2/21/2026 at 6:01:29 AM
by iamnothere
2/21/2026 at 8:03:15 AM
This is why we shouldn't use passkey. The authorities (not only the US) are clearly aiming to lock down the hardware we can use. Remember, passkey has a function to restrict the freedom to choose the authenticator we want to use.by minebreaker
2/22/2026 at 7:36:16 PM
Ah, so I'm not the crazy one for being suspicious of this. Thank you.by ekjhgkejhgk
2/21/2026 at 8:46:51 AM
Yeah remote attestation. Any kind of remote attestation is an open door to abuse:(by wolvoleo
2/21/2026 at 7:49:44 AM
A lot of the comments in here seem to be focused on mobile devices, but this law applies to basically every general computing device.Here are the definitions from the bill in a more reasonable order than they are presented there:
> "DEVICE" MEANS ANY GENERAL-PURPOSE COMPUTING DEVICE THAT CAN ACCESS A COVERED APPLICATION STORE OR DOWNLOAD AN APPLICATION.
> "COVERED APPLICATION STORE" MEANS A PUBLICLY AVAILABLE INTERNET WEBSITE, SOFTWARE APPLICATION, ONLINE SERVICE, OR PLATFORM THAT DISTRIBUTES AND FACILITATES THE DOWNLOAD OF APPLICATIONS FROM THIRD-PARTY DEVELOPERS TO USERS OF DEVICES.
> "APPLICATION" MEANS A SOFTWARE APPLICATION THAT MAY BE RUN OR DIRECTED BY A USER ON A DEVICE.
> "DEVELOPER" MEANS A PERSON THAT WRITES, CREATES, MAINTAINS, OR CONTROLS AN APPLICATION.
The law applies to Operating System providers that runs on such a device:
> "OPERATING SYSTEM PROVIDER" MEANS A PERSON THAT DEVELOPS, LICENSES, OR CONTROLS THE OPERATING SYSTEM SOFTWARE ON A DEVICE.
Basically every Linux distro falls under this. Never mind the fact that OS providers don't really have control over where you run their code. If my device doesn't have a network card, does that mean my OS can skip this?
This also is not privacy preserving. It does require the device only report what age bracket a user belongs too, but on a long enough time frame, anyone currently under that age of 18 has their age accurately disclosed, often down to their birthday.
Worse, all applications MUST query this information every time it is run, regardless of whether or not age is at play. Every time you run grep, grep needs to know how old you are:
> A DEVELOPER SHALL REQUEST AN AGE SIGNAL WITH RESPECT TO A PARTICULAR USER FROM AN OPERATING SYSTEM PROVIDER OR A COVERED APPLICATION STORE WHEN THE DEVELOPER'S APPLICATION IS DOWNLOADED AND LAUNCHED.
Now, oddly, user is defined to be minors:
> "USER" MEANS A MINOR WHO IS THE PRIMARY USER OF A DEVICE.
But, the way the law is written, the implementation necessarily applies to everyone.
by jmholla
2/22/2026 at 1:28:46 AM
I envision a dystopic future where the only legal personal computers are diskless Chromebooks that cannot save files to be viewed offline and that only boot via network, requiring a blood sample and a retinal scan to successfully Secure Boot.by floralhangnail
2/22/2026 at 6:37:52 PM
or mandated remote desktop into goverment owned mainframe :) heheby iberator
2/21/2026 at 9:38:37 AM
It's just another in a long list of intentionally broad laws designed to make everything illegal. They shot themselves in the foot though. Since(6) "DEVELOPER" MEANS A PERSON THAT WRITES, CREATES, MAINTAINS, OR CONTROLS AN APPLICATION
The user is a "developer" so they can just send themselves an implicit age signal without modifying any software.
by casey2
2/21/2026 at 11:09:58 AM
Is a ~/.userIsOver18 flag compliant?by gzread
2/22/2026 at 8:33:36 AM
I doubt it. This bill has extremely deep problems.The constrain of a "real-time application programming interface" has no legislative priors and little concrete technical merit. This requirement on its face requires that all operating systems provide some level of guaranteed response time, as a real-time OS would. But what that guarantee is, is unspecified. Not to mentions the reasonably consistent part.
