Anyone reading this purely as a child safety or campaign finance story might miss the broader architectural war happening here. If you zoom out a little, this is the inevitable, scorched-earth retaliation for Apple's ATT rollout from a few years back.
Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
I was equally impressed/terrified by Apple's marketing blitz around client-side-scanning. So many people got paid to advocate for that, and the community barely convinced them it was a bad idea. There's not much hope left for any of FAANG deliberately resisting surveillance.
Well, I certainly prefer if big tech fight each other instead of the user as sometimes there might even come something good out of it - like elevated privacy in Apple's ATT case.
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
Sometimes something good (ATT). Sometimes something bad (this terrible age-verification thing that is a huge barrier to entry for small entrants and comes with massive state surveillance risk).
In the end, all the little people are just collateral damage or occasionally they get some collateral benefits from wherever the munitions land.
All they had to do was exempt free and open source software from the requirements, which are unworkable in the FOSS context anyway, and they would have gotten away scot-free with their tech company pillow fight.
But no, they had to let collateral damage frag the free software crowd, which is inconsequential to their aims anyway, but 100% a huge concern for those suffering the collateral damage.
That law is perhaps an annoyance for Apple, but it can't cost them billions, can it? I seriously doubt that it would cost Apple more than the several hundred million dollars Meta still needs to funnel in order to get those laws passed in more states.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
> That law is perhaps an annoyance for Apple, but it can't cost them billions, can it?
The CEO has 24h in the day, and he/she is asked to be deposed (laws and legal system has that power), it chips away from grand visions. It isnt just money, you cant just stand up a team and be done with it. Everybody will be coming at you.
Expect to see a lot "Y alleges Apple didnt do enough to protect kids" and the burden of proof will be on Apple to make their executives available.
I'm incredibly dubious of the conclusions of this researcher. Claude Opus was used to gather and analyze all of the data.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
I agree. I tried reading some of the documents and they're full of this:
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
Some of these are also just like really weak? One of them for example seems to be some random employee at FB donating ~$1k to a politician and calling that a link. The entire "Proven Findings" is all over the place and provides no coherence. I don't think it's a particular secret that Meta would prefer age verification be done at the OS level so I'm not really sure what the added claim here is.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
This is a fascinating report, not because of the content or even quality of the report, but because of the way it was generated. It is an AI generated report dumped into GitHub and has made it onto the front page of Hacker News with over 1,000 upvotes and many comments.
This type of GitHub-based open-source research project will become more common as more people use tools like Claude Code or Codex for research.
In one part of the report, there seems to be this implicit assumption that Linux and Horizon OS (Meta's VR OS) are somehow comparable and that Meta will be better equipped than Linux if age verification is required.
It doesn't explicitly say "This will allow Horizon OS to become the defacto OS and Linux will die out" but that seems to be the impression I'm getting which uhh... would make zero sense.
More broadly, this entire report (and others like it) are extremely annoying in that I've seen some Reddit comments either taking "lots of text" as a signal of quality or asking "Does anyone have proof that these claims are inaccurate" which is
a) Of course entirely backwards as far as burden of proof
b) Not even the right rubick because it's not facts versus lies, it's manufactured intent/correlations versus real life intent/correlations (ie; bullshit versus not)
All of this could be factually true without Meta being smart enough to play 5D chess
Or of authority, when they're not equipped to evaluate the data first-hand.
The Gish gallop technique in debate overwhelms opponents with so many arguments that they're unable to address them all before the time limit. Reports presented like this are functionally that, but against reader comprehension and attention.
Similarly, being the first, loudest, or only voice claim is unreasonably effective at establishing perception of authority, where being unchallenged is tantamount to correctness. This also goes both ways; censorship in media, for instance, can be used to promote narratives by silencing competing views, like platforms selectively amplifying certain topics to frame them as more proven and widely supported than they might actually be.
It's unfortunate that inexpert execution often positions well-meaning and potentially correct arguments to be discredited and derided by prepared opponents before their merits can be established. In this case, it may be true that Meta may have organized a well-coordinated shadow campaign for legislation using technically legal channels, but I'm sure they've anticipated this at some point, or are relying on the inertia of the system and initial buy-in to force the course.
