Guide on how to comply with California's "Age Verification" AB1043 as a software developer:
What to do:
* Don't give a shit because you don't live in California.
* If you live in California, leave California.
* If leaving is not an option, wait for a legal precedent for compliance has been set and implement the minimum requirements of the bill into your software (a very simple age bracket selection box during install will probably do more than enough).
What not to do:
* Already start proposing stupid and extremely deep implementations into xdg-desktop or d-bus. (Ubuntu)
What absolutely not to do:
* Freak the fuck out and relicense your entire codebase to a non-free software license because of a law not going into a effect for another year while you don't even live in California... (MidnightBSD)
Timeline
Post
Remote status
Context
6
@SuperDicq Very interesting coming from a GNU activist that advocates for freedom of computing for everyone. But apparently requiring to put your age into an OS on install, which then can quickly be queried and possibly exfiltrated via malware is not a freedom related issue.
At least on porn sites it's a yes/no question and there's nothing to gain from that question.
At least on porn sites it's a yes/no question and there's nothing to gain from that question.
But apparently requiring to put your age into an OS on install, which then can quickly be queried and possibly exfiltrated via malware is not a freedom related issue.Do you have a reading comprehension? This is Ubuntu's solution and I put them under my "What not to do" section.
@SuperDicq It is the requirement of the law. There's no questioning about what (not) to do.
@phnt@pl.borked.technology I'm not even sure if that part is even required, as it refers to app stores and such. GNU/Linux usually doesn't have these (unless you use Ubuntu with Snap garbage I guess) so that wouldn't even apply.
@SuperDicq
> A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
In legalese this means you have to check the users age at least once when the app is first launched. That covers all apps.
>“Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
>“Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.
This in legalese means also all package repositories for Linux distros and ports trees for BSDs. Debian's apt repositories are a "Covered application store" under this law.
>“Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
> (a) An operating system provider shall do all of the following:
>(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
This means, if a user downloaded an app from a repository, the OS must provide an API to that application for the purpose of signalling the users age.
In other words, you have to implement a system-wide API on a low level where any application that doesn't come pre-bundled with the OS has to request the age indication of a user at least once on first start up.
> A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
In legalese this means you have to check the users age at least once when the app is first launched. That covers all apps.
>“Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
>“Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.
This in legalese means also all package repositories for Linux distros and ports trees for BSDs. Debian's apt repositories are a "Covered application store" under this law.
>“Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
> (a) An operating system provider shall do all of the following:
>(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
This means, if a user downloaded an app from a repository, the OS must provide an API to that application for the purpose of signalling the users age.
In other words, you have to implement a system-wide API on a low level where any application that doesn't come pre-bundled with the OS has to request the age indication of a user at least once on first start up.
@phnt @SuperDicq sounds like a binary distro issue, i just download text files to compile not software. gentoo wins again! 
Replies
0
No replies yet.