But, such a file may not necessarily exist. And given that the onus is from operating systems and not those running the operating system. The existence of a file (or lack there of), is not a sufficient guarantee.
Further, this provides only one bucket the law requires. The file(s) in question MUST be more nuanced with the law as it is written.
The real fuckery of this bill: it pretends to be privacy preserving and to protect minors, but the only people whose personal birth date information can be leaked by its implementaiton are minors.
by jmholla
2/21/2026 at 7:50:33 PM
All of this, is unconstitutional, and extraordinarily dangerous. How any liberal can support this is mind blowing.by exabrial
2/21/2026 at 8:05:42 PM
Can you share why this is unconstitutional? It’s dangerous and an awful idea, but I don’t find anything unconstitutional about this.by penultimatename
2/21/2026 at 10:50:25 PM
Well it's a State thing at the moment if it's Colorado but if it were Federal probably enabled by the Commerce clause.by fluidcruft
2/22/2026 at 1:26:54 AM
America does not have a liberal party, it has 2 right wing parties.by frogperson
2/21/2026 at 6:18:39 AM
What absolute creeps. Major major amplification of the war on general purpose computing. It's absurd how governments are so willing to just make demands of products, are so intent on being product managers making their lists of how they want the world to run.There's just shy of 200 countries in the world. That's a lot of product managers already! But if provinces/regions/us states all decide they too can define how software has to work, we are up to thousands of little emperors all telling the world how we have to think, how we have to compute.
It's frelling disgusting.
This effort here has similar vibes to Chrome's Digital Credentials API. Which can be privacy preserving, but where site's can demand basically whatever they want. Either way, each site is returned material, that it then has to verify. So we are back to only approved identity working. And it seems unlikely credential issuers will willingly work with anything but 1st tier browsers/OSes. https://developer.chrome.com/blog/digital-credentials-api-sh...
It feels like a sure creeping doom that the internet is not going to be available in many places, except by commercial OSes that use DRM and attestation to deny users access to their own systems. This is against mankind, and imo, against every spiritual fiber that made man a great creature & arose us to what we are. To deny us a view of the world is to deny us from being toolmakers, is to mame our senses. This is an affront to our humankind. This making the machines infernal.
by jauntywundrkind
2/21/2026 at 6:28:03 AM
Age verification sucks but realistically this is a feature that iOS and Android already have and it's better than "upload a photo of your ID which we promise to delete but actually won't" age verification.by wmf
2/21/2026 at 8:51:59 AM
Trusted 3rd parties I choose myself?I trust the postal service here, more than Apple or Google. Just recently opened a bank account via their online service.
by GuestFAUniverse
2/21/2026 at 9:01:53 AM
More friction -> less users -> lower revenue -> more companies lobbying against these policies. Seems like a good thing.by wqaatwt
2/21/2026 at 8:59:14 AM
> we are up to thousands of little emperors all telling the world how we have to think, how we have to computeImho that’s one of the best outcomes i.e. companies which will try to comply with all of the rules will go out of business or move to a less dystopian jurisdiction. Then there will be a lot economic pressure to build networking and payment systems which allow working around all this crap.
If on the order hand it’s actually streamlined and works without any friction nobody will lose their jobs/tax revenue and governments will come up with even more and even more dystopian shit.
by wqaatwt
2/21/2026 at 6:56:04 AM
Query: Are there any current legal challenges to this rapid spread of age verification that have a chance of hitting the Supreme Court?From my admittedly poor understand of legal stuff, these are largely proactive measures happening at company and state level. Congress nor Supreme Court have issued any rulings around this yet.
by geuis
2/21/2026 at 8:40:44 AM
> chance of hitting the Supreme Court?Why would that matter? The constitution is just a worthless scrap of paper these days
by wqaatwt
2/21/2026 at 3:57:27 PM
It seems obvious that having Apple, Microsoft and Google collect and verify age anonymously is better than some weird third party service provider like Yoto.Not saying I agree with this law. I think I would structure it that age regulated content requires this signal from the device provider in an anonymous format as an opt-in to age regulated content and not as a requirement for every single computing device.
