As of today, about half of all U.S. states have some form of age verification law around. Nine of those were passed in 2025 alone, covering everything from adult content sites to social media platforms to app stores.
Right now, California’s Digital Age Assurance Act (AB 1043) is all the rage right now, which targets not only websites and apps but also operating systems. Come January 1, 2027, every OS provider must collect a user’s age at account setup and provide that data to app developers via a real-time API.
Colorado is also working on a near-identical bill, which we covered earlier.
The EFF’s year-end review put it more bluntly: 2025 was “the year states chose surveillance over safety.” The foundation’s concern, which I concur with, is, where does this stop? Self-reported birthday today, government ID tomorrow? There appears to be no limit to these laws’ overreach.
Told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you-
this is the pipeline to fully
trustedrestricted computing.Linux couldn’t possibly comply properly with these new restrictions? Consumer grade prebuilts and laptops now only run “certified” operating systems, just like most mobile devices.
Surveillance and censorship are the ends, “age” (identity) verification is the means.
The problem with Linux for the government is that it has a unique ability for being easily modified by users. You sure can force some very popular distros to follow these laws but you cannot force less popular distros made by enthusiasts to comply. Especially if those enthusiasts live not in your country.
One should be able to skip it when creating an account and then it should default to Jan 1st 1970 on all open source OS’s to provide anonymity.
The most practical solution is probably to “not sell Linux in California anymore”. I guess distributions could geofence the iso download page for plausible deniability and then that’s that, right?
Who the hell is “selling” Linux?
The offical linux shop, obviously – though your local PC sales/repair shop can probably order you a copy. I understand that Linyos Torovoltos grew up under communism and originally couldn’t legally sell Lunix, but the Soviets lost the cold war decades ago.
I’d rather spend a few bucks for a legitimate copy than risk installing some virus infested illegal version off some sketchy website.
I went to your second link and I think it gave me a virus. I keep having these verbal tics now.
Oh no, that’s the first phase.
You need to get your computer to an A+ certified tech and have your OS reinstalled ASAP. If you delay you’re looking at a lifetime of buying old Thinkpads off the Internet.
Red Hat.
The other distros? No idea.
I knew someone was going to come back with Red Hat. I just didn’t expect it to be you!
Hey even I use Linux daily.
Actually, I’m not really sure why “even I” should be shocking. I write code for a living. Surely I should be using Linux once in a while.
Anyway RHEL is probably the only Linux distro I can think of that costs money and comes with support. The major cloud providers sometimes have their own Linux distros they use as well (looking at you, Amazon) and you can argue they are selling Linux, but not as directly as RHEL does.
I’d like to go back to KDE Neon, but it doesn’t play nice with thermals on my Surface.
(and I totally expect you to be a Linux user … why haven’t you bragged about using Arch yet?)
why haven’t you bragged about using Arch yet?
Well Manjaro is Arch-based, but it feels like cheating to say that. Anyway, I used Manjaro, btw.
I have an official Ubuntu CD, but I think it was just a donation, or maybe a “pay shipping” thing.
Your Linux distro may be next. I use Arch by the way.
I couldn’t find any threads on the forum about this. I would like to know how/if Arch will handle this.
I lolled. Thanks I needed that.
Do you actually wear pink knee-high socks? I’m dying to know.
Of course you do.
He’s a player, after all. 101010 (I assume that’s binary for 80085).
We don’t talk about 80085. Who the hell turns their calculator upside down now?
Wait, so instead of me telling every website I’m 90, I’ll tell my OS I’m 90 and the sites will query that, and this somehow works better? I’m not 90 btw, so all I’m doing is just changing who I’m lying to from zyn.com to Fedora? Great plan.
They know people will do this. It’s only stage 1. After this system is integrated, they will complain that people are misusing the feature and it needs to be upgraded to ID or biometrics. Boiling the frog.
The very day I hear that my os is asking people their age is the day I find a different one.
Time to get a permanently offline machine.
Overkill. Just find the illegal no-age-collection ISO. Installing with your middle finger raised is optional, but recommended.
The population of the united States has suddenly jumped in age to 54. They don’t give Fuchs.
Age verification today. What other BS surveillance info tmr?
This is not going to work people will distribute linux distros on mesh networks like libremesh or meshtastic networks.
I don’t think Meshtastic would work for that with a 200char limit.
Usenet and torrents otoh, already can’t stop that. Not to mention lying is still a thing. I’m 136 years old so I should know.
Me and the other 99% of Steam users allegedly born on January 1st agree with you
I said that people would use mesh networks like meshtastic or libremesh. Not those exact mesh networks.
Fair enough
The OS angle is huge, and worth picking a fight with, but I haven’t seen any coverage over how this goes after developers too.
I think this is an attack on ALL open-source.
These bills are written by people who are clearly or maliciously tech illiterate and don’t understand either the terminology or the practical impacts. And of course it’s wrapped in ‘what about the children?!’
They include definitions like (paraphrasing; not quoting a specific bill, but New York, Colorado and California do this):
- “Application” is any software application that may be run on a user’s device – so … EVERYTHING.
- “Application Store” is any publicly accessible website or similar service that distributes applications – so … also everywhere, such as GitHub or GeoCities.
- “Developer” is a person who writes, creates or maintains an application – so if you have a github repo, or you’ve posted a binary or perhaps even a script somewhere recently, you’re a developer.
And then require both developers and operating system providers to handshake this age verification data or face financial ruin. I think the original intent or appearance of intent is that the store developer needs to do the handshake. I’m not a lawyer, but I can’t imagine these definitions aren’t vague enough that they can’t be weaponized against basically anything software.
I have a github account, and have contributed to “applications”. As I read them, these bills pose a serious threat to me if I continue to do so, as that makes me a “developer” and would need to ensure the things I contribute to are doing age verification – which I don’t want to do.
I think that even outside the surveillance aspect, the chilling effect of devs not publishing applications is the end-goal. Gatekeeping software to the big publishers who have both the capacity to follow the law and the lawyers/pockets to handle a suit. These laws are going to be like the DMCA 1201 language (which had much much more prose wrapped around it and was at least attempting to limit scope), which HAS been weaponized against solo devs trying to make the world better.
I fully expect some suit against multiple github repo owners on Jan 2, 2027.
I have a script on my Github that process an exported Wordpress backup to Markdown files. Am I supposed to age gate this once these rules take effect? How would I even do that? Even if there was some sort of Python library to age gate the script, easy to use, drop it in, its a script, literally anyone could comment it out or delete it.
No, it mightn’t. Err, won’t.
Unfortunately, it falls right into the whole authoritarian taking control, surveillance, and manipulation push that became not only pretty open in activities but also pretty transparent through published findings and contextualized previously published materials. Seems likely that it’s all connected.