Does this surprise anyone, just over a decade ago there was a whistleblower who said the government was spying on its own citizens. The president and half the country called him a traitor. The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification. That includes working any job that also requires the use of that tech(Basically all jobs). The only thing that talks is money and when half your workforce is not working(or buying anything because they aren't working) then things will get changed real quick. But most people don't want to do that because no one is willing to suffer short term for long term gains. The govt and 1% know this that's why they increment it slowly overtime with generic causes like "save the children"
> The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
> the way to stop it is to talk to your representatives.
I keep seeing this advice, yet whenever it actually matters, it doesn't really work
No amount of talking to representatives stopped the genocide in Gaza, no amount of talking to representatives is stopping what the US is doing now in Iran
Majority of Congress voted to continue war in Iran, despite an overwhelming majority of Americans being opposed to it
> The only way to stop this from happening is half the country refuse to buy any tech that implements OS age verification.
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
>You're busy pretending like you're going to do a boycott; they're going to boycott you.
What do you mean? They still need people purchasing software and hardware.
You can argue effectiveness, but if enough people say no, then a boycott is extremely effective. The issue is always on awareness and making people take hard actions.
Did Meta spend around 60Mn lobbying for age verification to be forcibly added to every OS install ?
If not, who has been paying to lobby for these age verification laws ?
That seems a question that we should have an answer to.
Forcing an age check upon linux install seems anti-competitive, and a violation of freedom of speech allowed by the Constitution.
Also impractical and ineffective, unless they plan on some sort of bio-metric confirmation of age.
Will they outlaw computation itself, or constrain a personal quota so that only corporations can access approved LLMs and certainly not run a local AGI ?
As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
> Did Meta spend around 60Mn lobbying for age verification to be forcibly added to every OS install ?
Of course they would want this -- as long as the OS reports that the user is over 18 via such a system, then Meta is legally off the hook for any COPPA violations.
> As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
Not advocating for this policy but if a critical argument against it is that policymakers can expect an analogous amount of computer innovation migrating out of the US as it saw in the 80s, then I think policymakers won't care remotely. Quite literally I think the lower bound for the proportion of global computer innovation happening in the US is 70%.
> age verification to be forcibly added to every OS install ?
This should be easy. Just in one of dialogs ask user to create a file 'me_age.txt' with age inside. No changes to OS at all. This will be the 'interface'. Any program can read the file. As far as I understand that's all California law requires (or will require).
Not sure about other versions. Strict verification would require binding to property software/services. Which is equivalent of reporting every user on every install.
I honestly wouldn't be surprised. They are absolutely negative player. But I'm kinda confused how this could even pass and what is the functional reason for this? Because "think about the children" it absolutely isn't.
You can of course chain child to the radiator and let him out but that's obviously not an protection.
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
CFAA has been narrowed in scope through legal decisions but AFAIK it still applies to anyone using false information to bypass security measures. In my view, a federal prosecutor could easily make the argument that age gating is a security measure. You’re welcome to be a test case if you disagree!
Age verification is merely the background task to set up infrastructure for OS to provide many many other signals about who's using the device.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
Nobody stops the government from sending goons to your door right now for a snarky comment. Some govts in fact do it today. It is also cheaper than ai rocket and more precise too
The OP's point can be understood as an automization and mechanization of such targeting. Which will be necessary if the scope of thoughtcrime prosecution is to expand
You're being silly, the missile thing was hyperbole. Your computer will direct the thugs to your door.
> Nobody stops the government from sending goons to your door right now for a snarky comment.
This is just dumb. They literally don't know who wrote it, and have to assign somebody to track you down. The fact that they're putting infrastructure on your computer and on the network to make this one click away for them matters.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Any webconferencing app on iOS probably fires up the TrueDepth camera to power background replacement and could conceivably do that, albeit not so responsively. Recommend heading to your provider and opting out of share-or-sell if you can.
Also keep in mind keystroke dynamics can probably do that too and has been a topic of study in one form or another since the nineteenth century vis-a-vis telegraph operators.
>Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Watch as apps refuse to work when you deny them permission. Also the OS (and “privileged apps”) don’t ask for permission, they have full unfettered access to everything already.
> This is a non-issue because it's almost certainly going to be gated behind a permission prompt.
lol.
> Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
Slippery slope, but an interesting argument. While SteamOS is a thing, Steam isn't my OS.
> Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Really? You think that things built decades ago can't be further built-upon in the now or the future?