by daft_pink
2/21/2026 at 4:06:16 PM
My biggest problem with the bill is the attempt to sweep in all devices/operating systems.Make a new legal category for voluntary kid-friendly devices and draw regulatory borders around it, if you must, but leave the rest of us out of it. Then encourage parents and schools to limit kids to those devices. There would still be problems with this, but at least it wouldn’t impact the free speech, privacy, or free association of adults.
by iamnothere
2/21/2026 at 2:09:54 PM
>Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is establishedThis seems to happen on some WEB sites now, but many people here probably do not sign up on these sites, of if they due, they live on the moon and are thousands of years old or born in the future :)
Now, the law is still in the legislature and I really doubt it will be passed. I believe this because of lobbying by both Microsoft and Apple. For non US people, lobbying now == bribes which is now somewhat legal depending how it is done.
So lets pretend and speculate, but I doubt that law will ever become real.
I am sure OpenBSD will completely ignore this law. NetBSD and FreeBSD probably too, but since both are based in the US, they could be chased down.
Since I believe Linux is pretty much owned by Large Corporations, I think they are at risk of being forced to comply. Plus most non-tech people have heard of Linux so that adds to the risk. So, BSDs may have some years of "freedom" due to them flying under the radar or could be ignored completely.
In any case, if passed, VPNs will be happy.
by jmclnx
2/22/2026 at 6:36:17 PM
Next step: login into Windows with your national ID card. Next step: activate the ISP router by national ID card every 24h.by iberator
2/21/2026 at 1:23:22 PM
I do not install apps on my phone regardless if whatever that means and I do not browse from my phone. It might be time to just make a git repo of all the sites that participate in this weird fascistic behavior and block them in uBlock until the governments stand up and say pop i.e. pull their head out of their ass. Anything other than RTA [1] headers is a non starter for me.The only thing governments should be doing is legislating that apps commonly used by small children be required to look for the RTA header and trigger parental controls if the device owner enabled them. That's it. Not perfect, nothing is or will be but it's more than we have now, does not leak PII and utilizes existing laws that already apply to parents.
by Bender
2/21/2026 at 11:27:04 AM
Fuck right off, Colorado and every "think of the children" surveillance state and mass privacy invasion supporter.Or anyone demanding cloud AI DRM for 3D printers and CNC machines.
Flock cameras and Ring Search Party too.
Certain potential capabilities are simply too dangerous to be given to any company, any government, or any person for any reason. Remember PRISM?
These are illiberal assaults on personal freedoms and privacy that must be vigorously and completely resisted just like when the Clipper chip was thoroughly trounced.
by burnt-resistor
2/21/2026 at 6:23:40 AM
Richard Stallman's "Right to Read" from 1999 is worth another read.by userbinator
2/21/2026 at 2:16:21 PM
I was looking for the link for a while, I even forgot the title. So here it is:https://www.gnu.org/philosophy/right-to-read.en.html
This takes place in 2047, seems we are well on track for that date.
by jmclnx
2/21/2026 at 9:08:06 PM
I find it ironic that that link gives a 403 Forbidden for me now. Admittedly I am not using a mainstream browser, but that's one of the sites I'd least expect to discriminate on UA. What happened to GNU?by userbinator
2/22/2026 at 3:20:53 PM
AI crawlers happened. Their IRC channels might be able to help, especially #fsfsys on Libera.by pabs3
2/23/2026 at 3:30:40 AM
That bullshit excuse? I thought GNU was beyond such persuasion, especially RMS himself.(Hint: the ones proliferating that argument are the ones doing the DDoS'ing themselves or hosting those who are --- and helping the rest of Big Tech in their authoritarian dream of locking down computing to a highly restricted and "attested" set of platforms with zero freedom.)
