The only device mandates that should be taking place is for the default installations of web clients should be checking to see if parental controls are enabled. This only impacts the major browsers. An intern at each browser company could add this check in minutes. If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1]. If present, prompt for a override password and also give the option for the admin to approve-list the domain at that time. That's it. Not perfect, nothing is or will be.
The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside. This knocks out two issues with one fix. Small children don't see much if any adult content and they are kept off social media until the admin (parent or legal guardian) approves it.
If a site is not adding the RTA header then progressively fine them into oblivion. If they accept the fines as the cost of doing business then seize everything and put everyone in GenPop. An intern could enable the header in 5 minutes.
All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. The focus should be on small children as teen share porn, warez, movies and such within Rated-G games.
I agree fundamentally and ideologically but we are past that point. The toothpaste is already out of the tube as they say. There will be restrictions so all I can do is suggest more sensible restrictions that keep the control on the client side and do not share data. Any data shared can and will be abused, leaked, sold, stolen without consequence.
I agree with you, as a longtime free speech believe.
but... I would also like to keep my kids from seeing the very worst of the internet before they're ready to handle it. I tried using a PiHole but Firefox DNS-over-HTTPS nullifies that now. It's not realistic for me to be watching over their shoulders 24/7; what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
I largely agree, but the RTA header doesn't seem to be good enough for most websites to use. When a website wants to block browsers with parental controls on, but it isn't porn and it shouldn't be blocked by SafeSearch, what do they do?
They stop trying to put everything in a different category and treat RTA as the person under the age of consent must get approval from their parent or legal guardian. Keep it simple.
A) Aren't you targeting a completely different problem than this law? It's my understanding that this law targets the collection of the age from the user. What the user agent does with that signal is a different problem, and seems to already be solved, except for the definition of "actual knowledge" which they are trying to establish here.
B) How would your RTA header intersect with content rating in different jurisdictions? What if the content is illegal for children in Turkey but legal for children in Kentucky?
For topic (A) I am suggesting to negate this behavior all together. No more sharing personal data.
For topic (B) companies can set or not set the header based on GeoIP. Not perfect but GeoIP is already used in load balancers, web servers and applications.
> An intern at each browser company could add this check in minutes.
An intern could also just delete the product which would also "solve" this "issue". The fact that it's easy or cheap is not significant to the problem at hand.
> should be doing is setting an RTA header
Many sites will just set the header by default. Now you've created a problem.
> then progressively fine them into oblivion.
This does nothing. See: Ofcom vs 4chan.
> device mandates
Mandate that the device provide an API for child protection software. Then it's up to individual parents to decide to install that software or not. Then we also get competition in this market rather than relying on whatever solution an intern cooked up one day.
Many sites will just set the header by default. Now you've created a problem.
I am not seeing a problem. Kids need not access those sites unless the parent or legal guardian approves it. Sites meant for children would not be adding the header.
> Sites meant for children would not be adding the header.
Is Wikipedia "meant for children?" Should they be fully denied access to it? Should Wikimedia be fined if they make a mistake? If they get fined often enough do you think they'll just turn the header on everywhere in order to avoid risk?
Replace Wikipedia with any other mixed content site you prefer.
Absolutely trivial and totally comprehensive solution, enabling adult content blocking at the account level, device level, network level, and the ISP level. Could even be expanded to any sort of content blocking, if you want to allow households to restrict access to vaccine critique or criticism of the king without violating the First Amendment or rooting everyone's devices.
The problem is that the point is to root everyone's devices. Anyone explaining how easy this is would be pushed out of the conversation as fast as if they were advocating for single-payer healthcare.
edit: I've been advocating the nearly identical but opposite solution - restricted access sites shouldn't respond to requests that lack an appropriate age/content restriction header. If they do, jail them.
They're literally going to have to do this anyway. Rooting people's devices to force them to lie about their age when they install their operating system is an absolutely fake pretendy solution; the only way it works is if you have to verify your age with some government agency when you install an operating system, in order to make that OS age official. The point is the identification.
