Senate Bill 26-051 reflects that pattern. The bill does not directly regulate individual websites that publish adult or otherwise restricted content. Instead, it shifts responsibility to operating system providers and app distribution infrastructure.
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established. The provider would then generate an age bracket signal and make that signal available to developers through an application programming interface when an app is downloaded or accessed through a covered application store.
App developers, in turn, would be required to request and use that age bracket signal.
Rather than mandating that every website perform its own age verification check, the bill attempts to embed age attestation within the operating system account layer and have that classification flow through app store ecosystems.
The measure represents the latest iteration in a series of Colorado efforts that have struggled to balance child safety, privacy, feasibility and constitutional limits.
This is getting ridiculous.
Linux is the only reasonable choice anymore.
Not really, the microsoft asshole that coded systemd wants chips on hardware for linux just like 10/11. He’s going to help fuck linux the same way they fucked windows.
Bro Poettering worked for Microsoft for four years after working for Red Hat for fourteen and then left to create Amutable, and no offense, but I don’t see his goals for Amutable to be about trying to force everyone to use his solution as much as giving groups who use massive numbers of Linux servers an option for something they can more securely lock down and ensure hasn’t been fucked with. I don’t think he’s out here building a desktop distribution and telling end-users they need it for security.
This is just FUD fearmongering, especially considering how small the company is. He isn’t forcing the entire ecosystem to adopt his ideas.
If you want to trust the pedomericans, that’s your problem.
Dude, Poettering is literally Guatemalan by birth, grew up in Brazil, and lives in Germany. Amutable is based out of fucking Berlin!
Stop reaching.
“Guys will do literally anything but
go to therapyuse systemd.”And who is he working for ? The pedomericans.
Dude you sound like a Republican talking about china being behind everything. It’s time to fucking reassess and touch some fucking grass.
Show me who on the board of Amutable is who he is “working” for, since he’s one of the founders, and most of the people involved are European, or show me the funding for Amutable that’s coming from these “pedomericans” you claim or seriously shut the fuck up. Because none of what you’re saying makes a lick of sense.
You don’t have to like or use the tools these people create. Are you forced to use systemd? No, there are alternatives. There’s valid criticisms (of which there are many for Poettering) and then there’s whatever horseshit you’re peddling here.
Systemd is so much easier to use, absolutely was not a mistake.
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established.
It’s so fucking obvious the people who wrote this have no idea other operating systems than iOS, Windows and Android exist.
What are you on about? If they get 95% of the population with this it’s still a huge win for them.
AFAIK, only adults can sign up for internet access, so a minor watching porn on the internet is the same as said minor watching their parents’ adult DVDs or drinking alcohol their parents purchased. It’s already illegal for adults to give minors access to these things, so what’s next? Alcohol bottles that only open and DVDs / Bluerays that only play if you can provide an ID and prove your age every time?
DON’T give them ideas!
“OPERATING SYSTEM PROVIDER” MEANS A PERSON THAT DEVELOPS, LICENSES, OR CONTROLS THE OPERATING SYSTEM SOFTWARE ON A DEVICE.
great, for my devices then, that would be me
Age verification is identity verification.
Holy fuck this is bad
Only for privacy and anonymity, companies like Google and Microsoft will do fabulously however. Who donates to him I wonder.
Now instead of asking to verify age, make the parents input the age bracket and you reinvented parental controls. The correct way to protect children.
Account is created? Who said were making accounts for our operating systems
Colorodo democrats have always been lousy. Here they are following texas and montana and tennessee, locking down the internet with dishonest arguments. No one in reality thinks this is about protecting kids, and it’s not the state’s place to do so, it’s the parents, it’s a violation of the 1st amendment to make adults expose their identities to people recording everything they do online and using it against them, and selling it to the government.
