I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like.
-
@whitequark @dalias @rcombs From my reading, the OS provider would be held liable. The law does allow a simple warning at first, but it's up to a court and intent counts, so not implementing it intentionally would likely remove that option from you (^F "Art. 35" for the relevant part)
-
@whitequark @natanbc @rcombs This isn't an answer in terms of case law there, but in general, we have long held that writing FOSS is expression, and that while building products (physical things, preinstalled systems, maybe automated installations? etc.) out of it might be subject to laws and regulations, nobody can tell us what we can or cannot write upstream. This is a principle we should continue to fight for. If we lose it we will regret that.
@dalias @whitequark @natanbc okay? but clearly a lot of downstream consumers are going to need the facility, so providing a standard (optional!) interface for it is prudent as an upstream infrastructure maintainer, to avoid obvious painful fragmentation?
-
@dalias @whitequark like, even if you *did* intend to take this to court, the correct de-risk is clearly to implement the extremely simple required API in advance, so you can roll it out quickly and not end up in contempt if the court case doesn't go your way
-
@whitequark @dalias @rcombs No idea, the law barely even mentions OSes, I doubt they ever considered anything other than Windows/macOS when writing that part of it. There's some room for arguing in court in the case of a Linux distro or similar on the basis of social purpose, but that's still lawyers and $$$
-
@dalias @whitequark like, even if you *did* intend to take this to court, the correct de-risk is clearly to implement the extremely simple required API in advance, so you can roll it out quickly and not end up in contempt if the court case doesn't go your way
-
@dalias @whitequark like, even if you *did* intend to take this to court, the correct de-risk is clearly to implement the extremely simple required API in advance, so you can roll it out quickly and not end up in contempt if the court case doesn't go your way
@rcombs @whitequark No, you don't get contempt for taking reasonable time to comply with a court order.
-
@rcombs everyone knows young people will lie about their age. this enables them to lie about their age very easily. why the fuck would you put up a fuss about it
@whitequark @rcombs I still remember the advice on the Internet was never share your real name, age, and where you live.
-
@whitequark @rcombs I still remember the advice on the Internet was never share your real name, age, and where you live.
-
@whitequark @rcombs yeah it's a real shame
-
@rcombs @dalias @whitequark where are these businesses related to desktop Linux that are going to be sued by the California AG and in which the AG can prove with a preponderance of the evidence the number of children affected by negligent violations? The fine depends on that.
-
@rcombs @whitequark No, you don't get contempt for taking reasonable time to comply with a court order.
@dalias @whitequark you may well get the fine if the court rules against you and you'd been out of compliance the entire time without a preliminary injunction in place (and who knows if a court would grant one for this)
this is not risk any business should be expected to take
-
@rcombs @dalias @whitequark where are these businesses related to desktop Linux that are going to be sued by the California AG and in which the AG can prove with a preponderance of the evidence the number of children affected by negligent violations? The fine depends on that.
@wwahammy @dalias @whitequark the most obvious candidate is Valve? and I'd expect it'd be very possible to come up with cases for Canonical and perhaps Framework
the preponderance of the evidence standard simply means "more likely than not", and any competent AG is going to be able to convince a judge or jury that at least a few thousand kids have probably used Steam Decks in California
-
@wwahammy @dalias @whitequark the most obvious candidate is Valve? and I'd expect it'd be very possible to come up with cases for Canonical and perhaps Framework
the preponderance of the evidence standard simply means "more likely than not", and any competent AG is going to be able to convince a judge or jury that at least a few thousand kids have probably used Steam Decks in California
@rcombs @dalias @whitequark Valve, totally agree on, they'd be screwed and I get why they'd comply.
I don't see how they could plausibly count the other ones and more relevant, why would the AG of California use its limited resources to do so? It doesn't make sense.
-
I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like. you know basically every online service has been required to ask for your age since 1998? this is literally just "at account creation, the device owner can set an age field. to whatever they want. and then apps can query that instead of asking themselves."
you can set it to the unix epoch if you wantI guess my takes here come down to:
1. of all the age verification/declaration kerfuffles going on lately, this one is the least-invasive small potatoes imaginable
2. not sure why this has to be said, but you have absolutely no right whatsoever to demand that other people die on the hill of your choice
3. given that some people are going to reasonably choose not to die on this particular hill, it's entirely reasonable for upstream infrastructure maintainers to provide a trivial API surface that downstream consumers can choose to expose or not -
I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like. you know basically every online service has been required to ask for your age since 1998? this is literally just "at account creation, the device owner can set an age field. to whatever they want. and then apps can query that instead of asking themselves."
you can set it to the unix epoch if you want@rcombs@social.treehouse.systems I've seen a hilarious take of "not every application, written by anyone, should be able to access your birth date"
But that's already the case.. any application could simply already ask for it, and most people would supply it
And in either case, just enter whatever you want, it doesn't have to be correct... -
@whitequark @rcombs yeah, I've been lying about my age online since I was 24!
(in 1998. I was born in 1984)
@foone @whitequark @rcombs I’ve been born on 1901-1-1 for a long time. Unless it was 2-2-1922 for some stupid reason. It was a bad year to be born but I’m generally of age.
-
I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like. you know basically every online service has been required to ask for your age since 1998? this is literally just "at account creation, the device owner can set an age field. to whatever they want. and then apps can query that instead of asking themselves."
you can set it to the unix epoch if you want@rcombs danbooru didn't ask for my age when i went on it to goon -
I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like. you know basically every online service has been required to ask for your age since 1998? this is literally just "at account creation, the device owner can set an age field. to whatever they want. and then apps can query that instead of asking themselves."
you can set it to the unix epoch if you want@rcombs From what I understand, the California laws (and many other state-level laws or proposals which are directly based on the California legislation) could probably allow self-reporting.
The New York proposal goes further though and explicitly prohibits users self-reporting their age and requires "commercially reasonable and technically feasible age assurance" at device activation. So that means hooking the system up to some Persona-like online age provider, and there I wonder what the response from the Linux people will be.
-
I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like. you know basically every online service has been required to ask for your age since 1998? this is literally just "at account creation, the device owner can set an age field. to whatever they want. and then apps can query that instead of asking themselves."
you can set it to the unix epoch if you want@rcombs
So it doesn't recognise people older than 56? -
facebook, google, tiktok, etc are tired of losing money to COPPA fines and this is their method of shifting the liability back onto the user
immediate and unquestioning compliance is critical to ensuring that even if the laws get fixed or repealed, they can continue to claim in court they're not liable for violating children's rights because these systems 'are everywhere'
CC: @whitequark@treehouse.systems @rcombs@treehouse.systemsi wish people would have taken your suggested attitude towards secureboot...
now we live in a world where bootloader projects are dependent on and fearful of microsoft revoking their computer license. and google is just unilaterally killing installing unsigned programs on the computer. linux folks, freedesktop and systemd scrambeling to build the shadowrun dystopia...
and its always in the name of security.
CC: @dalias@hachyderm.io @whitequark@treehouse.systems @rcombs@treehouse.systems
-
R relay@relay.infosec.exchange shared this topic