No. That requires information disclosure to a third party. The point is enabling device admins better control over local device behavior. We're trying to keep conscientious parents able to do their thing. Not further enable the ability to manage the populace with official registries. If a kid can figure out how to install their own OS without their parent's help, odds are the kid is with it enough to start dipping their toes in the deep end. Or at least until they out themselves in front of their parents. In that case though it's a home problem, not a rest of the Internet problem.
It's still a stupid unconstitutional law, but I see what the aim is, even without strawmanning it.
Thats crazy talk, how are we gonna build a database of computers tied to physical identification of users by which we can monitor, control, and monetize… you’re saying parents should be responsible for their children? How is the state going to be able to exert more control if it doesn’t have ubiquitous surveillance of it’s population!?
/s
Steam itself does age verification, which when you first boot a steamdesk, afaik it forces you to log into steam before you can do much of anything without some initial hackery. That said, once in there's nothing stopping them from launching into desktop mode, launching firefox, and watching pr0n that way.
Sadly the solution is still for parents to do real parenting, but that's like saying stupid people shouldn't breed.
If you go take a read through the CA bill text that "became law", you'll quickly realize that whomever did write it must live in a very narrow bubble where the only "computers" that exist in the world are tablet style cell phones, the only OS'es that exist in the world are Android and iOS, and the only way anyone installs any software on the only computers that exist is via an "app store".
Meanwhile, while the overall writing clearly indicates the author has a very narrow view of "computers", the definitions of the terms is so broad that every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
A cynical person might suspect that the reason they are doing this is so that Linux developers don't have standing to challenge the law on 1st amendment grounds...
This is the classic "what we're trying to do is bullshit on a fundamental level so we're gonna just exempt random things until it becomes a niche issue and we can just do what we want and from there we'll just close all those exceptions over time" move.
Give it 5yr and you'll have idiots in the comments talking about how the "linux loophole" was a mistake and should be closed.
That’s exactly what it is. It removes standing, and that is a major flaw in our legal system. We need significant changes to defend constitutional rights properly.
As a dad of two younger kids (7 and 10), I have been incredibly frustrated with the way age restrictions are handled across various services.
Really, my main complaint comes down to: I completely disagree with what these services choose to restrict for kids and what they allow.
They block my kids from doing things I have no problem with them doing and they allow things I would never want my kids to do in 1000 years. It is incredibly frustrating.
Often times, there is literally no way for me to bypass some stupid restriction they put on my kids, so the only way I can get it to work is to help my kids lie about their age… and at that point, I lose the ability to actually block things I care about.
These laws are just going to make it worse. I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself, and you can choose some presets for parents to use, but don’t force me to use your definition of age appropriate.
> I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself
I agree. Parental controls have been the norm for thirty years. The adult who owns the device should have control over it, not Microsoft or California.
Honestly, I don’t have a perfect answer. It really depends on what the service is.
My main thing is I want to be able to opt in or out of various filters. I don’t mind if my kids want to listen to music that has swear words, but I don’t want them watching videos where they give horribly sexist pickup artist advice.
This isn’t just about what I feel is age appropriate, either. It is also about what I know about my kids.
My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her. On the other hand, my 7 year old is obsessed with scary things and I don’t mind if he plays zombie video games.
> My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her.
The difference between this and the usual "parental control" mechanisms is that what you're describing here is something the child wants to cooperate with, voluntarily. In which case, you don't need a mechanism that makes it absolutely impossible; you need a mechanism for helping them not see things they don't want to see. That's something some adults also want (e.g. tools for preventing oneself going to Facebook, or going to TVTropes for too long).
I'm as a big of a horror movie fan as you can find, and I'm completely dumbfounded by the jump scares marketing is allowed to show in trailers nowadays. IMO (coming from someone who is basically unaffected by jump scares), they've gotten more shocking in the past couple years.