We need to repeal these bills, and we need a popular open source of model legislation to counter-act ALEC, that writes these bills and state lawmakers just fill in the blanks, after the united corporations give them a plausible excuse to and pay them off
It is the donors influencing all of them. Corrupt fucks
and it’s not the state’s place to do so, it’s the parents
Not every parent is a good steward or guardian of their children, like those who have been caught cyberbullying their own children or those who send their gay/trans children to conversion camps to “pray the gay away” or even parents who deny their children life-saving vaccination and medical procedures because it conflicts with parental beliefs. A technically proficient parent who is “protecting their kids” could easily be blocking their children from access to information that is important to the child’s development just as much as the government could be.
The argument that it’s always fully the parents right and no one else’s is an unintentional argument in favor of parents treating children like property and normalizing the ability for parents to abuse and control their children under the guise of the false idea that a parent always knows what is best for their child. Plenty of parents shat out kids while knowing fuck-all about how the world works and definitely don’t know what is best for their child.
Government is imperfect, but so are parents.
I actually disagree, because hardware-level verification is basically the most privacy-conscious method of accurately verifying a user’s age. Rather than fighting age verification entirely, I think it’s more productive to start assuming users are under 18 until proven otherwise… Age verification is inevitable, (if you don’t like it, tor is always an option), so we should at least figure out secure and private ways of doing so. Rather than resisting it outright, present them with secure and safe ways to do it. The internet is a dark place full of a lot of creeps, and services like Roblox have proven that they will enthusiastically become nesting grounds for predators unless they’re forced to add safeguards.
Sure, it’s easy to say “just monitor your kids” but no parent can be present 24/7. And in fact, oftentimes parents end up using screen time so they can do other things like chores, without needing to watch their kid. So the “just watch your kids” argument is diametrically opposed to the reality of why parents tend to rely on screens. Sometimes you just need 15 minutes to wash the dishes, without a kid demanding your constant attention. Even I, a child-free person, can understand that. And it becomes increasingly difficult to monitor them as they grow into teens and (reasonably) start expecting their own privacy.
I’ve been saying for a while now that we need to shift to hardware verification. Your device (or for shared devices like desktops, your user account) verifies your age once. And then it doesn’t need to do so again. All of the various sites and apps can simply ask your device “hey, is this user over {age}?” And the device responds with a simple true/false. You’re not needing to give your PII to every single site you visit, and the device isn’t needing to report back to the government every time an age verification check happens. It’s all done locally. The handshake could even be cryptographically secured, to prevent tech-savvy kids from MITM’ing the age check. And then protecting kids online is as simple as not age-verifying their device (and protecting your own password on shared devices). Hell, devices like cell phones could even have the age bracket set by the parent directly, since the phone would be on the parent’s phone bill. Similarly, parents could create child accounts on their shared devices, so kids can access age-appropriate content. It won’t stop kids from getting a prepaid phone, but it’ll at least prevent them from easily verifying that phone.
And it’s also the most elegant for the user experience. As far as the adult user is concerned, they never even see an “are you over 18” verification when they visit a porn site. They simply get access to the site. And kids simply get redirected back to Google’s home page (or more realistically, a page on the porn site saying “hey you failed the age check. If you’re over 18, be sure you do that with your device before trying again, because this is the only page you’ll be able to access until then. Or if you’re under 18, click here to return to where you were before” explanation) as soon as the age check fails.
Hardware age verification is basically the best of every world. You don’t rely on a third-party service to verify your PII (which will inevitably leak it, like Discord did). You don’t need to verify with every single individual site and service. The government doesn’t get a record of every site that asks for verification. And kids are automatically prevented from stumbling across adult content.
I agree that Colorado democrats are typically the “if we cozy up to the right they might stop being mean to us” candidates. I think this bill is a poor implementation, but it’s at least done under the right premise. If we could force hardware manufacturers and/or OSes to support native age verification, it would solve a lot of the current issues that we have.
You make some good points. If what you say is true, then most countries and states won’t adopt this style of verification because compromising everyone is the point. But they could probably set it up so it does compromise everyone at the hardware level.
