Since a lot of miscellaneous online accounts are reacting glibly to the idea that states like California and Colorado could force Linux to bake forced age verification into the kernel, my instinctual response is to a) disregard the opinions of smug computer guys because they're usually libertarians and b) consider which vectors these laws will actually be enforced through. There is a clear sweeping effort to implement these policies, so I assume the effect will be somehow tangible.
Since I'm doing self-study for IT certs at the moment, I’ll list out all the ways I can think of off the top of my head, though some, if not most, will be overcomplicated/inefficient. Disclaimer that I am only doing some investigating here and relying on my prior experience/knowledge otherwise (reason: eepy) so do not take this as anything definitive/inherently correct. I'll try to skip over the ones that have the same vector of implementation/execution (I.E. where are they enforced through?)
- Client-side:
- via hardware/manufacturers - controls on boot loaders via boot-restriction mandates, so that commercial laptops and desktops sold in the US are required to ship with UEFI firmware that refuses to boot un-American operating systems.
- via OS distributors - operating systems/distributions made by companies operating in the US are required to integrate age verification protocols into their onboarding experience in order to continue operating/doing business in the US, or in order to avoid fines. Microsoft, Apple and Google would probably already be on board with this from the jump, so what's a few rankled Linux distro maintainers going to do? Not comply? Time to pack your shit and move, then! Now you can't access the consumption core as a market anymore. Sucks to suck!
- via browsers - Browser controls. This is how it could transmit your information reliably to web servers. Google is based in the US, Mozilla is based in the US, Apple is based in the US. Chrome (plus all US-based Chromium forks), Firefox and Safari now ship with a process that verifies you have a digital ID registered on your device, prompts you to register one if you don't, and locks you out until you do.
- Server-side:
- via websites/applications - All social media (or even all sites/apps) operating out of the US are legally required to validate against a digital ID protocol baked into your operating system, routed in via your Freedom-Compliant Browser as a mandatory fingerprint that you can't not expose. If the digital ID is determined to be not present, either through subversion or non-compliant software, you cannot access the site. This would probably be selectively enforced w/ regards to penalizing the sites themselves, because otherwise Silicon Valley throws a tantrum, but it would force your browser to expose your age at best and your identification hash (or however they would decide to implement the protocol such that you are a traceable entity) at worst.
- Social enforcement:
- on an individual level - Even if it's not 'truly enforceable' if you find a hack that lets you bypass it because you know how your device works, it could be used as a charge-stacking/pinning vector for dissidents, call it Digital Identity Fraud.
- on a corporate level - Most of them will pre-comply, but if they don't, just declare their products non-compliant with the law and treat them accordingly, killing their legitimate revenue and forcing all non-compliant systems underground so laymen decide it's not worth the trouble of navigating even if it's better for them, like piracy
Ultimately this is just me theorizing with my limited half-finished A+ cert study knowledge and general tech understanding, but I tried to engage the thought experiment on how this could be turned into something tangible as best I can.
I'd like to turn this over to people who might know more than me here. Is my idea of how this might be implemented (if done competently) consistent with the underlying tech, or am I misunderstanding some things? What other vectors might be used here? If these new bills pass, does anything change for us? What could our approach be individually/as a site/as a movement? What behavioral changes should we implement with regard to our internet usage as precaution? Would appreciate answers to any of these bits, even individually. Thus far the only approach that I can think of on 5 hours of sleep is the correct approach and has always been the correct approach and that is to 
but I'm curious if and how we can struggle against the furthering of the panopticon as targets of it.
I don’t think it’s feasible tbh, not without killing self-assembled pc as such, and offline installations are requirements in some fields, so like eh.
Browsers might be more viable, but then again - if a price of absence of id verification is google docs don’t work - whatever, shitty css readers can be done with a box of scraps
Phones are absolutely possible, despite efforts, i don’t think even f-droid will bypass some hardware locks, but i use my phone as a normie simulator anyway, banks/bills/news/music/games
What is more hopeful, there is nothing better on the horizon of hardware physics, after 16a by tsmc there is basically abyss of 3% improvements via infinite money, carbon nanotubes are fucked for now, germanium is nuts both from thermal and price, optical stuff is nowhere near ready or feasible for logics, so like next hardware could easily be as good as it gets for a decade (although you can see that already in gpu, if one ignores upscaling, which is software side anyway, outside of fp8 buildout logics, to say you got more teraflops), and might all be snatched up by data center perverts anyway.
Phones are evolving, but like due to material advances with oleds, cameras are basically same with neural networks doing the lift (some of which i can even be describe to be neutral, but something like samsung upscaling pixelated moon from screens already shows we are going into platogooncaves)
Embrace boomer side and don’t change shit for 2 decades is what im saying.