The internet is too dynamic to build a working filter around. Perhaps just tools which help parents quickly and efficiently monitor their child's device usage would be best.
Do you want to alter behaviors or lock children in a gilded cage?
And I bet that Microsoft employee who was sending PRs to all the linux distros (and systemd) will not bother sending apologies to them for wasting their time.
I think there's a lot of proprietary stuff, from Google Play Services to Pixel specific features. A very significant stack of "modern" software layers are proprietary, even on Android.
We did it despite the naysayers who faught us saying it "wasn't a big deal" and that this is the "best version of the law we could get". Never listen to the naysayers and compromise your principles to appease them, stay true to what you believe.
> The proposed amendment specifically states: “Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
When I hear that people are against these laws, what I hear is that people are okay with children being harmed for the slight inconvenience it might cause. Let's just be honest about how we're calculating things: you think these restrictions, which you already effectively live under from private policy, are worse than children being groomed.
Young children should be supervised when they access the internet.
Adolescents are not going to be defeated by such easily bypassed technical measures.
These laws are a trojan horse for control of the adult population. The relative anonymity and freedom of the internet is a threat to those who spend their lives seeking power over others.
A better question - how do you imagine age verification is going to protect children from being groomed? Age verification will force services to assume everyone is a child until proven otherwise. Now it will be harder to tell adults and children apart online. Next, adult content will be harder for adults to acquire, pushing people into black markets, where illegal content will be easier to find.
I appreciate that people are concerned for their children, but we can't keep signing away basic rights and freedoms just to allay parents' anxiety for another few years.
There are so many low-hanging fruit to choose from if you want to protect children online, so it makes zero sense to start with the option that deprives every adult of their rights.
When I hear that people own cameras, what I hear is that people are okay with children being harmed for the sight convenience of the freedom to create photographs. Let's just be honest about how we're calculting things: You think living without a camera, which is how humanity has lived for 99% of its existence, is worse than children being groomed.
To be frank, I don't think it's good that everyone has a camera. Having every tiktoker teen pointing cameras at people in public is social terrorism. We certainly need surveillance, but it should only come from official sources.
The only device mandates that should be taking place is for the default installations of web clients should be checking to see if parental controls are enabled. This only impacts the major browsers. An intern at each browser company could add this check in minutes. If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1]. If present, prompt for a override password and also give the option for the admin to approve-list the domain at that time. That's it. Not perfect, nothing is or will be.
The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside. This knocks out two issues with one fix. Small children don't see much if any adult content and they are kept off social media until the admin (parent or legal guardian) approves it.
If a site is not adding the RTA header then progressively fine them into oblivion. If they accept the fines as the cost of doing business then seize everything and put everyone in GenPop. An intern could enable the header in 5 minutes.
All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. The focus should be on small children as teen share porn, warez, movies and such within Rated-G games.
[1] - https://news.ycombinator.com/item?id=47950091
No such mandates should take place at all.
I agree fundamentally and ideologically but we are past that point. The toothpaste is already out of the tube as they say. There will be restrictions so all I can do is suggest more sensible restrictions that keep the control on the client side and do not share data. Any data shared can and will be abused, leaked, sold, stolen without consequence.
I agree with you, as a longtime free speech believe.
but... I would also like to keep my kids from seeing the very worst of the internet before they're ready to handle it. I tried using a PiHole but Firefox DNS-over-HTTPS nullifies that now. It's not realistic for me to be watching over their shoulders 24/7; what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
Has this idea been discussed when drafting legislation? I mean are they aware of it but dismissed it for any reason or no stated reasons?
I've emailed politicians as have others but only received boilerplate thankyou's. I know the real reason is kick-backs but they will never admit it.
Yep, they get funding from companies like meta and their insiders
I largely agree, but the RTA header doesn't seem to be good enough for most websites to use. When a website wants to block browsers with parental controls on, but it isn't porn and it shouldn't be blocked by SafeSearch, what do they do?
https://webmasters.stackexchange.com/questions/140733/how-to...
what do they do?