by userbinator
2/21/2026 at 7:43:16 AM
Pertinent quote:>It was also possible to bypass the copyright monitors by installing a modified system kernel. Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that
by ricree
2/23/2026 at 4:40:06 AM
Colorado politics has become unbearably frustrating ever since effective political opposition from the right had died. Now we're the laboratory and pet project for every damn ambitious wealthy transplant. It's only gotten worse with post COVID, the states character is not the same. They destroyed Gallagher with outright lies on the ballot, and made an unaffordable housing market dramatically worse. These bad ideas keep coming from the legislature and it's because we're essentially a single-party state. There's nothing to make an elected representative worry about relection and no opposition to provide a filter to weak proposals.by ottah
2/21/2026 at 7:59:01 AM
Well, it's one step closer to parents, although I doubt it will ever get there.by leni536
2/21/2026 at 7:41:50 AM
Only viable solution: ID tagged kids carry ID tagged phone, use ID tagged PC.by feverzsj
2/23/2026 at 8:59:52 AM
This needs to provide the Age Bracket for every user of the system to prove no-one under 18 is using it.by delaminator
2/21/2026 at 6:18:34 AM
Finally, sensible. I never understand why websites or apps had to do it. It's way easier, more scalable and cheaper for the OS to do it.by aurareturn
2/21/2026 at 6:43:32 AM
And more draconian."Our systems aren't foolproof because anyone can just boot Linux from USB. Hence we should enforce secure boot with proprietary keys and disable functionality for non attested PCs"
This is not far fetched. All Android vendors went down this path and now you can't even enable developer mode if you want your bank app to work to approve your bank loan.
by saidinesh5
2/21/2026 at 8:46:22 AM
Which just seems like a slippery slope. Since there is no friction and users are not annoyed anymore governments will just continue requiring more and more spyware to be added to all software/devices.IMHO requiring every to submit notarized paper forms to access Facebook/whtvr would be the best solution
by wqaatwt
2/21/2026 at 7:40:02 AM
How is Linux going to do this?by beej71
2/21/2026 at 7:45:02 AM
I don't know but as Linux powers the entire world, include 2/3rd of the world's smartphone, I'm sure they'll find a way.by TacticalCoder
2/21/2026 at 8:48:17 AM
Well it’s obviously technically feasible (which seems like the least relevant part) if you want to have zero privacy because every single general purpose computer has unremovable spyware builtin..by wqaatwt
2/21/2026 at 8:12:08 AM
Surely you most see that this is a bureaucratic impossibility. It's not a technical issue.by beej71
2/22/2026 at 9:32:37 AM
Treating Linux as a monolith here is kind of missing the point. Desktop Linux and Android have an entirely different application model, a solution for Android would have to be applied in a significantly different manner to desktop Linux. It'd likely be folded in to play services, as was the case with the exposure notification framework during covid for example.by _vere
2/21/2026 at 3:39:03 PM
You know what's really cheap and scalable? Not doing such moronic shit at all.by Hizonner
2/21/2026 at 6:50:39 AM
[dead]by datesting2
2/21/2026 at 7:51:43 AM
What a failure as a species that parents are not trusted or believed to be capable of raising their children. Therefore let's build out the panopticon.by bhawks
2/22/2026 at 8:26:29 AM
I think it’s pretty ignorant to think the average parent has a chance against companies spending billions of dollarsby unparagoned
2/21/2026 at 11:15:03 AM
In no way is any of this actually about "the children"by kgwxd
2/23/2026 at 9:00:33 AM
There are over 200k students under 18 with a Unix account in Colorado.by delaminator
2/21/2026 at 11:04:10 AM
Have you seen the president of the USA?by cyanydeez
2/21/2026 at 10:35:04 AM
This is already the law in Brazil.General purpose computing is dead.