This is the doommongering coming to pass. Did it happen overnight? No! But you just provided the excuse! "gee see nothing bad came to pass. We can just use that tool"
> the sponsor of Louisiana's HB-570, publicly confirmed that a Meta lobbyist brought the legislative language directly to her. The bill as drafted required only app stores (Apple, Google) to verify user ages. It did not require social media platforms to do anything.
Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”. I think the OS is a better place than the website. (Let security conscious folks use a standalone device too if desired.)
The astroturfing stuff is obviously sus, I don’t have a feel for whether this is egregious by the standards of $T companies or just par.
> Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”.
Perhaps the "overwhelming" sentiment is paid actors? Or people whose jobs depend on not having that risk assigned to their employers?
What I'm confused about is how the proposed bills would apply to servers.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
We're all going to have to use service accounts created on Windows Server 2003 or RHEL 4, otherwise they won't be old enough and will require manual login from an of-age administrator
The auth server would lie in Colorado. The FS server, in New Mexico. The CPU server, in Nevada. The terminal (the client), in Alaska. Shut down and repeat at random. Watch the lobbies collapsing down tring to sue that monster.
In the CA bill, "User" means child. It's pretty clear that non-human users aren't covered and don't have to participate. E.g. the API can return N/A or any other value for non-humans. If there is a way to make the API applicable only to human children users, then it doesn't even need to be callable for other entities. E.g. on android, each app gets its own uid, so the unix user doesn't correspond to a child, so the API will instead (probably) be associated with another entity (e.g. their Google account, an android profile, or an android (non-unix) user)
Honestly what I hope is that if these bills pass, sysadmins just turn off any server that doesn't have attestation and go off to the beach to collect shells.
Readit News
Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
if "it" is the middle finger, for sure. "terrifying" is a great choice of word for it.
Deleted Comment
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
In the end, all the little people are just collateral damage or occasionally they get some collateral benefits from wherever the munitions land.
But no, they had to let collateral damage frag the free software crowd, which is inconsequential to their aims anyway, but 100% a huge concern for those suffering the collateral damage.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
The CEO has 24h in the day, and he/she is asked to be deposed (laws and legal system has that power), it chips away from grand visions. It isnt just money, you cant just stand up a team and be done with it. Everybody will be coming at you.
Expect to see a lot "Y alleges Apple didnt do enough to protect kids" and the burden of proof will be on Apple to make their executives available.
The methodology appears to be LLM driven, and the contextual framing which the conclusions are couched in, drive conclusions to a specific direction.
It does not clarify between two readings
1) Meta is driving Age verification efforts
2) Meta is being opportunistic with age verification efforts to further its own goals
The larger macro picture is that voters globally are tired of Tech firms and want something done about it.
The second macro trend is the inability of governments to handle/control tech, and are looking for reasons to bring tech to heel.
That’s context results in a sufficiently different degree of culpability and eventual path to resisting privacy reducing regulations.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
This type of GitHub-based open-source research project will become more common as more people use tools like Claude Code or Codex for research.
This file does not exactly fill me with confidence: https://github.com/upper-up/meta-lobbying-and-other-findings...
In one part of the report, there seems to be this implicit assumption that Linux and Horizon OS (Meta's VR OS) are somehow comparable and that Meta will be better equipped than Linux if age verification is required.
It doesn't explicitly say "This will allow Horizon OS to become the defacto OS and Linux will die out" but that seems to be the impression I'm getting which uhh... would make zero sense.
More broadly, this entire report (and others like it) are extremely annoying in that I've seen some Reddit comments either taking "lots of text" as a signal of quality or asking "Does anyone have proof that these claims are inaccurate" which is
a) Of course entirely backwards as far as burden of proof
b) Not even the right rubick because it's not facts versus lies, it's manufactured intent/correlations versus real life intent/correlations (ie; bullshit versus not)
All of this could be factually true without Meta being smart enough to play 5D chess
Or of authority, when they're not equipped to evaluate the data first-hand.
The Gish gallop technique in debate overwhelms opponents with so many arguments that they're unable to address them all before the time limit. Reports presented like this are functionally that, but against reader comprehension and attention.
Similarly, being the first, loudest, or only voice claim is unreasonably effective at establishing perception of authority, where being unchallenged is tantamount to correctness. This also goes both ways; censorship in media, for instance, can be used to promote narratives by silencing competing views, like platforms selectively amplifying certain topics to frame them as more proven and widely supported than they might actually be.