They stop trying to put everything in a different category and treat RTA as the person under the age of consent must get approval from their parent or legal guardian. Keep it simple.
That's too simple to get much adoption. It's unreasonable to expect websites to drop out of Google search.
> It's unreasonable to expect websites to drop out of Google search.
Google's doing that for them though.
Google and others can adapt. RTA header? Added to potential adult or user-contributed category.
Right, no news sites for kids.
Right, no news sites for kids.
Correct. Until parent or guardian puts in password next to the text that says "Approve this site, forever."
You gave me an idea. Maybe there could be topics similar in concept to those that exist in corporate firewalls today that say things like:
- News Category (Known to be SFW)
- News Category (That may be NSFW)
This could be crowd sourced, ideally in a way that won't be gamed. That, or just keep it simple. ad-hoc input of permitted sites by parent.
A) Aren't you targeting a completely different problem than this law? It's my understanding that this law targets the collection of the age from the user. What the user agent does with that signal is a different problem, and seems to already be solved, except for the definition of "actual knowledge" which they are trying to establish here.
B) How would your RTA header intersect with content rating in different jurisdictions? What if the content is illegal for children in Turkey but legal for children in Kentucky?
For topic (A) I am suggesting to negate this behavior all together. No more sharing personal data.
For topic (B) companies can set or not set the header based on GeoIP. Not perfect but GeoIP is already used in load balancers, web servers and applications.
> An intern at each browser company could add this check in minutes.
An intern could also just delete the product which would also "solve" this "issue". The fact that it's easy or cheap is not significant to the problem at hand.
> should be doing is setting an RTA header
Many sites will just set the header by default. Now you've created a problem.
> then progressively fine them into oblivion.
This does nothing. See: Ofcom vs 4chan.
> device mandates
Mandate that the device provide an API for child protection software. Then it's up to individual parents to decide to install that software or not. Then we also get competition in this market rather than relying on whatever solution an intern cooked up one day.
On the topic of 4chan [1]
Many sites will just set the header by default. Now you've created a problem.
I am not seeing a problem. Kids need not access those sites unless the parent or legal guardian approves it. Sites meant for children would not be adding the header.
[1] - https://news.ycombinator.com/item?id=47953096
> Sites meant for children would not be adding the header.
Is Wikipedia "meant for children?" Should they be fully denied access to it? Should Wikimedia be fined if they make a mistake? If they get fined often enough do you think they'll just turn the header on everywhere in order to avoid risk?
Replace Wikipedia with any other mixed content site you prefer.
Child specific sites would not add the header. Anyone else could. I add it to my hobby sites. Most porn sites already add it to their sites [1].
Add it to any site not specifically meant for children, that is totally fine.
[1] - https://www.shodan.io/search?query=RTA-5042-1996-1400-1577-R... [ Follow Links At Your Own Peril ]
I must be stupid. Reword this so it makes sense to me. I can't even parse it.
- Site adds a header if they may potentially have adult content.
- Browser detects header. Prompts for local password to access site.
- Child does not know password, picks a different site or begs parent for access.
- This is now between child and parent. No third parties, no tracking, no telling website the users age, no local or remote API's sharing data.
Absolutely trivial and totally comprehensive solution, enabling adult content blocking at the account level, device level, network level, and the ISP level. Could even be expanded to any sort of content blocking, if you want to allow households to restrict access to vaccine critique or criticism of the king without violating the First Amendment or rooting everyone's devices.
The problem is that the point is to root everyone's devices. Anyone explaining how easy this is would be pushed out of the conversation as fast as if they were advocating for single-payer healthcare.
edit: I've been advocating the nearly identical but opposite solution - restricted access sites shouldn't respond to requests that lack an appropriate age/content restriction header. If they do, jail them.
They're literally going to have to do this anyway. Rooting people's devices to force them to lie about their age when they install their operating system is an absolutely fake pretendy solution; the only way it works is if you have to verify your age with some government agency when you install an operating system, in order to make that OS age official. The point is the identification.
