Privacy

46745 readers

793 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Colorado lawmakers push for age verification at the operating system level (www.msn.com)

submitted 2 days ago by StopTech@lemmy.today to c/privacy@lemmy.ml

17 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Einhornyordle@feddit.org 3 points 1 day ago (1 children)

The title is very misleading. This is the actual bill that they are trying to pass. The link already includes a summary, so I will just give you an even simpler explanation and some practical examples why this is actually really neat.

First of all, this is not age verification. No IDs have to be submitted, no selfies or videos will be submitted to any age estimation AIs, so put your pitchforks away (for now, until they decide to expand the bill to include these measures as well, then it's time to burn it down). The name of the bill already tells you what it is: Age Attestation. Aka what every piece of software already does before it shows you explicit content.

With the bill in place, every "operating system provider" has to ask you for your age or date of birth during OS setup, which will then be made available to other software via an API. So instead of having to fill in your date of birth or checking "Are you 18+/21+?" boxes, software will use the new API to check instead, saving you the trouble of doing it manually every time for every application that is not made for all ages.

What makes it even better is that the OS does not have to provide your actual age or birth date, the bill has a minimum requirement of just disclosing age-bracket data. So it could work just like age ratings, which also rely on age groups rather than specific years. Also, the bill explicitly forbids asking for more than your age, sharing more than that via the new API and using the entered age data for anything else than the described purpose, like sending it to a server for tracking purposes.

And finally, as mentioned in the beginning, no IDs or anything else as it is with age verification necessary. You can still lie, just enter 1.1.2000 or whatever you want. Nothing changes, except that you will only have to do it once every time you reinstall/reset your OS or buy a new device.

[–] Buelldozer@lemmy.today 1 points 22 hours ago (1 children)

This bill is not "neat". It literally REQUIRES every piece of software in existence to query for the users age bracket. Do you think that any F/OSS software devs are going to comply with this horseshit?

[–] Einhornyordle@feddit.org 1 points 17 hours ago (1 children)

Where in the bill does it say that? And where would that make sense? What would Notepad or File Explorer do with my age range? That would make no sense at all.

And yes, as a professional developer I would definetely comply and use this API instead of bothering my customers every time by askIng them to confirm their age, but since I've never worked on any age restricted software in the first place, it does not affect any of my products.

[–] Buelldozer@lemmy.today 1 points 6 hours ago* (last edited 6 hours ago) (1 children)

Where in the bill does it say that?

I appreciate that you provided a link to the bill in your previous comment and I'm taking my response directly from there. Here's a quote of the first sentence of the bill summary.

"The bill requires a developer to request an age signal with respect to a particular user from an operating system provider or a covered application store when the developer's application is downloaded and launched. " (Emphasis Mine).

Okay so maybe it's a bad summary, let's look at the text of the bill. On the 2nd page it says:

Then again on Page 5:

"(2) (a) A DEVELOPER SHALL REQUEST AN AGE SIGNAL WITH RESPECT TO A PARTICULAR USER FROM AN OPERATING SYSTEM PROVIDER OR A COVERED APPLICATION STORE WHEN THE DEVELOPER'S APPLICATION IS DOWNLOADED AND LAUNCHED."

So yeah, the bill literally says it in both the summary and the text.

So what is an application?

From Page 3 "APPLICATION" MEANS A SOFTWARE APPLICATION THAT BE RUN OR DIRECTED BY A USER ON A DEVICE." Huh, no ambiguity there.

And where would that make sense? What would Notepad or File Explorer do with my age range? That would make no sense at all.

Ask Colorado and California, it's their legislation.

And yes, as a professional developer I would definetely comply and use this API instead of bothering my customers...

That's good because if you don't then you cannot have users in California nor in Colorado (assuming this legislation passes in Colorado).

...every time by askIng them to confirm their age, but since I’ve never worked on any age restricted software in the first place, it does not affect any of my products.

**Why do you think that matters?**There is no exception for your apps in the the Colorado or California legislation! You as a dev MUST comply with this law. If you choose not too then I hope you are prepared to deal with up to a $2,500 fine per user that turns out to be a minor!

"6-30-104. Enforcement - penalties.3 (1) A PERSON THAT VIOLATES THIS ARTICLE SHALL PAY A CIVIL PENALTY OF NO MORE THAN TWO THOUSAND FIVE HUNDRED DOLLARS FOR EACH MINOR AFFECTED BY EACH NEGLIGENT VIOLATION, OR NO MORE THAN SEVEN THOUSAND FIVE HUNDRED DOLLARS FOR EACH MINOR AFFECTED BY EACH INTENTIONAL VIOLATION. THE ATTORNEY GENERAL SHALL ASSESS AND RECOVER THE PENALTY IN A CIVIL ACTION ."

Hmmm, okay well what is an "app store", maybe your app is distributed in a way that allows you to sidestep the law?

"(5) (a) "COVERED APPLICATION STORE " MEANS A PUBLICLY AVAILABLE INTERNET WEBSITE , SOFTWARE APPLICATION, ONLINE SERVICE, OR PLATFORM THAT DISTRIBUTES AND FACILITATES THE DOWNLOAD OF APPLICATIONS FROM THIRD- PARTY DEVELOPERS TO USERS OF DEVICES ."

Soooo, if you're stuff is available on Google, Apple, Microsoft, Samsung, GOS, STEAM, EA, or anyone else's app store you need to comply. If your stuff is distributed from your own website you need to comply. If your stuff is distributed from GitHub you need to comply. If your stuff is distributed via package manager on Linux (that's a software application!) then you need to comply.

Colorado's legislation is slightly smarter than California's in that it at least carves out some exceptions regarding applications for Enterprise, Commercial, and Government use but there are still caveats.

tl;dr This law and California's clearly and specifically apply to applications as well as Operating Systems, are not "neat", and its easy to predict that most F/OSS developers absolutely will not comply with these restrictions.

[–] Einhornyordle@feddit.org 1 points 4 hours ago

I see, I don't know how I missed that, thanks for pointing it out. I still think that the API itself is neat and I'd love to see that for the sake of comfort, but I also agree that the enforcement to use it even when it makes no sense to do so is just stupid. Let's just hope that they fix this overshot at least if they refuse to drop it altogether.