposed to raise children in this environment.
Even if I did agree, the implementations being rolled out present far more danger to adults than requiring an ID to enter a physical establishment ever could. Internet ID systems are rife for political abuse for example, and requiring age attestation at the OS level endangers general purpose computing, adds yet more hoops for free open source OS projects to jump through, and risks making FOSS OSes illegal to use for those who need an escape hatch from their commercial counterparts the most.
I agree with you that it's up to the parent to keep an eye on their children. But I also think that society has a duty to facilitate that. To that end, I think some minimal regulation regarding self reported content ratings for websites would probably be a good thing.
I don't think anyone disagrees with that. The disagreement is around how intrusive the government should be in facilitating that. And some people (myself included) believe that these sorts of age checks and attestation are too intrusive, even if the stated goal is a good one.
Notice that the context here is a comment farther up the chain decrying the enablement of totalitarian parental control.
And let's not seriously try to say internet availability is the same as free-for-all liquor stores and casinos on as your physical neighbors. It's just not. It's still easier to restrict what a kid does online than it is to restrict their physical movements.
(And frankly, it's not that hard to restrict a kid's physical movements.)
And for reference, when I was talking about my personal experience, I wasn't talking about 80's. More like mid- to late- 00's Russia. The internet was already quite a cesspool at the time, the local IRL even more so. Just I wasn't interested. Once a teen is interested in getting into the edgy stuff there is no amount of regulation can stop them.
That's approximately my whole point. We have zoning laws. We have age verification laws. We have lots of ordinances about what is and isn't appropriate in public and around children and similar. You can't open a strip club across the street from a public school and I think that's a very good thing.
The vast global unfiltered internet is increasingly pervading our lives. I think it is entirely reasonable to enact minimal regulation that stems the tide with respect to a narrowly defined goal.
That's really the thing too. I did grow up in the 80s and 90s, and I managed to find porn and all other sorts of things that my parents didn't want me to have or do. And I wasn't even a bad, difficult-to-parent kid. I was just a pre-teen and teen who wanted to do stuff my parents didn't approve of, just like pretty much every other kid on the planet.
In the end, I turned out fine! Not perfect (I have my issues, like most of us), but I'm happy and successful. I have no doubt that the same would be true if I'd grown up in the 00s like you did.
Section 7 says: All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
Section 10 says: You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License.
> This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below.
Which points you over to this in GPL, Sections 7, Additional Terms:
> Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
> ...
> f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.
This is a condition being imposed by a new law (if/when it passes). Its an attempt at indemnification that is compatible with the law. It seems to pass the reasonableness check.
Although, if there are many contributors to the project, there may not be a clear copyright holder.
If they want to add that restriction, they cannot release it under the GPL; they need to pick another license, or modify the GPL to their liking and then call it something else (assuming the copyright terms of the GPL allow you to make a derived work of the license itself).
You may also use software without a license, if you don't get caught.
Because if so, that seems a lot more sensible than the online crap where you need to give ID or something. I remember someone suggesting requiring an `X-User-Age` header, and having adults responsible for having their children's account setup with their age, which this proposal seems to be more in line with.
From some of the other responses people seem against this proposal, am I missing something? (I only briefly skimmed the links) Is there some kind of attestation/ID required when the age is input?
There's real harms by large businesses such as Meta. Should we pretend those arms don't exist?
> There's real harms by large businesses such as Meta. Should we pretend those arms don't exist?
Frankly I don’t care. Hands off my operating system. I will set up a guerilla sneakernet before I comply with something like this. Find another way to deal with it.
> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure
This seems like an over reaction because of a simple date field
Each of these options lead software to become less and less discoverable leading to the fact that most people will never use anything that isn't complying with these laws. So the end result still hits the desired effect.
Tell children they can't do X, some will find ways around it, tell their friends the workaround and maybe even get a profession out of it. Who knows, maybe one kid will find a text editor and a compiler laying around somewhere...
Fuck, I even tried to learn Russian by myself just to understand those old hacking forums. At least I got proficient in Cyrillic. I don't have children, but definitely I'd direct them to learn reading Chinese.
You sweet summer child.
(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.
Regardless of the technical details of the law(s), the devs are sensibly refusing to prompt for age on a fricking calculator.
Hopefully Linux distros get on board with this and announce non-CA/CO compliance as policy.
Sounds like a fun thought, but almost certainly untrue: https://www.swissmicros.com/product/dm42
All new PCs sold in the late 1990s handedly beat these specifications. On CPU, storage, RAM, and display. The DM42 firmly remains an embedded system that's just enough for the calculator software and not much more.