No. That requires information disclosure to a third party. The point is enabling device admins better control over local device behavior. We're trying to keep conscientious parents able to do their thing. Not further enable the ability to manage the populace with official registries. If a kid can figure out how to install their own OS without their parent's help, odds are the kid is with it enough to start dipping their toes in the deep end. Or at least until they out themselves in front of their parents. In that case though it's a home problem, not a rest of the Internet problem.
It's still a stupid unconstitutional law, but I see what the aim is, even without strawmanning it.
Thats crazy talk, how are we gonna build a database of computers tied to physical identification of users by which we can monitor, control, and monetize… you’re saying parents should be responsible for their children? How is the state going to be able to exert more control if it doesn’t have ubiquitous surveillance of it’s population!? /s
>> SteamOS could still be affected
Steam itself does age verification, which when you first boot a steamdesk, afaik it forces you to log into steam before you can do much of anything without some initial hackery. That said, once in there's nothing stopping them from launching into desktop mode, launching firefox, and watching pr0n that way.
Sadly the solution is still for parents to do real parenting, but that's like saying stupid people shouldn't breed.
Who is actually writing this very concerning California Internet legislation, which will ultimately affect the entire nation and world?
Did someone write California Internet legislation without consulting any California Internet companies?
Did some California Internet companies write California Internet legislation?
Did some other party write California Internet legislation?
If you go take a read through the CA bill text that "became law", you'll quickly realize that whomever did write it must live in a very narrow bubble where the only "computers" that exist in the world are tablet style cell phones, the only OS'es that exist in the world are Android and iOS, and the only way anyone installs any software on the only computers that exist is via an "app store".
Meanwhile, while the overall writing clearly indicates the author has a very narrow view of "computers", the definitions of the terms is so broad that every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
All this because public institutions have lost the will or capacity to regulate the companies. So they switch to burdening the consumers.
Another way to say it is that capital is operating as it always has: in its own interest.
A cynical person might suspect that the reason they are doing this is so that Linux developers don't have standing to challenge the law on 1st amendment grounds...
Nah, you're not cynical enough.
This is the classic "what we're trying to do is bullshit on a fundamental level so we're gonna just exempt random things until it becomes a niche issue and we can just do what we want and from there we'll just close all those exceptions over time" move.
Give it 5yr and you'll have idiots in the comments talking about how the "linux loophole" was a mistake and should be closed.
Source: history
That’s exactly what it is. It removes standing, and that is a major flaw in our legal system. We need significant changes to defend constitutional rights properly.
Okay, let's flip it: why would Apple, Microsoft, etc.. agree with such a law? What would the trickle down be for browser makers and website creators?
As a dad of two younger kids (7 and 10), I have been incredibly frustrated with the way age restrictions are handled across various services.
Really, my main complaint comes down to: I completely disagree with what these services choose to restrict for kids and what they allow.
They block my kids from doing things I have no problem with them doing and they allow things I would never want my kids to do in 1000 years. It is incredibly frustrating.
Often times, there is literally no way for me to bypass some stupid restriction they put on my kids, so the only way I can get it to work is to help my kids lie about their age… and at that point, I lose the ability to actually block things I care about.
These laws are just going to make it worse. I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself, and you can choose some presets for parents to use, but don’t force me to use your definition of age appropriate.
> I don’t want someone else choosing how I control what my kids do. Give me tools to control it myself
I agree. Parental controls have been the norm for thirty years. The adult who owns the device should have control over it, not Microsoft or California.
maybe at 7 and 10 they shouldn't use device connected to the internet without your active supervision at all? What will they miss?
What tools would you want?
Honestly, I don’t have a perfect answer. It really depends on what the service is.
My main thing is I want to be able to opt in or out of various filters. I don’t mind if my kids want to listen to music that has swear words, but I don’t want them watching videos where they give horribly sexist pickup artist advice.