Is it unrealistic to expect no age checks? We’ve lived through an entire internet without age checks, why is it different now? There aren’t more creeps, the only thing that’s different is our politicians feel emboldened to surrender us to tech. To use age checks as a trojan horse, to get AI behind the walls, to make us all social scores to be used secretly against us.
So I don’t see it as inevitable at all, especially not in the US, with the first amendment. Not in blue states, Colorodo is the only blue state doing any of this as far as I’ve heard either. Because they are conservative sell outs.
So I am on the side or rejecting age checks, and calling them out for what they are, surrendering us to tech for total surveillance, and replacing every politician that has supported it.
We’ve lived through an entire internet without age checks, why is it different now? There aren’t more creeps
I think the big difference is ease of access. For millennials growing up, accessing the internet basically required being at the family desktop in the middle of the living room. Phones weren’t connected to the internet, and cell phones weren’t even common yet.
And kids still got groomed, even when their only access to the internet was in a shared family space. And that began to get more prevalent as devices became smarter and more portable. Now, any 8 year old can get groomed in their own bedroom, while simply playing a video game.
It’s not more common at all, we are being played by the media for this very purpose, and there is no reason we should let them win, there’s no reason they should win, they are using dishonest arguments and a majority agree with us in an honest conversation. Let’s’ call them on their bullshit and stop them, then we can keep your less worse option for when something has to be done, and keep it to show how compromising us is the reason, as they refuse the methods that wouldn’t compromise us.
Just think: Without legislation like this, kids will be able to see people having sex! Thus, ending their lives. Not so different from staring into the eyes of Medusa!
The amount of children exposed to sex that have died—or suffered worse consequences like early onset conservatism—may have been zero so far but the dangers are clear! We must skip right over parental involvement in child rearing and go straight to the source of the problem: Computers.
Computers have been giving everyone access to too much information for too long! We must restrict it! The first step is to get an implementation that actually works to censor information—to save the children (wink wink)—then later, we will have the tools necessary to censor whatever we want!
When glorious dictator decides that information about trans-genic mice must be erased from the Internet, we shall have the power to do so!
We must protect little Billy from seeing tits, so he can keep laser focus on preparing for the next school shooting.
Hear, hear. When I was young my friends and I wanted to see the naked boobies but because the internet had not been invented we just couldn’t. It was impossible! Its not the kind of thing you find lying around!
I would argue that early and excessive exposure to very misogynistic porn can be damaging to a child in that it can reinforce that misogyny and bad sexual patterns/ideas.
I would also argue that it is the job of the parent or guardian of said child to make sure the information they get online (or anywhere for that matter) is age-appropriate, and not the job of the state.
These are clearly laws that are either not well thought through or (probably more likely) intentionally limiting of every citizen’s privacy. I don’t think that even if the porn or bullying or whatever problem was as bad as they say it is that this would even be justified.
When my kids were young, but old enough that they may inadvertently stumble upon porn, I told them the truth. The truth that so few explain to their children. The truth that many adults don’t understand and many more completely forget.
Porn is fake.
It’s not real. The sounds? Acting. The breasts? Those are fake too. The perfect skin? Makeup (or airbrush).
Even “amateur” porn is fake! As soon as someone agrees to be filmed having sex it ceases to be real.
Also, let me get this straight: Your greatest fear from children being exposed to porn is they might begin to accept mysogyny‽ As in, you think porn is the most likely place kids will be exposed to it and somehow just nod their heads‽ “Oh wow, that’s totally sexist! But they’re having sex so it must be OK. I’ll try to be like that!” (Child nods head).
Or perhaps you think kids will be viewing so much porn—specifically, the mysogynistic kind—that it will somehow carve mysogyny into their minds?
This is so much like the beliefs of conservatives that try to ban books that mention LGBTQ people. Stop and think for a moment: How much porn did you view as a kid? How did that impact your life?