It's unfortunate that inexpert execution often positions well-meaning and potentially correct arguments to be discredited and derided by prepared opponents before their merits can be established. In this case, it may be true that Meta may have organized a well-coordinated shadow campaign for legislation using technically legal channels, but I'm sure they've anticipated this at some point, or are relying on the inertia of the system and initial buy-in to force the course.
In this case they have named individuals and firms as well, without the degree of diligence that such call outs should warrant.
In its current state, I would count it as a prelude to witch hunts.
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
I keep seeing this advice, yet whenever it actually matters, it doesn't really work
No amount of talking to representatives stopped the genocide in Gaza, no amount of talking to representatives is stopping what the US is doing now in Iran
Majority of Congress voted to continue war in Iran, despite an overwhelming majority of Americans being opposed to it
Or, refuse to participate or use any tech that implements OS age verification (start with communication app Discord).
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
Just because you're a pessimist doesn't mean you have to be coy. :)
What do you mean? They still need people purchasing software and hardware.
You can argue effectiveness, but if enough people say no, then a boycott is extremely effective. The issue is always on awareness and making people take hard actions.
And you seem to have been fooled into thinking all victims are powerless.
Turns out they were right
If not, who has been paying to lobby for these age verification laws ?
That seems a question that we should have an answer to.
Forcing an age check upon linux install seems anti-competitive, and a violation of freedom of speech allowed by the Constitution.
Also impractical and ineffective, unless they plan on some sort of bio-metric confirmation of age.
Will they outlaw computation itself, or constrain a personal quota so that only corporations can access approved LLMs and certainly not run a local AGI ?
As with the insane "encryption is a weapon and cant be exported" policy of the 80s, this will surely force innovation to migrate outside the US.
Of course they would want this -- as long as the OS reports that the user is over 18 via such a system, then Meta is legally off the hook for any COPPA violations.
Not advocating for this policy but if a critical argument against it is that policymakers can expect an analogous amount of computer innovation migrating out of the US as it saw in the 80s, then I think policymakers won't care remotely. Quite literally I think the lower bound for the proportion of global computer innovation happening in the US is 70%.
This should be easy. Just in one of dialogs ask user to create a file 'me_age.txt' with age inside. No changes to OS at all. This will be the 'interface'. Any program can read the file. As far as I understand that's all California law requires (or will require).
Not sure about other versions. Strict verification would require binding to property software/services. Which is equivalent of reporting every user on every install.
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
Never stopped people overengineering :P
> Nobody stops the government from sending goons to your door right now for a snarky comment.
This is just dumb. They literally don't know who wrote it, and have to assign somebody to track you down. The fact that they're putting infrastructure on your computer and on the network to make this one click away for them matters.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Also keep in mind keystroke dynamics can probably do that too and has been a topic of study in one form or another since the nineteenth century vis-a-vis telegraph operators.
Cpt America in the Winter Soldier
Dead Comment
Dead Comment
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Watch as apps refuse to work when you deny them permission. Also the OS (and “privileged apps”) don’t ask for permission, they have full unfettered access to everything already.
lol.
> Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
Slippery slope, but an interesting argument. While SteamOS is a thing, Steam isn't my OS.
> Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Really? You think that things built decades ago can't be further built-upon in the now or the future?
Thing is, when these “make the websites collect your ID” proposals come up, the overwhelming sentiment here is “this is terrible and we need to do it lower in the stack”. I think the OS is a better place than the website. (Let security conscious folks use a standalone device too if desired.)
The astroturfing stuff is obviously sus, I don’t have a feel for whether this is egregious by the standards of $T companies or just par.
Of course, the EU option of using proper ZK proofs etc sounds way better as portrayed in the OP. But when you actually dig in, doesn’t the EU effectively mandate OS support too, eg https://eudi.dev/1.7.1/architecture-and-reference-framework-..., https://github.com/eu-digital-identity-wallet/eudi-doc-archi... ? Maybe this isn’t set yet but it seems a likely direction at least.
Perhaps the "overwhelming" sentiment is paid actors? Or people whose jobs depend on not having that risk assigned to their employers?
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
The auth server would lie in Colorado. The FS server, in New Mexico. The CPU server, in Nevada. The terminal (the client), in Alaska. Shut down and repeat at random. Watch the lobbies collapsing down tring to sue that monster.