This isn’t just about what I feel is age appropriate, either. It is also about what I know about my kids.
My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her. On the other hand, my 7 year old is obsessed with scary things and I don’t mind if he plays zombie video games.
> My 10 year old hates scary things, and she gets completely freaked out when they show scary movie previews. I would like to be able to block those for her.
The difference between this and the usual "parental control" mechanisms is that what you're describing here is something the child wants to cooperate with, voluntarily. In which case, you don't need a mechanism that makes it absolutely impossible; you need a mechanism for helping them not see things they don't want to see. That's something some adults also want (e.g. tools for preventing oneself going to Facebook, or going to TVTropes for too long).
I'm as a big of a horror movie fan as you can find, and I'm completely dumbfounded by the jump scares marketing is allowed to show in trailers nowadays. IMO (coming from someone who is basically unaffected by jump scares), they've gotten more shocking in the past couple years.
The internet is too dynamic to build a working filter around. Perhaps just tools which help parents quickly and efficiently monitor their child's device usage would be best.
Do you want to alter behaviors or lock children in a gilded cage?
And I bet that Microsoft employee who was sending PRs to all the linux distros (and systemd) will not bother sending apologies to them for wasting their time.
Sounds like any GPL and perhaps other licences. Not just Linux.
No, not exemptions! Drop the stupid-ass law all together.
Kind of interesting - basically exempts any OS that’s under an MIT or GPL licence…
… doesn’t that excuse Android and possibly XNU, too?
Is all the code running on my Google Pixel 10 licensed under GPL and/or MIT?
I think we have our answer.
I think there's a lot of proprietary stuff, from Google Play Services to Pixel specific features. A very significant stack of "modern" software layers are proprietary, even on Android.
I think that was his point
No, Android is Apache 2.0.
We did it despite the naysayers who faught us saying it "wasn't a big deal" and that this is the "best version of the law we could get". Never listen to the naysayers and compromise your principles to appease them, stay true to what you believe.
The entire age verification and identity verification surveillance system shows state democrats aren’t on our side.
Hopefully the add the BSDs too.
> The proposed amendment specifically states: “Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
And yet, still unlawful compelled speech
When I hear that people are against these laws, what I hear is that people are okay with children being harmed for the slight inconvenience it might cause. Let's just be honest about how we're calculating things: you think these restrictions, which you already effectively live under from private policy, are worse than children being groomed.
Young children should be supervised when they access the internet.
Adolescents are not going to be defeated by such easily bypassed technical measures.
These laws are a trojan horse for control of the adult population. The relative anonymity and freedom of the internet is a threat to those who spend their lives seeking power over others.
Yes, the point is that pedophiles should be afraid to act on their urges
[delayed]
A better question - how do you imagine age verification is going to protect children from being groomed? Age verification will force services to assume everyone is a child until proven otherwise. Now it will be harder to tell adults and children apart online. Next, adult content will be harder for adults to acquire, pushing people into black markets, where illegal content will be easier to find.
I appreciate that people are concerned for their children, but we can't keep signing away basic rights and freedoms just to allay parents' anxiety for another few years.
There are so many low-hanging fruit to choose from if you want to protect children online, so it makes zero sense to start with the option that deprives every adult of their rights.
When I hear that people own cameras, what I hear is that people are okay with children being harmed for the sight convenience of the freedom to create photographs. Let's just be honest about how we're calculting things: You think living without a camera, which is how humanity has lived for 99% of its existence, is worse than children being groomed.
To be frank, I don't think it's good that everyone has a camera. Having every tiktoker teen pointing cameras at people in public is social terrorism. We certainly need surveillance, but it should only come from official sources.
Why don’t you start by explaining how an age verification at the start of a Linux installation help against children being groomed?
If you are worried about your children, keep them off the internet. Don’t rob society of its right to privacy and anonymity and speech.
any solution that depends on everyone agreeing on what content is age appropriate is a bad solution.
dame libertad o muerte