I seriously doubt it changed much. Unless, of course, you were reading Playboy for the articles.
Not the OS.
The OS “provider”
Linus Torvalds ain’t gonna check my ID. And i don’t want him to, either.
The os provider is the one who installs it on your computer…
>.>
Well, looks like the ‘above 18’ box was checked by the os provider on my computer, I’m good to go!
Even better!
For fuck’s sake.
What are parental controls?
Every single one of these places except for maybe fucking discord already had parental controls. Fucking Roblox had pretty good parental controls. Why did none of this laws just say “hey this has to be obvious to setup if the account age is set under this limit” if ot was about protecting kids? Because its not about protecting kids.
HOLY HELL
ENOUGH IS ENOUGH
This goes in a better direction than web sites doing it themselves, I think. The government put out an open source tool that runs locally and the browser just gets a yay/nay return code from it.
-
How do they secure age data? Age is most likely two characters, with a max of three characters. If there are penalties for sharing the age data when they aren’t supposed to, how do they secure this? Even with cryptography a two character number with only 70-ish reasonable and expected variations is going to be difficult to secure.
-
How do they ensure no one who is a different age ever uses the device? “Use mom’s iPad” is univseral. Does mom get in trouble for letting her child use her device, does the parent end up with the fine?
However, if a developer has clear and convincing information that a user’s age is different than the age indicated by an age signal, the developer shall use that information as the primary indicator of the user’s age range.
- How do they determine age other than self-reporting with anything other than wholesale spying on user habits? What other way could they possibly glean “clear and convincing information that a user’s age is different than the age indicated by an age signal” other than spying on a user’s device use? This also implies remote-control of the OS if the operating system vendor can change the age-gate remotely based on user habits.
- You don’t.
- Easy. The device constantly captures images of the user and checks them against the user image on file
- By scanning a government issued ID and checking against an online database with poor security.
I feel like #1 and #2 are problems whether its client side or server side. As for #3 I would lean in the direction of there being a one-time check with no persistent knowledge. Like when you flash your ID to the bartender to order a drink. A client app that scans the ID and returns the answer to the requestor.
But I don’t think there is any way to reliably implement this sort of thing. I think it should really just be left to parental control and monitoring.
I think part of the problem is there shouldn’t be a server-side to this. Because that’s opening the door to all kinds of intrusive data-collection to determine age, even if they claim it should be done “minimally.” Define “minimal.” That seems to fly in the face of “clear and convincing information that a user’s age is different than the age indicated by an age signal” which is a direct quote from the Bill.
And as for number 3, I don’t see how no persistent knowledge could work. If the client app has read the data (“scanned the ID”) that means the client-app can now store that data anywhere the client-app has write access.
Further, it’s not like in real life when the bartender can scan the person up and down, look at the ID and make the assessment that McLovin is clearly underage.
If it’s open source it can be verified that it’s not storing the data.
And I 100% agree that software scanning an ID is an overall bad way to verify. With a CC# validation at least that shows up on my statement, but if my kid is sneaky enough to get mine out of my wallet I have no way of knowing.
-
On paper, I like this solution better than every app/site developer having to hack together (or outsource) their own age verification system. But I’m sure it opens up a ton of potential problems. And if it’s open source, someone could just fork it and make a version that always says “yes” so unfortunately it’ll never be FOSS.
Some kind of cryptographic signing of the executable could probably help with that.
Ultimately I don’t believe there can ever be a foolproof solution and the emphasis should be on client-side parental controls.
It wouldn’t even work on paper. All it would take to twist this into something dystopian is requiring cryptogtaphic attestation for the age range, and knowing lawmakers, they would justify it as a countermeasure for kids lying about their age. Expand the feature as a web API so websites can use the “easier” and “more secure” system-level age verification process and—oh look, now we can’t use important websites without a commercial operating system.
It would be like Secure Boot but worse. At least with that you can turn it off or enroll your own keys.