If you want to take it back to the early 1980s, you start reaching the claim being true.
- A lot of of corporate contributions comes from SV.
- Linux Foundation is incorporated in CA.
- Linus himself is CA's resident AFAIR.
So there is zero chance of claiming no jurisdiction. The only hope is whoever is enforcing this batshit wouldn't go after what is essentially not an OS for the purpose of the bill, but rather an internal component (it would be like going after a vendor of bolts and nuts for noncompliance of a toaster).
Although, if I'm understanding this correctly, I think all they would have to do to comply is have something during installation that asks for the age category, and write a file that is world readable, but only writable by root that contains that category that applications can read.
If you write a story, there must be a character in it somewhere that reminds kids not to smoke. That's all. It's very easy.
However I think mandated actions should to the greatest extent possible be minimal, privacy preserving, and have an unambiguous goal that is clearly accomplished. This legislation fails in that regard because it mandates sharing personal information with third parties where it could have instead mandated queries that are strictly local to the device.
We regulate how a hobbyist constructs and uses a radio. We regulate how a hobbyist constructs a shed in his yard or makes modifications to the electrical wiring in his house.
I think mandating the implementation of strictly device local filtering based on a standardized HTTP header (or in the case of apps an attached metadata field) would be reasonably non-invasive and of benefit to society (similar to mandating USB C).
"Professional" means you're being paid for the work. Debian is free (gratis), contributors are volunteers, and that makes it not professional.
And there are developers who are paid to work on various components of linux from the kernel, to Gnome, does that make it professional?
Is Android not professional, because you don't pay for the OS itself, and it is primarily supported by ad revenue?
Mint started off as Ubuntu. Same project, with none of the support contracts, no involvement from Canonical needed at the end of the day, etc.
On a practical level, it doesn't make sense to put thousands of dollars per user in liabilities to non-compensated volunteers whatever the case may be with regards to the employment of other contributors.
> it doesn't make sense to put thousands of dollars per user in liabilities to non-compensated volunteers
I agree when it comes to individuals. But it probably does make sense to hold formally recognized groups (such as nonprofits) accountable to various consumer laws. I think the idea odd that Windows, RHEL, Ubuntu, and Debian should all be regulated differently within a single jurisdiction given that they seem to me largely equivalent in purpose.
The way this currently exists is basically unenfoceable because the critical terms are not even defined. It's not even ultimately intelligible, which is a prerequisite to enforcing, or even being able to tell where it does and does not apply, and whether some covered entity is or is not in compliance.
Feel free to elaborate. As it stands that's nothing more than name calling.
I wasn't speaking to the current CA or CO proposed implementations (which I don't support as it happens). I responded specifically to your statement:
> It's not that it's difficult, it's that it's arbitrary and a form of commanded speech or action.
My response being that I think it's acceptable for the regulator to require action under certain limited circumstances.
Sure, a lot of the userspace was GNU, but a lot of it ... wasn't. Things like PAM, the init system, and the network config tools, off the top of my head. A lot of system-specific tools come from "not-GNU", too.
You can't discount how much of early Linux was "GNU", and how big a deal GCC and GNU libc (and the rest!) were, but it's disingenuous in my opinion to call GNU an "operating system" that you just plugged Linux, the kernel, into. Even today, as far as I can tell, there is still not a true GNU system. Guix comes close, in terms of being "GNU-ish", but the most usable Hurd distro (AFAIK!) is Debian, where, again, a lot of components come from Debian, rather than GNU.
And, as you say, modern systems have drifted even further from being GNU. They have lots of GNU components, but so did, say, the Sprite OS, or a lot of 4.4BSD derivatives.
I strongly encourage the EFF to sue the FSF over not shipping age verification in Emacs, since in every respect Emacs fits these criteria; it is a computer environment that avid users can reside fully within to operate their system, and its publisher operates a directory+repository system at https://elpa.gnu.org. I think that both organizations would be excited to pursue that lawsuit pro bono, since it would evidence such significant flaws in the law that it might be struck by the court.
Incidentally, this likely also implicates Tesla and BMW as not requiring age verification before allowing users to download updates containing new pay-to-unlock applications from their vehicles’ in-app purchase marketplaces. I’m sure they would both be happy to help overturn this law once implicated in violating it.
They are not a covered application store, but they are an operating system provider, so the law does apply to them.
Developers are not lawyers, so they cannot be expected to know every subtle detail of the law, and not how these laws are then interpreted (in a often non-logical way) by courts.