by bitwize
2/21/2026 at 11:10:46 AM
Is Linux legal in Brazil?by gzread
2/21/2026 at 11:45:14 AM
The Brazilian law, passed in September of last year, requires both online service providers and "terminal operating systems" to provide secure, auditable age verification. It is from a technical standpoint presumably not legal to install an arbitrary Linux distro in Brazil, but one can imagine a list of approved distros that meet government standards. For example, Red Hat and Ubuntu might implement age verification for the Brazilian market and be cleared for use in Brazil.The real issue starts when OEMs, in order to comply with laws of this type, start releasing machines with locked-down boot firmware that cannot run any but an approved operating system.
by bitwize
2/21/2026 at 11:17:37 AM
Are these lawmakers funded by Apple and Google?by zb3
2/21/2026 at 7:11:11 AM
It seems to me that this is timed curiously close to google getting rid of side loading on android. Is this something that’s being planned behind the scenes?I mean, if android allows sideloading anyone would be easily able to get around these checks am I right?
by Noaidi
2/21/2026 at 7:40:54 AM
> if android allows sideloading anyone would be easily able to get around these checksNot really. You’d have Android attest to the check. If you are running a modified Android, it can’t attest. If you’re side loading, unless it messes with the attention logic, it should be fine. Like, Apple Pay could still work even if iOS permitted side loading.
by JumpCrisscross
2/21/2026 at 4:27:13 PM
Like the web attestation API Google tried and got so much backlash for? Good luck, I guess.by impure
2/22/2026 at 1:38:00 AM
What is this fascist bullshit? The government has no business invading peoples privacy this way.by frogperson
2/21/2026 at 3:34:54 PM
Colorado is cordially invited to eat shit.by Hizonner
2/21/2026 at 6:21:45 AM
[flagged]by shablulman
2/21/2026 at 6:26:09 AM
will be ensuring this doesn't inadvertently entrench the gatekeeping power of major OS vendorsJust say the quiet part out loud: this is absolutely going to happen, and this is why we need to fight our hardest to stop it.
Stop being distracted by and thinking about the technical points when the whole idea itself is bad, just like WEI and the other authoritarian ideas that originated with "trusted computing".
by userbinator
2/21/2026 at 11:23:49 AM
Clipper chip meets digital national identity but way more authoritarian.by burnt-resistor
2/21/2026 at 7:22:41 AM
Maybe better, but still doesn't address the underlying problem. Governments print bits of paper and citizens need to scan and upload them to be validated by a 3rd party. Lots of obvious waste there. Legislating this approach is just entrenching it. But I guess it is cheap for the government. Sane approaches require the government provide a service which 3rd parties can query age with (indirectly, via anonymizing proxy). No need for those bits of paper to be involved at all, disclosing far too much information.by stubish
2/22/2026 at 2:40:29 AM
> Sane approaches require the government provide a service which 3rd parties can query age with (indirectly, via anonymizing proxy)The problem with that is that the government obtained logs from the 3rd parties they might be able to compare timestamps with the timestamps of the anonymous age queries and figure out what sites some people were logging into.
by tzs
2/21/2026 at 8:39:30 AM
> Lots of obvious waste thereSeems like a great thing then. People get annoyed, businesses that comply lose customers and money etc.
All that friction means these policies become inherently less popular regardless of anything else. While this crap work effortlessly out of the box is just outright dystopian
by wqaatwt
2/21/2026 at 11:12:52 AM
People are already annoyed, which is why society is demanding the stuff already age restricted for decades or even centuries actually be restricted on the Internet. The battle has never and will never be about allowing kids free access to porn. The battle is about restricting it in a way that doesn't endanger them or their privacy. Failing to do that is what ends in a dystopia, where tech and governments use society's demands as an excuse to move us further into a surveillance state. Like the proposed laws being discussed, centralizing data in an easily subpoenable location.by stubish
2/21/2026 at 4:34:47 PM
"Society" isn't demanding anything. A vocal minority of idiots, unfortunately overrepresented among the kind of people who tend to run for office, is demanding things, 95 percent based on stupid delusions and childish prejudices.by Hizonner
2/21/2026 at 8:36:44 AM
You still have a choice whether or not to use those websites. Not sure if having spying malware built in into every OS is preferable to that..by wqaatwt